agent-sandbox

module

v0.0.3 Latest Latest Go to latest Published: May 20, 2026 License: Apache-2.0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/scitix/agent-sandbox

Links

Open Source Insights

README ¶

Agent Sandbox

Fast, Multi-Cloud Sandbox Engine for AI Agents

What is Agent Sandbox?

Agent Sandbox is an open-source sandbox engine for AI agents. It is purpose-built for three classes of workload:

Lightning Fast — pre-warmed pools keep isolated environments on standby, eliminating cold-start latency for high-frequency agent loops, evaluations, and RL rollouts
Enterprise Grade — deploy on any cloud using native Kubernetes CRDs, RBAC, and multi-cluster routing, without vendor lock-in
Agentic RL — stateful environments with deterministic resets and any-image runtimes, built for complex multi-turn agent training

Key Features

	Feature	Description
⚡	Speed — Sub-60ms allocation	Pre-warmed pools deliver idle sandboxes instantly, unblocking high-volume agent loops and multi-turn RL rollouts
☸️	Infrastructure — Containers or microVMs	Run on your existing estate using CRDs, namespaces, RBAC, and autoscaling to manage warm capacity efficiently
🌐	Routing — Cross-region and cross-cloud	Dispatch requests across clouds, clusters, and regions without forcing application teams to manage routing logic
🧪	Runtime — Zero-rebuild runtimes	Run any Docker image for SWE tasks, RL environments, and internal tools without building custom VM images
🔌	Ecosystem — Drop-in agent SDKs	Seamless compatibility with E2B clients, SWE-ReX workflows, and popular reinforcement learning frameworks
📊	Observability — Console-grade visibility	Complete view of pools, active sessions, logs, and metrics through a unified product console

Use Cases

Reinforcement Learning at Scale

RL training requires thousands of environment resets per hour. Agent Sandbox pre-warms a pool of sandboxes so each rollout worker gets a fresh, isolated environment in milliseconds — removing the environment-reset bottleneck from your training loop. Supports SWE-bench Verified, SWE-Gym, Terminal-bench, and custom task distributions.

AI Coding Agents & Evaluations

Give every agent turn or eval call its own isolated execution environment. The E2B-compatible API means existing SWE-agent, SWE-ReX, and similar frameworks work without modification.

Enterprise Multi-Cluster Deployment

Deploy sandbox pools across multiple clouds or regions. The built-in ExtProc routing layer dispatches requests to the most available cluster transparently — no routing logic required in application code. Supported cloud providers: AWS, Google Cloud, Azure, Alibaba Cloud, Volcengine, Cloudflare.

Coming soon: microVM-backed sandboxes for stronger isolation guarantees.

Documentation

Resource	Link
Documentation site	scitix.github.io/Agent-Sandbox
API Reference (OpenAPI)	/docs/api/sandboxes/CreateSandbox
Installation guide	/docs/installation
Integrations	/docs/integrations
Changelog	/docs/changelog

Contributing

Contributions are welcome — bug reports, feature requests, documentation, and code. Please read CONTRIBUTING.md before submitting a pull request.

All commits must include a Signed-off-by line (DCO). Use git commit -s.

License

Apache License 2.0 — see LICENSE for details.

Directories ¶

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL

Path	Synopsis
api
v1alpha1 Package v1alpha1 contains API Schema definitions for the agents v1alpha1 API group.	Package v1alpha1 contains API Schema definitions for the agents v1alpha1 API group.
cmd
envoyextproc command envoyextproc is the Envoy ExternalProcessor companion process for the agent-sandbox data plane.	envoyextproc is the Envoy ExternalProcessor companion process for the agent-sandbox data plane.
envoyextproc/app Package extproc contains the bootstrap logic for the envoyextproc binary (cmd/envoyextproc).	Package extproc contains the bootstrap logic for the envoyextproc binary (cmd/envoyextproc).
sandbox command sandbox is the open-source build of the agentbox operator.	sandbox is the open-source build of the agentbox operator.
sandbox/app Package controller contains the core bootstrap logic for the agentbox operator (cmd/sandbox).	Package controller contains the core bootstrap logic for the agentbox operator (cmd/sandbox).
sandbox/app/extconfig Package extconfig defines the schema and loader for the extension configuration file (--extension-config).	Package extconfig defines the schema and loader for the extension configuration file (--extension-config).
wsproxy command wsproxy is the AgentBox WebSocket proxy sidecar.	wsproxy is the AgentBox WebSocket proxy sidecar.
wsproxy/app Package wsproxy contains the bootstrap logic for the wsproxy sidecar (cmd/wsproxy).	Package wsproxy contains the bootstrap logic for the wsproxy sidecar (cmd/wsproxy).
pkg
apiserver
apiserver/domain
apiserver/gen Package gen provides primitives to interact with the openapi HTTP API.	Package gen provides primitives to interact with the openapi HTTP API.
apiserver/handlers Package handlers implements the StrictServerInterface generated from the OpenAPI spec.	Package handlers implements the StrictServerInterface generated from the OpenAPI spec.
apiserver/router
apiserver/router/middleware
apiserver/service
controllers/sandboxpool
controllers/sandboxpool/poststarthooks Package poststarthooks executes post-start hook actions on sandbox pods that have just transitioned Starting → Running.	Package poststarthooks executes post-start hook actions on sandbox pods that have just transitioned Starting → Running.
controllers/sandboxtemplate
e2bcompat Package e2bcompat provides an E2B-compatible HTTP API server for AgentBox.	Package e2bcompat provides an E2B-compatible HTTP API server for AgentBox.
e2bcompat/domain Package domain provides E2B-compatible domain conversion utilities.	Package domain provides E2B-compatible domain conversion utilities.
e2bcompat/gen Package e2bgen provides primitives to interact with the openapi HTTP API.	Package e2bgen provides primitives to interact with the openapi HTTP API.
e2bcompat/handlers Package handlers implements the E2B-compatible StrictServerInterface generated by oapi-codegen.	Package handlers implements the E2B-compatible StrictServerInterface generated by oapi-codegen.
e2bcompat/router Package router provides E2B-compatible HTTP route registration.	Package router provides E2B-compatible HTTP route registration.
e2bcompat/router/middleware Package middleware provides E2B-compatible authentication middleware.	Package middleware provides E2B-compatible authentication middleware.
envoy/extproc Package extproc implements an Envoy ExternalProcessor (ExtProc) gRPC server.	Package extproc implements an Envoy ExternalProcessor (ExtProc) gRPC server.
framework Package framework defines the host/extension contract shared by every extension point in AgentBox (SandboxPool lifecycle Plugins, quota Providers, and future Providers such as billing or telemetry).	Package framework defines the host/extension contract shared by every extension point in AgentBox (SandboxPool lifecycle Plugins, quota Providers, and future Providers such as billing or telemetry).
framework/plugins
framework/providers/quota
lifecycle/inplaceupdate
lifecycle/schedule Package schedule implements the per-pool streaming claim scheduler.	Package schedule implements the per-pool streaming claim scheduler.
metrics Package metrics defines and registers all custom Prometheus metrics for AgentBox.	Package metrics defines and registers all custom Prometheus metrics for AgentBox.
proto/sandbox/ctrlplane/v1
proto/sandbox/sync/v1
store
utils/apikey
utils/cluster
utils/dockerconfig Package dockerconfig builds and parses Kubernetes `.dockerconfigjson` payloads for imagePullSecret Secrets of type kubernetes.io/dockerconfigjson.	Package dockerconfig builds and parses Kubernetes `.dockerconfigjson` payloads for imagePullSecret Secrets of type kubernetes.io/dockerconfigjson.
utils/hostalias Package hostalias provides an in-process /etc/hosts-style resolver driven by the Manager-pushed ClusterConfig.HostAliases list.	Package hostalias provides an in-process /etc/hosts-style resolver driven by the Manager-pushed ClusterConfig.HostAliases list.
utils/httpctx Package httpctx provides shared helpers for extracting authentication context from gin-based HTTP handlers.	Package httpctx provides shared helpers for extracting authentication context from gin-based HTTP handlers.
utils/httplog Package httplog centralizes HTTP request logging for the AgentBox API servers.	Package httplog centralizes HTTP request logging for the AgentBox API servers.
utils/imageresolver
utils/indexer
utils/k8sname Package k8sname provides validation for Kubernetes resource names with a stricter variant of RFC 1123 DNS label rules: names must start with a lowercase letter (not a digit).	Package k8sname provides validation for Kubernetes resource names with a stricter variant of RFC 1123 DNS label rules: names must start with a lowercase letter (not a digit).
utils/resource Package resource provides utilities for computing resource sums across Pod containers.	Package resource provides utilities for computing resource sums across Pod containers.
version Package version holds the build-time version for all AgentBox components.	Package version holds the build-time version for all AgentBox components.
wsmux Package wsmux adapts a gorilla/websocket connection into a net.Conn so that yamux can multiplex independent logical streams on top of it, and gRPC can run on top of yamux.	Package wsmux adapts a gorilla/websocket connection into a net.Conn so that yamux can multiplex independent logical streams on top of it, and gRPC can run on top of yamux.
wsproxy/config Package config holds the wsproxy runtime configuration.	Package config holds the wsproxy runtime configuration.
wsproxy/gen Package wsproxygen provides primitives to interact with the openapi HTTP API.	Package wsproxygen provides primitives to interact with the openapi HTTP API.
wsproxy/server Package server provides the two HTTP servers for wsproxy:	Package server provides the two HTTP servers for wsproxy:
wsproxy/syncmgr Package syncmgr implements the WSProxy sync manager that maintains persistent WebSocket connections to every Worker cluster and pushes API key, SandboxTemplate, and ClusterConfig updates.	Package syncmgr implements the WSProxy sync manager that maintains persistent WebSocket connections to every Worker cluster and pushes API key, SandboxTemplate, and ClusterConfig updates.
wsproxy/syncmgr/handlers Package handlers implements the wsproxygen.StrictServerInterface for the internal management API (:9004).	Package handlers implements the wsproxygen.StrictServerInterface for the internal management API (:9004).