CubeSandbox: Tencent's sandbox for ai agents

Instant, Concurrent, Secure & Lightweight Sandbox Service for AI Agents 中文文档 · Quick Start · Documentation · Discord Cube Sandbox is a high-performance, out-of-the-box secure sandbox service built on RustVMM and KVM. It supports both single-node deployment and can be easily scaled to a multi-node cluster. It is compatible with the E2B SDK, capable of creating a hardware-isolated sandbox environment with full service capabilities in under 60ms, while maintaining less than 5MB memory overhead. 1.cubesandbox.-.mp4 | 2.cubesandbox.demo.mp4 | Cube-Sandbox.RL.demo.mp4 | | Installation & Demo | Performance Test | RL (SWE-Bench) | - Blazing-fast cold start: Built on resource pool pre-provisioning and snapshot cloning technology, skipping time-consuming initialization entirely. Average end-to-end cold start time for a fully serviceable sandbox is Wait for the command above to finish and the template status to reach READY . Note the template ID (template_id ) from the output — you will need it in the next step. - Run Your First Agent Code Install the Python SDK: yum install -y python3 python3-pip pip install e2b-code-interpreter Set environment variables: export E2B_API_URL="http://127.0.0.1:3000" export E2B_API_KEY="dummy" export CUBE_TEMPLATE_ID="" # template ID obtained from Step 3 export SSL_CERT_FILE="$(mkcert -CAROOT)/rootCA.pem" Run code inside an isolated sandbox: import os from e2b_code_interpreter import Sandbox # drop-in E2B SDK # Cube Sandbox transparently intercepts all requests with Sandbox.create(template=os.environ["CUBE_TEMPLATE_ID"]) as sandbox: result = sandbox.run_code("print('Hello from Cube Sandbox, safely isolated!')") print(result) See Quick Start — Step 4 for the full variable reference and more examples. Want to explore more? Check out the 📂 examples/ directory, covering scenarios like: code execution, Shell commands, file operations, browser automation, network policies, pause/resume, OpenClaw integration, and RL training. - 📖 Documentation Home - Complete guide and API reference - 🔧 Template Concepts - Image-to-Template concepts and workflows - 🌟 Example Projects - Hands-on examples demonstrating various Cube Sandbox use cases (Browser automation, OpenClaw integration, RL training workflows, etc.) - 💻 Development Environment (QEMU VM) - No bare-metal? Spin up a disposable OpenCloudOS 9 VM and run Cube Sandbox inside it | Component | Responsibility | |---|---| | CubeAPI | High-concurrency REST API Gateway (Rust), compatible with E2B. Swap the URL for seamless migration. | | CubeMaster | Cluster orchestrator. Receives API requests and dispatches them to corresponding Cubelets. Manages resource scheduling and cluster state. | | CubeProxy | Reverse proxy, compatible with the E2B protocol, routing requests to the appropriate sandbox instances. | | Cubelet | Compute node local scheduling component. Manages the complete lifecycle of all sandbox instances on the node. | | CubeVS | eBPF-based virtual switch, providing kernel-level network isolation and security policy enforcement. | | CubeHypervisor & CubeShim | Virtualization layer — CubeHypervisor manages KVM MicroVMs, CubeShim implements the containerd Shim v2 API to integrate sandboxes into the container runtime. | 👉 For more details, please read the Architecture Design Document and CubeVS Network Model. We welcome contributions of all kinds—whether it’s a bug report, feature suggestion, documentation improvement, or code submission! - 🐞 Found a Bug? Submit an issue on GitHub Issues. - 💡 Have an Idea? Join the conversation in GitHub Discussions. - 🛠️ Want to Code? Check out our CONTRIBUTING.md to learn how to submit a Pull Request. - 💬 Want to Chat? Join our Discord. CubeSandbox is released under the Apache License 2.0. The birth of CubeSandbox stands on the shoulders of open-source giants. Special thanks to Cloud Hypervisor, Kata Containers, virtiofsd, containerd-shim-rs, ttrpc-rust, and others. We have made tailored modifications to some components to fit the CubeSandbox execution model, and the original in-file copyright notices are preserved.