logo of Akmatori
GitHub
Skip to main content
28.02.2026

OpenSandbox: Run AI Agents Safely at Scale

head-image

AI coding agents like Claude Code and Gemini CLI can execute arbitrary code, making them powerful but potentially dangerous. SRE teams need isolation guarantees before deploying these tools in production. OpenSandbox provides that foundation with a battle-tested sandbox platform from Alibaba.

What is OpenSandbox?

OpenSandbox is a general-purpose sandbox platform for AI applications. It provides lifecycle management, code execution, and network controls through a unified API. Originally developed for Alibaba's internal AI infrastructure, it now supports scenarios like coding agents, browser automation, agent evaluation, and reinforcement learning training.

Key Features

  • Multi-language SDKs: Python, Java/Kotlin, TypeScript, C# and Go (roadmap) clients available
  • Kubernetes native: High-performance scheduler integrates with kubernetes-sigs/agent-sandbox
  • Network policy controls: Built-in ingress gateway with per-sandbox egress restrictions
  • Code interpreter: Execute Python, shell commands, and file operations in isolated environments
  • Agent integrations: Ready-made examples for Claude Code, Codex CLI, Gemini CLI, and LangGraph

Quick Start

Install the sandbox server and SDK:

uv pip install opensandbox-server opensandbox-code-interpreter
opensandbox-server init-config ~/.sandbox.toml --example docker
opensandbox-server

Create a sandbox and run code:

from opensandbox import Sandbox

async with await Sandbox.create(
    "opensandbox/code-interpreter:v1.0.1",
    timeout=timedelta(minutes=10),
) as sandbox:
    result = await sandbox.commands.run("echo 'Hello from sandbox!'")
    print(result.logs.stdout[0].text)

Operational Tips

For production deployments, use the Kubernetes runtime instead of Docker. OpenSandbox integrates with the kubernetes-sigs/agent-sandbox project for distributed scheduling. Configure egress controls to restrict network access per sandbox, preventing data exfiltration from compromised agents.

The ingress component supports multiple routing strategies, letting you expose sandbox services through a unified gateway while maintaining isolation between tenants.

Conclusion

OpenSandbox solves a real problem for teams deploying AI agents: how to give them code execution capabilities without risking your infrastructure. The combination of multi-language SDKs, Kubernetes-native scheduling, and fine-grained network controls makes it production-ready.

Check out OpenSandbox on GitHub and explore the examples for Claude Code, browser automation, and RL training scenarios.

For teams building AI-powered infrastructure, Akmatori provides an open source AI agent platform for SRE teams, hosted on Gcore edge infrastructure for low-latency operations worldwide.

Akmatori team

Automate incident response and prevent on-call burnout with AI-driven agents!

Try Akmatori for free