Best Sandbox & Execution Top 20
Top 20 most popular open-source Sandbox & Execution projects, ranked by GitHub Stars.
DeerFlow
75.6k StarsAn open-source long-horizon SuperAgent harness by ByteDance that researches, codes, and creates with sandboxes, memories, tools, skills, subagents and message gateway for complex tasks.
Daytona
72.3k StarsDaytona provides secure development-environment infrastructure for coding agents and automation workflows, serving as a runtime base for remote execution tasks.
Firecracker
35.2k StarsLightweight microVM runtime by AWS, designed for containers and functions.
CUA
19.2k StarsCUA provides open-source infrastructure for Computer-Use Agents, including sandboxes, SDKs, and benchmarks to train and evaluate AI agents that control full desktops (macOS, Linux, Windows).
gVisor
18.6k StarsGoogle's user-space kernel sandbox that intercepts container syscalls.
Context Mode
18.4k StarsContext Mode is a context window optimization tool for AI coding agents that sandboxes tool output for 98% context reduction across 12 major platforms.
keploy
17.8k StarsKeploy is an open-source sandbox platform for API and E2E testing that records and replays real traffic inside an isolated environment to generate test cases.
E2B
12.8k StarsE2B provides secure cloud sandboxes for AI agents, supporting code execution, file operations, and isolated compute as an execution layer for coding and automation workflows.
E2B
12.8k StarsCloud code sandbox purpose-built for AI agents.
OpenSandbox
11.7k StarsOpenSandbox is an open-source, secure, fast, and extensible sandbox runtime for AI agents, developed by Alibaba.
OpenSandbox
11.7k StarsOpenSandbox is a multi-tenant sandbox execution environment for AI agents, providing secure isolated runtimes for arbitrary code and tool calls.
Databend
9.4k StarsA Data Agent Ready Warehouse unifying Analytics, Search, AI, and Python Sandbox in one system. Runs on your S3 with built-in vector search, full-text search, and Python execution for AI-powered data analysis.
Kata Containers
8.2k StarsLightweight VM sandboxes with a container interface from Kata Containers.
Steel Browser
7.3k StarsSteel Browser is an open-source browser sandbox purpose-built for AI agents and applications. It provides a full browser API with session management, proxy integration, and built-in anti-detection, enabling web automation without infrastructure headaches.
flue
7.0k StarsFlue is an Astro-native toolkit for building AI agent applications, providing streaming, tool use, and structured output helpers for Astro endpoints.
Microsandbox
6.8k StarsSecure, local, cross-platform and programmable sandboxes for AI agents. Provides strict resource isolation using microVM technology.
CubeSandbox
6.6k StarsA high-performance, secure sandbox service for AI agents by Tencent Cloud, built on RustVMM and KVM with hardware-level isolation, sub-60ms cold start, <5MB memory overhead, and E2B SDK compatibility.
Sandcastle
6.5k StarsA TypeScript tool for orchestrating sandboxed coding agents with secure execution environments powered by sandcastle.run.
Omnigent
5.8k StarsOpen-source AI agent framework and meta-orchestrator that unifies Claude Code, Codex, Cursor, Pi, and custom agents with policy enforcement, sandboxing, and real-time collaboration.
Agent Sandbox
5.3k StarsAll-in-One Sandbox for AI Agents that combines Browser, Shell, File, MCP and VSCode Server in a single Docker container, providing a secure isolated execution environment for agents.
Related Articles
Sandboxing Code Execution in AI Agents: From Docker to microVMs, a Decision Matrix
A side-by-side comparison of five sandbox technologies, weighing latency, security, and ops cost.
Sandboxing AI Agents: Isolation Strategies for Safe Code Execution
Comparing container, WebAssembly, and process-level isolation approaches, with practical code for safely executing agent-generated code.
Browser Agents in Practice: Architecture and Pitfalls of AI-Controlled Browsers
Breaking down three abstraction layers for browser automation—from raw Playwright to structured extraction—with production patterns, runnable code, and common pitfalls.