OpenShell
ActiveDescription
OpenShell is the safe, private runtime for autonomous AI agents, developed by NVIDIA. Provides controlled execution environments and resource management.
Key Features
- Sandboxed execution environments protecting data, credentials, and infrastructure with declarative YAML policies
- Four defense-in-depth layers: filesystem, network, process, and inference policy enforcement
- Hot-reloadable network and inference policies via `openshell policy set` without restarting sandboxes
- Privacy-aware LLM routing that keeps sensitive context on sandbox compute via the Privacy Router
- Provider system for managing agent credentials (API keys, tokens) injected as environment variables at runtime
- GPU passthrough support for local inference and fine-tuning workloads (experimental)
Use Cases
💡 Running untrusted AI coding agents (Claude, Codex, Cursor) in isolated sandboxes to protect host systems
💡 Enforcing L7 network policies on agent outbound traffic to prevent data exfiltration
💡 Managing agent credentials securely without exposing API keys to the sandbox filesystem
💡 Deploying agent sandboxes on Kubernetes with declarative policy-as-code governance
Categories
Quick Start
1. Install: `curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | sh`
2. Create a sandbox: `openshell sandbox create -- claude`
3. Connect to the sandbox: `openshell sandbox connect <sandbox-name>`
4. Apply a network policy: `openshell policy set <name> --policy policy.yaml --wait`