Instant, Concurrent, Secure & Lightweight Sandbox Service for AI Agents
中文文档 · Quick Start · Documentation · Changelog · X(Twitter)
Cube Sandbox is a high-performance, out-of-the-box secure sandbox service built on RustVMM and KVM. It supports both single-node deployment and easy scaling to multi-node clusters. It is compatible with the E2B SDK and can create a hardware-isolated, fully serviceable sandbox in under 60ms with less than 5MB of memory overhead.
|
Snapshot, Clone & Rollback at hundred-millisecond granularity CubeSandbox 0.3.0 introduces the CubeCoW Copy-on-Write snapshot engine, enabling event-level snapshots, instant cloning, and rollback to any saved state. Changelog → |
|
Security hardening & E2B compatibility improvements Patched CVE-2023-50711 and other vulnerabilities, aligned default ports with the E2B protocol, and shipped critical stability fixes. Changelog → |
|
🎉 Initial open-source release Cube Sandbox is now open source! Millisecond boot, hardware-level isolation, E2B-compatible sandbox for AI Agents. Changelog → |
1.cubesandbox.-.mp4 |
2.cubesandbox.demo.mp4 |
Cube-Sandbox.RL.demo.mp4 |
| Installation & Demo | Performance Test | RL (SWE-Bench) |
- Blazing-fast cold start: Built on resource pool pre-provisioning and snapshot cloning technology, skipping time-consuming initialization entirely. Average end-to-end cold start time for a fully serviceable sandbox is < 60ms.
- High-density deployment on a single node: Extreme memory reuse via CoW technology combined with a Rust-rebuilt, aggressively trimmed runtime keeps per-instance memory overhead below 5MB — run thousands of Agents on a single machine.
- True kernel-level isolation: No more unsafe Docker shared-kernel (Namespace) hacks. Each Agent runs with its own dedicated Guest OS kernel, eliminating container escape risks and enabling safe execution of any LLM-generated code.
- Zero-cost migration (E2B drop-in replacement): Natively compatible with the E2B SDK interface. Just swap one URL environment variable — no business logic changes needed — to migrate from expensive closed-source sandboxes to free Cube Sandbox with better performance.
- Network security: CubeVS, powered by eBPF, enforces strict inter-sandbox network isolation at the kernel level with fine-grained egress traffic filtering policies.
- Ready to use out of the box: One-click deployment with support for both single-node and cluster setups.
- Event-level snapshot rollback: High-frequency snapshot rollback at millisecond granularity. Create checkpoints on running sandboxes, roll back to any saved state, or fork into parallel exploration environments from any saved state.
- Production-ready: Cube Sandbox has been validated at scale in Tencent Cloud production environments, proven stable and reliable.
In the context of AI Agent code execution, CubeSandbox achieves the perfect balance of security and performance:
| Metric | Docker Container | Traditional VM | CubeSandbox |
|---|---|---|---|
| Isolation Level | Low (Shared Kernel Namespaces) | High (Dedicated Kernel) | Extreme (Dedicated Kernel + eBPF) |
| Boot Speed *Full-OS boot duration |
200ms | Seconds | Sub-millisecond (<60ms) |
| Memory Overhead | Low (Shared Kernel) | High (Full OS) | Ultra-low (Aggressively stripped, <5MB) |
| Deployment Density | High | Low | Extreme (Thousands per node) |
| E2B SDK Compatible | / | / | ✅ Drop-in |
- Cold start benchmarked on bare-metal. 60ms at single concurrency; under 50 concurrent creations, avg 67ms, P95 90ms, P99 137ms — consistently sub-150ms.
- Memory overhead measured with sandbox specs ≤ 32GB. Larger configurations may see a marginal increase.
For detailed metrics on startup latency and resource overhead, please refer to:
|
|
|
| Sub-150ms sandbox delivery under both single and high-concurrency workloads |
CubeSandbox base memory footprint across various instance sizes (*Blue: Sandbox specifications; Orange: Base memory overhead). Note that memory consumption increases only marginally as instance sizes scale up. |
|
⚡ Millisecond-level startup — watch the fast-start flow, then jump into the Quick Start guide.
Cube Sandbox requires an x86_64 Linux environment with KVM support.
The guide walks you through everything in four steps — provisioning a server, installing Cube Sandbox, creating a sandbox template, and running your first agent code. No source build needed, up and running in minutes.
Choose your deployment path:
|
🖥 PVM · Cloud VM →
🏆 Recommended |
🏗 Bare Metal → |
💻 Dev-Env →
|
- 📖 Documentation Home - Complete guide and API reference
- 🔧 Template Concepts - Image-to-Template concepts and workflows
- 🌟 Example Projects - Hands-on examples (code execution, browser automation, OpenClaw integration, RL training, etc.)
- 📂
examples/- Runnable example code covering Shell commands, file operations, network policies, pause/resume, and more - 💻 Development Environment (QEMU VM) - No KVM? Spin up a disposable VM and run Cube Sandbox inside it
- ☁️ PVM Deployment - Deploy on ordinary cloud VMs without bare-metal or nested virtualization
| Component | Responsibility |
|---|---|
| CubeAPI | High-concurrency REST API Gateway (Rust), compatible with E2B. Swap the URL for seamless migration. |
| CubeMaster | Cluster orchestrator. Receives API requests and dispatches them to corresponding Cubelets. Manages resource scheduling and cluster state. |
| CubeProxy | Reverse proxy, compatible with the E2B protocol, routing requests to the appropriate sandbox instances. |
| Cubelet | Compute node local scheduling component. Manages the complete lifecycle of all sandbox instances on the node. |
| CubeVS | eBPF-based virtual switch, providing kernel-level network isolation and security policy enforcement. |
| CubeHypervisor & CubeShim | Virtualization layer — CubeHypervisor manages KVM MicroVMs, CubeShim implements the containerd Shim v2 API to integrate sandboxes into the container runtime. |
👉 For more details, please read the Architecture Design Document and CubeVS Network Model.
We welcome contributions of all kinds—whether it’s a bug report, feature suggestion, documentation improvement, or code submission!
- 🐞 Found a Bug or have questions? Submit an issue on GitHub Issues.
- 💡 Have an Idea? Join the conversation in GitHub Discussions.
- 🛠️ Want to Code? Check out our CONTRIBUTING.md to learn how to submit a Pull Request.
- 📝 Want to contribute docs? Submit bilingual PRs to our community doc channels: Troubleshooting, Use Cases, and Integrations.
- 💬 Want to Chat? Join our Discord.
CubeSandbox is released under the Apache License 2.0.
The birth of CubeSandbox stands on the shoulders of open-source giants. Special thanks to Cloud Hypervisor, Kata Containers, virtiofsd, containerd-shim-rs, ttrpc-rust, and others. We have made tailored modifications to some components to fit the CubeSandbox execution model, and the original in-file copyright notices are preserved.