Instant, Concurrent, Secure & Lightweight Sandbox Service for AI Agents

中文文档 · Quick Start · Documentation · Discord

---

Cube Sandbox is a high-performance, out-of-the-box secure sandbox service built on RustVMM and KVM. It supports both single-node deployment and can be easily scaled to a multi-node cluster. It is compatible with the E2B SDK, capable of creating a hardware-isolated sandbox environment with full service capabilities in under 60ms, while maintaining less than 5MB memory overhead.

Installation & Demo	Performance Test	RL (SWE-Bench)

• Blazing-fast cold start: Built on resource pool pre-provisioning and snapshot cloning technology, skipping time-consuming initialization entirely. Average end-to-end cold start time for a fully serviceable sandbox is < 60ms.
• High-density deployment on a single node: Extreme memory reuse via CoW technology combined with a Rust-rebuilt, aggressively trimmed runtime keeps per-instance memory overhead below 5MB — run thousands of Agents on a single machine.
• True kernel-level isolation: No more unsafe Docker shared-kernel (Namespace) hacks. Each Agent runs with its own dedicated Guest OS kernel, eliminating container escape risks and enabling safe execution of any LLM-generated code.
• Zero-cost migration (E2B drop-in replacement): Natively compatible with the E2B SDK interface. Just swap one URL environment variable — no business logic changes needed — to migrate from expensive closed-source sandboxes to free Cube Sandbox with better performance.
• Network security: CubeVS, powered by eBPF, enforces strict inter-sandbox network isolation at the kernel level with fine-grained egress traffic filtering policies.
• Ready to use out of the box: One-click deployment with support for both single-node and cluster setups.
• Event-level snapshot rollback (coming soon): High-frequency snapshot rollback at millisecond granularity, enabling rapid fork-based exploration environments from any saved state.
• Production-ready: Cube Sandbox has been validated at scale in Tencent Cloud production environments, proven stable and reliable.

In the context of AI Agent code execution, CubeSandbox achieves the perfect balance of security and performance:

Metric	Docker Container	Traditional VM	CubeSandbox
Isolation Level	Low (Shared Kernel Namespaces)	High (Dedicated Kernel)	Extreme (Dedicated Kernel + eBPF)
Boot Speed *Full-OS boot duration	200ms	Seconds	Sub-millisecond (<60ms)
Memory Overhead	Low (Shared Kernel)	High (Full OS)	Ultra-low (Aggressively stripped, <5MB)
Deployment Density	High	Low	Extreme (Thousands per node)
E2B SDK Compatible	/	/	✅ Drop-in

• Cold start benchmarked on bare-metal. 60ms at single concurrency; under 50 concurrent creations, avg 67ms, P95 90ms, P99 137ms — consistently sub-150ms.
• Memory overhead measured with sandbox specs ≤ 32GB. Larger configurations may see a marginal increase.

For detailed metrics on startup latency and resource overhead, please refer to:

Sub-150ms sandbox delivery under both single and high-concurrency workloads		CubeSandbox base memory footprint across various instance sizes (*Blue: Sandbox specifications; Orange: Base memory overhead). Note that memory consumption increases only marginally as instance sizes scale up.

⚡ Millisecond-level startup — watch the fast-start flow, then jump into the Quick Start guide.

Cube Sandbox requires a KVM-enabled x86_64 Linux environment — WSL 2, a Linux physical machine, or a cloud bare-metal server all work.

Don't have one yet?

• Windows users: run wsl --install in an admin PowerShell to set up WSL 2 (requires Windows 11 22H2+, with nested virtualization enabled in BIOS / WSL).
• Others: grab an x86_64 Linux physical machine, or rent a bare-metal server from a cloud provider.

Once your environment is ready, launch your first sandbox in four steps:

1. Prepare the runtime environment (skip this step if you already have an x86_64 bare-metal Linux server)

Run the following on your WSL / Linux machine:

git clone https://github.com/tencentcloud/CubeSandbox.git
# For faster access from mainland China, clone from the mirror instead:
# git clone https://cnb.cool/CubeSandbox/CubeSandbox

cd CubeSandbox/dev-env
./prepare_image.sh   # one-off: download and initialize the runtime image
./run_vm.sh          # boot the environment; keep this terminal open (Ctrl+a x to exit)

In a second terminal, log into the environment you just prepared:

cd CubeSandbox/dev-env && ./login.sh

This drops you into a disposable Linux environment where all the subsequent installation happens, so your host stays clean. See Development Environment for details.

2. Start the Cube Sandbox Service

Inside the environment you entered via login.sh (or directly on your bare-metal server), run one of the following commands depending on your location:

• Global Users (downloads from GitHub):

  curl -sL https://github.com/tencentcloud/CubeSandbox/raw/master/deploy/one-click/online-install.sh | bash
  

• 中国用户请执行这条命令 (Mainland China):

  curl -sL https://cnb.cool/CubeSandbox/CubeSandbox/-/git/raw/master/deploy/one-click/online-install.sh | MIRROR=cn bash
  

See Quick Start — China mainland mirror for details.

3. Create a Code Interpreter Sandbox Template

After installation, create a code interpreter template from the prebuilt image:

cubemastercli tpl create-from-image \
  --image ccr.ccs.tencentyun.com/ags-image/sandbox-code:latest \
  --writable-layer-size 1G \
  --expose-port 49999 \
  --expose-port 49983 \
  --probe 49999

Then run the following command to monitor the build progress:

cubemastercli tpl watch --job-id <job_id>

⚠️ The image is fairly large — downloading, extracting, and building the template may take a while; please be patient.

Wait for the command above to finish and the template status to reach READY. Note the template ID (template_id) from the output — you will need it in the next step.

4. Run Your First Agent Code

Install the Python SDK:

yum install -y python3 python3-pip
pip install e2b-code-interpreter

Set environment variables:

export E2B_API_URL="http://127.0.0.1:3000"
export E2B_API_KEY="dummy"
export CUBE_TEMPLATE_ID="<your-template-id>"  # template ID obtained from Step 3
export SSL_CERT_FILE="$(mkcert -CAROOT)/rootCA.pem"

Run code inside an isolated sandbox:

import os
from e2b_code_interpreter import Sandbox  # drop-in E2B SDK

# Cube Sandbox transparently intercepts all requests
with Sandbox.create(template=os.environ["CUBE_TEMPLATE_ID"]) as sandbox:
    result = sandbox.run_code("print('Hello from Cube Sandbox, safely isolated!')")
    print(result)

See Quick Start — Step 4 for the full variable reference and more examples.

Want to explore more? Check out the 📂 examples/ directory, covering scenarios like: code execution, Shell commands, file operations, browser automation, network policies, pause/resume, OpenClaw integration, and RL training.

• 📖 Documentation Home - Complete guide and API reference
• 🔧 Template Concepts - Image-to-Template concepts and workflows
• 🌟 Example Projects - Hands-on examples demonstrating various Cube Sandbox use cases (Browser automation, OpenClaw integration, RL training workflows, etc.)
• 💻 Development Environment (QEMU VM) - No bare-metal? Spin up a disposable OpenCloudOS 9 VM and run Cube Sandbox inside it

Component	Responsibility
CubeAPI	High-concurrency REST API Gateway (Rust), compatible with E2B. Swap the URL for seamless migration.
CubeMaster	Cluster orchestrator. Receives API requests and dispatches them to corresponding Cubelets. Manages resource scheduling and cluster state.
CubeProxy	Reverse proxy, compatible with the E2B protocol, routing requests to the appropriate sandbox instances.
Cubelet	Compute node local scheduling component. Manages the complete lifecycle of all sandbox instances on the node.
CubeVS	eBPF-based virtual switch, providing kernel-level network isolation and security policy enforcement.
CubeHypervisor & CubeShim	Virtualization layer — CubeHypervisor manages KVM MicroVMs, CubeShim implements the containerd Shim v2 API to integrate sandboxes into the container runtime.

👉 For more details, please read the Architecture Design Document and CubeVS Network Model.

We welcome contributions of all kinds—whether it’s a bug report, feature suggestion, documentation improvement, or code submission!

• 🐞 Found a Bug? Submit an issue on GitHub Issues.
• 💡 Have an Idea? Join the conversation in GitHub Discussions.
• 🛠️ Want to Code? Check out our CONTRIBUTING.md to learn how to submit a Pull Request.
• 💬 Want to Chat? Join our Discord.

CubeSandbox is released under the Apache License 2.0.

The birth of CubeSandbox stands on the shoulders of open-source giants. Special thanks to Cloud Hypervisor, Kata Containers, virtiofsd, containerd-shim-rs, ttrpc-rust, and others. We have made tailored modifications to some components to fit the CubeSandbox execution model, and the original in-file copyright notices are preserved.