Instant, Concurrent, Secure & Lightweight Sandbox Service for AI Agents
中文文档 · Quick Start · Documentation · Discord
Cube Sandbox is a high-performance, out-of-the-box secure sandbox service built on RustVMM and KVM. It supports both single-node deployment and can be easily scaled to a multi-node cluster. It is compatible with the E2B SDK, capable of creating a hardware-isolated sandbox environment with full service capabilities in under 60ms, while maintaining less than 5MB memory overhead.
1.cubesandbox.-.mp4 |
2.cubesandbox.demo.mp4 |
Cube-Sandbox.RL.demo.mp4 |
| Installation & Demo | Performance Test | RL (SWE-Bench) |
- Blazing-fast cold start: Built on resource pool pre-provisioning and snapshot cloning technology, skipping time-consuming initialization entirely. Average end-to-end cold start time for a fully serviceable sandbox is < 60ms.
- High-density deployment on a single node: Extreme memory reuse via CoW technology combined with a Rust-rebuilt, aggressively trimmed runtime keeps per-instance memory overhead below 5MB — run thousands of Agents on a single machine.
- True kernel-level isolation: No more unsafe Docker shared-kernel (Namespace) hacks. Each Agent runs with its own dedicated Guest OS kernel, eliminating container escape risks and enabling safe execution of any LLM-generated code.
- Zero-cost migration (E2B drop-in replacement): Natively compatible with the E2B SDK interface. Just swap one URL environment variable — no business logic changes needed — to migrate from expensive closed-source sandboxes to free Cube Sandbox with better performance.
- Network security: CubeVS, powered by eBPF, enforces strict inter-sandbox network isolation at the kernel level with fine-grained egress traffic filtering policies.
- Ready to use out of the box: One-click deployment with support for both single-node and cluster setups.
- Event-level snapshot rollback (coming soon): High-frequency snapshot rollback at millisecond granularity, enabling rapid fork-based exploration environments from any saved state.
- Production-ready: Cube Sandbox has been validated at scale in Tencent Cloud production environments, proven stable and reliable.
In the context of AI Agent code execution, CubeSandbox achieves the perfect balance of security and performance:
| Metric | Docker Container | Traditional VM | CubeSandbox |
|---|---|---|---|
| Isolation Level | Low (Shared Kernel Namespaces) | High (Dedicated Kernel) | Extreme (Dedicated Kernel + eBPF) |
| Boot Speed | ~200ms | Minutes | Sub-millisecond (<60ms) |
| Memory Overhead | Low (Shared Kernel) | High (Full OS) | Ultra-low (Aggressively stripped, <5MB) |
| Deployment Density | High | Low | Extreme (Thousands per node) |
| E2B SDK Compatible | ❌ No | ❌ No | ✅ Drop-in |
- Cold start benchmarked on bare-metal. 60ms at single concurrency; under 50 concurrent creations, avg 67ms, P95 90ms, P99 137ms — consistently sub-150ms.
- Memory overhead measured with sandbox specs ≤ 32GB. Larger configurations may see a marginal increase.
For detailed metrics on startup latency and resource overhead, please refer to:
|
|
|
| Sub-150ms sandbox delivery under both single and high-concurrency workloads |
CubeSandbox base memory footprint across various instance sizes (*Blue: Sandbox specifications; Orange: Base memory overhead). Note that memory consumption increases only marginally as instance sizes scale up. |
|
⚡ Millisecond-level startup — watch the fast-start flow, then jump into the Quick Start guide.
Launch your first sandbox in 3 steps on a KVM-enabled machine:
- Start the Cube Sandbox Service
curl -sL https://github.com/tencentcloud/CubeSandbox/cube-sandbox/deploy/one-click/online-install.sh | bash- Create a Code Interpreter Sandbox Template
cubemastercli tpl create-from-image \
--image ccr.ccs.tencentyun.com/ags-image/sandbox-code:latest \
--writable-layer-size 1G \
--expose-port 49999 \
--expose-port 49983 \
--probe 49999- Run Your First Agent Code
Set environment variables pointing to the local service: CUBE_TEMPLATE_ID, E2B_API_URL, and E2B_API_KEY, then simply use the official E2B SDK:
export E2B_API_URL="http://127.0.0.1:3000"
# Required: any non-empty value satisfies the SDK check
export E2B_API_KEY="dummy"
# Required: template ID obtained from Step 2 (create-from-image)
export CUBE_TEMPLATE_ID="<your-template-id>"
export SSL_CERT_FILE="$(mkcert -CAROOT)/rootCA.pem"import os
from e2b_code_interpreter import Sandbox # That's right, use the E2B SDK directly!
# CubeSandbox seamlessly intercepts all requests under the hood
with Sandbox.create(template=os.environ["CUBE_TEMPLATE_ID"]) as sandbox:
# Let your LLM-generated code run safely here
result = sandbox.run_code("print('Hello from Cube Sandbox, safely isolated!')")
print(result)Want to explore more? Check out the 📂 examples/ directory, covering scenarios like: code execution, Shell commands, file operations, browser automation, network policies, pause/resume, OpenClaw integration, and RL training.
- 📖 Documentation Home - Complete guide and API reference
- 🔧 Template Concepts - Image-to-Template concepts and workflows
- 🌟 Example Projects - Hands-on examples demonstrating various Cube Sandbox use cases (Browser automation, OpenClaw integration, RL training workflows, etc.)
| Component | Responsibility |
|---|---|
| CubeAPI | High-concurrency REST API Gateway (Rust), compatible with E2B. Swap the URL for seamless migration. |
| CubeMaster | Cluster orchestrator. Receives API requests and dispatches them to corresponding Cubelets. Manages resource scheduling and cluster state. |
| CubeProxy | Reverse proxy, compatible with the E2B protocol, routing requests to the appropriate sandbox instances. |
| Cubelet | Compute node local scheduling component. Manages the complete lifecycle of all sandbox instances on the node. |
| CubeVS | eBPF-based virtual switch, providing kernel-level network isolation and security policy enforcement. |
| CubeRuntime | The core sandbox execution layer, composed of Shim, Hypervisor, and Agent working in tandem. |
👉 For more details, please read the Architecture Design Document and CubeVS Network Model.
We welcome contributions of all kinds—whether it’s a bug report, feature suggestion, documentation improvement, or code submission!
- 🐞 Found a Bug? Submit an issue on GitHub Issues.
- 💡 Have an Idea? Join the conversation in GitHub Discussions.
- 🛠️ Want to Code? Check out our CONTRIBUTING.md to learn how to submit a Pull Request.
- 💬 Want to Chat? Join our Discord.
CubeSandbox is released under the Apache License 2.0.
The birth of CubeSandbox stands on the shoulders of open-source giants. Special thanks to Cloud Hypervisor, Kata Containers, virtiofsd, containerd-shim-rs, ttrpc-rust, and others. We have made tailored modifications to some components to fit the CubeSandbox execution model, and the original in-file copyright notices are preserved.