# container-isolation

Enterprise-grade sandbox for AI agent code execution

OpenSandbox is an open-source sandbox platform from Alibaba providing secure, isolated execution environments for AI coding agents. It supports Python, Java, JavaScript, and C# SDKs with a unified Sandbox Protocol for custom runtimes. Integrates with Docker and Kubernetes, offering isolation through gVisor, Kata Containers, and Firecracker microVMs with per-sandbox network controls.

Google's application kernel for container sandboxing and security

gVisor is Google's open-source container runtime sandbox that provides an additional layer of isolation between containerized applications and the host kernel. It implements a user-space application kernel that intercepts system calls, preventing container escapes and limiting the attack surface. Used in Google Cloud Run, GKE Sandbox, and other Google Cloud services. Over 18,000 GitHub stars.