Alibaba released OpenSandboxReleased under the GNU General Public License, this open-source software provides AI agents with isolated, secure environments to execute code, browse websites, and train models. The release was made under the Apache 2.0 license, the proposed system targets to standardize the ‘execution layer’ of the AI agent stack, offering a unified API that functions across various programming languages and infrastructure providers. Alibaba uses the same infrastructure to run large AI workloads.
Agentic Workflows and the Gap Between Technical Standards
Building an autonomous agent typically involves two components: the ‘brain’ (usually a Large Language Model) and the ‘tools’ (code execution, web access, or file manipulation). In order to provide these tools with a safe environment, developers had to manually configure Docker Containers, manage complex networks isolation, or depend on third-party interfaces.
OpenSandbox provides a standard, secure environment that allows agents to execute code arbitrary or interact with the interfaces of a host system without compromising its integrity. It abstracts infrastructure and allows developers to transition from local deployment to large-scale production using one API.
Architecture
OpenSandbox architecture is based on the OpenSandbox framework. Built on a four-layer modular stack—comprising the Layers of SDKs, Specs, Runtime, and Sandbox instances—designed to decouple client logic from execution environments. FastAPI is used to control the lifecycles of sandboxes through the Docker/Kubernetes runtimes. The communication between the two systems (Sandbox Lifecycle and Execution Specs) are standardized using OpenAPI. Within each isolated container, OpenSandbox injects a high-performance Go-based execution daemon (execd) that interfaces with internal Jupyter kernels to provide stateful code execution, real-time output streaming via Server-Sent Events (SSE), and comprehensive filesystem management, ensuring a ‘protocol-first’ approach that remains consistent across any base container image.
Core technical Capabilities
OpenSandbox is designed to be environment-agnostic. It has support for Docker For local development Kubernetes for distributed, production-grade runs. Sandboxes are available in four main types:
- Coders Agents Agents can create, debug, and test code in environments optimized for software development.
- GUI Agents The full range of Supports VNC desktopsAgents can interact with GUIs.
- Code Execution Runtimes with high performance for specific scripts and computational tasks.
- RL training: Iterative, safe training can be done in isolated environments that are tailored to Reinforcement-Learning (RL) workloads.
This system uses a Unified APIOpenSandbox provides SDKs for Android, iOS and Windows. OpenSandbox currently provides SDKs to support TypeScript in Python and Java/KotlinWith a C# and go The development roadmap includes a list of the following:
Support for Ecosystem Integration
OpenSandbox’s native compatibility is a key feature. It allows it to work with AI frameworks, developer tools and existing AI frameworks. By providing a secure execution layer, it allows agents built on various platforms to perform ‘real-world’ actions. The current integrations supported include:
- Model Interfaces: OpenAI Codex and Claude Code.
- Instrumentation Frameworks LangGraph and Google ADK
- Automation Tools Use Chrome or Playwright to perform browser-based work.
- Visualization: Fully VNC supported for visual interaction.
This means that an agent can be tasked with ‘scraping a website and training a linear regression model’ within a single, isolated session. The agent uses Playwright to navigate the web, downloads data to the sandbox’s local file system, and executes Python code to process that data—all without leaving the secured OpenSandbox environment.
Deployment, Configuration and Installation
This project is focused on a developer-friendly experience. Three commands are required to set up a local server through the CLI:
Pip Install opensandbox server— Installs the server components.opensandbox-server init-config— Generates the necessary configuration files for the environment.opensandbox-server— Launches the server and exposes the API for agent interaction.
After the server runs, the SDKs provided allow developers to manage and terminate sandboxes using a programmatic interface. This reduces the operational overhead of ‘stitching together’ multiple tools for file management, process isolation, and network proxying.
What you need to know
- Unified, Language-Agnostic Execution: OpenSandbox is a standard API that allows AI agents to run code, navigate the internet, and interact GUIs. Although it currently supports TypeScript in Python and Java/KotlinSDKs are available for C# and go The road map is a good place to start.
- Infrastructure Flexibility (Docker & Kubernetes): It is designed for seamless scaling from the local development machine of a developer to production-quality machines in an enterprise. The tool uses Docker For local isolation Kubernetes for distributed, large-scale deployments, eliminating the ‘environment drift’ often found when moving agents from dev to cloud.
- Broad Ecosystem Inclusion: The plug-in is designed to work with leading AI frameworks, such as LangGraph is a combination of Claude Code (also known as Gemini CLI), OpenAI Codex and Google ADKAs well as automation library like Playwright and chrome.
- Elimination of ‘Sandbox Dependency’: We provide a free and open-source solution under the Apache 2.0 licenseAlibaba eliminates dependency on managed, expensive sandboxes that charge by-the-minute or lock in vendors.
- High-Fidelity Interaction (VNC & Web): OpenSandbox is more than just a simple script execution tool. Full VNC Desktops Browser automation. This allows agents to perform complex, multi-modal tasks—such as navigating web interfaces or using desktop applications—within a secure, ‘blast-resistant’ environment.
Click here to find out more Repo, Docs The following are some examples of how to get started: Examples. Also, feel free to follow us on Twitter Don’t forget about our 120k+ ML SubReddit Subscribe Now our Newsletter. Wait! Are you using Telegram? now you can join us on telegram as well.
