Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
Sandbox: Run untrusted AI code safely, fast(github.com)
48 points by vortex_ape 7 days ago | 14 comments
mijoharas an hour ago | parent | next [-]

This seemed quite interesting but it seems to run them on GCP rather than locally.

I had a brief glance at running firecracker VM's locally as that sounded interesting, but it doesn't seem too easy.

Does anyone know of any good solution that improve the UX of that (running some firecracker VM's locally)?

l9o an hour ago | parent [-]

Out of curiosity, what would be an ideal UX for you? I'm working on a Rust library for this exact problem (CLI and language bindings should be easy to add).

It uses KVM directly on Linux and Virtualization.framework on macOS, with a builder API for VM configuration. For AI sandboxing specifically, it has a higher-level "sandbox" mode with a guest agent for structured command execution and file I/O over vsock. You get proper exit codes and stdout/stderr without console scraping.

Also supports pre-warmed VM pools for fast startup and shared directories via virtio-fs.

I'm planning to support OCI images, but not sure if that's important to people. I typically just build my own root disks with Nix.

vosper an hour ago | parent [-]

If you have a link to your project that you could share I'd be interested in following it - this sounds like something I might want to use one day.

l9o 44 minutes ago | parent [-]

Not yet! But I will make sure to link here once it's up in a few days (or post to HN? not sure what the etiquette around self-promotion is these days). It's somewhat functional but not usable by anyone other than me at this point most likely (:

TOMDM an hour ago | parent | prev | next [-]

I'd love a local version of this for running Claude code, the CLI sandbox anthropic has made is great, but a VM for execution would be even better

mkagenius 36 minutes ago | parent [-]

I made a comment about this, if you are on macOS - Coderunner (https://github.com/instavm/coderunner)

mkagenius 5 hours ago | parent | prev | next [-]

If you don't want to depend on cloud, have a mac, then you can run a sandbox locally on you mac. I have built an apple container (not docker) based sandbox to run arbitrary code - coderunner[1]. It is quite fast. And apple container provides one vm per container unlike docker on macos which shares the vm across all containers. Coderunner is good for processing sensitive docs locally in a secure sandbox.

1. coderunner - https://github.com/instavm/coderunner

zingar 2 hours ago | parent [-]

In the coderunner read me it talks about reading files without sending them to the cloud. Does that mean there is something agentic going on? That’s more than I expect from something called a sandbox.

Also if it is agentic, why is it less cloud based than eg Claude code? Are there LLMs running locally?

mkagenius an hour ago | parent [-]

Regarding files, they are volume mapped (local <--> sandbox) as with docker.

It's not agentic - agents can use it to execute code. Those agents can be powered by any LLM including local.

maxdo 2 hours ago | parent | prev | next [-]

Not affiliated in any way , but just outsourced that to modal.com , extremely cheap . For millions of runs I paid to date $30 usd

2 hours ago | parent | prev | next [-]
[deleted]
ATechGuy an hour ago | parent | prev | next [-]

Genuine question: why not just use GCP/AWS VMs for agentic execution? What is missing?

sh4rks 3 hours ago | parent | prev | next [-]

How is this different from the several other alternatives?

quotemstr 2 hours ago | parent | prev [-]

Firecracker: so no virtiofs? Shame.