pook/cubesandbox
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
KVM-based sandbox for secure AI agent code execution, email scanning, and CI isolation
11 commits 1 branch 0 tags 68 KiB
  • Dockerfile 62.7%
  • Shell 37.3%
Find a file
Exact
pookNast 0fb2231879
Some checks failed
CI / Secrets Scan (push) Failing after 6s
Details
CI / Lint & Typecheck (push) Has been skipped
Details
CI / Test (push) Has been skipped
Details
CI / Docker Build (push) Has been skipped
Details
chore: standardize .gitignore for CI pipeline 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-26 20:49:30 -04:00
.forgejo/workflows ci: add standardized Forgejo Actions CI/CD workflows 2026-04-26 20:09:15 -04:00
docs feat: [RALPH A1] Build Distroless Base Guest Image (static envd) 2026-04-22 17:37:32 -04:00
images feat: [RALPH A2] Build Agent-Exec Guest Image (Devuan) 2026-04-22 18:27:37 -04:00
.gitignore chore: standardize .gitignore for CI pipeline 2026-04-26 20:49:30 -04:00
adversarial-audit.md fix: QC audit remediation — 14 issues across 5 domains 2026-04-22 11:26:40 -04:00
gap-analysis.md fix: QC audit remediation — 14 issues across 5 domains 2026-04-22 11:26:40 -04:00
prd.json fix: QC audit remediation — 14 issues across 5 domains 2026-04-22 11:26:40 -04:00
README.md Initial commit: CubeSandbox integration plan 2026-04-22 07:35:18 -04:00

README.md

CubeSandbox Integration

KVM-based sandbox service for secure AI agent code execution, email scanning, and CI isolation.

Source

Planned Use Cases

  1. Agent task execution — Replace --dangerously-skip-permissions Claude CLI with sandboxed execution
  2. Email attachment scanning — Behavioral analysis in isolated VM (ClamAV + oletools)
  3. PR test isolation — Each PR test in its own hardware-isolated VM
  4. Dependency auditing — Install untrusted packages, monitor network calls via eBPF
  5. Client code sandbox — ContractPilot/ComplianceBot code review in isolation
  6. OpenClaw plugin execution — Untrusted LLM-generated code runs in VM

Architecture

Agent Worker → CubeAPI (REST) → CubeMaster → Cubelet → CubeHypervisor (KVM)
                                     ↓
                                 CubeVS (eBPF network isolation)

Requirements

  • Linux host with KVM (/dev/kvm)
  • x86_64 with Intel VT / AMD-V
  • 8+ CPU cores, 16+ GB RAM recommended
  • BatKave: bare metal, KVM ready
  • VPS: likely no nested KVM (Contabo)

Key Specs

Metric Value
Cold start <60ms
Memory overhead <5MB per sandbox
API E2B-compatible REST
Network isolation eBPF (blocks LAN, per-sandbox egress policy)
Guest images Any OCI/Docker + envd daemon
License Apache 2.0

Integration Points

  • apps/worker/src/executor.ts — swap runCommand('claude-glm', ...) for CubeSandbox API call
  • apps/monitor/ — add CubeSandbox health check endpoint
  • Custom guest images: Ubuntu 22.04 + ClamAV + oletools (email), Node+Python (agent tasks)

Status

PLANNING — pending BatKave deployment and guest image build.