Void-Box logo Void-Box

AI Agent Sandboxing with VoidBox

Most agent systems run tools in shared host processes. VoidBox takes a stricter model: declare capabilities as skills, then execute them inside isolated micro-VM boundaries.

1. Why this matters

Agents execute untrusted tool paths: shell commands, API clients, filesystem writes, and model-controlled side effects. Isolation is not optional if you want strong boundaries.

2. VoidBox model

VoidBox = Agent(Skills) + Isolation

  • Skills define what the agent is allowed to do.
  • Environment boundary defines where it can do it.
  • Policy controls enforce limits while running.

3. Minimal setup

use void_box::agent_box::VoidBox;
use void_box::llm::LlmProvider;
use void_box::skill::Skill;

let agent = VoidBox::new("researcher")
    .skill(Skill::agent("claude-code"))
    .skill(Skill::file("skills/research-method.md"))
    .llm(LlmProvider::Claude)
    .prompt("Summarize today's top HN stories")
    .memory_mb(1024)
    .network(true)
    .build()?;

let result = agent.run(None, None).await?;

4. Runtime truth

Runtime selection is explicit:

  • claude, claude-personal, ollama, lm-studio, and custom run claude-code.
  • codex runs codex.

5. Production checklist

  • Use production guest image for runtime flows.
  • Set kernel/initramfs explicitly.
  • Enable run event collection and persistence for traceability.

6. Next

Continue with Architecture, Runtime Model, and Events and Observability.