🧊 CubeSandbox：腾讯云开源的 60ms 冷启动沙箱，AI Agent 安全执行代码的终极方案 | 5.4k Stars

这玩意儿是干啥的

CubeSandbox 是腾讯云开源的一个高性能安全沙箱服务，专门给 AI Agent 跑代码用的。底层基于 RustVMM + KVM，每个 Agent 独立内核隔离，冷启动 < 60ms，单实例内存开销 < 5MB。

对比一下：Docker 的 shared-kernel 隔离不够安全，传统 VM 启动要好几秒。CubeSandbox 一个单节点能跑几千个 Agent，每个都有自己的 Guest OS 内核，不存在容器逃逸问题。

核心数据

| 指标 | Docker | 传统 VM | CubeSandbox |

|------|--------|---------|-------------|

| 隔离级别 | 低（共享内核 Namespace） | 高（独立内核） | 极致（独立内核 + eBPF） |

| 启动速度 | 200ms | 秒级 | < 60ms |

| 内存开销 | 低（共享内核） | 高（完整 OS） | < 5MB |

| 部署密度 | 高 | 低 | 单节点数千个 |

| E2B SDK 兼容 | — | — | ✅ 即插即用 |

50 并发创建场景下，平均 67ms，P95 90ms，P99 137ms——稳稳压在 150ms 以内。

上手姿势

# 1. 克隆 + 启动开发 VM
git clone https://github.com/tencentcloud/CubeSandbox.git
cd CubeSandbox/dev-env
./prepare_image.sh
./run_vm.sh   # 保持这个终端开着

# 2. 另一个终端 SSH 进去
cd CubeSandbox/dev-env
./login.sh

# 3. 一键安装
curl -sL https://github.com/tencentcloud/CubeSandbox/raw/master/deploy/one-click/online-install.sh | bash

# 4. 创建模板
cubemastercli tpl create-from-image \
  --image cube-sandbox-int.tencentcloudcr.com/cube-sandbox/sandbox-code:latest \
  --writable-layer-size 1G \
  --expose-port 49999 \
  --probe 49999

# 5. 用 E2B SDK 跑代码
pip install e2b-code-interpreter
export E2B_API_URL="http://127.0.0.1:3000"
export CUBE_TEMPLATE_ID="<your-template-id>"

import os
from e2b_code_interpreter import Sandbox

with Sandbox.create(template=os.environ["CUBE_TEMPLATE_ID"]) as sandbox:
    result = sandbox.run_code("print('Hello from Cube Sandbox!')")
    print(result)

零迁移成本——E2B SDK 改个 URL 环境变量就行，业务逻辑不用动。从贵到死的闭源沙箱切过来，性能更好还免费。

一句话总结

腾讯云把生产环境验证过的沙箱技术开源了，AI Agent 安全执行代码再也不用在"快但不安全（Docker）"和"安全但慢（VM）"之间二选一。<60ms 冷启动 + 5MB 内存开销 + 硬件级隔离，这个组合拳打得很实在。

🧊 CubeSandbox: Tencent Cloud's 60ms Cold-Boot Sandbox — The Ultimate Code Execution Solution for AI Agents | 5.4k Stars

What Is It

CubeSandbox is a high-performance secure sandbox service open-sourced by Tencent Cloud, purpose-built for AI Agent code execution. Built on RustVMM + KVM, each Agent gets its own dedicated Guest OS kernel, with cold start < 60ms and per-instance memory overhead < 5MB.

Compare: Docker's shared-kernel isolation isn't secure enough; traditional VMs take seconds to boot. CubeSandbox can run thousands of Agents on a single node, each with hardware-level isolation — zero container escape risk.

Quick Start

git clone https://github.com/tencentcloud/CubeSandbox.git
cd CubeSandbox/dev-env
./prepare_image.sh && ./run_vm.sh

# In another terminal:
cd CubeSandbox/dev-env && ./login.sh
curl -sL https://github.com/tencentcloud/CubeSandbox/raw/master/deploy/one-click/online-install.sh | bash

import os
from e2b_code_interpreter import Sandbox

with Sandbox.create(template=os.environ["CUBE_TEMPLATE_ID"]) as sandbox:
    result = sandbox.run_code("print('Hello from Cube Sandbox!')")
    print(result)

Zero migration cost — E2B SDK drop-in replacement. Just change one URL env var.

Bottom Line

Tencent Cloud open-sourced their production-validated sandbox technology. AI Agents no longer have to choose between "fast but insecure (Docker)" and "secure but slow (VM)". 60ms cold boot + 5MB memory overhead + hardware-level isolation — that's a killer combo.