[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"tool-abshkbh--arrakis":3,"similar-abshkbh--arrakis":163},{"id":4,"github_repo":5,"name":6,"description_en":7,"description_zh":8,"ai_summary_zh":8,"readme_en":9,"readme_zh":10,"quickstart_zh":11,"use_case_zh":12,"hero_image_url":13,"owner_login":14,"owner_name":15,"owner_avatar_url":16,"owner_bio":17,"owner_company":18,"owner_location":18,"owner_email":18,"owner_twitter":18,"owner_website":18,"owner_url":19,"languages":20,"stars":41,"forks":42,"last_commit_at":43,"license":44,"difficulty_score":45,"env_os":46,"env_gpu":47,"env_ram":47,"env_deps":48,"category_tags":55,"github_topics":18,"view_count":36,"oss_zip_url":18,"oss_zip_packed_at":18,"status":58,"created_at":59,"updated_at":60,"faqs":61,"releases":62},6558,"abshkbh\u002Farrakis","arrakis","A fully customizable and self-hosted sandboxing solution for AI agent code execution and computer use. It features out-of-the-box support for backtracking, a simple REST API and Python SDK, automatic port forwarding, and secure MicroVM isolation. Perfect for safely running, testing, and backtracking multi-step agent workflows.","Arrakis 是一款专为 AI 智能体设计的全自定义、可自托管的沙箱解决方案，旨在安全地执行代码并模拟计算机操作。它核心解决了 AI 生成的代码可能包含恶意逻辑或严重漏洞，从而威胁宿主系统安全的问题；同时，针对智能体复杂的多步任务规划，提供了关键的“状态回溯”能力，允许在出错时精准恢复到之前的中间状态。\n\n这款工具非常适合需要构建、测试或部署高可靠性 AI 智能体的开发者与研究人员。无论是进行基于蒙特卡洛树搜索的复杂实验，还是调试多步骤工作流，Arrakis 都能提供稳固的基础设施支持。\n\n其技术亮点在于基于 MicroVM 的架构设计，每个沙箱都在独立的微型虚拟机中运行 Ubuntu 系统，实现了内核级的安全隔离。Arrakis 原生支持“快照与恢复”功能，能完整保留进程和文件状态，让智能体具备“时间倒流”般的试错能力。此外，它还内置了自动端口转发机制，无需额外配置即可通过 VNC 访问沙箱图形界面（包括浏览器），并提供了便捷的 REST API、Python SDK 以及 MCP 服务器接口，让人类用户或 AI 智能体都能轻松编程管理沙箱的生命周期。","![Arrakis Logo](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_readme_36d6f5389e51.png)\n\n# Arrakis\n\n[![License: AGPL v3](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-AGPL%20v3-blue.svg)](.\u002FLICENSE)\n\n## Introduction ##\n\nAI agents can generate malicious or buggy code that can attack the host system its run on. \n\nMany agents have elaborate multi-step plans to achieve their goals and benefit from the ability to backtrack to intermediate states.\n\n**Arrakis** provides a **secure**, **fully customizable**, and **self-hosted** solution to spawn and manage Sandboxes for code execution and computer use. It has out-of-the box support for backtracking via **snapshot-and-restore**.\n\n- Secure by design, each sandbox [runs in a MicroVM](#architecture-and-features).\n\n- Each sandbox runs Ubuntu inside with a code execution service and a VNC server running at boot.\n\n- A REST API, Python SDK [py-arrakis](https:\u002F\u002Fpypi.org\u002Fproject\u002Fpy-arrakis\u002F), and a [MCP server](https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis-mcp-server) let clients (both humans and AI Agents) programatically spawn sandboxes, upload files, and execute code inside each sandbox.\n\n- Automatically sets up and manages port forwarding from the self-hosted public server to the sanboxes running on it i.e. clients can easily access the sandbox GUI (including Chrome for computer use) without extra setup.\n\n- Supports **snapshot-and-restore** out of the box i.e. AI Agents can do some work, snapshot a sandbox, and later backtrack to the exact previous state by restoring the snapshot. This means any processes spawned, files modified etc. will be restored as is inside the sandbox.Useful for Monte Carlo Tree Search based agents or explainability of elaborate agent execution flows.\n\n---\n\n## Table of Contents\n\n- [Introduction](#introduction)\n- [Demo](#demo)\n- [Setup](#setup)\n  - [Prerequisites](#prerequisites)\n  - [GCP Setup](#gcp-setup)\n  - [Quick setup using prebuilts](#quick-setup-using-prebuilts)\n  - [Run the arrakis-restserver](#run-the-arrakis-restserver)\n  - [Use the CLI or py-arrakis](#use-the-cli-or-py-arrakis)\n- [Quickstart](#quickstart)\n  - [SDK](#sdk)\n  - [MCP](#mcp)\n  - [GUI For Computer Use](#gui-for-computer-use)\n  - [CLI Usage](#cli-usage)\n- [Architecture And Features](#architecture-and-features)\n- [Customization](#customization)\n- [Contribution](#contribution)\n  - [Legal Info](#legal-info)\n    - [Contributor License Agreement](#contributor-license-agreement)\n    - [License](#license)\n- [License](#license)\n\n___\n\n## Demo\n\nWatch Claude code a live Google docs clone using Arrakis via MCP. It even snapshots the sandbox to checkpoint progress.\n\n[![Arrakis Demo](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_readme_d8897df96e75.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=IZ5cAnhAdPQ)\n\n---\n\n## Setup\n\n### Prerequisites\n\n- `cloud-hypervisor` only works with `\u002Fdev\u002Fkvm` for virtualization on Linux machines. Hence, we only support Linux machines.\n\n- Check if virtualization is enabled on the host by running. \n    ```bash\n    stat \u002Fdev\u002Fkvm\n    ```\n\n### GCP Setup\n\n- Follow the instructions in [GCP Setup](.\u002Fsetup\u002Fgcp-instructions.md) to set up Arrakis on GCE VM.\n\n### Quick setup using prebuilts\n\n- You can leverage our setup.sh script and prebuilt binaries to easily set up Arrakis.\n    ```bash\n    curl -sSL https:\u002F\u002Fraw.githubusercontent.com\u002Fabshkbh\u002Farrakis\u002Fmain\u002Fsetup\u002Fsetup.sh | bash\n    ls arrakis-prebuilt\n    ```\n\n### Run the arrakis-restserver\n\n- Now we have a folder with all binaries and images pulled. We always need to run `arrakis-restserver` first.\n    ```bash\n    cd arrakis-prebuilt\n    sudo .\u002Farrakis-restserver\n    ```\n\n### Use the CLI or py-arrakis\n\n- You can use the CLI or [py-arrakis](https:\u002F\u002Fpypi.org\u002Fproject\u002Fpy-arrakis\u002F) to spawn and manage VMs.\n    ```bash\n    cd arrakis-prebuilt\n    .\u002Farrakis-client start -n agent-sandbox\n    ```\n\n---\n\n## Quickstart\n\n### SDK\n\nArrakis comes with a Python SDK [py-arrakis](https:\u002F\u002Fpypi.org\u002Fproject\u002Fpy-arrakis\u002F) that lets you spawn, manage, and interact with VMs seamlessly.\n\n- Install the SDK\n  ```bash\n  pip install py-arrakis\n  ```\n\n- Follow the instructions in [Usage](#usage) to run the `arrakis-restserver` on a Linux machine, or download pre-built binaries from the [official releases page](https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Freleases).\n\n- Use py-arrakis to interact with `arrakis-restserver`.\n\n- Run untrusted code\n  ```python\n  # Replace this with the ip:port where `arrakis-restserver` is running.\n  sandbox_manager = SandboxManager('http:\u002F\u002F127.0.0.1:7000')\n\n  # Start a new sandbox.\n  with sb as sandbox_manager.start_sandbox('agent-sandbox'):\n    sb.run_cmd('echo hello world')\n\n  # Sandbox `sb` automatically destroyed when the context is exited.\n  ```\n\n- Snapshot and restore a sandbox\n  ```python\n  # Start a sandbox and write some data to a file.\n  sandbox_name = 'agent-sandbox'\n  sandbox = sandbox_manager.start_sandbox(sandbox_name)\n  sandbox.run_cmd(\"echo 'test data before snapshot' > \u002Ftmp\u002Ftestfile\")\n  snapshot_id = sandbox.snapshot(\"initial-state\")\n  sandbox.run_cmd(\"echo 'test data after snapshot' > \u002Ftmp\u002Ftestfile\")\n\n  # Destroy the sandbox.\n  sandbox.destroy()\n\n  # Restore the sandbox from the snapshot and verify we have the same data at the time of the\n  # snapshot.\n  sandbox = sandbox_manager.restore(sandbox_name, snapshot_id)\n  result = sandbox.run_cmd(\"cat \u002Ftmp\u002Ftestfile\")\n  # result[\"output\"] should be \"test data before snapshot\".\n  ```\n\n___\n\n### MCP\n\n- Arrakis also comes with a [MCP server](https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis-mcp-server) that lets MCP clients like Claude Desktop App, Windsurf, Cursor etc.. spawn and manage sandboxes.\n\n- Here is a sample `claude_desktop_config.json`\n  ```json\n  {\n      \"mcpServers\": {\n        \"arrakis\": {\n            \"command\": \"\u002FUsers\u002Fusername\u002F.local\u002Fbin\u002Fuv\",\n            \"args\": [\n                \"--directory\",\n                \"\u002FUsers\u002Fusername\u002FDocuments\u002Fprojects\u002Farrakis-mcp-server\",\n                \"run\",\n                \"arrakis_mcp_server.py\"\n            ]\n        }\n      }\n  }\n  ```\n\n___\n\n### GUI For Computer Use\n\n![Arrakis GUI](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_readme_4435ac27f1f7.png)\n\n- Every sandbox comes with a VNC server running at boot. It also comes with Chrome pre-installed.\n\n- Arrakis also handles port forwarding to expose the VNC server via a port on the dev server running `arrakis-restserver`.\n\n- Start a sandbox and get metadata about the sandbox including the VNC connection details.\n\n  ```python\n  # Replace this with the ip:port where `arrakis-restserver` is running.\n  sandbox_manager = SandboxManager('http:\u002F\u002F127.0.0.1:7000')\n  sb = sandbox_manager.start_sandbox('agent-sandbox')\n  print(sb.info())\n  ```\n\n- We can get the VNC connection details from the `port_forwards` field in the response. The VNC server is represented by the description `gui` in a port forward entry. We will use the `host_port` field to connect to the VNC server.\n  ```bash\n  {\n    'name': 'agent-sandbox',\n    'status': 'RUNNING',\n    'ip': '10.20.1.2\u002F24',\n    'tap_device_name': 'tap0',\n    'port_forwards': [{'host_port': '3000', 'guest_port': '5901', 'description': 'gui'}]\n  }\n  ```\n\n- Use any [VNC client](https:\u002F\u002Fgithub.com\u002Fnovnc\u002FnoVNC) to connect to the VNC server to access the GUI.\n  ```bash\n  # We see port 3000 is the host port forwarded to the VNC server running inside the sandbox.\n  .\u002Futils\u002Fnovnc_proxy --vnc \u003Cdev-server-ip>:3000\n  ```\n___\n\n### CLI Usage\n\n- Arrakis comes with an out-of-the-box CLI client that you can use to spawn and manage VMs.\n\n- Start **arrakis-restserver** as detailed in the [Setup](#setup) section.\n\n- In a separate shell we will use the CLI client to create and manage VMs.\n\n- Start a VM named `foo`. It returns metadata about the VM which could be used to interacting with the VM.\n  ```bash\n  .\u002Fout\u002Farrakis-client start -n foo\n  ```\n  \n  ```bash\n  started VM: {\"codeServerPort\":\"\",\"ip\":\"10.20.1.2\u002F24\",\"status\":\"RUNNING\",\"tapDeviceName\":\"tap-foo\",\"vmName\":\"foo\"}\n  ```\n\n- SSH into the VM.\n  - ssh credentials are configured [here](.\u002Fresources\u002Fscripts\u002Frootfs\u002FDockerfile#L6).\n  ```bash\n  # Use the IP returned. Password is \"elara0000\"\n  ssh elara@10.20.1.2\n  ```\n\n- Inspecting a VM named `foo`.\n  ```bash\n  .\u002Fout\u002Farrakis-client list -n foo\n  ```\n\n  ```bash\n  VM: {\"ip\":\"10.20.1.2\u002F24\",\"status\":\"RUNNING\",\"tapDeviceName\":\"tap-foo\",\"vmName\":\"foo\"}\n  ```\n\n- List all the VMs.\n  ```bash\n  .\u002Fout\u002Farrakis-client list-all\n  ```\n\n  ```bash\n  VMs: {\"vms\":[{\"ip\":\"10.20.1.2\u002F24\",\"status\":\"RUNNING\",\"tapDeviceName\":\"tap-foo\",\"vmName\":\"foo\"}]}\n  ```\n\n- Stop the VM.\n  ```bash\n  .\u002Fout\u002Farrakis-client stop -n foo\n  ```\n\n- Destroy the VM.\n  ```bash\n  .\u002Fout\u002Farrakis-client destroy -n foo\n  ```\n\n- Snapshotting and Restoring the VM.\n  - We support snapshotting the VM and then using the snapshot to restore the VM. Currently, we restore the VM to use the same IP as the original VM. If you plan to restore the VM on the same host then either stop or destroy the original VM before restoring. In the future this won't be a constraint.\n  ```bash\n  .\u002Fout\u002Farrakis-client snapshot -n foo-original -o foo-snapshot\n  ```\n\n  ```bash\n  .\u002Fout\u002Farrakis-client destroy -n foo-original -o foo-snapshot\n  ```\n\n  ```bash\n  .\u002Fout\u002Farrakis-client restore -n foo-original --snapshot foo-snapshot\n  ```\n\n---\n\n## Architecture And Features\n\n![High Level Architecture Diagram](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_readme_a60e6e77dc60.png)\n\n`arrakis` includes the following services and features\n\n- **REST API**\n  - **arrakis-restserver**\n    - A daemon that exposes a REST API to *start*, *stop*, *destroy*, *list-all* VMs. Every VM started is managed by this server i.e. the lifetime of each VM is tied to the lifetime of this daemon.\n    - The api is present at [api\u002Fserver-api.yaml](.\u002Fapi\u002Fserver-api.yaml).\n    - [Code](.\u002Fcmd\u002Frestserver)\n  - **arrakis-client**\n    - A Golang CLI that you can use to interact with **arrakis-restserver** to spawn and manage VMs.\n    - [Code](.\u002Fcmd\u002Fclient)\n\n- **Python SDK**\n  - Checkout out the official Python SDK - [py-arrakis](https:\u002F\u002Fpypi.org\u002Fproject\u002Fpy-arrakis\u002F)\n\n- **Security**\n  - Each sandbox runs in a MicroVM.\n    - MicroVMs are lightweight Virtual Machines (compared to traditional VMs) powered by Rust based Virtual Machine Managers such as [firecracker](https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker) and [cloud-hypervisor](https:\u002F\u002Fgithub.com\u002Fcloud-hypervisor\u002Fcloud-hypervisor).\n    - **Arrakis** uses [cloud-hypervisor](https:\u002F\u002Fgithub.com\u002Fcloud-hypervisor\u002Fcloud-hypervisor) as the VMM.\n  - Any untrusted code executed within the sandbox is isolated from the host machine as well as other agents.\n  - We use overlayfs to also protect the root filesystem of each sandbox.\n\n- **Customization**\n  - Dockerfile based rootfs customization.\n    - Easily add packages and binaries to your VM's rootfs by manipulating a [Dockerfile](.\u002Fresources\u002Fscripts\u002Frootfs\u002FDockerfile).\n  - Out of the box networking setup for the guest.\n    - Each sandbox gets a tap device that gets added to a Linux bridge on the host.\n    - ssh access to the sandbox.\n  - Prebuilt Linux kernel for the sandbox\n    - Or pass your own kernel to **arrakis-client** while starting VMs.\n\n---\n\n## Customization\n\n- [Detailed README](.\u002Fdocs\u002Fdetailed-README.md) goes over how to customize the default packages and binaries running in a sandbox.\n\n---\n\n## Contribution\n\nThank you for considering contributing to **arrakis**! 🎉\n\nFeel free to open a PR. A detailed contribution guide is going to be available soon.\n\n## Legal Info\n\n### Contributor License Agreement\n\nIn order for us to accept patches and other contributions from you, you need to adopt our Arrakis Contributor License Agreement (the \"**CLA**\"). Please drop a line at abshkbh@gmail.com to start this process.\n\nArrakis uses a tool called CLA Assistant to help us keep track of the CLA status of contributors. CLA Assistant will post a comment to your pull request indicating whether you have signed the CLA or not. If you have not signed the CLA, you will need to do so before we can accept your contribution. Signing the CLA would be one-time process, is valid for all future contributions to Arrakis, and can be done in under a minute by signing in with your GitHub account.\n\n\n### License\n\nBy contributing to Arrakis, you agree that your contributions will be licensed under the [GNU Affero General Public License v3.0](LICENSE) and as commercial software.\n\n---\n\n## License\n\nThis project is licensed under the [GNU Affero General Public License v3.0](.\u002FLICENSE). For commercial licensing, please drop a line at abshkbh@gmail.com.\n\n---\n","![阿拉基斯Logo](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_readme_36d6f5389e51.png)\n\n# 阿拉基斯\n\n[![许可证：AGPL v3](https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FLicense-AGPL%20v3-blue.svg)](.\u002FLICENSE)\n\n## 简介 ##\n\nAI智能体可能会生成恶意或存在漏洞的代码，从而攻击其运行的宿主系统。\n\n许多智能体拥有复杂的多步计划来实现目标，并且能够回溯到中间状态以从中继续执行。\n\n**阿拉基斯**提供了一个**安全**、**完全可定制**且**自托管**的解决方案，用于创建和管理用于代码执行及计算机使用的沙箱环境。它开箱即用地支持通过**快照与恢复**功能进行回溯。\n\n- 设计上确保安全，每个沙箱都[运行在微型虚拟机中](#architecture-and-features)。\n- 每个沙箱启动时会运行Ubuntu系统，并内置代码执行服务和VNC服务器。\n- 通过REST API、Python SDK [py-arrakis](https:\u002F\u002Fpypi.org\u002Fproject\u002Fpy-arrakis\u002F)以及一个[MCP服务器](https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis-mcp-server)，客户端（包括人类和AI智能体）可以编程方式创建沙箱、上传文件并在其中执行代码。\n- 自动设置并管理从自托管公共服务器到运行在其上的沙箱的端口转发，即客户端无需额外配置即可轻松访问沙箱的图形界面（包括用于计算机操作的Chrome浏览器）。\n- 开箱即用支持**快照与恢复**功能，这意味着AI智能体可以在完成部分工作后对沙箱进行快照保存，随后通过恢复快照回到之前的确切状态。这样，沙箱内任何已启动的进程、修改过的文件等都会被原样恢复。这对于基于蒙特卡洛树搜索的智能体或需要解释复杂执行流程的场景非常有用。\n\n---\n\n## 目录\n\n- [简介](#introduction)\n- [演示](#demo)\n- [设置](#setup)\n  - [先决条件](#prerequisites)\n  - [GCP设置](#gcp-setup)\n  - [使用预构建版本快速设置](#quick-setup-using-prebuilts)\n  - [运行arrakis-restserver](#run-the-arrakis-restserver)\n  - [使用CLI或py-arrakis](#use-the-cli-or-py-arrakis)\n- [快速入门](#quickstart)\n  - [SDK](#sdk)\n  - [MCP](#mcp)\n  - [用于计算机操作的GUI](#gui-for-computer-use)\n  - [CLI使用方法](#cli-usage)\n- [架构与特性](#architecture-and-features)\n- [定制化](#customization)\n- [贡献](#contribution)\n  - [法律信息](#legal-info)\n    - [贡献者许可协议](#contributor-license-agreement)\n    - [许可证](#license)\n- [许可证](#license)\n\n___\n\n## 演示\n\n观看Claude如何通过MCP利用阿拉基斯实时编写Google Docs克隆版。它甚至会对沙箱进行快照以记录进度。\n\n[![阿拉基斯演示](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_readme_d8897df96e75.jpg)](https:\u002F\u002Fwww.youtube.com\u002Fwatch?v=IZ5cAnhAdPQ)\n\n---\n\n## 设置\n\n### 先决条件\n\n- `cloud-hypervisor`仅在Linux机器上使用`\u002Fdev\u002Fkvm`进行虚拟化时才能正常工作。因此，我们仅支持Linux操作系统。\n- 请通过以下命令检查主机是否已启用虚拟化：\n    ```bash\n    stat \u002Fdev\u002Fkvm\n    ```\n\n### GCP设置\n\n- 请按照[GCP设置](.\u002Fsetup\u002Fgcp-instructions.md)中的说明，在GCE虚拟机上设置阿拉基斯。\n\n### 使用预构建版本快速设置\n\n- 您可以利用我们的`setup.sh`脚本和预编译的二进制文件轻松设置阿拉基斯。\n    ```bash\n    curl -sSL https:\u002F\u002Fraw.githubusercontent.com\u002Fabshkbh\u002Farrakis\u002Fmain\u002Fsetup\u002Fsetup.sh | bash\n    ls arrakis-prebuilt\n    ```\n\n### 运行arrakis-restserver\n\n- 现在我们已经有一个包含所有二进制文件和镜像的文件夹。我们需要首先运行`arrakis-restserver`。\n    ```bash\n    cd arrakis-prebuilt\n    sudo .\u002Farrakis-restserver\n    ```\n\n### 使用CLI或py-arrakis\n\n- 您可以使用CLI或[py-arrakis](https:\u002F\u002Fpypi.org\u002Fproject\u002Fpy-arrakis\u002F)来创建和管理虚拟机。\n    ```bash\n    cd arrakis-prebuilt\n    .\u002Farrakis-client start -n agent-sandbox\n    ```\n\n---\n\n## 快速入门\n\n### SDK\n\n阿拉基斯附带一个Python SDK [py-arrakis](https:\u002F\u002Fpypi.org\u002Fproject\u002Fpy-arrakis\u002F)，使您能够无缝地创建、管理和与虚拟机交互。\n\n- 安装SDK\n  ```bash\n    pip install py-arrakis\n  ```\n\n- 按照[使用说明](#usage)在Linux机器上运行`arrakis-restserver`，或者从[官方发布页面](https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Freleases)下载预编译的二进制文件。\n- 使用py-arrakis与`arrakis-restserver`交互。\n- 运行不受信任的代码\n  ```python\n  # 将此处替换为`arrakis-restserver`运行的IP地址和端口。\n  sandbox_manager = SandboxManager('http:\u002F\u002F127.0.0.1:7000')\n\n  # 启动一个新的沙箱。\n  with sb as sandbox_manager.start_sandbox('agent-sandbox'):\n    sb.run_cmd('echo hello world')\n\n  # 当退出上下文时，沙箱`sb`会自动销毁。\n  ```\n\n- 对沙箱进行快照和恢复\n  ```python\n  # 启动一个沙箱并向文件中写入一些数据。\n  sandbox_name = 'agent-sandbox'\n  sandbox = sandbox_manager.start_sandbox(sandbox_name)\n  sandbox.run_cmd(\"echo 'test data before snapshot' > \u002Ftmp\u002Ftestfile\")\n  snapshot_id = sandbox.snapshot(\"initial-state\")\n  sandbox.run_cmd(\"echo 'test data after snapshot' > \u002Ftmp\u002Ftestfile\")\n\n  # 销毁沙箱。\n  sandbox.destroy()\n\n  # 从快照中恢复沙箱，并验证我们是否仍保留了快照时的数据。\n  sandbox = sandbox_manager.restore(sandbox_name, snapshot_id)\n  result = sandbox.run_cmd(\"cat \u002Ftmp\u002Ftestfile\")\n  # result[\"output\"]应为“test data before snapshot”。\n  ```\n\n___\n\n### MCP\n\n- 阿拉基斯还配备了一个[MCP服务器](https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis-mcp-server)，允许Claude Desktop App、Windsurf、Cursor等MCP客户端创建和管理沙箱。\n- 以下是一个`claude_desktop_config.json`示例：\n  ```json\n  {\n      \"mcpServers\": {\n        \"arrakis\": {\n            \"command\": \"\u002FUsers\u002Fusername\u002F.local\u002Fbin\u002Fuv\",\n            \"args\": [\n                \"--directory\",\n                \"\u002FUsers\u002Fusername\u002FDocuments\u002Fprojects\u002Farrakis-mcp-server\",\n                \"run\",\n                \"arrakis_mcp_server.py\"\n            ]\n        }\n      }\n  }\n  ```\n\n___\n\n### 用于计算机的 GUI\n\n![Arrakis GUI](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_readme_4435ac27f1f7.png)\n\n- 每个沙箱在启动时都会运行一个 VNC 服务器。此外，它还预装了 Chrome 浏览器。\n\n- Arrakis 还会处理端口转发，以便通过运行 `arrakis-restserver` 的开发服务器上的某个端口暴露 VNC 服务器。\n\n- 启动一个沙箱，并获取关于该沙箱的元数据，包括 VNC 连接详情。\n\n  ```python\n  # 将此处替换为运行 `arrakis-restserver` 的 IP:端口。\n  sandbox_manager = SandboxManager('http:\u002F\u002F127.0.0.1:7000')\n  sb = sandbox_manager.start_sandbox('agent-sandbox')\n  print(sb.info())\n  ```\n\n- 我们可以从响应中的 `port_forwards` 字段获取 VNC 连接详情。VNC 服务器在端口转发条目中以描述 `gui` 表示。我们将使用 `host_port` 字段来连接到 VNC 服务器。\n  ```bash\n  {\n    'name': 'agent-sandbox',\n    'status': 'RUNNING',\n    'ip': '10.20.1.2\u002F24',\n    'tap_device_name': 'tap0',\n    'port_forwards': [{'host_port': '3000', 'guest_port': '5901', 'description': 'gui'}]\n  }\n  ```\n\n- 使用任何 [VNC 客户端](https:\u002F\u002Fgithub.com\u002Fnovnc\u002FnoVNC) 连接到 VNC 服务器以访问 GUI。\n  ```bash\n  # 我们可以看到端口 3000 是转发到沙箱内运行的 VNC 服务器的主机端口。\n  .\u002Futils\u002Fnovnc_proxy --vnc \u003Cdev-server-ip>:3000\n  ```\n___\n\n### CLI 使用\n\n- Arrakis 自带一个开箱即用的 CLI 客户端，可用于启动和管理虚拟机。\n\n- 按照[设置](#setup)部分的说明启动 **arrakis-restserver**。\n\n- 在另一个终端中，我们将使用 CLI 客户端来创建和管理虚拟机。\n\n- 启动一个名为 `foo` 的虚拟机。它会返回有关该虚拟机的元数据，可用于与虚拟机交互。\n  ```bash\n  .\u002Fout\u002Farrakis-client start -n foo\n  ```\n  \n  ```bash\n  已启动虚拟机：{\"codeServerPort\":\"\",\"ip\":\"10.20.1.2\u002F24\",\"status\":\"RUNNING\",\"tapDeviceName\":\"tap-foo\",\"vmName\":\"foo\"}\n  ```\n\n- 通过 SSH 登录到虚拟机。\n  - SSH 凭据已在 [这里](.\u002Fresources\u002Fscripts\u002Frootfs\u002FDockerfile#L6) 配置。\n  ```bash\n  # 使用返回的 IP 地址。密码为 \"elara0000\"\n  ssh elara@10.20.1.2\n  ```\n\n- 检查名为 `foo` 的虚拟机。\n  ```bash\n  .\u002Fout\u002Farrakis-client list -n foo\n  ```\n\n  ```bash\n  虚拟机：{\"ip\":\"10.20.1.2\u002F24\",\"status\":\"RUNNING\",\"tapDeviceName\":\"tap-foo\",\"vmName\":\"foo\"}\n  ```\n\n- 列出所有虚拟机。\n  ```bash\n  .\u002Fout\u002Farrakis-client list-all\n  ```\n\n  ```bash\n  虚拟机：{\"vms\":[{\"ip\":\"10.20.1.2\u002F24\",\"status\":\"RUNNING\",\"tapDeviceName\":\"tap-foo\",\"vmName\":\"foo\"}]}\n  ```\n\n- 停止虚拟机。\n  ```bash\n  .\u002Fout\u002Farrakis-client stop -n foo\n  ```\n\n- 销毁虚拟机。\n  ```bash\n  .\u002Fout\u002Farrakis-client destroy -n foo\n  ```\n\n- 虚拟机的快照与恢复。\n  - 我们支持对虚拟机进行快照，然后使用该快照恢复虚拟机。目前，我们会将恢复后的虚拟机配置为与原始虚拟机相同的 IP 地址。如果计划在同一台主机上恢复虚拟机，请在恢复之前先停止或销毁原始虚拟机。未来这一限制将被解除。\n  ```bash\n  .\u002Fout\u002Farrakis-client snapshot -n foo-original -o foo-snapshot\n  ```\n\n  ```bash\n  .\u002Fout\u002Farrakis-client destroy -n foo-original -o foo-snapshot\n  ```\n\n  ```bash\n  .\u002Fout\u002Farrakis-client restore -n foo-original --snapshot foo-snapshot\n  ```\n\n---\n\n## 架构与特性\n\n![高层架构图](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_readme_a60e6e77dc60.png)\n\n`arrakis` 包含以下服务和特性：\n\n- **REST API**\n  - **arrakis-restserver**\n    - 一个守护进程，提供 REST API 用于*启动*、*停止*、*销毁*、*列出所有*虚拟机。每个启动的虚拟机都由该服务器管理，即每个虚拟机的生命周期与该守护进程的生命周期绑定。\n    - API 文档位于 [api\u002Fserver-api.yaml](.\u002Fapi\u002Fserver-api.yaml)。\n    - [代码](.\u002Fcmd\u002Frestserver)\n  - **arrakis-client**\n    - 一个 Golang 命令行工具，可用于与 **arrakis-restserver** 交互，从而启动和管理虚拟机。\n    - [代码](.\u002Fcmd\u002Fclient)\n\n- **Python SDK**\n  - 查看官方 Python SDK - [py-arrakis](https:\u002F\u002Fpypi.org\u002Fproject\u002Fpy-arrakis\u002F)\n\n- **安全性**\n  - 每个沙箱都在一个微型虚拟机中运行。\n    - 微型虚拟机是轻量级的虚拟机（与传统虚拟机相比），由基于 Rust 的虚拟机管理程序驱动，例如 [firecracker](https:\u002F\u002Fgithub.com\u002Ffirecracker-microvm\u002Ffirecracker) 和 [cloud-hypervisor](https:\u002F\u002Fgithub.com\u002Fcloud-hypervisor\u002Fcloud-hypervisor)。\n    - **Arrakis** 使用 [cloud-hypervisor](https:\u002F\u002Fgithub.com\u002Fcloud-hypervisor\u002Fcloud-hypervisor) 作为虚拟机管理程序。\n  - 沙箱内执行的任何不受信任的代码都与宿主机以及其他代理隔离。\n  - 我们还使用 overlayfs 来保护每个沙箱的根文件系统。\n\n- **定制化**\n  - 基于 Dockerfile 的根文件系统定制。\n    - 通过修改 [Dockerfile](.\u002Fresources\u002Fscripts\u002Frootfs\u002FDockerfile) 可以轻松地向您的虚拟机根文件系统添加软件包和二进制文件。\n  - 开箱即用的客户机网络设置。\n    - 每个沙箱都会获得一个 tap 设备，并将其添加到宿主机上的 Linux 网桥中。\n    - 提供对沙箱的 SSH 访问权限。\n  - 沙箱的预构建 Linux 内核。\n    - 或者在启动虚拟机时将您自己的内核传递给 **arrakis-client**。\n\n---\n\n## 定制化\n\n- [详细 README](.\u002Fdocs\u002Fdetailed-README.md) 介绍了如何自定义沙箱中默认运行的软件包和二进制文件。\n\n---\n\n## 贡献\n\n感谢您考虑为 **arrakis** 做出贡献！🎉\n\n欢迎随时提交 PR。详细的贡献指南即将发布。\n\n## 法律信息\n\n### 贡献者许可协议\n\n为了使我们能够接受来自您的补丁和其他贡献，您需要签署我们的 Arrakis 贡献者许可协议（简称“**CLA**”）。请发送邮件至 abshkbh@gmail.com 以开始此流程。\n\nArrakis 使用名为 CLA Assistant 的工具来跟踪贡献者的 CLA 状态。CLA Assistant 会在您的拉取请求中发表评论，表明您是否已签署 CLA。如果您尚未签署 CLA，则需要在我们接受您的贡献之前完成签署。签署 CLA 是一次性的过程，对您今后对 Arrakis 的所有贡献均有效，并且只需一分钟左右的时间，即可通过 GitHub 账户登录完成签署。\n\n\n### 许可证\n\n通过为 Arrakis 做出贡献，您同意您的贡献将根据 [GNU Affero 通用公共许可证 v3.0](LICENSE) 授权，并被视为商业软件。\n\n---\n\n## 许可证\n\n本项目根据 [GNU Affero 通用公共许可证 v3.0](.\u002FLICENSE) 授权。如需商业授权，请发送邮件至 abshkbh@gmail.com。\n\n---","# Arrakis 快速上手指南\n\nArrakis 是一个安全、可完全自定义且支持自托管的 AI 沙箱管理工具。它基于 MicroVM 技术，为 AI Agent 提供隔离的代码执行环境，并原生支持“快照与恢复”功能，便于 Agent 进行多步规划回溯。\n\n## 环境准备\n\n### 系统要求\n- **操作系统**：仅支持 **Linux**。\n- **虚拟化支持**：宿主机器必须开启虚拟化功能并拥有 `\u002Fdev\u002Fkvm` 设备。\n  - 检查命令：\n    ```bash\n    stat \u002Fdev\u002Fkvm\n    ```\n  - 如果报错，请在 BIOS\u002FUEFI 中开启 VT-x\u002FAMD-V 支持。\n\n### 前置依赖\n- 确保已安装 `curl` 和 `bash`。\n- 需要 `sudo` 权限以运行服务。\n\n## 安装步骤\n\n推荐使用官方提供的预构建脚本进行快速部署，该脚本会自动下载二进制文件和所需镜像。\n\n1. **运行安装脚本**\n   ```bash\n   curl -sSL https:\u002F\u002Fraw.githubusercontent.com\u002Fabshkbh\u002Farrakis\u002Fmain\u002Fsetup\u002Fsetup.sh | bash\n   ```\n\n2. **验证安装**\n   安装完成后，当前目录下会生成 `arrakis-prebuilt` 文件夹：\n   ```bash\n   ls arrakis-prebuilt\n   ```\n\n3. **启动 REST 服务**\n   进入目录并启动核心服务（需 sudo 权限）：\n   ```bash\n   cd arrakis-prebuilt\n   sudo .\u002Farrakis-restserver\n   ```\n   *保持该终端窗口运行，服务默认监听在 `http:\u002F\u002F127.0.0.1:7000`。*\n\n## 基本使用\n\n你可以通过 Python SDK、CLI 命令行或 MCP 协议与 Arrakis 交互。以下展示最常用的两种方式。\n\n### 方式一：使用 Python SDK (推荐)\n\n适合集成到 AI Agent 代码中，支持上下文管理和自动资源清理。\n\n1. **安装 SDK**\n   ```bash\n   pip install py-arrakis\n   ```\n\n2. **运行示例代码**\n   创建一个名为 `agent-sandbox` 的沙箱，执行命令并自动销毁：\n\n   ```python\n   from py_arrakis import SandboxManager\n\n   # 连接本地服务\n   sandbox_manager = SandboxManager('http:\u002F\u002F127.0.0.1:7000')\n\n   # 启动沙箱并执行命令 (上下文退出后自动销毁)\n   with sandbox_manager.start_sandbox('agent-sandbox') as sb:\n       result = sb.run_cmd('echo hello world')\n       print(result)\n\n   # 快照与恢复示例\n   sandbox = sandbox_manager.start_sandbox('persistent-agent')\n   sandbox.run_cmd(\"echo 'data_before' > \u002Ftmp\u002Ftest.txt\")\n   \n   # 创建快照\n   snapshot_id = sandbox.snapshot(\"checkpoint-v1\")\n   \n   # 修改数据\n   sandbox.run_cmd(\"echo 'data_after' > \u002Ftmp\u002Ftest.txt\")\n   \n   # 销毁当前实例\n   sandbox.destroy()\n   \n   # 从快照恢复，数据将回到 'data_before' 状态\n   restored_sb = sandbox_manager.restore('persistent-agent', snapshot_id)\n   print(restored_sb.run_cmd(\"cat \u002Ftmp\u002Ftest.txt\"))\n   ```\n\n### 方式二：使用 CLI 命令行\n\n适合手动调试和管理虚拟机。\n\n1. **启动沙箱**\n   在新终端中进入安装目录：\n   ```bash\n   cd arrakis-prebuilt\n   .\u002Farrakis-client start -n my-sandbox\n   ```\n   *输出将包含沙箱的 IP 地址（例如 `10.20.1.2`）。*\n\n2. **SSH 连接**\n   默认用户名为 `elara`，密码为 `elara0000`：\n   ```bash\n   ssh elara@\u003C上面输出的 IP 地址>\n   # 例如：ssh elara@10.20.1.2\n   ```\n\n3. **查看状态与管理**\n   ```bash\n   # 查看特定沙箱信息\n   .\u002Farrakis-client list -n my-sandbox\n\n   # 列出所有沙箱\n   .\u002Farrakis-client list-all\n\n   # 创建快照\n   .\u002Farrakis-client snapshot -n my-sandbox -o my-snapshot\n\n   # 停止沙箱\n   .\u002Farrakis-client stop -n my-sandbox\n\n   # 彻底销毁沙箱\n   .\u002Farrakis-client destroy -n my-sandbox\n   ```\n\n### 访问图形界面 (GUI)\n\n每个沙箱启动时都会运行 VNC 服务器并预装 Chrome 浏览器。\n1. 调用 `sb.info()` (SDK) 或 `list` (CLI) 获取 `port_forwards` 信息。\n2. 找到描述为 `gui` 的条目，记录其 `host_port` (例如 `3000`)。\n3. 使用 VNC 客户端连接 `\u003C宿主机 IP>:\u003Chost_port>` 即可看到桌面环境。","某自动驾驶研发团队正在开发一个具备多步规划能力的 AI 代理，用于在虚拟环境中自动执行复杂的驾驶测试脚本并分析异常数据。\n\n### 没有 arrakis 时\n- **主机安全风险高**：AI 生成的测试代码若包含恶意逻辑或严重 Bug，极易直接破坏宿主机系统文件或窃取敏感数据。\n- **调试回溯困难**：当多步测试流程在第 10 步失败时，无法快速还原到第 5 步的中间状态，只能重新从头运行，浪费大量算力与时间。\n- **环境隔离复杂**：为每个测试任务手动配置独立的虚拟机或容器极其繁琐，且难以统一管理网络端口映射，导致远程访问测试界面（如 VNC）配置耗时。\n- **并发管理混乱**：缺乏统一的 API 接口来程序化地批量生成和销毁隔离环境，难以支持大规模并行测试需求。\n\n### 使用 arrakis 后\n- **微虚拟机强隔离**：arrakis 基于 MicroVM 技术为每个任务启动独立的 Ubuntu 沙箱，即使代码失控也仅局限在沙箱内，彻底保障宿主机安全。\n- **快照即时回滚**：利用内置的“快照 - 恢复”机制，AI 可在关键步骤自动存档；一旦后续步骤出错，能秒级还原至之前的精确状态（包括内存和进程），极大加速调试。\n- **自动化网络穿透**：arrakis 自动处理端口转发，开发人员无需额外配置即可通过 REST API 或 SDK 直接访问沙箱内的图形界面（如 Chrome 浏览器）进行实时观察。\n- **标准化敏捷调度**：通过 Python SDK 或 MCP 服务器，团队可轻松编写脚本批量创建、上传文件并执行代码，实现了测试流程的全自动化编排。\n\narrakis 通过安全的微虚拟机隔离与原生的快照回溯能力，让高风险的 AI 自主代码执行变得可控、可逆且高效。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Fabshkbh_arrakis_9bbff849.png","abshkbh","Abhishek Bhardwaj","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Fabshkbh_9b856769.jpg","OS x Infra x AI Engineering\r\n\r\nhttps:\u002F\u002Fwww.linkedin.com\u002Fin\u002Fabshkbh\u002F\r\nhttps:\u002F\u002Fx.com\u002Fabshkbh",null,"https:\u002F\u002Fgithub.com\u002Fabshkbh",[21,25,29,33,37],{"name":22,"color":23,"percentage":24},"Go","#00ADD8",86.6,{"name":26,"color":27,"percentage":28},"Shell","#89e051",6.9,{"name":30,"color":31,"percentage":32},"Dockerfile","#384d54",2.9,{"name":34,"color":35,"percentage":36},"Makefile","#427819",2,{"name":38,"color":39,"percentage":40},"Python","#3572A5",1.5,801,78,"2026-04-10T11:24:33","AGPL-3.0",4,"Linux","未说明",{"notes":49,"python":50,"dependencies":51},"1. 仅支持 Linux 系统，因为底层虚拟化技术 cloud-hypervisor 依赖 \u002Fdev\u002Fkvm 接口。\n2. 宿主机器必须开启硬件虚拟化支持 (可通过 `stat \u002Fdev\u002Fkvm` 检查)。\n3. 每个沙箱运行一个完整的 Ubuntu MicroVM，内置 VNC 服务和 Chrome 浏览器，资源消耗取决于同时运行的沙箱数量。\n4. 提供预编译二进制文件，可通过脚本快速部署。","未说明 (需安装 py-arrakis SDK)",[52,53,54],"cloud-hypervisor","py-arrakis","Docker (用于构建 rootfs)",[56,57],"Agent","开发框架","ready","2026-03-27T02:49:30.150509","2026-04-11T17:40:52.768090",[],[63,68,73,78,83,88,93,98,103,108,113,118,123,128,133,138,143,148,153,158],{"id":64,"version":65,"summary_zh":66,"released_at":67},206169,"release-36","## 变更内容\n* 在当前 Ubuntu 24.04 的软件源中，选择特定的 netcat 版本以避免错误。由 @igorhvr 在 https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fpull\u002F2 中完成。\n\n## 新贡献者\n* @igorhvr 在 https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fpull\u002F2 中完成了首次贡献。\n\n**完整变更日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-34...release-36","2025-06-02T17:54:21",{"id":69,"version":70,"summary_zh":71,"released_at":72},206170,"release-34","**完整更新日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-33...release-34","2025-05-27T04:44:40",{"id":74,"version":75,"summary_zh":76,"released_at":77},206171,"release-33","**完整更新日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-31...release-33","2025-05-27T03:49:44",{"id":79,"version":80,"summary_zh":81,"released_at":82},206172,"release-31","**完整更新日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-30...release-31","2025-05-26T17:39:02",{"id":84,"version":85,"summary_zh":86,"released_at":87},206173,"release-30","**完整更新日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-29...release-30","2025-05-26T16:55:03",{"id":89,"version":90,"summary_zh":91,"released_at":92},206174,"release-29","**完整更新日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-28...release-29","2025-05-26T15:44:08",{"id":94,"version":95,"summary_zh":96,"released_at":97},206175,"release-28","**完整更新日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-27...release-28","2025-05-26T07:42:32",{"id":99,"version":100,"summary_zh":101,"released_at":102},206176,"release-27","**完整更新日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-26...release-27","2025-05-26T06:31:02",{"id":104,"version":105,"summary_zh":106,"released_at":107},206177,"release-26","**完整更新日志**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-25...release-26","2025-04-15T05:31:40",{"id":109,"version":110,"summary_zh":111,"released_at":112},206178,"release-25","**完整变更日志**：https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-24...release-25","2025-04-13T21:06:10",{"id":114,"version":115,"summary_zh":116,"released_at":117},206179,"release-24","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-22...release-24","2025-04-13T20:57:09",{"id":119,"version":120,"summary_zh":121,"released_at":122},206180,"release-23","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-20...release-23","2025-04-13T20:42:23",{"id":124,"version":125,"summary_zh":126,"released_at":127},206181,"release-22","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-20...release-22","2025-04-13T20:39:18",{"id":129,"version":130,"summary_zh":131,"released_at":132},206182,"release-20","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-18...release-20","2025-04-13T20:28:04",{"id":134,"version":135,"summary_zh":136,"released_at":137},206183,"release-18","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-17...release-18","2025-04-13T19:01:38",{"id":139,"version":140,"summary_zh":141,"released_at":142},206184,"release-17","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-16...release-17","2025-04-13T18:52:13",{"id":144,"version":145,"summary_zh":146,"released_at":147},206185,"release-16","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-15...release-16","2025-04-13T18:45:31",{"id":149,"version":150,"summary_zh":151,"released_at":152},206186,"release-15","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-14...release-15","2025-04-13T18:38:20",{"id":154,"version":155,"summary_zh":156,"released_at":157},206187,"release-14","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-13...release-14","2025-04-13T18:29:34",{"id":159,"version":160,"summary_zh":161,"released_at":162},206188,"release-13","**Full Changelog**: https:\u002F\u002Fgithub.com\u002Fabshkbh\u002Farrakis\u002Fcompare\u002Frelease-12...release-13","2025-04-11T17:48:08",[164,175,183,192,200,209],{"id":165,"name":166,"github_repo":167,"description_zh":168,"stars":169,"difficulty_score":170,"last_commit_at":171,"category_tags":172,"status":58},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手，旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚，能够直接接入你日常使用的各类通讯渠道，包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息，OpenClaw 都能即时响应，甚至支持在 macOS、iOS 和 Android 设备上进行语音交互，并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地，用户无需依赖云端服务即可享受快速、私密的智能辅助，真正实现了“你的数据，你做主”。其独特的技术亮点在于强大的网关架构，将控制平面与核心助手分离，确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者，以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力（支持 macOS、Linux 及 Windows WSL2），即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[56,57,173,174],"图像","数据工具",{"id":176,"name":177,"github_repo":178,"description_zh":179,"stars":180,"difficulty_score":170,"last_commit_at":181,"category_tags":182,"status":58},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[57,173,56],{"id":184,"name":185,"github_repo":186,"description_zh":187,"stars":188,"difficulty_score":36,"last_commit_at":189,"category_tags":190,"status":58},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",150037,"2026-04-10T23:33:47",[57,56,191],"语言模型",{"id":193,"name":194,"github_repo":195,"description_zh":196,"stars":197,"difficulty_score":36,"last_commit_at":198,"category_tags":199,"status":58},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",108322,"2026-04-10T11:39:34",[57,173,56],{"id":201,"name":202,"github_repo":203,"description_zh":204,"stars":205,"difficulty_score":36,"last_commit_at":206,"category_tags":207,"status":58},6121,"gemini-cli","google-gemini\u002Fgemini-cli","gemini-cli 是一款由谷歌推出的开源 AI 命令行工具，它将强大的 Gemini 大模型能力直接集成到用户的终端环境中。对于习惯在命令行工作的开发者而言，它提供了一条从输入提示词到获取模型响应的最短路径，无需切换窗口即可享受智能辅助。\n\n这款工具主要解决了开发过程中频繁上下文切换的痛点，让用户能在熟悉的终端界面内直接完成代码理解、生成、调试以及自动化运维任务。无论是查询大型代码库、根据草图生成应用，还是执行复杂的 Git 操作，gemini-cli 都能通过自然语言指令高效处理。\n\n它特别适合广大软件工程师、DevOps 人员及技术研究人员使用。其核心亮点包括支持高达 100 万 token 的超长上下文窗口，具备出色的逻辑推理能力；内置 Google 搜索、文件操作及 Shell 命令执行等实用工具；更独特的是，它支持 MCP（模型上下文协议），允许用户灵活扩展自定义集成，连接如图像生成等外部能力。此外，个人谷歌账号即可享受免费的额度支持，且项目基于 Apache 2.0 协议完全开源，是提升终端工作效率的理想助手。",100752,"2026-04-10T01:20:03",[208,56,173,57],"插件",{"id":210,"name":211,"github_repo":212,"description_zh":213,"stars":214,"difficulty_score":36,"last_commit_at":215,"category_tags":216,"status":58},4721,"markitdown","microsoft\u002Fmarkitdown","MarkItDown 是一款由微软 AutoGen 团队打造的轻量级 Python 工具，专为将各类文件高效转换为 Markdown 格式而设计。它支持 PDF、Word、Excel、PPT、图片（含 OCR）、音频（含语音转录）、HTML 乃至 YouTube 链接等多种格式的解析，能够精准提取文档中的标题、列表、表格和链接等关键结构信息。\n\n在人工智能应用日益普及的今天，大语言模型（LLM）虽擅长处理文本，却难以直接读取复杂的二进制办公文档。MarkItDown 恰好解决了这一痛点，它将非结构化或半结构化的文件转化为模型“原生理解”且 Token 效率极高的 Markdown 格式，成为连接本地文件与 AI 分析 pipeline 的理想桥梁。此外，它还提供了 MCP（模型上下文协议）服务器，可无缝集成到 Claude Desktop 等 LLM 应用中。\n\n这款工具特别适合开发者、数据科学家及 AI 研究人员使用，尤其是那些需要构建文档检索增强生成（RAG）系统、进行批量文本分析或希望让 AI 助手直接“阅读”本地文件的用户。虽然生成的内容也具备一定可读性，但其核心优势在于为机器",93400,"2026-04-06T19:52:38",[208,57]]