[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"similar-alibaba--OpenSandbox":3,"tool-alibaba--OpenSandbox":62},[4,18,26,36,46,54],{"id":5,"name":6,"github_repo":7,"description_zh":8,"stars":9,"difficulty_score":10,"last_commit_at":11,"category_tags":12,"status":17},4358,"openclaw","openclaw\u002Fopenclaw","OpenClaw 是一款专为个人打造的本地化 AI 助手，旨在让你在自己的设备上拥有完全可控的智能伙伴。它打破了传统 AI 助手局限于特定网页或应用的束缚，能够直接接入你日常使用的各类通讯渠道，包括微信、WhatsApp、Telegram、Discord、iMessage 等数十种平台。无论你在哪个聊天软件中发送消息，OpenClaw 都能即时响应，甚至支持在 macOS、iOS 和 Android 设备上进行语音交互，并提供实时的画布渲染功能供你操控。\n\n这款工具主要解决了用户对数据隐私、响应速度以及“始终在线”体验的需求。通过将 AI 部署在本地，用户无需依赖云端服务即可享受快速、私密的智能辅助，真正实现了“你的数据，你做主”。其独特的技术亮点在于强大的网关架构，将控制平面与核心助手分离，确保跨平台通信的流畅性与扩展性。\n\nOpenClaw 非常适合希望构建个性化工作流的技术爱好者、开发者，以及注重隐私保护且不愿被单一生态绑定的普通用户。只要具备基础的终端操作能力（支持 macOS、Linux 及 Windows WSL2），即可通过简单的命令行引导完成部署。如果你渴望拥有一个懂你",349277,3,"2026-04-06T06:32:30",[13,14,15,16],"Agent","开发框架","图像","数据工具","ready",{"id":19,"name":20,"github_repo":21,"description_zh":22,"stars":23,"difficulty_score":10,"last_commit_at":24,"category_tags":25,"status":17},3808,"stable-diffusion-webui","AUTOMATIC1111\u002Fstable-diffusion-webui","stable-diffusion-webui 是一个基于 Gradio 构建的网页版操作界面，旨在让用户能够轻松地在本地运行和使用强大的 Stable Diffusion 图像生成模型。它解决了原始模型依赖命令行、操作门槛高且功能分散的痛点，将复杂的 AI 绘图流程整合进一个直观易用的图形化平台。\n\n无论是希望快速上手的普通创作者、需要精细控制画面细节的设计师，还是想要深入探索模型潜力的开发者与研究人员，都能从中获益。其核心亮点在于极高的功能丰富度：不仅支持文生图、图生图、局部重绘（Inpainting）和外绘（Outpainting）等基础模式，还独创了注意力机制调整、提示词矩阵、负向提示词以及“高清修复”等高级功能。此外，它内置了 GFPGAN 和 CodeFormer 等人脸修复工具，支持多种神经网络放大算法，并允许用户通过插件系统无限扩展能力。即使是显存有限的设备，stable-diffusion-webui 也提供了相应的优化选项，让高质量的 AI 艺术创作变得触手可及。",162132,"2026-04-05T11:01:52",[14,15,13],{"id":27,"name":28,"github_repo":29,"description_zh":30,"stars":31,"difficulty_score":32,"last_commit_at":33,"category_tags":34,"status":17},1381,"everything-claude-code","affaan-m\u002Feverything-claude-code","everything-claude-code 是一套专为 AI 编程助手（如 Claude Code、Codex、Cursor 等）打造的高性能优化系统。它不仅仅是一组配置文件，而是一个经过长期实战打磨的完整框架，旨在解决 AI 代理在实际开发中面临的效率低下、记忆丢失、安全隐患及缺乏持续学习能力等核心痛点。\n\n通过引入技能模块化、直觉增强、记忆持久化机制以及内置的安全扫描功能，everything-claude-code 能显著提升 AI 在复杂任务中的表现，帮助开发者构建更稳定、更智能的生产级 AI 代理。其独特的“研究优先”开发理念和针对 Token 消耗的优化策略，使得模型响应更快、成本更低，同时有效防御潜在的攻击向量。\n\n这套工具特别适合软件开发者、AI 研究人员以及希望深度定制 AI 工作流的技术团队使用。无论您是在构建大型代码库，还是需要 AI 协助进行安全审计与自动化测试，everything-claude-code 都能提供强大的底层支持。作为一个曾荣获 Anthropic 黑客大奖的开源项目，它融合了多语言支持与丰富的实战钩子（hooks），让 AI 真正成长为懂上",160784,2,"2026-04-19T11:32:54",[14,13,35],"语言模型",{"id":37,"name":38,"github_repo":39,"description_zh":40,"stars":41,"difficulty_score":42,"last_commit_at":43,"category_tags":44,"status":17},8272,"opencode","anomalyco\u002Fopencode","OpenCode 是一款开源的 AI 编程助手（Coding Agent），旨在像一位智能搭档一样融入您的开发流程。它不仅仅是一个代码补全插件，而是一个能够理解项目上下文、自主规划任务并执行复杂编码操作的智能体。无论是生成全新功能、重构现有代码，还是排查难以定位的 Bug，OpenCode 都能通过自然语言交互高效完成，显著减少开发者在重复性劳动和上下文切换上的时间消耗。\n\n这款工具专为软件开发者、工程师及技术研究人员设计，特别适合希望利用大模型能力来提升编码效率、加速原型开发或处理遗留代码维护的专业人群。其核心亮点在于完全开源的架构，这意味着用户可以审查代码逻辑、自定义行为策略，甚至私有化部署以保障数据安全，彻底打破了传统闭源 AI 助手的“黑盒”限制。\n\n在技术体验上，OpenCode 提供了灵活的终端界面（Terminal UI）和正在测试中的桌面应用程序，支持 macOS、Windows 及 Linux 全平台。它兼容多种包管理工具，安装便捷，并能无缝集成到现有的开发环境中。无论您是追求极致控制权的资深极客，还是渴望提升产出的独立开发者，OpenCode 都提供了一个透明、可信",144296,1,"2026-04-16T14:50:03",[13,45],"插件",{"id":47,"name":48,"github_repo":49,"description_zh":50,"stars":51,"difficulty_score":32,"last_commit_at":52,"category_tags":53,"status":17},2271,"ComfyUI","Comfy-Org\u002FComfyUI","ComfyUI 是一款功能强大且高度模块化的视觉 AI 引擎，专为设计和执行复杂的 Stable Diffusion 图像生成流程而打造。它摒弃了传统的代码编写模式，采用直观的节点式流程图界面，让用户通过连接不同的功能模块即可构建个性化的生成管线。\n\n这一设计巧妙解决了高级 AI 绘图工作流配置复杂、灵活性不足的痛点。用户无需具备编程背景，也能自由组合模型、调整参数并实时预览效果，轻松实现从基础文生图到多步骤高清修复等各类复杂任务。ComfyUI 拥有极佳的兼容性，不仅支持 Windows、macOS 和 Linux 全平台，还广泛适配 NVIDIA、AMD、Intel 及苹果 Silicon 等多种硬件架构，并率先支持 SDXL、Flux、SD3 等前沿模型。\n\n无论是希望深入探索算法潜力的研究人员和开发者，还是追求极致创作自由度的设计师与资深 AI 绘画爱好者，ComfyUI 都能提供强大的支持。其独特的模块化架构允许社区不断扩展新功能，使其成为当前最灵活、生态最丰富的开源扩散模型工具之一，帮助用户将创意高效转化为现实。",109154,"2026-04-18T11:18:24",[14,15,13],{"id":55,"name":56,"github_repo":57,"description_zh":58,"stars":59,"difficulty_score":32,"last_commit_at":60,"category_tags":61,"status":17},6121,"gemini-cli","google-gemini\u002Fgemini-cli","gemini-cli 是一款由谷歌推出的开源 AI 命令行工具，它将强大的 Gemini 大模型能力直接集成到用户的终端环境中。对于习惯在命令行工作的开发者而言，它提供了一条从输入提示词到获取模型响应的最短路径，无需切换窗口即可享受智能辅助。\n\n这款工具主要解决了开发过程中频繁上下文切换的痛点，让用户能在熟悉的终端界面内直接完成代码理解、生成、调试以及自动化运维任务。无论是查询大型代码库、根据草图生成应用，还是执行复杂的 Git 操作，gemini-cli 都能通过自然语言指令高效处理。\n\n它特别适合广大软件工程师、DevOps 人员及技术研究人员使用。其核心亮点包括支持高达 100 万 token 的超长上下文窗口，具备出色的逻辑推理能力；内置 Google 搜索、文件操作及 Shell 命令执行等实用工具；更独特的是，它支持 MCP（模型上下文协议），允许用户灵活扩展自定义集成，连接如图像生成等外部能力。此外，个人谷歌账号即可享受免费的额度支持，且项目基于 Apache 2.0 协议完全开源，是提升终端工作效率的理想助手。",100752,"2026-04-10T01:20:03",[45,13,15,14],{"id":63,"github_repo":64,"name":65,"description_en":66,"description_zh":67,"ai_summary_zh":68,"readme_en":69,"readme_zh":70,"quickstart_zh":71,"use_case_zh":72,"hero_image_url":73,"owner_login":74,"owner_name":75,"owner_avatar_url":76,"owner_bio":77,"owner_company":78,"owner_location":78,"owner_email":78,"owner_twitter":78,"owner_website":79,"owner_url":80,"languages":81,"stars":121,"forks":122,"last_commit_at":123,"license":124,"difficulty_score":10,"env_os":125,"env_gpu":126,"env_ram":126,"env_deps":127,"category_tags":138,"github_topics":139,"view_count":32,"oss_zip_url":78,"oss_zip_packed_at":78,"status":17,"created_at":145,"updated_at":146,"faqs":147,"releases":176},9625,"alibaba\u002FOpenSandbox","OpenSandbox","Secure, Fast, and Extensible Sandbox runtime for AI agents.","OpenSandbox 是阿里巴巴开源的一款专为 AI 智能体（AI Agents）打造的安全、高速且可扩展的沙箱运行平台。在 AI 应用日益复杂的今天，如何让代码执行、文件操作或浏览器自动化等任务在隔离环境中安全运行，同时支持大规模调度，是开发者面临的主要挑战。OpenSandbox 正是为了解决这一痛点而生，它提供了一套统一的沙箱协议和生命周期管理 API，确保 AI 任务在与主机隔离的环境中稳定执行，有效防止潜在的安全风险。\n\n这款工具非常适合构建 Coding Agents、GUI 自动化助手、AI 代码解释器以及强化学习训练场景的开发者与研究人员使用。无论是需要在本地调试原型的个人开发者，还是需要处理高并发分布式任务的企业团队，都能从中受益。\n\nOpenSandbox 的技术亮点在于其强大的兼容性与安全性。它不仅提供了 Python、Java、Go 等多种语言的 SDK，降低集成门槛，还内置了 Docker 和高性能 Kubernetes 运行时，支持从单机到集群的无缝扩展。更值得一提的是，它支持 gVisor、Kata Containers 等安全容器技术，实现了工作负载与","OpenSandbox 是阿里巴巴开源的一款专为 AI 智能体（AI Agents）打造的安全、高速且可扩展的沙箱运行平台。在 AI 应用日益复杂的今天，如何让代码执行、文件操作或浏览器自动化等任务在隔离环境中安全运行，同时支持大规模调度，是开发者面临的主要挑战。OpenSandbox 正是为了解决这一痛点而生，它提供了一套统一的沙箱协议和生命周期管理 API，确保 AI 任务在与主机隔离的环境中稳定执行，有效防止潜在的安全风险。\n\n这款工具非常适合构建 Coding Agents、GUI 自动化助手、AI 代码解释器以及强化学习训练场景的开发者与研究人员使用。无论是需要在本地调试原型的个人开发者，还是需要处理高并发分布式任务的企业团队，都能从中受益。\n\nOpenSandbox 的技术亮点在于其强大的兼容性与安全性。它不仅提供了 Python、Java、Go 等多种语言的 SDK，降低集成门槛，还内置了 Docker 和高性能 Kubernetes 运行时，支持从单机到集群的无缝扩展。更值得一提的是，它支持 gVisor、Kata Containers 等安全容器技术，实现了工作负载与宿主机的强隔离，并配备了精细的网络进出控制策略，为 AI 智能体的自由探索提供了坚实的安全底座。","\u003Cdiv align=\"center\">\n  \u003Cimg src=\"docs\u002Fassets\u002Flogo.svg\" alt=\"OpenSandbox logo\" width=\"150\" \u002F>\n\n  \u003Ch1>OpenSandbox\u003C\u002Fh1>\n\n  \u003Cp align=\"center\">\n    \u003Ca href=\"https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F21828\" target=\"_blank\">\n      \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Falibaba_OpenSandbox_readme_4a68feb902da.png\" alt=\"alibaba%2FOpenSandbox | Trendshift\" style=\"width: 320px; height: 70px;\" width=\"320\" height=\"70\" \u002F>\n    \u003C\u002Fa>\n  \u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Falibaba\u002FOpenSandbox.svg?style=social\" alt=\"GitHub stars\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fdeepwiki.com\u002Falibaba\u002FOpenSandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg\" alt=\"Ask DeepWiki\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fwww.apache.org\u002Flicenses\u002FLICENSE-2.0.html\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-Apache%202.0-blue.svg\" alt=\"license\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fbadge.fury.io\u002Fpy\u002Fopensandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fbadge.fury.io\u002Fpy\u002Fopensandbox.svg\" alt=\"PyPI version\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fbadge.fury.io\u002Fjs\u002F@alibaba-group%2Fopensandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fbadge.fury.io\u002Fjs\u002F@alibaba-group%2Fopensandbox.svg\" alt=\"npm version\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Flandscape.cncf.io\u002F?item=orchestration-management--scheduling-orchestration--opensandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCNCF-Landscape-0C66E4\" alt=\"CNCF Landscape\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fqr.dingtalk.com\u002Faction\u002Fjoingroup?code=v1,k1,A4Bgl5q1I1eNU\u002Fr33D18YFNrMY108aFF38V+r19RJOM=&_dt_no_comment=1&origin=11\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDingTalk-Join-0089FF?logo=dingtalk&logoColor=white\" alt=\"DingTalk\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Factions\">\n    \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Factions\u002Fworkflows\u002Freal-e2e.yml\u002Fbadge.svg?branch=main\" alt=\"E2E Status\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Factions\">\n    \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Factions\u002Fworkflows\u002Fkubernetes-nightly-build.yml\u002Fbadge.svg?branch=main\" alt=\"E2E Status\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n  \u003Chr \u002F>\n\u003C\u002Fdiv>\n\n[Documentation](https:\u002F\u002Fopen-sandbox.ai\u002F) | [中文文档](https:\u002F\u002Fopen-sandbox.ai\u002Fzh\u002F)\n\nOpenSandbox is a **general-purpose sandbox platform** for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker\u002FKubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.\n\nOpenSandbox is now listed in the [CNCF Landscape](https:\u002F\u002Flandscape.cncf.io\u002F?item=orchestration-management--scheduling-orchestration--opensandbox).\n\n## Features\n\n- **Multi-language SDKs**: Provides sandbox SDKs in Python, Java\u002FKotlin, JavaScript\u002FTypeScript, C#\u002F.NET, Go.\n- **Sandbox Protocol**: Defines sandbox lifecycle management APIs and sandbox execution APIs so you can extend custom sandbox runtimes.\n- **Sandbox Runtime**: Built-in lifecycle management supporting Docker and [high-performance Kubernetes runtime](.\u002Fkubernetes), enabling both local runs and large-scale distributed scheduling.\n- **Sandbox Environments**: Built-in Command, Filesystem, and Code Interpreter implementations. Examples cover Coding Agents (e.g., Claude Code), browser automation (Chrome, Playwright), and desktop environments (VNC, VS Code).\n- **Network Policy**: Unified [Ingress Gateway](components\u002Fingress) with multiple routing strategies plus per-sandbox [egress controls](components\u002Fegress).\n- **Strong Isolation**: Supports secure container runtimes like gVisor, Kata Containers, and Firecracker microVM for enhanced isolation between sandbox workloads and the host. See [Secure Container Runtime Guide](docs\u002Fsecure-container.md) for details.\n\n## SDKs\n\nPython:\n\n```bash\npip install opensandbox\n```\n\nJava\u002FKotlin (Gradle Kotlin DSL):\n\n```kotlin\ndependencies {\n    implementation(\"com.alibaba.opensandbox:sandbox:{latest_version}\")\n}\n```\n\nJava\u002FKotlin (Maven):\n\n```xml\n\u003Cdependency>\n    \u003CgroupId>com.alibaba.opensandbox\u003C\u002FgroupId>\n    \u003CartifactId>sandbox\u003C\u002FartifactId>\n    \u003Cversion>{latest_version}\u003C\u002Fversion>\n\u003C\u002Fdependency>\n```\n\nJavaScript\u002FTypeScript:\n\n```bash\nnpm install @alibaba-group\u002Fopensandbox\n```\n\nC#\u002F.NET:\n\n```bash\ndotnet add package Alibaba.OpenSandbox\n```\n\nGo:\n\n```bash\ngo get github.com\u002Falibaba\u002FOpenSandbox\u002Fsdks\u002Fsandbox\u002Fgo\n```\n\n## CLI\n\nOpenSandbox also provides `osb`, a terminal CLI for the common sandbox workflow: create sandboxes, run commands, move files, inspect diagnostics, and manage runtime egress policy.\n\nInstall:\n\n```bash\npip install opensandbox-cli\n# or\nuv tool install opensandbox-cli\n```\n\nQuick start:\n\n```bash\nosb config init\nosb config set connection.domain localhost:8080\nosb config set connection.protocol http\nosb sandbox create --image python:3.12 --timeout 30m -o json\nosb command run \u003Csandbox-id> -o raw -- python -c \"print(1 + 1)\"\n```\n\nSee the [CLI README](cli\u002FREADME.md) for the full command reference.\n\n## MCP\n\nThe OpenSandbox MCP server exposes sandbox creation, command execution, and text file operations to MCP-capable clients such as Claude Code and Cursor.\n\nInstall and run:\n\n```bash\npip install opensandbox-mcp\nopensandbox-mcp --domain localhost:8080 --protocol http\n```\n\nMinimal stdio config:\n\n```json\n{\n  \"mcpServers\": {\n    \"opensandbox\": {\n      \"command\": \"opensandbox-mcp\",\n      \"args\": [\"--domain\", \"localhost:8080\", \"--protocol\", \"http\"]\n    }\n  }\n}\n```\n\nSee the [MCP README](sdks\u002Fmcp\u002Fsandbox\u002Fpython\u002FREADME.md) for client-specific setup.\n\n## Getting Started\n\nRequirements:\n\n- Docker (required for local execution)\n- Python 3.10+ (required for examples and local runtime)\n\n### Install and Configure the Sandbox Server\n\n```bash\nuvx opensandbox-server init-config ~\u002F.sandbox.toml --example docker\n\nuvx opensandbox-server\n\n# Show help\n# uvx opensandbox-server -h\n```\n\n### Create a Code Interpreter and Execute Commands\u002FCodes\n\nInstall the Code Interpreter SDK\n\n```bash\nuv pip install opensandbox-code-interpreter\n```\n\nCreate a sandbox and execute commands and codes.\n\n```python\nimport asyncio\nfrom datetime import timedelta\n\nfrom code_interpreter import CodeInterpreter, SupportedLanguage\nfrom opensandbox import Sandbox\nfrom opensandbox.models import WriteEntry\n\nasync def main() -> None:\n    # 1. Create a sandbox\n    sandbox = await Sandbox.create(\n        \"opensandbox\u002Fcode-interpreter:v1.0.2\",\n        entrypoint=[\"\u002Fopt\u002Fopensandbox\u002Fcode-interpreter.sh\"],\n        env={\"PYTHON_VERSION\": \"3.11\"},\n        timeout=timedelta(minutes=10),\n    )\n\n    async with sandbox:\n\n        # 2. Execute a shell command\n        execution = await sandbox.commands.run(\"echo 'Hello OpenSandbox!'\")\n        print(execution.logs.stdout[0].text)\n\n        # 3. Write a file\n        await sandbox.files.write_files([\n            WriteEntry(path=\"\u002Ftmp\u002Fhello.txt\", data=\"Hello World\", mode=644)\n        ])\n\n        # 4. Read a file\n        content = await sandbox.files.read_file(\"\u002Ftmp\u002Fhello.txt\")\n        print(f\"Content: {content}\") # Content: Hello World\n\n        # 5. Create a code interpreter\n        interpreter = await CodeInterpreter.create(sandbox)\n\n        # 6. Execute Python code (single-run, pass language directly)\n        result = await interpreter.codes.run(\n              \"\"\"\n                  import sys\n                  print(sys.version)\n                  result = 2 + 2\n                  result\n              \"\"\",\n              language=SupportedLanguage.PYTHON,\n        )\n\n        print(result.result[0].text) # 4\n        print(result.logs.stdout[0].text) # 3.11.14\n\n    # 7. Cleanup the sandbox\n    await sandbox.kill()\n\nif __name__ == \"__main__\":\n    asyncio.run(main())\n```\n\n### More Examples\n\nOpenSandbox provides examples covering SDK usage, agent integrations, browser automation, and training workloads. All example code is located in the `examples\u002F` directory.\n\n#### 🎯 Basic Examples\n\n- **[code-interpreter](examples\u002Fcode-interpreter\u002FREADME.md)** - End-to-end Code Interpreter SDK workflow in a sandbox.\n- **[aio-sandbox](examples\u002Faio-sandbox\u002FREADME.md)** - All-in-One sandbox setup using the OpenSandbox SDK.\n- **[agent-sandbox](examples\u002Fagent-sandbox\u002FREADME.md)** - Example integration for running OpenSandbox workloads on Kubernetes with [kubernetes-sigs\u002Fagent-sandbox](https:\u002F\u002Fgithub.com\u002Fkubernetes-sigs\u002Fagent-sandbox).\n- **Volumes** — [Docker PVC \u002F named volumes](examples\u002Fdocker-pvc-volume-mount\u002FREADME.md), [Docker OSSFS](examples\u002Fdocker-ossfs-volume-mount\u002FREADME.md), [Kubernetes PVC](examples\u002Fkubernetes-pvc-volume-mount\u002FREADME.md): persistent and shared storage patterns.\n\n#### 🤖 Coding Agent Integrations\n\n- **Coding CLIs** — [Claude Code](examples\u002Fclaude-code\u002FREADME.md), [Gemini CLI](examples\u002Fgemini-cli\u002FREADME.md), [OpenAI Codex CLI](examples\u002Fcodex-cli\u002FREADME.md), [Qwen Code](examples\u002Fqwen-code\u002FREADME.md), [Kimi CLI](examples\u002Fkimi-cli\u002FREADME.md): run each vendor CLI inside OpenSandbox.\n- **[langgraph](examples\u002Flanggraph\u002FREADME.md)** - LangGraph state-machine workflow that creates\u002Fruns a sandbox job with fallback retry.\n- **[google-adk](examples\u002Fgoogle-adk\u002FREADME.md)** - Google ADK agent using OpenSandbox tools to write\u002Fread files and run commands.\n- **[openclaw](examples\u002Fopenclaw\u002FREADME.md)** - Launch an OpenClaw Gateway inside a sandbox.\n\n#### 🌐 Browser and Desktop Environments\n\n- **[chrome](examples\u002Fchrome\u002FREADME.md)** - Chromium sandbox with VNC and DevTools access for automation and debugging.\n- **[playwright](examples\u002Fplaywright\u002FREADME.md)** - Playwright + Chromium headless scraping and testing example.\n- **[desktop](examples\u002Fdesktop\u002FREADME.md)** - Full desktop environment in a sandbox with VNC access.\n- **[vscode](examples\u002Fvscode\u002FREADME.md)** - code-server (VS Code Web) running inside a sandbox for remote dev.\n\n#### 🧠 ML and Training\n\n- **[rl-training](examples\u002Frl-training\u002FREADME.md)** - DQN CartPole training in a sandbox with checkpoints and summary output.\n\nFor more details, please refer to [examples](examples\u002FREADME.md) and the README files in each example directory.\n\n## Project Structure\n\n| Directory | Description                                                      |\n|-----------|------------------------------------------------------------------|\n| [`sdks\u002F`](sdks\u002F) | Multi-language SDKs (Python, Java\u002FKotlin, TypeScript\u002FJavaScript, C#\u002F.NET) |\n| [`specs\u002F`](specs\u002FREADME.md) | OpenAPI specs and lifecycle specifications                      |\n| [`server\u002F`](server\u002FREADME.md) | Python FastAPI sandbox lifecycle server                          |\n| [`cli\u002F`](cli\u002FREADME.md) | OpenSandbox command-line interface                               |\n| [`kubernetes\u002F`](kubernetes\u002FREADME.md) | Kubernetes deployment and examples                               |\n| [`components\u002Fexecd\u002F`](components\u002Fexecd\u002FREADME.md) | Sandbox execution daemon (commands and file operations)          |\n| [`components\u002Fingress\u002F`](components\u002Fingress\u002FREADME.md) | Sandbox traffic ingress proxy                                    |\n| [`components\u002Fegress\u002F`](components\u002Fegress\u002FREADME.md) | Sandbox network egress control                                   |\n| [`sandboxes\u002F`](sandboxes\u002F) | Runtime sandbox implementations                                   |\n| [`examples\u002F`](examples\u002FREADME.md) | Integration examples and use cases                               |\n| [`oseps\u002F`](oseps\u002FREADME.md) | OpenSandbox Enhancement Proposals                                |\n| [`docs\u002F`](docs\u002F) | Architecture and design documentation                            |\n| [`tests\u002F`](tests\u002F) | Cross-component E2E tests                                        |\n| [`scripts\u002F`](scripts\u002F) | Development and maintenance scripts                              |\n\nFor detailed architecture, see [docs\u002Farchitecture.md](docs\u002Farchitecture.md).\n\n## Documentation\n\n- [docs\u002Farchitecture.md](docs\u002Farchitecture.md) – Overall architecture & design philosophy\n- [oseps\u002FREADME.md](oseps\u002FREADME.md) – OpenSandbox Enhancement Proposals\n- SDK\n  - Sandbox base SDK ([Java\u002FKotlin SDK](sdks\u002Fsandbox\u002Fkotlin\u002FREADME.md), [Python SDK](sdks\u002Fsandbox\u002Fpython\u002FREADME.md), [JavaScript\u002FTypeScript SDK](sdks\u002Fsandbox\u002Fjavascript\u002FREADME.md), [C#\u002F.NET SDK](sdks\u002Fsandbox\u002Fcsharp\u002FREADME.md)), [Go SDK](sdks\u002Fsandbox\u002Fgo\u002FREADME.md) - includes sandbox lifecycle, command execution, file operations\n  - Code Interpreter SDK ([Java\u002FKotlin SDK](sdks\u002Fcode-interpreter\u002Fkotlin\u002FREADME.md), [Python SDK](sdks\u002Fcode-interpreter\u002Fpython\u002FREADME.md), [JavaScript\u002FTypeScript SDK](sdks\u002Fcode-interpreter\u002Fjavascript\u002FREADME.md), [C#\u002F.NET SDK](sdks\u002Fcode-interpreter\u002Fcsharp\u002FREADME.md)) - code interpreter\n- [cli\u002FREADME.md](cli\u002FREADME.md) - OpenSandbox CLI installation and command reference\n- [sdks\u002Fmcp\u002Fsandbox\u002Fpython\u002FREADME.md](sdks\u002Fmcp\u002Fsandbox\u002Fpython\u002FREADME.md) - MCP server installation and client setup\n- [specs\u002FREADME.md](specs\u002FREADME.md) - OpenAPI definitions for sandbox lifecycle API and sandbox execution API\n- [server\u002FREADME.md](server\u002FREADME.md) - Sandbox server startup and configuration; supports Docker and Kubernetes runtimes\n\n## License\n\nThis project is open source under the [Apache 2.0 License](LICENSE).\n\n## Roadmap [2026.03]\n\n### SDK\n\n- [x] **Sandbox client connection pool** - Client-side sandbox connection pool management, providing pre-provisioned sandboxes to obtain an environment at X ms. Implemented for Kotlin `SandboxPool` and documented in the [Kotlin SDK README](sdks\u002Fsandbox\u002Fkotlin\u002FREADME.md#6-sandbox-pool-client-side). Related PRs: [#301](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F301), [#393](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F393), [#617](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F617).\n- [x] **Go SDK** - Go client SDK for sandbox lifecycle management, command execution, and file operations. See the [Go SDK README](sdks\u002Fsandbox\u002Fgo\u002FREADME.md). Related PRs: [#597](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F597), [#683](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F683), [#707](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F707).\n\n### Sandbox Runtime\n\n- [x] **Persistent volumes** - Mountable persistent volumes for sandboxes. See [Proposal 0003](oseps\u002F0003-volume-and-volumebinding-support.md), [Docker PVC \u002F named volumes](examples\u002Fdocker-pvc-volume-mount\u002FREADME.md), [Docker OSSFS](examples\u002Fdocker-ossfs-volume-mount\u002FREADME.md), and [Kubernetes PVC](examples\u002Fkubernetes-pvc-volume-mount\u002FREADME.md). Related PRs: [#166](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F166), [#233](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F233), [#424](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F424), [#515](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F515), [#563](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F563).\n- [ ] **Local lightweight sandbox** - Lightweight sandbox for AI tools running directly on PCs.\n- [x] **Secure Container** - Secure sandbox for AI Agents running inside container. See the [Secure Container Runtime Guide](docs\u002Fsecure-container.md). Related PRs: [#177](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F177), [#249](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F249), [#417](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F417).\n\n### Deployment\n\n- [x] **Guide** - Deployment guide for self-hosted Kubernetes cluster. See the [Kubernetes README](kubernetes\u002FREADME.md) and Helm chart docs in [kubernetes\u002Fcharts\u002F](kubernetes\u002Fcharts\u002F). Related PRs: [#232](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F232), [#302](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F302), [#342](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F342).\n\n## Contact and Discussion\n\n- Issues: Submit bugs, feature requests, or design discussions through GitHub Issues\n- DingTalk: Join the [OpenSandbox technical discussion group](https:\u002F\u002Fqr.dingtalk.com\u002Faction\u002Fjoingroup?code=v1,k1,A4Bgl5q1I1eNU\u002Fr33D18YFNrMY108aFF38V+r19RJOM=&_dt_no_comment=1&origin=11)\n## Star History\n\n[![Star History Chart](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Falibaba_OpenSandbox_readme_e00c1ab3c7e2.png)](https:\u002F\u002Fwww.star-history.com\u002F#alibaba\u002FOpenSandbox&type=date&legend=top-left)\n","\u003Cdiv align=\"center\">\n  \u003Cimg src=\"docs\u002Fassets\u002Flogo.svg\" alt=\"OpenSandbox logo\" width=\"150\" \u002F>\n\n  \u003Ch1>OpenSandbox\u003C\u002Fh1>\n\n  \u003Cp align=\"center\">\n    \u003Ca href=\"https:\u002F\u002Ftrendshift.io\u002Frepositories\u002F21828\" target=\"_blank\">\n      \u003Cimg src=\"https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Falibaba_OpenSandbox_readme_4a68feb902da.png\" alt=\"alibaba%2FOpenSandbox | Trendshift\" style=\"width: 320px; height: 70px;\" width=\"320\" height=\"70\" \u002F>\n    \u003C\u002Fa>\n  \u003C\u002Fp>\n\n\u003Cp align=\"center\">\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fgithub\u002Fstars\u002Falibaba\u002FOpenSandbox.svg?style=social\" alt=\"GitHub stars\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fdeepwiki.com\u002Falibaba\u002FOpenSandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fdeepwiki.com\u002Fbadge.svg\" alt=\"Ask DeepWiki\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fwww.apache.org\u002Flicenses\u002FLICENSE-2.0.html\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002Flicense-Apache%202.0-blue.svg\" alt=\"license\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fbadge.fury.io\u002Fpy\u002Fopensandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fbadge.fury.io\u002Fpy\u002Fopensandbox.svg\" alt=\"PyPI version\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fbadge.fury.io\u002Fjs\u002F@alibaba-group%2Fopensandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fbadge.fury.io\u002Fjs\u002F@alibaba-group%2Fopensandbox.svg\" alt=\"npm version\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Flandscape.cncf.io\u002F?item=orchestration-management--scheduling-orchestration--opensandbox\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FCNCF-Landscape-0C66E4\" alt=\"CNCF Landscape\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fqr.dingtalk.com\u002Faction\u002Fjoingroup?code=v1,k1,A4Bgl5q1I1eNU\u002Fr33D18YFNrMY108aFF38V+r19RJOM=&_dt_no_comment=1&origin=11\">\n    \u003Cimg src=\"https:\u002F\u002Fimg.shields.io\u002Fbadge\u002FDingTalk-Join-0089FF?logo=dingtalk&logoColor=white\" alt=\"DingTalk\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Factions\">\n    \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Factions\u002Fworkflows\u002Freal-e2e.yml\u002Fbadge.svg?branch=main\" alt=\"E2E Status\" \u002F>\n  \u003C\u002Fa>\n  \u003Ca href=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Factions\">\n    \u003Cimg src=\"https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Factions\u002Fworkflows\u002Fkubernetes-nightly-build.yml\u002Fbadge.svg?branch=main\" alt=\"E2E Status\" \u002F>\n  \u003C\u002Fa>\n\u003C\u002Fp>\n\n  \u003Chr \u002F>\n\u003C\u002Fdiv>\n\n[文档](https:\u002F\u002Fopen-sandbox.ai\u002F) | [中文文档](https:\u002F\u002Fopen-sandbox.ai\u002Fzh\u002F)\n\nOpenSandbox 是一个面向 AI 应用的 **通用沙箱平台**，提供多语言 SDK、统一的沙箱 API 以及 Docker\u002FKubernetes 运行时，适用于编码代理、GUI 代理、代理评估、AI 代码执行和强化学习训练等场景。\n\nOpenSandbox 现已入选 [CNCF Landscape](https:\u002F\u002Flandscape.cncf.io\u002F?item=orchestration-management--scheduling-orchestration--opensandbox)。\n\n## 特性\n\n- **多语言 SDK**：提供 Python、Java\u002FKotlin、JavaScript\u002FTypeScript、C#\u002F.NET 和 Go 语言的沙箱 SDK。\n- **沙箱协议**：定义了沙箱生命周期管理 API 和沙箱执行 API，方便用户扩展自定义的沙箱运行时。\n- **沙箱运行时**：内置支持 Docker 和 [高性能 Kubernetes 运行时](.\u002Fkubernetes) 的生命周期管理功能，既可本地运行，也可进行大规模分布式调度。\n- **沙箱环境**：内置命令行、文件系统和代码解释器实现。示例涵盖编码代理（如 Claude Code）、浏览器自动化（Chrome、Playwright）以及桌面环境（VNC、VS Code）。\n- **网络策略**：统一的 [Ingress 网关](components\u002Fingress)，支持多种路由策略，并为每个沙箱提供 [出口控制](components\u002Fegress)。\n- **强隔离性**：支持 gVisor、Kata Containers 和 Firecracker microVM 等安全容器运行时，以增强沙箱工作负载与宿主机之间的隔离。详细信息请参阅 [安全容器运行时指南](docs\u002Fsecure-container.md)。\n\n## SDK\n\nPython：\n\n```bash\npip install opensandbox\n```\n\nJava\u002FKotlin（Gradle Kotlin DSL）：\n\n```kotlin\ndependencies {\n    implementation(\"com.alibaba.opensandbox:sandbox:{latest_version}\")\n}\n```\n\nJava\u002FKotlin（Maven）：\n\n```xml\n\u003Cdependency>\n    \u003CgroupId>com.alibaba.opensandbox\u003C\u002FgroupId>\n    \u003CartifactId>sandbox\u003C\u002FartifactId>\n    \u003Cversion>{latest_version}\u003C\u002Fversion>\n\u003C\u002Fdependency>\n```\n\nJavaScript\u002FTypeScript：\n\n```bash\nnpm install @alibaba-group\u002Fopensandbox\n```\n\nC#\u002F.NET：\n\n```bash\ndotnet add package Alibaba.OpenSandbox\n```\n\nGo：\n\n```bash\ngo get github.com\u002Falibaba\u002FOpenSandbox\u002Fsdks\u002Fsandbox\u002Fgo\n```\n\n## CLI\n\nOpenSandbox 还提供了 `osb` 命令行工具，用于常见的沙箱工作流：创建沙箱、运行命令、移动文件、查看诊断信息以及管理运行时出口策略。\n\n安装：\n\n```bash\npip install opensandbox-cli\n# 或\nuv tool install opensandbox-cli\n```\n\n快速入门：\n\n```bash\nosb config init\nosb config set connection.domain localhost:8080\nosb config set connection.protocol http\nosb sandbox create --image python:3.12 --timeout 30m -o json\nosb command run \u003Csandbox-id> -o raw -- python -c \"print(1 + 1)\"\n```\n\n完整命令参考请参阅 [CLI README](cli\u002FREADME.md)。\n\n## MCP\n\nOpenSandbox 的 MCP 服务器向支持 MCP 的客户端（如 Claude Code 和 Cursor）暴露了沙箱创建、命令执行和文本文件操作等功能。\n\n安装并运行：\n\n```bash\npip install opensandbox-mcp\nopensandbox-mcp --domain localhost:8080 --protocol http\n```\n\n最小化 stdio 配置：\n\n```json\n{\n  \"mcpServers\": {\n    \"opensandbox\": {\n      \"command\": \"opensandbox-mcp\",\n      \"args\": [\"--domain\", \"localhost:8080\", \"--protocol\", \"http\"]\n    }\n  }\n}\n```\n\n客户端特定的设置请参阅 [MCP README](sdks\u002Fmcp\u002Fsandbox\u002Fpython\u002FREADME.md)。\n\n## 入门指南\n\n要求：\n\n- Docker（本地执行所需）\n- Python 3.10+（示例和本地运行时所需）\n\n### 安装并配置沙箱服务器\n\n```bash\nuvx opensandbox-server init-config ~\u002F.sandbox.toml --example docker\n\nuvx opensandbox-server\n\n# 查看帮助\n# uvx opensandbox-server -h\n```\n\n### 创建代码解释器并执行命令\u002F代码\n\n安装代码解释器 SDK\n\n```bash\nuv pip install opensandbox-code-interpreter\n```\n\n创建沙箱并执行命令和代码。\n\n```python\nimport asyncio\nfrom datetime import timedelta\n\nfrom code_interpreter import CodeInterpreter, SupportedLanguage\nfrom opensandbox import Sandbox\nfrom opensandbox.models import WriteEntry\n\nasync def main() -> None:\n    # 1. 创建一个沙箱\n    sandbox = await Sandbox.create(\n        \"opensandbox\u002Fcode-interpreter:v1.0.2\",\n        entrypoint=[\"\u002Fopt\u002Fopensandbox\u002Fcode-interpreter.sh\"],\n        env={\"PYTHON_VERSION\": \"3.11\"},\n        timeout=timedelta(minutes=10),\n    )\n\n    async with sandbox:\n\n        # 2. 执行一个 shell 命令\n        execution = await sandbox.commands.run(\"echo 'Hello OpenSandbox!'\")\n        print(execution.logs.stdout[0].text)\n\n        # 3. 写入一个文件\n        await sandbox.files.write_files([\n            WriteEntry(path=\"\u002Ftmp\u002Fhello.txt\", data=\"Hello World\", mode=644)\n        ])\n\n        # 4. 读取一个文件\n        content = await sandbox.files.read_file(\"\u002Ftmp\u002Fhello.txt\")\n        print(f\"Content: {content}\") # Content: Hello World\n\n        # 5. 创建一个代码解释器\n        interpreter = await CodeInterpreter.create(sandbox)\n\n        # 6. 执行 Python 代码（单次运行，直接指定语言）\n        result = await interpreter.codes.run(\n              \"\"\"\n                  import sys\n                  print(sys.version)\n                  result = 2 + 2\n                  result\n              \"\"\",\n              language=SupportedLanguage.PYTHON,\n        )\n\n        print(result.result[0].text) # 4\n        print(result.logs.stdout[0].text) # 3.11.14\n\n    # 7. 清理沙箱\n    await sandbox.kill()\n\nif __name__ == \"__main__\":\n    asyncio.run(main())\n```\n\n### 更多示例\n\nOpenSandbox 提供了涵盖 SDK 使用、代理集成、浏览器自动化以及训练工作负载的示例。所有示例代码都位于 `examples\u002F` 目录中。\n\n#### 🎯 基本示例\n\n- **[code-interpreter](examples\u002Fcode-interpreter\u002FREADME.md)** - 沙箱中的端到端代码解释器 SDK 工作流程。\n- **[aio-sandbox](examples\u002Faio-sandbox\u002FREADME.md)** - 使用 OpenSandbox SDK 的一体化沙箱设置。\n- **[agent-sandbox](examples\u002Fagent-sandbox\u002FREADME.md)** - 示例集成，用于在 Kubernetes 上运行 OpenSandbox 工作负载，并与 [kubernetes-sigs\u002Fagent-sandbox](https:\u002F\u002Fgithub.com\u002Fkubernetes-sigs\u002Fagent-sandbox) 集成。\n- **卷** — [Docker PVC \u002F 命名卷](examples\u002Fdocker-pvc-volume-mount\u002FREADME.md)、[Docker OSSFS](examples\u002Fdocker-ossfs-volume-mount\u002FREADME.md)、[Kubernetes PVC](examples\u002Fkubernetes-pvc-volume-mount\u002FREADME.md)：持久化和共享存储模式。\n\n#### 🤖 编码代理集成\n\n- **编码 CLI** — [Claude Code](examples\u002Fclaude-code\u002FREADME.md)、[Gemini CLI](examples\u002Fgemini-cli\u002FREADME.md)、[OpenAI Codex CLI](examples\u002Fcodex-cli\u002FREADME.md)、[Qwen Code](examples\u002Fqwen-code\u002FREADME.md)、[Kimi CLI](examples\u002Fkimi-cli\u002FREADME.md)：在 OpenSandbox 中运行各个供应商的 CLI。\n- **[langgraph](examples\u002Flanggraph\u002FREADME.md)** - LangGraph 状态机工作流，用于创建\u002F运行带有回退重试功能的沙箱任务。\n- **[google-adk](examples\u002Fgoogle-adk\u002FREADME.md)** - Google ADK 代理，使用 OpenSandbox 工具来读写文件和执行命令。\n- **[openclaw](examples\u002Fopenclaw\u002FREADME.md)** - 在沙箱内启动 OpenClaw 网关。\n\n#### 🌐 浏览器和桌面环境\n\n- **[chrome](examples\u002Fchrome\u002FREADME.md)** - Chromium 沙箱，配备 VNC 和 DevTools 访问权限，用于自动化和调试。\n- **[playwright](examples\u002Fplaywright\u002FREADME.md)** - Playwright + Chromium 无头爬取和测试示例。\n- **[desktop](examples\u002Fdesktop\u002FREADME.md)** - 沙箱中的完整桌面环境，支持 VNC 访问。\n- **[vscode](examples\u002Fvscode\u002FREADME.md)** - 在沙箱内运行 code-server (VS Code Web)，用于远程开发。\n\n#### 🧠 机器学习和训练\n\n- **[rl-training](examples\u002Frl-training\u002FREADME.md)** - 在沙箱中进行 DQN CartPole 训练，支持检查点保存和摘要输出。\n\n更多详情，请参阅 [examples](examples\u002FREADME.md) 以及每个示例目录中的 README 文件。\n\n## 项目结构\n\n| 目录 | 描述                                                      |\n|-----------|------------------------------------------------------------------|\n| [`sdks\u002F`](sdks\u002F) | 多语言 SDK（Python、Java\u002FKotlin、TypeScript\u002FJavaScript、C#\u002F.NET） |\n| [`specs\u002F`](specs\u002FREADME.md) | OpenAPI 规范和生命周期规范                      |\n| [`server\u002F`](server\u002FREADME.md) | Python FastAPI 沙箱生命周期服务器                          |\n| [`cli\u002F`](cli\u002FREADME.md) | OpenSandbox 命令行界面                               |\n| [`kubernetes\u002F`](kubernetes\u002FREADME.md) | Kubernetes 部署及示例                               |\n| [`components\u002Fexecd\u002F`](components\u002Fexecd\u002FREADME.md) | 沙箱执行守护进程（命令和文件操作）          |\n| [`components\u002Fingress\u002F`](components\u002Fingress\u002FREADME.md) | 沙箱流量入口代理                                    |\n| [`components\u002Fegress\u002F`](components\u002Fegress\u002FREADME.md) | 沙箱网络出口控制                                   |\n| [`sandboxes\u002F`](sandboxes\u002F) | 运行时沙箱实现                                   |\n| [`examples\u002F`](examples\u002FREADME.md) | 集成示例和用例                               |\n| [`oseps\u002F`](oseps\u002FREADME.md) | OpenSandbox 改进建议                                |\n| [`docs\u002F`](docs\u002F) | 架构和设计文档                            |\n| [`tests\u002F`](tests\u002F) | 跨组件端到端测试                                        |\n| [`scripts\u002F`](scripts\u002F) | 开发和维护脚本                              |\n\n有关详细架构，请参阅 [docs\u002Farchitecture.md](docs\u002Farchitecture.md)。\n\n## 文档\n\n- [docs\u002Farchitecture.md](docs\u002Farchitecture.md) – 整体架构与设计哲学\n- [oseps\u002FREADME.md](oseps\u002FREADME.md) – OpenSandbox 增强提案\n- SDK\n  - 沙箱基础 SDK（[Java\u002FKotlin SDK](sdks\u002Fsandbox\u002Fkotlin\u002FREADME.md)、[Python SDK](sdks\u002Fsandbox\u002Fpython\u002FREADME.md)、[JavaScript\u002FTypeScript SDK](sdks\u002Fsandbox\u002Fjavascript\u002FREADME.md)、[C#\u002F.NET SDK](sdks\u002Fsandbox\u002Fcsharp\u002FREADME.md)）、[Go SDK](sdks\u002Fsandbox\u002Fgo\u002FREADME.md) – 包含沙箱生命周期管理、命令执行、文件操作等功能\n  - 代码解释器 SDK（[Java\u002FKotlin SDK](sdks\u002Fcode-interpreter\u002Fkotlin\u002FREADME.md)、[Python SDK](sdks\u002Fcode-interpreter\u002Fpython\u002FREADME.md)、[JavaScript\u002FTypeScript SDK](sdks\u002Fcode-interpreter\u002Fjavascript\u002FREADME.md)、[C#\u002F.NET SDK](sdks\u002Fcode-interpreter\u002Fcsharp\u002FREADME.md)）– 代码解释器\n- [cli\u002FREADME.md](cli\u002FREADME.md) – OpenSandbox CLI 安装及命令参考\n- [sdks\u002Fmcp\u002Fsandbox\u002Fpython\u002FREADME.md](sdks\u002Fmcp\u002Fsandbox\u002Fpython\u002FREADME.md) – MCP 服务器安装与客户端配置\n- [specs\u002FREADME.md](specs\u002FREADME.md) – 沙箱生命周期 API 和沙箱执行 API 的 OpenAPI 定义\n- [server\u002FREADME.md](server\u002FREADME.md) – 沙箱服务器启动与配置；支持 Docker 和 Kubernetes 运行时\n\n## 许可证\n\n本项目采用 [Apache 2.0 许可证](LICENSE) 开源。\n\n## 路线图 [2026.03]\n\n### SDK\n\n- [x] **沙箱客户端连接池** – 客户端侧的沙箱连接池管理，提供预置的沙箱环境，可在 X 毫秒内获取运行环境。已在 Kotlin `SandboxPool` 中实现，并在 [Kotlin SDK README](sdks\u002Fsandbox\u002Fkotlin\u002FREADME.md#6-sandbox-pool-client-side) 中记录。相关 PR：[#301](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F301)、[#393](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F393)、[#617](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F617)。\n- [x] **Go SDK** – Go 客户端 SDK，用于沙箱生命周期管理、命令执行和文件操作。详见 [Go SDK README](sdks\u002Fsandbox\u002Fgo\u002FREADME.md)。相关 PR：[#597](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F597)、[#683](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F683)、[#707](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F707)。\n\n### 沙箱运行时\n\n- [x] **持久化存储卷** – 可挂载的沙箱持久化存储卷。详见 [提案 0003](oseps\u002F0003-volume-and-volumebinding-support.md)、[Docker PVC \u002F 命名卷](examples\u002Fdocker-pvc-volume-mount\u002FREADME.md)、[Docker OSSFS](examples\u002Fdocker-ossfs-volume-mount\u002FREADME.md) 以及 [Kubernetes PVC](examples\u002Fkubernetes-pvc-volume-mount\u002FREADME.md)。相关 PR：[#166](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F166)、[#233](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F233)、[#424](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F424)、[#515](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F515)、[#563](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F563)。\n- [ ] **本地轻量级沙箱** – 适用于直接在个人电脑上运行 AI 工具的轻量级沙箱。\n- [x] **安全容器** – 用于在容器内运行 AI 代理的安全沙箱。详见 [安全容器运行时指南](docs\u002Fsecure-container.md)。相关 PR：[#177](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F177)、[#249](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F249)、[#417](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F417)。\n\n### 部署\n\n- [x] **指南** – 自托管 Kubernetes 集群的部署指南。详见 [Kubernetes README](kubernetes\u002FREADME.md) 以及 [kubernetes\u002Fcharts\u002F](kubernetes\u002Fcharts\u002F) 中的 Helm Chart 文档。相关 PR：[#232](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F232)、[#302](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F302)、[#342](https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F342)。\n\n## 联系与讨论\n\n- 问题：可通过 GitHub Issues 提交 bug、功能请求或设计讨论\n- 钉钉：加入 [OpenSandbox 技术讨论群](https:\u002F\u002Fqr.dingtalk.com\u002Faction\u002Fjoingroup?code=v1,k1,A4Bgl5q1I1eNU\u002Fr33D18YFNrMY108aFF38V+r19RJOM=&_dt_no_comment=1&origin=11)\n## 星标历史\n\n[![星标历史图表](https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Falibaba_OpenSandbox_readme_e00c1ab3c7e2.png)](https:\u002F\u002Fwww.star-history.com\u002F#alibaba\u002FOpenSandbox&type=date&legend=top-left)","# OpenSandbox 快速上手指南\n\nOpenSandbox 是一个面向 AI 应用的通用沙箱平台，支持 Docker 和 Kubernetes 运行时，适用于代码执行、Agent 评估、浏览器自动化及强化学习训练等场景。\n\n## 环境准备\n\n在开始之前，请确保您的开发环境满足以下要求：\n\n*   **操作系统**：Linux, macOS 或 Windows (WSL2 推荐)\n*   **容器运行时**：必须安装 **Docker** (用于本地执行)\n*   **编程语言**：推荐安装 **Python 3.10+** (用于运行示例和本地服务)\n*   **包管理工具**：推荐安装 `uv` 或 `pip` 以加速依赖安装\n\n## 安装步骤\n\n### 1. 初始化并启动 Sandbox 服务器\n\n使用 `uv` (推荐) 或 `pip` 快速初始化配置并启动本地服务器。以下命令将生成一个基于 Docker 的示例配置文件并启动服务：\n\n```bash\n# 初始化配置 (生成 ~\u002F.sandbox.toml)\nuvx opensandbox-server init-config ~\u002F.sandbox.toml --example docker\n\n# 启动服务器\nuvx opensandbox-server\n```\n\n> **提示**：若未安装 `uv`，可使用 `pip install uv` 或直接使用 `pip install opensandbox-server`。\n\n### 2. 安装客户端 SDK\n\n根据您的需求选择对应的语言 SDK。以下是 Python 环境的安装命令：\n\n```bash\n# 安装核心 SDK\npip install opensandbox\n\n# 安装代码解释器专用 SDK (用于执行代码示例)\npip install opensandbox-code-interpreter\n```\n\n其他语言安装参考：\n*   **Node.js**: `npm install @alibaba-group\u002Fopensandbox`\n*   **Go**: `go get github.com\u002Falibaba\u002FOpenSandbox\u002Fsdks\u002Fsandbox\u002Fgo`\n*   **.NET**: `dotnet add package Alibaba.OpenSandbox`\n\n## 基本使用\n\n以下是一个完整的 Python 示例，演示如何创建一个沙箱、执行 Shell 命令、读写文件以及运行 Python 代码。\n\n创建文件 `main.py` 并填入以下内容：\n\n```python\nimport asyncio\nfrom datetime import timedelta\n\nfrom code_interpreter import CodeInterpreter, SupportedLanguage\nfrom opensandbox import Sandbox\nfrom opensandbox.models import WriteEntry\n\nasync def main() -> None:\n    # 1. 创建沙箱\n    # 使用官方提供的 code-interpreter 镜像\n    sandbox = await Sandbox.create(\n        \"opensandbox\u002Fcode-interpreter:v1.0.2\",\n        entrypoint=[\"\u002Fopt\u002Fopensandbox\u002Fcode-interpreter.sh\"],\n        env={\"PYTHON_VERSION\": \"3.11\"},\n        timeout=timedelta(minutes=10),\n    )\n\n    async with sandbox:\n        # 2. 执行 Shell 命令\n        execution = await sandbox.commands.run(\"echo 'Hello OpenSandbox!'\")\n        print(execution.logs.stdout[0].text)\n\n        # 3. 写入文件\n        await sandbox.files.write_files([\n            WriteEntry(path=\"\u002Ftmp\u002Fhello.txt\", data=\"Hello World\", mode=644)\n        ])\n\n        # 4. 读取文件\n        content = await sandbox.files.read_file(\"\u002Ftmp\u002Fhello.txt\")\n        print(f\"File Content: {content}\")\n\n        # 5. 创建代码解释器\n        interpreter = await CodeInterpreter.create(sandbox)\n\n        # 6. 执行 Python 代码\n        result = await interpreter.codes.run(\n              \"\"\"\n                  import sys\n                  print(sys.version)\n                  result = 2 + 2\n                  result\n              \"\"\",\n              language=SupportedLanguage.PYTHON,\n        )\n\n        print(f\"Code Result: {result.result[0].text}\") \n        print(f\"Stdout Logs: {result.logs.stdout[0].text}\")\n\n    # 7. 清理沙箱资源\n    await sandbox.kill()\n\nif __name__ == \"__main__\":\n    asyncio.run(main())\n```\n\n运行脚本：\n\n```bash\npython main.py\n```\n\n**预期输出：**\n您将看到 Shell 命令的回显、文件内容 \"Hello World\"，以及 Python 代码的执行结果（版本号及计算结果 4）。\n\n---\n\n### 进阶：使用命令行工具 (CLI)\n\n如果您不想编写代码，也可以使用 `osb` 命令行工具直接操作沙箱：\n\n```bash\n# 安装 CLI\npip install opensandbox-cli\n\n# 配置连接信息\nosb config init\nosb config set connection.domain localhost:8080\nosb config set connection.protocol http\n\n# 创建沙箱并执行命令\nSANDBOX_ID=$(osb sandbox create --image python:3.12 --timeout 30m -o json | jq -r '.id')\nosb command run $SANDBOX_ID -o raw -- python -c \"print(1 + 1)\"\n```","某大型金融科技公司的 AI 研发团队正在构建一个能自动分析代码漏洞并生成修复方案的“安全编码助手”，该助手需要执行用户提交的未知代码片段。\n\n### 没有 OpenSandbox 时\n- **安全风险极高**：直接在宿主机或普通容器中运行用户上传的恶意代码，极易导致服务器被入侵、数据泄露甚至内网被渗透。\n- **环境隔离困难**：为不同编程语言（Python, Java, Go）维护独立的运行环境成本高昂，且难以防止进程间的资源争抢和干扰。\n- **网络管控缺失**：缺乏细粒度的出站流量控制，恶意代码可轻易连接外部命令与控制服务器（C2），造成数据外传。\n- **扩展性差**：面对高并发代码执行请求时，现有方案无法利用 Kubernetes 进行大规模分布式调度，导致任务排队严重。\n\n### 使用 OpenSandbox 后\n- **强隔离保障安全**：通过集成 gVisor 或 Kata Containers 等安全容器运行时，将每个代码执行任务限制在微虚拟机中，彻底阻断对宿主机的攻击路径。\n- **统一多语言支持**：利用内置的多语言 SDK 和预置环境（如 Code Interpreter），一键拉起 Python、Java 等多种语言的沙箱，无需重复造轮子。\n- **精细化网络策略**：借助统一的 Ingress Gateway 和每沙箱级别的 Egress 控制，仅允许必要的依赖下载流量，严格禁止异常外联。\n- **弹性大规模调度**：基于原生 Kubernetes 运行时，轻松实现从本地开发到云端千级并发任务的无缝扩展，显著降低任务延迟。\n\nOpenSandbox 通过提供企业级的安全隔离与弹性调度能力，让 AI 代理在执行不可信代码时既快又稳，彻底消除了自动化编程场景下的安全后顾之忧。","https:\u002F\u002Foss.gittoolsai.com\u002Fimages\u002Falibaba_OpenSandbox_421a31ed.png","alibaba","Alibaba","https:\u002F\u002Foss.gittoolsai.com\u002Favatars\u002Falibaba_f65f7221.png","Alibaba Open Source",null,"https:\u002F\u002Fopensource.alibaba.com\u002F","https:\u002F\u002Fgithub.com\u002Falibaba",[82,86,90,94,98,102,106,110,114,117],{"name":83,"color":84,"percentage":85},"Python","#3572A5",44.2,{"name":87,"color":88,"percentage":89},"Go","#00ADD8",27.7,{"name":91,"color":92,"percentage":93},"Kotlin","#A97BFF",7.6,{"name":95,"color":96,"percentage":97},"C#","#178600",7.1,{"name":99,"color":100,"percentage":101},"TypeScript","#3178c6",5.3,{"name":103,"color":104,"percentage":105},"Java","#b07219",3.6,{"name":107,"color":108,"percentage":109},"Shell","#89e051",2.7,{"name":111,"color":112,"percentage":113},"JavaScript","#f1e05a",0.6,{"name":115,"color":116,"percentage":113},"Makefile","#427819",{"name":118,"color":119,"percentage":120},"Dockerfile","#384d54",0.2,10090,783,"2026-04-19T05:11:50","Apache-2.0","Linux, macOS, Windows","未说明",{"notes":128,"python":129,"dependencies":130},"本地运行必须安装 Docker；若需大规模分布式调度可配置 Kubernetes 运行时。支持多种安全容器运行时（如 gVisor, Kata Containers, Firecracker）以增强隔离性。提供多语言 SDK（Python, Java\u002FKotlin, JS\u002FTS, C#, Go）及 CLI 工具。示例代码涵盖代码解释器、Agent 集成、浏览器自动化及强化学习训练等场景。","3.10+",[131,132,133,134,135,136,137],"Docker","Kubernetes (可选)","opensandbox","opensandbox-cli","opensandbox-code-interpreter","opensandbox-mcp","FastAPI (服务端依赖)",[14,13,15],[140,141,142,143,144],"ai","ai-infra","kubernetes","sandbox","ai-agent","2026-03-27T02:49:30.150509","2026-04-20T04:05:08.494392",[148,153,158,163,168,172],{"id":149,"question_zh":150,"answer_zh":151,"source_url":152},43213,"运行 Code Interpreter 示例时遇到 'TypeError: NoneType object is not iterable' 报错怎么办？","该问题是由 `opensandbox-server` 0.1.8 版本的生命周期响应兼容性回归引起的。在该版本中，某些未设置的可选字段（如 metadata）被序列化为 JSON `null`，导致旧版 Python SDK 反序列化失败。\n解决方案：\n1. 避免使用 `opensandbox-server` 0.1.8 版本。\n2. 升级到 `opensandbox-server` 0.1.9 或更高版本，该版本已修复此问题，不再返回显式的 `null` 值。\n3. 如果无法立即升级服务器，请确保客户端 SDK 也更新到兼容版本。","https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fissues\u002F550",{"id":154,"question_zh":155,"answer_zh":156,"source_url":157},43214,"在 Kubernetes 环境下调用 SDK 创建沙箱失败，日志显示 'Creation failed' 或超时，特别是使用私有镜像时如何解决？","这是因为 K8s 运行时目前尚未支持将请求中的 `image.auth` 参数自动转换为 Pod 的 `imagePullSecrets`，导致 kubelet 无法拉取私有仓库镜像。\n临时解决方案：\n1. 在 K8s 命名空间中预先创建一个类型为 `kubernetes.io\u002Fdockerconfigjson` 的 Secret，包含私有仓库凭证。\n2. 在 Sandbox CR 模板 YAML 配置（`template_file`）中引用该 Secret。\n这样所有基于该模板创建的沙箱 Pod 都会自动携带拉取凭证，无需在每个请求中传递 auth 信息。","https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fissues\u002F328",{"id":159,"question_zh":160,"answer_zh":161,"source_url":162},43215,"容器内进程报错 'Assertion failed: uv_thread_create' 或 'RuntimeError: can't start new thread' 是什么原因？","这通常是因为容器内的进程数限制（PID limits）过低，导致无法创建新线程或进程。\n解决方案：\n1. 升级 `opensandbox-server` 到最新版本（如 0.1.6+），新版本已将默认的 `pid_limits` 提升至 4096。\n2. 如果使用的是较旧版本或自定义配置，请在服务器配置文件（sandbox.toml）或启动参数中手动增加 `pid_limits` 的值。\n3. 确保宿主机的 Docker 版本较新（建议 Docker 28.5.1+），以支持正确的资源限制传递。","https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fissues\u002F493",{"id":164,"question_zh":165,"answer_zh":166,"source_url":167},43216,"Java\u002FKotlin SDK 连接沙箱时报错，但服务器端口正常，可能是什么原因？","如果服务器端口可通但 SDK 报错，通常是 SDK 运行环境与沙箱容器端点之间的网络连接问题，或者健康检查（health check）请求未能到达沙箱容器。\n排查步骤：\n1. 检查沙箱容器的日志，确认是否收到了来自 SDK 的健康检查 HTTP 请求。\n2. 调试 SDK 端的网络调用，确认是否存在防火墙、代理或网络策略阻止了 SDK 与沙箱内部端点的通信。\n3. 尝试升级 Docker 版本或调整网络配置，确保容器网络互通。","https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fissues\u002F447",{"id":169,"question_zh":170,"answer_zh":171,"source_url":157},43217,"C# SDK 调用时遇到类似 K8s 镜像拉取失败的问题，是否与语言无关？","是的，该问题与编程语言无关，而是 OpenSandbox 在 Kubernetes 模式下处理私有镜像认证的通用机制问题。目前 K8s Provider 忽略了请求中的 `image.auth` 字段。\n无论使用 C#、Java 还是其他语言 SDK，只要底层是 K8s 环境且使用私有镜像，都需要采用相同的变通方案：预先在 K8s 集群中配置好 `imagePullSecrets` 并在沙箱模板中引用，而不是依赖 SDK 传入的账号密码参数。",{"id":173,"question_zh":174,"answer_zh":175,"source_url":162},43218,"如何确认当前遇到的线程创建失败问题是否已被官方修复？","可以查看相关的 Issue 讨论（如 #496 和 #508）。维护者已在后续版本中增加了默认的 PID 限制（至 4096）来解决此类问题。\n验证方法：\n1. 检查当前安装的 `opensandbox-server` 版本号。\n2. 查阅 Release Notes，确认是否包含 'increased default pid_limits' 相关的修复记录。\n3. 如果版本较低，请直接升级到最新版；如果已是最新版仍报错，请检查宿主机的系统级 ulimit 设置是否覆盖了容器配置。",[177,182,187,192,197,202,207,212,217,222,227,232,237,242,247,251,256,260,265,270],{"id":178,"version":179,"summary_zh":180,"released_at":181},342891,"server\u002Fv0.1.11","## 新增内容\n\n### ✨ 功能\n- 在创建沙箱时自动创建 PVC\u002FDocker 卷 (#661)\n\n### 🐛 修复的 bug\n- 修复元数据错误信息不正确的问题 (#703)\n- 使用 `[log].level` 替代 `[server].log_level` (#737)\n- 放宽 URI 路由模式下的入口网关地址验证 (#740)\n\n### 📦 其他\n- 简化示例配置 (#741)\n- 重构大型文件 kubernetes_service.py (#694)\n- 添加 Dockerfile.dockerignore 以减少构建上下文 (#718)\n- 杂项（开发依赖）：将 \u002Fserver 中的 pytest 从 9.0.1 升级到 9.0.3 (#716)\n- 删除 server\u002Ftests 下的无用注释 (#693)\n\n## 👥 贡献者\n\n感谢以下贡献者 ❤️\n\n- @PremPrakashCodes \n- @Pangjiping\n- @xfgong\n- @dependabot\n\n---\n- PyPI: opensandbox-server==0.1.11\n- Docker Hub: opensandbox\u002Fserver:v0.1.11\n- 阿里云镜像仓库: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fserver:v0.1.11","2026-04-19T02:30:16",{"id":183,"version":184,"summary_zh":185,"released_at":186},342892,"docker\u002Fegress\u002Fv1.0.8","## 新增内容\n\n### ✨ 功能\n- [beta] 内置 mitmproxy 支持 (#615)\n- 每分钟通过 mtime\u002F大小检查重新加载 deny.always 和 allow.always，将文件删除视为移除规则，并将更新同时应用于 DNS 评估和 nft 静态策略 (#698)\n\n### 🐛 修复的 bug\n- 放宽 DNS 上游故障转移，并将动态 nftables 日志级别调整为调试模式 (#739)\n\n### 📦 其他\n- 添加 Dockerfile.dockerignore 以减少构建上下文 (#718)\n\n## 👥 贡献者\n\n感谢以下贡献者 ❤️\n\n- @Pangjiping\n\n---\n- Docker Hub: opensandbox\u002Fegress:v1.0.8\n- 阿里云镜像仓库: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fegress:v1.0.8","2026-04-17T10:20:20",{"id":188,"version":189,"summary_zh":190,"released_at":191},342893,"docker\u002Fexecd\u002Fv1.0.12","## 新增内容\n\n### ✨ 功能\n- 如果设置了 `OPENSANDBOX_EGRESS_MITMPROXY_TRANSPARENT`，则信任 MITM 代理 (#630)\n\n### 🐛 Bug 修复\n- 规范化命令启动错误的堆栈跟踪 (#701)\n- 解决了 `execd` 无法处理类似 `$HOME\u002Fabc`、`~\u002Fabc` 或 `$MY_WORKSPACE\u002Fabc` 的文件路径的问题 (#726)\n\n### 📦 其他\n- 优化 Makefile 以支持多构建发布 (#695)\n- 添加 `Dockerfile.dockerignore` 以减少构建上下文 (#718)\n\n## 👥 贡献者\n\n感谢以下贡献者 ❤️\n\n- @Pangjiping\n- @Aboysky\n\n---\n- Docker Hub: opensandbox\u002Fexecd:v1.0.12\n- 阿里云镜像仓库: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fexecd:v1.0.12","2026-04-16T06:36:18",{"id":193,"version":194,"summary_zh":195,"released_at":196},342894,"java\u002Fcode-interpreter\u002Fv1.0.9","## 新增内容\n### 📦 其他\n* 更新 open-sandbox 依赖版本至 1.0.9","2026-04-14T06:22:14",{"id":198,"version":199,"summary_zh":200,"released_at":201},342895,"java\u002Fsandbox\u002Fv1.0.9","## 变更内容\n\n### 🐛 Bug 修复\n* 修复内存存储中的释放空闲 TTL 问题，由 @ninan-nn 在 https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F708 中完成\n\n## 👥 贡献者\n感谢以下贡献者 ❤️\n\n@ninan-nn","2026-04-14T03:25:55",{"id":203,"version":204,"summary_zh":205,"released_at":206},342896,"cli\u002Fv0.1.0","## 新增内容  \n恭喜 CLI 的第一个版本正式发布！🎉","2026-04-14T02:39:11",{"id":208,"version":209,"summary_zh":210,"released_at":211},342897,"sdks\u002Fsandbox\u002Fgo\u002Fv1.0.0","## 新增内容\n\nGo SDK 首次发布。🎉🎉\n\n### ✨ 功能\n- 基于 oapi-codegen 的 Go SDK，支持 Lifecycle、Execd 和 Egress API (#597)\n- 将 sdks\u002Fgo 版本降级至 1.20 (#707)\n\n### 🐛 Bug 修复\n- 修复 SDK 中的 bug，并简化 init 包结构 (#683)\n\n## 👥 贡献者\n\n感谢以下贡献者 ❤️\n\n- @AlexandrePh\n- @Pangjiping\n\n---\n```bash\ngo get github.com\u002Falibaba\u002FOpenSandbox\u002Fsdks\u002Fsandbox\u002Fgo@v1.0.0\n```","2026-04-13T09:01:49",{"id":213,"version":214,"summary_zh":215,"released_at":216},342898,"java\u002Fsandbox\u002Fv1.0.8","## 变更内容\n\n### 🐛 Bug 修复\n* 修复沙箱池中释放所有空闲资源的问题，由 @ninan-nn 在 https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F679 中完成\n\n## 👥 贡献者\n感谢以下贡献者 ❤️\n\n@ninan-nn ","2026-04-13T02:54:34",{"id":218,"version":219,"summary_zh":220,"released_at":221},342899,"docker\u002Fexecd\u002Fv1.0.11","## 新增内容\n\n### 🐛 错误修复\n- 修复 `ListAllContexts` 和 `LanguageSessions` 中的上下文条目重复问题 (#619)\n- 将 Jupyter 轮询间隔的默认值增大至 100 毫秒 (#650)\n- 验证 `request.cwd` 并返回 400 错误 (#656)\n- 将令牌注入绑定到白名单主机\u002F协议（例如，在设置 Authorization 之前，先比较 `req.URL.Host` 与预期的 Jupyter 端点），并且\u002F或者禁用此客户端的重定向功能（`CheckRedirect`），除非明确安全 (#680)\n\n### 📦 其他\n- 在 `\u002Fcomponents\u002Finternal` 中将 `google.golang.org\u002Fgrpc` 从 1.79.2 升级至 1.79.3 (#652)\n- 将 `safego` 提取到内部通用包中，并使用 `safego` 包装执行中的 goroutine (#670)\n\n## 👥 贡献者\n\n感谢以下贡献者 ❤️\n\n- @ZYecho11 \n- @Pangjiping \n- @dependabot\n- @tomaioo \n\n---\n- Docker Hub: opensandbox\u002Fexecd:v1.0.11\n- 阿里云镜像仓库: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fexecd:v1.0.11","2026-04-12T06:40:31",{"id":223,"version":224,"summary_zh":225,"released_at":226},342900,"docker\u002Fegress\u002Fv1.0.7","## 新增内容\n\n### ✨ 功能\n- 上游健康检查、活跃列表、可配置的检查名称 (#655)\n- 为出口服务添加优雅关闭，并在出口服务关闭时回滚所有网络命名空间 (#654)\n\n### 📦 其他\n- 将 safego 提取到内部通用包中，并使用 safego 包装出口服务的 goroutine (#670)\n\n## 👥 贡献者\n\n感谢以下贡献者 ❤️\n\n- @Pangjiping\n\n---\n- Docker Hub: opensandbox\u002Fegress:v1.0.7\n- 阿里云镜像仓库: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fegress:v1.0.7","2026-04-10T11:01:36",{"id":228,"version":229,"summary_zh":230,"released_at":231},342901,"server\u002Fv0.1.10","## What's New\r\n\r\n### ✨ Features\r\n- add a file logger configuration to write both server logs and access logs to files (#674)\r\n- expose uvicorn `timeout_keep_alive` in configuration (#667)\r\n- introduce an optional platform object in the sandbox lifecycle spec and treat it as a scheduling\u002Fruntime constraint rather than as part of image (#645)\r\n- refactoring the server package layout to use opensandbox_server as the only published Python package (#558)\r\n\r\n### 🐛 Bug Fixes\r\n- align `Host.path` validation with spec across runtimes (#643)\r\n- normalize `create_sandbox` responses to return `Running` once the create wait gate has already accepted a BatchSandbox workload as usable (#642)\r\n- extract ipv6 disable for egress init (#605)\r\n- remove legacy example config and fix Dockerfile (#575)\r\n\r\n### 📦 Misc\r\n- bump pygments from 2.19.2 to 2.20.0 in \u002Fserver (#662)\r\n- bump requests from 2.32.5 to 2.33.0 in \u002Fserver (#592)\r\n- simply README struct (#567)\r\n\r\n## 👥 Contributors\r\n\r\nThanks to these contributors ❤️\r\n\r\n- @Generalwin \r\n- @Pangjiping\r\n- @ninan-nn\r\n- @hittyt \r\n- @Gujiassh \r\n- @dependabot\r\n\r\n---\r\n- PyPI: opensandbox-server==0.1.10\r\n- Docker Hub: opensandbox\u002Fserver:v0.1.10\r\n- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fserver:v0.1.10","2026-04-10T10:54:20",{"id":233,"version":234,"summary_zh":235,"released_at":236},342902,"java\u002Fcode-interpreter\u002Fv1.0.7","## What's New\r\n### 📦 Misc\r\n* update open-sandbox dependency version 1.0.7","2026-04-07T06:52:21",{"id":238,"version":239,"summary_zh":240,"released_at":241},342903,"python\u002Fsandbox\u002Fv0.1.7","## What's New\r\n### ✨ Features\r\n* refactor run in session timeout by @ninan-nn in https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F641\r\n\r\n### 🐛 Bug Fixes\r\n* accept Windows drive-letter paths in Host.path validation by @FallingSnowFlake in https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F632\r\n\r\n## 👥 Contributors\r\nThanks to these contributors ❤️\r\n\r\n@ninan-nn \r\n@FallingSnowFlake ","2026-04-07T06:35:24",{"id":243,"version":244,"summary_zh":245,"released_at":246},342904,"csharp\u002Fsandbox\u002Fv0.1.1","## What's New\r\n### ✨ Features\r\n* refactor run in session timeout by @ninan-nn in https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F641\r\n\r\n### 🐛 Bug Fixes\r\n* align Host.path validation with spec across runtimes by @hittyt in https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F643\r\n\r\n## 👥 Contributors\r\nThanks to these contributors ❤️\r\n\r\n@ninan-nn \r\n@hittyt ","2026-04-07T06:31:37",{"id":248,"version":249,"summary_zh":245,"released_at":250},342905,"js\u002Fsandbox\u002Fv0.1.6","2026-04-07T06:30:47",{"id":252,"version":253,"summary_zh":254,"released_at":255},342906,"docker\u002Fegress\u002Fv1.0.6","## What's New\r\n\r\n### ✨ Features\r\n- add `OPENSANDBOX_EGRESS_DNS_UPSTREAM` so resolvers are not taken only from \u002Fetc\u002Fresolv.conf. (#633)\r\n\r\n## 👥 Contributors\r\n\r\nThanks to these contributors ❤️\r\n\r\n- @Pangjiping\r\n\r\n---\r\n- Docker Hub: opensandbox\u002Fegress:v1.0.6\r\n- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fegress:v1.0.6","2026-04-07T06:24:23",{"id":257,"version":258,"summary_zh":245,"released_at":259},342907,"java\u002Fsandbox\u002Fv1.0.7","2026-04-07T06:10:38",{"id":261,"version":262,"summary_zh":263,"released_at":264},342908,"java\u002Fsandbox\u002Fv1.0.6","> [!WARNING]\n> `runInSession` was newly introduced in this release, but its current timeout parameter design has an issue.\n> We plan to adjust it in a future SDK release.\n> If possible, avoid relying on this timeout parameter for now.\n\n## What's New\n\n### ✨ Features\n* Enhance sandbox pool functions by @ninan-nn in https:\u002F\u002Fgithub.com\u002Falibaba\u002FOpenSandbox\u002Fpull\u002F617\n\n## 👥 Contributors\n\nThanks to these contributors ❤️\n\n* @ninan-nn\n","2026-04-03T03:56:34",{"id":266,"version":267,"summary_zh":268,"released_at":269},342909,"docker\u002Fingress\u002Fv1.0.6","## What's New\r\n\r\n### ✨ Features\r\n- add kubernetes system test with ingress-gateway (#611)\r\n\r\n### 🐛 Bug Fixes\r\n- relax WebSocket CheckOrigin for trusted reverse proxy (#574)\r\n\r\n## 👥 Contributors\r\n\r\nThanks to these contributors ❤️\r\n\r\n- @Pangjiping\r\n\r\n---\r\n- Docker Hub: opensandbox\u002Fingress:v1.0.6\r\n- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fingress:v1.0.6","2026-04-02T14:00:28",{"id":271,"version":272,"summary_zh":273,"released_at":274},342910,"docker\u002Fexecd\u002Fv1.0.10","## What's New\r\n\r\n### ✨ Features\r\n- tune jupyter idle polling and sse completion wait (#577)\r\n- add websocket PTY support (#590) (#608)\r\n- add EXECD_CLONE3_COMPAT seccomp-based clone3 fallback (#518)\r\n\r\n## 👥 Contributors\r\n\r\nThanks to these contributors ❤️\r\n\r\n- @skyler0513 \r\n- @ctlaltlaltc \r\n- @Pangjiping \r\n\r\n---\r\n- Docker Hub: opensandbox\u002Fexecd:v1.0.10\r\n- Aliyun Registry: sandbox-registry.cn-zhangjiakou.cr.aliyuncs.com\u002Fopensandbox\u002Fexecd:v1.0.10","2026-04-02T13:57:36"]