BoxLite Love AI agent – SQLite for VMs: embeddable AI agent sandboxing

1•dorianzheng•1mo ago

Comments

dorianzheng•1mo ago

  The problem:

  AI agents are most useful when they have freedom—freedom to write code, install packages, run scripts, explore solutions. But that freedom is dangerous. One hallucinated rm -rf / or a malicious package install, and your host system pays the price.

  So we restrict them. Limit file access. Disable network. Whitelist commands. The agent becomes safer but also dumber—unable to iterate, experiment, or recover from mistakes like a human developer would.

  I wanted to give AI agents a full computer they could break without breaking mine.

  Why not existing tools?

  When I started sandboxing AI-generated code, nothing quite fit:

  - Docker shares the host kernel—container escapes are a real attack surface, and that makes me nervous
  - QEMU/libvirt is powerful but heavyweight—XML configs, daemon processes, steep learning curve
  - Cloud sandboxes (E2B, Modal, etc.) work, but you're locked into their platform with limited customization
  - Kata Containers is designed for Kubernetes orchestration, not for embedding in a Python script

  The SQLite idea:

  I've been thinking about why SQLite works so well. Before SQLite, databases meant running a server—PostgreSQL, MySQL, managing daemons, configuring connections. SQLite asked: what if it was just a library? No server. Just import sqlite3.

  I wanted the same thing for VMs.

  So I started building BoxLite—an attempt to make VMs embeddable like SQLite. A library call that gives you a real micro-VM with its own kernel. No daemon. No root.

  import asyncio
  import boxlite

  async def main():
      async with boxlite.SimpleBox(image="python:slim") as box:
          result = await box.exec("python", "-c", "print('Hello from VM!')")
          print(result.stdout)

  asyncio.run(main())

  To be clear: this is early.

  It works on macOS Apple Silicon and Linux. You can pull OCI images, mount volumes, forward ports. There are some higher-level abstractions (BrowserBox for Playwright, ComputerBox for desktop automation).

  But there are bugs. Boot time is 200ms for hot runs (I want it under 100ms). Documentation is thin. Error messages could be better. macOS Intel and Windows aren't supported. I haven't battle-tested it at scale.

  I'm sharing it now because I'd rather build this with feedback than in isolation.

  What I'd love to hear:
  - Does the SQLite-for-VMs idea make sense, or am I stretching the analogy?
  - What would you actually use this for?
  - What's broken or confusing when you try it?

  GitHub: https://github.com/boxlite-labs/boxlite
  PyPI: https://pypi.org/project/boxlite/

Show HN: Engineering Perception with Combinatorial Memetics

Show HN: Steam Daily – A Wordle-like daily puzzle game for Steam fans

The Anthropic Hive Mind

Just Started Using AmpCode

LLM as an Engineer vs. a Founder?

Crosstalk inside cells helps pathogens evade drugs, study finds

Show HN: Design system generator (mood to CSS in <1 second)

Show HN: 26/02/26 – 5 songs in a day

Toroidal Logit Bias – Reduce LLM hallucinations 40% with no fine-tuning

Top AI models fail at >96% of tasks

The Science of the Perfect Second (2023)

Bob Beck (OpenBSD) on why vi should stay vi (2006)

Show HN: a glimpse into the future of eye tracking for multi-agent use

The Optima-l Situation: A deep dive into the classic humanist sans-serif

Barn Owls Know When to Wait

Implementing TCP Echo Server in Rust [video]

LicGen – Offline License Generator (CLI and Web UI)

Service Degradation in West US Region

The Janitor on Mars

Bringing Polars to .NET

Adventures in Guix Packaging

Show HN: We had 20 Claude terminals open, so we built Orcha

Your Best Thinking Is Wasted on the Wrong Decisions

Warcraftcn/UI – UI component library inspired by classic Warcraft III aesthetics

Trump Vodka Becomes Available for Pre-Orders

Velocity of Money

Stop building automations. Start running your business

You can't QA your way to the frontier

Show HN: PalettePoint – AI color palette generator from text or images

Robust and Interactable World Models in Computer Vision [video]

Show HN: Engineering Perception with Combinatorial Memetics

Show HN: Steam Daily – A Wordle-like daily puzzle game for Steam fans

The Anthropic Hive Mind

Just Started Using AmpCode

LLM as an Engineer vs. a Founder?

Crosstalk inside cells helps pathogens evade drugs, study finds

Show HN: Design system generator (mood to CSS in <1 second)

Show HN: 26/02/26 – 5 songs in a day

Toroidal Logit Bias – Reduce LLM hallucinations 40% with no fine-tuning

Top AI models fail at >96% of tasks

The Science of the Perfect Second (2023)

Bob Beck (OpenBSD) on why vi should stay vi (2006)

Show HN: a glimpse into the future of eye tracking for multi-agent use

The Optima-l Situation: A deep dive into the classic humanist sans-serif

Barn Owls Know When to Wait

Implementing TCP Echo Server in Rust [video]

LicGen – Offline License Generator (CLI and Web UI)

Service Degradation in West US Region

The Janitor on Mars

Bringing Polars to .NET

Adventures in Guix Packaging

Show HN: We had 20 Claude terminals open, so we built Orcha

Your Best Thinking Is Wasted on the Wrong Decisions

Warcraftcn/UI – UI component library inspired by classic Warcraft III aesthetics

Trump Vodka Becomes Available for Pre-Orders

Velocity of Money

Stop building automations. Start running your business

You can't QA your way to the frontier

Show HN: PalettePoint – AI color palette generator from text or images

Robust and Interactable World Models in Computer Vision [video]

BoxLite Love AI agent – SQLite for VMs: embeddable AI agent sandboxing

Comments