BoxLite Love AI agent – SQLite for VMs: embeddable AI agent sandboxing

1•dorianzheng•1mo ago

Comments

dorianzheng•1mo ago

  The problem:

  AI agents are most useful when they have freedom—freedom to write code, install packages, run scripts, explore solutions. But that freedom is dangerous. One hallucinated rm -rf / or a malicious package install, and your host system pays the price.

  So we restrict them. Limit file access. Disable network. Whitelist commands. The agent becomes safer but also dumber—unable to iterate, experiment, or recover from mistakes like a human developer would.

  I wanted to give AI agents a full computer they could break without breaking mine.

  Why not existing tools?

  When I started sandboxing AI-generated code, nothing quite fit:

  - Docker shares the host kernel—container escapes are a real attack surface, and that makes me nervous
  - QEMU/libvirt is powerful but heavyweight—XML configs, daemon processes, steep learning curve
  - Cloud sandboxes (E2B, Modal, etc.) work, but you're locked into their platform with limited customization
  - Kata Containers is designed for Kubernetes orchestration, not for embedding in a Python script

  The SQLite idea:

  I've been thinking about why SQLite works so well. Before SQLite, databases meant running a server—PostgreSQL, MySQL, managing daemons, configuring connections. SQLite asked: what if it was just a library? No server. Just import sqlite3.

  I wanted the same thing for VMs.

  So I started building BoxLite—an attempt to make VMs embeddable like SQLite. A library call that gives you a real micro-VM with its own kernel. No daemon. No root.

  import asyncio
  import boxlite

  async def main():
      async with boxlite.SimpleBox(image="python:slim") as box:
          result = await box.exec("python", "-c", "print('Hello from VM!')")
          print(result.stdout)

  asyncio.run(main())

  To be clear: this is early.

  It works on macOS Apple Silicon and Linux. You can pull OCI images, mount volumes, forward ports. There are some higher-level abstractions (BrowserBox for Playwright, ComputerBox for desktop automation).

  But there are bugs. Boot time is 200ms for hot runs (I want it under 100ms). Documentation is thin. Error messages could be better. macOS Intel and Windows aren't supported. I haven't battle-tested it at scale.

  I'm sharing it now because I'd rather build this with feedback than in isolation.

  What I'd love to hear:
  - Does the SQLite-for-VMs idea make sense, or am I stretching the analogy?
  - What would you actually use this for?
  - What's broken or confusing when you try it?

  GitHub: https://github.com/boxlite-labs/boxlite
  PyPI: https://pypi.org/project/boxlite/

I squeezed a BERT sentiment analyzer into 1GB RAM on a $5 VPS

Kagi Translate

Building Interactive C/C++ workflows in Jupyter through Clang-REPL [video]

Tactical tornado is the new default

Full-Circle Test-Driven Firmware Development with OpenClaw

Automating Myself Out of My Job – Part 2

Google staff call for firm to cut ties with ICE

Dependency Resolution Methods

Crypto firm apologises for sending Bitcoin users $40B by mistake

Show HN: iPlotCSV: CSV Data, Visualized Beautifully for Free

There's no such thing as "tech" (Ten years later)

List of unproven and disproven cancer treatments

Me/CFS: The blind spot in proactive medicine (Open Letter)

Ask HN: What are the word games do you play everyday?

Show HN: Paper Arena – A social trading feed where only AI agents can post

TOSTracker – The AI Training Asymmetry

The Devil Inside GitHub

Show HN: Distill – Migrate LLM agents from expensive to cheap models

Show HN: Sigma Runtime – Maintaining 100% Fact Integrity over 120 LLM Cycles

Make a local open-source AI chatbot with access to Fedora documentation

Introduce the Vouch/Denouncement Contribution Model by Mitchellh

Software Factories and the Agentic Moment

The Neuroscience Behind Nutrition for Developers and Founders

Bang bang he murdered math {the musical } (2024)

A Night Without the Nerds – Claude Opus 4.6, Field-Tested

Could ionospheric disturbances influence earthquakes?

SpaceX's next astronaut launch for NASA is officially on for Feb. 11 as FAA clea

Show HN: One-click AI employee with its own cloud desktop

Show HN: Poddley – Search podcasts by who's speaking

Same Surface, Different Weight

BoxLite Love AI agent – SQLite for VMs: embeddable AI agent sandboxing

Comments

I squeezed a BERT sentiment analyzer into 1GB RAM on a $5 VPS

Kagi Translate

Building Interactive C/C++ workflows in Jupyter through Clang-REPL [video]

Tactical tornado is the new default

Full-Circle Test-Driven Firmware Development with OpenClaw

Automating Myself Out of My Job – Part 2

Google staff call for firm to cut ties with ICE

Dependency Resolution Methods

Crypto firm apologises for sending Bitcoin users $40B by mistake

Show HN: iPlotCSV: CSV Data, Visualized Beautifully for Free

There's no such thing as "tech" (Ten years later)

List of unproven and disproven cancer treatments

Me/CFS: The blind spot in proactive medicine (Open Letter)

Ask HN: What are the word games do you play everyday?

Show HN: Paper Arena – A social trading feed where only AI agents can post

TOSTracker – The AI Training Asymmetry

The Devil Inside GitHub

Show HN: Distill – Migrate LLM agents from expensive to cheap models

Show HN: Sigma Runtime – Maintaining 100% Fact Integrity over 120 LLM Cycles

Make a local open-source AI chatbot with access to Fedora documentation

Introduce the Vouch/Denouncement Contribution Model by Mitchellh

Software Factories and the Agentic Moment

The Neuroscience Behind Nutrition for Developers and Founders

Bang bang he murdered math {the musical } (2024)

A Night Without the Nerds – Claude Opus 4.6, Field-Tested

Could ionospheric disturbances influence earthquakes?

SpaceX's next astronaut launch for NASA is officially on for Feb. 11 as FAA clea

Show HN: One-click AI employee with its own cloud desktop

Show HN: Poddley – Search podcasts by who's speaking

Same Surface, Different Weight