BoxLite Love AI agent – SQLite for VMs: embeddable AI agent sandboxing

1•dorianzheng•1mo ago

Comments

dorianzheng•1mo ago

  The problem:

  AI agents are most useful when they have freedom—freedom to write code, install packages, run scripts, explore solutions. But that freedom is dangerous. One hallucinated rm -rf / or a malicious package install, and your host system pays the price.

  So we restrict them. Limit file access. Disable network. Whitelist commands. The agent becomes safer but also dumber—unable to iterate, experiment, or recover from mistakes like a human developer would.

  I wanted to give AI agents a full computer they could break without breaking mine.

  Why not existing tools?

  When I started sandboxing AI-generated code, nothing quite fit:

  - Docker shares the host kernel—container escapes are a real attack surface, and that makes me nervous
  - QEMU/libvirt is powerful but heavyweight—XML configs, daemon processes, steep learning curve
  - Cloud sandboxes (E2B, Modal, etc.) work, but you're locked into their platform with limited customization
  - Kata Containers is designed for Kubernetes orchestration, not for embedding in a Python script

  The SQLite idea:

  I've been thinking about why SQLite works so well. Before SQLite, databases meant running a server—PostgreSQL, MySQL, managing daemons, configuring connections. SQLite asked: what if it was just a library? No server. Just import sqlite3.

  I wanted the same thing for VMs.

  So I started building BoxLite—an attempt to make VMs embeddable like SQLite. A library call that gives you a real micro-VM with its own kernel. No daemon. No root.

  import asyncio
  import boxlite

  async def main():
      async with boxlite.SimpleBox(image="python:slim") as box:
          result = await box.exec("python", "-c", "print('Hello from VM!')")
          print(result.stdout)

  asyncio.run(main())

  To be clear: this is early.

  It works on macOS Apple Silicon and Linux. You can pull OCI images, mount volumes, forward ports. There are some higher-level abstractions (BrowserBox for Playwright, ComputerBox for desktop automation).

  But there are bugs. Boot time is 200ms for hot runs (I want it under 100ms). Documentation is thin. Error messages could be better. macOS Intel and Windows aren't supported. I haven't battle-tested it at scale.

  I'm sharing it now because I'd rather build this with feedback than in isolation.

  What I'd love to hear:
  - Does the SQLite-for-VMs idea make sense, or am I stretching the analogy?
  - What would you actually use this for?
  - What's broken or confusing when you try it?

  GitHub: https://github.com/boxlite-labs/boxlite
  PyPI: https://pypi.org/project/boxlite/

Show HN: Source code graphRAG for Java/Kotlin development based on jQAssistant

Python Only Has One Real Competitor

Tmux to Zellij (and Back)

Ask HN: How are you using specialized agents to accelerate your work?

Passing user_id through 6 services? OTel Baggage fixes this

DavMail Pop/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway

Visual data modelling in the browser (open source)

Show HN: Tharos – CLI to find and autofix security bugs using local LLMs

Oddly Simple GUI Programs

The New Playbook for Leaders [pdf]

Interactive Unboxing of J Dilla's Donuts

OneCourt helps blind and low-vision fans to track Super Bowl live

Rudolf Vrba

Autism Incidence in Girls and Boys May Be Nearly Equal, Study Suggests

Wellness Hotels Discovery Application

NASA delays moon rocket launch by a month after fuel leaks during test

Sebastian Galiani on the Marginal Revolution

Ask HN: Are we at the point where software can improve itself?

Binance Gives Trump Family's Crypto Firm a Leg Up

Reverse engineering Chinese 'shit-program' for absolute glory: R/ClaudeCode

Indian Culture

Show HN: Maravel-Framework 10.61 prevents circular dependency

The age of a treacherous, falling dollar

Ask HN: AI Generated Diagrams

Microsoft Account bugs locked me out of Notepad – are Thin Clients ruining PCs?

Show HN: A delightful Mac app to vibe code beautiful iOS apps

Show HN: Gemini Station – A local Chrome extension to organize AI chats

Welfare states build financial markets through social policy design

Market orientation and national homicide rates

California urges people avoid wild mushrooms after 4 deaths, 3 liver transplants

Show HN: Source code graphRAG for Java/Kotlin development based on jQAssistant

Python Only Has One Real Competitor

Tmux to Zellij (and Back)

Ask HN: How are you using specialized agents to accelerate your work?

Passing user_id through 6 services? OTel Baggage fixes this

DavMail Pop/IMAP/SMTP/Caldav/Carddav/LDAP Exchange Gateway

Visual data modelling in the browser (open source)

Show HN: Tharos – CLI to find and autofix security bugs using local LLMs

Oddly Simple GUI Programs

The New Playbook for Leaders [pdf]

Interactive Unboxing of J Dilla's Donuts

OneCourt helps blind and low-vision fans to track Super Bowl live

Rudolf Vrba

Autism Incidence in Girls and Boys May Be Nearly Equal, Study Suggests

Wellness Hotels Discovery Application

NASA delays moon rocket launch by a month after fuel leaks during test

Sebastian Galiani on the Marginal Revolution

Ask HN: Are we at the point where software can improve itself?

Binance Gives Trump Family's Crypto Firm a Leg Up

Reverse engineering Chinese 'shit-program' for absolute glory: R/ClaudeCode

Indian Culture

Show HN: Maravel-Framework 10.61 prevents circular dependency

The age of a treacherous, falling dollar

Ask HN: AI Generated Diagrams

Microsoft Account bugs locked me out of Notepad – are Thin Clients ruining PCs?

Show HN: A delightful Mac app to vibe code beautiful iOS apps

Show HN: Gemini Station – A local Chrome extension to organize AI chats

Welfare states build financial markets through social policy design

Market orientation and national homicide rates

California urges people avoid wild mushrooms after 4 deaths, 3 liver transplants

BoxLite Love AI agent – SQLite for VMs: embeddable AI agent sandboxing

Comments