BoxLite Love AI agent – SQLite for VMs: embeddable AI agent sandboxing

1•dorianzheng•1mo ago

Comments

dorianzheng•1mo ago

  The problem:

  AI agents are most useful when they have freedom—freedom to write code, install packages, run scripts, explore solutions. But that freedom is dangerous. One hallucinated rm -rf / or a malicious package install, and your host system pays the price.

  So we restrict them. Limit file access. Disable network. Whitelist commands. The agent becomes safer but also dumber—unable to iterate, experiment, or recover from mistakes like a human developer would.

  I wanted to give AI agents a full computer they could break without breaking mine.

  Why not existing tools?

  When I started sandboxing AI-generated code, nothing quite fit:

  - Docker shares the host kernel—container escapes are a real attack surface, and that makes me nervous
  - QEMU/libvirt is powerful but heavyweight—XML configs, daemon processes, steep learning curve
  - Cloud sandboxes (E2B, Modal, etc.) work, but you're locked into their platform with limited customization
  - Kata Containers is designed for Kubernetes orchestration, not for embedding in a Python script

  The SQLite idea:

  I've been thinking about why SQLite works so well. Before SQLite, databases meant running a server—PostgreSQL, MySQL, managing daemons, configuring connections. SQLite asked: what if it was just a library? No server. Just import sqlite3.

  I wanted the same thing for VMs.

  So I started building BoxLite—an attempt to make VMs embeddable like SQLite. A library call that gives you a real micro-VM with its own kernel. No daemon. No root.

  import asyncio
  import boxlite

  async def main():
      async with boxlite.SimpleBox(image="python:slim") as box:
          result = await box.exec("python", "-c", "print('Hello from VM!')")
          print(result.stdout)

  asyncio.run(main())

  To be clear: this is early.

  It works on macOS Apple Silicon and Linux. You can pull OCI images, mount volumes, forward ports. There are some higher-level abstractions (BrowserBox for Playwright, ComputerBox for desktop automation).

  But there are bugs. Boot time is 200ms for hot runs (I want it under 100ms). Documentation is thin. Error messages could be better. macOS Intel and Windows aren't supported. I haven't battle-tested it at scale.

  I'm sharing it now because I'd rather build this with feedback than in isolation.

  What I'd love to hear:
  - Does the SQLite-for-VMs idea make sense, or am I stretching the analogy?
  - What would you actually use this for?
  - What's broken or confusing when you try it?

  GitHub: https://github.com/boxlite-labs/boxlite
  PyPI: https://pypi.org/project/boxlite/

France's homegrown open source online office suite

SpaceX Delays Mars Plans to Focus on Moon

Jeremy Wade's Mighty Rivers

Show HN: MCP App to play backgammon with your LLM

AI Command and Staff–Operational Evidence and Insights from Wargaming

Show HN: CCBot – Control Claude Code from Telegram via tmux

Ask HN: Is the CoCo 3 the best 8 bit computer ever made?

Show HN: Convert your articles into videos in one click

Red Queen's Race

The Anthropic Hive Mind

A Horrible Conclusion

I spent $10k to automate my research at OpenAI with Codex

From Zero to Hero: A Spring Boot Deep Dive

Show HN: Solving NP-Complete Structures via Information Noise Subtraction (P=NP)

Cook New Emojis

Show HN: LoKey Typer – A calm typing practice app with ambient soundscapes

Long-Sought Proof Tames Some of Math's Unruliest Equations

Hacking the last Z80 computer – FOSDEM 2026 [video]

Browser-use for Node.js v0.2.0: TS AI browser automation parity with PY v0.5.11

Michael Pollan Says Humanity Is About to Undergo a Revolutionary Change

Software Engineering Is Back

Storyship: Turn Screen Recordings into Professional Demos

Reputation Scores for GitHub Accounts

A BSOD for All Seasons – Send Bad News via a Kernel Panic

Show HN: I got tired of copy-pasting between Claude windows, so I built Orcha

Omarchy First Impressions

Reinforcement Learning from Human Feedback

Show HN: Versor – The "Unbending" Paradigm for Geometric Deep Learning

Show HN: HypothesisHub – An open API where AI agents collaborate on medical res

Big Tech vs. OpenClaw

France's homegrown open source online office suite

SpaceX Delays Mars Plans to Focus on Moon

Jeremy Wade's Mighty Rivers

Show HN: MCP App to play backgammon with your LLM

AI Command and Staff–Operational Evidence and Insights from Wargaming

Show HN: CCBot – Control Claude Code from Telegram via tmux

Ask HN: Is the CoCo 3 the best 8 bit computer ever made?

Show HN: Convert your articles into videos in one click

Red Queen's Race

The Anthropic Hive Mind

A Horrible Conclusion

I spent $10k to automate my research at OpenAI with Codex

From Zero to Hero: A Spring Boot Deep Dive

Show HN: Solving NP-Complete Structures via Information Noise Subtraction (P=NP)

Cook New Emojis

Show HN: LoKey Typer – A calm typing practice app with ambient soundscapes

Long-Sought Proof Tames Some of Math's Unruliest Equations

Hacking the last Z80 computer – FOSDEM 2026 [video]

Browser-use for Node.js v0.2.0: TS AI browser automation parity with PY v0.5.11

Michael Pollan Says Humanity Is About to Undergo a Revolutionary Change

Software Engineering Is Back

Storyship: Turn Screen Recordings into Professional Demos

Reputation Scores for GitHub Accounts

A BSOD for All Seasons – Send Bad News via a Kernel Panic

Show HN: I got tired of copy-pasting between Claude windows, so I built Orcha

Omarchy First Impressions

Reinforcement Learning from Human Feedback

Show HN: Versor – The "Unbending" Paradigm for Geometric Deep Learning

Show HN: HypothesisHub – An open API where AI agents collaborate on medical res

Big Tech vs. OpenClaw

BoxLite Love AI agent – SQLite for VMs: embeddable AI agent sandboxing

Comments