Zeroboot VM 沙盒：亚毫秒级AI智能体代码执行隔离平台，基于KVM与Firecracker

zeroboot-vm-sandbox by aradotso/trending-skills

241 周安装量

10 GitHub Stars

GitHub

安装命令

npx skills add https://github.com/aradotso/trending-skills --skill zeroboot-vm-sandbox

AI/机器学习云服务安全

🇨🇳中文介绍

Zeroboot VM 沙盒

技能来自 ara.so — Daily 2026 技能集合。

Zeroboot 为 AI 智能体提供亚毫秒级的 KVM 虚拟机沙盒，使用写时复制（CoW）分叉技术。每个沙盒都是一个真正的硬件隔离的虚拟机（通过 Firecracker + KVM），而非容器。模板虚拟机被快照一次，然后每次执行时使用 mmap(MAP_PRIVATE) 的 CoW 语义进行分叉，耗时约 0.8 毫秒。

工作原理

Firecracker 快照 ──► mmap(MAP_PRIVATE) ──► KVM 虚拟机 + 恢复的 CPU 状态
                           (写时复制)          (~0.8ms)

模板：Firecracker 启动一次，预加载您的运行时环境，快照内存 + CPU 状态
分叉 (~0.8ms)：新的 KVM 虚拟机将快照内存映射为 CoW，恢复 CPU 状态
隔离：每个分叉都是一个独立的 KVM 虚拟机，具有硬件强制执行的内存隔离

安装

Python SDK

pip install zeroboot

Node/TypeScript SDK

npm install @zeroboot/sdk
# 或
pnpm add @zeroboot/sdk

身份验证

广告位招租

在这里展示您的产品或服务

触达数万 AI 开发者，精准高效

联系我们

TypeScript / Node.js

import { Sandbox } from "@zeroboot/sdk";

const apiKey = process.env.ZEROBOOT_API_KEY!;
const sb = new Sandbox(apiKey);

// 运行 JavaScript/Node 代码
const result = await sb.run("console.log(1 + 1)");
console.log(result); // "2"

// 运行异步代码
const output = await sb.run(`
const data = [1, 2, 3, 4, 5];
const sum = data.reduce((a, b) => a + b, 0);
console.log(sum / data.length);
`);
console.log(output);

AI 智能体代码执行循环 (Python)

import os
from zeroboot import Sandbox

def execute_agent_code(code: str) -> dict:
    """在隔离的 VM 沙盒中执行 LLM 生成的代码。"""
    sb = Sandbox(os.environ["ZEROBOOT_API_KEY"])
    try:
        result = sb.run(code)
        return {"success": True, "output": result}
    except Exception as e:
        return {"success": False, "error": str(e)}

# 示例：安全运行智能体生成的代码
agent_code = """
import json
data = {"agent": "result", "value": 42}
print(json.dumps(data))
"""
response = execute_agent_code(agent_code)
print(response)

并发沙盒执行 (Python)

import os
import asyncio
from zeroboot import Sandbox

async def run_sandbox(code: str, index: int) -> str:
    sb = Sandbox(os.environ["ZEROBOOT_API_KEY"])
    result = await asyncio.to_thread(sb.run, code)
    return f"[{index}] {result}"

async def run_concurrent(snippets: list[str]):
    tasks = [run_sandbox(code, i) for i, code in enumerate(snippets)]
    results = await asyncio.gather(*tasks)
    return results

# 并发运行 10 个沙盒
codes = [f"print({i} ** 2)" for i in range(10)]
outputs = asyncio.run(run_concurrent(codes))
for out in outputs:
    print(out)

TypeScript：智能体工具集成

import { Sandbox } from "@zeroboot/sdk";

interface ExecutionResult {
  success: boolean;
  output?: string;
  error?: string;
}

async function runInSandbox(code: string): Promise<ExecutionResult> {
  const sb = new Sandbox(process.env.ZEROBOOT_API_KEY!);
  try {
    const output = await sb.run(code);
    return { success: true, output };
  } catch (err) {
    return { success: false, error: String(err) };
  }
}

// 作为工具集成到 LLM 智能体中
const tool = {
  name: "execute_code",
  description: "在隔离的 VM 沙盒中运行代码",
  execute: async ({ code }: { code: string }) => runInSandbox(code),
};

使用 fetch 的 REST API (TypeScript)

const API_BASE = "https://api.zeroboot.dev/v1";

async function execCode(code: string): Promise<string> {
  const res = await fetch(`${API_BASE}/exec`, {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Authorization: `Bearer ${process.env.ZEROBOOT_API_KEY}`,
    },
    body: JSON.stringify({ code }),
  });
  if (!res.ok) {
    const err = await res.text();
    throw new Error(`Zeroboot 错误 ${res.status}: ${err}`);
  }
  const data = await res.json();
  return data.output;
}

curl https://api.zeroboot.dev/v1/health

在新的沙盒分叉中执行代码。

{
  "code": "print('hello')"
}

Authorization: Bearer <ZEROBOOT_API_KEY>
Content-Type: application/json

{
  "output": "hello\n",
  "duration_ms": 0.79
}

指标	数值
生成延迟 p50	~0.79ms
生成延迟 p99	~1.74ms
每个沙盒内存占用	~265KB
分叉 + 执行 Python	~8ms
1000 个并发分叉	~815ms

每个沙盒都是真正的 KVM 虚拟机 — 不是容器或进程监狱
内存隔离由硬件强制执行（非软件）
CoW 意味着只有您的代码写入的页面才会消耗额外的 RAM

请参阅仓库中的 docs/DEPLOYMENT.md。要求：

支持 KVM 的 Linux 主机（可访问 /dev/kvm）
Firecracker 二进制文件
Rust 2021 版本工具链

检查 KVM 可用性

ls /dev/kvm

克隆并构建

git clone https://github.com/adammiribyan/zeroboot cd zeroboot cargo build --release

快照层：Firecracker 虚拟机为每个运行时模板启动一次，内存 + vCPU 状态保存到磁盘
分叉层（Rust）：对快照文件执行 mmap(MAP_PRIVATE) → 内核为每个虚拟机处理 CoW 缺页异常
隔离：每个分叉都有自己的 KVM 虚拟机文件描述符、vCPU 和页表 — 完全硬件隔离
无共享内核：与容器不同，每个沙盒运行自己的内核实例

/dev/kvm not found（自托管）

# 启用 KVM 内核模块
sudo modprobe kvm
sudo modprobe kvm_intel  # 或 kvm_amd

API 返回 401 Unauthorized

确认 ZEROBOOT_API_KEY 已设置且以 zb_live_ 开头
在您的控制面板中检查密钥是否已过期

默认执行超时由服务器端强制执行
将大型计算拆分为较小的块
避免在沙盒代码中出现无限循环或阻塞 I/O

内存使用率高（自托管）

每个虚拟机分叉开始时 CoW 开销约为 265KB
页面在写入时分配 — 内存随着沙盒活动而增长
根据可用 RAM 调整并发分叉限制

🇺🇸English

Zeroboot VM Sandbox

Skill by ara.so — Daily 2026 Skills collection.

Zeroboot provides sub-millisecond KVM virtual machine sandboxes for AI agents using copy-on-write forking. Each sandbox is a real hardware-isolated VM (via Firecracker + KVM), not a container. A template VM is snapshotted once, then forked in ~0.8ms per execution using mmap(MAP_PRIVATE) CoW semantics.

How It Works

Firecracker snapshot ──► mmap(MAP_PRIVATE) ──► KVM VM + restored CPU state
                           (copy-on-write)          (~0.8ms)

Template : Firecracker boots once, pre-loads your runtime, snapshots memory + CPU state
Fork (~0.8ms) : New KVM VM maps snapshot memory as CoW, restores CPU state
Isolation : Each fork is a separate KVM VM with hardware-enforced memory isolation

Installation

Python SDK

pip install zeroboot

Node/TypeScript SDK

npm install @zeroboot/sdk
# or
pnpm add @zeroboot/sdk

Authentication

Set your API key as an environment variable:

export ZEROBOOT_API_KEY="zb_live_your_key_here"

Never hardcode keys in source files.

Quick Start

REST API (cURL)

curl -X POST https://api.zeroboot.dev/v1/exec \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $ZEROBOOT_API_KEY" \
  -d '{"code":"import numpy as np; print(np.random.rand(3))"}'

Python

import os
from zeroboot import Sandbox

# Initialize with API key from environment
sb = Sandbox(os.environ["ZEROBOOT_API_KEY"])

# Run Python code
result = sb.run("print(1 + 1)")
print(result)  # "2"

# Run multi-line code
result = sb.run("""
import numpy as np
arr = np.arange(10)
print(arr.mean())
""")
print(result)

TypeScript / Node.js

import { Sandbox } from "@zeroboot/sdk";

const apiKey = process.env.ZEROBOOT_API_KEY!;
const sb = new Sandbox(apiKey);

// Run JavaScript/Node code
const result = await sb.run("console.log(1 + 1)");
console.log(result); // "2"

// Run async code
const output = await sb.run(`
const data = [1, 2, 3, 4, 5];
const sum = data.reduce((a, b) => a + b, 0);
console.log(sum / data.length);
`);
console.log(output);

Common Patterns

AI Agent Code Execution Loop (Python)

import os
from zeroboot import Sandbox

def execute_agent_code(code: str) -> dict:
    """Execute LLM-generated code in an isolated VM sandbox."""
    sb = Sandbox(os.environ["ZEROBOOT_API_KEY"])
    try:
        result = sb.run(code)
        return {"success": True, "output": result}
    except Exception as e:
        return {"success": False, "error": str(e)}

# Example: running agent-generated code safely
agent_code = """
import json
data = {"agent": "result", "value": 42}
print(json.dumps(data))
"""
response = execute_agent_code(agent_code)
print(response)

Concurrent Sandbox Execution (Python)

import os
import asyncio
from zeroboot import Sandbox

async def run_sandbox(code: str, index: int) -> str:
    sb = Sandbox(os.environ["ZEROBOOT_API_KEY"])
    result = await asyncio.to_thread(sb.run, code)
    return f"[{index}] {result}"

async def run_concurrent(snippets: list[str]):
    tasks = [run_sandbox(code, i) for i, code in enumerate(snippets)]
    results = await asyncio.gather(*tasks)
    return results

# Run 10 sandboxes concurrently
codes = [f"print({i} ** 2)" for i in range(10)]
outputs = asyncio.run(run_concurrent(codes))
for out in outputs:
    print(out)

TypeScript: Agent Tool Integration

import { Sandbox } from "@zeroboot/sdk";

interface ExecutionResult {
  success: boolean;
  output?: string;
  error?: string;
}

async function runInSandbox(code: string): Promise<ExecutionResult> {
  const sb = new Sandbox(process.env.ZEROBOOT_API_KEY!);
  try {
    const output = await sb.run(code);
    return { success: true, output };
  } catch (err) {
    return { success: false, error: String(err) };
  }
}

// Integrate as a tool for an LLM agent
const tool = {
  name: "execute_code",
  description: "Run code in an isolated VM sandbox",
  execute: async ({ code }: { code: string }) => runInSandbox(code),
};

REST API with fetch (TypeScript)

const API_BASE = "https://api.zeroboot.dev/v1";

async function execCode(code: string): Promise<string> {
  const res = await fetch(`${API_BASE}/exec`, {
    method: "POST",
    headers: {
      "Content-Type": "application/json",
      Authorization: `Bearer ${process.env.ZEROBOOT_API_KEY}`,
    },
    body: JSON.stringify({ code }),
  });
  if (!res.ok) {
    const err = await res.text();
    throw new Error(`Zeroboot error ${res.status}: ${err}`);
  }
  const data = await res.json();
  return data.output;
}

Health Check

curl https://api.zeroboot.dev/v1/health

API Reference

`POST /v1/exec`

Execute code in a fresh sandbox fork.

Request:

{
  "code": "print('hello')"
}

Headers:

Authorization: Bearer <ZEROBOOT_API_KEY>
Content-Type: application/json

Response:

{
  "output": "hello\n",
  "duration_ms": 0.79
}

Performance Characteristics

Metric	Value
Spawn latency p50	~0.79ms
Spawn latency p99	~1.74ms
Memory per sandbox	~265KB
Fork + exec Python	~8ms
1000 concurrent forks	~815ms

Each sandbox is a real KVM VM — not a container or process jail
Memory isolation is hardware-enforced (not software)
CoW means only pages written by your code consume extra RAM

Self-Hosting / Deployment

See docs/DEPLOYMENT.md in the repo. Requirements:

Linux host with KVM support (/dev/kvm accessible)
Firecracker binary
Rust 2021 edition toolchain

Check KVM availability

ls /dev/kvm

Clone and build

git clone https://github.com/adammiribyan/zeroboot cd zeroboot cargo build --release

Architecture Notes

Snapshot layer : Firecracker VM boots once per runtime template, memory + vCPU state saved to disk
Fork layer (Rust): mmap(MAP_PRIVATE) on snapshot file → kernel handles CoW page faults per VM
Isolation : Each fork has its own KVM VM file descriptors, vCPU, and page table — fully hardware-separated
No shared kernel : Unlike containers, each sandbox runs its own kernel instance

Troubleshooting

/dev/kvm not found (self-hosted)

# Enable KVM kernel module
sudo modprobe kvm
sudo modprobe kvm_intel  # or kvm_amd

API returns 401 Unauthorized

Verify ZEROBOOT_API_KEY is set and starts with zb_live_
Check the key is not expired in your dashboard

Timeout on execution

Default execution timeout is enforced server-side
Break large computations into smaller chunks
Avoid infinite loops or blocking I/O in sandbox code

High memory usage (self-hosted)

Each VM fork starts at ~265KB CoW overhead
Pages are allocated on write — memory grows with sandbox activity
Tune concurrent fork limits based on available RAM

Resources

Weekly Installs

241

Repository

aradotso/trending-skills

GitHub Stars

First Seen

6 days ago

Security Audits

Gen Agent Trust HubPass SocketPass SnykWarn

Installed on

github-copilot240

codex240

amp240

cline240

kimi-cli240

gemini-cli240

Azure 配额管理指南：服务限制、容量验证与配额增加方法

79,700 周安装

Zeroboot VM 沙盒：亚毫秒级AI智能体代码执行隔离平台，基于KVM与Firecracker

🇨🇳中文介绍

Zeroboot VM 沙盒

工作原理

安装

Python SDK

Node/TypeScript SDK

身份验证

相关 Skills

快速开始

REST API (cURL)

Python

TypeScript / Node.js

常用模式

AI 智能体代码执行循环 (Python)

并发沙盒执行 (Python)

TypeScript：智能体工具集成

使用 fetch 的 REST API (TypeScript)

健康检查

API 参考

POST /v1/exec

性能特征

自托管 / 部署

检查 KVM 可用性

克隆并构建

架构说明

故障排除

资源

🇺🇸English

Zeroboot VM Sandbox

How It Works

Installation

Python SDK

Node/TypeScript SDK

Authentication

Quick Start

REST API (cURL)

Python

TypeScript / Node.js

Common Patterns

AI Agent Code Execution Loop (Python)

Concurrent Sandbox Execution (Python)

TypeScript: Agent Tool Integration

REST API with fetch (TypeScript)

Health Check

API Reference

POST /v1/exec

Performance Characteristics

Self-Hosting / Deployment

Check KVM availability

Clone and build

Architecture Notes

Troubleshooting

Resources

最新 Skills

`POST /v1/exec`

`POST /v1/exec`