OpenSandbox and nono
These are **competitors**: both provide sandbox execution environments for AI agents, but OpenSandbox emphasizes broad multi-language support and container orchestration while nono focuses on kernel-level capability-based isolation and cryptographic auditability—representing different architectural approaches to the same problem.
About OpenSandbox
alibaba/OpenSandbox
OpenSandbox is a general-purpose sandbox platform for AI applications, offering multi-language SDKs, unified sandbox APIs, and Docker/Kubernetes runtimes for scenarios like Coding Agents, GUI Agents, Agent Evaluation, AI Code Execution, and RL Training.
Supports strong workload isolation through secure container runtimes (gVisor, Kata Containers, Firecracker) and implements unified network policies with ingress gateway routing plus per-sandbox egress controls. The platform provides built-in Command, Filesystem, and Code Interpreter implementations with lifecycle management across Docker and high-performance Kubernetes runtimes, enabling seamless scaling from local development to distributed scheduling.
About nono
always-further/nono
Secure, kernel-enforced sandbox CLI and SDKs for AI agents. Capability-based isolation with secure key management, atomic rollback, cryptographic immutable audit chain of provenance. Run your agents in a zero-trust environment.
Implements kernel-enforced sandboxing via Landlock (Linux 5.13+) and Seatbelt (macOS 10.5+) with irreversible capability-based access control applied before execution. Provides credential injection via proxy mode—keeping API keys entirely outside the sandbox—or environment injection from system keystores and 1Password. Includes Sigstore-based cryptographic verification of agent instruction files and scripts using DSSE envelopes and in-toto attestations to prevent supply chain attacks.
Related comparisons
Scores updated daily from GitHub, PyPI, and npm data. How scores work