GitHub - PwnFunction/sandbox: Run untrusted AI code safely, fast

Concave AI Sandbox

Run AI code safely, fast, untrusted

A self-hostable code execution sandbox platform built with Firecracker microVMs. Sub-200ms startup times with snapshot-based warm pooling.

About

Concave provides secure, isolated code execution environments for running untrusted code. Built with Firecracker microVMs, gRPC orchestration, and modern infrastructure tools.

• Fast VM provisioning with golden snapshots
• gRPC control plane for VM lifecycle management
• Streaming data plane for file transfers and real-time output
• HTTP API gateway with authentication
• Python SDK for easy integration
• Dashboard and documentation site

Getting Started

See SETUP.md for complete deployment instructions.

1. Set up GCP project and domain
2. Configure Terraform and Ansible
3. Deploy infrastructure
4. Install Python SDK: pip install concave-sandbox

Documentation

• Setup Guide
• Operations Guide
• Database Setup
• SDK Documentation

Contributing

Contributions are welcome! See CONTRIBUTING.md for guidelines.

Security

If you discover a security vulnerability, please create an issue. All security issues will be promptly addressed.

License

This project is licensed under the MIT license.