Skip to main content
HYPERVISOR CONTAINMENT PROTOCOL ACTIVE

Hardened Isolation
For Coding Agents.

Autonomous LLMs write and execute raw commands. Stop running them in host-shared Docker containers. Sandforge boots ephemeral, dedicated guest kernels in under **250ms**, completely decoupling untrusted process runtimes from host hardware.

containmentApple VZ / Linux KVM
communicationHardware VSOCK v2222
network policyDeny-by-Default Egress
boot latency< 250 milliseconds
HYPERVISOR_MONITOR.SH
secure containment v1.0.0
vCPU Limit
0/2
RAM alloc
0MB
System LockENVELOPE SECURE
SELECT SANDBOX COMMAND EXPERIMENT:
$go test ./internal/policy/...
CONSOLE STANDBY. WAIT FOR INSTRUCTION ALLOCATION.SELECT COMMAND ABOVE AND CLICK "BOOT & EXECUTE".
STATUS: SYSTEM READY. GUEST KERNEL: CACHED

Secure Hardware VSOCK Handshaking

Sandboxes are fully isolated network-offline environments. Host-Guest communication is established exclusively over **Virtual Sockets (VSOCK)**, operating direct physical transfers across the hypervisor bus.

01/Payload messages are encoded as length-prefixed JSON envelopes
02/Egress network streams are dropped at the host hypervisor level
03/Task limits are strictly enforced on guest kernels to prevent DoS
VSOCK WIRE FORMAT ENVELOPEjson
{
  "op": "exec",
  "payload": {
    "command": ["go", "test", "./..."],
    "cwd": "/workspace",
    "env": {
      "GOOS": "linux",
      "CGO_ENABLED": "0"
    },
    "timeout_sec": 30
  }
}

Hardened Hypervisor Core. Ready for Scaling.

Sandforge is entirely open-source, written in idiomatic Go, and custom-tuned for zero-trust autonomous agent execution.