OpenShell has released v0.0.33, and NVIDIA's AI Agent Sandbox has added the libkrun microVM driver

According to Dongcha Beating monitoring, NVIDIA's open-source AI Agent sandbox runtime, OpenShell, has released v0.0.33. The project uses YAML policies to control file access, data egress, and network requests within the sandbox, providing secure isolation for autonomous agents to run code. This version introduces the libkrun standalone compute driver and strengthens the sandbox with seccomp filtering, inference routing, and process count limits.

Prior to this, OpenShell's compute backend was Kubernetes, running on a K3s cluster within a single Docker container. libkrun is a KVM-based micro VM library with container-like startup speed and virtual machine-level isolation. For executing untrusted code by agents, this adds an additional kernel-level boundary beyond containers.

The project has accumulated 5.2k stars on GitHub and is licensed under Apache 2.0. The official README notes that it is still in the alpha stage, currently only supporting a single-player mode for a single developer, single environment, and single gateway.