v0.1.0 — Now Available

Give your AI agent
its own computer

A self-hosted sandbox that boots a real virtual machine for AI agents. Hardware-isolated by Firecracker. No containers. No cloud.

nervos-sandbox
View on GitHub Quick Setup
~100MB
Bundle size
<6s
Boot time
6
MCP tools
0
Cloud dependencies
Architecture

How the agent connects

Your AI talks to NervOS over MCP. NervOS boots a Firecracker MicroVM and relays commands over vsock. The agent never touches your host.

🤖

AI Agent

Claude, GPT, LangGraph

MCP
stdio
⚙️

nervos_server

Host process

vsock
isolated
🛡️

Firecracker VM

Alpine Linux sandbox

Tools

Everything your agent needs

Six MCP tools give full Linux environment access. All commands run inside the VM — never on your host.

sandbox_exec

Run any shell command — Python, bash, curl, whatever the agent needs.

sandbox_write_file

Create or overwrite files inside the VM filesystem.

📄

sandbox_read_file

Read file contents back from the VM to the agent.

📁

sandbox_list_dir

Browse the VM directory tree.

📈

sandbox_status

Check VM health — CPU, RAM, disk, uptime.

🔄

sandbox_reset

Wipe everything. Clean slate in seconds.

Isolation

VMs vs Containers

Containers share your kernel. A VM escape is orders of magnitude harder than a container escape.

NervOS MicroVM

Separate kernel — hardware boundary
Near-zero escape risk
pip install — done
No cloud, no API keys
Optional internet access

Docker Container

Shared kernel with host
Container escapes exist
Faster boot (~0.5s)
Huge ecosystem
More mature tooling
Setup

Claude Desktop config

Add this to your config file. On first run, NervOS downloads the micro-OS automatically.

💻 Windows (WSL2) 
{
  "mcpServers": {
    "nervos": {
      "command": "wsl",
      "args": ["-d", "Ubuntu",
        "--", "sudo",
        "python3", "-m",
        "nervos_server"]
    }
  }
}
🐧 Linux / macOS 
{
  "mcpServers": {
    "nervos": {
      "command": "sudo",
      "args": ["python3",
        "-m",
        "nervos_server"]
    }
  }
}
Compatibility

Works with any MCP client

NervOS speaks the Model Context Protocol.

Claude Desktop
LangGraph
LangChain
Any MCP Client
Honest disclaimer

Current limitations

This is v0.1.0. It works, but it's early.

One VM at a time
Needs sudo
x86_64 only
Requires KVM / WSL2

Ready to isolate your agents?

One command to install. One config to connect.

Get Started on GitHub ↗