boxlite

Name: boxlite
Author: boxlite-ai

Verified

The compute substrate for AI agents — light enough to embed on your laptop, elastic enough to power an agentic cloud.

2,102stars

131forks

Rust

Installation

# Add to your Claude Code skills
git clone https://github.com/boxlite-ai/boxlite

Getting Started

Guides for using ai agents skills like boxlite.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportVerified

Last scanned: 5/14/2026

{
  "issues": [],
  "status": "PASSED",
  "scannedAt": "2026-05-14T06:46:16.567Z",
  "semgrepRan": false,
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is boxlite?

boxlite is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by boxlite-ai. The compute substrate for AI agents — light enough to embed on your laptop, elastic enough to power an agentic cloud. It has 2,102 GitHub stars.

Is boxlite safe to use?

Yes. boxlite passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.

How do I install boxlite?

Clone the repository with "git clone https://github.com/boxlite-ai/boxlite" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is boxlite written in?

boxlite is primarily written in Rust. It is open-source under boxlite-ai on GitHub, so you can review or fork the full source.

Are there alternatives to boxlite?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh boxlite against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

superpowers

by obra

An agentic skills framework & software development methodology that works.

234,966

mcp-shrimp-task-manager agent-toolkit

What is BoxLite?

A Box is a hardware-isolated micro-VM that runs any OCI image — and it persists. Agents install packages, write files, and resume across turns, never from cold.

Why BoxLite

Real isolation: its own kernel — stronger than a container, lighter than a full VM. Small footprint, async-first for fleets.
Daemonless: embed as a library — no root, no background service. (optional server mode)
OCI-native: run any Docker image unchanged (python:slim, node:alpine, …).
Controlled networking: restrict egress with allow_net; inject real secrets via placeholders.
Embed → cloud: one engine, from your laptop to a multi-tenant cloud.

Get started

One engine. Embed it, run it, deploy it, distribute it.

1 · Embed it — a library in your app

Import BoxLite and give your agent an isolated VM to run code — no daemon, no binary. (Python 3.10+)

pip install boxlite

import asyncio
import boxlite

async def main():
    async with boxlite.SimpleBox(image="python:slim") as box:
        result = await box.exec("python", "-c", "print('Hello from BoxLite!')")
        print(result.stdout)

asyncio.run(main())

Node.js (npm install @boxlite-ai/boxlite, Node 18+)

import { SimpleBox } from '@boxlite-ai/boxlite';

const box = new SimpleBox({ image: 'python:slim' });
try {
  const result = await box.exec('python', '-c', "print('Hello from BoxLite!')");
  console.log(result.stdout);
} finally {
  await box.stop();
}

Go (go get github.com/boxlite-ai/boxlite/sdks/go, Go 1.24+ with CGO)

ctx := context.Background()
rt, _ := boxlite.NewRuntime()
defer rt.Close()
box, _ := rt.Create(ctx, "alpine:latest")
defer box.Close()
result, _ := box.Exec(ctx, "echo", "Hello from BoxLite!")
fmt.Print(result.Stdout)

Rust (cargo add boxlite tokio futures --features tokio/macros,tokio/rt-multi-thread)

let runtime = BoxliteRuntime::default_runtime();
let litebox = runtime.create(BoxOptions {
    rootfs: RootfsSpec::Image("alpine:latest".into()),
    ..Default::default()
}, None).await?;
let mut execution = litebox.exec(BoxCommand::new("echo").arg("Hello from BoxLite!")).await?;
let mut stdout = execution.stdout().unwrap();
while let Some(line) = stdout.next().await { println!("{}", line); }

Full runnable versions: Python, Node, Go, Rust, C.

2 · Run it — the binary, one command

No code needed — one install, then run any OCI image from your terminal.

curl -fsSL https://sh.boxlite.ai | sh
boxlite run python:slim python -c "print('Hello from BoxLite!')"

Installs to $HOME/.local/bin/boxlite, runtime embedded — no extra setup. Alternatives (cargo install boxlite-cli, version pinning, verification) → CLI reference.

3 · Deploy it — a standalone server

boxlite serve
# Listening on 0.0.0.0:8100

curl -s -X POST http://localhost:8100/v1/boxes \
  -H 'Content-Type: application/json' \
  -d '{"image": "alpine:latest"}'

Every CLI command also works against a running server with --url: boxlite --url http://localhost:8100 list.

4 · Distribute it — your own agentic cloud

git clone https://github.com/boxlite-ai/boxlite && cd boxlite/apps/infra
npm install
npm run deploy -- --stage production

Needs an AWS account, a Cloudflare-managed domain, and Docker. Full guide → apps/infra/README.md.

Next steps

More real-world scenarios → Examples
How images, disks, networking, and isolation work → Architecture

Features

Area	Capabilities
Execution	run any OCI image · async exec with streamed stdout/stderr + exit codes · interactive PTY with live resize · per-command timeout, workdir, env, run-as-user · entrypoint/cmd override
Isolation & security	a hardware-virtualized VM per box (KVM / Hypervisor.framework) · OS sandbox (seccomp / sandbox-exec) · CPU, memory & resource limits · egress allow-list (`allow_net`) · secret injection — real values never enter the VM · env sanitization
Storage & state	persists across stop/restart · volume mounts (ro/rw) · per-box QCOW2 disk with copy-on-write · bidirectional file copy · clone, or export/import as `.boxlite` archives · detached boxes that outlive the parent process
Networking	outbound internet · TCP/UDP port forwarding · network I/O metrics
Images	pull + cache any OCI image · custom & private registries · custom rootfs
Observability	per-box & runtime metrics — CPU, memory, network, boot time, commands · console logs · live `stats`
Interfaces	Python · Node.js · Go · Rust · C SDKs · the `boxlite` CLI · a REST API (WebSocket exec, optional auth)

Architecture

How BoxLite embeds a runtime and runs OCI containers inside micro-VMs. Details → Architecture.

┌──────────────────────────────────────────────────────────────┐
│  Your Application                                            │
│  ┌───────────────────────────────────────────────────────┐   │
│  │  BoxLite Runtime (embedded library)                   │   │
│  │                                                        │   │
│  │  ╔════════════════════════════════════════════════╗   │   │
│  │  ║ Jailer (OS-level sandbox)                      ║   │   │
│  │  ║  ┌──────────┐  ┌──────────┐  ┌──────────┐      ║   │   │
│  │  ║  │  Box A   │  │  Box B   │  │  Box C   │      ║   │   │
│  │  ║  │ (VM+Shim)│  │ (VM+Shim)│  │ (VM+Shim)│      ║   │   │
│  │  ║  │┌────────┐│  │┌────────┐│  │┌────────┐│      ║   │   │
│  │  ║  ││Container││  ││Container││  ││Container││      ║   │   │
│  │  ║  │└────────┘│  │└────────┘│  │└────────┘│      ║   │   │
│  │  ║  └──────────┘  └──────────┘  └──────────┘      ║   │   │
│  │  ╚════════════════════════════════════════════════╝   │   │
│  └───────────────────────────────────────────────────────┘   │
└──────────────────────────────────────────────────────────────┘
                              │
              Hardware Virtualization + OS Sandboxing
             (KVM/Hypervisor.framework + seccomp/sandbox-exec)

Security Layers:

Hardware isolation (KVM/Hypervisor.framework)
OS-level sandboxing (seccomp on Linux, sandbox-exec on macOS)
Resource limits (cgroups, rlimits)
Environment sanitization

Documentation

API & CLI Reference — SDK API references (Python, Node.js, Rust, C) and the boxlite CLI reference
Using BoxLite with AI agents — concurrency, timeouts, security, file transfer
Examples — Sample code for common use cases
Architecture — How BoxLite works under the hood

Supported Platforms

Platform	Architecture	Status
macOS	Apple Silicon (ARM64)	✅ Supported
Linux	x86_64	✅ Supported
Linux	ARM64	✅ Supported
Windows (WSL2)	x86_64	✅ Supported
macOS	Intel (x86_64)	🚀 Coming soon

System Requirements

Platform	Requirements
macOS	Apple Silicon, macOS 12+
Linux	KVM enabled (`/dev/kvm` accessible)