{"slug": "show-hn-takovm-open-source-sandboxing-for-your-agent-s-code", "title": "Show HN: TakoVM – open-source sandboxing for your agent's code", "summary": "Tako Research released TakoVM, an open-source sandboxing tool for AI agent code execution that provides Docker isolation, job queues, execution history, and retry logic out of the box. The tool aims to simplify secure code execution for enterprise teams deploying AI agents by bundling infrastructure components that standalone sandbox solutions lack.", "body_md": "**File system and python execution for your agents. Job queues and Docker isolation built-in. Used by teams deploying in enterprise.**\n\n**English** | [日本語](/Tako-Research/TakoVM/blob/main/README.ja.md)\n\n**A secure file system for your agents to execute code.** Every job runs in its own\nisolated Docker container, with an ephemeral workspace, optional gVisor sandboxing, job\nqueues, retries, and execution history included.\n\nWhere this is headed:durable, per-agent workspaces that persist and rehydrate across runs, a serverless filesystem for agents. Today each container is single-use; persistent workspaces are on the roadmap. gVisor remains the sole isolation boundary.\n\n[ Documentation](https://tako-research.github.io/TakoVM/) ·\n\n[·](https://tako-research.github.io/TakoVM/getting-started/quickstart/)\n\n**Quick Start**\n\n**API Reference**\n\n```\n# Install (requires Docker + Python 3.10+)\npip install \"tako-vm[server]\"\ntako-vm setup                   # pull the executor Docker image\ntako-vm server                  # start server (auto-starts PostgreSQL via Docker)\n# Execute code\ncurl -X POST http://localhost:8000/execute \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\"code\": \"print(1 + 1)\"}'\n```\n\nSandbox solutions like [e2b](https://e2b.dev), [daytona](https://daytona.dev) and [microsandbox](https://github.com/microsandbox/microsandbox) give you isolated code execution, but that's it. You still need to build:\n\n| You build | With sandbox-only | With Tako VM |\n|---|---|---|\n| Job queue | Redis + Celery/Bull | Built-in |\n| Execution history | Postgres + schema | PostgreSQL included |\n| Retry logic | Custom code | Automatic |\n| Idempotency | Deduplication logic | `idempotency_key` |\n| Replay/debugging | Custom tooling | Rerun/fork API |\n\n**Tako VM is the complete package:**\n\n**Job queue + workers**- Async execution with worker pool, no Redis/Celery setup** Execution history**- Every job persisted with stdout, stderr, timing, artifacts** Replay to debug**- Rerun past jobs with exact same code and inputs** Docker isolation**- Each job in its own container with seccomp filtering** Network isolation**- No network by default, optional allowlist per job type** Self-hosted**- Your machine, offline-capable, zero per-execution cost\n\n```\ntako-vm setup                     # Pull executor image and verify Docker\ntako-vm server                    # Start the API server\ntako-vm server --port 9000        # Custom port\ntako-vm dev up                    # Start local PostgreSQL for development\ntako-vm dev up --with-server      # Start PostgreSQL + API server\ntako-vm dev status                # Check local PostgreSQL status\ntako-vm dev down                  # Stop local PostgreSQL\ntako-vm config                    # Show current configuration\ntako-vm config --json             # Output as JSON\ntako-vm validate                  # Validate current config\ntako-vm validate my.yaml          # Validate specific file\ntako-vm status                    # Check server health\ntako-vm version                   # Show version\ntako-vm --config my.yaml server   # Use specific config file\n```\n\n| Topic | Link |\n|---|---|\n| Installation |\n|\n\n[docs/getting-started/quickstart.md](/Tako-Research/TakoVM/blob/main/docs/getting-started/quickstart.md)[docs/getting-started/configuration.md](/Tako-Research/TakoVM/blob/main/docs/getting-started/configuration.md)[docs/api/rest.md](/Tako-Research/TakoVM/blob/main/docs/api/rest.md)[docs/api/sdk.md](/Tako-Research/TakoVM/blob/main/docs/api/sdk.md)[docs/guide/environments.md](/Tako-Research/TakoVM/blob/main/docs/guide/environments.md)[docs/guide/filesystem-and-caches.md](/Tako-Research/TakoVM/blob/main/docs/guide/filesystem-and-caches.md)[docs/deployment/security.md](/Tako-Research/TakoVM/blob/main/docs/deployment/security.md)[docs/deployment/how-to-deploy.md](/Tako-Research/TakoVM/blob/main/docs/deployment/how-to-deploy.md)[tako_vm.yaml.example](/Tako-Research/TakoVM/blob/main/tako_vm.yaml.example)Tako VM runs untrusted, often AI-generated, code, so isolation is the core of the project. It uses layered defenses: gVisor (userspace kernel), per-job ephemeral Docker containers, a default-deny seccomp profile, network isolation (`--network=none`\n\nby default), capability dropping, non-root execution, and enforced resource and input limits.\n\nFor untrusted workloads in production, set `security_mode: strict`\n\nwith `container_runtime: runsc`\n\n. The default `permissive`\n\nmode falls back to standard Docker (`runc`\n\n) if gVisor is unavailable, which removes the userspace-kernel boundary.\n\nSee [SECURITY.md](/Tako-Research/TakoVM/blob/main/SECURITY.md) for the threat model and hardening guidance, and [docs/deployment/security.md](/Tako-Research/TakoVM/blob/main/docs/deployment/security.md) for full details.\n\n**Found a vulnerability?** Report it privately via the [Security tab](https://github.com/Tako-Research/TakoVM/security) → **Report a vulnerability**. Please do not open public issues for security findings.\n\nContributions are welcome! See [CONTRIBUTING.md](/Tako-Research/TakoVM/blob/main/CONTRIBUTING.md) for dev setup, testing, and PR conventions. Good entry points are issues labeled [ good first issue](https://github.com/Tako-Research/TakoVM/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22), and\n\n[Discussions](https://github.com/Tako-Research/TakoVM/discussions)is open for questions and ideas.\n\nQuestions, feedback, or partnership inquiries? Reach out to [seiji@intencion.io](mailto:seiji@intencion.io).\n\nApache License 2.0", "url": "https://wpnews.pro/news/show-hn-takovm-open-source-sandboxing-for-your-agent-s-code", "canonical_source": "https://github.com/Tako-Research/TakoVM", "published_at": "2026-06-30 22:32:40+00:00", "updated_at": "2026-06-30 22:50:22.510667+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "developer-tools", "ai-infrastructure"], "entities": ["Tako Research", "TakoVM", "Docker", "gVisor", "PostgreSQL", "e2b", "daytona", "microsandbox"], "alternates": {"html": "https://wpnews.pro/news/show-hn-takovm-open-source-sandboxing-for-your-agent-s-code", "markdown": "https://wpnews.pro/news/show-hn-takovm-open-source-sandboxing-for-your-agent-s-code.md", "text": "https://wpnews.pro/news/show-hn-takovm-open-source-sandboxing-for-your-agent-s-code.txt", "jsonld": "https://wpnews.pro/news/show-hn-takovm-open-source-sandboxing-for-your-agent-s-code.jsonld"}}