Capability-Bound Agent Runtime

Composable agent runtime with enforced isolation boundaries

Skills are declared capabilities.
Capabilities only exist when bound to an isolated execution boundary.

VoidBox = Agent(Skills) + Isolation

KVM micro-VM isolation Agent-native skills Claude Code runtime Pipeline composition Snapshot / restore OCI containers Host mounts

Get Started GitHub

rust

use void_box::agent_box::VoidBox;
use void_box::skill::Skill;
use void_box::llm::LlmProvider;

// Skills = declared capabilities
let hn_api = Skill::file("skills/hackernews-api.md")
    .description("HN API via curl + jq");

let reasoning = Skill::agent("claude-code")
    .description("Autonomous reasoning and code execution");

// VoidBox = Agent(Skills) + Isolation
let researcher = VoidBox::new("hn_researcher")
    .skill(hn_api)
    .skill(reasoning)
    .llm(LlmProvider::ollama("qwen3-coder"))
    .memory_mb(1024)
    .network(true)
    .prompt("Analyze top HN stories for AI engineering trends")
    .build()?;

hackernews_agent.yaml

# hackernews_agent.yaml
api_version: v1
kind: agent
name: hn_researcher

sandbox:
  mode: auto
  memory_mb: 1024
  network: true

llm:
  provider: ollama
  model: qwen3-coder

agent:
  prompt: "Analyze top HN stories for AI engineering trends"
  skills:
    - "file:skills/hackernews-api.md"
    - "agent:claude-code"
  timeout_secs: 600

$ voidbox run --file hackernews_agent.yaml

hn_researcher agent — live HN analysis with Ollama + Claude Code skills, running inside a KVM micro-VM

Why Choose VoidBox?

Agent runtime boundaries with the simplicity of declarative skills.

Hardware Isolated

Stronger than shared-process agents

Each run executes behind a micro-VM boundary, reducing cross-run blast radius.

Composable Runtime

Multi-stage agents, explicitly bounded

Compose single agents into pipelines with isolated stages.

Skill-Native

Capabilities declared, not improvised

MCP servers, SKILL files, and CLI tools are mounted as explicits skills.

Policy Enforced

Execution is constrained by design

Command allowlist, resource limits, seccomp, and controlled egress apply at runtime.

Claude Code Native Runtime

Canonical execution model

VoidBox runs claude-code by default. Ollama operates via Claude-compatible provider mode.

Observability Native

First-class Opentelemetry support

Per-stage traces, metrics, structured logs, and telemetry are emitted by design via OpenTelemetry.

How It Works

Three steps from declaration to isolated execution.

Declare Skills

Define capabilities as MCP servers, SKILL files, CLI tools, or OCI images. Skills are what your agent can do.

Define Sandbox

Set memory, vCPUs, network access, and mounts. Each sandbox is a hardware-isolated micro-VM boundary.

Run Isolated

VoidBox boots a micro-VM, provisions skills, runs claude-code, and returns results. No shared kernel. No escape surface.

Install

One command. Binary + kernel + initramfs — everything bundled.

Shell installer

Linux & macOS — recommended

curl -fsSL https://raw.githubusercontent.com/the-void-ia/void-box/main/scripts/install.sh | sh

Homebrew

macOS

brew tap the-void-ia/tap
brew install voidbox

Debian / Ubuntu

amd64 & arm64

curl -fsSLO https://github.com/the-void-ia/void-box/releases/download/v0.1.2/voidbox_0.1.2_amd64.deb
sudo dpkg -i voidbox_0.1.2_amd64.deb

Fedora / RHEL

x86_64 & aarch64

sudo rpm -i https://github.com/the-void-ia/void-box/releases/download/v0.1.2/voidbox-0.1.2-1.x86_64.rpm

Linux x86_64 Linux aarch64 macOS aarch64

v0.1.2 · All releases →

See It In Action

Real agent runs inside hardware-isolated micro-VMs.

Claude Code — interactive shell inside a VoidBox micro-VM

Code review pipeline — multi-stage analysis with fan-out