AI Agent Sandboxing with VoidBox

Most agent systems run tools in shared host processes. VoidBox takes a stricter model: declare capabilities as skills, then execute them inside isolated micro-VM boundaries.

1. Why this matters

Agents execute untrusted tool paths: shell commands, API clients, filesystem writes, and model-controlled side effects. Isolation is not optional if you want strong boundaries.

2. VoidBox model

VoidBox = Agent(Skills) + Isolation

• Skills define what the agent is allowed to do.
• Environment boundary defines where it can do it.
• Policy controls enforce limits while running.

3. Minimal setup

use void_box::agent_box::VoidBox;
use void_box::skill::Skill;

let agent = VoidBox::new("researcher")
    .skill(Skill::agent("claude-code"))
    .skill(Skill::mcp("hackernews-api"))
    .prompt("Summarize today's top HN stories")
    .memory_mb(1024)
    .network(true)
    .build()?;

let result = agent.run(None).await?;

4. Runtime truth

VoidBox runs claude-code as the canonical runtime. If you configure Ollama, you are still running Claude Code with a compatible provider backend.

5. Production checklist

• Use production guest image for runtime flows.
• Set kernel/initramfs explicitly.
• Enable run event collection and persistence for traceability.

6. Next

Continue with Docs for architecture, runtime model, and event schema.