OpenShell Releases v0.0.33, Adds libkrun Micro VM Driver to NVIDIA's AI Agent Sandbox

According to monitoring by Beating, NVIDIA’s open-source AI Agent sandbox runtime OpenShell has released v0.0.33. The project manages file access, data exfiltration, and network requests within the sandbox through YAML policy, providing secure isolation for autonomous agents running code. This version introduces the libkrun standalone computing driver and reinforces the sandbox’s seccomp filtering, inference routing, and process count limits. Previously, OpenShell’s computing backend was Kubernetes, running on a K3s cluster within a single Docker container. Libkrun is a micro VM library based on KVM, with startup speeds close to containers and isolation levels aligned with virtual machines. For untrusted code executed by agents, this adds an extra kernel-level boundary compared to containers. The project has accumulated 5.2k stars on GitHub and is licensed under Apache 2.0. The official README indicates that it is still in the alpha stage and currently only supports a single-player mode for one developer, one environment, and one gateway.