AI Sandbox Manager: LXC-Based Sandbox for Codex with GPU Passthrough and Computer Use on Headless Linux
A developer frustrated with the default Codex sandbox built ai-sandbox-manager, an LXC-based sandbox framework that gives AI agents (Codex) full sudo access and GPU passthrough while keeping them isolated from the host OS. The project is a proof of concept, tested on the DGX Spark (NVIDIA's unified architecture where GPU passthrough to VMs is problematic), but with minimal modifications it should work on macOS or Windows WSL.
Key Features
- LXC containers instead of full VMs – multiple instances can share a GPU, enabling parallel agent runs (e.g., training tiny models for different features autonomously).
- GPU passthrough works even on DGX Spark, where traditional VM GPU passthrough is not possible.
- Persistent environment – set up once (install software, log into accounts, copy .env files), save as a template, then spin up copies on demand.
- Computer use on headless Linux via CUA (which normally lacks Linux desktop support).
- Sudo access for the agent – install packages, run commands, test Docker containers – without risking the host.
- Git push prevention hook – prevents the agent from force-pushing or rewriting history (currently blocks all pushes; planned refinement to only block force-pushes).
- Multiple parallel browser/development sessions – each agent gets its own desktop, viewable via a desktop interface.
How It Works
The core idea: set up a VM-like environment as an LXC container, configure it with everything the agent needs, save the image as a template, then clone it for each agent session. This approach avoids the resource sharing limitations of true VMs while still providing strong isolation.
Quick Start
Clone the repo from GitHub and follow the setup instructions in the README. The framework is designed for headless Linux, particularly the DGX Spark, but is adaptable to other host systems.
Who It's For
Developers running Codex (or similar AI coding agents) who want a safe, repeatable sandbox with GPU access and full system control for the agent, without risking the host OS.
📖 Read the full source: r/LocalLLaMA
👀 See Also
soul.py adds persistent memory to local LLMs with simple file-based approach
soul.py is a Python library that adds persistent memory to any LLM using two markdown files for identity and conversation logging, working with Ollama, OpenAI, and Anthropic models without requiring databases or servers.
ClawMetry adds remote monitoring with E2E encryption for OpenClaw agents
ClawMetry v0.1.0 now includes cloud sync for remote monitoring of OpenClaw agents from any browser or Mac menu bar app, with end-to-end encryption that keeps data encrypted until it reaches your client.
Learning-Kit: A Claude Code Plugin for Codebase Onboarding and Exploration
Learning-kit is a free Claude Code plugin that analyzes repositories to generate structured learning plans and interactive tutorials. It helps developers understand unfamiliar codebases before making changes, with configurable enforcement modes and progress tracking.
Nia-docs tool creates local filesystem from documentation URLs for Claude AI
The nia-docs tool lets you run npx nia-docs with a documentation URL to create a local filesystem of the docs, which Claude AI can then access directly without additional configuration.