OpenShell

OpenShell is NVIDIA's secure runtime environment for autonomous AI agents. It provides sandboxed containers that protect data, credentials, and infrastructure through declarative YAML policies. Each sandbox operates in isolation with minimal outbound access by default. Access is granted incrementally through policies that enforce controls at the HTTP method and path level. The runtime includes built-in tools for development, networking, and agent operations. OpenShell ships with agent skills for cluster debugging and policy generation. The architecture consists of a lightweight gateway that coordinates sandbox lifecycle and a policy engine that intercepts every outbound connection. Currently in alpha with single-player mode, it supports Docker-based sandboxes with pre-installed agents like Claude, OpenCode, and Codex. Future development targets multi-tenant enterprise deployments.

Use this tool if you:
• Need to run AI agents in isolated, secure environments with controlled network access
• Want fine-grained policy control over what agents can access and execute
• Require audit trails and governance for autonomous agent operations
• Are building multi-agent systems where each agent needs different permissions
• Want to prevent data exfiltration and unauthorized file access by default
• Need a runtime that treats security as foundational rather than optional