AI Sandbox Manager: LXC-Based Sandbox for Codex with GPU Passthrough and Computer Use on Headless Linux
A developer frustrated with the default Codex sandbox built ai-sandbox-manager, an LXC-based sandbox framework that gives AI agents (Codex) full sudo access and GPU passthrough while keeping them isolated from the host OS. The project is a proof of concept, tested on the DGX Spark (NVIDIA's unified architecture where GPU passthrough to VMs is problematic), but with minimal modifications it should work on macOS or Windows WSL.
Key Features
- LXC containers instead of full VMs – multiple instances can share a GPU, enabling parallel agent runs (e.g., training tiny models for different features autonomously).
- GPU passthrough works even on DGX Spark, where traditional VM GPU passthrough is not possible.
- Persistent environment – set up once (install software, log into accounts, copy .env files), save as a template, then spin up copies on demand.
- Computer use on headless Linux via CUA (which normally lacks Linux desktop support).
- Sudo access for the agent – install packages, run commands, test Docker containers – without risking the host.
- Git push prevention hook – prevents the agent from force-pushing or rewriting history (currently blocks all pushes; planned refinement to only block force-pushes).
- Multiple parallel browser/development sessions – each agent gets its own desktop, viewable via a desktop interface.
How It Works
The core idea: set up a VM-like environment as an LXC container, configure it with everything the agent needs, save the image as a template, then clone it for each agent session. This approach avoids the resource sharing limitations of true VMs while still providing strong isolation.
Quick Start
Clone the repo from GitHub and follow the setup instructions in the README. The framework is designed for headless Linux, particularly the DGX Spark, but is adaptable to other host systems.
Who It's For
Developers running Codex (or similar AI coding agents) who want a safe, repeatable sandbox with GPU access and full system control for the agent, without risking the host OS.
📖 Read the full source: r/LocalLLaMA
👀 See Also
Developer shares CLI tools that work well with Claude Code
A developer switched from MCPs to CLIs for working with Claude Code, finding that Claude handles CLI commands effectively due to training on shell scripts and documentation. They shared specific CLIs they use daily, including gh, ripgrep, stripe, supabase, vercel, sentry-cli, and neon.
Ssemble MCP Server Enables Claude to Generate Short-Form Videos from YouTube
A new MCP server for Ssemble AI Clipping allows Claude to create TikTok/Reels/Shorts-style videos from YouTube URLs with AI-generated clips, caption templates, music tracks, and overlays. Setup involves adding configuration to Claude Desktop or using a hosted endpoint.
idea-reality-mcp: MCP server checks for existing tools before Claude writes code
A developer built an MCP server called idea-reality-mcp that scans GitHub repos, Hacker News discussions, npm packages, and PyPI before Claude writes any code, returning a 'reality signal' score from 0-100 indicating market competition.
Qwen 3.5 Chat Template Release with 21 Bug Fixes for Agent Workflows
A developer has released a fixed chat template for Qwen 3.5 models, addressing 21 bugs including tool calling crashes, parallel call separation, and agent loop stability. It's a drop-in replacement tested on llama.cpp, Open WebUI, vLLM, and other platforms.