Skip to content

firebox

Personal microVM sandbox-as-a-service. Spin up isolated Firecracker microVMs from Python or any MCP-aware agent, drive a real Chromium inside, throw them away when done.

flowchart LR
    A["Your client / agent / MCP"] -- HTTP + bearer --> D["firebox-daemon"]
    D --> V1["microVM"]
    D --> V2["microVM"]
    D --> V3["microVM"]
    V1 -.fbr0 NAT.-> Net((Internet))
    V2 -.fbr0 NAT.-> Net
    V3 -.fbr0 NAT.-> Net

    classDef sandbox fill:#ff7043,stroke:#bf360c,color:#fff
    class V1,V2,V3 sandbox

What you get

  • ~170 ms cold start on bare-metal KVM
  • Real isolation — each sandbox is a Firecracker microVM with its own kernel, RAM, rootfs, and network namespace
  • One Python SDK that talks HTTP — no SSH, no Playwright on the caller
  • Multi-tenant from day one — per-token quotas, scoped sandbox visibility, admin / user roles
  • MCP server so Claude Desktop, Cursor, or any MCP-aware agent gets 22 native tools the moment you point it at the daemon
  • Stealth-by-default browser — passes bot.sannysoft.com fingerprint checks, real-Chrome TLS via curl_cffi, audio-captcha solver via local Whisper

Two-minute version

On a KVM-capable Linux box
curl -fsSL https://raw.githubusercontent.com/LovroK23/firebox/main/scripts/firebox-host-bootstrap.sh \
  | sudo bash
# → prints token + endpoint
From any laptop / server
pip install git+ssh://git@github.com/LovroK23/firebox.git
export FIREBOX_URL=https://firebox.example.com
export FIREBOX_TOKEN=<the-secret-printed-above>
firebox doctor
And you're cooking
from firebox.sandbox import Sandbox

with Sandbox.create(template="browser-use", ttl_seconds=600) as sb:
    sb.browser.start()
    sb.browser.navigate("https://example.com")
    print(sb.browser.text("h1"))   # → "Example Domain"

Where to next?

Spin up your first sandbox end-to-end in five minutes.

Every capability with a 5-line example: run, stream, files, browser, http, search, audio, captcha.

Worked patterns: web research, code interpreter, scraping, lead-gen, multi-turn sessions, MCP plug-in.

Daemon, in-VM agent, network bridge, registry. The whole flow.

Deploy the daemon on your own KVM box.

Multi-tenant access, scoped sandboxes, resource caps.

Every CLI subcommand, the full SDK surface, all 22 MCP tools.