Open Source · v0.0.1

Every agent gets
a sandbox.

Isolated execution environments for AI coding agents. Spawn, snapshot, fork — at the speed of thought.

1× value → 100× agents → 100,000× sandboxes

context-hosting

$ ctx run --agent codex --dangerous
 Pulling agent image...
✓ Sandbox created id=sbx_7f3a9k2
✓ Agent connected model=codex-1
✓ Filesystem mounted /workspace
✓ Network isolated egress=filtered
$ ctx attach sbx_7f3a9k2 --repl
[sbx_7f3a9k2] codex> analyzing repository structure...
[sbx_7f3a9k2] codex> running tests... 18/18 passed
$ ctx save sbx_7f3a9k2 --label pre-refactor
✓ Checkpoint saved → pre-refactor
$ 

<50ms

Sandbox cold start

100k+

Concurrent sandboxes

∞

Snapshots per sandbox

Features

Everything an agent needs.
Nothing it doesn't.

Multi-agent support

Run Codex, Claude, and Gemini agents in isolated sandboxes. Connect via REPL or standard terminal.

ctx run --agent claude

Snapshot & restore

Save sandbox state at any point. Restart, fork, or roll back.

ctx save my-sandbox --label pre-refactor

Config management

Manage .env files and secrets. Attach configs to sandboxes. Version controlled, never leaked.

ctx config create prod --env-file prod.env

Local first

Everything happens on your machine. No cloud dependency, no external calls. Run it on a submarine, an air-gapped lab, or your laptop on a plane.

Docker in Docker

Agents can build, run, and compose containers inside their sandbox. Full Docker daemon access — isolated per agent. Test pipelines, spin up services, run CI locally.

Auditability

Every keystroke, every plan, every output — logged. Full stdin/stdout capture, agent reasoning traces, tool calls, and resource usage. Replay any session.

Integrated harness

Hook into every agent decision point. Approval gates, resource limits, tool permissions — all wired into the platform. Connect policies via webhooks or built-in rules.

Live Sandboxes

0 active

RunningWarmIdle

Quick Start

Three commands. That's it.

From zero to running agent sandbox in under a minute.

Terminal Copy 
 # install curl -sSL https://context-hosting.com/install | sh # spin up an agent sandbox from your repo ctx run \
--agent codex \
--from github:your-org/your-repo \
--env .env.sandbox \
--dangerous # watch it work ctx attach sbx_latest --repl 

Stack

Boring tech. Reliable infra.

Proven primitives. No magic. Everything is inspectable.

KubernetesRustTypeScriptPostgreSQLDockergRPCOCI ContainersLinux namespacestmuxAxum

Principles

How we build.

Dangerous mode

Agents need real access. We give it to them — with isolation, not restriction.

Boring tech

K8s, Postgres, Linux. Proven primitives. No magic. Everything is inspectable.

Isolated by default

Every sandbox is a fortress. Network, filesystem, process — all contained.

Human in the loop

Attach anytime. REPL in. Override. Approve. The agent works for you.

Start building.

Open source. Self-hosted. Deploy in minutes.

$ curl -sSL context-hosting.com/install | sh

copy

View on GitHub Read the docs

Every agent gets a sandbox.

Everything an agent needs.Nothing it doesn't.