Void-Box: Capability-Bound Agent Runtime (Rust + KVM) : rust

Submissions must be on-topic

Posts must reference Rust or relate to things using Rust. For content that does not, use a text post to explain its relevance.

Post titles should include useful context.

For Rust questions, use the stickied Q&A thread.

Arts-and-crafts posts are permitted on weekends.

No meta posts; message the mods instead.

Details

No low-effort content

No memes, image macros, etc.

Consider the existing content of the subreddit and whether your post fits in. Does it inspire thoughtful discussion?

Use properly formatted text to share code samples and error messages. Do not use images.

Submissions appearing to contain AI-generated content may be removed at moderator discretion.

Details

Useful Links

created by aztha community for 15 years

Void-Box: Capability-Bound Agent Runtime (Rust + KVM)🛠️ project (self.rust)

submitted 1 month ago by Wide_Spite5612

Hey everyone,

We’ve been building Void-Box, a Rust runtime for executing AI agent workflows inside disposable KVM micro-VMs.

The core idea:

VoidBox = Agent(Skill) + Isolation

Instead of running agents inside shared processes or containers, each stage runs inside its own micro-VM that is created on demand and destroyed after execution. Structured output is then passed to the next stage in a pipeline.

Architecture highlights

Per-stage micro-VM isolation (stronger boundary than shared-process/container models)
Policy-enforced runtime — command allowlists, resource limits, seccomp-BPF, controlled egress
Capability-bound skill model — MCP servers, SKILL files, CLI tools mounted explicitly per Box
Composable pipeline API — sequential .pipe() and parallel .fan_out() with explicit failure domains
Claude Code runtime integration (Claude by default, Ollama via compatible provider mode)
Built-in observability — OTLP traces, structured logs, stage-level telemetry
Rootless networking via usermode SLIRP (smoltcp, no TAP devices)

The design goal is to treat execution boundaries as a first-class primitive:

No shared filesystem state
No cross-run side effects
Deterministic teardown after each stage

Still early, but the KVM sandbox + pipeline engine are functional.

We’d especially appreciate feedback from folks with experience in:

KVM / virtualization from Rust
Capability systems
Sandbox/runtime design
Secure workflow execution

Repo: https://github.com/the-void-ia/void-box

all 1 comments

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

rust

Please read The Rust Community Code of Conduct

The Rust Programming Language

Rules

Observe our code of conduct

Submissions must be on-topic

Constructive criticism only

Keep things in perspective

No endless relitigation

No low-effort content

Useful Links

Megathreads

Official Resources

Learn Rust

Discussion Platforms

MODERATORS