Vouch Request: BoxLite VM runtime backend integration

[DorianZheng]

Hi maintainers,

I'm Dorian Zheng, maintainer of BoxLite — a lightweight VM runtime for secure, isolated code execution (think "SQLite for sandboxing").

What I want to contribute

I'd like to add BoxLite as an optional VM-based sandbox runtime backend in openshell-sandbox, feature-gated behind a boxlite Cargo feature. The implementation is ready — see issue #421 and the closed PR #424 for full details.

Why this matters

OpenShell's sandbox isolation currently relies on Linux kernel primitives (Landlock, seccomp, network namespaces). This works great on Linux, but:

• macOS gets zero isolation — sandbox::apply() is a no-op that just logs a warning
• Kernel-level only — for regulated environments or multi-tenant workloads, hardware-level VM isolation provides a stronger security boundary

BoxLite fills both gaps:

• Runs on macOS ARM64 (via Hypervisor.framework) and Linux (via KVM)
• Provides hardware-level memory isolation — the guest runs its own kernel
• Runs the same OCI container images OpenShell already uses
• Async-first Rust API — same tech stack

Scope of changes

The change is additive and non-breaking:

• New runtime module with enum dispatch (Process | Boxlite)
• Communicates with BoxLite via REST API (no native dependency conflicts)
• Existing behavior is completely unchanged when the feature isn't enabled
• CLI flag: --runtime boxlite or OPENSHELL_RUNTIME=boxlite

Both projects share the core use case — safe execution environments for AI agents — so this integration is a natural fit.

Happy to answer any questions. Thanks for considering!

[DorianZheng]

Hi @drew. Would you like to take a look on my proposal?