As AI systems increasingly execute code produced by models or third‑party plugins, predictable and auditable containment becomes essential. MXC centralizes sandboxing by exposing a single JSON policy schema and a TypeScript SDK that can target native process sandboxes, Linux container tools, macOS seatbelt, or lightweight microVMs — letting teams define one policy that behaves consistently across hosts.
What Sets It Apart
- Cross‑platform backend layering — MXC maps the same policy model onto multiple containment primitives (processcontainer, bubblewrap, LXC, microVMs, Windows Sandbox, etc.), so teams don’t need bespoke policies per OS. This reduces policy drift when you run model-generated code on diverse hosts.
- Policy‑first, JSON schema — sandbox behavior (filesystem, network, UI, timeouts) is expressed in a versioned JSON schema, enabling policy generation, review, and automated tests as part of CI. That makes audits and reproducibility easier than ad‑hoc per‑host scripts.
- State‑aware lifecycle and SDK — beyond one‑shot execution, MXC supports provision→start→exec→stop→deprovision lifecycles via its TypeScript SDK, which helps manage long‑lived sessions and repeatable interactions with tools or agents.
- Diagnostics and pragmatic tradeoffs — the project includes debug logging and ETW hooks (Windows) to help triage containment failures; it also surfaces which features are experimental so integrators can weigh stability vs capability.
Who It's For and Tradeoffs
Great fit if you need a repeatable, reviewable containment layer for running untrusted model outputs, plugins, or third‑party tools across Windows, Linux, and macOS and want to express policies as code. It suits engineering teams embedding sandboxed execution into CI, agents, or hosted runtimes.
Look elsewhere if you need a hardened production security boundary today — MXC is an early preview and the README explicitly warns some generated policies are overly permissive. Also note feature gaps: some network/filesystem controls vary by platform and several backends are experimental, so expect platform-specific limitations during early adoption.
