What is Roche?
Roche is a universal sandbox orchestrator for AI agents. It provides a single abstraction (create / exec / destroy) over multiple sandbox providers with AI-optimized security defaults — network disabled, filesystem readonly, timeout enforced.
Named after Édouard Roche — the Roche limit is the inviolable physical boundary for celestial bodies; Roche is the inviolable execution boundary for code.
The Problem
Every AI agent framework independently integrates sandbox providers, creating an N×M complexity problem:
LangChain ──┐ ┌── Docker
CrewAI ───┤ N × M ├── E2B
AutoGen ───┘ └── Modal
Roche reduces this to N+M:
LangChain ──┐ ┌── Docker
CrewAI ───┤── Roche() ───├── Firecracker
AutoGen ───┘ └── WASM
Features
- AI-safe defaults — network off, readonly filesystem, 300s timeout
- Multi-provider — Docker, Firecracker, WASM behind a unified API
- CLI + SDKs —
rochebinary + Python & TypeScript SDKs - Framework-agnostic — works with LangChain, CrewAI, AutoGen, OpenAI Agents SDK, Anthropic API, Camel-AI
- Zero config — sensible defaults, opt-in for permissions
Quick Example
from roche_sandbox import Roche
roche = Roche()
with roche.create(image="python:3.12-slim") as sandbox:
output = sandbox.exec(["python3", "-c", "print('Hello from Roche!')"])
print(output.stdout) # Hello from Roche!
# sandbox auto-destroyed
Relationship to Castor
Castor and Roche are orthogonal — they solve different layers of the AI agent security stack:
| Layer | Tool | Purpose |
|---|---|---|
| Logical | Castor | Capability budgets, HITL approval, checkpoint/replay |
| Physical | Roche | Process/container/VM isolation |
Operators can use both, either, or neither. Castor manages what tools an agent can call. Roche manages what system resources that code can access.
Next Steps
- Installation — install the CLI and SDKs
- Quickstart — create and run a sandbox in 2 minutes
- Core Concepts — understand providers, security defaults, and transport
- Framework Integration — use Roche with your agent framework