Over the last year, a lot of “users” in event-driven systems have quietly changed shape. It is no longer just people clicking buttons or devices reporting telemetry. More and more, it is agents generating events as they plan, call tools, execute code, write files, hit external APIs, retry, fail, and try again. As soon as you let agents spawn subagents at will, the volume and granularity of those events can jump by an order of magnitude.
That shift creates a very practical requirement: you need a safe place for agents to run. In many real systems, “just put it in a container” is not a satisfying answer, especially when you are dealing with untrusted code execution and multi-tenant workloads. This is why we are partnering with BoxLite.
BoxLite is an embedded micro-VM sandbox designed for the exact messiness that shows up in agent workloads. You can spin up lightweight VMs (Boxes) and run OCI containers inside them, aiming for hardware-isolated boundaries without having to operate heavyweight VM infrastructure. It is explicitly positioned for agent sandboxes and multi-tenant code execution where Docker alone isn’t enough, and it leans into the developer ergonomics you want for agent runtimes, like daemonless, rootless, and fast boot. (If you want the implementation details first, start from the BoxLite GitHub repo.)
The part we want to emphasize most is BoxLite’s local-first fit. We believe local-first is where a big slice of the agent world is heading, not as a philosophical stance, but as an engineering reality. When agents can touch code, files, and credentials, running as much as possible in environments you control directly, including laptops, workstations, edge nodes, and private infra, gives you clearer boundaries and fewer surprises. BoxLite’s embed-it-and-sandbox approach maps well to that direction, and the project’s positioning on its site makes that intent explicit.
OpenClaw is a useful signal here. It is explicitly described as a personal assistant you run on your own devices, with a control plane separated from the device-local actions. That is a very concrete example of local-first agent design gaining momentum, and we think we will see more of it.
Where RisingWave comes in is straightforward. If agents are going to be one of the biggest event producers, then “agent behavior” needs to be treated like a first-class event stream. Secure execution is the prerequisite, and event streaming is how you keep the system observable and operable as it scales. Our partnership is about making those two pieces work together cleanly, so teams can let agents do real work without losing safety, visibility, or control.
If you want to start with BoxLite, the best place is the repo: https://github.com/boxlite-ai/boxlite
