Manus has no secrets? Sandbox code reverse engineered, open source~
Deeply reveal the Manus sandbox code and uncover the secrets of the intelligent body.
Core content:
1. Cracking and open source of the Manus sandbox code
2. Analysis of the role of the sandbox code and system architecture
3. Introduction to the key components of the project and the FastAPI service layer
Last week, manus' sandbox code was induced and available for download in a package.
Manus has no moat? It has been cracked and all codes can be downloaded!
However, after downloading and opening, although start_server.py can be run directly, the entire code project is encrypted~
The code is encrypted by pyarmor, which is very troublesome to reverse normally. So I replied to all the previous messages and waited for the big guys to open source it. Then he came~
Next, let’s take a look at the implementation logic of this project!
Now it's all in plain text
First of all, it should be noted that the sandbox code is not the real code of manus. It just provides a safe and isolated container for the big model so that it can interact with the terminal and browser. It acts as a bridge between the big model and resources, allowing AI to autonomously run terminal commands, browser operations, edit text, etc.
System Architecture
┌────────────────────────────┐ ┌───────────────────┐ ┌──────────────────────────────────────┐
│ │ │ │ │ Sandbox Container │
│ AI Agent (eg Claude) │ │ API Proxy │ │ │
│ │ │ │ │ ┌──────────┐ ┌─────────┐ ┌────────────┐ │
│ MANUS │ API Requests │ - Auth check │ │ │ │ │ │ │ │ │
│ │◄───────────────►│ - Rate limiting├─────►│ │ Terminal │ │ Browser │ │ File/Text │ │
│ │ & Responses │ - Routing │ │ │ Service │ │ Service │ │ Operations │ │
│ │ │ │ │ │ │ │ │ │ │ │
│ │ │ │ │ └────┬─────┘ └────┬────┘ └─────┬──────┘ │
└──────────────────────────┘ └───────────────────┘ │ │ │ │ │
x-sandbox-token │ │ │ │ │
authentication │ v v v │
│ ┌──────────────────────────────────────┐ │
│ │ FastAPI │ │
│ │ (app/server.py + router.py) │ │
│ └──────────────────────────────────────┘ │
│ │
└──────────────────────────────────────────┘
The entire project mainly includes the following key components:
1. API service layer
The project uses FastAPI to build an HTTP service (app/server.py), as the main entry point for AI to interact with the sandbox. All requests from AI will be processed by this layer and then routed to the corresponding functional module.
2. Terminal Services
The terminal service allows AI to directly execute shell commands and obtain output results in real time. For scenarios that require continuous interaction, it also provides real-time communication based on WebSocket (app/terminal_socket_server.py).
This functionality allows large models to:
Running Linux/Unix commands Installing Packages Operating the file system Execute programming language (Python, Node.js, etc.)
3. Browser Automation
Integration of the browser_use library. This is a modified open source library that allows AI to control browser behavior through an API.
browser_use mainly includes the following functional modules:
Agent class (browser_use/agent/service.py)
class Agent :
def __init__ (
self,
task: str,
llm: BaseChatModel,
browser: Browser | None = None,
# Other parameters...
) :
# Initialize components
async def run (self, max_steps: int = 100 ) -> AgentHistoryList:
# Main execution loop
# Process LLM output and perform actions
This class is the core of browser automation and is responsible for converting AI's instructions into specific browser operations.
Browser context
A series of methods are provided in context.py to allow AI to interact with web pages:
Navigate to a specific URL Click on a page element Entering text in a form Page Scrolling Extracting web content
system prompt (browser_use/agent/prompts.py)
This part should be the same as the original repository, but I haven't compared it carefully. It defines the instruction set that tells AI how to interact with the browser, including:
Response format specification (JSON structure) Rules for interacting with browser elements Navigation and Error Handling Guidelines Task completion criteria
How does the AI communicate with the sandbox?
Communication process between AI and sandbox:
AI formulates requests :
AI decides to perform an action (such as running a terminal command or browsing a web page) Construct appropriate requests according to the API specification
Request transfer :
AI sends HTTP request to the proxy service ( https://api.manus.im/apiproxy.v1.ApiProxyService/CallApi)Certification :
The request contains the API token ( x-sandbox-tokenhead)The token will be stored in $HOME/.secrets/sandbox_api_tokenVerify the value inRequest processing :
The sandboxed FastAPI server receives and processes the request Routing requests to the appropriate services (terminal, browser, file operations) Return response :
Format the operation results as JSON or binary data Send the response back to the AI
For example, the process of AI executing a shell command is as follows:
┌─────────────┐ ┌───────────────┐ ┌──────────────────┐
│ │ 1. HTTP request │ │ 2. Routing to │ │
│ AI Agent │──────────────────►│ Sandbox API │─────────────►│ Terminal Services │
│ │ │ (FastAPI) │ │ │
│ │◄────────────────│ │◄───────────────│ │
└─────────────┘ 4. JSON response └───────────────┘ 3. Execute command └──────────────────┘
Actual application scenarios
Through this sandbox environment, large models such as Claude can perform operations such as web page automation, development and debugging code, execution of system instructions, and management of file processes.
