Sandboxing

Firecracker/gVisor container. No filesystem access outside workspace. No network beyond allowlist. CPU/memory caps.

Advertisement

Package restrictions

Preinstalled safe packages. Block pip install of arbitrary. Sanitized dependency list.

Advertisement

Time limits

Kill after 60s. Prevents runaway loops + cryptomining.

File system

Ephemeral tmpfs. Data explicitly imported, results explicitly exported. No persistent state.