Sandboxing
Firecracker/gVisor container. No filesystem access outside workspace. No network beyond allowlist. CPU/memory caps.
Advertisement
Package restrictions
Preinstalled safe packages. Block pip install of arbitrary. Sanitized dependency list.
Advertisement
Time limits
Kill after 60s. Prevents runaway loops + cryptomining.
File system
Ephemeral tmpfs. Data explicitly imported, results explicitly exported. No persistent state.