Secure Code Execution for AI Agents

Run untrusted code safely with fine-grained permissions, multiple isolation backends, and comprehensive audit logging.

View on GitHub See Examples

Key Features

🔒

Permission System

Fine-grained control over file, network, and process access with glob patterns, port restrictions, and command filtering.

📦

Multiple Isolation Backends

Choose between process-based isolation for speed or container-based isolation for maximum security.

📋

Audit Logging

Track all sandbox operations with filtering, export capabilities, and real-time callbacks for monitoring.

🛡

Pattern Detection

Automatically detect and block dangerous code patterns like subprocess calls, network access, and dynamic imports.

Resource Limits

Configure timeout, memory limits, and output size constraints to prevent resource exhaustion.

🔗

Multi-Language Support

Execute Python, JavaScript (Node.js), Ruby, and shell scripts in the same sandbox environment.

Code Examples

Basic Usage
from agent_sandbox import Sandbox, create_sandbox

# Create sandbox with default settings
sandbox = Sandbox()

# Execute code safely
result = sandbox.execute('print("Hello!")')
print(result.stdout)  # Hello!

# Use helper for common configs
sandbox = create_sandbox(
    timeout=60.0,
    allow_file_read=True,
    allowed_paths=["/tmp/*"],
)
Permission Configuration
from agent_sandbox.permissions import (
    PermissionSet, FilePermission,
    NetworkPermission, PermissionLevel,
)

permissions = PermissionSet()

# File permissions with patterns
permissions.add(FilePermission(
    level=PermissionLevel.READ,
    allowed_paths=["/data/*"],
    denied_paths=["/data/secrets/*"],
))

# Network with host control
permissions.add(NetworkPermission(
    allow_outbound=True,
    allowed_hosts=["api.openai.com"],
))
Code Validation
from agent_sandbox import Sandbox

sandbox = Sandbox()

# Validate without executing
result = sandbox.validate('''
import subprocess
subprocess.run(["rm", "-rf", "/"])
''')

if not result["valid"]:
    for issue in result["issues"]:
        print(f"Blocked: {issue['pattern']}")
        print(f"Reason: {issue['reason']}")
Audit Logging
from agent_sandbox.audit import AuditLog

def on_denied(entry):
    if not entry.allowed:
        print(f"DENIED: {entry.action}")

audit = AuditLog(on_entry=on_denied)

# Get summary statistics
summary = audit.get_summary()
print(f"Total: {summary['total_entries']}")
print(f"Denied: {summary['denied']}")

# Export for analysis
audit.export_to_file("audit.jsonl")

Architecture

API Layer

Sandbox
SandboxConfig
create_sandbox()

Execution Layer

CodeExecutor
ExecutionContext
Pattern Detection

Permission Layer

FilePermission
NetworkPermission
ProcessPermission

Isolation Layer

ProcessIsolation
ContainerIsolation

Audit Layer

AuditLog
AuditEntry
Export/Filter

Security Features

Default Deny

All permissions denied by default

Pattern Blocking

Dangerous patterns blocked pre-execution

Path Filtering

Glob patterns for file access control

Network Control

Host and port-level restrictions

Resource Limits

Prevent resource exhaustion attacks

Complete Audit Trail

Every operation logged for review

API Reference

Class Description
Sandbox Main sandbox interface for executing code
SandboxConfig Configuration dataclass for sandbox settings
SandboxResult Execution result with status, output, and metadata
PermissionSet Collection of permissions for enforcement
FilePermission File system access control with glob patterns
NetworkPermission Network access control with host/port filtering
ProcessPermission Process spawning control with command filtering
ProcessIsolation Subprocess-based isolation backend
ContainerIsolation Docker-based isolation for maximum security
CodeExecutor Low-level executor with permission checking
AuditLog Thread-safe audit logging with filtering