daarion-admin/microdao-daarion
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
microdao-daarion/tools/safe_code_executor/docs
History
Apple 129e4ea1fc feat(platform): add new services, tools, tests and crews modules 
New router intelligence modules (26 files): alert_ingest/store, audit_store,
architecture_pressure, backlog_generator/store, cost_analyzer, data_governance,
dependency_scanner, drift_analyzer, incident_* (5 files), llm_enrichment,
platform_priority_digest, provider_budget, release_check_runner, risk_* (6 files),
signature_state_store, sofiia_auto_router, tool_governance

New services:
- sofiia-console: Dockerfile, adapters/, monitor/nodes/ops/voice modules, launchd, react static
- memory-service: integration_endpoints, integrations, voice_endpoints, static UI
- aurora-service: full app suite (analysis, job_store, orchestrator, reporting, schemas, subagents)
- sofiia-supervisor: new supervisor service
- aistalk-bridge-lite: Telegram bridge lite
- calendar-service: CalDAV calendar service with reminders
- mlx-stt-service / mlx-tts-service: Apple Silicon speech services
- binance-bot-monitor: market monitor service
- node-worker: STT/TTS memory providers

New tools (9): agent_email, browser_tool, contract_tool, observability_tool,
oncall_tool, pr_reviewer_tool, repo_tool, safe_code_executor, secure_vault

New crews: agromatrix_crew (10 modules: depth_classifier, doc_facts, doc_focus,
farm_state, light_reply, llm_factory, memory_manager, proactivity, reflection_engine,
session_context, style_adapter, telemetry)

Tests: 85+ test files for all new modules
Made-with: Cursor
2026-03-03 07:14:14 -08:00
..
README.md
feat(platform): add new services, tools, tests and crews modules
2026-03-03 07:14:14 -08:00

README.md

SafeCodeExecutor Documentation

Overview

SafeCodeExecutor is a sandboxed code execution engine for AI agents in the DAARION stack. It allows agents like Sofiia to execute code safely for engineering tasks (parsing, transformation, calculations) without access to secrets, network, or host filesystem.

Security Model

Isolation

  • Subprocess-based: Code runs in isolated subprocess
  • No network access: All network operations blocked
  • No filesystem access: Only temp directory for execution
  • Resource limits: CPU time, memory, output size

Blocked Imports (Python)

os, sys, subprocess, socket, requests, http, ftplib, smtplib,
pty, tty, termios, fcntl, importlib, pathlib, glob, shutil,
tempfile, cryptography, ssl, eval, exec, compile, open,
pickle, marshal, yaml, __import__, getattr, setattr

Allowed Imports

json, math, re, datetime, time, calendar, collections,
functools, itertools, random, statistics, string, base64,
hashlib, hmac, secrets, urllib.parse, html, xml.etree.ElementTree,
typing, types, copy, pprint, textwrap

Limits

Limit Default Max
Timeout 5s 30s
Memory 256MB 1GB
Stdout 64KB 1MB
Stderr 8KB 64KB

Usage

Python

from safe_code_executor import SafeCodeExecutor

executor = SafeCodeExecutor()

# Basic execution
result = executor.execute(
    language="python",
    code="""
import json
data = {"a": 1, "b": 2}
print(json.dumps({"sum": data["a"] + data["b"]}))
"""
)

print(result["status"])       # "succeeded"
print(result["stdout"])       # output
print(result["result_json"])  # parsed JSON

JavaScript

result = executor.execute(
    language="javascript",
    code="""
const data = {a: 1, b: 2};
console.log(JSON.stringify({sum: data.a + data.b}));
"""
)

API

POST /v1/tools/safe-exec

Execute code synchronously.

{
  "language": "python",
  "code": "print('hello')",
  "limits": {
    "timeout_ms": 3000,
    "max_memory_mb": 256
  }
}

Response:

{
  "status": "succeeded",
  "execution_id": "abc123",
  "stdout": "hello\n",
  "stderr": "",
  "result_json": null,
  "metrics": {
    "execution_time_ms": 45,
    "stdout_bytes": 6
  }
}

POST /v1/tools/safe-exec/async

Execute code asynchronously, returns job_id.

GET /v1/jobs/{job_id}

Get async job result.

Integration with Sofiia

# In Sofiia's tool registry
from safe_code_executor import SafeCodeExecutor

tools = {
    "safe_exec": SafeCodeExecutor()
}

Threat Model

What We Protect Against

  • Agent escaping sandbox to access host
  • Agent accessing secrets from environment
  • Agent making network calls
  • Agent reading sensitive files
  • Resource exhaustion attacks

What We Don't Protect Against

  • Malicious code that doesn't try to escape
  • Side-channel attacks
  • Timing attacks on specific operations

Running Locally

# Run unit tests
python tools/safe_code_executor/tests/test_unit.py

# Run security tests
python tools/safe_code_executor/tests/test_security.py

Production Deployment

For production, consider:

  1. Docker sandbox: Run each execution in ephemeral container
  2. gVisor: Lightweight kernel isolation
  3. firejail/nsjail: Process-level isolation
  4. Ephemeral VMs: Kata Containers for stronger isolation
Reference in New Issue View Git Blame Copy Permalink