Security Model
Designed for untrusted code execution with short-lived runtime instances.
Security Controls
- Strict request validation (schema, encoding checks, payload size checks)
- Capability blocklist for risky imports/modules
- Max timeout enforcement and bounded polling
- Output truncation guardrails
- Rate limiting and in-flight concurrency guard
- Mandatory instance cleanup in finally
- Orphan catcher worker for stale runtime cleanup
- Optional API key enforcement for platform access
Runtime Isolation Principles
- No local evaluation of user code in the orchestrator process
- Code executes in isolated cloud runtime instances
- Execution instances are ephemeral and deleted after each run
Operational Recommendations
- Enable API key mode in production
- Rotate cloud and npm tokens regularly
- Monitor structured logs and orphan cleanup events
- Keep timeout and payload limits conservative
- Run deep validation periodically with npm run test:sdk:deep
Current Limits
- Supported languages: python, nodejs
- Max timeout default: 8000 ms
- Max code bytes default: 65536