13 مستودعات
Environments that restrict code execution to prevent unauthorized access to system or browser resources.
Distinguishing note: Focuses on runtime security and API restriction for custom scripts rather than general-purpose cryptography.
Explore 13 awesome GitHub repositories matching security & cryptography · Execution Sandboxes. Refine with filters or upvote what's useful.
Twenty is a headless customer relationship management framework that enables developers to build, version, and deploy custom business applications using code. By utilizing a declarative approach to data modeling, the platform allows for the definition of custom objects, fields, and complex relationships directly within the source code. This schema-driven architecture automatically generates corresponding REST and GraphQL APIs, ensuring that data structures and interface components remain synchronized across development and production environments. The platform distinguishes itself through a m
Isolate server-side logic in Node.js processes and client-side UI in Web Workers to ensure secure data access and controlled communication with the host environment.
DeepSeek-TUI is an AI coding agent orchestrator and framework designed to automate complex programming tasks. It functions as a harness for coordinating AI models that can read source code, edit files, and execute shell commands through automated agent workflows. The system is distinguished by its multi-agent coordination capabilities, which allow for the spawning of parallel sub-agents to handle concurrent investigations or implementation slices. It employs autonomous goal-seeking loops to pursue objectives across multiple turns and utilizes a tool integration gateway to connect models to ex
Provides a sandboxed environment with a hook system to control and approve external tool calls.
Kestra is a declarative workflow orchestrator designed to manage complex task dependencies and automated processes through versioned configuration files. It functions as a distributed platform that decouples task scheduling from execution by offloading computational workloads to a fleet of worker nodes. The system uses a reactive, event-driven engine to initiate workflows automatically in response to external signals, webhooks, schedules, or file system changes. The platform distinguishes itself through a modular plugin architecture that allows for the integration of custom tasks and external
Ensures security by running individual tasks within isolated, containerized environments.
This project is a Python-based framework that functions as a generative AI agent for programmatic data analysis. It enables users to interact with structured data sources through natural language prompts, translating these requests into executable code to perform analysis, data cleaning, and visualization. By maintaining conversational context across multi-turn interactions, the system allows for iterative exploration and the building of complex data narratives. The framework distinguishes itself through a robust semantic layer and secure execution model. It maps raw datasets to descriptive m
Executes generated data processing code within isolated, secure environments to prevent unauthorized system access during analysis.
Wasmer is a high-performance runtime engine designed to execute sandboxed WebAssembly modules across server-side, edge, and browser environments. It functions as a comprehensive platform for building, distributing, and running isolated applications, providing a secure and portable execution layer that maintains consistency across diverse hardware architectures and operating systems. The platform distinguishes itself through a robust toolchain that enables cross-language interoperability and the transformation of code into portable binary packages. It supports ahead-of-time binary generation t
Executes untrusted or legacy code within a restricted environment to prevent unauthorized system access while maintaining POSIX compatibility.
GitHub Copilot is an AI-powered development platform designed to integrate large language models directly into coding environments. It functions as an interactive assistant and an agentic workflow orchestrator, enabling developers to automate code generation, perform automated code reviews, and execute complex, multi-step development tasks through natural language prompts. The platform distinguishes itself through its autonomous agent capabilities, which allow for repository-level research, implementation planning, and code modifications across multiple files. It supports a modular architectu
Restricts file system access and command execution to trusted directories to prevent unauthorized modifications.
DeepCode is an agentic development framework designed to orchestrate autonomous AI agents for software engineering tasks. It functions as a multi-agent workflow orchestrator that translates natural language requirements into functional codebases by coordinating specialized agents for architectural planning, intent analysis, and implementation. The platform integrates multiple language models to power these automated routines, providing a unified environment for complex development projects. The system distinguishes itself through its ability to transform academic research papers into executab
Restricts agent access to system commands and file operations through permission-based wrappers to ensure secure workspace interaction.
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
Executes model-generated shell commands within a restricted sandbox environment to prevent unauthorized system access.
Gorilla is a foundational infrastructure framework for large language model function calling. It provides a system for training, evaluating, and executing the translation of natural language instructions into accurate API calls and executable code. The project integrates a structured API documentation index, a fine-tuning pipeline for model adaptation, and a secure sandboxed action runtime for executing model-generated commands. The framework distinguishes itself through a specialized evaluation benchmark suite that measures the accuracy, cost, and latency of function calls. It includes tools
Provides a secure runtime environment that restricts code execution to prevent system damage during action execution.
Expr is a high-performance expression evaluation engine and language for Go applications. It functions as a dynamic rule engine that parses and executes custom logic and data validations at runtime without requiring the application to be recompiled. The system utilizes a sandboxed logic executor to run expressions without side effects. It ensures program termination by employing instruction-level loop detection to prevent infinite loops and isolates the evaluation process from the host system. The engine employs a bytecode-based virtual machine and abstract syntax tree analysis to achieve ex
Restricts the execution environment of dynamic expressions to prevent unauthorized system access and infinite loops.
Rhai هو محرك برمجة نصية مضمن ولغة ذات كتابة ديناميكية مصممة للدمج في تطبيقات Rust. يعمل كمترجم لشجرة بناء الجملة المجردة (AST) وطبقة تداخل أصلية، مما يسمح للمطورين بربط أنواع ووظائف Rust ببيئة برمجة نصية للتواصل ثنائي الاتجاه. يعمل المشروع كإطار عمل لإنشاء لغات خاصة بالمجال (DSL) قابلة للتخصيص. يسمح بتعريف عوامل تشغيل مخصصة، وبناء جملة، وبيئات تنفيذ مقيدة، مما يتيح إنشاء لغات متخصصة ذات مجموعات وظيفية مصممة خصيصاً. يغطي المحرك مجموعة واسعة من القدرات بما في ذلك الحماية (Sandboxing) المحدودة الموارد للتنفيذ الآمن، وتنظيم الكود المعياري، ومعالجة البيانات الشاملة للأنواع الرقمية والنصية والثنائية. كما يوفر أدوات لمعالجة AST، وتسلسل حالة التنفيذ، وقابلية المراقبة في وقت التشغيل من خلال فحص مكدس الاستدعاءات وواجهات التصحيح. تم تصميم المحرك للنشر عبر المنصات على أي وحدة معالجة مركزية أو نظام تشغيل مدعوم من المترجم الأصلي.
Implements an isolated runtime environment that restricts scripts from mutating the host or causing stack overflows.
OpenSquilla هو إطار عمل لتنسيق وكلاء LLM مصمم لتنسيق سير عمل الذكاء الاصطناعي متعدد الخطوات وتنفيذ الأدوات باستخدام الرسوم البيانية الموجهة غير الدورية (DAGs). يعمل كنظام مركزي لإدارة حزم المهارات المتخصصة وتنفيذ تسلسلات التفكير المعقدة. يتميز المشروع ببوابة توجيه توجه المهام إلى مزودي ذكاء اصطناعي مختلفين بناءً على التعقيد والتكلفة والأداء. يستخدم نظام ذاكرة ذكاء اصطناعي متعدد المستويات ينظم المعرفة العاملة والعرضية والدلالية باستخدام التضمينات المحلية و SQLite، إلى جانب بيئة تنفيذ آمنة تعزل الكود الذي تم إنشاؤه بواسطة الوكيل عبر ملفات تعريف أذونات قائمة على المخاطر. تغطي المنصة مجموعة واسعة من الإمكانيات، بما في ذلك النشر متعدد القنوات على الويب ومنصات المراسلة، وجدولة المهام الآلية عبر cron، وجسر بروتوكول سياق النموذج (Model Context Protocol) للاتصال بالأدوات الخارجية. كما يوفر أدوات مراقبة شاملة لتتبع تكاليف الرموز (Tokens)، وتدقيق قرارات وقت التشغيل، وإدارة كتالوج للمهارات القابلة لإعادة الاستخدام. يتضمن النظام أدوات سطر أوامر لتهيئة مساحة العمل وإدارة دورة حياة المهارات.
Isolates agent-generated code and tool execution within sandboxes using risk-based permission profiles to protect the host system.
Scriban is a text templating library and .NET scripting engine used for dynamic text generation. It functions as a template processor and a safe scripting sandbox, providing a secure execution environment that restricts object exposure to prevent unauthorized code execution. The project also includes an abstract syntax tree template parser that allows for programmatic template analysis and modification. The engine features a dedicated Liquid template engine and compatibility mode, allowing it to parse, execute, and convert templates written in Liquid syntax. It distinguishes itself through a
Provides a secure execution environment that restricts object exposure to prevent unauthorized code execution.