13 Repos
Environments that restrict code execution to prevent unauthorized access to system or browser resources.
Distinguishing note: Focuses on runtime security and API restriction for custom scripts rather than general-purpose cryptography.
Explore 13 awesome GitHub repositories matching security & cryptography · Execution Sandboxes. Refine with filters or upvote what's useful.
Twenty is a headless customer relationship management framework that enables developers to build, version, and deploy custom business applications using code. By utilizing a declarative approach to data modeling, the platform allows for the definition of custom objects, fields, and complex relationships directly within the source code. This schema-driven architecture automatically generates corresponding REST and GraphQL APIs, ensuring that data structures and interface components remain synchronized across development and production environments. The platform distinguishes itself through a m
Isolate server-side logic in Node.js processes and client-side UI in Web Workers to ensure secure data access and controlled communication with the host environment.
DeepSeek-TUI is an AI coding agent orchestrator and framework designed to automate complex programming tasks. It functions as a harness for coordinating AI models that can read source code, edit files, and execute shell commands through automated agent workflows. The system is distinguished by its multi-agent coordination capabilities, which allow for the spawning of parallel sub-agents to handle concurrent investigations or implementation slices. It employs autonomous goal-seeking loops to pursue objectives across multiple turns and utilizes a tool integration gateway to connect models to ex
Provides a sandboxed environment with a hook system to control and approve external tool calls.
Kestra is a declarative workflow orchestrator designed to manage complex task dependencies and automated processes through versioned configuration files. It functions as a distributed platform that decouples task scheduling from execution by offloading computational workloads to a fleet of worker nodes. The system uses a reactive, event-driven engine to initiate workflows automatically in response to external signals, webhooks, schedules, or file system changes. The platform distinguishes itself through a modular plugin architecture that allows for the integration of custom tasks and external
Ensures security by running individual tasks within isolated, containerized environments.
This project is a Python-based framework that functions as a generative AI agent for programmatic data analysis. It enables users to interact with structured data sources through natural language prompts, translating these requests into executable code to perform analysis, data cleaning, and visualization. By maintaining conversational context across multi-turn interactions, the system allows for iterative exploration and the building of complex data narratives. The framework distinguishes itself through a robust semantic layer and secure execution model. It maps raw datasets to descriptive m
Executes generated data processing code within isolated, secure environments to prevent unauthorized system access during analysis.
Wasmer is a high-performance runtime engine designed to execute sandboxed WebAssembly modules across server-side, edge, and browser environments. It functions as a comprehensive platform for building, distributing, and running isolated applications, providing a secure and portable execution layer that maintains consistency across diverse hardware architectures and operating systems. The platform distinguishes itself through a robust toolchain that enables cross-language interoperability and the transformation of code into portable binary packages. It supports ahead-of-time binary generation t
Executes untrusted or legacy code within a restricted environment to prevent unauthorized system access while maintaining POSIX compatibility.
GitHub Copilot is an AI-powered development platform designed to integrate large language models directly into coding environments. It functions as an interactive assistant and an agentic workflow orchestrator, enabling developers to automate code generation, perform automated code reviews, and execute complex, multi-step development tasks through natural language prompts. The platform distinguishes itself through its autonomous agent capabilities, which allow for repository-level research, implementation planning, and code modifications across multiple files. It supports a modular architectu
Restricts file system access and command execution to trusted directories to prevent unauthorized modifications.
DeepCode is an agentic development framework designed to orchestrate autonomous AI agents for software engineering tasks. It functions as a multi-agent workflow orchestrator that translates natural language requirements into functional codebases by coordinating specialized agents for architectural planning, intent analysis, and implementation. The platform integrates multiple language models to power these automated routines, providing a unified environment for complex development projects. The system distinguishes itself through its ability to transform academic research papers into executab
Restricts agent access to system commands and file operations through permission-based wrappers to ensure secure workspace interaction.
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
Executes model-generated shell commands within a restricted sandbox environment to prevent unauthorized system access.
Gorilla is a foundational infrastructure framework for large language model function calling. It provides a system for training, evaluating, and executing the translation of natural language instructions into accurate API calls and executable code. The project integrates a structured API documentation index, a fine-tuning pipeline for model adaptation, and a secure sandboxed action runtime for executing model-generated commands. The framework distinguishes itself through a specialized evaluation benchmark suite that measures the accuracy, cost, and latency of function calls. It includes tools
Provides a secure runtime environment that restricts code execution to prevent system damage during action execution.
Expr is a high-performance expression evaluation engine and language for Go applications. It functions as a dynamic rule engine that parses and executes custom logic and data validations at runtime without requiring the application to be recompiled. The system utilizes a sandboxed logic executor to run expressions without side effects. It ensures program termination by employing instruction-level loop detection to prevent infinite loops and isolates the evaluation process from the host system. The engine employs a bytecode-based virtual machine and abstract syntax tree analysis to achieve ex
Restricts the execution environment of dynamic expressions to prevent unauthorized system access and infinite loops.
Rhai ist eine eingebettete Skript-Engine und eine dynamisch typisierte Sprache, die für die Integration in Rust-Anwendungen entwickelt wurde. Sie fungiert als Compiler für abstrakte Syntaxbäume (AST) und als native Interop-Schicht, die es Entwicklern ermöglicht, Rust-Typen und -Funktionen für eine bidirektionale Kommunikation in eine Skriptumgebung zu mappen. Das Projekt dient als Framework zur Erstellung anpassbarer domänenspezifischer Sprachen. Es erlaubt die Definition benutzerdefinierter Operatoren, Syntax und eingeschränkter Ausführungsumgebungen, was die Erstellung spezialisierter Sprachen mit maßgeschneiderten Funktionsumfängen ermöglicht. Die Engine deckt ein breites Spektrum an Funktionen ab, darunter ressourcenbeschränktes Sandboxing für sichere Ausführung, modulare Code-Organisation und umfassende Datenverarbeitung für numerische, String- und Binärtypen. Zudem bietet sie Werkzeuge für AST-Manipulation, Serialisierung des Ausführungszustands sowie Laufzeit-Observability durch Call-Stack-Inspektion und Debugging-Schnittstellen. Die Engine ist für den plattformübergreifenden Einsatz auf jeder CPU und jedem Betriebssystem konzipiert, das vom nativen Compiler unterstützt wird.
Implements an isolated runtime environment that restricts scripts from mutating the host or causing stack overflows.
OpenSquilla ist ein LLM-Agent-Orchestration-Framework zur Koordination mehrstufiger KI-Workflows und Tool-Ausführungen mittels gerichteter azyklischer Graphen. Es fungiert als zentrales System zur Verwaltung spezialisierter Skill-Pakete und zur Ausführung komplexer Reasoning-Sequenzen. Das Projekt zeichnet sich durch ein Routing-Gateway aus, das Aufgaben basierend auf Komplexität, Kosten und Performance an verschiedene KI-Anbieter weiterleitet. Es nutzt ein mehrstufiges KI-Gedächtnissystem, das Arbeits-, episodisches und semantisches Wissen mittels lokaler Embeddings und SQLite organisiert, sowie eine sichere Ausführungsumgebung (Sandbox), die Agent-generierten Code über risikobasierte Berechtigungsprofile isoliert. Die Plattform deckt ein breites Spektrum an Funktionen ab, einschließlich Multi-Channel-Deployment für Web- und Messaging-Plattformen, automatisierter Aufgabenplanung via Cron und einer Model Context Protocol-Bridge zur Anbindung externer Tools. Zudem bietet sie umfassende Monitoring- und Observability-Tools zur Verfolgung von Token-Kosten, zum Auditing von Laufzeitentscheidungen und zur Verwaltung eines Katalogs wiederverwendbarer Skills. Das System enthält CLI-Utilities für die Workspace-Initialisierung und das Skill-Lifecycle-Management.
Isolates agent-generated code and tool execution within sandboxes using risk-based permission profiles to protect the host system.
Scriban ist eine Text-Templating-Bibliothek und eine .NET-Skript-Engine zur dynamischen Textgenerierung. Sie fungiert als Template-Prozessor und sichere Skript-Sandbox und bietet eine sichere Ausführungsumgebung, die den Zugriff auf Objekte einschränkt, um unautorisierte Codeausführung zu verhindern. Das Projekt enthält zudem einen Template-Parser für abstrakte Syntaxbäume, der eine programmatische Analyse und Modifikation von Templates ermöglicht. Die Engine verfügt über eine dedizierte Liquid-Template-Engine und einen Kompatibilitätsmodus, der das Parsen, Ausführen und Konvertieren von Templates in Liquid-Syntax ermöglicht. Sie zeichnet sich durch ein Filter-System für Member-Zugriffe aus, das es Entwicklern erlaubt, Objekteigenschaften umzubenennen, zu verbergen oder zu filtern, um zu steuern, wie Daten innerhalb von Templates zugegriffen werden. Die Bibliothek deckt ein breites Spektrum an Funktionen ab, einschließlich asynchronem Template-Rendering, bedingter Logik und Iteration über Sammlungen. Sie bietet integrierte Dienstprogramme zur Datenmanipulation, wie mathematische Operationen, JSON-Konvertierung, Datums- und Zeitarithmetik sowie umfangreiche Textverarbeitung mittels regulärer Ausdrücke. Entwickler können die Engine durch die Definition eigener Funktionen und die Integration externer Klassen weiter erweitern. Das Projekt bietet eine sichere API-Oberfläche, um die Veröffentlichung als native Binärdatei via Native AOT zu unterstützen.
Provides a secure execution environment that restricts object exposure to prevent unauthorized code execution.