13 repositorios
Environments that restrict code execution to prevent unauthorized access to system or browser resources.
Distinguishing note: Focuses on runtime security and API restriction for custom scripts rather than general-purpose cryptography.
Explore 13 awesome GitHub repositories matching security & cryptography · Execution Sandboxes. Refine with filters or upvote what's useful.
Twenty is a headless customer relationship management framework that enables developers to build, version, and deploy custom business applications using code. By utilizing a declarative approach to data modeling, the platform allows for the definition of custom objects, fields, and complex relationships directly within the source code. This schema-driven architecture automatically generates corresponding REST and GraphQL APIs, ensuring that data structures and interface components remain synchronized across development and production environments. The platform distinguishes itself through a m
Isolate server-side logic in Node.js processes and client-side UI in Web Workers to ensure secure data access and controlled communication with the host environment.
DeepSeek-TUI is an AI coding agent orchestrator and framework designed to automate complex programming tasks. It functions as a harness for coordinating AI models that can read source code, edit files, and execute shell commands through automated agent workflows. The system is distinguished by its multi-agent coordination capabilities, which allow for the spawning of parallel sub-agents to handle concurrent investigations or implementation slices. It employs autonomous goal-seeking loops to pursue objectives across multiple turns and utilizes a tool integration gateway to connect models to ex
Provides a sandboxed environment with a hook system to control and approve external tool calls.
Kestra is a declarative workflow orchestrator designed to manage complex task dependencies and automated processes through versioned configuration files. It functions as a distributed platform that decouples task scheduling from execution by offloading computational workloads to a fleet of worker nodes. The system uses a reactive, event-driven engine to initiate workflows automatically in response to external signals, webhooks, schedules, or file system changes. The platform distinguishes itself through a modular plugin architecture that allows for the integration of custom tasks and external
Ensures security by running individual tasks within isolated, containerized environments.
This project is a Python-based framework that functions as a generative AI agent for programmatic data analysis. It enables users to interact with structured data sources through natural language prompts, translating these requests into executable code to perform analysis, data cleaning, and visualization. By maintaining conversational context across multi-turn interactions, the system allows for iterative exploration and the building of complex data narratives. The framework distinguishes itself through a robust semantic layer and secure execution model. It maps raw datasets to descriptive m
Executes generated data processing code within isolated, secure environments to prevent unauthorized system access during analysis.
Wasmer is a high-performance runtime engine designed to execute sandboxed WebAssembly modules across server-side, edge, and browser environments. It functions as a comprehensive platform for building, distributing, and running isolated applications, providing a secure and portable execution layer that maintains consistency across diverse hardware architectures and operating systems. The platform distinguishes itself through a robust toolchain that enables cross-language interoperability and the transformation of code into portable binary packages. It supports ahead-of-time binary generation t
Executes untrusted or legacy code within a restricted environment to prevent unauthorized system access while maintaining POSIX compatibility.
GitHub Copilot is an AI-powered development platform designed to integrate large language models directly into coding environments. It functions as an interactive assistant and an agentic workflow orchestrator, enabling developers to automate code generation, perform automated code reviews, and execute complex, multi-step development tasks through natural language prompts. The platform distinguishes itself through its autonomous agent capabilities, which allow for repository-level research, implementation planning, and code modifications across multiple files. It supports a modular architectu
Restricts file system access and command execution to trusted directories to prevent unauthorized modifications.
DeepCode is an agentic development framework designed to orchestrate autonomous AI agents for software engineering tasks. It functions as a multi-agent workflow orchestrator that translates natural language requirements into functional codebases by coordinating specialized agents for architectural planning, intent analysis, and implementation. The platform integrates multiple language models to power these automated routines, providing a unified environment for complex development projects. The system distinguishes itself through its ability to transform academic research papers into executab
Restricts agent access to system commands and file operations through permission-based wrappers to ensure secure workspace interaction.
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
Executes model-generated shell commands within a restricted sandbox environment to prevent unauthorized system access.
Gorilla is a foundational infrastructure framework for large language model function calling. It provides a system for training, evaluating, and executing the translation of natural language instructions into accurate API calls and executable code. The project integrates a structured API documentation index, a fine-tuning pipeline for model adaptation, and a secure sandboxed action runtime for executing model-generated commands. The framework distinguishes itself through a specialized evaluation benchmark suite that measures the accuracy, cost, and latency of function calls. It includes tools
Provides a secure runtime environment that restricts code execution to prevent system damage during action execution.
Expr is a high-performance expression evaluation engine and language for Go applications. It functions as a dynamic rule engine that parses and executes custom logic and data validations at runtime without requiring the application to be recompiled. The system utilizes a sandboxed logic executor to run expressions without side effects. It ensures program termination by employing instruction-level loop detection to prevent infinite loops and isolates the evaluation process from the host system. The engine employs a bytecode-based virtual machine and abstract syntax tree analysis to achieve ex
Restricts the execution environment of dynamic expressions to prevent unauthorized system access and infinite loops.
Rhai es un motor de scripting embebido y lenguaje de tipado dinámico diseñado para integrarse en aplicaciones Rust. Funciona como un compilador de árboles de sintaxis abstracta (AST) y una capa de interoperabilidad nativa, permitiendo a los desarrolladores mapear tipos y funciones de Rust en un entorno de scripting para comunicación bidireccional. El proyecto sirve como framework para crear lenguajes específicos de dominio (DSL) personalizables. Permite definir operadores, sintaxis y entornos de ejecución restringidos, facilitando la creación de lenguajes especializados con conjuntos funcionales a medida. El motor cubre una amplia gama de capacidades, incluyendo sandboxing con límites de recursos para una ejecución segura, organización modular del código y procesamiento integral de datos para tipos numéricos, de cadena y binarios. También proporciona herramientas para la manipulación de AST, serialización del estado de ejecución y observabilidad en tiempo de ejecución mediante la inspección del stack de llamadas y interfaces de depuración. Está diseñado para despliegue multiplataforma en cualquier CPU o sistema operativo compatible con el compilador nativo.
Implements an isolated runtime environment that restricts scripts from mutating the host or causing stack overflows.
OpenSquilla es un framework de orquestación de agentes LLM diseñado para coordinar flujos de trabajo de IA de varios pasos y la ejecución de herramientas mediante grafos acíclicos dirigidos. Funciona como un sistema centralizado para gestionar paquetes de habilidades especializadas y ejecutar secuencias de razonamiento complejas. El proyecto se distingue por una pasarela de enrutamiento que dirige las tareas a diferentes proveedores de IA según la complejidad, el coste y el rendimiento. Utiliza un sistema de memoria de IA de varios niveles que organiza el conocimiento de trabajo, episódico y semántico mediante embeddings locales y SQLite, junto con un sandbox de ejecución seguro que aísla el código generado por el agente mediante perfiles de permisos basados en riesgos. La plataforma cubre una amplia gama de capacidades, incluyendo despliegue multicanal en web y plataformas de mensajería, programación automatizada de tareas mediante cron y un puente de Model Context Protocol para conectar con herramientas externas. También proporciona herramientas integrales de monitoreo y observabilidad para rastrear costes de tokens, auditar decisiones en tiempo de ejecución y gestionar un catálogo de habilidades reutilizables. El sistema incluye utilidades de línea de comandos para la inicialización del espacio de trabajo y la gestión del ciclo de vida de las habilidades.
Isolates agent-generated code and tool execution within sandboxes using risk-based permission profiles to protect the host system.
Scriban is a text templating library and .NET scripting engine used for dynamic text generation. It functions as a template processor and a safe scripting sandbox, providing a secure execution environment that restricts object exposure to prevent unauthorized code execution. The project also includes an abstract syntax tree template parser that allows for programmatic template analysis and modification. The engine features a dedicated Liquid template engine and compatibility mode, allowing it to parse, execute, and convert templates written in Liquid syntax. It distinguishes itself through a
Provides a secure execution environment that restricts object exposure to prevent unauthorized code execution.