13 个仓库
Environments that restrict code execution to prevent unauthorized access to system or browser resources.
Distinguishing note: Focuses on runtime security and API restriction for custom scripts rather than general-purpose cryptography.
Explore 13 awesome GitHub repositories matching security & cryptography · Execution Sandboxes. Refine with filters or upvote what's useful.
Twenty is a headless customer relationship management framework that enables developers to build, version, and deploy custom business applications using code. By utilizing a declarative approach to data modeling, the platform allows for the definition of custom objects, fields, and complex relationships directly within the source code. This schema-driven architecture automatically generates corresponding REST and GraphQL APIs, ensuring that data structures and interface components remain synchronized across development and production environments. The platform distinguishes itself through a m
Isolate server-side logic in Node.js processes and client-side UI in Web Workers to ensure secure data access and controlled communication with the host environment.
DeepSeek-TUI is an AI coding agent orchestrator and framework designed to automate complex programming tasks. It functions as a harness for coordinating AI models that can read source code, edit files, and execute shell commands through automated agent workflows. The system is distinguished by its multi-agent coordination capabilities, which allow for the spawning of parallel sub-agents to handle concurrent investigations or implementation slices. It employs autonomous goal-seeking loops to pursue objectives across multiple turns and utilizes a tool integration gateway to connect models to ex
Provides a sandboxed environment with a hook system to control and approve external tool calls.
Kestra is a declarative workflow orchestrator designed to manage complex task dependencies and automated processes through versioned configuration files. It functions as a distributed platform that decouples task scheduling from execution by offloading computational workloads to a fleet of worker nodes. The system uses a reactive, event-driven engine to initiate workflows automatically in response to external signals, webhooks, schedules, or file system changes. The platform distinguishes itself through a modular plugin architecture that allows for the integration of custom tasks and external
Ensures security by running individual tasks within isolated, containerized environments.
This project is a Python-based framework that functions as a generative AI agent for programmatic data analysis. It enables users to interact with structured data sources through natural language prompts, translating these requests into executable code to perform analysis, data cleaning, and visualization. By maintaining conversational context across multi-turn interactions, the system allows for iterative exploration and the building of complex data narratives. The framework distinguishes itself through a robust semantic layer and secure execution model. It maps raw datasets to descriptive m
Executes generated data processing code within isolated, secure environments to prevent unauthorized system access during analysis.
Wasmer is a high-performance runtime engine designed to execute sandboxed WebAssembly modules across server-side, edge, and browser environments. It functions as a comprehensive platform for building, distributing, and running isolated applications, providing a secure and portable execution layer that maintains consistency across diverse hardware architectures and operating systems. The platform distinguishes itself through a robust toolchain that enables cross-language interoperability and the transformation of code into portable binary packages. It supports ahead-of-time binary generation t
Executes untrusted or legacy code within a restricted environment to prevent unauthorized system access while maintaining POSIX compatibility.
GitHub Copilot is an AI-powered development platform designed to integrate large language models directly into coding environments. It functions as an interactive assistant and an agentic workflow orchestrator, enabling developers to automate code generation, perform automated code reviews, and execute complex, multi-step development tasks through natural language prompts. The platform distinguishes itself through its autonomous agent capabilities, which allow for repository-level research, implementation planning, and code modifications across multiple files. It supports a modular architectu
Restricts file system access and command execution to trusted directories to prevent unauthorized modifications.
DeepCode is an agentic development framework designed to orchestrate autonomous AI agents for software engineering tasks. It functions as a multi-agent workflow orchestrator that translates natural language requirements into functional codebases by coordinating specialized agents for architectural planning, intent analysis, and implementation. The platform integrates multiple language models to power these automated routines, providing a unified environment for complex development projects. The system distinguishes itself through its ability to transform academic research papers into executab
Restricts agent access to system commands and file operations through permission-based wrappers to ensure secure workspace interaction.
dbt-core is a command-line framework for transforming data within a warehouse using modular SQL and version control. It functions as a data transformation engine that enables users to define data structures and business logic through declarative configuration files, which the system then compiles into executable code. By managing complex data dependencies through a directed acyclic graph, it ensures that transformation tasks execute in the correct order while maintaining a manifest-driven state to track lineage and execution history. The project distinguishes itself through an adapter-based d
Executes model-generated shell commands within a restricted sandbox environment to prevent unauthorized system access.
Gorilla is a foundational infrastructure framework for large language model function calling. It provides a system for training, evaluating, and executing the translation of natural language instructions into accurate API calls and executable code. The project integrates a structured API documentation index, a fine-tuning pipeline for model adaptation, and a secure sandboxed action runtime for executing model-generated commands. The framework distinguishes itself through a specialized evaluation benchmark suite that measures the accuracy, cost, and latency of function calls. It includes tools
Provides a secure runtime environment that restricts code execution to prevent system damage during action execution.
Expr is a high-performance expression evaluation engine and language for Go applications. It functions as a dynamic rule engine that parses and executes custom logic and data validations at runtime without requiring the application to be recompiled. The system utilizes a sandboxed logic executor to run expressions without side effects. It ensures program termination by employing instruction-level loop detection to prevent infinite loops and isolates the evaluation process from the host system. The engine employs a bytecode-based virtual machine and abstract syntax tree analysis to achieve ex
Restricts the execution environment of dynamic expressions to prevent unauthorized system access and infinite loops.
Rhai is an embedded scripting engine and dynamically typed language designed for integration into Rust applications. It functions as an abstract syntax tree compiler and native interop layer, allowing developers to map Rust types and functions into a scripting environment for bidirectional communication. The project serves as a framework for creating customizable domain-specific languages. It allows for the definition of custom operators, syntax, and restricted execution environments, enabling the creation of specialized languages with tailored functional sets. The engine covers a broad rang
Implements an isolated runtime environment that restricts scripts from mutating the host or causing stack overflows.
OpenSquilla 是一个 LLM 智能体编排框架,旨在利用有向无环图协调多步 AI 工作流和工具执行。它作为一个集中式系统,用于管理专门的技能包并执行复杂的推理序列。 该项目通过一个路由网关脱颖而出,该网关根据复杂性、成本和性能将任务定向到不同的 AI 提供商。它利用多层 AI 记忆系统,通过本地嵌入和 SQLite 组织工作、情景和语义知识,并配有一个安全执行沙盒,通过基于风险的权限配置文件隔离智能体生成的代码。 该平台涵盖了广泛的功能,包括多渠道部署到 Web 和消息平台、通过 cron 进行自动任务调度,以及用于连接外部工具的 Model Context Protocol 网桥。它还提供全面的监控和可观测性工具,用于跟踪 Token 成本、审计运行时决策以及管理可重用技能目录。 该系统包括用于工作区初始化和技能生命周期管理的命令行工具。
Isolates agent-generated code and tool execution within sandboxes using risk-based permission profiles to protect the host system.
Scriban 是一个用于动态文本生成的文本模板库和 .NET 脚本引擎。它既是一个模板处理器,也是一个安全的脚本沙箱,通过限制对象暴露来提供安全的执行环境,从而防止未经授权的代码执行。该项目还包含一个抽象语法树模板解析器,支持对模板进行程序化分析和修改。 该引擎内置了专门的 Liquid 模板引擎及兼容模式,能够解析、执行并转换以 Liquid 语法编写的模板。其独特之处在于成员暴露过滤系统,允许开发者重命名、隐藏或过滤对象属性,从而控制模板内的数据访问方式。 该库涵盖了广泛的功能,包括异步模板渲染、条件逻辑和集合迭代。它提供了用于数据操作的内置工具,如数学运算、JSON 转换、日期时间算术,以及基于正则表达式的强大文本处理功能。开发者还可以通过定义自定义函数和集成外部类来进一步扩展引擎功能。 该项目提供了一个安全的 API 接口,支持通过 Native AOT 发布为原生二进制文件。
Provides a secure execution environment that restricts object exposure to prevent unauthorized code execution.