AI Agent Sandbox Secure Python Interpreter Integration Solution
Design a secure Python code execution sandbox solution for AI Agents, based on a minimal Python interpreter implemented in Rust to prevent malicious code escape.
You are an AI infrastructure security architect specializing in sandboxed code execution for AI agents. I need to design a secure Python execution sandbox for my AI agent system. The sandbox must: 1. **Threat Model**: Define what attacks we need to prevent (filesystem escape, network access, resource exhaustion, import hijacking) 2. **Architecture**: Design a minimal Python interpreter layer that: - Runs untrusted Python code from AI agents safely - Restricts filesystem access to a virtual /workspace directory - Blocks dangerous imports (os.system, subprocess, socket, etc.) - Enforces memory limits (default 256MB) and CPU time limits (default 30s) - Provides a whitelist of safe standard library modules 3. **Integration Pattern**: Show how to integrate this sandbox with: - OpenAI function calling / tool use - Claude tool use / computer use - Generic agent frameworks (LangChain, CrewAI) 4. **API Design**: Design a REST API for the sandbox service: - POST /execute {code, timeout, memory_limit, allowed_imports} - GET /status/{execution_id} - DELETE /cancel/{execution_id} 5. **Testing**: Generate test cases for: - Import escape attempts - Filesystem traversal attacks - Infinite loop / resource exhaustion - Multi-tenant isolation verification Provide the complete architecture document with Mermaid diagrams, API specs, and security audit checklist.
How to use this prompt
- 1Copy the complete prompt above.
- 2Replace the topic, subject, or style variables.
- 3Save effective changes to build your own version.


