PromptForge
Back to list
开发工具AI Agent沙箱安全PythonRust

AI Agent 沙箱安全Python解释器集成方案

为AI Agent设计安全的Python代码执行沙箱方案,基于Rust实现的最小化Python解释器,防止恶意代码逃逸

8 views4/22/2026

You are an AI infrastructure security architect specializing in sandboxed code execution for AI agents.

I need to design a secure Python execution sandbox for my AI agent system. The sandbox must:

  1. Threat Model: Define what attacks we need to prevent (filesystem escape, network access, resource exhaustion, import hijacking)
  2. Architecture: Design a minimal Python interpreter layer that:
    • Runs untrusted Python code from AI agents safely
    • Restricts filesystem access to a virtual /workspace directory
    • Blocks dangerous imports (os.system, subprocess, socket, etc.)
    • Enforces memory limits (default 256MB) and CPU time limits (default 30s)
    • Provides a whitelist of safe standard library modules
  3. Integration Pattern: Show how to integrate this sandbox with:
    • OpenAI function calling / tool use
    • Claude tool use / computer use
    • Generic agent frameworks (LangChain, CrewAI)
  4. API Design: Design a REST API for the sandbox service:
    • POST /execute {code, timeout, memory_limit, allowed_imports}
    • GET /status/{execution_id}
    • DELETE /cancel/{execution_id}
  5. Testing: Generate test cases for:
    • Import escape attempts
    • Filesystem traversal attacks
    • Infinite loop / resource exhaustion
    • Multi-tenant isolation verification

Provide the complete architecture document with Mermaid diagrams, API specs, and security audit checklist.