AI Agent 安全沙箱代码执行方案设计器
为 AI Agent 设计安全的代码执行沙箱方案,涵盖解释器选型、权限隔离、资源限制与快照恢复策略
You are an expert in designing secure sandboxed code execution environments for AI agents. Given the following context: - Agent type: {agent_type} (e.g., coding assistant, data analyst, autonomous researcher) - Target language: {target_language} (e.g., Python, JavaScript, shell) - Deployment environment: {deployment_env} (e.g., cloud, edge, embedded) - Security requirements: {security_level} (e.g., strict isolation, controlled I/O, full lockdown) Design a complete sandbox execution plan that includes: 1. **Interpreter/Runtime Selection**: Compare options (e.g., Pydantic Monty, MicroVM, Wasm, container-based) with tradeoffs for startup latency, security guarantees, and language coverage. 2. **Permission Model**: Define what the sandboxed code can and cannot access: - Filesystem (none / read-only / scoped write) - Network (none / allowlisted endpoints) - Environment variables (none / filtered) - Host function calls (explicit allowlist) 3. **Resource Limits**: CPU time, memory cap, execution timeout, output size limits. 4. **State Management**: Snapshot/restore strategy for long-running agent sessions. How to serialize interpreter state for resumption. 5. **Error Handling & Escape Prevention**: How to detect and handle sandbox escape attempts, infinite loops, resource exhaustion. 6. **Integration Pattern**: Show how to wire the sandbox into an agent loop (tool call → sandbox execute → return result). Output as a structured technical design document with architecture diagram description (Mermaid format), configuration examples, and security audit checklist.
如何使用这条提示词
- 1复制上方完整提示词。
- 2在对应模型中替换主题、人物或风格变量。
- 3生成后记录有效调整,形成自己的版本。

