SourcePulse logo
HomeBrowse all repos

amla-sandbox  by amlalabs

Securely execute LLM-generated code with capability enforcement

Created 1 week ago

New!

280 stars

Top 93.2% on SourcePulse

GitHubView on GitHub
2 Experts Love This Project
tobi
Tobi Lutke
Cofounder of Shopify
simonw
Simon Willison
Coauthor of Django
Project Summary

Summary

amla-sandbox addresses agent framework security by providing a WebAssembly (WASM) sandbox, replacing insecure subprocess/exec() methods and infrastructure-heavy Docker/VMs. It enables secure, isolated execution of LLM-generated code via efficient scripting with strict capability-based access controls, mitigating prompt injection risks.

How It Works

Leveraging wasmtime and WASI, it offers memory-isolated WASM execution for JavaScript/shell scripts. Key is capability-based security: agents invoke only explicitly defined tools with constrained parameters/calls. This collapses multiple LLM tool calls into single script executions, boosting efficiency by reducing LLM round trips. The host Python manages tool execution and validation, ensuring agents operate within defined boundaries.

Quick Start & Requirements

Install via pip: pip install "git+https://github.com/amlalabs/amla-sandbox". No Docker/VM needed. Use create_sandbox_tool for JS/shell execution. amla-precompile caches the WASM module for faster loads. Project Website, Examples, and Docs are linked.

Highlighted Details

  • Capability Enforcement: Fine-grained control via DSL for parameter constraints and method patterns.
  • Secure Execution: WASM memory isolation plus explicit capability validation prevents host compromise.
  • Efficient Scripting: Collapses multiple tool calls into single script executions, reducing LLM round trips.
  • Virtual Filesystem (VFS): Sandboxed filesystem, writable only under /workspace and /tmp.
  • LangGraph Integration: Seamless integration with LangGraph agents.

Maintenance & Community

Project links include Website, Examples, and Docs. No specific community channels (Discord/Slack) are mentioned.

Licensing & Compatibility

Python code is MIT licensed. The core WASM runtime binary is proprietary; usable with the package but not independently redistributable. Future open-sourcing of the WASM runtime is planned.

Limitations & Caveats

No full Linux environment, native modules, or GPU access. Infinite loop protection is limited (step counter tracks WASM yields, not internal script instructions). The proprietary WASM binary is a key constraint for redistribution. Optimized for controlled code snippets, not full VM replacement.

Health Check
Last Commit

6 days ago

Responsiveness

Inactive

Pull Requests (30d)
0
Issues (30d)
1
Star History
281 stars in the last 7 days

Explore Similar Projects

Starred by Tobi Lutke Tobi Lutke(Cofounder of Shopify) and Simon Willison Simon Willison(Coauthor of Django).

vibe by lynaghk

0%
526
Sandboxed Linux VMs for LLM agents on macOS
Created 1 week ago
Updated 1 day ago
Starred by Jonathan Ragan-Kelley Jonathan Ragan-Kelley(Professor at MIT).

qqqa by iagooar

0%
604
LLM-powered CLI for shell assistance
Created 4 months ago
Updated 2 months ago
Starred by Wes McKinney Wes McKinney(Author of Pandas).

k7 by Katakate

0.4%
721
Self-hosted VM sandboxes enable secure, scalable code execution
Created 3 months ago
Updated 1 month ago
Starred by Tim J. Baek Tim J. Baek(Founder of Open WebUI).

safe-code-execution by EtiennePerot

0.9%
319
Sandboxed code execution for Open WebUI
Created 1 year ago
Updated 1 year ago
Starred by Yaowei Zheng Yaowei Zheng(Author of LLaMA-Factory).

mcp-server-code-execution-mode by elusznik

1.6%
306
Code execution bridge for LLM agents
Created 2 months ago
Updated 2 months ago
Starred by Alejandro Matamala Ortiz Alejandro Matamala Ortiz(Cofounder of Runway) and Jeremy Howard Jeremy Howard(Cofounder of fast.ai).

AgentRun by tjmlabs

0.8%
360
Python library for safely running AI-generated code
Created 1 year ago
Updated 1 year ago
Starred by Wes McKinney Wes McKinney(Author of Pandas) and Syrus Akbary Syrus Akbary(Founder of Wasmer).

runno by taybenlor

0.4%
760
Sandboxed runtime for executing code snippets in the browser or server
Created 4 years ago
Updated 1 month ago

MyManus by emsi

0%
258
Agentic environment for local, secure AI task execution
Created 10 months ago
Updated 2 months ago

claude-code-damage-control by disler

2.6%
354
Secure AI code execution with pre-emptive tool use control
Created 1 month ago
Updated 1 month ago
Starred by Dan Guido Dan Guido(Cofounder of Trail of Bits).

anamnesis-release by SeanHeelan

4.2%
500
LLM agents automatically generate exploits, bypassing complex security defenses
Created 2 weeks ago
Updated 6 days ago
Starred by Jeff Hammerbacher Jeff Hammerbacher(Cofounder of Cloudera), Elie Bursztein Elie Bursztein(Cybersecurity Lead at Google DeepMind), and
5 more.

microsandbox by zerocore-ai

4.0%
5k
Self-hosted platform for secure code execution
Created 1 year ago
Updated 3 weeks ago
Starred by Georgios Konstantopoulos Georgios Konstantopoulos(CTO, General Partner at Paradigm) and Jeff Hammerbacher Jeff Hammerbacher(Cofounder of Cloudera).

miden-vm by 0xMiden

0.7%
723
STARK-based virtual machine for generating proofs of program execution
Created 4 years ago
Updated 1 day ago
Feedback? Help us improve.