Capability-based sandboxed runtime for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for amlalabs from gravatar.com amlalabs

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Amla Labs
  • Tags agents , ai , capabilities , sandbox , security , wasm
  • Requires: Python >=3.11
  • Provides-Extra: all , codeact , dev , langgraph
Classifiers
Report project as malware

Project description

amla-sandbox

This repository is the release source for the amla-sandbox Python package. Development happens in the amlalabs monorepo; this repo is updated on release. The Rust runtime that compiles to amla_sandbox.wasm lives in amla-sandbox-core; the exact release tag this Python package was built against is recorded in .mirror-deps.json.

amla-sandbox is a WASM sandbox with capability enforcement for AI agent code. Agents can only call tools you explicitly provide, with constraints you define. Sandboxed virtual filesystem. No network. No shell escape.

Install

pip install amla-sandbox

No Docker. No VM. One binary, works everywhere.

Quick start

from amla_sandbox import create_sandbox_tool

sandbox = create_sandbox_tool()

# JavaScript
sandbox.run("console.log('hello'.toUpperCase())", language="javascript")
# Shell
sandbox.run("echo 'hello' | tr 'a-z' 'A-Z'", language="shell")

# With tools
def get_weather(city: str) -> dict:
    return {"city": city, "temp": 72}

sandbox = create_sandbox_tool(tools=[get_weather])
sandbox.run(
    "const w = await get_weather({city: 'SF'}); console.log(w);",
    language="javascript",
)

With capability constraints:

from amla_sandbox import Sandbox, ToolCallCap, ConstraintSet, Param

sandbox = Sandbox(
    capabilities=[
        ToolCallCap(
            method_pattern="stripe/charges/*",
            constraints=ConstraintSet([
                Param("amount") <= 10000,
                Param("currency").is_in(["USD", "EUR"]),
            ]),
            max_calls=100,
        ),
    ],
    tool_handler=my_handler,
)

See the PyPI page and the examples/ directory for the full API surface, framework integrations, and the constraint DSL.

Security model

The sandbox runs inside WebAssembly with WASI for a minimal syscall surface. On top of WASM isolation, every tool call goes through capability validation; access is explicitly granted, not implicitly available. See the Quick start above and the upstream PyPI README for the full explanation and tradeoffs.

Building from source

For most users, installing from PyPI is recommended; the wheel includes the prebuilt WASM binary. If you want to build the wheel yourself:

uv build

To regenerate the WASM artifact bundled inside the wheel, build it from amla-sandbox-core at the tag pinned in .mirror-deps.json, then drop the result at src/amla_sandbox/_wasm/amla_sandbox.wasm before running uv build.

Contributing

See CONTRIBUTING.md. Pull requests against this mirror will be clobbered on next release; please target the monorepo or open an issue here.

License

Python package code is MIT licensed. The bundled Rust WASM runtime is AGPL-3.0-or-later OR BUSL-1.1.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for amlalabs from gravatar.com amlalabs

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Amla Labs
  • Tags agents , ai , capabilities , sandbox , security , wasm
  • Requires: Python >=3.11
  • Provides-Extra: all , codeact , dev , langgraph
Classifiers

Release history Release notifications | RSS feed

This version

0.2.8

0.2.7

0.2.6

0.1.6

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

amla_sandbox-0.2.8.tar.gz (9.5 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

amla_sandbox-0.2.8-py3-none-any.whl (9.5 MB view details)

Uploaded Python 3

File details

Details for the file amla_sandbox-0.2.8.tar.gz.

File metadata

  • Download URL: amla_sandbox-0.2.8.tar.gz
  • Upload date:
  • Size: 9.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for amla_sandbox-0.2.8.tar.gz
Algorithm Hash digest
SHA256 f7c54ff51b109f9a03ca48ac9e59037736d67312eb5df6b714eef5b110220ca4
MD5 7c3be3541dba673b52298da0cea82791
BLAKE2b-256 cfbdbb97200c75d6a17c723fdf9bceb197ecff613784d0c2ea9cb299aea102d3

See more details on using hashes here.

Provenance

The following attestation bundles were made for amla_sandbox-0.2.8.tar.gz:

Publisher: release.yml on amlalabs/amla-sandbox

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file amla_sandbox-0.2.8-py3-none-any.whl.

File metadata

  • Download URL: amla_sandbox-0.2.8-py3-none-any.whl
  • Upload date:
  • Size: 9.5 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for amla_sandbox-0.2.8-py3-none-any.whl
Algorithm Hash digest
SHA256 969a9a16f5b1501d282aa5f1ceea9f17e048b746dc2f81df39f56a4190260217
MD5 9813fd5957fef88a1fad491ab8a4181a
BLAKE2b-256 7927e58635875f682160475c0a458657a4f48be2687321f3e971f3c1150c7294

See more details on using hashes here.

Provenance

The following attestation bundles were made for amla_sandbox-0.2.8-py3-none-any.whl:

Publisher: release.yml on amlalabs/amla-sandbox

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page