Capability-based sandboxed runtime for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for amlalabs from gravatar.com amlalabs

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Amla Labs
  • Tags agents , ai , capabilities , sandbox , security , wasm
  • Requires: Python >=3.11
  • Provides-Extra: all , codeact , dev , langgraph
Classifiers
Report project as malware

Project description

amla-sandbox

This repository is the release source for the amla-sandbox Python package. Development happens in the amlalabs monorepo; this repo is updated on release. The Rust runtime that compiles to amla_sandbox.wasm lives in amla-sandbox-core; the exact release tag this Python package was built against is recorded in .mirror-deps.json.

amla-sandbox is a WASM sandbox with capability enforcement for AI agent code. Agents can only call tools you explicitly provide, with constraints you define. Sandboxed virtual filesystem. No network. No shell escape.

Install

pip install amla-sandbox

No Docker. No VM. One binary, works everywhere.

Quick start

from amla_sandbox import create_sandbox_tool

sandbox = create_sandbox_tool()

# JavaScript
sandbox.run("console.log('hello'.toUpperCase())", language="javascript")
# Shell
sandbox.run("echo 'hello' | tr 'a-z' 'A-Z'", language="shell")

# With tools
def get_weather(city: str) -> dict:
    return {"city": city, "temp": 72}

sandbox = create_sandbox_tool(tools=[get_weather])
sandbox.run(
    "const w = await get_weather({city: 'SF'}); console.log(w);",
    language="javascript",
)

With capability constraints:

from amla_sandbox import Sandbox, ToolCallCap, ConstraintSet, Param

sandbox = Sandbox(
    capabilities=[
        ToolCallCap(
            method_pattern="stripe/charges/*",
            constraints=ConstraintSet([
                Param("amount") <= 10000,
                Param("currency").is_in(["USD", "EUR"]),
            ]),
            max_calls=100,
        ),
    ],
    tool_handler=my_handler,
)

See the PyPI page and the examples/ directory for the full API surface, framework integrations, and the constraint DSL.

Security model

The sandbox runs inside WebAssembly with WASI for a minimal syscall surface. On top of WASM isolation, every tool call goes through capability validation; access is explicitly granted, not implicitly available. See the Quick start above and the upstream PyPI README for the full explanation and tradeoffs.

Building from source

For most users, installing from PyPI is recommended; the wheel includes the prebuilt WASM binary. If you want to build the wheel yourself:

uv build

To regenerate the WASM artifact bundled inside the wheel, build it from amla-sandbox-core at the tag pinned in .mirror-deps.json, then drop the result at src/amla_sandbox/_wasm/amla_sandbox.wasm before running uv build.

Contributing

See CONTRIBUTING.md. Pull requests against this mirror will be clobbered on next release; please target the monorepo or open an issue here.

License

Python package code is MIT licensed. The bundled Rust WASM runtime is AGPL-3.0-or-later OR BUSL-1.1.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for amlalabs from gravatar.com amlalabs

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Amla Labs
  • Tags agents , ai , capabilities , sandbox , security , wasm
  • Requires: Python >=3.11
  • Provides-Extra: all , codeact , dev , langgraph
Classifiers

Release history Release notifications | RSS feed

0.2.8

0.2.7

This version

0.2.6

0.1.6

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

amla_sandbox-0.2.6.tar.gz (9.5 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

amla_sandbox-0.2.6-py3-none-any.whl (9.5 MB view details)

Uploaded Python 3

File details

Details for the file amla_sandbox-0.2.6.tar.gz.

File metadata

  • Download URL: amla_sandbox-0.2.6.tar.gz
  • Upload date:
  • Size: 9.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for amla_sandbox-0.2.6.tar.gz
Algorithm Hash digest
SHA256 5db05b7c6a382b2841cbbd3307ccd86b52283fbb44be5c9d5fcb26b53629ee5e
MD5 237886c25e500ec01a367bbd15250128
BLAKE2b-256 2d3747cd5ee49e42f506370d511eaeea1534c3f495b48efd11473469975c6d59

See more details on using hashes here.

Provenance

The following attestation bundles were made for amla_sandbox-0.2.6.tar.gz:

Publisher: release.yml on amlalabs/amla-sandbox

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file amla_sandbox-0.2.6-py3-none-any.whl.

File metadata

  • Download URL: amla_sandbox-0.2.6-py3-none-any.whl
  • Upload date:
  • Size: 9.5 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for amla_sandbox-0.2.6-py3-none-any.whl
Algorithm Hash digest
SHA256 b75e594805ce645e73db6bc9f9e923e6885e4c683711b5b388eb64045d0708b5
MD5 d68c110228c326323e7a6297220530df
BLAKE2b-256 2f70c9f380cd785be2fc1becec3485bc1af8d9ded39117911f3582f5632a0a41

See more details on using hashes here.

Provenance

The following attestation bundles were made for amla_sandbox-0.2.6-py3-none-any.whl:

Publisher: release.yml on amlalabs/amla-sandbox

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page