Capability-based sandboxed runtime for AI agents

Navigation

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for amlalabs from gravatar.com amlalabs

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Amla Labs
  • Tags agents , ai , capabilities , sandbox , security , wasm
  • Requires: Python >=3.11
  • Provides-Extra: all , codeact , dev , langgraph
Classifiers
Report project as malware

Project description

amla-sandbox

This repository is the release source for the amla-sandbox Python package. Development happens in the amlalabs monorepo; this repo is updated on release. The Rust runtime that compiles to amla_sandbox.wasm lives in amla-sandbox-core; the exact release tag this Python package was built against is recorded in .mirror-deps.json.

amla-sandbox is a WASM sandbox with capability enforcement for AI agent code. Agents can only call tools you explicitly provide, with constraints you define. Sandboxed virtual filesystem. No network. No shell escape.

Install

pip install amla-sandbox

No Docker. No VM. One binary, works everywhere.

Quick start

from amla_sandbox import create_sandbox_tool

sandbox = create_sandbox_tool()

# JavaScript
sandbox.run("console.log('hello'.toUpperCase())", language="javascript")
# Shell
sandbox.run("echo 'hello' | tr 'a-z' 'A-Z'", language="shell")

# With tools
def get_weather(city: str) -> dict:
    return {"city": city, "temp": 72}

sandbox = create_sandbox_tool(tools=[get_weather])
sandbox.run(
    "const w = await get_weather({city: 'SF'}); console.log(w);",
    language="javascript",
)

With capability constraints:

from amla_sandbox import Sandbox, ToolCallCap, ConstraintSet, Param

sandbox = Sandbox(
    capabilities=[
        ToolCallCap(
            method_pattern="stripe/charges/*",
            constraints=ConstraintSet([
                Param("amount") <= 10000,
                Param("currency").is_in(["USD", "EUR"]),
            ]),
            max_calls=100,
        ),
    ],
    tool_handler=my_handler,
)

See the PyPI page and the examples/ directory for the full API surface, framework integrations, and the constraint DSL.

Security model

The sandbox runs inside WebAssembly with WASI for a minimal syscall surface. On top of WASM isolation, every tool call goes through capability validation; access is explicitly granted, not implicitly available. See the Quick start above and the upstream PyPI README for the full explanation and tradeoffs.

Building from source

For most users, installing from PyPI is recommended; the wheel includes the prebuilt WASM binary. If you want to build the wheel yourself:

uv build

To regenerate the WASM artifact bundled inside the wheel, build it from amla-sandbox-core at the tag pinned in .mirror-deps.json, then drop the result at src/amla_sandbox/_wasm/amla_sandbox.wasm before running uv build.

Contributing

See CONTRIBUTING.md. Pull requests against this mirror will be clobbered on next release; please target the monorepo or open an issue here.

License

Python package code is MIT licensed. The bundled Rust WASM runtime is AGPL-3.0-or-later OR BUSL-1.1.

Project details

Verified details

These details have been verified by PyPI
Project links
GitHub Statistics
Maintainers
Avatar for amlalabs from gravatar.com amlalabs

Unverified details

These details have not been verified by PyPI
Meta
  • License: MIT License (MIT License)
  • Author: Amla Labs
  • Tags agents , ai , capabilities , sandbox , security , wasm
  • Requires: Python >=3.11
  • Provides-Extra: all , codeact , dev , langgraph
Classifiers

Release history Release notifications | RSS feed

0.2.8

This version

0.2.7

0.2.6

0.1.6

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

amla_sandbox-0.2.7.tar.gz (9.5 MB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

amla_sandbox-0.2.7-py3-none-any.whl (9.5 MB view details)

Uploaded Python 3

File details

Details for the file amla_sandbox-0.2.7.tar.gz.

File metadata

  • Download URL: amla_sandbox-0.2.7.tar.gz
  • Upload date:
  • Size: 9.5 MB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for amla_sandbox-0.2.7.tar.gz
Algorithm Hash digest
SHA256 317b6938ba2762d42b928ebc24b4fe7116f8a811b4cf257822bdb30b3a218737
MD5 938f4529c47b207ad454ba314875a0d3
BLAKE2b-256 3e916e5183e22f4566a69ee700122a6402053a709e0796ff012f77c73dbf919d

See more details on using hashes here.

Provenance

The following attestation bundles were made for amla_sandbox-0.2.7.tar.gz:

Publisher: release.yml on amlalabs/amla-sandbox

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file amla_sandbox-0.2.7-py3-none-any.whl.

File metadata

  • Download URL: amla_sandbox-0.2.7-py3-none-any.whl
  • Upload date:
  • Size: 9.5 MB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.13

File hashes

Hashes for amla_sandbox-0.2.7-py3-none-any.whl
Algorithm Hash digest
SHA256 64d835d99ae85c813bf2f3607df6224038ab5b3dadb4585debc07558f3210afc
MD5 2e688e73248b0c47718163c3592695c4
BLAKE2b-256 a647139664b3d0644cb895da1cc7aafb2a0874252b8724f3486dd4d1a3b25769

See more details on using hashes here.

Provenance

The following attestation bundles were made for amla_sandbox-0.2.7-py3-none-any.whl:

Publisher: release.yml on amlalabs/amla-sandbox

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page