Skip to main content

Stateless, subprocess-isolated code execution for LLM agents

Project description

codecell

Stateless, subprocess-isolated code execution for LLM agents. Zero dependencies.

Unlike a Jupyter cell, there's no shared kernel — each call runs in a fresh subprocess with only the tools you inject.

Scope: codecell is intentionally limited to sandboxed code evaluation — safe computation and namespace-based tool invocation. It is not a full runtime or a general-purpose execution engine. Features like stateful sessions, IPC-based tool calling, and container isolation may be added in future versions.

Quick start

from codecell import SubprocessRuntime
from codecell.python import PythonValidator

runtime = SubprocessRuntime(PythonValidator())
result = runtime.execute("print(1 + 2)", timeout=10)
print(result.stdout)  # "3\n"

Languages

Python (sandboxed)

AST-validated — blocks file I/O, network, command execution, dynamic imports. Only safe computation modules allowed.

from codecell import SubprocessRuntime
from codecell.python import PythonValidator

py = SubprocessRuntime(PythonValidator())

# Safe computation works
py.execute("import math; print(math.sqrt(16))")

# Dangerous code is rejected before execution
py.execute("import os; os.system('rm -rf /')")  # raises ValueError

Bash (deny-list)

Regex-based deny list blocks known-dangerous patterns. Not a sandbox — reduces risk but cannot guarantee safety.

from codecell import SubprocessRuntime
from codecell.bash import BashValidator

bash = SubprocessRuntime(BashValidator())
bash.execute("echo hello && ls -la")   # OK
bash.execute("rm -rf /")               # raises ValueError

Trusted code (no validation)

from codecell import SubprocessRuntime, NullValidator

unsafe = SubprocessRuntime(NullValidator("python"))
unsafe.execute("import os; print(os.getpid())")  # runs without validation

Namespace injection (Python only)

Inject callables into the execution namespace. In subprocess mode, they're available as stubs for discovery:

def search(query: str) -> list:
    """Search for documents."""
    ...

result = py.execute(
    "print('search' in dir())",
    namespace={"search": search},
)
# stdout: "True"

API

SubprocessRuntime(validator)

Execute code in a subprocess. The validator provides language identity and code validation.

runtime.execute(code, *, namespace=None, timeout=None) -> CodeResult

Parameter Type Description
code str Source code to execute
namespace dict[str, Callable] | None Callables to inject (Python only)
timeout float | None Max seconds before kill

CodeResult

Field Type Description
stdout str Captured standard output (truncated at 64 KB)
stderr str Captured standard error
return_code int Exit code, -1 for timeout
timed_out bool Whether killed by timeout

Validators

Validator Security level Language
PythonValidator Strong (AST analysis) Python
BashValidator Best-effort (regex deny-list) Bash
NullValidator(lang) None — trusted code only Any

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

codecell-0.1.0.tar.gz (11.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

codecell-0.1.0-py3-none-any.whl (10.8 kB view details)

Uploaded Python 3

File details

Details for the file codecell-0.1.0.tar.gz.

File metadata

  • Download URL: codecell-0.1.0.tar.gz
  • Upload date:
  • Size: 11.9 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for codecell-0.1.0.tar.gz
Algorithm Hash digest
SHA256 25540402064c6c9c6e4369d7a0910ff51bcbb2133bc0d637a28651eb3ba17882
MD5 3746a1317654a01a0856eab293c582b2
BLAKE2b-256 e2b6e973e79abad53fce47b8abc8c7010f9760b17be4ed33122207463d750693

See more details on using hashes here.

Provenance

The following attestation bundles were made for codecell-0.1.0.tar.gz:

Publisher: release.yml on Oaklight/codecell

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file codecell-0.1.0-py3-none-any.whl.

File metadata

  • Download URL: codecell-0.1.0-py3-none-any.whl
  • Upload date:
  • Size: 10.8 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for codecell-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f7e19e016bcc0c47f2c4b2d47397ddd083453b998a18bf85062c1dc77d1de63b
MD5 8cbfd3a90d5e44a1572e567e5faf9146
BLAKE2b-256 5a6587305d48d1e7801e421055010d9a00f5d50e243d7d6cf9473812b30ea4c1

See more details on using hashes here.

Provenance

The following attestation bundles were made for codecell-0.1.0-py3-none-any.whl:

Publisher: release.yml on Oaklight/codecell

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page