Stateless, subprocess-isolated code execution for LLM agents
Project description
codecell
Stateless, subprocess-isolated code execution for LLM agents. Zero dependencies.
Unlike a Jupyter cell, there's no shared kernel — each call runs in a fresh subprocess with only the tools you inject.
Scope: codecell is intentionally limited to sandboxed code evaluation — safe computation and namespace-based tool invocation. It is not a full runtime or a general-purpose execution engine. Features like stateful sessions, IPC-based tool calling, and container isolation may be added in future versions.
Quick start
from codecell import SubprocessRuntime
from codecell.python import PythonValidator
runtime = SubprocessRuntime(PythonValidator())
result = runtime.execute("print(1 + 2)", timeout=10)
print(result.stdout) # "3\n"
Languages
Python (sandboxed)
AST-validated — blocks file I/O, network, command execution, dynamic imports. Only safe computation modules allowed.
from codecell import SubprocessRuntime
from codecell.python import PythonValidator
py = SubprocessRuntime(PythonValidator())
# Safe computation works
py.execute("import math; print(math.sqrt(16))")
# Dangerous code is rejected before execution
py.execute("import os; os.system('rm -rf /')") # raises ValueError
Bash (deny-list)
Regex-based deny list blocks known-dangerous patterns. Not a sandbox — reduces risk but cannot guarantee safety.
from codecell import SubprocessRuntime
from codecell.bash import BashValidator
bash = SubprocessRuntime(BashValidator())
bash.execute("echo hello && ls -la") # OK
bash.execute("rm -rf /") # raises ValueError
Trusted code (no validation)
from codecell import SubprocessRuntime, NullValidator
unsafe = SubprocessRuntime(NullValidator("python"))
unsafe.execute("import os; print(os.getpid())") # runs without validation
Namespace injection (Python only)
Inject callables into the execution namespace. In subprocess mode, they're available as stubs for discovery:
def search(query: str) -> list:
"""Search for documents."""
...
result = py.execute(
"print('search' in dir())",
namespace={"search": search},
)
# stdout: "True"
API
SubprocessRuntime(validator)
Execute code in a subprocess. The validator provides language identity and code validation.
runtime.execute(code, *, namespace=None, timeout=None) -> CodeResult
| Parameter | Type | Description |
|---|---|---|
code |
str |
Source code to execute |
namespace |
dict[str, Callable] | None |
Callables to inject (Python only) |
timeout |
float | None |
Max seconds before kill |
CodeResult
| Field | Type | Description |
|---|---|---|
stdout |
str |
Captured standard output (truncated at 64 KB) |
stderr |
str |
Captured standard error |
return_code |
int |
Exit code, -1 for timeout |
timed_out |
bool |
Whether killed by timeout |
Validators
| Validator | Security level | Language |
|---|---|---|
PythonValidator |
Strong (AST analysis) | Python |
BashValidator |
Best-effort (regex deny-list) | Bash |
NullValidator(lang) |
None — trusted code only | Any |
License
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file codecell-0.2.0.tar.gz.
File metadata
- Download URL: codecell-0.2.0.tar.gz
- Upload date:
- Size: 15.7 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
9797e1cb7240aaecff814691e0d51990b556eb076884ae08d08ed097efb510d9
|
|
| MD5 |
da5593923e4e38f34f879d5e743dd094
|
|
| BLAKE2b-256 |
8736d95ccb4c7393ab81da2109389c878cff08ca108bd8cbe37f6677b3647a3b
|
Provenance
The following attestation bundles were made for codecell-0.2.0.tar.gz:
Publisher:
release.yml on Oaklight/codecell
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
codecell-0.2.0.tar.gz -
Subject digest:
9797e1cb7240aaecff814691e0d51990b556eb076884ae08d08ed097efb510d9 - Sigstore transparency entry: 2047402669
- Sigstore integration time:
-
Permalink:
Oaklight/codecell@dd96471fe34227a2bf8b4fa28fc3384b434b1f1d -
Branch / Tag:
refs/heads/master - Owner: https://github.com/Oaklight
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@dd96471fe34227a2bf8b4fa28fc3384b434b1f1d -
Trigger Event:
workflow_dispatch
-
Statement type:
File details
Details for the file codecell-0.2.0-py3-none-any.whl.
File metadata
- Download URL: codecell-0.2.0-py3-none-any.whl
- Upload date:
- Size: 14.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
6b9ef038d053845d44a02fd7e29f46c76f14a6534c3bdb123bff28434858b9c6
|
|
| MD5 |
fcf5baf1bd86994f99c5f7afb491d567
|
|
| BLAKE2b-256 |
19b85a131c7b206c6dc98f90485766e028a8b2a4fd3ce3606232483f8c12c595
|
Provenance
The following attestation bundles were made for codecell-0.2.0-py3-none-any.whl:
Publisher:
release.yml on Oaklight/codecell
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
codecell-0.2.0-py3-none-any.whl -
Subject digest:
6b9ef038d053845d44a02fd7e29f46c76f14a6534c3bdb123bff28434858b9c6 - Sigstore transparency entry: 2047402897
- Sigstore integration time:
-
Permalink:
Oaklight/codecell@dd96471fe34227a2bf8b4fa28fc3384b434b1f1d -
Branch / Tag:
refs/heads/master - Owner: https://github.com/Oaklight
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@dd96471fe34227a2bf8b4fa28fc3384b434b1f1d -
Trigger Event:
workflow_dispatch
-
Statement type: