Skip to main content

Stateless, subprocess-isolated code execution for LLM agents

Project description

codecell

Stateless, subprocess-isolated code execution for LLM agents. Zero dependencies.

Unlike a Jupyter cell, there's no shared kernel — each call runs in a fresh subprocess with only the tools you inject.

Scope: codecell is intentionally limited to sandboxed code evaluation — safe computation and namespace-based tool invocation. It is not a full runtime or a general-purpose execution engine. Features like stateful sessions, IPC-based tool calling, and container isolation may be added in future versions.

Quick start

from codecell import SubprocessRuntime
from codecell.python import PythonValidator

runtime = SubprocessRuntime(PythonValidator())
result = runtime.execute("print(1 + 2)", timeout=10)
print(result.stdout)  # "3\n"

Languages

Python (sandboxed)

AST-validated — blocks file I/O, network, command execution, dynamic imports. Only safe computation modules allowed.

from codecell import SubprocessRuntime
from codecell.python import PythonValidator

py = SubprocessRuntime(PythonValidator())

# Safe computation works
py.execute("import math; print(math.sqrt(16))")

# Dangerous code is rejected before execution
py.execute("import os; os.system('rm -rf /')")  # raises ValueError

Bash (deny-list)

Regex-based deny list blocks known-dangerous patterns. Not a sandbox — reduces risk but cannot guarantee safety.

from codecell import SubprocessRuntime
from codecell.bash import BashValidator

bash = SubprocessRuntime(BashValidator())
bash.execute("echo hello && ls -la")   # OK
bash.execute("rm -rf /")               # raises ValueError

Trusted code (no validation)

from codecell import SubprocessRuntime, NullValidator

unsafe = SubprocessRuntime(NullValidator("python"))
unsafe.execute("import os; print(os.getpid())")  # runs without validation

Namespace injection (Python only)

Inject callables into the execution namespace. In subprocess mode, they're available as stubs for discovery:

def search(query: str) -> list:
    """Search for documents."""
    ...

result = py.execute(
    "print('search' in dir())",
    namespace={"search": search},
)
# stdout: "True"

API

SubprocessRuntime(validator)

Execute code in a subprocess. The validator provides language identity and code validation.

runtime.execute(code, *, namespace=None, timeout=None) -> CodeResult

Parameter Type Description
code str Source code to execute
namespace dict[str, Callable] | None Callables to inject (Python only)
timeout float | None Max seconds before kill

CodeResult

Field Type Description
stdout str Captured standard output (truncated at 64 KB)
stderr str Captured standard error
return_code int Exit code, -1 for timeout
timed_out bool Whether killed by timeout

Validators

Validator Security level Language
PythonValidator Strong (AST analysis) Python
BashValidator Best-effort (regex deny-list) Bash
NullValidator(lang) None — trusted code only Any

License

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

codecell-0.2.0.tar.gz (15.7 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

codecell-0.2.0-py3-none-any.whl (14.0 kB view details)

Uploaded Python 3

File details

Details for the file codecell-0.2.0.tar.gz.

File metadata

  • Download URL: codecell-0.2.0.tar.gz
  • Upload date:
  • Size: 15.7 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for codecell-0.2.0.tar.gz
Algorithm Hash digest
SHA256 9797e1cb7240aaecff814691e0d51990b556eb076884ae08d08ed097efb510d9
MD5 da5593923e4e38f34f879d5e743dd094
BLAKE2b-256 8736d95ccb4c7393ab81da2109389c878cff08ca108bd8cbe37f6677b3647a3b

See more details on using hashes here.

Provenance

The following attestation bundles were made for codecell-0.2.0.tar.gz:

Publisher: release.yml on Oaklight/codecell

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file codecell-0.2.0-py3-none-any.whl.

File metadata

  • Download URL: codecell-0.2.0-py3-none-any.whl
  • Upload date:
  • Size: 14.0 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? Yes
  • Uploaded via: twine/6.1.0 CPython/3.13.12

File hashes

Hashes for codecell-0.2.0-py3-none-any.whl
Algorithm Hash digest
SHA256 6b9ef038d053845d44a02fd7e29f46c76f14a6534c3bdb123bff28434858b9c6
MD5 fcf5baf1bd86994f99c5f7afb491d567
BLAKE2b-256 19b85a131c7b206c6dc98f90485766e028a8b2a4fd3ce3606232483f8c12c595

See more details on using hashes here.

Provenance

The following attestation bundles were made for codecell-0.2.0-py3-none-any.whl:

Publisher: release.yml on Oaklight/codecell

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page