Secure Python code execution in isolated Docker containers
Project description
Run untrusted Python safely. Job queues and Docker isolation built-in. Used by enterprises.
English | 日本語
Run AI-generated code in isolated Docker containers with optional gVisor sandboxing. Job queues, retries, and execution history included.
Documentation · Quick Start · API Reference
# Install (requires Docker + Python 3.10+)
pip install "tako-vm[server]"
tako-vm setup # pull the executor Docker image
tako-vm server # start server (auto-starts PostgreSQL via Docker)
# Execute code
curl -X POST http://localhost:8000/execute \
-H "Content-Type: application/json" \
-d '{"code": "print(1 + 1)"}'
Why Tako VM?
Sandbox solutions like e2b, daytona and microsandbox give you isolated code execution—but that's it. You still need to build:
| You build | With sandbox-only | With Tako VM |
|---|---|---|
| Job queue | Redis + Celery/Bull | Built-in |
| Execution history | Postgres + schema | PostgreSQL included |
| Retry logic | Custom code | Automatic |
| Idempotency | Deduplication logic | idempotency_key |
| Replay/debugging | Custom tooling | Rerun/fork API |
Tako VM is the complete package:
- Job queue + workers - Async execution with worker pool, no Redis/Celery setup
- Execution history - Every job persisted with stdout, stderr, timing, artifacts
- Replay to debug - Rerun past jobs with exact same code and inputs
- Docker isolation - Each job in its own container with seccomp filtering
- Network isolation - No network by default, optional allowlist per job type
- Self-hosted - Your machine, offline-capable, zero per-execution cost
CLI
tako-vm setup # Pull executor image and verify Docker
tako-vm server # Start the API server
tako-vm server --port 9000 # Custom port
tako-vm dev up # Start local PostgreSQL for development
tako-vm dev up --with-server # Start PostgreSQL + API server
tako-vm dev status # Check local PostgreSQL status
tako-vm dev down # Stop local PostgreSQL
tako-vm config # Show current configuration
tako-vm config --json # Output as JSON
tako-vm validate # Validate current config
tako-vm validate my.yaml # Validate specific file
tako-vm status # Check server health
tako-vm version # Show version
tako-vm --config my.yaml server # Use specific config file
Documentation
| Topic | Link |
|---|---|
| Installation | docs/getting-started/installation.md |
| Quick Start | docs/getting-started/quickstart.md |
| Configuration | docs/getting-started/configuration.md |
| REST API | docs/api/rest.md |
| Python SDK | docs/api/sdk.md |
| Job Types & Environments | docs/guide/environments.md |
| Security | docs/deployment/security.md |
| Deployment | docs/deployment/how-to-deploy.md |
| Config Reference | tako_vm.yaml.example |
Security
Tako VM runs untrusted, often AI-generated, code, so isolation is the core of the project. It uses layered defenses: gVisor (userspace kernel), per-job ephemeral Docker containers, a default-deny seccomp profile, network isolation (--network=none by default), capability dropping, non-root execution, and enforced resource and input limits.
For untrusted workloads in production, set security_mode: strict with container_runtime: runsc. The default permissive mode falls back to standard Docker (runc) if gVisor is unavailable, which removes the userspace-kernel boundary.
See SECURITY.md for the threat model and hardening guidance, and docs/deployment/security.md for full details.
Found a vulnerability? Report it privately via the Security tab → Report a vulnerability. Please do not open public issues for security findings.
License
Apache License 2.0
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file tako_vm-0.1.4.tar.gz.
File metadata
- Download URL: tako_vm-0.1.4.tar.gz
- Upload date:
- Size: 126.5 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.20 {"installer":{"name":"uv","version":"0.11.20","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
090d6a4b91dcb0dbe898f9c4bf6ad64703d7cd914a827992abd3c6f600b6dfa2
|
|
| MD5 |
6219738fea625da85d8c05feb1cc4f0f
|
|
| BLAKE2b-256 |
3d9b7d71076fcb87db16931d69b2f0d5ae4708d942b3d4c3b8d2570805d4f867
|
File details
Details for the file tako_vm-0.1.4-py3-none-any.whl.
File metadata
- Download URL: tako_vm-0.1.4-py3-none-any.whl
- Upload date:
- Size: 137.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: uv/0.11.20 {"installer":{"name":"uv","version":"0.11.20","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3ee91cedbc7593523d40c00f7b38de717bebbf59f8c7275168a69e981ebc261c
|
|
| MD5 |
81d2c8994fa080d7de0d21718cebacfe
|
|
| BLAKE2b-256 |
86ec04d26570d4287c971d0caf9a244d8a5dfb7d3a47673d6dab95e27d2d2996
|
