Sandboxing AI agents, 100x faster

tosh

Let's say I have a bunch of objects (e.g. parquet) in R2, can the agent mount them? Or how do I best give the agent access to the objects? HTTP w/ signed urls? Injecting the credentials?

est

slightly related, if you need a safe python sandbox instead of eval(), you can try eval(YOUR_CODE.replace('__', ''), {'__builtins__': None}, {}) I saw this trick on reddit many years ago and wrote a blog last month https://blog.est.im/2026/stdout-09 I wasn't able to crack this sandbox, and neither could opus-4.6-thinking. This sandbox won't protect you from DoS, but I think it's reasonably safe to use it for AI tool calls. Just expose your MCP/RPC methods in the last {} and you are good.

decodebytes

If anyone wants native python sandboxing without needing a cloud API, we just shipped an early python SDK from the https://nono.sh project: import nono_py as nono # Define capabilities caps = nono.CapabilitySet() caps.allow_path("/project", nono.AccessMode.READ_WRITE) caps.allow_file("/home/user/.gitconfig", nono.AccessMode.READ) # Apply sandbox (irrevocable) nono.apply(caps) # Your agent code runs here, fully sandboxed agent.run() example using pydantic and fast API: https://github.com/always-further/pydantic-ai-fastapi-nono

skybrian

Could an AI decide to download JavaScript libraries of its choice into a dynamic worker? That wouldn't be as flexible as a full Linux VM but it might be interesting. Edit: I guess not: > If your Dynamic Worker needs TypeScript compilation or npm dependencies, the code must be transpiled and bundled before passing to the Worker Loader. https://developers.cloudflare.com/dynamic-workers/getting-st...