sim icon indicating copy to clipboard operation
sim copied to clipboard
Published 1 week ago verified publisher icon simstudioai

[REQUEST] Add Local Code Sandbox support

Open phanisarman opened this issue 3 months ago • 2 comments

Feature Request

Is your feature request related to a problem? Please describe.

Python and JavaScript with npm packages currently require E2B (external cloud service), making them unavailable in air-gapped/restricted environments. This blocks enterprise deployments with compliance requirements that prohibit outbound traffic.

Describe the solution you'd like

Implement a local sandbox environment similar to DifySandbox with these capabilities:

Core Features:

  1. Multi-language support: Python and JavaScript/Node.js
  2. Dependency management:
    • Python: requirements.txt or inline declarations
    • JavaScript: package.json or inline imports
  3. Security isolation:
    • Seccomp-based system call filtering (whitelist policy)
    • File system isolation
    • Network isolation via Docker network/proxy
  4. Pre-configured packages: Common libraries (numpy, pandas, requests)
  5. Custom dependencies: Users can add packages via config

Configuration:

LOCAL_SANDBOX_ENABLED=true
LOCAL_SANDBOX_PYTHON_PACKAGES=numpy,pandas,requests,beautifulsoup4

Implementation approach (following Dify's architecture):

  • Isolated Docker containers with Seccomp security profiles
  • Dependency caching to avoid repeated installations
  • Network proxy for controlled external access (optional)
  • Resource limits (CPU, memory, timeout)

Describe alternatives you've considered

  1. E2B only - Requires internet access, not viable for air-gapped
  2. Basic execution without packages - Too limited for real-world use
  3. Dify solves this with DifySandbox - a local, secure code execution environment that runs Python and Node.js with custom dependencies in self-hosted deployments.

Additional context

Reference Implementation:

  • Dify's DifySandbox: https://github.com/langgenius/dify-sandbox
    • Supports Python 3.10+ and Node.js locally
    • Pre-installed dependencies with custom additions
    • Battle-tested in production self-hosted deployments
    • Built on Seccomp for system-level security

Use cases this enables:

  • Data processing with pandas/numpy
  • API integrations with custom libraries
  • ML inference with scikit-learn/transformers
  • Web scraping with beautifulsoup4
  • All in fully air-gapped environments

Impact:

  • Enables government, healthcare, financial deployments
  • ~30-40% of enterprise self-hosted market has network restrictions
  • Feature parity with Dify, n8n etc.

phanisarman avatar Oct 02 '25 03:10 phanisarman

I'm locally hosting though Docker in AWS, and this feature would be awesome to have, since I'm trying to move from n8n.

I cannot seem to even get crypto working to generate UUIDs

Xlaudius avatar Oct 03 '25 18:10 Xlaudius

@phanisarman Great suggestion! We will get to work on this. By default, it executes the code locally in a VM so it doesn't have round-trip latency or need to leave your environment, but unfortunately only fetch is baked into this VM and it only supports JS/TS. We can add an environment variable that allows you to specify what packages you want to include, and work on python code execution without ever leaving your machine.

waleedlatif1 avatar Oct 06 '25 04:10 waleedlatif1