Skip to content

Releases: srtab/daiv-sandbox

v0.1.1

13 May 22:36
@srtab srtab
v0.1.1
1efb764
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.1 Latest
Latest

Changed

  • Migrated pyproject.toml to use standard dev dependencies group declaration.
  • Updated urls declared in pyproject.toml to use standard labels.
  • Updated sensible pydantic settings to use SecretStr to avoid exposing sensitive information.
Assets 2
Loading

v0.1.0

29 Apr 20:58
@srtab srtab
v0.1.0
d833d20
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0

🧪 daiv-sandbox v0.1.0 – First Official Release 🎉

We’re proud to announce the first official release of daiv-sandbox following the v0.1.0-rc.* candidate cycle! This marks the beginning of public availability, with a stable feature set and robust container-based sandboxing for command and code execution.

Note

While still under the 0.x prefix (indicating ongoing development), this release is suitable for real-world usage and follows a tested and consistent API.

🚀 What's Included

  • Secure Containerized Execution

    • Run untrusted code and shell commands inside isolated Docker containers.
    • Each execution is ephemeral — containers are spun up and torn down per request.

  • FastAPI-Based REST Interface

    • POST /run/commands/: Run shell commands on provided archives.
    • POST /run/code/: Execute Python code with optional dependencies.

  • gVisor Runtime Support (Optional)

    • Use Google’s gVisor (runsc) for added kernel isolation.
    • Toggle runtime via the DAIV_SANDBOX_RUNTIME env variable.

  • Docker Image Available

    • Pull from GitHub Container Registry:
      ghcr.io/srtab/daiv-sandbox:latest

⚠️ Known Limitations

  • Only python is supported in /run/code/ (more languages planned!).
  • distroless base images are unsupported (lack shell for command execution).
  • gVisor may introduce minor performance overhead in exchange for improved isolation.

📦 Quick Start

docker run --rm -d -p 8000:8000 \
  -e DAIV_SANDBOX_API_KEY=my-secret-api-key \
  ghcr.io/srtab/daiv-sandbox:latest

Refer to the README for full configuration and API usage details.

💬 Feedback & Contribution

This is a great time to report bugs, request features, or contribute!
Open an issue or PR on GitHub to help shape the future of daiv-sandbox.

Loading

v0.1.0-rc.10

30 Dec 01:15
@srtab srtab
v0.1.0-rc.10
941ba19
Compare
Choose a tag to compare
v0.1.0-rc.10 Pre-release
Pre-release

Changed

  • Moved LANGUAGE_BASE_IMAGES from daiv_sandbox/main.py to daiv_sandbox/languages.py.

Fixed

  • Changed strategy to determine where the run will execute inside the container. Now the default user and working directory are considered to avoid privileges issues.
Loading

v0.1.0-rc.9

27 Dec 02:37
@srtab srtab
v0.1.0-rc.9
eccb16d
Compare
Choose a tag to compare
v0.1.0-rc.9 Pre-release
Pre-release

Fixed

  • Fixed issue when images have limited privileges.

Chore:

  • Updated dependencies:
    • ipython from 8.30 to 8.31
    • pydantic from 2.10.3 to 2.10.4
    • pydantic-settings from 2.6.1 to 2.7.0
    • ruff from 0.8.2 to 0.8.4
    • mypy from 1.13.0 to 1.14.0
Loading

v0.1.0-rc.8

27 Dec 00:55
@srtab srtab
v0.1.0-rc.8
9b462e3
Compare
Choose a tag to compare
v0.1.0-rc.8 Pre-release
Pre-release

Added

  • Added HOST and PORT settings to allow overriding the host and port of the service.
  • Added LOG_LEVEL setting to allow overriding the log level of the service.

Fixed

  • Fixed logging configuration for daiv_sandbox logger, no logs where being written to the console.
  • Fixed SENTRY_ENABLE_TRACING setting to be a boolean or an integer.
Loading

v0.1.0-rc.7

16 Dec 16:10
@srtab srtab
v0.1.0-rc.7
ee69ba9
Compare
Choose a tag to compare
v0.1.0-rc.7 Pre-release
Pre-release

Added

  • Added ping method to SandboxDockerSession to check if the Docker client is responding.

Changed

  • Changed health endpoint to check if the Docker client is responding and avoid starting the service if it is not responding.
  • Changed default DOCKER_GID to 991.
Loading

v0.1.0-rc.6

12 Dec 01:10
@srtab srtab
v0.1.0-rc.6
25bc63e
Compare
Choose a tag to compare
v0.1.0-rc.6 Pre-release
Pre-release

Added

  • Added SENTRY_ENABLE_TRACING configuration to enable Sentry tracing.
  • Added EXPOSE 8000 to the Dockerfile to explicitly expose the port.

Changed

  • Updated dependencies:
    • ipython from 8.29 to 8.30
    • pyopenssl from 24.2.1 to 24.3.0
    • ruff from 0.8.0 to 0.8.2
Loading

v0.1.0-rc.5

11 Dec 13:15
@srtab srtab
v0.1.0-rc.5
f9c6d79
Compare
Choose a tag to compare
v0.1.0-rc.5 Pre-release
Pre-release

Added

  • Added Dockerfile args to allow overriding the application UID and GID, and docker GID.

Fixed

  • Fixed the Dockerfile to create the app user with the correct group and user IDs to avoid permission issues.
  • Fixed the Dockerfile to create the docker group with the correct GID to allow the app user to access the docker socket.
Loading

v0.1.0-rc.4

07 Dec 13:41
@srtab srtab
v0.1.0-rc.4
c68d688
Compare
Choose a tag to compare
v0.1.0-rc.4 Pre-release
Pre-release

Added

  • Added HEALTHCHECK to the Dockerfile.

Fixed

  • Fixed Dockerfile to create the app user with the correct home directory defined.

Changed

  • Changed /health/ endpoint to /-/health/.
  • Changed /version/ endpoint to /-/version/.
Loading

v0.1.0-rc.3

07 Dec 11:04
@srtab srtab
v0.1.0-rc.3
bbc5c97
Compare
Choose a tag to compare
v0.1.0-rc.3 Pre-release
Pre-release

Changed

  • Improved Dockerfile for production use.
  • Updated dependencies:
    • fastapi;
    • pydantic;
    • sentry-sdk.

Fixed

  • Fixed issue on run_id being passed as an UUID to the SandboxDockerSession class instead of a str.
  • Fixed missing curl dependency on Dockerfile for healthcheck.
Loading