🧪 Sandbox Execution

HelseCLI provides three levels of isolation for executing code. This ensures you can test AI-generated scripts safely.

Sandboxed Execution Environments

HelseCLI implements a hierarchical isolation architecture for code execution, ensuring that AI-generated logic is validated within secure environments.

Isolation Levels

1. Host Runtime (Local)

Logic executes directly within the host system environment.

  • Advantages: Minimal latency; zero configuration requirements.
  • Constraints: No isolation. Potential for unintended filesystem modification or system state changes.
  • Recommended Use: Trusted, non-destructive computational tasks or logic validation.

2. Containerized Isolation (Docker)

Logic executes within a restricted, ephemeral Docker container.

  • Advantages: Robust filesystem isolation. Access to host resources is restricted to explicitly mounted volumes.
  • Constraints: Requires an active Docker daemon on the host machine.
  • Recommended Use: Standard development workflows and validation of unverified AI-generated code.

3. Managed Cloud Sandboxing (E2B)

Logic executes on an ephemeral, secure virtual machine in the cloud.

  • Advantages: Maximum physical and network isolation. Scalable computational resources without local dependency overhead.
  • Constraints: Requires E2_API_KEY and active internet connectivity.
  • Recommended Use: Data-intensive research, high-risk code validation, and headless browser automation.

Environment Configuration

The preferred execution environment can be defined via the environment configuration or project-level settings:

# Environment Configuration (.env)
HELSE_SANDBOX_TYPE=docker

Execution Logic

Upon receiving an instruction to execute logic, HelseCLI performs the following operations:

  1. Packaging: Aggregates the required scripts, dependencies, and contextual data.
  2. Environment Initialization: Deploys the selected sandbox (e.g., initializing a Docker container or E2B instance).
  3. Computation: Executes the defined instruction (e.g., python system_validation.py).
  4. Data Retrieval: Captures standard output, error streams, and generated assets.
  5. Telemetry Reporting: Presents the compiled execution results within the interface.

Research Integration

HelseCLI execution environments are pre-configured with essential scientific and data analysis libraries when utilizing standard Docker images or E2B templates:

  • pandas, numpy, matplotlib, scikit-learn, scipy.

Security Best Practices

  1. Default to Containerization: Docker is the recommended baseline for balancing security and performance.
  2. Pre-Execution Audit: In Standard Mode, the system presents the proposed script for user inspection prior to execution.
  3. Resource Constraints: When utilizing cloud sandboxing (E2B), configure specific timeouts to prevent resource exhaustion from runaway processes.