iliad_code_sandbox
ActiveTool of AXIS Toolbox — Agentic Commerce Codebase Intelligence
AXIS-owned secure code execution. Each call spawns a fresh ephemeral Docker container with hardened isolation: no network, read-only root filesystem, all Linux capabilities dropped, no-new-privileges, PID/memory/CPU limits, tmpfs /tmp only, runs as nobody:nobody. Container is force-removed after each call. Supports python | node | bash via the multi-runtime image `nikolaik/python-nodejs:python3.12-nodejs22-slim` (operator can override via AXIS_CODE_SANDBOX_IMAGE). Returns stdout/stderr/exit_code/timed_out/duration_ms/image. Wall-clock timeout enforced via SIGKILL + force-remove. Source is fed via stdin (no fs write to the read-only root). Code body capped at 256 KiB; stdin at 1 MiB; timeout 1-600 seconds (default 30); stdout/stderr each capped at 1 MiB output. When no Docker daemon is reachable (Render standard services don't expose /var/run/docker.sock), returns a structured `_not_configured: true` envelope with remediation. Engineer mode (X-Agent-Mode: engineer — Verified Exec, $0.25): the result includes an Ed25519-signed attestation binding code-hash → output-hash + a per-account hash-chain entry, so another agent that pins AXIS's published key can verify the run without re-executing it. Requires Authorization: Bearer <api_key>.
Parameters schema
{
"type": "object",
"required": [
"language",
"code"
],
"properties": {
"code": {
"type": "string",
"description": "Source code to execute. Fed via stdin to the interpreter. Max 256 KiB."
},
"stdin": {
"type": "string",
"description": "Optional additional stdin appended after the code body. Max 1 MiB."
},
"language": {
"enum": [
"python",
"node",
"bash"
],
"type": "string",
"description": "Runtime language."
},
"timeout_seconds": {
"type": "number",
"description": "Wall-clock limit. Defaults 30, max 600. SIGKILL on overrun."
}
}
}No endpoints wrapped at confidence ≥ 0.70.
Parent server
AXIS Toolbox — Agentic Commerce Codebase Intelligence
https://github.com/lastmanupinc-hub/Toolbox
1/7 registries