Ephemeral VM
isolation-constraint · v1.0.0
Single-use VM destroyed on task completion. Strongest practical isolation for untrusted execution.
Isolation
- Process
vm- Network
allowlist- Filesystem
tmpfs- Scoped paths
/workspace
isolation-constraint · v1.0.0
Single-use VM destroyed on task completion. Strongest practical isolation for untrusted execution.
vmallowlisttmpfs/workspace