@shwet_gaur
Truthful solution, partial lately, hardening at the roadmap. Price being in advance since you’d really feel this on day 1 of a self-host.
Nowadays (v0.1):
– Guide kill by way of DELETE /v1/periods/{identity}, cancels the orchestrator and destroys the container.
– TTL reaper, set ttl_seconds at consultation create; expired periods get terminated each 60s.
– Comfortable interrupt, a consumer.interrupt tournament stops the type loop between device calls (does not kill the container).
– Community isolation, two Docker networks: linchpin-none (no egress) and linchpin-open.
What is lacking is the true useful resource caps:
– No CPU / reminiscence / PID / disk limits at the sandbox container.
– No exec timeout, a shell command within the sandbox can run perpetually.
– No per-session iteration or token funds past TTL.
So lately: trusted-environment self-host. A misbehaving agent can pin CPU or fill RAM till the host complains. The kill transfer works, however provided that you (or the TTL) pull it.
Sandbox hardening, cgroup caps, exec time limits, a hard-kill interrupt, not obligatory iteration budgets, is at the roadmap. Placing up a numbered liberate document for it this week and linking it from the README so it is visual.
Excellent query, that is the space a self-hoster hits first.
