ck_execute_code
Executes generated code in a Docker sandbox with default restricted permissions, validates source code before execution, and supports dry-run mode for planning.
Instructions
Execute generated code only inside a configured non-local sandbox. Defaults to Docker, denies network/filesystem/secrets/shell/deploy, validates source first, and supports dry_run for planning.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | Generated source code to validate and execute in the sandbox. | |
| dry_run | No | When true, validate and plan without executing the actual operation. | |
| sandbox | No | Execution sandbox. Local host execution is intentionally unsupported. | |
| task_id | No | ||
| language | No | Runtime language. Defaults to javascript. | |
| risk_tier | No | Security sensitivity of the task. Default: medium. | |
| session_id | No | Unique session identifier for correlating findings, proofs, budget, and audit trail. | |
| timeout_ms | No | Timeout in milliseconds. | |
| allowed_env_vars | No | List of environment variable names to expose from the host environment into the sandbox. Explicit env vars take precedence over host env vars. If empty, no host environment variables are exposed. | |
| max_output_bytes | No | Maximum size in bytes for captured output. | |
| network_allowlist | No | ||
| requested_capabilities | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| output | No | ||
| policy | No | ||
| allowed | No | ||
| command | No | ||
| dry_run | No | ||
| sandbox | No | ||
| language | No | ||
| validation | No | ||
| exit_status | No | ||
| proof_artifacts | No | ||
| output_truncated | No |