Sandboxing AI agents, 100x faster
19 points by kentonv 6 hours ago | 3 comments
  • tosh 6 hours ago |
    Let's say I have a bunch of objects (e.g. parquet) in R2, can the agent mount them? Or how do I best give the agent access to the objects? HTTP w/ signed urls? Injecting the credentials?
    • kentonv 6 hours ago |
      Dynamic Workers don't have a built-in filesystem, but you can give them access to one.

      What you would do is give the Worker a TypeScript RPC interface that lets it read the files -- which you implement in your own Worker. To give it fast access, you might consider using a Durable Object. Download the data into the Durable Object's local SQLite database, then create an RPC interface to that, and pass it off to the Dynamic Worker running on the same machine.

      See also this experimental package from Sunil that's exploring what the Dynamic Worker equivalent of a shell and a filesystem might be:

      https://www.npmjs.com/package/@cloudflare/shell

  • est 5 hours ago |
    slightly related, if you need a safe python sandbox instead of eval(), you can try

    eval(YOUR_CODE.replace('__', ''), {'__builtins__': None}, {})

    I saw this trick on reddit many years ago and wrote a blog last month https://blog.est.im/2026/stdout-09

    I wasn't able to crack this sandbox, and neither could opus-4.6-thinking.

    This sandbox won't protect you from DoS, but I think it's reasonably safe to use it for AI tool calls. Just expose your MCP/RPC methods in the last {} and you are good.