Skip to content

Enforce hard sandbox quota ceilings and durable tenant quota accounting#189

Merged
seanwevans merged 2 commits intomainfrom
codex/implement-hard-quotas-enforcement-in-sandbox
Apr 21, 2026
Merged

Enforce hard sandbox quota ceilings and durable tenant quota accounting#189
seanwevans merged 2 commits intomainfrom
codex/implement-hard-quotas-enforcement-in-sandbox

Conversation

@seanwevans
Copy link
Copy Markdown
Owner

@seanwevans seanwevans commented Apr 21, 2026

Motivation

  • Quotas must be hard ceilings (not advisory) so sandboxed guests cannot exceed CPU, memory, wall time, open files, network ops, output size, or concurrent child work.
  • Tenant-level sustained limits must persist across crashes/restarts via durable accounting to prevent quota circumvention.
  • Violations must surface clear, programmatically distinguishable termination reasons for diagnostics and alerting.

Description

  • Added new quota exception classes in pyisolate/errors.py: WallTimeExceeded, OpenFilesExceeded, NetworkExceeded, OutputExceeded, ChildWorkExceeded, and TenantQuotaExceeded, and exported them from the package API via pyisolate/__init__.py.
  • Implemented hard-stop enforcement inside SandboxThread (pyisolate/runtime/thread.py): wall-clock preemption via a tracing guard (sys.settrace), open-file accounting with weakref.finalize on opened file objects, network-op counting in guarded socket connects, output-byte accounting in a _post wrapper, and concurrent child-work limits by wrapping threading.Thread.start; recorded the terminal cause in termination_reason.
  • Extended Supervisor/Sandbox (pyisolate/supervisor.py) to accept and pass through the new per-sandbox quota knobs, exposed Sandbox.termination_reason, and implemented durable tenant accounting using an append-only ledger file configured by the PYISOLATE_QUOTA_LEDGER environment variable that is replayed at startup and updated on spawn (raising TenantQuotaExceeded when exhausted).
  • Added and updated tests covering hard quota behavior and durable tenant limits in tests/test_thread_quota.py and tests/test_supervisor.py.

Testing

  • Ran PYTHONPATH=. pytest -q tests/test_thread_quota.py tests/test_supervisor.py and verified the test suite completed successfully.
  • Ran verbose module runs PYTHONPATH=. pytest -q tests/test_supervisor.py -vv and PYTHONPATH=. pytest -q tests/test_thread_quota.py -vv, both of which passed; final run reported 30 passed.

Codex Task

@seanwevans seanwevans merged commit 00c3ee5 into main Apr 21, 2026
@seanwevans seanwevans deleted the codex/implement-hard-quotas-enforcement-in-sandbox branch April 21, 2026 12:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

codex

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@seanwevans