Vấn Đề: LLM Không Thể Chạy Code
LLM chỉ có thể viết code, không thể chạy code. Để verify code hoạt động, cần một execution environment an toàn.
The Sandbox Pattern
Coder Agent → Executor (Sandbox) → Reviewer Agent Feedback loop: Output/Error → Coder để fix
Implementation Options
Option 1: Docker Container (Recommended)
- Isolated environment
- Configurable timeout và resource limits
- Pre-installed dependencies
Option 2: Local Subprocess (Dev Only)
Warning: Local execution có risk nếu LLM generate malicious code!
Option 3: Cloud Sandboxes
- E2B.dev: Managed cloud sandboxes
- Modal: Serverless containers
- Fly.io: Lightweight VMs
AutoGen Integration
Tạo Coder agent viết code, Executor agent (với sandbox) chạy code. Loop cho đến khi code pass tests.
Security Hardening
1. Resource Limits
- Timeout: 30s max
- Memory: 256m
- CPU: 1.0 core
2. Network Isolation
No outbound network by default trong sandbox.
3. Output Sanitization
- Truncate long outputs
- Redact sensitive patterns (api_key, password)
🎯 Production Rule: NEVER execute LLM-generated code directly on production server. Always use sandboxed environments.
