Skip to main content
Migration: CLI is now @isol8/cli (installed as isol8 command), library is @isol8/core.
isol8 is a secure code execution engine for untrusted code.
If you are new to isol8, follow Quickstart first, then read Execution guide before tuning configuration or performance.

Why this matters

isol8 is built around three priorities that matter in real usage:

Speed

Warm container pools reduce startup overhead; current warm-pool median TTI is about 0.12s-0.15s across runtimes.

Safety

Code runs in isolated containers with strict limits, network controls, and output sanitization by default.

Simplicity

Start with a single command, then layer on advanced controls only when you need them.
isol8 can be as simple as you want and as complex as you need.

Core features

Multi-runtime isolation

Execute Python, Node.js, Bun, Deno, and Bash code inside isolated Docker sandboxes.

Execution modes

Use ephemeral runs for clean isolation or persistent sessions when you need stateful workflows.

Warm container pools

Choose pool strategies (fast, secure) to reduce startup overhead while preserving controls.

Network controls

Enforce filtered networking with proxy rules plus iptables restrictions to prevent bypass.

Remote server + client

Run isol8 as an HTTP service with streaming execution and session/file APIs.

Audit + observability

Capture resource and audit logs for visibility, compliance, and incident analysis.

Resource guardrails

Enforce timeouts, memory limits, CPU limits, and process caps for predictable execution.

Secrets + output safety

Mask sensitive values in output and cap output volume to reduce leak and overload risk.

Package installation

Install runtime-specific dependencies per execution without managing long-lived environments.

CLI + library + API

Use the same engine through commands, TypeScript APIs, or remote HTTP endpoints.

Verified remote code

Fetch code from URLs/GitHub/Gists with policy controls and optional hash verification.

Speed and performance

isol8 is designed for low-friction execution loops:
  • Warm pools reduce container startup overhead for repeated executions.
  • Pool strategies let you choose between maximum throughput (fast) and stronger cleanup guarantees (secure).
  • Setup is idempotent, so image preparation can be safely reused across local runs and CI jobs.

Performance guide

Understand tuning knobs, pool behavior, and runtime tradeoffs.

TTI benchmarks

Review startup and execution timing data across modes and runtimes.

Start here

Quickstart

Install and run your first execution.

Execution guide

Learn request fields, modes, and streaming behavior.

Option mapping

See exactly where each option is configured.

Troubleshooting

Fix common runtime and server issues.

Architecture

Architecture

Internal execution pipeline, pool lifecycle, and security boundaries.

FAQ

Start with Quickstart, then move to How to CLI for flag-level details.
Read Execution guide for behavior and lifecycle. Read Option mapping to map each option to CLI, config, API, and library inputs.
Use Remote server and client for endpoint usage patterns and request examples.

Troubleshooting quick checks

  • Unsure which page to use: start from Quickstart, then follow the “Next steps” cards on each page.
  • Command works differently than expected: verify where the value is set in Option mapping.
  • Execution failures: use Troubleshooting for symptom-based fixes.