Diagram 1: Remote architecture overview
Start the server
- CLI
- CLI (env key)
If
--key and ISOL8_API_KEY are both missing, startup fails. --key takes precedence when provided.Port resolution order is
--port > ISOL8_PORT > PORT > 3000. If the chosen port is unavailable, isol8 serve prompts for another port or can auto-select an open port.Serve runtime behavior
isol8 serve has two startup paths:
- Bun/dev path: runs server in-process.
- Built CLI (Node) path: downloads/runs standalone
isol8-serverbinary and can prompt for version update. - Both paths run graceful cleanup on
SIGINT/SIGTERM(sessions, containers, and images).
isol8 serve --update to force binary re-download.
Authentication contract
GET /health: no auth required.- all other endpoints: require
Authorization: Bearer <api-key>.
| Status | Meaning |
|---|---|
401 | Authorization header missing |
403 | token provided but invalid |
Where remote values are set
| Concern | CLI | Config | API body | Library |
|---|---|---|---|---|
| Server listen/auth | isol8 serve --port --key | API key can come from env (ISOL8_API_KEY) | n/a | n/a |
| Server defaults | n/a | defaults.*, maxConcurrent, cleanup.*, security.* | merged with request options | n/a |
| Request overrides | isol8 run --host --key ... flags | baseline defaults only | options in /execute body | new RemoteIsol8(..., isol8Options) |
| Persistent session | isol8 run --persistent --host ... | cleanup policy affects idle sessions | sessionId | RemoteIsol8Options.sessionId |
Request envelope
Remote execution endpoints use this shape:options are merged over server defaults for that request.
Execute remotely
- API
- Library
- CLI
Persistent sessions
A stablesessionId reuses one container across calls.
- API
- Library
- CLI
Auto-pruning setup (idle session cleanup)
The server runs a periodic cleanup loop whencleanup.autoPrune is enabled.
- sweep interval: every
60_000ms (60s) - idle threshold:
cleanup.maxContainerAgeMs - active sessions are skipped while executing (
isActive === true) lastAccessedAtis refreshed on execute and file upload/download calls
Defaults
cleanup.autoPrune:truecleanup.maxContainerAgeMs:3_600_000(1 hour)
Configure in isol8.config.json
Practical tuning guidance
- shorter idle timeout (
5mto30m): lower container footprint, more frequent cold session starts - longer idle timeout (
1hto24h): better session reuse, higher idle resource usage - disable auto-prune only if you have explicit lifecycle management (for example always calling
DELETE /session/:id)
Streaming behavior
POST /execute/streamemits SSE events (stdout,stderr,exit,error).- current server implementation always uses ephemeral mode for streaming path.
Sending
sessionId to /execute/stream does not create persistent streaming sessions in current implementation.File APIs (persistent sessions only)
POST /file: upload base64 content to session containerGET /file?sessionId=...&path=...: download base64 content
- API
- Library
Operations checklist
- keep strict defaults in
isol8.config.json(network: "none"by default) - size
maxConcurrentto host capacity - configure cleanup pruning for session-heavy workloads
- place TLS/rate limiting in front of the service
- enable audit logging when provenance/compliance is required
FAQ
Why do I get 401 vs 403?
Why do I get 401 vs 403?
401 means missing Authorization header. 403 means token provided but it does not match server API key.What does RemoteIsol8.stop() do?
What does RemoteIsol8.stop() do?
If a
sessionId is configured, it calls DELETE /session/{id}. Without sessionId, there is no session to delete.Can file endpoints work without sessionId?
Can file endpoints work without sessionId?
No. File upload/download are bound to a persistent session container.
Troubleshooting
- Server start fails with API key error: pass
--keyor setISOL8_API_KEY. Session not foundon file calls: create session first via/executewith the samesessionId.- Session state unexpectedly gone: check prune settings in
cleanup.autoPruneandcleanup.maxContainerAgeMs. - Remote request hangs under load: inspect
maxConcurrentqueueing and host saturation.