runtimeuse
mcp
Warn
Health Warn
- License — License: NOASSERTION
- Description — Repository has a description
- Active repo — Last push 0 days ago
- Low visibility — Only 7 GitHub stars
Code Pass
- Code scan — Scanned 12 files during light audit, no dangerous patterns found
Permissions Pass
- Permissions — No dangerous permissions requested
Purpose
This tool provides a runtime environment for executing AI agents inside secure sandboxes, communicating externally via WebSocket connections. It consists of a TypeScript-based server running inside the sandbox and a Python client used to connect to it.
Security Assessment
Overall risk: Medium. The tool is designed to process and execute AI agent tasks, which inherently involves managing sensitive data like OpenAI API keys. The automated code scan (12 files) found no dangerous code patterns, hardcoded secrets, or dangerous permission requests. However, the architecture explicitly allows the agent to download external resources (like GitHub repositories) and run code within the sandbox environment. While this is an isolated container, users should be cautious about what URLs and prompts they pass to the runtime.
Quality Assessment
The project is very new and has extremely low community visibility, currently sitting at only 7 GitHub stars. On the positive side, it is actively maintained, with repository updates pushed as recently as today. The repository includes standard documentation like a README and contribution guidelines. It operates under the FSL-1.1-ALv2 license (the automated scan flagged NOASSERTION, but the documentation explicitly states the license). Note that this is a source-available license rather than a standard open-source one, which may restrict certain commercial use cases.
Verdict
Use with caution—the code itself appears safe and clean, but the low community adoption, non-standard license, and inherent risks of executing and downloading code inside AI sandboxes warrant manual review before integrating into sensitive projects.
This tool provides a runtime environment for executing AI agents inside secure sandboxes, communicating externally via WebSocket connections. It consists of a TypeScript-based server running inside the sandbox and a Python client used to connect to it.
Security Assessment
Overall risk: Medium. The tool is designed to process and execute AI agent tasks, which inherently involves managing sensitive data like OpenAI API keys. The automated code scan (12 files) found no dangerous code patterns, hardcoded secrets, or dangerous permission requests. However, the architecture explicitly allows the agent to download external resources (like GitHub repositories) and run code within the sandbox environment. While this is an isolated container, users should be cautious about what URLs and prompts they pass to the runtime.
Quality Assessment
The project is very new and has extremely low community visibility, currently sitting at only 7 GitHub stars. On the positive side, it is actively maintained, with repository updates pushed as recently as today. The repository includes standard documentation like a README and contribution guidelines. It operates under the FSL-1.1-ALv2 license (the automated scan flagged NOASSERTION, but the documentation explicitly states the license). Note that this is a source-available license rather than a standard open-source one, which may restrict certain commercial use cases.
Verdict
Use with caution—the code itself appears safe and clean, but the low community adoption, non-standard license, and inherent risks of executing and downloading code inside AI sandboxes warrant manual review before integrating into sensitive projects.
Run AI agents inside sandboxes over WebSockets
README.md
runtimeuse
Run AI agents inside sandboxes and communicate with them over WebSocket.
| Package | Language | Role | Install |
|---|---|---|---|
runtimeuse |
TypeScript | Agent runtime (runs inside the sandbox) | npm install runtimeuse |
runtimeuse-client |
Python | Client (connects from outside the sandbox) | pip install runtimeuse-client |
Quick Start
1. Start the runtime (inside a sandbox)
export OPENAI_API_KEY=your_openai_api_key
npx -y runtimeuse@latest
This starts a WebSocket server on port 8080 using the default OpenAI handler. For fuller Claude-based sandbox examples, see examples/.
2. Connect from Python
import asyncio
from runtimeuse_client import (
QueryOptions,
RuntimeEnvironmentDownloadableInterface,
RuntimeUseClient,
TextResult,
)
WORKDIR = "/runtimeuse"
async def main():
client = RuntimeUseClient(ws_url="ws://localhost:8080")
result = await client.query(
prompt="Summarize the contents of the codex repository.",
options=QueryOptions(
system_prompt="You are a helpful assistant.",
model="gpt-5.4",
pre_agent_downloadables=[
RuntimeEnvironmentDownloadableInterface(
download_url="https://github.com/openai/codex/archive/refs/heads/main.zip",
working_dir=WORKDIR,
)
],
),
)
assert isinstance(result.data, TextResult)
print(result.data.text)
asyncio.run(main())
See the runtime README and client README for full API docs.
Contributing
See CONTRIBUTING.md for local setup, package-specific development commands, and the recommended checks to run before opening a PR.
License
Reviews (0)
Sign in to leave a review.
Leave a reviewNo results found