VAREK: A Deterministic LLVM Sandbox for Secure CodeAgent Execution #2200
kwdoug63
started this conversation in
Show and tell
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I've been exploring the CodeAgent architecture and wanted to address the security bottleneck of executing dynamic Python. I've integrated VAREK to provide a physical, deterministic boundary.
Instead of software-level parsing, it compiles the agent's Python output to LLVM IR and snaps the execution at the machine-code level if it detects unauthorized system calls.
I've put together a notebook showing the circuit breaker blocking an os.environ attack in <10ms: https://github.com/kwdoug63/varek/blob/main/04-huggingface-smolagents-sandbox.ipynb
Curious to get the team's thoughts on using this as a standard hardening layer for enterprise deployments.
Beta Was this translation helpful? Give feedback.
All reactions