DifySandbox

Introduction

DifySandbox is a lightweight, fast, and secure code execution environment that supports multiple programming languages, including Python and Node.js. It serves as the underlying execution environment for various components in Dify Workflow, such as the Code node, Template Transform node, Jinja2 syntax in LLM nodes, and the Code Interpreter in Tool nodes. DifySandbox ensures system security while enabling Dify to execute user-provided code.

Features

  • Multi-language Support: DifySandbox is built on Seccomp, a system-level solution that enables support for multiple programming languages. Currently, it supports Python and Node.js.

  • System Security: It implements a whitelist policy, allowing only specific system calls to prevent unexpected security breaches.

  • File System Isolation: User code runs in an isolated file system environment.

  • Network Isolation:

    • DockerCompose: Utilizes a separate Sandbox network and proxy containers for network access, maintaining intranet system security while offering flexible proxy configuration options.

    • K8s: Network isolation strategies can be directly configured using Egress policies.

Installation Dependencies

Before installing and deploying the DifySandbox project, ensure your system meets the following dependency requirements:

  1. System Dependencies

Execute the appropriate commands based on your Linux distribution to install necessary system components:

  • Ubuntu/Debian

sudo apt-get update
sudo apt-get install pkg-config gcc libseccomp-dev git wget

  • CentOS

sudo yum install pkgconfig gcc libseccomp-devel git wget

  1. Go Environment

Install Go development environment (recommended Go 1.20.6 or higher):

# Install Go 1.20.6
sudo apt-get install -y golang-1.20.6

Verify installation:

go version  # Displays the installed Go version

  1. Python Environment Configuration

Sandbox Environment Preparation

Python 3.10 or higher is recommended.

Pre-installed Dependency Management

DifySandbox comes pre-configured with the following Python dependencies:

  • http - Basic networking library

  • jinja2 - Template engine for LLM prompt processing

  • requests - HTTP client library

Adding Custom Dependencies

If you need additional Python dependencies, follow these steps:

  1. Locate the dependencies/python-requirements.txt file in the project root directory.

  2. Add the required package names and versions to the file. If permission changes are involved, refer to the FAQ.

  3. Rebuild DifySandbox.

Adding new dependencies may introduce additional permission requirements. Please carefully evaluate security implications. Do not change permission configurations if you cannot fully assess the potential security risks.

Contribution

You can refer to the Contribution Guide to participate in the development of DifySandbox.

PreviousBackendNextContribution Guide

Last updated