goboxd is an HTTP service written in Go that compiles and runs untrusted code inside isolated sandboxes and returns the result. Optional test cases can be supplied to assert behaviour against expected output. It is built for safe execution of code across many languages, with strict isolation, bounded concurrency, and a plug and play language registry.
- Plug and play language registry driven by YAML
- Process isolation using Linux namespaces and cgroups
- Bounded concurrency with request queuing
- Fully containerised for local development and deployment
- Per request resource limits for time, memory, and processes
- Liveness and readiness probes for orchestration
- Docker with Compose v2
No Go toolchain or system dependencies are required on the host. Everything runs in containers.
git clone https://github.com/thesouldev/goboxd.git
cd goboxd
make buildmake run # start the service on :8080
make test # run unit tests
make integration # run end to end tests
make lint # run static analysis.
├── cmd/goboxd/ binary entry point
├── internal/ private application packages
├── docs/ api, languages, security, benchmarks, architecture
└── tests/ integration tests
Contributions are welcome. Open an issue to discuss substantial changes before sending a pull request.
This project is distributed under the GNU General Public License v3.0. See LICENSE for the full text.