Kubernetes-native / LLM-powered / Live dashboard

Secure AI tool execution
inside Kubernetes sandboxes

Every AI tool invocation runs inside a disposable, isolated Kubernetes pod. Warm pool. Lease-based locking. Zero cross-contamination.

Open Live Dashboard See how it works
pi-sandbox-runtime
$ curl -X POST localhost:3000/chat \
  -d '{"message":"Run pwd and ls in the sandbox"}'

[Sandbox] Waiting for a free pod...
[Sandbox] Acquired pod: sandbox-runner-3
[Sandbox] Command: pwd && ls /workspace
[Sandbox] Exit code: 0 / Duration: 214ms
[Sandbox] Released pod: sandbox-runner-3

> /workspace
> app.js  package.json  node_modules/
8
Warm sandbox pods
15s
Max queue wait
45s
Lease TTL
0
Cross-session leaks
Capabilities

Built for safe AI execution

Every design decision prioritises isolation, correctness, and observability.

01

Kubernetes sandbox execution

Commands run inside isolated pods via kubectl exec. No shared state, no host access, no escape.

02

Warm pod pool

8 pods stay alive and ready. No cold-start penalty; a lease is acquired in milliseconds.

03

Disposable environments

Each tool call gets a fresh execution context. The workspace is an ephemeral emptyDir, gone on release.

04

Filesystem isolation

No hostPath mounts, read-only root, dropped capabilities, and seccompProfile: RuntimeDefault.

05

Session-aware runtime

Every request gets its own agent instance. Conversation history never leaks between users or sessions.

06

Lease-based locking

Kubernetes coordination.k8s.io/v1 Leases with optimistic concurrency prevent any double-booking.

From chat message to sandbox result

Four steps from your prompt to a verified, isolated execution result.

1

POST /chat

Your message hits the Hono server. A unique requestId is generated and telemetry starts tracking.

2

LLM decides

The Pi agent sends your prompt to the LLM. The model decides which commands to run and calls run_in_sandbox.

3

Lease acquired

The Lease Manager finds a free pod via compare-and-swap on a Kubernetes Lease object. If all 8 are busy, it queues with a 15s timeout.

4

Execute and release

The command runs inside the pod via kubectl exec. stdout, stderr, and exit code are captured. The lease is always released in finally.

See it live

Open the runtime dashboard to watch pods lease, queue, and release in real time.

Open Live Dashboard