Every AI tool invocation runs inside a disposable, isolated Kubernetes pod. Warm pool. Lease-based locking. Zero cross-contamination.
Every design decision prioritises isolation, correctness, and observability.
Commands run inside isolated pods via kubectl exec. No shared state, no host access, no escape.
8 pods stay alive and ready. No cold-start penalty; a lease is acquired in milliseconds.
Each tool call gets a fresh execution context. The workspace is an ephemeral emptyDir, gone on release.
No hostPath mounts, read-only root, dropped capabilities, and seccompProfile: RuntimeDefault.
Every request gets its own agent instance. Conversation history never leaks between users or sessions.
Kubernetes coordination.k8s.io/v1 Leases with optimistic concurrency prevent any double-booking.
Four steps from your prompt to a verified, isolated execution result.
Your message hits the Hono server. A unique requestId is generated and telemetry starts tracking.
The Pi agent sends your prompt to the LLM. The model decides which commands to run and calls run_in_sandbox.
The Lease Manager finds a free pod via compare-and-swap on a Kubernetes Lease object. If all 8 are busy, it queues with a 15s timeout.
The command runs inside the pod via kubectl exec. stdout, stderr, and exit code are captured. The lease is always released in finally.
Open the runtime dashboard to watch pods lease, queue, and release in real time.
Open Live Dashboard