# TOOL-EXEC-Lite (Monty)

This is the "lite" execution lane for ThreeGate.

## Why Monty?
Monty is a minimal, secure Python-subset interpreter intended to run agent-written code
without a full container/VM sandbox. It blocks filesystem/env/network access unless
explicitly provided via "external functions".

## Constraints (current stub)
- backend: monty
- language: python
- network: none
- external functions: none
- file inputs/outputs: not supported (stdio only)
- strict size/time limits (best-effort; hard limits are future work)

## Install (developer environment)
Monty’s Python package is `pydantic-monty`:

    pip install pydantic-monty

or

    uv add pydantic-monty

## Execution model (stub)
- Tool Request contains a `## Code` section with Python subset code.
- Runner executes code with Monty and captures:
  - return value (Monty output)
  - stdout/stderr (captured by runner)
- Emits Tool Result markdown + stdout/stderr artifacts.

## Roadmap (security-reviewed increments)
1) Add resource limits via Monty trackers (time/memory/allocations/stack depth).
2) Add allowlisted external functions (pure functions first: json/regex/hash).
3) Add "iterative external calls" mode (MontySnapshot resume) with explicit operator gating.