38 lines
1.2 KiB
Markdown
38 lines
1.2 KiB
Markdown
# TOOL-EXEC-Lite (Monty)
|
||
|
||
This is the "lite" execution lane for ThreeGate.
|
||
|
||
## Why Monty?
|
||
Monty is a minimal, secure Python-subset interpreter intended to run agent-written code
|
||
without a full container/VM sandbox. It blocks filesystem/env/network access unless
|
||
explicitly provided via "external functions".
|
||
|
||
## Constraints (current stub)
|
||
- backend: monty
|
||
- language: python
|
||
- network: none
|
||
- external functions: none
|
||
- file inputs/outputs: not supported (stdio only)
|
||
- strict size/time limits (best-effort; hard limits are future work)
|
||
|
||
## Install (developer environment)
|
||
Monty’s Python package is `pydantic-monty`:
|
||
|
||
pip install pydantic-monty
|
||
|
||
or
|
||
|
||
uv add pydantic-monty
|
||
|
||
## Execution model (stub)
|
||
- Tool Request contains a `## Code` section with Python subset code.
|
||
- Runner executes code with Monty and captures:
|
||
- return value (Monty output)
|
||
- stdout/stderr (captured by runner)
|
||
- Emits Tool Result markdown + stdout/stderr artifacts.
|
||
|
||
## Roadmap (security-reviewed increments)
|
||
1) Add resource limits via Monty trackers (time/memory/allocations/stack depth).
|
||
2) Add allowlisted external functions (pure functions first: json/regex/hash).
|
||
3) Add "iterative external calls" mode (MontySnapshot resume) with explicit operator gating.
|