Skip to main content

Documentation Index

Fetch the complete documentation index at: https://secureexec.dev/docs/llms.txt

Use this file to discover all available pages before exploring further.

Example on GitHub

Runnable example for CPU and memory limits.
Resource limits prevent sandboxed code from running forever or exhausting host memory.

Runnable example

import {
  NodeRuntime,
  createNodeDriver,
  createNodeRuntimeDriverFactory,
} from "../../../packages/secure-exec/src/index.ts";

const runtime = new NodeRuntime({
  systemDriver: createNodeDriver(),
  runtimeDriverFactory: createNodeRuntimeDriverFactory(),
  memoryLimit: 64,
  cpuTimeLimitMs: 100,
});

try {
  const safeRun = await runtime.exec(`
    console.log("resource-limits-ok");
  `);

  const timedOut = await runtime.exec("while (true) {}");

  const success =
    safeRun.code === 0 &&
    timedOut.code === 124 &&
    (timedOut.errorMessage?.includes("CPU time limit exceeded") ?? false);

  console.log(
    JSON.stringify({
      ok: success,
      safeCode: safeRun.code,
      timeoutCode: timedOut.code,
      errorMessage: timedOut.errorMessage,
      summary: "normal code completed and an infinite loop hit the CPU limit",
    }),
  );
} finally {
  runtime.dispose();
}
Source: examples/features/src/resource-limits.ts

CPU time limit

Set a CPU time budget in milliseconds. When exceeded, the execution exits with code 124. 
const runtime = new NodeRuntime({
  systemDriver: createNodeDriver(),
  runtimeDriverFactory: createNodeRuntimeDriverFactory(),
  cpuTimeLimitMs: 5000, // 5 seconds
});

const result = await runtime.exec("while (true) {}");
console.log(result.code); // 124
console.log(result.errorMessage); // "CPU time limit exceeded"
You can also override per execution: 
await runtime.exec("while (true) {}", {
  cpuTimeLimitMs: 1000, // tighter limit for this call
});

Memory limit

Cap isolate memory in MB. Default is 128. 
const runtime = new NodeRuntime({
  systemDriver: createNodeDriver(),
  runtimeDriverFactory: createNodeRuntimeDriverFactory(),
  memoryLimit: 64, // 64 MB
});

Payload limits

The bridge enforces size limits on data crossing the isolate boundary. Oversized payloads are rejected with ERR_SANDBOX_PAYLOAD_TOO_LARGE instead of exhausting host memory. 
const runtime = new NodeRuntime({
  systemDriver: createNodeDriver(),
  runtimeDriverFactory: createNodeRuntimeDriverFactory(),
  payloadLimits: {
    base64TransferBytes: 10 * 1024 * 1024, // 10 MB for file transfers
    jsonPayloadBytes: 5 * 1024 * 1024, // 5 MB for JSON payloads
  },
});
Hosts can tune these limits within bounded safe ranges but cannot disable enforcement.

Timing mitigation

High-resolution timers are frozen by default to mitigate timing side-channel attacks. 
// Default: frozen timers
const secure = new NodeRuntime({
  systemDriver: createNodeDriver(),
  runtimeDriverFactory: createNodeRuntimeDriverFactory(),
  timingMitigation: "freeze", // default
});

// Opt out for Node-compatible advancing clocks
const compatible = new NodeRuntime({
  systemDriver: createNodeDriver(),
  runtimeDriverFactory: createNodeRuntimeDriverFactory(),
  timingMitigation: "off",
});
In "freeze" mode:
  • Date.now() and performance.now() return frozen values within an execution
  • process.hrtime() and process.uptime() follow the hardened path
  • SharedArrayBuffer is unavailable
See the Security Model for more on timing hardening and trust boundaries.