docs/install/guarantees/execution-isolation.mdx
User code in one flow cannot read another flow's code, memory, environment, or files. Each flow executes in its own isolated environment.
<Note> This is one of the Activepieces execution guarantees for the [recommended production setup](/install/configure-operate/production-setup). For the full scope and Cloud parity, see [Crash Recovery](./crash-recovery). </Note>Two layers stack:
AP_EXECUTION_MODE: V8/code isolation for multi-tenant, or kernel-namespace isolation. See Sandboxing for how each mode works and its trade-offs.AP_WORKER_CONCURRENCY=1 there is only ever one flow in a container, so even the container's filesystem and memory belong to a single flow.This is execution isolation between flows: code, memory, and filesystem. It is distinct from tenant data isolation at the query layer (every database query scoped to projectId / platformId), which is an application-level guarantee enforced in the API, not by the sandbox. For that, see the security documentation.
Choosing the right sandbox is the most important security decision for multi-tenant deployments; a weaker AP_EXECUTION_MODE narrows this guarantee.
| Variable | Recommended | Effect |
|---|---|---|
AP_EXECUTION_MODE | V8 / code sandboxing for multi-tenant | How user code is isolated from the host and other flows |
AP_WORKER_CONCURRENCY | 1 | One flow per container, no shared filesystem or memory |
See Sandboxing Mode to set the value.