packages/llmz/examples/18_worker_security/README.md
The code generated by LLMz runs in a hardened Node.js isolate. Each iteration is sandboxed in its own isolated VM context with strict execution limits.
LLMz runs entirely locally. It does not:
Instead, it uses V8 Isolates β the same secure sandboxing technology used by Chrome, Edge, and other modern browsers to run extensions, untrusted scripts, and web pages in separate memory-safe environments.
This gives LLMz the same low-level isolation primitives trusted at internet scale β but applied locally, with full control.
require, process, Buffer, setImmediate are not defined.console, globalThis, this.constructor are locked down or sanitized.| Category | Attack | Status |
|---|---|---|
| Filesystem | rm -rf /, fs.writeFileSync, fs.readFileSync | β require is blocked β file system access denied |
| Process Access | process.env, process.cwd() | β process is not defined |
| Require Abuse | Native module loading, require.cache, hijacking require() | β require is not defined |
| Infinite Loops | while (true), recursion, memory growth | β
Terminated by timeout or memory cap (execution_error, Isolate disposed) |
| Global Escape | this.constructor.constructor('return process')() | β this.constructor is undefined |
| Async Resource Loops | setImmediate, Promise flood | β setImmediate not defined, Promises fail to clone |
| Buffer Abuse | Buffer.allocUnsafe(...) | β Buffer is not defined |
| Global Leak Attempts | globalThis, console hijacking | β Execution fails or isolate gets killed |
You should not run arbitrary user-submitted code (e.g. copy-pasted by users, not generated by LLMz) next to your production backend β even inside LLMz.
While LLMz provides a robust sandbox, it is not a complete isolation layer suitable for multi-tenant production security.
On Botpress Cloud, each customer runs:
Thatβs the level of defense-in-depth required to run unknown code safely at scale.