A36 · Design a Code Execution Sandbox for Claude A36 · 为 Claude 设计代码执行沙箱
Verified source经核实出处
Anthropic Computer Use / Code Execution features live. Asked at onsites. Credibility A.
Architecture架构
flowchart LR AgentLoop --> Dispatch Dispatch --> VM[Firecracker microVM] VM --> EGRESS[Egress proxy] VM --> FS[(Ephemeral FS)] VM --> ART[(Artefact collector)] ART --> AgentLoop
Key decisions关键决策
- **MicroVM per session**, see O37 for base architecture.**每会话一台 microVM**,基础架构见 O37。
- **Three network modes**: none (default), allow-list, full (enterprise only, logged).**三种网络模式**:无(默认)、白名单、完全(仅企业,审计)。
- **Artifact capture**: stdout/stderr/image/HTML returned; binary artefacts via signed URL.**产物捕获**:stdout/stderr/图像/HTML 回传;二进制经签名 URL。
- **Prompt-injection defense**: tool outputs rendered in a quoted frame and re-scanned before feeding back.**防注入**:工具输出放入引用帧,回灌前再次扫描。
Follow-ups追问
- Long-running scripts? checkpointable; VM can suspend to disk.长时脚本?可 checkpoint;VM 可挂起到磁盘。
- Reusing state across tool calls? per-thread volume mounted in each VM.跨工具复用状态?每 thread 卷挂载到 VM。