A secure, open-source code interpreter API that provides sandboxed code execution using nsjail for isolation. Compatible with LibreChat's Code Interpreter API.
Get up and running in minutes by building the execution environment.
-
Clone the repository
git clone https://github.com/usnavy13/LibreCodeInterpreter.git cd LibreCodeInterpreter -
Setup environment
cp .env.example .env # The default settings work out-of-the-box for local development -
Build the unified Docker image
docker build -t code-interpreter:nsjail .This builds a single image containing all 13 language runtimes and nsjail for sandboxed execution.
-
Start the API
docker compose up -d
The API will be available at http://localhost:8000.
Visit http://localhost:8000/docs for the interactive API documentation.
A built-in admin dashboard is available at http://localhost:8000/admin-dashboard for monitoring and management:
- Overview: Real-time execution metrics, success rates, and performance graphs
- API Keys: Create, view, and manage API keys with rate limiting
- System Health: Monitor Redis, MinIO, and sandbox pool status
The dashboard requires the master API key for authentication.
- Multi-language Support: Execute code in 13 languages - Python, JavaScript, TypeScript, Go, Java, C, C++, PHP, Rust, R, Fortran, D, and Bash
- Sub-50ms Python Execution: Pre-warmed REPL sandboxes achieve ~20-40ms latency for simple Python code
- Sandbox Pool: Pre-warmed nsjail sandboxes provide ~3ms acquisition time (vs 500-2000ms cold start)
- High Concurrency: Thread-safe execution supporting 10+ concurrent requests
- Secure Execution: nsjail-based sandboxed environments with namespace isolation, seccomp, and resource limits
- Programmatic Tool Calling (PTC): Enables AI agents to execute code that invokes external tools mid-execution via
POST /exec/programmatic, with multi-round continuation support - File Management: Upload, download, and manage files within execution sessions
- Session Management: Redis-based session handling with automatic cleanup
- S3-Compatible Storage: MinIO integration for persistent file storage
- Authentication: API key-based authentication for secure access
- HTTPS/SSL Support: Optional SSL/TLS encryption with automatic HTTP to HTTPS redirection
- Health Monitoring: Comprehensive health check endpoints for all dependencies
- Metrics Collection: Execution and API metrics for monitoring and debugging
- Unicode Support: Full Unicode filename support in file downloads
- Structured Logging: JSON-formatted logs with configurable levels and destinations
- CORS Support: Optional cross-origin resource sharing for web clients
- Orphan Cleanup: Automatic cleanup of orphaned storage objects
The LibreCodeInterpreter is built with a focus on security, speed, and scalability. It uses a combination of FastAPI for the web layer, nsjail for sandboxed execution, and Redis for session management.
Key features include:
- Sandbox Pooling: Pre-warmed nsjail sandboxes for sub-50ms execution.
- Isolated Execution: Each execution runs in its own nsjail sandbox with namespace isolation.
- Session Persistence: Optional state persistence for Python sessions across executions.
For a deep dive into the system design, components, and request flows, see ARCHITECTURE.md.
The API provides endpoints for code execution, file management, and session state control.
POST /exec: Execute code in one of the 13 supported languages.POST /exec/programmatic: Execute code with Programmatic Tool Calling (PTC) support for AI agent workflows.POST /upload: Upload files for processing.GET /download: Retrieve generated files.
Interactive documentation is available at http://localhost:8000/docs when the server is running.
For detailed information on all endpoints and specific language notes, see ARCHITECTURE.md.
We support 13 programming languages including Python, JavaScript, TypeScript, Go, Rust, Bash, and more. Each language has optimized execution paths and resource limits.
See the Supported Languages list for details on versions and included libraries.
The service is highly configurable via environment variables.
| Category | Description |
|---|---|
| API | Host, port, and security settings. |
| Storage | Redis and MinIO/S3 connection details. |
| Resources | Per-execution memory, CPU, and time limits. |
| Pools | Sandbox pool sizing and warmup settings. |
A full list of configuration options and a production checklist can be found in CONFIGURATION.md.
For detailed instructions on setting up your local environment, running tests, and building custom images, please refer to the Development Guide.
Quick test command:
pytest tests/unit/For comprehensive testing details, see TESTING.md.
- All code execution happens in nsjail sandboxes with namespace isolation
- PID, mount, and network namespaces isolate each execution
- Seccomp syscall filtering restricts available system calls
- Cgroup-based resource limits prevent CPU, memory, and process exhaustion
- rlimits restrict file sizes, open file descriptors, etc.
- Code runs as a shared non-root sandbox user (default uid
1001, configurable withSANDBOX_UID) - Read-only bind mounts for language runtimes and libraries
- API key authentication protects all endpoints
- Input validation prevents injection attacks
Please see SECURITY.md for our security policy and reporting instructions.
We welcome contributions! Please see CONTRIBUTING.md for details on how to get started, our code of conduct, and the pull request process.
This project is licensed under the Apache License 2.0 - see the LICENSE file for details.