PandaAI 3.0 is currently in beta. This documentation reflects the latest features and functionality, which may evolve before the final release.

Code Execution and Sandbox Environment

PandaAI executes Python code that is generated by Large Language Models (LLMs). While this provides powerful data analysis capabilities, it’s crucial to understand the security implications, especially in production use cases where your application might be exposed to potential malicious attacks.

Why Use a Sandbox?

When building applications that allow users to interact with PandaAI, there’s a potential risk that malicious users might attempt to manipulate the LLM into generating harmful code. To mitigate this risk, PandaAI provides a secure sandbox environment with the following features:

  • Isolated Execution: Code runs in a completely isolated Docker container
  • Offline Operation: The sandbox runs entirely offline, preventing any external network requests
  • Resource Limitations: Strict controls on system resource usage
  • File System Isolation: Protected access to the file system

Using the Sandbox

To use the sandbox environment, you first need to install the required package and have Docker running on your system:

pip install pandasai-docker

Here’s how to enable the sandbox for your PandaAI agent:

from pandasai import Agent
from pandasai_docker import DockerSandbox

# Initialize and start the sandbox
sandbox = DockerSandbox()
sandbox.start()

# Create an agent with the sandbox enabled
agent = Agent("data.csv", sandbox=sandbox)

# The code will now run in an isolated Docker container
response = agent.chat("What is the total sales for each country?")

# Don't forget to stop the sandbox when done
sandbox.stop()

You can also customize the sandbox environment:

# Custom sandbox configuration
sandbox = DockerSandbox(
    "custom-sandbox-name",
    "/path/to/custom/Dockerfile"
)

For additional security in production environments, you can combine the sandbox with the Advanced Security Agent:

from pandasai.ee.agents.advanced_security_agent import AdvancedSecurityAgent

# Create a security agent
security = AdvancedSecurityAgent()

# Use both sandbox and security agent
agent = Agent("data.csv", sandbox=sandbox, security=security)

# Queries will be checked for security risks and run in isolation
response = agent.chat("Calculate total sales")

When to Use the Sandbox

We strongly recommend using the sandbox environment in the following scenarios:

  • Building public-facing applications
  • Processing untrusted user inputs
  • Deploying in production environments
  • Handling sensitive data
  • Multi-tenant environments

Enterprise Sandbox Options

For production-ready use cases, we offer several advanced sandbox options as part of our Enterprise license. These include:

  • Custom security policies
  • Advanced resource management
  • Enhanced monitoring capabilities
  • Additional isolation layers

If you need more information about our Enterprise sandbox options or require assistance with implementation, please contact us. Our team can help you choose and configure the right security solution for your specific use case.

Was this page helpful?

Suggest editsRaise issue
Command Line InterfaceData Layer