tako-vm

tako-vm [--config file] command [options]

tako-vm is a self-hosted platform that runs untrusted or AI-generated Python in isolated Docker containers, with optional gVisor sandboxing and seccomp filtering. It bundles job queuing, execution history, retry logic and replay, so there is no need to assemble Redis, Celery or custom infrastructure separately.Each job runs in its own container with network isolation by default and an optional per-job-type allowlist. The server exposes a REST API: code is submitted to an /execute endpoint and run inside the sandbox. PostgreSQL backs job state and is started automatically via Docker when the server runs.

setup

Pull the executor Docker image and verify the Docker installation.

Start the REST API server (auto-starts PostgreSQL via Docker).

Start a local PostgreSQL for development, optionally with the API server.

Check the local PostgreSQL status.

Stop the local PostgreSQL.

Show the current configuration, optionally as JSON.

Validate the current or a specified configuration file.

Check server health.

Display version information.

Requires a working Docker installation; run tako-vm setup first. Isolation rests on Docker plus optional gVisor and seccomp, so keep the executor image and Docker up to date when running untrusted code.

tako-vm is an open-source execution platform written in Python by developer las7, installed with pip install "tako-vm[server]". It is distributed under the Apache-2.0 license.

docker(1), podman(1), firejail(1), bwrap(1)