Mini PaaS • Secure Runner • Async Queue

Run untrusted code safely, at scale, with auditable control.

This platform executes user-submitted code inside sandboxed containers, routes workloads through an async queue, and enforces tenant-level controls for quotas, auth, and traceability.

ECS Fargate Firecracker microVM isolation per run

BullMQ + Redis Queue depth drives autoscaling

Tenant Controls API keys, quotas, and audit trail

Architecture Components

1. Control Plane API

Validates jobs, enforces tenant auth/quotas/submit-burst limits, and rejects oversized payload abuse.

2. Queue Worker

Consumes queued jobs, publishes PendingJobsCount metrics, and dispatches hardened runner tasks to ECS/Fargate.

3. Sandbox Runner

Executes JavaScript/Python/Java with strict timeout/process/file limits and bounded output capture.

4. Shared Data Plane

Redis stores queue state, quota counters, and append-only audit events for traceability.

Execution Lifecycle

Submit

Client posts code payload. API authenticates tenant and reserves quota atomically.

Queue

Job enters BullMQ queue; queue depth metrics inform auto-scaling.

Execute

Worker launches isolated runner task, with per-job resource constraints attached.

Observe

Result, duration, and audit events are persisted; tenant can poll status safely.

Live Sandbox Demo

Submit a job to the real backend from this page. Use your tenant API key.

Runtime Output

idle No job submitted

Result

No results yet.

AI Analysis

Run a job, then click "Analyze Latest".

Run History

Press "History".

Tenant Audit Events

Press "Audit".

Tenant Quotas

Press "Load Quotas".

Tip: if auth fails, verify your `x-api-key` value for the deployed tenant.

Observability Control Plane

Queue Depth

Active Workers

DLQ Pending

Scaling Activity Timeline (Last 5)