BestHub
Sign in
Tagged articles
90 articles
Page 1 of 1
James' Growth Diary
James' Growth Diary
May 19, 2026 · Information Security

Securing AI Tool Calls with PermissionGate and BashSandbox: A Deep Dive

The article analyzes the security challenges of AI coding assistants that can read files, run shell commands, and call external APIs, and presents a layered defense architecture—PermissionGate for tool‑level gating and BashSandbox for command‑level filtering—detailing design principles, risk classifications, user‑authorization flows, and prompt‑injection detection.

AI securityBashSandboxPermissionGate
0 likes · 28 min read
Securing AI Tool Calls with PermissionGate and BashSandbox: A Deep Dive
PMTalk Product Manager Community
PMTalk Product Manager Community
May 2, 2026 · Artificial Intelligence

Why Codex Beats Claude Code: Not the Model, but the Trust to Hand Over Work

The article analyzes how Codex App surpasses Claude Code by offering a sandboxed environment, permission controls, task‑list UI, planning and steering modes, Git rollback, worktree isolation, cloud integration, plugins, skills and MCP, turning the AI coding assistant into a controllable engineering workbench for a broader range of users.

AI coding assistantWorktreecloud integration
0 likes · 12 min read
Why Codex Beats Claude Code: Not the Model, but the Trust to Hand Over Work
AI Explorer
AI Explorer
Apr 26, 2026 · Artificial Intelligence

A Lightweight Python Multi‑Agent Framework That Gained 25K+ Stars in 24 Hours

OpenAI’s newly open‑sourced openai‑agents‑python SDK is a lightweight, powerful Python framework for building multi‑agent AI workflows, quickly earning over 25,000 GitHub stars, supporting 100+ LLM providers, and offering sandbox agents, built‑in tracing, and human‑AI collaboration features.

AI workflowLLMMulti-Agent
0 likes · 7 min read
A Lightweight Python Multi‑Agent Framework That Gained 25K+ Stars in 24 Hours
AI Tech Publishing
AI Tech Publishing
Apr 25, 2026 · Artificial Intelligence

A Comprehensive Guide to Harness Engineering for Reliable AI Agents

This article systematically breaks down Harness Engineering—a framework that organizes large models, context, tools, state, sandboxing, security, and evaluation into a reliable AI agent engineering system, showing how to move agents from demo to production.

AI agentsContext managementHarness Engineering
0 likes · 21 min read
A Comprehensive Guide to Harness Engineering for Reliable AI Agents
AI Explorer
AI Explorer
Apr 23, 2026 · Artificial Intelligence

Why OpenAI’s Lightweight Multi‑Agent Python Framework Is Going Viral

The open‑source OpenAI Agents SDK provides a lightweight Python framework that enables multiple AI agents to collaborate like a team, offering features such as automatic handoff, sandboxed execution, safety guardrails, human‑in‑the‑loop control, full‑traceability, and support for over 100 LLM models, all with just a single pip install.

AI workflowLLMMulti-Agent
0 likes · 5 min read
Why OpenAI’s Lightweight Multi‑Agent Python Framework Is Going Viral
Tencent Cloud Developer
Tencent Cloud Developer
Apr 22, 2026 · Artificial Intelligence

How Cube Sandbox Achieves Sub‑60ms Secure AI Agent Execution

Tencent Cloud open‑sources Cube Sandbox, a hardware‑isolated, sub‑60 ms startup sandbox for AI agents that is E2B‑compatible, dramatically reduces memory usage, supports continuous "think‑execute‑feedback" loops, and outperforms traditional Docker‑based sandboxes in speed, security, and scalability.

AI agentsE2BRust
0 likes · 7 min read
How Cube Sandbox Achieves Sub‑60ms Secure AI Agent Execution
AI Cyberspace
AI Cyberspace
Apr 21, 2026 · Information Security

OpenClaw Cloud Host Security: Default Configuration Blueprint and Hardening Guide

This article presents a step‑by‑step security analysis and hardening guide for the OpenClaw cloud host, covering threat modeling, network exposure, mDNS broadcast, remote‑access options (SSH tunnel, Tailscale), sandbox isolation, tool permission layers, credential handling, prompt‑injection defenses, skills supply‑chain checks, approval workflows, logging redaction, and observability via OpenTelemetry, all illustrated with concrete configuration snippets and real‑world test commands.

ConfigurationDevOpsOpenClaw
0 likes · 55 min read
OpenClaw Cloud Host Security: Default Configuration Blueprint and Hardening Guide
AI Explorer
AI Explorer
Apr 16, 2026 · Artificial Intelligence

Is a Lightweight Multi‑Agent Workflow Framework the Next Paradigm for AI Application Development?

OpenAI’s newly open‑sourced Agents SDK for Python offers a lightweight, vendor‑neutral framework that lets developers define, orchestrate, and monitor multiple AI agents—each acting as a specialized tool or sandboxed worker—enabling rapid construction of complex, production‑grade AI collaboration workflows.

AI workflowAgents SDKMulti-Agent
0 likes · 7 min read
Is a Lightweight Multi‑Agent Workflow Framework the Next Paradigm for AI Application Development?
Old Meng AI Explorer
Old Meng AI Explorer
Apr 13, 2026 · Artificial Intelligence

Master Codex: Advanced AGENTS.md, Context Compaction, and MCP Tricks

This guide walks experienced developers through Codex’s advanced capabilities—layered AGENTS.md configuration, Context Compaction to prevent memory loss, Claude‑Code hybrid workflows, sandbox and Rules security controls, the extensible MCP protocol, profile switching, pipeline integration, and session management—to transform casual use into expert mastery.

AGENTS.mdAI CodingCodex
0 likes · 14 min read
Master Codex: Advanced AGENTS.md, Context Compaction, and MCP Tricks
Linux Kernel Journey
Linux Kernel Journey
Apr 9, 2026 · Information Security

Why Traditional AI Agent Sandboxes Fail and How Sandlock Provides a Lightweight Alternative

The article argues that heavy container‑ or micro‑VM‑based sandboxes mis‑solve AI agent security, because the real threat is prompt injection at the application layer, and demonstrates that a policy‑first approach using Linux Landlock, seccomp and per‑tool isolation—embodied in the open‑source Sandlock sandbox—delivers strong protection without root or heavyweight isolation.

AI agentsLandlockLinux
0 likes · 15 min read
Why Traditional AI Agent Sandboxes Fail and How Sandlock Provides a Lightweight Alternative
Wu Shixiong's Large Model Academy
Wu Shixiong's Large Model Academy
Mar 31, 2026 · Information Security

Securing LLM Code Interpreter: Sandbox Strategies and Real‑World Pitfalls

This article examines why RAG systems need a Code Interpreter, explains the dangers of executing LLM‑generated code with exec(), and presents three sandbox designs—restricted exec, Docker containers, and E2B cloud sandboxes—along with whitelist/blacklist rules, an eight‑step execution flow, and practical lessons learned from production deployment.

Code InterpreterDockerLLM
0 likes · 26 min read
Securing LLM Code Interpreter: Sandbox Strategies and Real‑World Pitfalls
Alibaba Cloud Developer
Alibaba Cloud Developer
Mar 26, 2026 · Artificial Intelligence

How OpenClaw’s Sandbox and Memory Architecture Powers Secure AI Agents

This article provides an in‑depth technical analysis of OpenClaw’s sandbox isolation, hybrid memory search, session lifecycle, skill loading, node architecture, and configuration management, showing how each component contributes to secure, extensible, and performant AI agent operations.

AIConfigurationSession Management
0 likes · 39 min read
How OpenClaw’s Sandbox and Memory Architecture Powers Secure AI Agents
ITPUB
ITPUB
Mar 16, 2026 · Artificial Intelligence

Why OpenClaw Failed and 7 Safer Open‑Source AI Assistants to Choose

OpenClaw’s rapid rise and fall in early 2026 exposed severe security flaws, high deployment costs, and usability issues, prompting a wave of lightweight, secure, and locally‑run AI assistant alternatives that address these shortcomings with smaller codebases, sandboxed execution, and broader platform support.

AI AssistantOpenClawalternatives
0 likes · 12 min read
Why OpenClaw Failed and 7 Safer Open‑Source AI Assistants to Choose
AI Step-by-Step
AI Step-by-Step
Mar 13, 2026 · Information Security

Why Installing OpenClaw on Your Main PC Is Risky and How to Isolate It Safely

The article explains why placing OpenClaw on a primary workstation exposes personal accounts, files, and browser sessions to a message‑driven system, and provides a step‑by‑step security baseline—including isolated environments, official audits, sandbox configuration, and permission hardening—to keep the tool safely contained.

Browser ControlIsolationOpenClaw
0 likes · 7 min read
Why Installing OpenClaw on Your Main PC Is Risky and How to Isolate It Safely
Java Companion
Java Companion
Mar 12, 2026 · Artificial Intelligence

AgentScope Java: Alibaba’s Enterprise‑Grade AI Agent Framework for Java

AgentScope Java 1.0, open‑sourced by Alibaba, provides a production‑ready AI agent framework built for Java ecosystems, addressing stack fragmentation, security, operations, and multi‑agent collaboration through ReAct reasoning, real‑time interruption, sandboxing, RocketMQ‑based A2A communication, and visual debugging, with detailed integration guides and comparison to LangChain4j and Spring AI.

AI agentsAgentScope JavaEnterprise AI
0 likes · 14 min read
AgentScope Java: Alibaba’s Enterprise‑Grade AI Agent Framework for Java
PaperAgent
PaperAgent
Mar 8, 2026 · Information Security

Why IronClaw Could Be the Secure Future of OpenClaw AI Assistants

A new watchboard reveals over 258,000 publicly exposed OpenClaw instances, prompting urgent security measures, while the recently released IronClaw—built with Rust, WASM sandboxing, and multi‑layer defenses—offers a hardened alternative, detailing its orchestrator, worker, and routine engines and how they protect AI assistants from prompt‑injection attacks.

AI securityOpenClawRust
0 likes · 4 min read
Why IronClaw Could Be the Secure Future of OpenClaw AI Assistants
AI Explorer
AI Explorer
Mar 6, 2026 · Artificial Intelligence

DeerFlow 2.0: Open‑Source Agent Framework for Autonomous Research and Coding

DeerFlow 2.0, an open‑source framework released by ByteDance, coordinates multiple sub‑agents, a memory system, sandbox environment, and extensible skills to automate complex AI tasks—from research to code generation—offering a five‑component architecture, quick Docker‑based setup, and a platform for developers, researchers, and efficiency enthusiasts to build advanced autonomous agents.

Autonomous AIDeerFlowDocker
0 likes · 7 min read
DeerFlow 2.0: Open‑Source Agent Framework for Autonomous Research and Coding
Architect
Architect
Mar 5, 2026 · Artificial Intelligence

How to Turn a Single OpenClaw Agent into a Multi‑Agent Team: A Step‑by‑Step Guide

This article walks you through the complete process of converting a single‑agent OpenClaw deployment into a multi‑agent architecture, covering agent isolation resources, when to split, creating agents, routing rules, DM safety, sandbox options, multi‑gateway setups, remote access, hot‑reload configuration, and a pre‑deployment checklist.

Agent RoutingConfigurationMulti-Agent
0 likes · 23 min read
How to Turn a Single OpenClaw Agent into a Multi‑Agent Team: A Step‑by‑Step Guide
High Availability Architecture
High Availability Architecture
Feb 27, 2026 · Artificial Intelligence

How We Scaled Millions of AI Agents with Unikraft Micro‑VMs and a Control‑Plane Sandbox

Browser Use evolved from AWS Lambda to a control‑plane‑driven architecture using Unikraft micro‑VMs, isolating each AI web agent in a sandbox that only receives three environment variables, enabling secure, scalable execution of millions of agents with zero‑trust isolation and fast start‑up times.

AI agentsSecurityUnikraft
0 likes · 11 min read
How We Scaled Millions of AI Agents with Unikraft Micro‑VMs and a Control‑Plane Sandbox
Architect
Architect
Feb 26, 2026 · Information Security

How OpenClaw Tames Tool Side‑Effects with Three Guardrails

This article explains how OpenClaw controls the side‑effects of AI‑driven tool calls by splitting them into three guardrails—sandbox, tool policy, and elevated—plus a dynamic exec‑approval step, detailing configuration keys, practical troubleshooting tips, and a minimal baseline setup for secure deployment.

OpenClawSecurityelevated
0 likes · 15 min read
How OpenClaw Tames Tool Side‑Effects with Three Guardrails
AI Engineering
AI Engineering
Feb 11, 2026 · Artificial Intelligence

Harrison Chase Explains Two Sandbox Architectures for AI Agents

The article analyzes why AI agents need isolated sandboxes, outlines two architectural patterns—running the agent inside a sandbox or using the sandbox as an external tool—compares their advantages and challenges, and provides concrete implementation examples and community insights.

AI agentsAPIDocker
0 likes · 11 min read
Harrison Chase Explains Two Sandbox Architectures for AI Agents
High Availability Architecture
High Availability Architecture
Feb 6, 2026 · Information Security

How to Securely Run an OpenClaw AI Agent on a Dedicated Machine

This guide details a step‑by‑step, security‑first approach for safely experimenting with OpenClaw using a dedicated host, Tailscale private network, command whitelisting, read‑only tokens, and one‑way data flow, complete with configuration commands and emergency procedures.

AI Agent SecurityOpenClawTailscale
0 likes · 12 min read
How to Securely Run an OpenClaw AI Agent on a Dedicated Machine
AI Engineering
AI Engineering
Feb 5, 2026 · Artificial Intelligence

CuaBot v1.0: A Third Way for AI Agents to Control Your Computer

CuaBot v1.0 introduces a new open‑source approach that lets AI agents interact with a desktop via independent cursors and sandboxed windows, avoiding full‑screen screenshots and mouse hijacking while supporting multi‑agent parallelism, H.265 video, audio, clipboard sharing, and a CLI built on Xpra and Docker.

AI automationCLICuaBot
0 likes · 4 min read
CuaBot v1.0: A Third Way for AI Agents to Control Your Computer
PaperAgent
PaperAgent
Jan 30, 2026 · Artificial Intelligence

How LLM‑in‑Sandbox Turns Large Models into General‑Purpose Agents Without Extra Training

The LLM‑in‑Sandbox framework places large language models inside a virtual machine that provides external tool access, persistent storage, and code execution, yielding up to a 24.2% performance boost across six benchmark tasks without additional training, and it scales from zero‑shot to reinforcement‑learning‑enhanced agents while remaining cost‑effective.

Agentic AILLMefficiency
0 likes · 6 min read
How LLM‑in‑Sandbox Turns Large Models into General‑Purpose Agents Without Extra Training
Alibaba Cloud Native
Alibaba Cloud Native
Jan 27, 2026 · Cloud Native

How Serverless Sandboxes Power Secure AI Agents

This article explains how lightweight security sandboxes in serverless function compute provide strong process isolation, elastic resource scaling, and pay‑per‑use economics, enabling AI agents to execute untrusted code safely while supporting session lifecycle management, protocol extensions, and cost‑effective billing models.

AI AgentCloud NativeFunction Compute
0 likes · 12 min read
How Serverless Sandboxes Power Secure AI Agents
Alibaba Cloud Infrastructure
Alibaba Cloud Infrastructure
Jan 26, 2026 · Cloud Native

How Kimi Scaled AI Agents with Alibaba Cloud’s Elastic Sandbox Architecture

Kimi built a high‑performance, low‑cost AI Agent infrastructure by combining Alibaba Cloud ACK node pools and the ACS Agent Sandbox, addressing challenges of instant sandbox response, state continuity, massive concurrency, cost efficiency, security isolation, and search‑memory integration for production‑grade agents.

AI AgentCloud NativeCost Optimization
0 likes · 18 min read
How Kimi Scaled AI Agents with Alibaba Cloud’s Elastic Sandbox Architecture
AI Insight Log
AI Insight Log
Jan 17, 2026 · Information Security

How the Django Co‑founder Used Claude to Reverse‑Engineer Its Own Sandbox

Simon Willison instructed Claude Cowork to explore its own application bundle, revealing that the AI runs inside a full Ubuntu 22.04 virtual machine on macOS via Apple’s Virtualization.framework, protected by a dual sandbox of VM isolation and Bubblewrap, with strict user and syscall restrictions.

AI securityBubblewrapClaude
0 likes · 6 min read
How the Django Co‑founder Used Claude to Reverse‑Engineer Its Own Sandbox
BirdNest Tech Talk
BirdNest Tech Talk
Jan 16, 2026 · Industry Insights

Why Manus Chooses E2B: Inside the Architecture of a General‑Purpose AI Agent

The article analyzes how Manus, a general‑purpose AI agent, leverages E2B's Firecracker micro‑VM sandbox and self‑hosting deployment to achieve fast startup, full OS capabilities, session persistence, multi‑tenant isolation, and future cross‑OS support, illustrated with real‑world use cases and trade‑off assessments.

AI agentsE2Barchitecture
0 likes · 8 min read
Why Manus Chooses E2B: Inside the Architecture of a General‑Purpose AI Agent
Architect
Architect
Jan 13, 2026 · Artificial Intelligence

How Anthropic Secures Its New Cowork AI Agent: Deep Dive into Isolation and Human‑in‑the‑Loop Controls

Anthropic's Cowork research preview turns AI agents into digital coworkers that can read/write files, run scripts, and access the network, prompting a detailed security analysis that covers threat modeling, VM‑based hard isolation, sandboxing, least‑privilege defaults, human‑in‑the‑loop safeguards, and mitigation of prompt‑injection attacks.

AnthropicHuman-in-the-LoopVirtualization
0 likes · 13 min read
How Anthropic Secures Its New Cowork AI Agent: Deep Dive into Isolation and Human‑in‑the‑Loop Controls
Go Programming World
Go Programming World
Nov 10, 2025 · Artificial Intelligence

Boost AI Agent Productivity with an All‑In‑One Sandbox Container

This article introduces AIO Sandbox, an all‑in‑one Docker container that unifies browser, shell, VSCode, and Jupyter environments, provides agent‑oriented APIs and multi‑language SDKs, and demonstrates a quick‑start workflow and a Python example converting web pages to Markdown.

AI agentsDockerJupyter
0 likes · 8 min read
Boost AI Agent Productivity with an All‑In‑One Sandbox Container
HomeTech
HomeTech
Sep 25, 2025 · Backend Development

How a Single Input Box Enables Unlimited Backend Logic Flexibility

This article explains how a function input box, combined with parameter interpolation and a sandboxed Node.js environment, lets backend developers write arbitrary JavaScript to dynamically generate HTML components, handle complex logic, and maintain security, offering unparalleled flexibility for ever‑changing business requirements.

BackendDynamic Configurationcode-generation
0 likes · 19 min read
How a Single Input Box Enables Unlimited Backend Logic Flexibility
AutoHome Frontend
AutoHome Frontend
Sep 22, 2025 · Backend Development

How a Single Input Box Can Power Unlimited Backend Configurations

This article explains a flexible solution that lets backend administrators write JavaScript functions directly in an input box, using parameter interpolation and a sandboxed Node.js VM to dynamically generate HTML, CSS, or script tags, handling complex logic, data transformation, and conditional branching safely.

dynamic-configparameter-interpolationsandbox
0 likes · 17 min read
How a Single Input Box Can Power Unlimited Backend Configurations
Tencent Technical Engineering
Tencent Technical Engineering
Apr 11, 2025 · Information Security

Security Analysis of MCP and A2A Protocols for AI Agents

The article examines critical security flaws in Anthropic’s Model Context Protocol (MCP) and Google’s Agent‑to‑Agent (A2A) protocol—such as hidden tool‑poisoning, rug‑pull, and command‑injection attacks that can hijack AI agents and leak data—while proposing hardening measures like authentication, sandboxing, digital signatures, fine‑grained permissions, and robust OAuth‑based consent to safeguard AI‑agent communications.

A2AAI AgentMCP
0 likes · 26 min read
Security Analysis of MCP and A2A Protocols for AI Agents
Baidu Geek Talk
Baidu Geek Talk
Jan 22, 2025 · Mobile Development

iOS Sandbox Disk Management and Cleaning Strategies

The article explains iOS sandbox storage by detailing the four main directories, their backup rules, naming conventions, and retrieval APIs, then outlines how to calculate physical file size and implements both automatic quota‑based and manual user‑driven cleaning methods, including system cache removal for tmp, WKWebView, and dyld caches.

Cache CleaningObjective‑Cdisk-management
0 likes · 22 min read
iOS Sandbox Disk Management and Cleaning Strategies
Baidu App Technology
Baidu App Technology
Dec 25, 2024 · Mobile Development

iOS Disk Management and Cleanup Strategies for App Development

The article offers a comprehensive guide to iOS disk management for app developers, explaining the sandbox’s Documents, Library (Caches and Application Support) and tmp directories, proper storage practices, APIs for directory access, disk‑size calculation, iCloud backup exclusion, and both automatic and manual cleanup strategies including system cache handling.

Cache CleanupMobile Developmentdisk-management
0 likes · 22 min read
iOS Disk Management and Cleanup Strategies for App Development
AntTech
AntTech
Jul 25, 2024 · Information Security

Security Analysis of Code Execution Sandboxes in AI Applications

This report investigates the security of code‑execution sandboxes used by various AI applications, evaluates their isolation mechanisms, presents detailed test results for multiple platforms, and offers recommendations for selecting and hardening sandbox solutions in the era of large language models.

Code ExecutionDenoFirecracker
0 likes · 23 min read
Security Analysis of Code Execution Sandboxes in AI Applications
NetEase Cloud Music Tech Team
NetEase Cloud Music Tech Team
Mar 15, 2024 · Frontend Development

Inside Tango’s Sandbox: Leveraging CodeSandbox for Fast Low‑Code Development

This article explains how the open‑source Tango low‑code engine uses a CodeSandbox‑based sandbox architecture—including dependency initialization, transpilation, and cross‑origin communication—to enable real‑time source‑code execution and visual drag‑and‑drop building within a secure iframe environment.

CodeSandboxReactfrontend
0 likes · 15 min read
Inside Tango’s Sandbox: Leveraging CodeSandbox for Fast Low‑Code Development
Java Tech Enthusiast
Java Tech Enthusiast
Feb 17, 2024 · Information Security

Linux Kernel SandBox Mode (SBM) Patch Enhances Memory Safety

Huawei engineer Petr Tesarik submitted a Linux kernel patch that adds SandBox Mode (SBM), an API confining kernel code to predefined memory regions, using hardware paging and CPU privilege levels to isolate components, detect out‑of‑bounds accesses, recover from violations, terminate the sandbox and return error codes such as -EFAULT, enabling continued execution.

Linux kernelMemory SafetySecurity Patch
0 likes · 2 min read
Linux Kernel SandBox Mode (SBM) Patch Enhances Memory Safety
Bilibili Tech
Bilibili Tech
Feb 6, 2024 · Frontend Development

Advanced Interception Techniques in Front-End Development: API Overriding, Service Workers, and Sandbox Strategies

Advanced interception techniques—such as overriding browser APIs, using ServiceWorkers, employing MutationObservers, creating Proxy‑based sandboxes, and configuring server‑side gateways—provide a flexible middle layer for error reporting, request monitoring, micro‑frontend isolation, and remote debugging, while demanding careful adherence to security policies.

InterceptionJavaScriptProxy
0 likes · 16 min read
Advanced Interception Techniques in Front-End Development: API Overriding, Service Workers, and Sandbox Strategies
php Courses
php Courses
Nov 16, 2023 · Information Security

Security Risks of OpenAI's ChatGPT Code Interpreter Tool

OpenAI's new ChatGPT Code Interpreter, which can generate and run Python code in a sandbox, has been shown to allow malicious actors to exploit spreadsheet handling and command execution features, raising serious information‑security concerns among experts.

AIChatGPTCode Interpreter
0 likes · 2 min read
Security Risks of OpenAI's ChatGPT Code Interpreter Tool
JD Retail Technology
JD Retail Technology
Oct 16, 2023 · Frontend Development

MicroApp 1.0: Faster Sandbox and Virtual Routing for Micro‑Frontend Development

MicroApp 1.0 introduces a streamlined micro‑frontend framework with a simplified integration method, a high‑performance sandbox using variable pre‑placement and async debounce, a virtual routing system that isolates sub‑app navigation, upgraded CSS isolation, Vite compatibility, and a Chrome DevTools extension for enhanced debugging.

DevToolsVitefrontend framework
0 likes · 10 min read
MicroApp 1.0: Faster Sandbox and Virtual Routing for Micro‑Frontend Development
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Oct 1, 2023 · Frontend Development

A Comprehensive Guide to Building Drag‑and‑Drop Low‑Code Platforms

This article provides a systematic overview of drag‑and‑drop low‑code platforms, covering their advantages and drawbacks, core architecture (protocols, material area, canvas, property panel, top bar), implementation details with code examples, and best practices for extensibility, sandboxing, and code generation.

Component ArchitectureDrag-and-DropUI Builder
0 likes · 23 min read
A Comprehensive Guide to Building Drag‑and‑Drop Low‑Code Platforms
Weimob Technology Center
Weimob Technology Center
Jul 28, 2023 · Frontend Development

JavaScript Sandboxes for Secure Micro‑Frontend Apps: Techniques & Examples

This article explains the concept of sandbox security mechanisms, explores their use cases in iPaaS API orchestration and micro‑frontend applications, compares eval, Function, with + proxy techniques, presents JavaScript, iframe and Node vm sandbox implementations, and details practical deployments within the Kraken framework and a centralized approval service.

JavaScriptNode.jsSecurity
0 likes · 18 min read
JavaScript Sandboxes for Secure Micro‑Frontend Apps: Techniques & Examples
Alibaba Cloud Developer
Alibaba Cloud Developer
May 31, 2023 · Frontend Development

Build a Micro‑Frontend Framework from Scratch with Vue3, React15/16 and TypeScript

This article walks through creating a full‑featured micro‑frontend framework using TypeScript, covering sub‑application registration, router interception, sandbox isolation, CSS scoping, inter‑app communication, global state management, caching, and prefetching, all demonstrated with Vue3 as the host and Vue2, React15, and React16 as child apps.

Vue3global-statemicro-frontend
0 likes · 27 min read
Build a Micro‑Frontend Framework from Scratch with Vue3, React15/16 and TypeScript
JD Retail Technology
JD Retail Technology
Feb 9, 2023 · Frontend Development

MicroApp V1.0.0‑rc Release: Core Architecture, High‑Performance Sandbox, New Configurations, and Real‑World Use Cases

The MicroApp V1.0.0‑rc release introduces a component‑based micro‑frontend solution with a custom WebComponent‑like architecture, a virtual routing system, a high‑performance sandbox that leverages caching and decoupling, extensive performance benchmarks, new configuration options, lifecycle listeners, and a practical JD marketing‑center case study.

JavaScriptfrontend developmentmicro-frontend
0 likes · 11 min read
MicroApp V1.0.0‑rc Release: Core Architecture, High‑Performance Sandbox, New Configurations, and Real‑World Use Cases
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Nov 25, 2022 · Frontend Development

Vue Compiler Overview and Sandbox Compilation Techniques

This article explores the fundamentals of Vue's compilation process, compares Vue 2 and Vue 3 compilers, demonstrates sandbox compilation with code examples, and discusses practical considerations such as handling templates, scripts, styles, and hot‑module reloading, providing developers with insights to effectively integrate Vue compilation in browser environments.

JavaScriptVuecompiler
0 likes · 17 min read
Vue Compiler Overview and Sandbox Compilation Techniques
转转QA
转转QA
Nov 9, 2022 · Backend Development

Using JVM‑Sandbox for Exception Injection and Code Enhancement in Java Services

This article introduces JVM‑Sandbox, explains its non‑intrusive AOP capabilities, and provides a step‑by‑step tutorial on installing the sandbox, loading custom modules, performing code enhancement via instrumentation, and testing exception injection in a Java service.

Code EnhancementException InjectionInstrumentation
0 likes · 9 min read
Using JVM‑Sandbox for Exception Injection and Code Enhancement in Java Services
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Oct 12, 2022 · Frontend Development

Implementing a Simple Micro‑Application Loader with Qiankun: Code Walkthrough and Sandbox Isolation

This tutorial demonstrates how to build a lightweight function that loads a micro‑application by fetching its HTML, converting external CSS links to inline styles, applying scoped CSS isolation, executing JavaScript within a snapshot sandbox, and discusses entry‑point handling, isolation limitations, and routing integration.

JavaScriptcss isolationfrontend development
0 likes · 13 min read
Implementing a Simple Micro‑Application Loader with Qiankun: Code Walkthrough and Sandbox Isolation
Rare Earth Juejin Tech Community
Rare Earth Juejin Tech Community
Oct 12, 2022 · Frontend Development

Implementing a Simplified Qiankun JavaScript Sandbox: Snapshot, Singular Proxy, and Multiple Proxy Sandboxes

This article walks through building a lightweight Qiankun JS sandbox by first explaining sandbox principles, then creating a snapshot sandbox, a singular proxy sandbox that records changes via ES6 Proxy, and finally a multiple‑proxy sandbox that isolates each micro‑frontend with its own fake window, complete with test cases and setup instructions.

JavaScriptJestMicro Frontends
0 likes · 16 min read
Implementing a Simplified Qiankun JavaScript Sandbox: Snapshot, Singular Proxy, and Multiple Proxy Sandboxes
Ctrip Technology
Ctrip Technology
Sep 1, 2022 · Backend Development

Improving Supplier Integration Efficiency and System Stability in Ctrip's Direct Connection Platform

This article presents Ctrip's backend engineering practices for the Direct Connection Platform, detailing how a sandbox testing environment, automated acceptance, rate‑limiting, and circuit‑breaking mechanisms were introduced to boost supplier onboarding speed and enhance overall system stability.

Backend EngineeringCtripapi-integration
0 likes · 14 min read
Improving Supplier Integration Efficiency and System Stability in Ctrip's Direct Connection Platform
Tencent IMWeb Frontend Team
Tencent IMWeb Frontend Team
Jun 27, 2022 · Frontend Development

Mastering Micro‑Frontends with Qiankun: From Basics to APAAS Integration

This article explores the concept of micro‑frontends, introduces the Qiankun framework, demonstrates its rendering workflow with practical code examples, and details an APAAS‑based architecture for integrating and managing micro‑applications, covering client‑side SDK, server proxies, routing, sandboxing, CSS isolation, and third‑party SDK challenges.

Frontend ArchitectureaPaaScss isolation
0 likes · 20 min read
Mastering Micro‑Frontends with Qiankun: From Basics to APAAS Integration
NetEase Cloud Music Tech Team
NetEase Cloud Music Tech Team
May 27, 2022 · Frontend Development

How We Cut CodeSandbox Sandbox Build Time from 2 Minutes to 1 Second

This article details the background, architecture, and step‑by‑step performance optimizations—including Packager caching, request reduction, Service‑Worker caching, and Webpack‑style externals—that reduced a CodeSandbox sandbox build from around two minutes to roughly one second.

CodeSandboxFrontend BuildPerformance Optimization
0 likes · 23 min read
How We Cut CodeSandbox Sandbox Build Time from 2 Minutes to 1 Second
Taobao Frontend Technology
Taobao Frontend Technology
May 12, 2022 · Frontend Development

How WebAssembly + QuickJS Powers a Secure Web Sandbox for Next‑Gen Web Apps

An in‑depth technical overview describes how a WebAssembly‑plus‑QuickJS sandbox architecture enhances web security, improves developer experience, and delivers benchmarked performance gains for next‑generation open web applications, while maintaining compatibility with W3C standards and integrating with existing e‑commerce platforms.

QuickJSWebAssemblyfrontend development
0 likes · 6 min read
How WebAssembly + QuickJS Powers a Secure Web Sandbox for Next‑Gen Web Apps
DaTaobao Tech
DaTaobao Tech
May 10, 2022 · Information Security

Web Security Sandbox Using WebAssembly and QuickJS

This paper proposes a WebAssembly‑QuickJS sandbox that isolates JavaScript execution and uses Shadow DOM/iframe for CSS isolation, delivering W3C‑compliant, high‑performance security for web apps, achieving 355× communication gains over mini‑programs while maintaining a lightweight, extensible ecosystem for e‑commerce plugins.

Container ArchitectureOpen TechnologyQuickJS
0 likes · 5 min read
Web Security Sandbox Using WebAssembly and QuickJS
WeChat Client Technology Team
WeChat Client Technology Team
Jan 14, 2022 · Frontend Development

How a Chromium‑Based Framework Bridges Mini‑Programs and PWA for Faster, Safer Apps

This article explains the design of a new Chromium‑based mini‑program framework that decouples from the main client, adopts Web features, integrates Node for richer JS APIs, implements custom XWeb Workers and sandboxing, and extends to games and cross‑platform SDKs, delivering higher performance and lower memory usage.

ChromiumNode IntegrationPWA
0 likes · 13 min read
How a Chromium‑Based Framework Bridges Mini‑Programs and PWA for Faster, Safer Apps
Kuaishou Tech
Kuaishou Tech
Dec 31, 2021 · Frontend Development

Design Considerations and Challenges in Micro‑Frontend Architecture

This article examines the practical design choices, sandbox limitations, preloading strategies, release handling, nested applications, cross‑app navigation, keep‑alive usage, shared dependencies, conflict detection, joint development, and progressive evolution of micro‑frontend solutions, offering insights and future directions.

Keep-Aliveconflict detectionmicro-frontend
0 likes · 20 min read
Design Considerations and Challenges in Micro‑Frontend Architecture
Java Backend Technology
Java Backend Technology
Dec 14, 2021 · Blockchain

Why a Virtual House Next to Snoop Dogg Sold for $450,000 in the Metaverse

The article explores the soaring prices of metaverse real estate, highlighting a player who spent $450,000 to become Snoop Dogg’s virtual neighbor in Sandbox, the rapid growth of virtual land sales, major investments from firms like SoftBank, and the broader implications for NFTs and the future digital property market.

BlockchainMetaverseNFT
0 likes · 7 min read
Why a Virtual House Next to Snoop Dogg Sold for $450,000 in the Metaverse
Xueersi Online School Tech Team
Xueersi Online School Tech Team
Nov 19, 2021 · Frontend Development

Introduction, Architecture, and Practical Usage of the qiankun Micro‑Frontend Framework

This article provides a comprehensive overview of the qiankun micro‑frontend framework—including its background, core concepts of micro‑frontends, comparison with other solutions, detailed configuration examples for host and child applications, implementation details such as sandbox mechanisms, common pitfalls, and the overall impact on development efficiency and project complexity.

Code SplittingFrontend ArchitectureVue
0 likes · 24 min read
Introduction, Architecture, and Practical Usage of the qiankun Micro‑Frontend Framework
ELab Team
ELab Team
Oct 20, 2021 · Frontend Development

Deep Dive into Garfish Micro‑Frontend Architecture: Resource Loading, Sandbox, and Script Execution

This article examines Garfish's micro‑frontend implementation by dissecting resource loading, HTML parsing, sandbox environment construction, and script execution, providing detailed code analysis and comparisons with Qiankun to reveal the core mechanics behind modern micro‑frontend solutions.

Frontend Architecturemicro-frontendresource-loading
0 likes · 12 min read
Deep Dive into Garfish Micro‑Frontend Architecture: Resource Loading, Sandbox, and Script Execution
ByteFE
ByteFE
Oct 12, 2021 · Frontend Development

Micro Frontend Architecture and Garfish Solution Overview

This article explains the background, challenges, and design of micro‑frontend architecture, introduces the Garfish open‑source solution with its three‑layer structure, and details core runtime components such as loader, sandbox, router, and store, while discussing advantages, drawbacks, and best‑practice integration with modern web frameworks.

Frontend ArchitectureGarfishRouter
0 likes · 32 min read
Micro Frontend Architecture and Garfish Solution Overview
ByteDance Web Infra
ByteDance Web Infra
Sep 30, 2021 · Frontend Development

Micro‑Frontend Architecture and Garfish Solution Overview

This article explains the background, significance, and challenges of large‑scale web applications, introduces micro‑frontend concepts, compares SPA and MPA approaches, and details the Garfish three‑layer architecture, sandbox designs, routing strategies, deployment platform, and best practices for building enterprise‑grade micro‑frontend systems.

Frontend ArchitectureGarfishRouter
0 likes · 35 min read
Micro‑Frontend Architecture and Garfish Solution Overview
ByteFE
ByteFE
Jul 6, 2021 · Frontend Development

Micro‑Frontend Architecture Overview, Practices, and Sandbox Isolation

This article provides a comprehensive overview of micro‑frontend concepts, typical system components, governance and development tooling, runtime container responsibilities, various sandbox isolation techniques (including snapshot, Proxy, iframe, Realms, and Shadow DOM), and practical considerations such as technical debt and migration strategies.

Frontend ArchitectureModule Federationcss isolation
0 likes · 26 min read
Micro‑Frontend Architecture Overview, Practices, and Sandbox Isolation
ELab Team
ELab Team
Jun 23, 2021 · Frontend Development

Why Micro Frontends Are Changing Large-Scale Frontend Architecture

This article explains how micro frontends, inspired by micro‑service principles, break down monolithic front‑end applications into independent sub‑applications, covering design motivations, practical implementation steps, sandbox isolation techniques, and code examples to improve maintainability and performance.

Code SplittingFrontend ArchitectureModule Federation
0 likes · 14 min read
Why Micro Frontends Are Changing Large-Scale Frontend Architecture
Alibaba Cloud Developer
Alibaba Cloud Developer
Mar 16, 2021 · Frontend Development

Secure Plugin Sandboxes in Modern Web Editors: VS Code, Atom, and Figma

Exploring the evolution of web-based editors and design tools, this article examines why traditional plugin architectures like Atom faltered, how VS Code’s more restrictive model improves performance and security, and delves into Figma’s sophisticated sandboxing techniques—including Realm, Duktape, and CSS isolation—to balance flexibility with safety.

FigmaJavaScriptplugin architecture
0 likes · 15 min read
Secure Plugin Sandboxes in Modern Web Editors: VS Code, Atom, and Figma
Aotu Lab
Aotu Lab
Oct 30, 2020 · Information Security

Can Node.js vm Sandbox Be Escaped? Understanding vm Security and Escape Techniques

This article explains how Node.js's vm module creates isolated execution contexts, demonstrates several sandbox‑escape techniques using prototype chain manipulation, and offers practical solutions such as code scanning, using vm2, or building a custom interpreter to mitigate security risks.

ESCAPEJavaScriptNode.js
0 likes · 7 min read
Can Node.js vm Sandbox Be Escaped? Understanding vm Security and Escape Techniques
JD Cloud Developers
JD Cloud Developers
Sep 25, 2020 · Information Security

Master Malware Analysis: Build a Cuckoo Sandbox with SystemTap Monitoring

This guide explains sandbox fundamentals, compares Windows and Adobe Reader sandboxes, and provides step‑by‑step instructions for installing and configuring a Cuckoo Linux sandbox on Ubuntu, including SystemTap syscall monitoring and signature creation illustrated with a Gonnacry ransomware case study.

CuckooLinuxSecurity
0 likes · 11 min read
Master Malware Analysis: Build a Cuckoo Sandbox with SystemTap Monitoring
Qborfy AI
Qborfy AI
Jul 7, 2020 · Frontend Development

Unlock JavaScript Sandboxes, Code Scanning & Front‑End Innovations

This weekly tech roundup explains how JavaScript sandboxes isolate code, details a low‑cost AST‑based code‑scanning approach, compares Vue, React and Angular, and shows how domain‑driven design and CSS variables can streamline modern front‑end development.

CSS VariablesCode ScanningDomain-Driven Design
0 likes · 7 min read
Unlock JavaScript Sandboxes, Code Scanning & Front‑End Innovations
Alibaba Terminal Technology
Alibaba Terminal Technology
Jun 22, 2020 · Frontend Development

Mastering Micro‑Frontend Routing: From Basics to Sandbox Isolation

This article explores the challenges of routing in micro‑frontend architectures, explains why correct parent‑child routing is essential, walks through progressively more sophisticated solutions—including shared routes, sandbox isolation, and message‑based synchronization—and finally presents a robust implementation that works across diverse scenarios.

History APIfrontendmicro-frontend
0 likes · 18 min read
Mastering Micro‑Frontend Routing: From Basics to Sandbox Isolation
Alibaba Cloud Developer
Alibaba Cloud Developer
Jun 9, 2020 · Frontend Development

How to Transform Existing Websites into Native‑Like Experiences with Low‑Cost Same‑Screen Rendering

This article explains why web apps still feel slower than native apps, analyzes the performance gaps of traditional client‑side rendering, and introduces a low‑cost, progressive “same‑screen rendering” approach—using a sandbox, parallel API loading, and browser‑like HTML rendering—to deliver native‑like user experiences without major rewrites.

API Parallel LoadingFrontend OptimizationProgressive Web Apps
0 likes · 12 min read
How to Transform Existing Websites into Native‑Like Experiences with Low‑Cost Same‑Screen Rendering
转转QA
转转QA
Apr 30, 2020 · Backend Development

Introducing JVM SandBox for Exception Injection Testing

This article explains how to use JVM SandBox, a non‑intrusive Java Agent‑based tool, to dynamically attach to a running JVM and inject exceptions at specific method call points, enabling comprehensive exception testing for server, dependency, and application failures.

Exception InjectionJVMsandbox
0 likes · 8 min read
Introducing JVM SandBox for Exception Injection Testing
Alibaba Terminal Technology
Alibaba Terminal Technology
Apr 24, 2020 · Frontend Development

How icestark Solves Large‑Scale Frontend Challenges with a Micro‑Frontend Architecture

This article explains how the ICE team created the AppLoader solution for Alibaba's Creator Platform, evolved it into the open‑source icestark framework, and details its architecture, loading strategies, sandbox isolation, and real‑world business value for large, multi‑team front‑end systems.

Frontend ArchitectureReacticestark
0 likes · 15 min read
How icestark Solves Large‑Scale Frontend Challenges with a Micro‑Frontend Architecture
Aikesheng Open Source Community
Aikesheng Open Source Community
Nov 27, 2019 · Databases

Using dbdeployer to Quickly Set Up MySQL Test Environments

This guide introduces the dbdeployer tool, walks through its installation on macOS/Linux, shows how to configure sandbox paths, download MySQL binaries, and deploy various MySQL topologies such as single nodes, master‑slave replication, and group replication with one‑click commands.

Automationdatabase testingdbdeployer
0 likes · 10 min read
Using dbdeployer to Quickly Set Up MySQL Test Environments
Sohu Tech Products
Sohu Tech Products
Sep 18, 2019 · Frontend Development

Designing a Mini‑Program Engine: From Single‑Thread to Dual‑Thread Architecture and Vue Modifications

The article recounts the author’s journey of building a mini‑program engine, detailing the challenges of using Vue in a sandboxed environment, the trade‑offs between single‑thread and dual‑thread models, and the architectural decisions made to balance security, performance, and native capabilities.

frontendmini-programsandbox
0 likes · 16 min read
Designing a Mini‑Program Engine: From Single‑Thread to Dual‑Thread Architecture and Vue Modifications
360 Tech Engineering
360 Tech Engineering
Sep 11, 2019 · Frontend Development

Designing a Secure Mini‑Program Engine: From Single‑Thread to Dual‑Thread Architecture with Vue

This article chronicles the architectural evolution of a web‑based mini‑program engine, detailing the challenges of sandboxing Vue, restricting unsafe tags, handling performance and native capability limits, and ultimately adopting a dual‑thread model to achieve security and control while preserving developer experience.

MiniProgramVueperformance
0 likes · 16 min read
Designing a Secure Mini‑Program Engine: From Single‑Thread to Dual‑Thread Architecture with Vue
UCloud Tech
UCloud Tech
Apr 11, 2019 · Cloud Native

Why Does a Kubernetes Pod IP Disappear? The Hidden Second Sandbox Bug

UK8S’s custom CNI plugin integrates VPC networking to give containers native cloud performance, but a bug caused kubelet to create a second sandbox container, leading to missing NETNS parameters and VPC IP leaks; the article details the investigation, root‑cause analysis, and the patch fixing the issue.

CNIIP leakKubernetes
0 likes · 15 min read
Why Does a Kubernetes Pod IP Disappear? The Hidden Second Sandbox Bug
JD Tech
JD Tech
Dec 10, 2018 · Information Security

Container Sandbox for Contextual Behavior Analysis Presented at BlackHat Europe

JD Security’s Silicon Valley AI security scientist unveiled a novel container‑based sandbox at BlackHat Europe, detailing how contextual behavior analysis can detect and trace malicious code by leveraging lightweight containers, improving threat detection speed and accuracy for enterprise defenses.

AI securityContainer SecurityThreat Detection
0 likes · 6 min read
Container Sandbox for Contextual Behavior Analysis Presented at BlackHat Europe
Meituan Technology Team
Meituan Technology Team
Sep 13, 2018 · Information Security

How Meituan Built a Low‑Cost, Scalable iOS Malware Hunting System

This article details Meituan Security's Black Hat 2018 presentation on a fully automated, Raspberry‑Pi‑based iOS malware hunting pipeline that crawls App Store apps, cracks DRM, runs dynamic sandbox analysis with Frida, and uses a Nools decision engine to detect advanced threats at scale.

AutomationBlack HatRaspberry Pi
0 likes · 13 min read
How Meituan Built a Low‑Cost, Scalable iOS Malware Hunting System
360 Tech Engineering
360 Tech Engineering
Jun 28, 2018 · Information Security

Understanding Android Sandbox and Linux Permission Mechanisms

This article explains how Android inherits Linux's UID/GID based permission model, details the sandbox isolation for apps, describes how system and app processes obtain their UID/GID, and shows how adb shell and framework permissions grant extensive access to the device.

ADBAndroidGID
0 likes · 8 min read
Understanding Android Sandbox and Linux Permission Mechanisms
360 Tech Engineering
360 Tech Engineering
Apr 28, 2018 · Backend Development

Weekly Tech Digest: Large‑Scale JavaScript Architecture, Secure Node.js Sandboxing, V8 Updates, and Cross‑Platform CRNWEB

This newsletter highlights design principles for massive JavaScript applications, secure sandboxing techniques for Node.js, the latest Node.js 10 and V8 6.6 features, WebAssembly debugging, and the CRNWEB framework enabling a single codebase across React‑Native, web, and PWA platforms.

JavaScriptNode.jsPWA
0 likes · 4 min read
Weekly Tech Digest: Large‑Scale JavaScript Architecture, Secure Node.js Sandboxing, V8 Updates, and Cross‑Platform CRNWEB