UCE is a closed-source, production-focused command execution framework for Windows that provides isolated and sandboxed script execution with memory and resource constraints.
UCE v0.1 Beta — Closed-source public SDK release for early testing and integration.
This is a beta release intended for evaluation and integration testing. Full v1.0 is targeted for June 24, 2026.
UCE enables secure execution of commands and scripts (Python, shell) in isolated child processes with:
- Process isolation: Child processes run under controlled parent supervision
- Memory enforcement: OS-level memory limits via Windows Job Objects
- Sandbox model: Blocked imports (os, sys, subprocess), restricted file access, blocked eval/exec
- IPC communication: Secure inter-process communication with metadata flow
- Resource monitoring: Real-time process memory and resource tracking
- Timeout protection: Configurable execution timeouts
This is a binary SDK release. Internal source code is not included. Integration uses:
- Pre-built binaries (
uce_command_engine.dll,uce_script_runner.exe) - Public headers defining the API
- Documentation and examples
Testing results on v0.1 Beta:
- Tests passed: 27
- Tests failed: 0
- Security violations: 0
Verified protections:
- ✅ IPC message delivery and isolation
- ✅ Python script execution in child processes
- ✅ Sandbox import restrictions (os, sys, subprocess blocked)
- ✅ File path traversal prevention
- ✅ Memory limit enforcement via OS Job Objects
- ✅ Process cleanup and resource deallocation
- ✅ Timeout handling
- Download the UCE v0.1 Beta release package
- Extract binaries and headers
- Link
uce_command_engine.libin your project - Include
<uce/CommandEngine.h>
#include <uce/CommandEngine.h>
// Execute an isolated command
ScriptRunner runner;
runner.SetMemoryLimit(256 * 1024 * 1024); // 256 MB
runner.SetTimeout(5000); // 5 seconds
ExecutionResult result = runner.Execute("print('Hello from isolated Python')");
if (result.status == ExecutionStatus::Success) {
std::cout << result.stdout_output << std::endl;
}See API.md for detailed API documentation and EMBEDDING_GUIDE.md for integration patterns.
- Multiple execution modes: Command execution, Python scripts, shell commands
- Isolation guarantees: Process and memory isolation at OS level
- Resource constraints: Memory limits, timeout, CPU isolation via Job Objects
- Security model: Sandbox restrictions on dangerous operations
- Host application integration: Easy embedding in C++ applications
- Real-time monitoring: Memory usage tracking, execution status
UCE implements a defense-in-depth approach:
- Process-level isolation: Child processes are isolated from parent
- OS memory enforcement: Windows Job Object memory limits prevent out-of-memory attacks
- Sandbox restrictions: Blocked imports prevent access to dangerous APIs (os.system, subprocess, etc.)
- Path restrictions: File access limited to specified directories
- IPC security: Metadata and communication validated per execution
Not a security boundary for untrusted code. For true sandboxing of adversarial code, use OS-level isolation (containers, VMs).
- Windows only (beta release)
- Python 3.9+ required for Python script execution
- No JavaScript/Node.js support (planned for future releases)
- No remote execution (local process execution only)
- Sandbox not designed for adversarial untrusted code
- File access restricted to configured paths
Targeted June 24, 2026:
- Linux and macOS validation
- Extended timeout and monitoring options
- Plugin architecture
- JavaScript/Node.js backend support
- Enterprise licensing model
- Performance optimizations
- API.md — Public API reference
- EMBEDDING_GUIDE.md — Integration and usage patterns
- INSTALLATION.md — Installation and setup
- SECURITY.md — Security model and reporting
- CHANGELOG.md — Changes and fixes in this release
- ROADMAP.md — Future releases and features
- docs/ — Architecture overview and FAQ
For integration questions, see docs/FAQ.md.
For security issues, see SECURITY.md.
See PROPRIETARY_LICENSE.md for licensing terms.
UCE v0.1 Beta — Closed-source SDK for Windows. v1.0 targeted June 24, 2026.