Skip to content

Releases: Tako-Research/TakoVM

Tako VM v0.1.5: moved under the Tako Research org

22 Jun 22:02
@las7 las7
v0.1.5
8e081d7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tako VM v0.1.5: moved under the Tako Research org Latest
Latest

Housekeeping release. Tako VM now lives under the Tako Research organization. There are no functional or API changes.

Changed

  • Moved to the Tako Research org. The repository is now github.com/Tako-Research/TakoVM, docs are served at tako-research.github.io/TakoVM, and the prebuilt executor and server images are published to ghcr.io/tako-research/takovm. The previous github.com/las7 URLs redirect, and the existing ghcr.io/las7/takovm images remain available.
  • Copyright attribution updated to Tako Research.

PyPI: https://pypi.org/project/tako-vm/0.1.5/
Full changelog: v0.1.4...v0.1.5

Assets 2
Loading

Tako VM v0.1.4 — complete Python SDK, reliability layer, and end-to-end hardening

10 Jun 22:50
@las7 las7
v0.1.4
20afa19
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Tako VM v0.1.4 — complete Python SDK, reliability layer, and end-to-end hardening

Secure Python code execution in isolated, gVisor-backed containers — for AI agents and platforms that need to run untrusted code safely.

This release graduates Tako VM's Python SDK to a complete, production-grade client and hardens the execution engine end-to-end for durability, traceability, and security. It is the largest release since the project's first PyPI publish.

pip install --upgrade tako-vm

Highlights

  • A complete Python SDK. Full API parity with the server — synchronous typed execution, the entire async job lifecycle, execution history, and metadata — now reachable both from the TakoVM client and the flat tako_vm.* module-level API.
  • Built-in reliability layer. Transport retries, idempotency keys, end-to-end correlation IDs, and a structured exception taxonomy, so transient failures and ambiguous network errors no longer mean double-executed code or silent data loss.
  • Verbose-on-failure everywhere. Every failure path now surfaces a correlated, actionable error instead of a vague status — across the server, workers, sandbox, and SDK.

Python SDK

  • API parity (#62): async submission (submit/submit_code), lifecycle control (get_status, get_result, cancel, rerun, fork), artifact download, paginated execution history, and job-type metadata.
  • Reliability (#72): pooled sessions with idempotent-GET retries, auto-generated idempotency keys for retry-safe submission, X-Correlation-ID on every request, and a typed error hierarchy (TransportError, ServerError/ClientError with retryable, MalformedResponseError).
  • Authentication is caller-owned: supply your own headers or a preconfigured requests.Session (API keys, bearer tokens, mTLS) — the SDK forwards them verbatim and never interprets credentials.
  • Module-level parity (#89): configure() and the flat helpers now expose the full client surface, so import tako_vm; tako_vm.submit(...) works without manually instantiating a client.

Reliability & Durability

  • Synchronous /execute now runs off the event loop and persists an ExecutionRecord (#71).
  • Idempotent retries with a unique container per attempt and clean output isolation (#82).
  • Execution watchdog honors per-job-type budgets, kills the container, and records the timeout (#73).
  • Stale job records are reconciled on startup; shutdown/running transitions are persisted (#66).
  • In-container timeout enforcement with a host-side SIGKILL backstop, preserving partial output (#68, #63).
  • Hardened storage: robust record hydration, protected submission/terminal fields on upsert, and retries on transient save failures (#74, #78).

Traceability & Observability

  • Correlation IDs persisted on execution records, with a contextvar-bleed fix (#81).
  • Failure modes captured and verbosely surfaced across the codebase — no more silently swallowed errors (#88).

Security

  • Opt-in API-key authentication (#54); runtime dependency installs disabled by default (#51).
  • Dead-letter queue payload redaction with configurable TTL (#83); legacy DLQ rows scrubbed (#87).
  • Symlink rejection and replay-read containment in artifact collection; container-ID sanitizer hardening (#79).
  • Published security policy, threat model, and vulnerability reporting process.

Operability

  • CLI fixes for --workers, --reload, and explicit host/port handling (#65).
  • Pre-built job-type images execute directly; contract-less base images are refused (#85).
  • Executor containers are labeled and reliably reclaimed by orphan cleanup (#76).
  • Multi-worker topology is now warned about explicitly at startup (#87).

Install

pip install "tako-vm==0.1.4"            # SDK / library mode
pip install "tako-vm[server]==0.1.4"    # + FastAPI server

Docker images (executor and server) are published to GHCR alongside this release.

Full changelog: v0.1.3...v0.1.4

Loading