Tako VM v0.1.4 — complete Python SDK, reliability layer, and end-to-end hardening
Secure Python code execution in isolated, gVisor-backed containers — for AI agents and platforms that need to run untrusted code safely.
This release graduates Tako VM's Python SDK to a complete, production-grade client and hardens the execution engine end-to-end for durability, traceability, and security. It is the largest release since the project's first PyPI publish.
pip install --upgrade tako-vmHighlights
- A complete Python SDK. Full API parity with the server — synchronous typed execution, the entire async job lifecycle, execution history, and metadata — now reachable both from the
TakoVMclient and the flattako_vm.*module-level API. - Built-in reliability layer. Transport retries, idempotency keys, end-to-end correlation IDs, and a structured exception taxonomy, so transient failures and ambiguous network errors no longer mean double-executed code or silent data loss.
- Verbose-on-failure everywhere. Every failure path now surfaces a correlated, actionable error instead of a vague status — across the server, workers, sandbox, and SDK.
Python SDK
- API parity (#62): async submission (
submit/submit_code), lifecycle control (get_status,get_result,cancel,rerun,fork), artifact download, paginated execution history, and job-type metadata. - Reliability (#72): pooled sessions with idempotent-GET retries, auto-generated idempotency keys for retry-safe submission,
X-Correlation-IDon every request, and a typed error hierarchy (TransportError,ServerError/ClientErrorwithretryable,MalformedResponseError). - Authentication is caller-owned: supply your own headers or a preconfigured
requests.Session(API keys, bearer tokens, mTLS) — the SDK forwards them verbatim and never interprets credentials. - Module-level parity (#89):
configure()and the flat helpers now expose the full client surface, soimport tako_vm; tako_vm.submit(...)works without manually instantiating a client.
Reliability & Durability
- Synchronous
/executenow runs off the event loop and persists anExecutionRecord(#71). - Idempotent retries with a unique container per attempt and clean output isolation (#82).
- Execution watchdog honors per-job-type budgets, kills the container, and records the timeout (#73).
- Stale job records are reconciled on startup; shutdown/running transitions are persisted (#66).
- In-container timeout enforcement with a host-side SIGKILL backstop, preserving partial output (#68, #63).
- Hardened storage: robust record hydration, protected submission/terminal fields on upsert, and retries on transient save failures (#74, #78).
Traceability & Observability
- Correlation IDs persisted on execution records, with a contextvar-bleed fix (#81).
- Failure modes captured and verbosely surfaced across the codebase — no more silently swallowed errors (#88).
Security
- Opt-in API-key authentication (#54); runtime dependency installs disabled by default (#51).
- Dead-letter queue payload redaction with configurable TTL (#83); legacy DLQ rows scrubbed (#87).
- Symlink rejection and replay-read containment in artifact collection; container-ID sanitizer hardening (#79).
- Published security policy, threat model, and vulnerability reporting process.
Operability
- CLI fixes for
--workers,--reload, and explicit host/port handling (#65). - Pre-built job-type images execute directly; contract-less base images are refused (#85).
- Executor containers are labeled and reliably reclaimed by orphan cleanup (#76).
- Multi-worker topology is now warned about explicitly at startup (#87).
Install
pip install "tako-vm==0.1.4" # SDK / library mode
pip install "tako-vm[server]==0.1.4" # + FastAPI serverDocker images (executor and server) are published to GHCR alongside this release.
Full changelog: v0.1.3...v0.1.4