Sprout v0.1.1 — --sandbox (run untrusted code safely)

--sandbox — run untrusted code safely.

Hosting an online playground where strangers run Sprout means their programs run with your server's privileges. v0.1.1 adds a one-flag lockdown so a submission can't touch anything outside itself.

Pass --sandbox (anywhere on the command line) or set SPROUT_SANDBOX=1:

sprout --sandbox run untrusted.sprout

It turns off every builtin that reaches outside the program:

• filesystem — read, write, append, exists
• on-disk store — remember, recall, forget
• network (also blocks SSRF to internal/metadata endpoints) — get, explore
• shell — the whole system module (system.run)

Each blocked call is a clear, catchable error ('read' is turned off in sandbox mode…). Everything else — math, text, lists, maps, tasks, match, the pipe, comprehensions, the garbage collector — works exactly as normal.

The frozen language is unchanged; this only restricts the host-facing builtins, so it's a clean additive point release on the 0.1 line. CI now verifies (on every job, including AddressSanitizer) that all ten dangerous operations are blocked under the flag.

Important: the flag is necessary but not sufficient. It closes the language's outward APIs, but a host must still cap CPU time, memory, and output at the OS/container level — run each submission as a short-lived, unprivileged, resource-limited process. (The GC keeps memory bounded per program, not small.)

CI green on Linux, macOS, and Windows + ASan. Windows installer attached.