Rate Limiting & Sandboxing
Rate Limiting & Sandboxing
To prevent DoS and lateral exploitation, tools and agents should run in isolated sandboxes and adhere to rate-limiting quotas.
Sandboxing Approaches:
- Docker + seccomp profiles
- gVisor or Firecracker for syscall isolation
- Python: subprocess with chroot or jail + resource cgroups
Rate Limiting Dimensions:
- Per-user call limit (e.g., 100 tasks/hour)
- Per-model or per-tool CPU time
- Concurrent tool chain length
Advanced Option:
Implement circuit breakers, if a workflow exceeds a threshold (latency, depth, memory), auto-abort and log.