Sandbox & Security
Worker code runs in a restricted Python sandbox. This page documents what is and isn't allowed.
Execution Model
- Each worker runs as an isolated subprocess
- Code is loaded via
exec()with restricted builtins - The
ctxobject is injected as a global variable - Each
tick()has a 60 second timeout - Import restrictions are enforced at runtime
Allowed Built-in Functions
The following Python builtins are available in worker code:
Math & Logic
abs, all, any, divmod, max, min, pow, round, sum
Types & Collections
bool, chr, dict, float, format, frozenset, hex, id, int, iter, len, list, oct, ord, range, repr, reversed, set, slice, sorted, str, super, tuple, type, zip
Iteration & Filtering
enumerate, filter, map, next
Introspection
getattr, hasattr, hash, isinstance, issubclass
Output
print (output goes to worker logs)
Constants
True, False, None
Exceptions
Exception, ValueError, TypeError, KeyError, IndexError, RuntimeError, StopIteration, ZeroDivisionError
Allowed Imports
You can import these modules in your worker code:
| Module | Description |
|---|---|
math | Mathematical functions |
statistics | Statistical functions |
datetime | Date and time handling |
json | JSON encoding/decoding |
collections | Specialized containers (defaultdict, Counter, etc.) |
time | Time functions (sleep, time, etc.) |
re | Regular expressions |
functools | Higher-order functions (reduce, lru_cache, etc.) |
itertools | Iterator building blocks |
decimal | Decimal fixed-point arithmetic |
hashlib | Secure hash algorithms |
hmac | HMAC message authentication |
base64 | Base64 encoding/decoding |
copy | Shallow and deep copy |
random | Random number generation |
numpy | Numerical computing (if installed) |
pandas | Data analysis (if installed) |
Import Example
import json
import datetime
from collections import defaultdict
import math
def tick(ctx):
now = datetime.datetime.now()
data = json.dumps({"time": str(now), "pi": math.pi})
ctx.log.info(data)Blocked
The following are not allowed in worker code:
Blocked Built-ins
open()-- usectx.filesinsteadexec(),eval(),compile()-- no dynamic code execution__import__()-- replaced with restricted version
Blocked Modules
os,sys,subprocess-- no system accesssocket,urllib,http-- usectx.httpinsteadpathlib,shutil,glob-- usectx.filesinstead- Any module not in the allowed list above
Blocked Access
- File system (use
ctx.files) - Network (use
ctx.http,ctx.bybit,ctx.telegram, etc.) - Environment variables
- Process management
- Thread/multiprocessing
Attempting Blocked Operations
If you try to import a blocked module:
import os # ImportError: Import of os is not allowed in worker sandbox.
# Allowed: ['base64', 'collections', 'copy', 'datetime', 'decimal',
# 'functools', 'hashlib', 'hmac', 'itertools', 'json',
# 'math', 'random', 're', 'statistics', 'time']Memory & Resource Limits
- Tick timeout: 60 seconds per tick
- Log message size: max 4000 characters per message
- Log batch size: 20 messages (auto-flushed)
- File storage: 100 MB per workspace
- Single file read: max 50 KB
- HTTP request timeout: 30 seconds
- State value size: limited by Redis (practical limit: ~512 KB per value)
Best Practices
Keep ticks fast -- don't do heavy computation in a single tick. Split work across multiple ticks using
ctx.state.Handle errors gracefully -- always check for
"error"keys in API responses.Use state for persistence -- don't rely on global variables (they reset on restart). Use
ctx.state.set()/ctx.state.get().Limit data size -- trim lists and dicts to reasonable sizes. Don't store unlimited history.
Log meaningfully -- use
ctx.log.info()for important events,ctx.log.debug()for verbose output.