Every AI coding tool can write Python — Cursor, Claude Code, Windsurf. None of them can run it safely in production.
That gap between "AI wrote the code" and "the code ran safely" is exactly what I'm building jhansi.io to close.
This series documents the journey. One layer of the problem at a time.
The execution gap
When AI generates code, four things still stand between you and prod:
- Dependencies — Install the right packages, with versions and licenses you trust
- Isolation — Run it hard-sandboxed. No host access, no outbound network, no surprises
- Secrets — Let AI use your API keys without ever letting it see or leak them
-
Audit — Log every execution. Prompt, code, result, timestamp. Compliance-grade.
Most teams stop at step 1. Banks and fintechs can't. FCA, SOC2, and the EU AI Act require audit trails for AI actions. You can't
eval()your way through an audit.
jhansi.io is the missing run() for AI-generated code. Open core, cloud sandbox, built to close each part of the gap — layer by layer.
The series
Part 1 — Persistent sandboxes
Why "ephemeral" breaks debugging, state, and compliance. The case for giving every AI a home directory.
→ Read Part 1
Part 2 — Dependency management (coming soon)
Detecting, installing, and locking deps across Python, Node, Go, and Java. With SBOMs and policy built in.
Part 3 — Isolation (coming soon)
What "hard isolation" actually means. Containers, Firecracker, zero trust networking, and the metadata service attacks you haven't thought of yet.
Part 4 — Secrets (coming soon)
Kernel-level proxies. AI can call Stripe without the key ever entering the sandbox.
Part 5 — Audit (coming soon)
Who ran what, when, with which prompt. Hash-chained logs that satisfy auditors, not just engineers.
Building this in public. Follow the series on Dev.to, Linkedin, and X.
Code is Apache 2.0 at github.com/jhansi-io.
Top comments (0)