GozoLite — A Production-Grade Polyglot Code Execution Engine (Open Source)

Modern platforms increasingly need to execute untrusted code safely — from AI agents and online judges to automation pipelines and developer tooling.
Most solutions either sacrifice isolation, performance, or language coverage.
GozoLite is an open-source polyglot code execution engine designed to run 30+ programming languages inside secure, resource-constrained sandboxes — with production-grade observability and explicit execution contracts.
Why GozoLite exists
Executing arbitrary code in multi-tenant environments is fundamentally a systems problem:
Isolation boundaries must be explicit
Resource limits must be deterministic
Toolchains must be validated
Failures must be observable
Execution must degrade safely
GozoLite was built around these constraints from the ground up.
Core architecture
At its core, GozoLite is a stateless execution service with:
Container-level isolation (Docker)
Strict ulimit enforcement (CPU, memory, file size, processes)
Language registry with toolchain detection
Standardized execution contract
Structured logs and diagnostics
Deterministic timeouts and output limits
Each execution is treated as a bounded, auditable event — not a best-effort script run.
Polyglot by design
GozoLite supports over 30 programming languages via a central registry and consistent interface.
Examples:
Python
C / C++
Rust
Go
Java
Node.js
Bash
And more
All languages share the same execution pipeline and limits model.
Execution model
A typical request:
Json
Copiar código
POST /execute
{
"language": "python",
"code": "print(21*2)"
}
Response:
Json
Copiar código
{
"status": "ok",
"stdout": "42\n",
"time_ms": 18,
"memory_kb": 5120
}
Failures are explicit:
Json
Copiar código
{
"status": "failed",
"error": "TOOLCHAIN_MISSING"
}
This makes GozoLite predictable inside larger systems.
Security model
GozoLite applies layered sandboxing:
Container isolation
Read-only filesystem segments
Resource ceilings (CPU/mem/proc)
No network by default
Output size caps
Execution time caps
The goal is not “best effort safety”, but controlled execution boundaries.
Observability first
Unlike typical code runners, GozoLite exposes:
Capabilities (available languages/toolchains)
Health status
Diagnostics
Execution metrics
This makes it suitable for production pipelines, not just demos.
Use cases
GozoLite is used or designed for:
Online judges
AI agent sandboxes
Code playgrounds
Education platforms
Secure automation
Multi-tenant developer tools
Open source
GozoLite is fully open-source and intended for:
Educational environments
Self-hosted execution services
Research and experimentation
Enterprise evaluation
Repository:
https://github.com/TotyLabs/GozoLite�
Final notes
Secure code execution is often treated as an implementation detail.
In reality, it is infrastructure.
GozoLite approaches execution the way databases approach queries:
bounded, observable, and contract-driven.
If you're building systems that run user or AI-generated code,
you need execution you can reason about.
That’s the problem GozoLite solves.