Exploring the Development of Mini-Elixir for User Code Sandboxing

In this article, the author shares their experience building a custom sandboxing solution for user-defined transformations in Sequin, named Mini-Elixir. The need arose from the challenge of securely processing potentially malicious user code while maintaining high performance and usability. The post covers various approaches to sandboxing user code, including VM-based sandboxes, embedded languages like Starlark and Lua, and the complexities of managing different solutions. Ultimately, the team decided on a restricted Abstract Syntax Tree (AST) interpreter called Mini-Elixir, which allows users to write functions using a subset of Elixir. This approach offers unmatched execution speed and operational simplicity while implementing safeguards for security in multi-tenant deployments. The conclusion emphasizes the potential for custom code to offer transformative control and efficiency for users of Sequin.