Implemented sandboxing with RestrictedPython today.

At least this is in my core right now. At least until I can pull it out into an add-on module. 

 Tried three different ways to sandbox today, succeeded with RestrictedPython.

The beautiful part is that this just added 4 lines to my exec_proc_agent() function. 

This is doing several layers of processing. Sandboxing, forced recompiling or caching functions for speed.  And that single try catch loop makes it unnecessary for most proc agents from having to use try catch. Also the status is logging, so they don't need to do it themselves either, just return how the function worked.

The above is the new sandbox proc runner.  This function, the set up for the jail_config, and the libraries it loads could all be abstracted out into a sandbox module and just plug into my simple framework with just a little additional work. 

This was the override for open in the framework, when a proc agent calls open in their code, this is the open that gets called instead, you can intercept anything in a function and override it. 

And this is the setup for the function that I showed you that executes the proc agent in a sand box.