Skip to main content
Docs/Runtime & Validator
DocsRuntime & Validator
Free

Runtime & Validator

The isolated process pool that executes generated backend code plus the Playwright-based validator that probes deployed apps. Mostly invisible to you, documented here so you can reason about isolation and safety.

Runtime Sandbox

Generated backend code runs in an isolated process pool on a separate Cloud Run image. Each tenant gets its own process; processes are recycled after idle to keep cost down. Caches, circuit breakers, and GCS-backed file storage are wired in for you.

Python functions are AST-validated before execution: imports of os, subprocess, socket, and ctypes are rejected. Network access and database calls go through the GenMB SDK helpers, not raw modules.

Validator

The validator is a Playwright-based probe that opens your deployed app, runs an interaction script (form submit, pagination, modal open/close), and reports back what worked and what crashed. The same probe powers App Health and the hourly heal cron.

When the validator service is not configured (local dev), health probes silently no-op. Production deploys log a warning at startup so the misconfig is visible in logs rather than inferred from empty fields.

Limits

  • Function-host per-invocation timeout: 30 seconds.
  • SSRF guard inside the validator blocks loopback and private hosts.
  • Per-tenant process isolation; tenants cannot see each other's memory.

See Functions for the user-facing layer that runs on this runtime.

FAQs

Why is the runtime exposed in docs?
You will not interact with it directly day-to-day. It is documented so you can reason about isolation, resource limits, and where your code actually executes when you ship.
How is the runtime different from the function host?
The runtime sandbox runs whole-app backends (your generated server code). The function host runs single-file Functions you author. Both share the same isolation model; they differ in what they execute and how lifecycle is managed.
Can I run untrusted code in the runtime?
The runtime is hardened to limit blast radius (no privileged syscalls, AST-restricted Python, network egress controls) but it is not a replacement for treating user-supplied code as untrusted. Generated code is YOUR code; the runtime keeps you safe from other tenants, not from yourself.

Ready to build?

Create your first app for free, no credit card required.

Dev SandboxCustom Domains