Follow-up to PR #1293 review feedback on docs/examples/requirements/code_generation_and_execution.py.
Currently, the example demonstrates execution_tier="local" for running untrusted generated code, which triggers a library-level warning about running uncontained code without proper safeguards.
Goals:
- Add documentation explaining the safety trade-offs between execution_tier="local" (faster, no isolation) and execution_tier="docker" (containerized, safer for untrusted inputs)
- Provide a comment in the example pointing readers to execution_tier="docker" as the recommended pattern for untrusted code
- Update or link relevant docs mentioning "CI/CD environments" as a valid use case for the local tier (where the environment itself is already sandboxed)
Related:
- Commit 85c447e tightened the project's default security posture around execution
- See execution_tier configuration in the Requirements system
Follow-up to PR #1293 review feedback on docs/examples/requirements/code_generation_and_execution.py.
Currently, the example demonstrates execution_tier="local" for running untrusted generated code, which triggers a library-level warning about running uncontained code without proper safeguards.
Goals:
Related: