Every AI agent that runs code hits the same wall: the sandbox costs more than the code itself. Spinning up a Docker container runs ~195ms and Pyodide ~2800ms, so for the short snippets a model emits, isolation dwarfs the actual work. Monty's bet is to make the sandbox disposable — a Python interpreter rewritten in Rust that boots in tens of microseconds (~60µs), cheap enough to spin up fresh for every single tool call.
What Sets It Apart
- Startup in microseconds, not milliseconds. Around 60µs versus ~195ms for Docker and ~1s for hosted sandbox services, so an agent can hand each snippet a clean interpreter without paying a latency tax per call.
- Security by omission, not by patching. Filesystem, network, and environment access simply don't exist inside the interpreter; the host grants capabilities only through explicit external function calls, so there's no escape surface to keep hardening.
- Pause and resume mid-run.
dump()andload()serialize interpreter state, letting an agent suspend execution, return control to the model, and continue later — natural for tool-calling loops and long-lived sessions. - Resource accounting is built in. Memory, allocation count, stack depth, and wall-clock time are tracked per run, so a runaway snippet hits a ceiling instead of the host.
Who It's For
Great fit if you're building agent frameworks or LLM tooling that executes many small, untrusted Python snippets and want predictable isolation without container orchestration; it embeds from Rust, Python, and JavaScript/TypeScript. Look elsewhere if you need to run real programs: Monty covers a subset only — no class definitions yet, no third-party packages, no match statements, and a stdlib trimmed to the likes of sys, os, typing, asyncio, re, datetime, and json.