Skip to content
/ ignite Public

Bun-first local execution framework for JavaScript/TypeScript microservices with Docker-based isolation

dev-dami.github.io/ignite/

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dev-dami/ignite

BranchesTags

Repository files navigation

Ignite

Ignite

Secure sandbox execution for AI-generated code, untrusted scripts, and JS/TS services.

Release License Build Bun Docker

Overview

Ignite runs JavaScript/TypeScript code inside isolated Docker containers with optional hardened audit mode. It is designed for systems that execute code you do not fully trust:

  • AI agent generated code
  • plugin or extension ecosystems
  • user submissions and sandboxed automation
  • security-sensitive CI checks

Why Ignite

  • Container isolation with resource limits (memoryMb, cpuLimit, timeoutMs)
  • Preflight checks before execution (memory, dependency load, timeout, image size)
  • Security audit mode (--audit) with network blocking and read-only root filesystem
  • Runtime registry with versioned runtime selection (bun@1.3, node@20, deno@2.0, quickjs@latest)
  • CLI and HTTP server interfaces

Quick Start

1) Install

curl -fsSL https://raw.githubusercontent.com/dev-dami/ignite/master/install.sh | bash
ignite --version

2) Initialize a service

ignite init hello-world
cd hello-world

3) Run it

ignite run .

4) Run in hardened audit mode

ignite run . --audit

CLI At A Glance

Command Purpose
ignite init <name> Generate a new service scaffold
ignite run <path> Build + execute service in Docker
ignite preflight <path> Run safety checks only
ignite report <path> Generate preflight report
ignite lock <path> Create/update ignite.lock manifest
ignite env [path] Show environment/runtime information
ignite serve Start HTTP API server

Runtime Support

Runtime Supported versions Default
Bun 1.0, 1.1, 1.2, 1.3 1.3
Node 18, 20, 22 20
Deno 1.40, 1.41, 1.42, 2.0 2.0
QuickJS 2024-01-13, 2023-12-09, latest latest

Ignite accepts version-qualified runtime values and validates compatibility. Examples: bun@1.3, node@20.12.0.

Documentation

Build From Source

git clone https://github.com/dev-dami/ignite.git
cd ignite
bun install
bun run build

To build release binaries and checksums:

bun run scripts/build-binaries.ts

Artifacts are written to dist/:

  • ignite-<platform>.tar.gz
  • SHA256SUMS

Verify Release Artifacts

cd dist
sha256sum -c SHA256SUMS

Security Notes

--audit is the recommended mode for untrusted code. In this mode Ignite applies restrictive Docker flags and emits a security audit report. See Threat Model for boundaries, assumptions, and non-goals.

Contributing

See CONTRIBUTING.md for setup, test workflow, and release process.

License

MIT (see LICENSE).

About

Bun-first local execution framework for JavaScript/TypeScript microservices with Docker-based isolation

dev-dami.github.io/ignite/

Topics

javascript docker cli security security-audit microservices typescript runtime sandbox sandboxing code-execution ai-agents untrusted-code code-sandbox secure-sandbox llm

Resources

Readme

License

MIT license

Code of conduct

Code of conduct

Contributing

Contributing
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 13

v0.8.0 Latest
Feb 19, 2026
+ 12 releases

Packages

No packages published

Languages