Quick Start • securer

Overview

securer runs R code in a sandboxed child process with OS-level isolation. Code in the child can call named “tools” — host-side functions that execute outside the sandbox. Communication happens over a Unix domain socket using JSON messages. The package is designed for LLM agent systems where generated code needs access to host-provided capabilities while being prevented from reaching the network or filesystem.

Installation

pak::pak("ian-flores/securer")

Verify the installation:

library(securer)
execute_r("1 + 1")
#> [1] 2

Hello world

The simplest way to run code is with execute_r(). It creates a session, runs the code, and tears everything down automatically:

library(securer)

execute_r("1 + 1")
#> [1] 2

execute_r("paste('Hello from', R.version.string)")
#> [1] "Hello from R version 4.4.2 (2024-10-31)"

By default execute_r() enables the OS sandbox (sandbox = TRUE). Pass sandbox = FALSE to disable it.

Defining tools

Tools let sandboxed code call functions on the host. Define them with securer_tool():

add_tool <- securer_tool(
  name = "add",
  description = "Add two numbers",
  fn = function(a, b) a + b,
  args = list(a = "numeric", b = "numeric")
)
add_tool

Each tool has four components:

name – the function name available in the child process
description – metadata (useful for LLM tool-use prompts)
fn – the implementation, which runs on the host side
args – argument names mapped to type strings for validation

Supported type annotations

Type string	Check function
`"numeric"`	`is.numeric()`
`"character"`	`is.character()`
`"logical"`	`is.logical()`
`"integer"`	`is.integer()`
`"list"`	`is.list()`
`"data.frame"`	`is.data.frame()`

Type annotations are optional. Arguments without type annotations skip validation.

Using tools

Pass tools as a list to execute_r():

tools <- list(
  securer_tool("add", "Add two numbers",
    fn = function(a, b) a + b,
    args = list(a = "numeric", b = "numeric")),
  securer_tool("get_weather", "Get weather for a city",
    fn = function(city) list(temp = 72, condition = "sunny"),
    args = list(city = "character"))
)

execute_r('add(2, 3)', tools = tools)
#> [1] 5

execute_r('get_weather("Boston")', tools = tools)
#> $temp
#> [1] 72
#>
#> $condition
#> [1] "sunny"

Next steps

Now that you’ve seen the basics:

vignette("sessions-and-tools") — persistent sessions and advanced features
vignette("deployment") — sandboxing and resource limits
vignette("security-model") — the full threat model