trusted-remote-execution

trusted-remote-execution / trusted-remote-execution

Public

Sandboxed Rhai script execution engine with Cedar policy authorization for every system operation.

trusted-remote-execution.github.iodocs.html access-control authorization cedar policy-engine remote-execution
10
2
100% credibility
Found Apr 30, 2026 at 10 stars -- GitGems finds repos before they trend. Get early access to the next one.
Sign Up Free
AI Analysis
Rust
AI Summary

REX is a secure script execution engine that uses authorization policies to control every system operation scripts perform in a sandboxed environment.

How It Works

1
🔍 Discover safe scripting

You hear about REX, a tool that lets you run scripts safely without risking your computer.

2
📥 Get the runner

Download and install the simple runner program that makes everything work.

3
📝 Set safety rules

Create a short list of rules telling exactly what your script is allowed to touch, like certain folders or connections.

4
✏️ Write your script

Type your instructions in a friendly scripting language to do tasks like reading files or checking connections.

5
🚀 Run with one click

Feed your script, rules, and any inputs to the runner—it checks everything safely and runs only what's allowed.

See secure results

Your script finishes safely, showing exactly what happened with full logs and measurements of its work.

Sign up to see the full architecture

4 more

Sign Up Free

Star Growth

See how this repo grew from 10 to 10 stars Sign Up Free
Repurpose This Repo

Repurpose is a Pro feature

Generate ready-to-use prompts for X threads, LinkedIn posts, blog posts, YouTube scripts, and more -- with full repo context baked in.

Unlock Repurpose
AI-Generated Review

What is trusted-remote-execution?

This Rust-based engine executes Rhai scripts in a fully sandboxed environment, where Cedar policies authorize every system operation like file I/O, network access, process management, or sysinfo queries. Operators define fine-grained policies to control what untrusted scripts can do, preventing escapes while enabling safe remote script execution. Install via `cargo install rex-runner`, supply a Cedar policy file, Rhai script, and JSON args, then run with `rex-runner --script-file script.rhai --policy-file policy.cedar`.

Why is it gaining traction?

It stands out by combining lightweight Rhai scripting with per-operation Cedar authorization in a sandboxed Rust runtime, offering trusted execution without heavy VMs or containers. Developers get runtime policy enforcement that catches violations instantly, plus TOCTOU mitigations via file descriptors. The quickstart demo—tweak a policy and watch ops deny—hooks ops teams needing precise control over remote scripts.

Who should use this?

DevOps engineers running automation scripts on shared servers, where untrusted inputs need strict sandboxing. Security-focused teams building trusted execution environments for remote attestation and gapps-like workflows. Rust devs extending it for custom system ops under policy gates.

Verdict

Promising for secure Rhai scripting with Cedar auth, but at 10 stars and 1.0% credibility, it's early-stage—docs and tests look solid, quickstart works out-of-box. Prototype it for policy-driven remote execution; watch for maturity before prod.

(198 words)

Sign up to read the full AI review Sign Up Free

Similar repos coming soon.