The tywrap Python bridge imports modules, reads attributes from them, and calls the modules and attributes named by its caller. It does not sandbox the Python code it runs. Treat every module and attribute exposed through the bridge as trusted code.
Two environment-variable controls bound that surface:
TYWRAP_ALLOWED_MODULESis an import allowlist. Set it to a non-empty, comma- and/or whitespace-separated list of allowed module names to limit imports to those modules (plus standard-library modules the bridge needs).- Underscore-prefixed attributes are blocked by default. Set
TYWRAP_ALLOW_PRIVATE_ATTRS=1only to opt out for trusted code.
No HTTP server or server-side HTTP transport ships with tywrap. HttpBridge
only connects to a server that you run and secure.
If you expose a bridge over a network, configure a non-empty
TYWRAP_ALLOWED_MODULES allowlist and provide your own authentication. The
local subprocess bridge's default allow-all import behavior is intended only for
trusted, same-user use.
| Version | Security fixes |
|---|---|
| Latest 0.x minor | Yes |
| Earlier 0.x minors | No |
Please use GitHub private vulnerability reporting: open the repository's Security tab and choose Report a vulnerability.