← Back to Home
Technical Deep Dive

Under the Hood:
Runner Architecture

How Alpha PM actually executes code. SSH tunnels, sandboxed containers, and real terminal access. The engine that makes autonomous work possible.

alpha-pm-runner
runner@sandbox:~$ git clone repo && npm install
Cloning into 'alpha-pm'...
Installing dependencies... done.
runner@sandbox:~$ npm run test
βœ“ All 47 tests passed
100%
Isolated execution
<5s
Container spin-up
SSH
Secure transport

Alpha PM doesn't just talk about codeβ€”it runs it. Real git operations. Real tests. Real builds. All in sandboxed environments that protect your systems.

Architecture

How It Works

From brain to sandbox and back

🧠

Alpha PM Brain

Reasoning, planning, tool selection

↕️
πŸ”§

Runner Manager

Task dispatch, session management

↕️
πŸ“¦

Sandbox Container

Isolated execution environment

πŸ“¦

Sandbox Container

Isolated execution environment

Runner Types

Different Runners for Different Tasks

Specialized execution environments for every need

πŸ” SSH Runner

Full terminal access via SSH tunnel. Supports interactive commands and long-running processes.

  • Real terminal sessions
  • Persistent connections
  • Full shell access
  • Output streaming

⚑ Lambda Runner

Serverless execution for quick, stateless tasks. Scales automatically, pay-per-use.

  • Fast cold starts
  • Auto-scaling
  • Cost efficient
  • Isolated functions

πŸ”§ Capability Runner

Specialized runners for specific capabilities like code analysis, testing, or deployment.

  • Pre-configured tools
  • Optimized for task
  • Faster execution
  • Cached dependencies
Execution Flow

Task Lifecycle

How a task goes from idea to execution

1

Task Received

Brain identifies need for code execution. Selects appropriate runner type based on task requirements.

2

Container Provisioned

Runner Manager spins up sandboxed container with required tools. Environment variables and secrets injected securely.

3

SSH Tunnel Established

Secure connection created between brain and runner. All traffic encrypted. No direct network access.

4

Commands Executed

Brain sends commands via stream-json protocol. Output streamed back in real-time.

5

Results Captured

Exit codes, stdout, stderr all captured. Artifacts (logs, files) preserved for analysis.

6

Cleanup

Container destroyed. No state persists. Fresh environment for next task.

Security

Sandboxed by Design

Multiple layers of protection

πŸ”’

Network Isolation

Containers have no internet access except allowed endpoints.

πŸ—οΈ

Secret Injection

Credentials injected at runtime, never stored in containers.

⏱️

Timeout Limits

Hard timeouts prevent runaway processes.

πŸ“Š

Resource Limits

CPU, memory, and disk quotas enforced.

Want to Know More?

The runner architecture is the foundation of Alpha PM's autonomous capabilities.

πŸ“‹ View Architecture Issues Learn About Alpha PM