When AutoAgent sandbox execution fails inside a coroutine context, the exception cleanup path triggers a KeyError: '__builtins__' inside ZMQ's Cython backend. This error is silently ignored but indicates that the sandbox's namespace stripping is not properly scoped to the execution frame — it leaks into the event loop's coroutine cleanup machinery.
Observed Log Output
Exception ignored in: <coroutine object run at 0x10c2d8ac0>
Traceback (most recent call last):
File "zmq/backend/cython/_zmq.py", line 1252, in zmq.backend.cython._zmq.Socket.recv
KeyError: '__builtins__'
Root Cause
The sandbox strips __builtins__ from the execution namespace for security isolation. When a coroutine is garbage-collected after a failure in this stripped context, Python's internal coroutine cleanup mechanism attempts to access __builtins__ — which no longer exists — causing the KeyError. The error surfaces through the ZMQ Cython layer because the failing coroutine is associated with a ZMQ socket receive operation.
Expected Behavior
Sandbox namespace isolation should be strictly scoped to the code execution frame. The cleanup of the coroutine and any associated ZMQ operations should occur in the full Python namespace, not in the stripped sandbox namespace. The framework should ensure that __builtins__ is restored (or the original globals context is preserved) before any async context cleanup occurs.
Impact
While currently silently ignored, unhandled exceptions in the ZMQ/SWIM transport layer can cause message delivery failures or P2P coordinator instability. This should be fixed before production deployment.
When
AutoAgentsandbox execution fails inside a coroutine context, the exception cleanup path triggers aKeyError: '__builtins__'inside ZMQ's Cython backend. This error is silently ignored but indicates that the sandbox's namespace stripping is not properly scoped to the execution frame — it leaks into the event loop's coroutine cleanup machinery.Observed Log Output
Root Cause
The sandbox strips
__builtins__from the execution namespace for security isolation. When a coroutine is garbage-collected after a failure in this stripped context, Python's internal coroutine cleanup mechanism attempts to access__builtins__— which no longer exists — causing theKeyError. The error surfaces through the ZMQ Cython layer because the failing coroutine is associated with a ZMQ socket receive operation.Expected Behavior
Sandbox namespace isolation should be strictly scoped to the code execution frame. The cleanup of the coroutine and any associated ZMQ operations should occur in the full Python namespace, not in the stripped sandbox namespace. The framework should ensure that
__builtins__is restored (or the original globals context is preserved) before any async context cleanup occurs.Impact
While currently silently ignored, unhandled exceptions in the ZMQ/SWIM transport layer can cause message delivery failures or P2P coordinator instability. This should be fixed before production deployment.