Hey everyone, I wanted to check if there were further developements on this question from a few years ago: https://kotlinlang.slack.com/archives/C0BT46EL8/p1572125057034300. I have basically the same question, where I want my DSL-specific KTS files to only have access to the DSL API and not have access to things like Java IO, network, etc. I suppose I'd have to disable the stdlib for this (since the stdlib provides a few IO-related functions that may be abused). I fully understand that this would be a fairly "weak" protection (the users sending KTS files would be trusted users, the idea here would be to reduce the impact of a rogue user sending a malicious KTS file), but I'm wondering how doable this is. Are the instructions in this thread still relevant, or are there new developments in this area? Thanks in advance!

Probably no developments. You'd still need to rely on SecurityManager (deprecated but working) or kernel sandboxing or both. GraalVM is developing a new sandbox that could be useful but it's not activated for bytecode languages yet.