All Loops, whether built by Olive or by third parties, are executed in isolated runtime environments. Each Loop runs in its own sandbox: This allows Olive Helps to create device, file, network, and process isolation. In the case of network isolation, each Loop is set to have no network access by default. If the Loop needs access to a specific API for example, then the Loop Author must declare that they need network permission and which domain they plan to access. When a user adds a Loop from the Library, they can see exactly what a Loop is asking to do.