We are working to solve the "sandoxing in Wasm" problem across multiple runtimes.

https://labs.leaningtech.com/blog/browserpod-deep-dive

Node.js is now fully supported, Python is in preview and Rust is coming soon.

For a glimpse of the possibilities, check our Claude Code running fully in the browser: https://browsercode.io/claude

If you're interested in not reinventing the sandbox for LLMs, consider Judge0: https://judge0.com/

I have absolutely no relation to the project except for the fact that I went to the same Uni as the creator.

On linux I devised this strategy for letting llm webuis or coding agent to securely run programs by burying their environment under multiple layers of locally arranged sandboxing.

Basically: run as another user -> run inside firejail sandbox -> run inside a stripped down alpine linux vm with smolvm.

See the whole procedure here: https://www.reddit.com/r/LocalLLaMA/comments/1tm93ng/how_i_d...

P.S. directories can be easily shared between the sandboxed guest and the host os

P.P.S. to stay a bit more on the safe side I also changed the name of the package manager for the guest os to something else so that when a coding agent would try to autonomously install external packages it will fail. I've then instructed it to (politely) ask for whatever it needs to be eventually manually installed by me

Literally working on a product that does this, hah :) I really do think that AI + automation + carefully-designed guardrails will unleash a deluge of productivity for normies, and we've barely scratched the surface.

The state of AI apps is absolutely trash right now, it’s embarrassing that these companies that raised millions are releasing the shittiest slop around without any product ethos. Obviously we're seeing what sticks, but come on guys.

I'm using Brett Cannon's `https://github.com/brettcannon/cpython-wasi-build` running inside a WASI rust container with a carefully-designed host SDK (e.g. sandboxed Chromium access, diff, sandboxed filesystem, pandas subset, PDF reading, etc.). Essentially the AI sees a goal, a plan, and essentially treats the "task space" as a WASI-powered Python notebook.

Mainly focused on the user experience, and I think that local LLMs (secure/private) + standard Python + host functions + (some external stuff like screen reading & quarantined web access) is more than enough for 90% of actionable tasks.

Very exciting times ahead.

there's also monty by pydantic https://github.com/pydantic/monty

it's Rust so can be compile to wasm, example: https://github.com/hyper-mcp-rs/monty-plugin

P.S. I was casually searching for "sandboxed Python" for an experiment I'm working on, and reached this article that was published "today". Very nice coincidence! Thanks.

I build a lightweight vm here that fits your needs as well: https://github.com/smol-machines/smolvm

What’s your experience with Monty? Been looking at it for one of our environments and it seems very promising.

Is this the place to look at if you want to play around with a live demo: https://tools.simonwillison.net/micropython ?

Google also released colab-cli a couple of days back and its pretty good at functioning as an isolated sandbox for running random python scriptS .

I am trying to think of a use case for this.

I was thinking the client side WASM version would be useful as a platform for beginners to practice a subset of Python in.

I can't really think of any good WASI use cases.

undefined

Super tangential comment but glad to see I'm not the only one that send typos to sessions and still get good results.

Was reading your https://chatgpt.com/share/6a1e2a5c-58b8-8328-ba1c-0e6aadb0a0... and noticed the "my on Python tools" instead of "my own Python tools" (apologies for the grammar police)

This stuff always gets me anxious for no reason because of the underlying tokenizer and prediction stochastic parrot that runs stuff, makes me wonder if I should rerun the prompt correcting the typo or accept the token tax on some interpreter that spent translating the intention.

[flagged]

[dead]

[flagged]