Running Python code in a sandbox with MicroPython and WASM
theanonymousone
91 points
28 comments
June 06, 2026
Related Discussions
Found 5 related stories in 86.2ms across 10,002 title embeddings via pgvector HNSW
- Running Python code in a sandbox with MicroPython and WASM pretext · 15 pts · June 06, 2026 · 100% similar
- Edge.js: Run Node apps inside a WebAssembly sandbox syrusakbary · 122 pts · March 17, 2026 · 51% similar
- Show HN: Run coding agents in microVM sandboxes instead of your host machine phoenixranger · 54 pts · April 23, 2026 · 51% similar
- Show HN: Kyushu – A self-hostable WASM sandbox for JavaScript workers le_chuck · 74 pts · June 07, 2026 · 51% similar
- We Reverse-Engineered Docker Sandbox's Undocumented MicroVM API yakkomajuri · 76 pts · May 21, 2026 · 47% similar
Discussion Highlights (12 comments)
theanonymousone
P.S. I was casually searching for "sandboxed Python" for an experiment I'm working on, and reached this article that was published "today". Very nice coincidence! Thanks.
tmaly
I am trying to think of a use case for this. I was thinking the client side WASM version would be useful as a platform for beginners to practice a subset of Python in. I can't really think of any good WASI use cases.
incognito124
If you're interested in not reinventing the sandbox for LLMs, consider Judge0: https://judge0.com/ I have absolutely no relation to the project except for the fact that I went to the same Uni as the creator.
hmokiguess
Super tangential comment but glad to see I'm not the only one that send typos to sessions and still get good results. Was reading your https://chatgpt.com/share/6a1e2a5c-58b8-8328-ba1c-0e6aadb0a0... and noticed the "my on Python tools" instead of "my own Python tools" (apologies for the grammar police) This stuff always gets me anxious for no reason because of the underlying tokenizer and prediction stochastic parrot that runs stuff, makes me wonder if I should rerun the prompt correcting the typo or accept the token tax on some interpreter that spent translating the intention.
fzysingularity
What’s your experience with Monty? Been looking at it for one of our environments and it seems very promising.
sprak
Is this the place to look at if you want to play around with a live demo: https://tools.simonwillison.net/micropython ?
apignotti
We are working to solve the "sandoxing in Wasm" problem across multiple runtimes. https://labs.leaningtech.com/blog/browserpod-deep-dive Node.js is now fully supported, Python is in preview and Rust is coming soon. For a glimpse of the possibilities, check our Claude Code running fully in the browser: https://browsercode.io/claude
rdksu
Google also released colab-cli a couple of days back and its pretty good at functioning as an isolated sandbox for running random python scriptS .
dvt
Literally working on a product that does this, hah :) I really do think that AI + automation + carefully-designed guardrails will unleash a deluge of productivity for normies, and we've barely scratched the surface. The state of AI apps is absolutely trash right now, it’s embarrassing that these companies that raised millions are releasing the shittiest slop around without any product ethos. Obviously we're seeing what sticks, but come on guys. I'm using Brett Cannon's ` https://github.com/brettcannon/cpython-wasi-build ` running inside a WASI rust container with a carefully-designed host SDK (e.g. sandboxed Chromium access, diff, sandboxed filesystem, pandas subset, PDF reading, etc.). Essentially the AI sees a goal, a plan, and essentially treats the "task space" as a WASI-powered Python notebook. Mainly focused on the user experience, and I think that local LLMs (secure/private) + standard Python + host functions + (some external stuff like screen reading & quarantined web access) is more than enough for 90% of actionable tasks. Very exciting times ahead.
tuananh
there's also monty by pydantic https://github.com/pydantic/monty it's Rust so can be compile to wasm, example: https://github.com/hyper-mcp-rs/monty-plugin
nicolix
On linux I devised this strategy for letting llm webuis or coding agent to securely run programs by burying their environment under multiple layers of locally arranged sandboxing. Basically: run as another user -> run inside firejail sandbox -> run inside a stripped down alpine linux vm with smolvm. See the whole procedure here: https://www.reddit.com/r/LocalLLaMA/comments/1tm93ng/how_i_d... P.S. directories can be easily shared between the sandboxed guest and the host os P.P.S. to stay a bit more on the safe side I also changed the name of the package manager for the guest os to something else so that when a coding agent would try to autonomously install external packages it will fail. I've then instructed it to (politely) ask for whatever it needs to be eventually manually installed by me
binsquare
I build a lightweight vm here that fits your needs as well: https://github.com/smol-machines/smolvm