zlacker

Show HN: Sandboxing untrusted code using WebAssembly

submitted by mavdol+(OP) on 2026-02-03 14:28:01 | 76 points 25 comments
[view article] [source] [go to bottom]

Hi everyone,

I built a runtime to isolate untrusted code using wasm sandboxes.

Basically, it protects your host system from problems that untrusted code can cause. We’ve had a great discussion about sandboxing in Python lately that elaborates a bit more on the problem [1]. In TypeScript, wasm integration is even more natural thanks to the close proximity between both ecosystems.

The core is built in Rust. On top of that, I use WASI 0.2 via wasmtime and the component model, along with custom SDKs that keep things as idiomatic as possible.

For example, in Python we have a simple decorator:

  from capsule import task

  @task(
      name="analyze_data", 
      compute="MEDIUM",
      ram="512mb",
      allowed_files=["./authorized-folder/"],
      timeout="30s", 
      max_retries=1
  )
  def analyze_data(dataset: list) -> dict:
      """Process data in an isolated, resource-controlled environment."""
      # Your code runs safely in a Wasm sandbox
      return {"processed": len(dataset), "status": "complete"}
And in TypeScript we have a wrapper:

  import { task } from "@capsule-run/sdk"

  export const analyze = task({
      name: "analyzeData", 
      compute: "MEDIUM", 
      ram: "512mb",
      allowedFiles: ["./authorized-folder/"],
      timeout: 30000, 
      maxRetries: 1
  }, (dataset: number[]) => {
      return {processed: dataset.length, status: "complete"}
  });
You can set CPU (with compute), memory, filesystem access, and retries to keep precise control over your tasks.

It's still quite early, but I'd love feedback. I’ll be around to answer questions.

GitHub: https://github.com/mavdol/capsule

[1] https://news.ycombinator.com/item?id=46500510


NOTE: showing posts with links only show all posts
◧◩
7. simonw+vs[view] [source] [discussion] 2026-02-03 16:30:47
>>gregpr+Yj
You can run libraries like Pandas in WebAssembly in Pyodide - in fact Pandas works already. Here's a demo I built with it a while ago: https://tools.simonwillison.net/pyodide-bar-chart

It's not too hard to compile a C extension for Python to a WebAssembly and bundle that in a .so file in a wheel. I did an experiment with that the other day: https://github.com/simonw/tiny-haversine?tab=readme-ov-file#...

◧◩
9. mavdol+hv[view] [source] [discussion] 2026-02-03 16:41:04
>>yohguy+Bq
Thanks! Got it, I will add more examples for that. Currently you can do both: run dynamically untrusted code with eval, or run fully encapsulated logic (like in the existing examples).

I made a small example that might give you a better idea (it's not eval, but shows how to isolate a specific data processing task): https://github.com/mavdol/capsule/tree/main/examples/javascr...

And yes, you are spot on regarding LeetCode platforms. The resource limits are also designed for that kind of usage.

◧◩
11. smithc+BB[view] [source] [discussion] 2026-02-03 17:05:59
>>simonw+Ss
Personally: love the decorator pattern after I got used to it :)

Posted this yesterday as well, but seems like a really nice emerging pythonic way to call out to remote infrastructure (see: Modal[1]).

[1]: https://modal.com/docs/examples/hackernews_alerts#defining-t...

20. csense+3h2[view] [source] 2026-02-04 01:24:51
>>mavdol+(OP)
I had to do some research to figure out what this is actually doing. When you try to pass e.g. strings through WASM functions you end up writing the data to memory and passing offset / length, which is obviously inconvenient and potentially has security implications. WASM components [1] is a spec that tries to improve on this with an IDL called WIT that lets you define functions that pass complex types with a proper ABI.

This all seems sensible for languages like C or Zig that neatly cross compile to WASM. But I was very confused how this could ever work with a duck-typed interpreted language like Python, so I did some digging.

Apparently "run your Python as WASM" part is implemented by componentize-py which cross compiles CPython to WASM as libpython3.14.so [2].

I'm not sure whether I should be impressed or horrified...

[1] https://component-model.bytecodealliance.org/

[2] https://github.com/bytecodealliance/componentize-py/blob/79e...

21. skybri+UJ2[view] [source] 2026-02-04 05:45:04
>>mavdol+(OP)
If it's a coding agent, it will need to be able to write scripts and run them. I haven't tried just-bash, but it seems interesting for comparison:

https://github.com/vercel-labs/just-bash

[go to top]