Running Python code in a sandbox with MicroPython and WASM
10 hours ago
- #Sandbox
- #WebAssembly
- #Python
- Simon Willison explores running Python code in a sandbox using MicroPython and WebAssembly (WASM) for enhanced plugin security.
- He highlights the need for a sandbox to safely run plugin-style code with controlled file, network, memory, and CPU limits.
- WebAssembly is chosen for its security features and browser-tested robustness, with wasmtime as the Python library.
- MicroPython is selected over Pyodide for server-side use due to its efficiency in constrained WebAssembly environments.
- A prototype library, micropython-wasm, is built with AI assistance, supporting persistent interpreter state and host functions.
- The library allows execution of Python code in a WebAssembly sandbox, with features for memory persistence and controlled interactions.
- It is released as an alpha package on PyPI, with a CLI and integration into Datasette Agent for experimental use.
- Despite being an alpha release, it undergoes testing and is used in plugins, though caution is advised for high-risk scenarios.