Are we at the point where I can store arbitrary scripts in a sql database and execute them with arguments, safely in a python sandbox from a host language that may or may not be python, and return the value(s) to the caller?

I'd love to implement customer supplied transformation scripts for exports of data but I need this python to be fully sandboxed and only operate on the data I give it.

▲

btown 3 hours ago | parent | next [-]

Arguably/pedantically, Pyodide has had this for a while: see https://developer.nvidia.com/blog/sandboxing-agentic-ai-work... for a use case.

Wasmer's approach hints at faster cold starts and better overall performance; the benchmarking against pyodide is a bit unclear, and it's unclear to me whether that would make or break viability for a use case like this.

But one thing this does make possible is if your arbitrary script is actually a persistent server, you can deploy that to edge servers, and interact with your arbitrary scripts over the network in a safe and sandboxed way!

	▲	simonw 2 hours ago \| parent [-]
		I hadn't seen that NVIDIA article before... turns out they're running Python inside Pyodide inside WebAssembly inside Chrome inside Playwright inside Node.js! https://github.com/JosephTLucas/wasm-plotly/blob/main/server... I'm always on the lookout for ways to run Python in a sandbox but that feels like one too many levels for me. Pyodide inside Deno removes at least the headless browser layer: https://til.simonwillison.net/deno/pyodide-sandbox

▲

simonw 2 hours ago | parent | prev [-]

That's almost exactly what I want to do too. I've experimented a bit with QuickJS for this - there's a Python module here that looks reasonably robust https://pypi.org/project/quickjs/ - but my ideal would be a WebAssembly sandbox since that's the world's most widely tested sandbox at this point.