[ngcc_hk]

Any good pointer to this direction?

[kevingadd]

https://github.com/WebAssembly/wabt/blob/main/wasm2c/README.... is a straightforward way to take an untrusted application (compiled already to wasm) and turn it into C that you can embed into your application or compile to a linkable DLL. I believe this approach has been used to sandbox untrusted libraries in production by Mozilla: https://hacks.mozilla.org/2021/12/webassembly-and-back-again...