[spicypixel]

Are we at the point where I can store arbitrary scripts in a sql database and execute them with arguments, safely in a python sandbox from a host language that may or may not be python, and return the value(s) to the caller?

I'd love to implement customer supplied transformation scripts for exports of data but I need this python to be fully sandboxed and only operate on the data I give it.

[btown]

Arguably/pedantically, Pyodide has had this for a while: see https://developer.nvidia.com/blog/sandboxing-agentic-ai-work... for a use case.

Wasmer's approach hints at faster cold starts and better overall performance; the benchmarking against pyodide is a bit unclear, and it's unclear to me whether that would make or break viability for a use case like this.

But one thing this does make possible is if your arbitrary script is actually a persistent server, you can deploy that to edge servers, and interact with your arbitrary scripts over the network in a safe and sandboxed way!

[simonw]

I hadn't seen that NVIDIA article before... turns out they're running Python inside Pyodide inside WebAssembly inside Chrome inside Playwright inside Node.js! https://github.com/JosephTLucas/wasm-plotly/blob/main/server...

I'm always on the lookout for ways to run Python in a sandbox but that feels like one too many levels for me.

Pyodide inside Deno removes at least the headless browser layer: https://til.simonwillison.net/deno/pyodide-sandbox

[simonw]

That's almost exactly what I want to do too. I've experimented a bit with QuickJS for this - there's a Python module here that looks reasonably robust https://pypi.org/project/quickjs/ - but my ideal would be a WebAssembly sandbox since that's the world's most widely tested sandbox at this point.

[_ea1k]

Trino isn't too far from that. It runs a wasm build of Python on Java, via the Chicory wasm runtime.

[huem0n]

> where I can store arbitrary [python] scripts in a sql database and execute them with arguments

Please no :sob:

[Rohansi]

Why not?