[sd2k]

I posted this elsewhere in the thread, and don't want to spam it everywhere (or take away from Amla!), but you might be interested in eryx [1] - the Python bindings [2] get you a similar Python-in-Python sandbox based on a WASI build of CPython (props to the componentize-py [3] people)!

[1]: https://github.com/sd2k/eryx/

[2]: https://pypi.org/project/pyeryx/

[3]: https://github.com/bytecodealliance/componentize-py/

[simonw]

That's really cool.

Any chance you could add SQLite?

  % uv run --with pyeryx python 
  Installed 1 package in 1ms
  Python 3.14.0 (main, Oct  7 2025, 16:07:00) [Clang 20.1.4 ] on darwin
  Type "help", "copyright", "credits" or "license" for more information.
  >>> import eryx
  >>> sandbox = eryx.Sandbox()
  >>> result = sandbox.execute('''
  ... print("Hello from the sandbox!")
  ... x = 2 + 2
  ... print(f"2 + 2 = {x}")
  ... ''')
  >>> result
  ExecuteResult(stdout="Hello from the sandbox!\n2 + 2 = 4", duration_ms=6.83, callback_invocations=0, peak_memory_bytes=Some(16384000))
  >>> sandbox.execute('''
  ... import sqlite3
  ... print(sqlite3.connect(":memory:").execute("select sqlite_version()").fetchall())
  ... ''').stdout
  Traceback (most recent call last):
    File "<python-input-6>", line 1, in <module>
      sandbox.execute('''
      ~~~~~~~~~~~~~~~^^^^
      import sqlite3
      ^^^^^^^^^^^^^^
      print(sqlite3.connect(":memory:").execute("select sqlite_version()").fetchall())
      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
      ''').stdout
      ^^^^
  eryx.ExecutionError: Traceback (most recent call last):
    File "<string>", line 1, in <module>
    File "<string>", line 125, in _eryx_exec
    File "<user>", line 2, in <module>
    File "/python-stdlib/sqlite3/__init__.py", line 57, in <module>
      from sqlite3.dbapi2 import *
    File "/python-stdlib/sqlite3/dbapi2.py", line 27, in <module>
      from _sqlite3 import *
  ModuleNotFoundError: No module named '_sqlite3'

Filed a feature request here: https://github.com/eryx-org/eryx/issues/28

[simonw]

It looks like there's not mechanism yet in the Python bindings for exposing callback functions to the sandboxed code - it exists in the Rust library and Python has a ExecuteRusult.callback_invocations counter so presumably this is coming soon?

[sd2k]

Good call, yes, I'll get that added soon!

[manojlds]

How does this all compare to using pyodide?

[sd2k]

I'm not super familiar with how pyodide works but I think it uses CPython compiled with Emscripten then needs to be run from a Javascript environment, and uses the browser's (or Node's) Wasm engine.

This uses CPython compiled to WASI and can (in theory) be run from any WASI-compatible Wasm runtime, in this case wasmtime, which has bindings in lots of languages. WASI uses capability based security rather than browser sandboxing and lets the host intercept any syscalls which is pretty cool. Wasmtime also lets you do things like epoch-based interruption, 'gas' for limiting instruction count, memory limits, and a bunch of other things that give you tons of control over the sandbox.

Pyodide/Emscripten might offer something similar but I'm not sure!

[manojlds]

Thanks for the explanation, need to dive in deeper into wasm / wasi - I didn't realize there was a difference.

[simonw]

A lot of it IS using Pyodide, but wrapping it in a way that's convenient to use not-in-a-browser.