Eryx is an OSS Wasm-based Python sandbox with full CPython support, ~16ms startup, native extension support (numpy, etc.), and bindings for Python, JS, and Rust. There have been a lot of these submitted in the last week or two but I think this one has a few interesting features. Specifically, Eryx: - uses CPython compiled to WASI, so you have full Python access - pre-initializes and pre-compiles the Wasm, giving extremely fast startup times (~16ms) - supports Python packages, both pure-Python and native extensions (such as `numpy` compiled to WASI), by relinking the Wasm at runtime and re-initializing - implements the `ssl` module so you can make HTTP calls, and `httpx` or `requests` just work - has full resource limiting (networking, filesystem, timeout, CPU and memory) based on Wasmtime and WASI - supports mounting host directories, a virtual filesystem, or both - supports persisting and resuming session state to and from bytes, for distributed execution - supports 'secret scrubbing', similar to Deno Sandbox, the sandbox can't see secret values - supports callbacks into the host - supports streaming stdout/stderr and trace execution (so the host can see the progress of the executed script; useful for showing progress in long or slow scripts) - has builtin MCP support, in two ways: it can connect to your MCP servers (using your Claude/Codex/Cursor config files) and add the tools as callbacks, and it has an MCP server built-in with a `run_python` tool, where the Python can use those other MCP servers' tools There's a CLI you can use with `uvx pyeryx`, and bindings for Python, Javascript and Rust. The demo is available at https://demo.eryx.run - give it a try and let me know what you think. |