Hacker News: mavdol04

New comment by mavdol04 in "Show HN: Watch a neural net learn to play Snake"

mavdol04 — Fri, 15 May 2026 20:13:16 +0000

That's cool, i did exactly the same few years ago

New comment by mavdol04 in "Show HN: Capsule Bash – Sandboxed Bash for Agents"

mavdol04 — Mon, 04 May 2026 15:04:41 +0000

Nice, what are you building exactly ?

Show HN: Capsule Bash – Sandboxed Bash for Agents

mavdol04 — Mon, 04 May 2026 14:49:16 +0000

I've always felt that existing Bash wasn't adapted for agents. It gives way too much freedom and not enough feedback to enrich the context after each command.

I ended up building this TypeScript-based sandboxed Bash. If we compare it to other alternatives, it is divided into two layers:

- The core, with all the Bash commands and the operator logic.

- The runtime, a pluggable part that manages code execution in the sandbox. There's a Wasm runtime available based on a Rust runtime I launched a few months ago. [1]

In practice, the core calls the runtime to execute code and get back structured information from the sandbox, including exact filesystem changes (what was created, modified or deleted) and direct feedback in stdout.

I added commonly used commands, including `python3 -c` and `node -e`, but if you find an edge case where the current commands aren't enough, let me know.

GitHub: https://github.com/capsulerun/bash

[1]: https://news.ycombinator.com/item?id=46871387

Comments URL: https://news.ycombinator.com/item?id=48009460

Points: 3

# Comments: 3

New comment by mavdol04 in "Ask HN: Why are people leaving GitHub now?"

mavdol04 — Thu, 30 Apr 2026 11:43:39 +0000

I am in the EU timezone and had some minor issues recently with GitHub as well, but it never lasts very long.

Reimagining Bash for Untrusted Contexts

mavdol04 — Tue, 28 Apr 2026 16:10:38 +0000

Article URL: https://capsulerun.github.io/blog/reimagining-bash-for-untrusted-contexts

Comments URL: https://news.ycombinator.com/item?id=47936409

Points: 2

# Comments: 0

New comment by mavdol04 in "Ask HN: What would be the impact of a LLM output injection attack?"

mavdol04 — Tue, 21 Apr 2026 19:06:54 +0000

The worst that could happen is having your credentials stolen. It’s an LLM architectural flaw, so it has to be at the tools level so the only way to prevent it is still sandboxing in my opinion. Or at least sandboxing the tools themselves

One-time pad encryption with DNA (Paris to Tokyo)

mavdol04 — Thu, 02 Apr 2026 14:18:21 +0000

Article URL: https://arxiv.org/abs/2603.17149

Comments URL: https://news.ycombinator.com/item?id=47614857

Points: 1

# Comments: 0

New comment by mavdol04 in "We rewrote our Rust WASM parser in TypeScript and it got faster"

mavdol04 — Sat, 21 Mar 2026 00:28:03 +0000

I think a shared array just avoids the copy, not the serialization which is the main problem as they showed with serde-wasm-bindgen test

New comment by mavdol04 in "Prompt Injecting Contributing.md"

mavdol04 — Thu, 19 Mar 2026 18:20:44 +0000

Wait, you just invented a reverse CAPTCHA for AI agent

New comment by mavdol04 in "Docker Sandboxes and Docker Agent"

mavdol04 — Mon, 16 Mar 2026 10:09:07 +0000

That’s great, but it can’t be used in production because it’s not available for Linux (so no AWS, no GCP, etc.) and requires Docker Desktop. Still nice for experimenting, though.

New comment by mavdol04 in "Nominal Types in WebAssembly"

mavdol04 — Sat, 14 Mar 2026 18:18:50 +0000

I mean standardizing on an x86 subset would replace wasm's native portability with a kind of 'emulated' compatibility, and this is one of wasm's strengths. If we do that, non-x86 hardware(mobile etc.) will pay the translation tax. So, keeping Wasm agnostic makes more sense anyway.

New comment by mavdol04 in "Show HN: Sandboxing untrusted code using WebAssembly"

mavdol04 — Thu, 05 Feb 2026 23:40:26 +0000

It actually works a bit differently. The eval is executed by the interpreter running inside the isolated wasm sandbox (StarlingMonkey). You can think of it as each sandbox having its own dedicated JavaScript engine.

New comment by mavdol04 in "Show HN: Sandboxing untrusted code using WebAssembly"

mavdol04 — Tue, 03 Feb 2026 18:31:18 +0000

Thanks! Not yet, but that's a great idea. I could definitely add it to the roadmap.

New comment by mavdol04 in "Show HN: Sandboxing untrusted code using WebAssembly"

mavdol04 — Tue, 03 Feb 2026 17:49:21 +0000

yeah, the previous example was quite basic. I will write a complete example for that, but here is how you can run dynamic code:

   import { task } from "@capsule-run/sdk";

   export default task({
     name: "main",
     compute: "HIGH",
   }, async () => {
     const untrustedCode = "const x = 10; x * 2 + 5;";
     const result = eval(untrustedCode);
     return result;
   });

Hope that helps!

New comment by mavdol04 in "Show HN: Sandboxing untrusted code using WebAssembly"

mavdol04 — Tue, 03 Feb 2026 17:28:18 +0000

I would love for the component model tooling to reach that level of maturity.

Since the runtime uses standard WASI and not Emscripten, we don't have that seamless dynamic linking yet. It will be interesting to see how the WASI path eventually converges with what Pyodide can do today regarding C-extensions.

New comment by mavdol04 in "Show HN: Sandboxing untrusted code using WebAssembly"

mavdol04 — Tue, 03 Feb 2026 16:50:15 +0000

Thanks for the feedback! What do you think about running the separate file directly from the decorator?

New comment by mavdol04 in "Show HN: Sandboxing untrusted code using WebAssembly"

mavdol04 — Tue, 03 Feb 2026 16:41:04 +0000

Thanks! Got it, I will add more examples for that. Currently you can do both: run dynamically untrusted code with eval, or run fully encapsulated logic (like in the existing examples).

I made a small example that might give you a better idea (it's not eval, but shows how to isolate a specific data processing task): https://github.com/mavdol/capsule/tree/main/examples/javascr...

And yes, you are spot on regarding LeetCode platforms. The resource limits are also designed for that kind of usage.

New comment by mavdol04 in "Show HN: Sandboxing untrusted code using WebAssembly"

mavdol04 — Tue, 03 Feb 2026 16:16:03 +0000

I understand your point. I added native Python support because C extensions will eventually become compatible. Also, we might see more libraries built with Rust extensions appearing, which will be much easier to port to Wasm.

New comment by mavdol04 in "Show HN: Sandboxing untrusted code using WebAssembly"

mavdol04 — Tue, 03 Feb 2026 16:08:32 +0000

I recreated many Node.js built-ins so compatibility is actually quite extended.

For Python, the main limitation is indeed C extensions. I'm looking for solutions. the move to WASI 0.3 will certainly help with that.

Show HN: Sandboxing untrusted code using WebAssembly

mavdol04 — Tue, 03 Feb 2026 14:28:01 +0000

Hi everyone,

I built a runtime to isolate untrusted code using wasm sandboxes.

Basically, it protects your host system from problems that untrusted code can cause. We’ve had a great discussion about sandboxing in Python lately that elaborates a bit more on the problem [1]. In TypeScript, wasm integration is even more natural thanks to the close proximity between both ecosystems.

The core is built in Rust. On top of that, I use WASI 0.2 via wasmtime and the component model, along with custom SDKs that keep things as idiomatic as possible.

For example, in Python we have a simple decorator:

  from capsule import task

  @task(
      name="analyze_data", 
      compute="MEDIUM",
      ram="512mb",
      allowed_files=["./authorized-folder/"],
      timeout="30s", 
      max_retries=1
  )
  def analyze_data(dataset: list) -> dict:
      """Process data in an isolated, resource-controlled environment."""
      # Your code runs safely in a Wasm sandbox
      return {"processed": len(dataset), "status": "complete"}

And in TypeScript we have a wrapper:

  import { task } from "@capsule-run/sdk"

  export const analyze = task({
      name: "analyzeData", 
      compute: "MEDIUM", 
      ram: "512mb",
      allowedFiles: ["./authorized-folder/"],
      timeout: 30000, 
      maxRetries: 1
  }, (dataset: number[]) => {
      return {processed: dataset.length, status: "complete"}
  });

You can set CPU (with compute), memory, filesystem access, and retries to keep precise control over your tasks.

It's still quite early, but I'd love feedback. I’ll be around to answer questions.

GitHub: https://github.com/mavdol/capsule

[1] https://news.ycombinator.com/item?id=46500510

Comments URL: https://news.ycombinator.com/item?id=46871387

Points: 76

# Comments: 25