[0]: https://github.com/eryx-org/eryx

- uses CPython compiled to WASI, so you have full Python access

- pre-initializes and pre-compiles the Wasm, giving extremely fast startup times (~16ms)

- supports Python packages, both pure-Python and native extensions (such as `numpy` compiled to WASI), by relinking the Wasm at runtime and re-initializing

- implements the `ssl` module so you can make HTTP calls, and `httpx` or `requests` just work

- has full resource limiting (networking, filesystem, timeout, CPU and memory) based on Wasmtime and WASI

- supports mounting host directories, a virtual filesystem, or both

- supports persisting and resuming session state to and from bytes, for distributed execution

- supports 'secret scrubbing', similar to Deno Sandbox, the sandbox can't see secret values

- supports callbacks into the host

- supports streaming stdout/stderr and trace execution (so the host can see the progress of the executed script; useful for showing progress in long or slow scripts)

- has builtin MCP support, in two ways: it can connect to your MCP servers (using your Claude/Codex/Cursor config files) and add the tools as callbacks, and it has an MCP server built-in with a `run_python` tool, where the Python can use those other MCP servers' tools

There's a CLI you can use with `uvx pyeryx`, and bindings for Python, Javascript and Rust. The demo is available at https://demo.eryx.run - give it a try and let me know what you think.

Comments URL: https://news.ycombinator.com/item?id=46975368

Points: 2

# Comments: 1

[1] https://github.com/eryx-org/eryx

This uses CPython compiled to WASI and can (in theory) be run from any WASI-compatible Wasm runtime, in this case wasmtime, which has bindings in lots of languages. WASI uses capability based security rather than browser sandboxing and lets the host intercept any syscalls which is pretty cool. Wasmtime also lets you do things like epoch-based interruption, 'gas' for limiting instruction count, memory limits, and a bunch of other things that give you tons of control over the sandbox.

Pyodide/Emscripten might offer something similar but I'm not sure!

[1]: https://github.com/sd2k/eryx/

[2]: https://pypi.org/project/pyeryx/

[3]: https://github.com/bytecodealliance/componentize-py/

I did something very similar to you for networking in eryx too (no networking in conch yet); defined an `eryx:net` interface in WIT and reimplemented the `urllib` module using host networking, which most downstream packages (httpx, requests, etc) use far enough down the stack. It's a tradeoff but I think it's pretty much good enough for most use cases like this, and gives the host full control which is great.

Oh full transparency, the vast majority of conch and eryx were written by Opus 4.5. Being backed by wasmtime and the rather strict Rust compiler is definitely a boon here!

I've been working on a couple of things which take a very similar approach, with what seem to be some different tradeoffs:

- eryx [1], which uses a WASI build of CPython to provide a true Python sandbox (similar to componentize-py but supports some form of 'dynamic linking' with either pure Python packages or WASI-compiled native wheels) - conch [2], which embeds the `brush` Rust reimplementation of Bash to provide a similar bash sandbox. This is where I've been struggling with figuring out the best way to do subcommands, right now they just have to be rewritten and compiled in but I'd like to find a way to dynamically link them in similar to the Python package approach...

One other note, WASI's VFS support has been great, I just wish there was more progress on `wasi-tls`, it's tricky to get network access working otherwise...

[1] https://github.com/eryx-org/eryx [2] https://github.com/sd2k/conch

The other criteria is that they needed to be fast and cheap, which ruled out many of the deep learning/neural net based models, although I'd still like to try some foundation models using Burn or some other Rust deep learning framework!

- fast

- portable (I want to be able to run it in the browser, in Python, and in Rust)

- maintainable (please don't write libraries in Jupyter notebooks...)

Augurs meets all three of those for me, and was a lot of fun to write. Plus it has a fun name and I managed to nab the augu.rs domain.

A few things I think are cool:

- the MSTL/ETS implementation is very snappy and can produce forecasts in well under 100ms for quite large time series. This was the initial motivation for writing the library.

- the Prophet implementation includes the option to use a WASM component which wraps the Stan Bayesian framework compiled to WebAssembly, run inside Wasmtime, making it an easy-to-deploy single binary. Interestingly the benchmarks show the Wasmtime version running almost as fast as the native version.

- the whole library can be run in the browser using the npm library - see the demo below for an example

Docs: https://docs.augu.rs

Demo: https://demo.augu.rs

GitHub: https://github.com/grafana/augurs

- fast

- portable (I want to be able to run it in the browser, in Python, and in Rust)

- maintainable (please don't write libraries in Jupyter notebooks...)

Augurs meets all three of those for me, and was a lot of fun to write. Plus it has a fun name and I managed to nab the augu.rs domain.

A few things I think are cool:

- the MSTL/ETS implementation is very snappy and can produce forecasts in well under 100ms for quite large time series. This was the initial motivation for writing the library.

- the Prophet implementation includes the option to use a WASM component which wraps the Stan Bayesian framework compiled to WebAssembly, run inside Wasmtime, making it an easy-to-deploy single binary. Interestingly the benchmarks show the Wasmtime version running almost as fast as the native version.

- the whole library can be run in the browser using the npm library - see the demo below for an example

Docs: https://docs.augu.rs

Demo: https://demo.augu.rs

GitHub: https://github.com/grafana/augurs

Comments URL: https://news.ycombinator.com/item?id=42184386

Points: 2

# Comments: 1

Comments URL: https://news.ycombinator.com/item?id=34956319

Points: 235

# Comments: 105