Hacker News: tastyeffectco

New comment by tastyeffectco in "Running Python code in a sandbox with MicroPython and WASM"

tastyeffectco — Sun, 07 Jun 2026 22:15:13 +0000

one question i have about the project? what is the main need to be scoped to python only ? it is for perf ? infrastructure stack ? or something else ?

New comment by tastyeffectco in "Show HN: Boxes.dev: ditch localhost; run Claude Code and Codex in the cloud"

tastyeffectco — Sun, 07 Jun 2026 21:37:43 +0000

you may checkout sandboxd project, it allow you ti run on your own vps plenty of sandboxes for differents usages : https://github.com/tastyeffectco/sandboxd

New comment by tastyeffectco in "Self-hosted dev sandboxes with preview URLs (Docker, Go, no K8s)"

tastyeffectco — Thu, 04 Jun 2026 11:53:21 +0000

This project takes the Docker route instead of Firecracker — each container drops all capabilities, runs no-new-privileges, read-only rootfs, per-sandbox memory/PID limits, isolated networks. but! Not kernel-level separation like microVM.

depending on use cases but its enough for most and way simpler to operate and maintain.

If you need stronger isolation, the other replies in this thread mention (gVisor on k8s) Depends on your threat model and how much infra complexity you want to manage.

New comment by tastyeffectco in "Self-hosted dev sandboxes with preview URLs (Docker, Go, no K8s)"

tastyeffectco — Thu, 04 Jun 2026 11:49:26 +0000

Yes, but not fully! each sandbox have all linux capabilities! runs with no-new-privileges, a read-only rootfs! capped limits on PID and Memory, network isolated per design! all that said! this is not a VM isolation level like Firecracker for example, but quit enough for most use cases for early stage products or entreprise internal products

New comment by tastyeffectco in "Self-hosted dev sandboxes with preview URLs (Docker, Go, no K8s)"

tastyeffectco — Thu, 04 Jun 2026 10:57:04 +0000

For a 8 CPU, 12GB Ram you can run app to 10 concurrents sandboxes that do heavy builds! the project itself is not ram/cpu heavy at all! depending on what you will run inside ! that was one of the main points why i didnt chose to go for real kvm isolation.

i would just say if its for an early stage product got for it! at scale reconsider security and isolation layers

New comment by tastyeffectco in "Self-hosted dev sandboxes with preview URLs (Docker, Go, no K8s)"

tastyeffectco — Thu, 04 Jun 2026 10:03:46 +0000

upilote (mellosouls): your second reading is correct.

This is not a Lovable competitor, and it's not all of upilote.

upilote is the product: chat → agent builds → live preview.

This repo is just the infrastructure layer underneath it that we extracted and open-sourced under MIT. It handles one container per project, preview URLs, running agents, sleeping when idle, waking on request, persistence, and recovery after reboots.

For us, it simplified a lot of things. Instead of managing all that logic ourselves, it became: submit a task and stream events back.

Self-hosted dev sandboxes with preview URLs (Docker, Go, no K8s)

tastyeffectco — Wed, 03 Jun 2026 19:43:37 +0000

Article URL: https://github.com/tastyeffectco/sandboxes

Comments URL: https://news.ycombinator.com/item?id=48388909

Points: 111

# Comments: 34