←back to thread

MCP Run Python

(github.com)
173 points xrd | 3 comments | 15 Apr 25 11:09 UTC | HN request time: 1.006s | source
Show context
behnamoh ◴[17 Apr 25 15:27 UTC] No.43718268[source]
So their method of sandboxing Python code is to spin up a JS runtime (deno), run Pyodide on it, and then run the Python code in Pyodide.

Seems a lot of work to me. Is this really the best way to create and run Python sandboxes?

replies(11): >>43718335 #>>43718770 #>>43718841 #>>43719300 #>>43719370 #>>43719672 #>>43719881 #>>43721408 #>>43722369 #>>43723869 #>>43726452 #
1. pseudosavant ◴[17 Apr 25 16:43 UTC] No.43719300[source]
If there is a WASM build of the project, that is going to be the easiest and safest way to run that with untrusted user content. And Deno happens to be really good at hosting WASM itself. So, these are the two easiest tools to do this with.

I was looking into using WASM in Python yesterday for some image processing. It requires pulling in a full WASM runtime like wasmtime. Still better than calling out to native binaries like ImageMagick, but definitely more complicated than doing it in Deno. If I was writing it myself I'd do Deno, but LLMs are so good at writing Python.

replies(2): >>43719480 #>>43723567 #
2. kmangutov ◴[17 Apr 25 16:58 UTC] No.43719480[source]
Interesting to understand what is possible in this Deno/Pyodide environment. For example sklearn works despite being quite an involved dependency [1]. Another side to this is data input/output, which seems possible with a low level interface [2]. Very exciting that (a simple) end-to-end ML experience is now possible in the modern browser.

[1] https://www.erp5.com/NXD-Blog.Scipy.and.Scikit.Learn.Compile... [2] https://donatstudios.com/Read-User-Files-With-Go-WASM

3. achierius ◴[18 Apr 25 00:00 UTC] No.43723567[source]
Definitely not the safest: the safest way would be to spin up another VM. The hardware-level virtualization guarantees are much stronger than what any JS runtime could provide