Most active commenters
  • simonw(3)
  • fzzzy(3)

←back to thread

MCP Run Python

(github.com)
173 points xrd | 18 comments | 15 Apr 25 11:09 UTC | HN request time: 0.916s | source | bottom
Show context
behnamoh ◴[17 Apr 25 15:27 UTC] No.43718268[source]
So their method of sandboxing Python code is to spin up a JS runtime (deno), run Pyodide on it, and then run the Python code in Pyodide.

Seems a lot of work to me. Is this really the best way to create and run Python sandboxes?

replies(11): >>43718335 #>>43718770 #>>43718841 #>>43719300 #>>43719370 #>>43719672 #>>43719881 #>>43721408 #>>43722369 #>>43723869 #>>43726452 #
1. simonw ◴[17 Apr 25 17:13 UTC] No.43719672[source]
I've been trying to find a good option for this for ages. The Deno/Pyodide one is genuinely one of the top contenders: https://til.simonwillison.net/deno/pyodide-sandbox

I'm hoping some day to find a recipe I really like for running Python code in a WASM container directly inside Python. Here's the closest I've got, using wasmtime: https://til.simonwillison.net/webassembly/python-in-a-wasm-s...

replies(5): >>43721214 #>>43722664 #>>43724984 #>>43725448 #>>43828320 #
2. singularity2001 ◴[17 Apr 25 19:38 UTC] No.43721214[source]
one wasmtime dependency and a self contained python file with 100 loc seems reasonable!

much better than calling deno, at least if you have no pip dependencies...

just had to update to new api:

# store.add_fuel(fuel) store.set_fuel(fuel) fuel_consumed=fuel-store.get_fuel()

and it works!!

time to hello world: hello_wasm_python311.py 0.20s user 0.03s system 97% cpu 0.234 total

replies(3): >>43721856 #>>43722093 #>>43728345 #
3. lopuhin ◴[17 Apr 25 20:28 UTC] No.43721856[source]
it's pretty difficult to package native python dependencies for wasmtime or other wasi runtimes, e.g. lxml
replies(1): >>43726861 #
4. antonvs ◴[17 Apr 25 20:51 UTC] No.43722093[source]
I was interested in how this compares in a kind of absolute sense. For comparison, an optimized C hello world program gave these results using `perf` on my Dell XPS 13 laptop:

       0.000636230 seconds time elapsed
       0.000759000 seconds user
       0.000000000 seconds sys
That's 36,800% faster. Hand-written assembly was very slightly slower. Using the standard library for output instead of a syscall brought it down to 20,900% faster.

(Yes I used percentages to underscore how big the difference is. It's 368x and 209x respectively. That's huge.)

Begrudgingly, here are the standard Python numbers:

    real    0m0.019s
    user    0m0.015s
    sys     0m0.004s
About 1230% faster than the sandbox, i.e. 12.3x. About an order of magnitude, which is typical for these kinds of exercises.
replies(1): >>43723565 #
5. abshkbh ◴[17 Apr 25 21:56 UTC] No.43722664[source]
https://github.com/abshkbh/arrakis

Will come with MacOS support very soon :) Does work on Linux

replies(1): >>43724789 #
6. singularity2001 ◴[18 Apr 25 00:00 UTC] No.43723565{3}[source]
haha, 99% is startup time for the sandbox, but yeah, python via wasm is probably still 10-400 times slower than c.
7. Tsarp ◴[18 Apr 25 03:42 UTC] No.43724789[source]
I tried this path and found that MacOS has horrible support on firecracker and similar.
replies(1): >>43730285 #
8. Tsarp ◴[18 Apr 25 04:21 UTC] No.43724984[source]
Atleast on macos cant the sandbox-exec be used similar to what codex is doing?
replies(1): >>43725761 #
9. 3abiton ◴[18 Apr 25 06:04 UTC] No.43725448[source]
> I'm hoping some day to find a recipe I really like for running Python code in a WASM container directly inside Python.

But what would be the usecase for this?

replies(1): >>43725528 #
10. simonw ◴[18 Apr 25 06:21 UTC] No.43725528[source]
Running Python code from untrusted sources, including code written by LLMs.
replies(1): >>43731970 #
11. simonw ◴[18 Apr 25 07:12 UTC] No.43725761[source]
Yeah, I got excited about that option a while back but was put off by the fact that Apple's (minimal) documentation say sandbox-exec is deprecated.
replies(2): >>43727342 #>>43728116 #
12. Already__Taken ◴[18 Apr 25 11:02 UTC] No.43726861{3}[source]
yeh if you can't shove numpy in there its not really useful.
13. fzzzy ◴[18 Apr 25 12:15 UTC] No.43727342{3}[source]
OpenAI's Codex CLI uses it on macOS. It's in typescript but maybe I'll take a look at what they do and port it to python.

[edit] looks really simple, except I'll have to look into how their raw-exec takes care of writeableRoots: https://github.com/openai/codex/blob/0d6a98f9afa8697e57b9bae...

[edit2] lol raw-exec doesn't do anything at all with writeableRoots, it's handled in the fullPolicy (from scopedWritePolicy)

14. fzzzy ◴[18 Apr 25 13:53 UTC] No.43728116{3}[source]
I cleaned up the output of asking Gemini 2.5 Pro to rewrite it in python, and it seems to work well:

https://gist.github.com/fzzzy/319d6cbbdfff9c340d0e9c362247ae...

15. fzzzy ◴[18 Apr 25 14:21 UTC] No.43728345[source]
Great, thanks for your post! I got it working too. This is going to be incredibly handy.
16. abshkbh ◴[18 Apr 25 17:46 UTC] No.43730285{3}[source]
Crosvm (our original Google project) and its children projects Firecracker, Cloud-Hypervisor are all based on top of "/dev/kvm" i.e. the Linux Virtualization stack.

Apple's equivalent is the Apple Virtualization Framework which exposes kvm like functionality at a higher level.

17. 3abiton ◴[18 Apr 25 21:21 UTC] No.43731970{3}[source]
I see, the way I would approach is it by running a client on in a specific python env on an incus instance, with LLM hosted either on the host or another seperate an incus instance. Lately been addicted to sandboxing apps in incus, specifically for isolated vpn tunnels, and automating certain web access.
18. 5rest ◴[29 Apr 25 02:56 UTC] No.43828320[source]
The demo looks really appealing. I have a real-world use case in mind: analyzing an Excel file and asking questions about its contents. The current approach (https://github.com/pydantic/pydantic-ai/blob/main/mcp-run-py...) seems limited to running standalone scripts—it doesn't support reading and processing files. Is there an extension or workaround to enable file input and processing?