MCP Run Python

(github.com)

173 points xrd | 1 comments | 15 Apr 25 11:09 UTC | HN request time: 0.313s | source

Show context

behnamoh ◴[17 Apr 25 15:27 UTC] No.43718268[source]▶

So their method of sandboxing Python code is to spin up a JS runtime (deno), run Pyodide on it, and then run the Python code in Pyodide.

Seems a lot of work to me. Is this really the best way to create and run Python sandboxes?

replies(11): >>43718335 #>>43718770 #>>43718841 #>>43719300 #>>43719370 #>>43719672 #>>43719881 #>>43721408 #>>43722369 #>>43723869 #>>43726452 #

pseudosavant ◴[17 Apr 25 16:43 UTC] No.43719300[source]▶

>>43718268 #

If there is a WASM build of the project, that is going to be the easiest and safest way to run that with untrusted user content. And Deno happens to be really good at hosting WASM itself. So, these are the two easiest tools to do this with.

I was looking into using WASM in Python yesterday for some image processing. It requires pulling in a full WASM runtime like wasmtime. Still better than calling out to native binaries like ImageMagick, but definitely more complicated than doing it in Deno. If I was writing it myself I'd do Deno, but LLMs are so good at writing Python.

replies(2): >>43719480 #>>43723567 #

1. achierius ◴[18 Apr 25 00:00 UTC] No.43723567[source]▶

>>43719300 #

Definitely not the safest: the safest way would be to spin up another VM. The hardware-level virtualization guarantees are much stronger than what any JS runtime could provide

↑