←back to thread

MCP Run Python

(github.com)
173 points xrd | 1 comments | 15 Apr 25 11:09 UTC | HN request time: 0.443s | source
Show context
behnamoh ◴[17 Apr 25 15:27 UTC] No.43718268[source]
So their method of sandboxing Python code is to spin up a JS runtime (deno), run Pyodide on it, and then run the Python code in Pyodide.

Seems a lot of work to me. Is this really the best way to create and run Python sandboxes?

replies(11): >>43718335 #>>43718770 #>>43718841 #>>43719300 #>>43719370 #>>43719672 #>>43719881 #>>43721408 #>>43722369 #>>43723869 #>>43726452 #
simonw ◴[17 Apr 25 17:13 UTC] No.43719672[source]
I've been trying to find a good option for this for ages. The Deno/Pyodide one is genuinely one of the top contenders: https://til.simonwillison.net/deno/pyodide-sandbox

I'm hoping some day to find a recipe I really like for running Python code in a WASM container directly inside Python. Here's the closest I've got, using wasmtime: https://til.simonwillison.net/webassembly/python-in-a-wasm-s...

replies(5): >>43721214 #>>43722664 #>>43724984 #>>43725448 #>>43828320 #
Tsarp ◴[18 Apr 25 04:21 UTC] No.43724984[source]
Atleast on macos cant the sandbox-exec be used similar to what codex is doing?
replies(1): >>43725761 #
simonw ◴[18 Apr 25 07:12 UTC] No.43725761[source]
Yeah, I got excited about that option a while back but was put off by the fact that Apple's (minimal) documentation say sandbox-exec is deprecated.
replies(2): >>43727342 #>>43728116 #
1. fzzzy ◴[18 Apr 25 12:15 UTC] No.43727342[source]
OpenAI's Codex CLI uses it on macOS. It's in typescript but maybe I'll take a look at what they do and port it to python.

[edit] looks really simple, except I'll have to look into how their raw-exec takes care of writeableRoots: https://github.com/openai/codex/blob/0d6a98f9afa8697e57b9bae...

[edit2] lol raw-exec doesn't do anything at all with writeableRoots, it's handled in the fullPolicy (from scopedWritePolicy)