[P] WASM bash shell sandbox for AI agents

digitado ⋅ 30 de January de 2026

We built a WASM-based sandbox for running LLM-generated code in agentic workflows. The problem: most agent frameworks execute code via subprocess or exec() directly on the host. One prompt injection and you’re exposed.

Our approach:

QuickJS runtime compiled to WASM (no syscalls, no network, no filesystem escape)
Capability-based tool access—agents can only call functions you explicitly provide
Per-tool constraints (e.g., Param(“amount”) <= 1000)
Virtual filesystem that resets between executions

It’s a Python package wrapping a Rust/WASM binary. Install with: uv pip install "git+https://github.com/amlalabs/amla-sandbox"

No Docker, no VMs, no SaaS – these approaches certainly work but add infrastructure overhead we wanted to avoid.

GitHub: https://github.com/amlalabs/amla-sandbox

Curious if others have tackled sandboxing for agent code execution differently!

submitted by /u/hfti
[link] [comments]

Like 0

Liked Liked