[P] WASM bash shell sandbox for AI agents

We built a WASM-based sandbox for running LLM-generated code in agentic workflows. The problem: most agent frameworks execute code via subprocess or exec() directly on the host. One prompt injection and you’re exposed.

Our approach:

• QuickJS runtime compiled to WASM (no syscalls, no network, no filesystem escape)

• Capability-based tool access—agents can only call functions you explicitly provide

• Per-tool constraints (e.g., Param(“amount”) <= 1000)

• Virtual filesystem that resets between executions

It’s a Python package wrapping a Rust/WASM binary. Install with: uv pip install "git+https://github.com/amlalabs/amla-sandbox"

No Docker, no VMs, no SaaS – these approaches certainly work but add infrastructure overhead we wanted to avoid.

GitHub: https://github.com/amlalabs/amla-sandbox

Curious if others have tackled sandboxing for agent code execution differently!