[FEATURE] Code interpreter tool to safely run untrusted code in wasm sandboxes #415
Description
Problem Statement
Currently, when AI generates code, executing it directly could be risky for the host system. We don't have many local solutions to safely run this code.
Docker is often used, but it introduces complexity in production, especially when you're already running your entire app or agent inside a container. Nested containers require elevated privileges, which can compromise the isolation and the purpose of sandboxing.
Proposed Solution
I built Capsule, a runtime that sandboxes AI agent tasks in WebAssembly, and it could be used for untrusted Python/JavaScript code.
Here's an example of how we could use it in a tool:
from capsule_adapter import run_python
result = await run_python("""
print("Hi Strands agents Team!")
x = 5 + 3
x * 2
""")
print(result) # "Hi Strands agents Team!\n16"Only the first run takes about a second (cold start). After that, each run starts in ~10ms.
It's also available for Typescript via @capsule-run/adapter for the sdk-typescript if needed.
Use Case
When an AI agent generates Python or JavaScript code for data analysis, calculations etc. it can run it safely without risking the host system.
Alternatives Solutions
No response
Additional Context
Documentation for Python integration: github.com/mavdol/capsule/tree/main/integrations/python-adapter
Documentation for TypeScript integration: github.com/mavdol/capsule/tree/main/integrations/typescript-adapter
Hope this helps!