I don't have a great recipe for JavaScript yet though. Something based around QuickJS feels like it could work.
The characteristics I'm looking for are:
1. Runs a string of code I give it - pretty much like an eval() function - ideally without needing to write that code to disk
2. Code has a limited amount of memory available to it
3. Code has limited CPU available as well - if it tries to use too many cycles it quits with an error
4. Same with amount of time to execute - cut it off after a specified number of ms and return an error
Bonus: it would be nice to be able to selectively expose additional Al functions to it (like fetch() via a controlled HTTP proxy) but even without that I could do some very useful things.
I remain frustrated that this is so hard to figure out!
I've done this with Extism before. You can now write JavaScript plug-ins that run both on the server and the browser: https://github.com/extism/js-pdk
This uses QuickJS compiled to Wasm. You can also embed these into any of the host languages we support, python included. We do have some rudimentary support for HTTP requests as well.
In order to create a plug-in that allows the host to inject and run code, I've done this:
1. Create some kind of export function like `set_code` that takes the string input of the code in CJS format. Example:
```
function myFunc() {
return "hello world"
}
module.exports = myFunc
```
2. `set_code` can store that text into a plug-in variable with `Var.set('my-function', code)`
3. Create a second export function that can eval the code. Would look something like this:
```
let result = eval(Var.getString('my-function'))()
Host.outputString(result)
```
If you're interested I can compile one of these for you. I've been working on a demo that uses a similar technique.
> Code has limited CPU available as well - if it tries to use too many cycles it quits with an error
That's a pretty strange failure mode. Usually you'd just throttle the sandboxed application (e.g., give it a CFS quota with a CPU cgroup) or give it a limited number of vCPUs.
It feels to me like this kind of sandboxing should be the Hello World" of server-side WebAssembly - using wasmer of wasmtime or similar.
To my surprise, actually achieving this with any of those seems to be very poorly documented.
Last time I complained about this on Hacker News Tim Bart figured out a Python recipe for me! https://til.simonwillison.net/webassembly/python-in-a-wasm-s...
I don't have a great recipe for JavaScript yet though. Something based around QuickJS feels like it could work.
The characteristics I'm looking for are:
1. Runs a string of code I give it - pretty much like an eval() function - ideally without needing to write that code to disk
2. Code has a limited amount of memory available to it
3. Code has limited CPU available as well - if it tries to use too many cycles it quits with an error
4. Same with amount of time to execute - cut it off after a specified number of ms and return an error
Bonus: it would be nice to be able to selectively expose additional Al functions to it (like fetch() via a controlled HTTP proxy) but even without that I could do some very useful things.
I remain frustrated that this is so hard to figure out!