Show HN: Sandboxing untrusted code using WebAssembly (github.com)

Capsule has introduced a new runtime that leverages WebAssembly (Wasm) to safely execute untrusted code within AI agent systems. Each task runs in its own Wasm sandbox, enabling isolated execution with configurable resource limits, automatic retries on failures, and lifecycle tracking. This innovative approach allows developers to manage long-running workflows and autonomous decision-making tasks without risking the stability of the host system. Users can simply annotate their Python or TypeScript functions with a `@task` decorator or wrapper to define and run these tasks in a contained environment. The significance of Capsule for the AI/ML community lies in its ability to enhance security and reliability in executing tasks, particularly those involving potentially untrusted code. By imposing CPU, memory, and timeout constraints, Capsule minimizes the risk of cascading failures and allows for efficient resource management. Additionally, the structured JSON outputs provide comprehensive execution metadata, facilitating better monitoring and debugging. With its open-source foundation and flexibility for both Python and JavaScript developers, Capsule is poised to become a valuable tool for deploying AI-driven applications in secure, resource-controlled environments.