Show HN: Eryx, a fast WASM-based Python sandbox with native extension support

- uses CPython compiled to WASI, so you have full Python access

- pre-initializes and pre-compiles the Wasm, giving extremely fast startup times (~16ms)

- supports Python packages, both pure-Python and native extensions (such as `numpy` compiled to WASI), by relinking the Wasm at runtime and re-initializing

- implements the `ssl` module so you can make HTTP calls, and `httpx` or `requests` just work

- has full resource limiting (networking, filesystem, timeout, CPU and memory) based on Wasmtime and WASI

- supports mounting host directories, a virtual filesystem, or both

- supports persisting and resuming session state to and from bytes, for distributed execution

- supports 'secret scrubbing', similar to Deno Sandbox, the sandbox can't see secret values

- supports callbacks into the host

- supports streaming stdout/stderr and trace execution (so the host can see the progress of the executed script; useful for showing progress in long or slow scripts)

- has builtin MCP support, in two ways: it can connect to your MCP servers (using your Claude/Codex/Cursor config files) and add the tools as callbacks, and it has an MCP server built-in with a `run_python` tool, where the Python can use those other MCP servers' tools

There's a CLI you can use with `uvx pyeryx`, and bindings for Python, Javascript and Rust. The demo is available at https://demo.eryx.run - give it a try and let me know what you think.