Show HN: Python Local Sandbox Code Execution (Podman and Uv) https://ift.tt/DRZF1E4

Show HN: Python Local Sandbox Code Execution (Podman and Uv) The core idea: @sandbox(dependencies=["pandas"]) turns any function into one that runs inside an isolated Podman container with dependency caching built in on uv. You call it like a normal function, but the code executes with no access to your host filesystem, credentials, or processes. from pctx_sandbox import sandbox @sandbox(dependencies=["requests"]) def fetch_url(url: str) -> str: import requests return requests.get(url).text result = fetch_url(" https://example.com ") # runs in container Technical details: - Uses rootless Podman for container isolation (all the Linux namespace stuff: PID, mount, network, user) - Maintains a warm pool of workers per dependency set, so there's no cold-start penalty after the first call - Dependencies are cached and installed once per unique combination - Resource limits enforced via cgroups The security model is "defense in depth" – it's container isolation, not a VM, so it's not a perfect security boundary. But it's good enough that I'm comfortable letting Claude use it on my machine. Would love feedback. Thanks! https://ift.tt/woq06Ny December 22, 2025 at 03:02AM