Is your feature request related to a problem? Please describe.
I noticed that code execution in Open Interpreter runs directly on the host system, which can be risky. This is especially true when using it with untrusted code or in production environments.
From what I know, there is a proposed cloud alternative (E2B), but there's no simple local solution to safely execute Python code.
Describe the solution you'd like
I built Capsule, a runtime that sandboxes AI agent tasks in WebAssembly. It could be used to run untrusted Python (or JavaScript) code in Open Interpreter via a simple adapter.
Here's an example of how it could work:
from capsule_adapter import run_python
result = await run_python("""
print("Hi Open Interpreter Team!")
x = 5 + 3
x * 2
""")
print(result) # "Hi Open Interpreter Team!\n16"Only the first run takes about a second (cold start). After that, each run starts in ~10ms.
It's stateless by design, which makes it safer (no cross-contamination between runs).
Describe alternatives you've considered
Docker is often used for this, but it introduces complexity in production, especially when your app or agent is already running inside a container. Nested containers (Docker-in-Docker) require elevated privileges, which can compromise isolation and defeat the purpose of sandboxing.
Additional context
Documentation for Python integration: github.com/mavdol/capsule/tree/main/integrations/python-adapter
Main repository: https://github.com/mavdol/capsule
Is your feature request related to a problem? Please describe.
I noticed that code execution in Open Interpreter runs directly on the host system, which can be risky. This is especially true when using it with untrusted code or in production environments.
From what I know, there is a proposed cloud alternative (E2B), but there's no simple local solution to safely execute Python code.
Describe the solution you'd like
I built
Capsule, a runtime that sandboxes AI agent tasks in WebAssembly. It could be used to run untrusted Python (or JavaScript) code in Open Interpreter via a simple adapter.Here's an example of how it could work:
Only the first run takes about a second (cold start). After that, each run starts in ~10ms.
It's stateless by design, which makes it safer (no cross-contamination between runs).
Describe alternatives you've considered
Docker is often used for this, but it introduces complexity in production, especially when your app or agent is already running inside a container. Nested containers (Docker-in-Docker) require elevated privileges, which can compromise isolation and defeat the purpose of sandboxing.
Additional context
Documentation for Python integration: github.com/mavdol/capsule/tree/main/integrations/python-adapter
Main repository: https://github.com/mavdol/capsule