Show HN: Riza – Safely run untrusted code from your app

https://riza.io/developer-preview

Riza

Riza is the production-ready isolated runtime for untrusted code.

How it works

1

You prompt an LLM to write code.

TypeScript and Python tend to get the best results.

2

POST the code to the /v1/execute API endpoint.

Include command line args, stdin, files, and env vars.

3

Riza safely runs the code and returns the output.

Your response includes the exit code, stdout, and stderr.

What is the Code Interpreter API?

A service for executing untrusted Python, JavaScript, TypeScript, Ruby and PHP.

How are people using it today?

Teams are using it to run code generated by LLMs, power data transformations, and extend their products for enterprise customers.

Why is it secure?

Code is executed inside an isolated WebAssembly context. Learn more in our security documentation.

What are the current runtime limitations?

Check out our product roadmap to see what we're working on.

  • Code only has access to data you provide, which includes command-line arguments, environment variables, files and stdin.
  • Read/write access to the `/mnt/req` directory, read-only access to the rest of the filesystem.
  • Use external packages with Python and JavaScript via custom runtimes. Other interpreters have access to the language's standard library.
  • Network access is limited to HTTP.
  • No support for alternative interpreter versions.
  • Execution time is limited to 30 seconds per invocation.
  • Memory consumption is limited to 128Mib per invocation.

How much does it cost?

Riza is free to use for your side projects. For enterprise users, we charge based on usage. See our pricing page for full details.

Can I self-host the Code Interpreter API?

What's coming next?

Our full roadmap is available in our documentation, but here are some highlights:

  • [shipped] Add support for secrets and HTTP API credentials.
  • [shipped] Allow further interpreter customization via third-party packages and dependencies.
  • [shipped] Allow filesystem access, with customer-defined capability controls.

Please send us an email or join us on Discord if you have questions or suggestions.

{
"by": "conroy",
"descendants": 6,
"id": 40212741,
"kids": [
40213811,
40212816,
40233256,
40212997
],
"score": 11,
"text": "Hi HN, I’m Kyle and together with Andrew (<a href=\"https:&#x2F;&#x2F;news.ycombinator.com&#x2F;user?id=stanleydrew\">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;user?id=stanleydrew</a>) we’ve been working on Riza (<a href=\"https:&#x2F;&#x2F;riza.io\" rel=\"nofollow\">https:&#x2F;&#x2F;riza.io</a>), a project to make WASM sandboxing more approachable. We’re excited to share a developer preview of our code interpreter API with HN.<p>There’s a bit of a backstory here. A few months ago, an old coworker reached out asking how to execute untrusted code generated by an LLM. Based on our experience building a plugin system for sqlc (<a href=\"https:&#x2F;&#x2F;sqlc.dev\" rel=\"nofollow\">https:&#x2F;&#x2F;sqlc.dev</a>), we thought a sandboxed WASM runtime would be a good fit. A bit of hacking later, we got everything wired up to solve his issue. Now the API is ready for other developers to try out.<p>The Riza Code Interpreter API is an HTTP interface to various dynamic language interpreters, each running inside a WASM sandbox without access to the outside world (for now). We modeled the API to align with a POSIX shell-style interface.<p>We made a playground so you can try it out without signing up: <a href=\"https:&#x2F;&#x2F;riza.io\" rel=\"nofollow\">https:&#x2F;&#x2F;riza.io</a><p>The API documentation lives here: <a href=\"https:&#x2F;&#x2F;docs.riza.io\" rel=\"nofollow\">https:&#x2F;&#x2F;docs.riza.io</a><p>There are many limitations at the moment, but we expect to rapidly expand capabilities so that programs can e.g. access the network and filesystem. Our roadmap has more details: <a href=\"https:&#x2F;&#x2F;docs.riza.io&#x2F;reference&#x2F;roadmap\" rel=\"nofollow\">https:&#x2F;&#x2F;docs.riza.io&#x2F;reference&#x2F;roadmap</a><p>If you need to execute LLM-generated code we’d love to have you try the API and let us know if you run into any issues. You can email us directly at [email protected].",
"time": 1714493982,
"title": "Show HN: Riza – Safely run untrusted code from your app",
"type": "story",
"url": "https://riza.io/developer-preview"
}
{
"author": null,
"date": null,
"description": "Riza is the production-ready isolated runtime for untrusted code.",
"image": "https://riza.io/images/og-generated/homepage-6666cd76f96956469e7be39d750cc7d9.png",
"logo": null,
"publisher": "Riza",
"title": "Riza | Your AI agent writes code. Riza runs it safely.",
"url": "https://riza.io/"
}
{
"url": "https://riza.io/developer-preview",
"title": "Riza | Your AI agent writes code. Riza runs it safely.",
"description": "RizaRiza is the production-ready isolated runtime for untrusted code.How it works1You prompt an LLM to write code.TypeScript and Python tend to get the best results.2POST the code to the /v1/execute API...",
"links": [
"https://riza.io/",
"https://riza.io/developer-preview"
],
"image": "https://riza.io/images/og-generated/homepage-6666cd76f96956469e7be39d750cc7d9.png",
"content": "<div><p><a target=\"_blank\" href=\"https://riza.io/\"><span>Riza</span><svg width=\"100%\" height=\"100%\"></svg></a></p><div><p>Riza is the production-ready isolated runtime for untrusted code.</p></div><div><p></p><h2>How it works</h2><p></p><div><div><p><span>1</span></p><div><h3>You prompt an LLM to write code.</h3><p>TypeScript and Python tend to get the best results.</p></div></div><div><p><span>2</span></p><div><h3>POST the code to the /v1/execute API endpoint.</h3><p>Include command line args, stdin, files, and env vars.</p></div></div><div><p><span>3</span></p><div><h3>Riza safely runs the code and returns the output.</h3><p>Your response includes the exit code, stdout, and stderr.</p></div></div></div></div><div><section><h3>What is the Code Interpreter API?</h3><p>A service for executing untrusted Python, JavaScript, TypeScript, Ruby and PHP.</p></section><section><h3>How are people using it today?</h3><p>Teams are using it to run code generated by LLMs, power data transformations, and extend their products for enterprise customers.</p></section><section><h3>Why is it secure?</h3><div><p>Code is executed inside an isolated <a target=\"_blank\" href=\"https://webassembly.org/\">WebAssembly</a> context. Learn more in our <a target=\"_blank\" href=\"https://docs.riza.io/reference/security\">security documentation</a>.</p></div></section><section><h3>What are the current runtime limitations?</h3><div><p><i>Check out our <a target=\"_blank\" href=\"https://docs.riza.io/reference/roadmap\">product roadmap</a> to see what we're working on.</i></p><ul><li>Code only has access to data you provide, which includes command-line arguments, environment variables, <a target=\"_blank\" href=\"https://docs.riza.io/reference/files\">files</a> and <code>stdin</code>.</li><li>Read/write access to the `/mnt/req` directory, read-only access to the rest of the filesystem.</li><li>Use external packages with Python and JavaScript via <a target=\"_blank\" href=\"https://riza.io/blog/introducing-custom-runtimes\">custom runtimes</a>. Other interpreters have access to the language's standard library.</li><li>Network access is limited to HTTP.</li><li>No support for alternative interpreter versions.</li><li>Execution time is limited to 30 seconds per invocation.</li><li>Memory consumption is limited to 128Mib per invocation.</li></ul></div></section><section><h3>How much does it cost?</h3><p>Riza is free to use for your side projects. For enterprise users, we charge based on usage. See our <a target=\"_blank\" href=\"https://docs.riza.io/reference/pricing\">pricing page</a> for full details.</p></section><section><h3>Can I self-host the Code Interpreter API?</h3></section><section><h3>What's coming next?</h3><div><p>Our full roadmap is available <a target=\"_blank\" href=\"https://docs.riza.io/reference/roadmap\">in our documentation</a>, but here are some highlights:</p><ul><li>[shipped] Add support for secrets and HTTP API credentials.</li><li>[shipped] Allow further interpreter customization via third-party packages and dependencies.</li><li>[shipped] Allow filesystem access, with customer-defined capability controls.</li></ul><p>Please <a target=\"_blank\" href=\"mailto:[email protected]\">send us an email</a> or <a target=\"_blank\" href=\"https://discord.gg/4P6PUeJFW5\">join us on Discord</a> if you have questions or suggestions.</p></div></section></div></div>",
"author": "",
"favicon": "https://riza.io/favicon.ico",
"source": "riza.io",
"published": "",
"ttr": 57,
"type": "website"
}