Home
/
News
/
Show HN: Riza – Safely run untrusted code from your app

Show HN: Riza – Safely run untrusted code from your app

https://riza.io/developer-preview

Riza

Riza is the production-ready isolated runtime for agentic apps.

Try it out now:

Request

Response

exit_code

stdout

stderr

How it works

1

You prompt an LLM to write code.

TypeScript and Python tend to get the best results.

2

POST the code to the /v1/execute API endpoint.

Include command line args, stdin and env vars.

3

Riza safely runs the code and returns the output.

Your response includes the exit code, stdout, and stderr.

What is the Code Interpreter API?

A service for executing untrusted JavaScript, TypeScript, Python, Ruby and PHP.

How are people using it today?

Teams are using it to run code generated by LLMs, power data transformations, and extend their products for enterprise customers.

Why is it secure?

Code is executed inside an isolated WebAssembly context. Learn more in our security documentation.

What are the limitations of the developer preview?

These limitations are temporary. See our roadmap for more details.

  • Code only has access to data you provide, which includes command-line arguments, environment variables, and stdin.
  • No filesystem access.
  • No external packages. Each interpreter has access to its language's standard library.
  • No support for alternative interpreter versions.
  • Execution time is limited to 30 seconds per invocation.
  • Memory consumption is limited to 128Mib per invocation.

How much does it cost?

During the developer preview the Code Interpreter API is free. We plan to charge based on usage once the API reaches general availability.

Can I self-host the Code Interpreter API?

Self-hosting is offered at your request on a case-by-case basis. Send an email to [email protected] or schedule a call.

What's coming next?

Our full roadmap is available in our documentation, but here are some highlights:

  • Allow interpreter customization via third-party packages and dependencies.
  • Allow filesystem access, with customer-defined capability controls.
  • Add support for more languages, including compiled languages like Go, Java, and Rust.

Please send us an email or join us on Discord if you have questions or suggestions.

{
  "by": "conroy",
  "descendants": 6,
  "id": 40212741,
  "kids": [
    40213811,
    40212816,
    40233256,
    40212997
  ],
  "score": 11,
  "text": "Hi HN, I’m Kyle and together with Andrew (<a href=\"https:&#x2F;&#x2F;news.ycombinator.com&#x2F;user?id=stanleydrew\">https:&#x2F;&#x2F;news.ycombinator.com&#x2F;user?id=stanleydrew</a>) we’ve been working on Riza (<a href=\"https:&#x2F;&#x2F;riza.io\" rel=\"nofollow\">https:&#x2F;&#x2F;riza.io</a>), a project to make WASM sandboxing more approachable. We’re excited to share a developer preview of our code interpreter API with HN.<p>There’s a bit of a backstory here. A few months ago, an old coworker reached out asking how to execute untrusted code generated by an LLM. Based on our experience building a plugin system for sqlc (<a href=\"https:&#x2F;&#x2F;sqlc.dev\" rel=\"nofollow\">https:&#x2F;&#x2F;sqlc.dev</a>), we thought a sandboxed WASM runtime would be a good fit. A bit of hacking later, we got everything wired up to solve his issue. Now the API is ready for other developers to try out.<p>The Riza Code Interpreter API is an HTTP interface to various dynamic language interpreters, each running inside a WASM sandbox without access to the outside world (for now). We modeled the API to align with a POSIX shell-style interface.<p>We made a playground so you can try it out without signing up: <a href=\"https:&#x2F;&#x2F;riza.io\" rel=\"nofollow\">https:&#x2F;&#x2F;riza.io</a><p>The API documentation lives here: <a href=\"https:&#x2F;&#x2F;docs.riza.io\" rel=\"nofollow\">https:&#x2F;&#x2F;docs.riza.io</a><p>There are many limitations at the moment, but we expect to rapidly expand capabilities so that programs can e.g. access the network and filesystem. Our roadmap has more details: <a href=\"https:&#x2F;&#x2F;docs.riza.io&#x2F;reference&#x2F;roadmap\" rel=\"nofollow\">https:&#x2F;&#x2F;docs.riza.io&#x2F;reference&#x2F;roadmap</a><p>If you need to execute LLM-generated code we’d love to have you try the API and let us know if you run into any issues. You can email us directly at [email protected].",
  "time": 1714493982,
  "title": "Show HN: Riza – Safely run untrusted code from your app",
  "type": "story",
  "url": "https://riza.io/developer-preview"
}
{
  "author": null,
  "date": null,
  "description": "Riza is the production-ready isolated runtime for agentic apps.",
  "image": "https://riza.io/images/og-generated/homepage-6666cd76f96956469e7be39d750cc7d9.png",
  "logo": null,
  "publisher": "Your AI agent writes code. Riza runs it safely.",
  "title": "Riza | Your AI agent writes code. Riza runs it safely.",
  "url": "https://riza.io/"
}
{
  "url": "https://riza.io/developer-preview",
  "title": "Riza | Your AI agent writes code. Riza runs it safely.",
  "description": "RizaRiza is the production-ready isolated runtime for agentic apps.Try it out now:RequestResponseexit_codestdoutstderrHow it works1You prompt an LLM to write code.TypeScript and Python tend to get the best...",
  "links": [
    "https://riza.io/",
    "https://riza.io/developer-preview"
  ],
  "image": "https://riza.io/images/og-generated/homepage-6666cd76f96956469e7be39d750cc7d9.png",
  "content": "<div><p><a target=\"_blank\" href=\"https://riza.io/\"><span>Riza</span><svg width=\"100%\" height=\"100%\"></svg></a></p><div><p>Riza is the production-ready isolated runtime for agentic apps.</p><div><h5>Try it out now:</h5></div><div><div><h3>Request</h3></div><div><dl><h3>Response</h3><p>exit_code<dd></dd></p><p>stdout<dd></dd></p><p>stderr<dd></dd></p></dl></div></div></div><div><p></p><h2>How it works</h2><p></p><div><div><p><span>1</span></p><div><h3>You prompt an LLM to write code.</h3><p>TypeScript and Python tend to get the best results.</p></div></div><div><p><span>2</span></p><div><h3>POST the code to the /v1/execute API endpoint.</h3><p>Include command line args, stdin and env vars.</p></div></div><div><p><span>3</span></p><div><h3>Riza safely runs the code and returns the output.</h3><p>Your response includes the exit code, stdout, and stderr.</p></div></div></div></div><div><section><h3>What is the Code Interpreter API?</h3><p>A service for executing untrusted JavaScript, TypeScript, Python, Ruby and PHP.</p></section><section><h3>How are people using it today?</h3><p>Teams are using it to run code generated by LLMs, power data transformations, and extend their products for enterprise customers.</p></section><section><h3>Why is it secure?</h3><div><p>Code is executed inside an isolated <a target=\"_blank\" href=\"https://webassembly.org/\">WebAssembly</a> context. Learn more in our <a target=\"_blank\" href=\"https://docs.riza.io/reference/security\">security documentation</a>.</p></div></section><section><h3>What are the limitations of the developer preview?</h3><div><p><i>These limitations are temporary. See our <a target=\"_blank\" href=\"https://docs.riza.io/reference/roadmap\">roadmap</a> for more details.</i></p><ul><li>Code only has access to data you provide, which includes command-line arguments, environment variables, and <code>stdin</code>.</li><li>No filesystem access.</li><li>No external packages. Each interpreter has access to its language's standard library.</li><li>No support for alternative interpreter versions.</li><li>Execution time is limited to 30 seconds per invocation.</li><li>Memory consumption is limited to 128Mib per invocation.</li></ul></div></section><section><h3>How much does it cost?</h3><p>During the developer preview the Code Interpreter API is free. We plan to charge based on usage once the API reaches general availability.</p></section><section><h3>Can I self-host the Code Interpreter API?</h3><p>Self-hosting is offered at your request on a case-by-case basis. Send an email to <a target=\"_blank\" href=\"mailto:[email protected]\">[email protected]</a> or <a target=\"_blank\" href=\"https://calendly.com/d/3nw-zkw-sqv/45-minute-riza-discussion\">schedule a call</a>.</p></section><section><h3>What's coming next?</h3><div><p>Our full roadmap is available <a target=\"_blank\" href=\"https://docs.riza.io/reference/roadmap\">in our documentation</a>, but here are some highlights:</p><ul><li>Allow interpreter customization via third-party packages and dependencies.</li><li>Allow filesystem access, with customer-defined capability controls.</li><li>Add support for more languages, including compiled languages like Go, Java, and Rust.</li></ul><p>Please <a target=\"_blank\" href=\"mailto:[email protected]\">send us an email</a> or <a target=\"_blank\" href=\"https://discord.gg/4P6PUeJFW5\">join us on Discord</a> if you have questions or suggestions.</p></div></section></div></div>",
  "author": "",
  "favicon": "https://riza.io/favicon.ico",
  "source": "riza.io",
  "published": "",
  "ttr": 57,
  "type": ""
}