frontpage.

The core idea: @sandbox(dependencies=["pandas"]) turns any function into one that runs inside an isolated Podman container with dependency caching built in on uv. You call it like a normal function, but the code executes with no access to your host filesystem, credentials, or processes.

from pctx_sandbox import sandbox

@sandbox(dependencies=["requests"]) def fetch_url(url: str) -> str: import requests return requests.get(url).text

result = fetch_url("https://example.com") # runs in container

Technical details:

- Uses rootless Podman for container isolation (all the Linux namespace stuff: PID, mount, network, user) - Maintains a warm pool of workers per dependency set, so there's no cold-start penalty after the first call - Dependencies are cached and installed once per unique combination - Resource limits enforced via cgroups

The security model is "defense in depth" – it's container isolation, not a VM, so it's not a perfect security boundary. But it's good enough that I'm comfortable letting Claude use it on my machine.

Would love feedback. Thanks!

The internet just made a 300TB copy of Spotify!

Ask HN: Favourite Blog Posts of 2025

10 years of personal finances in plain text files

Why Do A.I. Chatbots Use 'I'

Ask HN: Favourite Books of 2025

Anti-AI Hate? A Defense of AI-Assisted Development

Ask HN: What are some home office essentials?

How to migrate your user data from Google Firebase

How $24M in new technology is helping beef giant Cargill up its game

Ask HN: What are your Favorite Things? (2025)

Japan's H3 suffers second-stage anomaly, QZS-5 satellite lost

FTC's Take on Data Clean Rooms: The Hidden Risks and the Path Forward

Show HN: Solved the missing native speaker problem

Housing crisis is forcing Americans to choose between affordability and safety

Privacy-Preserving Vaccination Checks: A Proof of Concept MPC Deployment with T

Are we framing the AI debate around the wrong problems?

Show HN: Skyler – AI email organizer, shut down due to OAuth compliance

One million (small web) screenshots

Context Engineering with Claude Code: Building Smarter AI Workflows

We asked four AI coding agents to rebuild Minesweeper

A collective fuck-you letter from humanity to 2025

Memory crisis reaches customers: First gaming PCs are sold without DDR5 RAM

Land Grab: Israel's Escalating Campaign for Control of the West Bank

Show HN: WindCtrl – Advanced Variant API for Tailwind CSS

A German Engineer Has Become the First Wheelchair User in Space

Show HN: I'm 18, I built an AI tool for traders from scratch

Claude Code Wrapped

Algorithmically Generated Crosswords: 'Good Enough' for an NP-Complete Problem

Claude Code solves Advent of Code 2025 in under 2 hours – with one command

(Social) media manipulation in one image

Show HN: Python Local Sandbox Code Execution (Podman and Uv)