WebAssembly - Phoenix

The WebAssembly sandbox is a local sandbox for simple Python evaluators — pure-logic checks like regex matches, JSON parsing, and scoring functions. It runs locally inside the Phoenix server, starts in milliseconds, and needs no credentials.

Configure it from Settings → Sandboxes.

What it supports

The WebAssembly sandbox runs your Python in an isolated WebAssembly runtime on the Phoenix server. It is intentionally limited to self-contained code:

Capability	Supported?
Environment variables	❌ Not supported — use a hosted sandbox
Network access	❌ Not supported — use a hosted sandbox
Third-party dependencies	❌ Not supported — use a hosted sandbox

If your evaluator needs any of the above, it cannot run on WebAssembly. Use a hosted sandbox (E2B, Daytona, Vercel, or Modal) instead — those run each evaluation on an isolated remote VM with full support for environment variables, outbound network access, and installed packages.

Running untrusted code

WebAssembly runs the Python interpreter inside a strictly isolated environment — memory is partitioned and the script has no built-in access to the filesystem, network, or operating system. The sandbox still runs in the Phoenix server process, so the script shares CPU and memory with Phoenix. For the full security model, see WebAssembly’s Security documentation.

Sandboxes Deno

⌘I

​What it supports

​Running untrusted code

What it supports

Running untrusted code