Monty: A minimal, secure Python interpreter written in Rust for use by AI

Posted by dmpetrov 14 hours ago

Monty: A minimal, secure Python interpreter written in Rust for use by AI(github.com)

206 points | 100 commentspage 3

falcor84 11 hours ago|

Wow, a start latency of 0.06ms

OutOfHere 12 hours ago||

It is absurd for any user to use a half baked Python interpreter, also one that will always majorly lag behind CPython in its support. I advise sandboxing CPython instead using OS features.

simonw 10 hours ago||

How do I sandbox CPython using OS features?

(Genuine question, I've been trying to find reliable, well documented, robust patterns for doing this for years! I need it across macOS and Linux and ideally Windows too. Preferably without having to run anything as root.)

nickpsecurity 7 hours ago|||

It could be difficult. My first thought would be a SELinux policy like this article attempted:

https://danwalsh.livejournal.com/28545.html

One might have different profiles with different permissions. A network service usually wouldn't need your hone directory while a personal utility might not need networking.

Also, that concept could be mixed with subprocess-style sandboxing. The two processes, main and sandboxed, might have different policies. The sandboxed one can only talk to main process over a specific channel. Nothing else. People usually also meter their CPU, RAM, etc.

INTEGRITY RTOS had language-specific runtimes, esp Ada and Java, that ran directly on the microkernel. A POSIX app or Linux VM could run side by side with it. Then, some middleware for inter-process communication let them talk to each other.

OutOfHere 8 hours ago|||

Docker and other container runners allow it. https://containers.dev/ allows it too.

https://github.com/microsoft/litebox might somehow allow it too if a tool can be built on top of it, but there is no documentation.

simonw 7 hours ago||

Every time I use Docker as a sandbox people warn me to watch out for "container escapes".

I trust Firecracker more because it was built by AWS specifically to sandbox Lambdas, but it doesn't work on macOS and is pretty fiddly to run on Linux.

bityard 11 hours ago|||

Python already has a lot of half-baked (all the way up to nearly-fully-baked) interpreters, what's one more?

https://en.wikipedia.org/wiki/List_of_Python_software#Python...

avaer 12 hours ago||

The repo does make a case for this, namely speed, which does make sense.

sd2k 11 hours ago|||

True, but while CPython does have a reputation for slow startup, completely re-implementing isn't the only way to work around it - e.g. with eryx [1] I've managed to pre-initialize and snapshots the Wasm and pre-compile it, to get real CPython starting in ~15ms, without compromising on language features. It's doable!

[1] https://github.com/eryx-org/eryx

OutOfHere 8 hours ago|||

Speed is not a feature if there isn't even syntax parity with CPython.

maxbond 4 hours ago||

Not having parity is a property they want, similar to Starlark. They explicitly want a less capable language for sandboxing.

Think of it as a language for their use case with Python's syntax and not a Python implementation. I don't know if it's a good idea or not, I'm just an intrigued onlooker, but I think lifting a familiar syntax is a legitimate strategy for writing DSLs.

spacedatum 8 hours ago||

There is no reason to continue writing Python in 2026. Tell Claude to write Rust apriori. Your future self will thank you.

JoshPurtell 7 hours ago|

I do both and compile times are very unfriendly to AI!

spacedatum 4 hours ago||

Compile times, I can live with. You can run previous models on the gpu while your new model is compiling. Or switch from cargo to bazel if it is that bad.

JoshPurtell 4 hours ago||

What compile times do you work with? I use bazel and it still hurts

spacedatum 4 hours ago||

It is a tradeoff, but I prefer my checks at compile time to runtime. Python can be brittle and silently wrong.

wiseowise 3 hours ago||

What kind of type checking do you think Rust does at runtime?

rienbdj 12 hours ago|

If we’re going to have LLMs write the code, why not something more performant? Like pages and pages of Java maybe?

scolvin 11 hours ago|

this is pretty performant for short scripts if you measure time "from code to rust" which can be as low as 1us.

Of course it's slow for complex numerical calculations, but that's the primary usecase.

I think the consensus is that LLMs are very good at writing python and ts/js, generally not quite as good at writing other languages, at least in one shot. So there's an advantage to using python/js/ts.

catlifeonmars 11 hours ago||

Seems like we should fix the LLMs instead of bending over backwards no?

redman25 7 hours ago||

They’re good at it because they’ve learned from the existing mountains of python and javascript.

catlifeonmars 4 hours ago|||

I think the next big breakthrough will be cost effective model specialization, maybe through modular models. The monolithic nature of today’s models is a major weakness.

rienbdj 3 hours ago|||

Plenty of Java in the training data too.