Existing Bash is quite annoying to set up securely. We either need Docker or use some cloud-based solutions. On top of that, standard Bash doesn’t always return feedback after a command to help enrich the context history. I’ve been rebuilding a more suitable Bash for agents. It doesn’t include all Bash commands and shell features, only the ones that suit agents’ needs. Sandboxing Every execution is sandboxed in an isolated WebAssembly environment (via WASI 0.2 specifications). This becomes essential for commands like python3 or node , available in Capsule Bash, that might execute untrusted code. I wanted to make sure you can download anything and execute it without risking the host system. Enriched returns The idea is to give structured feedback on each command executed, showing what was created, modified, or deleted. It also helps keep a trace in conversations so the LLM can understand context when resuming. If an agent runs rm -rf , it will know directly what actions were performed; no need to run ls afterwards.
The usage is quite simple:
import { Bash } from ‘@capsule-run/bash’; import { WasmRuntime } from ‘@capsule-run/bash-wasm’; const bash = new Bash({ runtime: new WasmRuntime() }); const result = await bash.run(‘echo “Hello from sandboxed bash”’);
I built it in TypeScript with the WasmRuntime in Rust. It also has an MCP version if that fits better.
More details on how it works are on the main repository:
https://github.com/capsulerun/bash
I’d love to know what you think about this approach.
submitted by
/u/Tall_Insect7119
Originally posted by u/Tall_Insect7119 on r/ArtificialInteligence
You must log in or # to comment.
Missed opportunity with either Sandbag or Sandbash. Lol