explaingit

elct9620/kobako

Analysis updated 2026-05-18

0RubyAudience · developerComplexity · 4/5Setup · moderate

TLDR

A Ruby gem that runs untrusted Ruby scripts safely in a WebAssembly sandbox, letting apps execute AI-generated code or user formulas without touching host files, network, or memory.

Mindmap

mindmap
  root((Kobako))
    What it does
      Sandboxes untrusted Ruby
      Uses WebAssembly
      Blocks host access
    Tech stack
      Ruby
      wasmtime
      mruby
      Rust
    Use cases
      Run AI generated code
      User formulas
      Third party plugins
    Safety
      Timeout limits
      Memory limits
      Capability Services
    Audience
      Ruby developers

Code map

Detail Auto

An interactive map of this repo's files and how they connect — its source is parsed live in your browser. Click Visualize to build it.

filefunction / class

What do people build with it?

USE CASE 1

Safely execute AI-generated Ruby code or user-submitted scripts inside an application without giving them filesystem or network access.

USE CASE 2

Run user-defined formulas or plugins in a sandbox with enforced time and memory limits.

USE CASE 3

Expose a controlled set of host functions, called Services, that sandboxed scripts can call by name.

What is it built with?

RubyWebAssemblywasmtimemrubyRust

How does it compare?

elct9620/kobako100rabhg/masterdetailapp100rabhg/pizzafactroy
Stars0
LanguageRubyRubyRuby
Last pushed2024-02-202025-01-26
MaintenanceDormantStale
Setup difficultymoderatemoderatemoderate
Complexity4/52/53/5
Audiencedeveloperdeveloperpm founder

Figures from each repo's GitHub metadata at analysis time.

How do you get it running?

Difficulty · moderate Time to first run · 30min

Requires Ruby 3.3 or newer plus Rust and Cargo at install time to compile the native extension, Windows is not supported.

No license file is mentioned in the README, so reuse terms are unclear.

In plain English

Kobako is a Ruby gem, a packaged library, that lets you run untrusted Ruby scripts safely inside your existing application. The problem it solves is this: if you want to allow AI-generated code, user-written formulas, student homework, or third-party plugins to execute, giving that code direct access to your application is dangerous, since it could read files, open network connections, or access credentials. Kobako creates an isolated sandbox using WebAssembly, or Wasm, so untrusted scripts execute in-process but cannot touch your host memory, files, network, or environment variables. The sandbox works through a host and guest model. Your application is the host, running an engine called wasmtime that executes a precompiled Wasm binary containing an embedded mruby interpreter, a lightweight version of Ruby designed for embedding. Untrusted scripts run inside the mruby guest. The only way a guest script can reach anything outside the sandbox is through Services you explicitly declare, meaning named Ruby objects bound by name, such as a database lookup or a logging function. The guest calls these by name over a message-passing channel and receives only the return value, so it cannot inspect the host object itself. Every execution enforces configurable time and memory limits, raising specific error types when a cap is exceeded, and a third error type covers faults in the script itself. Stdout and stderr from guest scripts are captured into separate buffers after each run. The gem ships with a precompiled Wasm binary, so end users only need Ruby 3.3 or newer, while Rust and Cargo are required at install time to compile the native extension. Linux and macOS are supported, Windows is not.

Copy-paste prompts

Prompt 1
Show me how to set up a Kobako sandbox and run a simple Ruby script inside it.
Prompt 2
Explain how Services and capability Handles let sandboxed code call back into my host application safely.
Prompt 3
Walk me through the three error types Kobako raises and when each one occurs.
Prompt 4
How would I configure timeout, memory_limit, and stdout_limit for a Kobako sandbox running user-submitted code?

Frequently asked questions

What is kobako?

A Ruby gem that runs untrusted Ruby scripts safely in a WebAssembly sandbox, letting apps execute AI-generated code or user formulas without touching host files, network, or memory.

What language is kobako written in?

Mainly Ruby. The stack also includes Ruby, WebAssembly, wasmtime.

What license does kobako use?

No license file is mentioned in the README, so reuse terms are unclear.

How hard is kobako to set up?

Setup difficulty is rated moderate, with roughly 30min to a first successful run.

Who is kobako for?

Mainly developer.

Open on GitHub → Explain another repo

This repo across BitVibe Labs

Verify against the repo before relying on details.