Hey all, been lurking for a bit but this news got me to finally post. Saw the update about WASM-based tool executors. Sounds cool, but I've got some questions.

I get the whole "trust boundary" thing in theory—orchestrator talks to model, model says "run tool," tool executor does the thing in a sandbox. But why not just use the classic container approach? Like, spin up a Docker container per tool run, tear it down. Isn't that already pretty isolated? With WASM, aren't we just swapping one sandbox for another, but maybe faster? What's the actual win here?

Specifically:
* Is the WASM sandbox handling things like network calls, or is that still gated through some proxy?
* If a tool *does* break out, what's the assumed worst-case? It gets into the orchestrator's memory? Accesses the model API key stash?
* For tool authors, does this mean we need to compile everything to WASM now, or is there a shim for normal Python scripts?

I've been messing with Python agent frameworks where the tool just runs in the same process, so this is a big step up. But I want to know if it's *actually* safer or just differently safe. Maybe someone from the team or who's tried the beta can lay out the concrete trade-offs?