Show HN: I made an in-browser code editor with code replay and REPL

87 points by logicboard 12 days ago

I made a — A collaborative code editor with code-replay feature.

Code-replay lets you run the coding session like a movie, I wrote a blog post on how I implemented this:

You can try out the demo here:

And play around with the code editor here:

Logicboard also has an REPL shell, just type "start()" and hit enter in the output area.

nacs 12 days ago

This allows outbound network access, allows program execution (within the container) and more.

You might want to restrict some of these things before Amazon shuts your account down for abuse requests.

You're basically handing everyone on the internet an EC2 instance to do literally anything with -- it'll be minutes to hours before this gets abused.

`uname` output from the container for example: Linux a976bf3f5ff7 4.14.193-113.317.amzn1.x86_64 #1 SMP Thu Sep 3 19:08:08 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

  • santiagobasulto 11 days ago

    We do something similar for our Interactive projects at It took less than a week until we found out that someone was mining bitcoin in our project notebooks :)

    We've restricted all outbound traffic since then.

andrewstuart 11 days ago

As nacs said, this is a really bad idea - you should take it offline or prevent network access ASAP.

I just ran a couple of Python scripts that grabbed the ec2 instance metadata and the HN front page.

z3t4 11 days ago

My editor use operational transform for undo/redo, collaboration, and code replay for macro and tutorials. I think Heroku also started out as an editor, but pivoted to "code-execution as a service".

brazzledazzle 11 days ago

Just to add to the other voices: executing untrusted code can be extremely dangerous. There’s so many ways to shoot yourself in the foot. I’m not sure if container boundaries are sufficient but each repl shouldn’t share a namespace with the others at the very least.

That said it’s pretty smooth and actually usable on mobile. Pretty polished too.

ceepee 12 days ago

I'm curious if anyone would like to use the code-execution as a service. It's basically a websocket based API where you send a blob of code and get execution result as response.

In case of REPL, you send STDIN to websocket and get STDOUT as response. All code execution happens in separate Docker containers.

  • camdenreslink 12 days ago

    Docker containers probably aren’t enough isolation. But throw some firecrackervm in the pot and you’ve got a stew going.

    • rohitpaulk 12 days ago uses Docker containers too, only recently started work on moving to better isolation mechanisms like VMs

  • vikp 12 days ago

    This would be interesting to me. There are a few options now, like Judge0, but the language versions are pretty out of date. Self-hosting is not a good time investment at the moment.

    Email me at hn at if you have a service. I'd need an SLA for sure, and multi-file support would be nice to have.

    • paulgb 12 days ago

      We serve production code execution use cases (mainly Python) with Jamsocket:

      We've been running it for over a year and would be willing to talk about an SLA. Each instance gets its own gvisor-sandboxed runtime and we do some network isolation on top of that. (We also have some crypto miner mitigation, because if you provide free compute to strangers they will manage to find you.)

  • LoganDark 12 days ago

    > In case of REPL, you send STDIN to websocket and get STDOUT as response.

    I wonder if ever did this, or if they've always used WebAssembly? (They definitely use wasm now.)

    • rmorey 12 days ago

      Nope, every repl is running in a docker container on a GCP vm, with various other security measures. See:

      I believe the very first version of replit was all in-browser, but no longer

      • LoganDark 11 days ago

        > Nope, every repl is running in a docker container on a GCP vm, with various other security measures.

        Wow, that's a change. I remember using replit with Python compiled to wasm. It was neat for a few seconds.

Takennickname 12 days ago

Where is the code being executed?

  • arjvik 12 days ago

    Appears to be an EC2 instance

  • logicboard 12 days ago

    It's executed in a Docker container inside an EC2 Instance.

pcthrowaway 12 days ago

Nice use of phoenix liveview (I'm assuming). The app is really smooth, and executes rust faster than the official rust playground

  • logicboard 12 days ago

    Thanks! It doesn't use Liveview but the execution backend is Phoenix + Erlang.

andrewstuart 12 days ago

Is that code mirror?

  • logicboard 12 days ago

    Yep, Codemirror + Firepad

    • no_butterscotch 11 days ago

      I'm creating a product with an editor.

      I'm interested to know whether you evaluated alternatives such as Monaco by Microsoft/VSCode? From my research it seems to be the one that's "ahead" by whatever metrics you'd go off other than age.

      I'm interested to know what challenges you faced if any as well? Thanks!