I've been enjoying extism so far, and I'm considering using it for sandboxing code execution.

The only scenario that is not really sandboxed is about cancellation of a long-running sleep. My understanding is that extism using synchronous calls for wasmtime, which can only reliably cancel a guest code on instruction boundaries. But if the guest code is just sleeping without any such instruction boundary, cancellation never occurs.

For example, with a python.wasm guest running, the following Python code cannot be cancelled:

import time

time.sleep(100)

This same scenario has apparently been fixed in Wasmtime CLI by moving to async: bytecodealliance/wasmtime#9184

Could something similar be done for extism ?

My own scenario is with extism-dotnet specifically, but based on previous issues it seems like this sync vs async behaviour occurs across extism hosts.