Changelog.ggBeta
HomeGamesUpdatesPricingMethodology
Steam News28 June 20262d ago

Devlog: Why Gizmo Stopped Running Real Python

Droning On has one core promise: you write code that looks and feels just like Python, and Gizmo does what the code instructs.

Full notes

Full Droning On update

Read the full published notes in a cleaner layout. The original post stays linked below.

What changed

1 fix0 additions4 changes0 removals
  • Gameplay
  • Server
  • Events
  • Fixes
  • Performance
changedDroning On has one core promise: you write code that looks and feels just like Python, and Gizmo does what the code instructs. For most of this project, that code ran on real CPython, embedded in the game and executing your scripts line by line. It worked. It also quietly gave every player a way to run code that could reach out and interact with their machine. Doesn't sound too bad until you start to think about what that means.
changedWhat "Real" Gave UsEmbedding CPython hands you the whole language for free. Real loops, real functions, real imports, the standard library, all of it. For a game about writing Python, that's the appeal. The trouble hides in the word "all." import os is real. The filesystem is reachable. The network is reachable. eval is sitting right there. None of that has anything to do with steering a robot, but a real interpreter doesn't care. You hand it code, it runs the code, all of the code.
changedThe Problem Was PasteThe point of Droning On is writing your own code to clear a challenge, and sharing was never the pitch. But I know who plays this game, because I am one of them, and developers paste code. You hit a wall, you pull a snippet off a forum, a friend's solution, a few lines from whatever model you keep open in the next tab, and you drop it in to see what it does. The game doesn't ask for any of that. Developers just do it, out of habit, and the second you run code you didn't write, you are running untrusted code. CPython executes that exactly as eagerly as it runs yours. A snippet that claims to solve a maze can do a great deal more than solve a maze, and you would find out in that order. That's a remote code execution hole, and no maze score is worth one.
fixedWhat Gizmo Runs NowSo I stopped trying to contain the danger and removed the ability to express it. Gizmo runs on a custom interpreter I wrote from scratch in C#. It reads the same syntax you have always written, runs the same scripts you have always written, and from the player's seat nothing changed. Underneath, everything did. It only ever builds values it mints itself: numbers, strings, lists, and Gizmo's own command vocabulary, which comes to a grand total of sixteen functions and a robot. There is no eval, no exec, no import, and no path from anything your code can touch down to the system it runs on. It doesn't execute your code so much as interpret a fixed menu of things it already knows how to do. Ask it for the filesystem and it won't refuse you... it has no notion of a filesystem to refuse.
changedWhat I Can Honestly Call ItIf this rings a bell, it's the same reflex as the MCP audit : look hard at what the game exposes and assume nothing should be reachable unless it earns the right to be. That post tightened the API. This one went a layer down and tightened the runtime. The code you write didn't change. The thing underneath it did, and it's a trade I would make every single time.

Droning On has one core promise: you write code that looks and feels just like Python, and Gizmo does what the code instructs. For most of this project, that code ran on real CPython, embedded in the game and executing your scripts line by line. It worked. It also quietly gave every player a way to run code that could reach out and interact with their machine. Doesn't sound too bad until you start to think about what that means.

What "Real" Gave Us

Embedding CPython hands you the whole language for free. Real loops, real functions, real imports, the standard library, all of it. For a game about writing Python, that's the appeal. The trouble hides in the word "all." import os is real. The filesystem is reachable. The network is reachable. eval is sitting right there. None of that has anything to do with steering a robot, but a real interpreter doesn't care. You hand it code, it runs the code, all of the code.

The Problem Was Paste

The point of Droning On is writing your own code to clear a challenge, and sharing was never the pitch. But I know who plays this game, because I am one of them, and developers paste code. You hit a wall, you pull a snippet off a forum, a friend's solution, a few lines from whatever model you keep open in the next tab, and you drop it in to see what it does. The game doesn't ask for any of that. Developers just do it, out of habit, and the second you run code you didn't write, you are running untrusted code. CPython executes that exactly as eagerly as it runs yours. A snippet that claims to solve a maze can do a great deal more than solve a maze, and you would find out in that order. That's a remote code execution hole, and no maze score is worth one.

Sandboxing Wasn't the Answer

My first instinct was to cage it. Strip the dangerous modules, lock CPython behind an OS-level fence, or compile the whole thing to WebAssembly. They all share one flaw: they still run arbitrary code, just behind a wall, and walls have holes. They also drag a tax along for the ride. The build swells by the better part of half a gigabyte, every platform wants it notarized, antivirus gets twitchy about a game shipping a code-execution runtime, and every Python CVE from here to forever becomes mine to patch. Containment is a permanent maintenance bill on a risk you never fully clear. The only interpreter that can't run import os is one that has never heard of import.

What Gizmo Runs Now

So I stopped trying to contain the danger and removed the ability to express it. Gizmo runs on a custom interpreter I wrote from scratch in C#. It reads the same syntax you have always written, runs the same scripts you have always written, and from the player's seat nothing changed. Underneath, everything did. It only ever builds values it mints itself: numbers, strings, lists, and Gizmo's own command vocabulary, which comes to a grand total of sixteen functions and a robot. There is no eval, no exec, no import, and no path from anything your code can touch down to the system it runs on. It doesn't execute your code so much as interpret a fixed menu of things it already knows how to do. Ask it for the filesystem and it won't refuse you... it has no notion of a filesystem to refuse.

What I Can Honestly Call It

This is also why you'll see the game described as code that "looks and feels just like Python" rather than as real Python. The syntax is real. The structure and the nomenclature are real. What you learn writing it carries straight over to Python anywhere else. The runtime is the one piece that's bespoke, on purpose, and it's the reason I can hand you someone else's script and tell you to run it without thinking twice.

If this rings a bell, it's the same reflex as the MCP audit: look hard at what the game exposes and assume nothing should be reachable unless it earns the right to be. That post tightened the API. This one went a layer down and tightened the runtime. The code you write didn't change. The thing underneath it did, and it's a trade I would make every single time.

Thanks for reading. As always, your feedback is welcome. If you haven't already, drop a wishlist and come hang out in the Discord. It's the best place to share feedback, follow development, and engage.

Source

Steam News / 28 June 2026

Open original post

Changelog.gg summarizes and formats this update. How we read updates.