Expand description
Guest-side SDK for writing Chio WASM guards.
This crate is the primary dependency for guard authors. It provides:
- Types (
types):GuardRequest,GuardVerdict,GuestDenyResponsewith serde annotations matching the host ABI exactly. - Host bindings (
host): safe wrappers forchio.log,chio.get_config, andchio.get_time_unix_secshost imports. - ABI glue (
glue):read_requestto deserialize from linear memory,encode_verdictto produce the ABI return code, and thechio_deny_reasonexport for structured deny reasons. - Allocator (
alloc):chio_alloc/chio_freeexports that the host runtime probes for dynamic memory allocation in guest linear memory.
The crate compiles to wasm32-unknown-unknown for production guards. On
native targets it compiles with no-op fallbacks for host imports, allowing
cargo test to run without a WASM runtime.
The #[chio_guard] proc macro (Phase 383) will generate the evaluate
export automatically. Until then, guard authors wire the pieces together
manually.
§Quick start
ⓘ
use chio_guard_sdk::prelude::*;
fn evaluate(req: GuardRequest) -> GuardVerdict {
if req.tool_name == "dangerous_tool" {
GuardVerdict::deny("tool is blocked by policy")
} else {
GuardVerdict::allow()
}
}Re-exports§
pub use glue::encode_verdict;pub use glue::read_request;pub use host::get_config;pub use host::get_time;pub use host::log;pub use host::log_level;pub use types::GuardRequest;pub use types::GuardVerdict;pub use types::GuestDenyResponse;pub use types::VERDICT_ALLOW;pub use types::VERDICT_DENY;
Modules§
- alloc
- Vec-based guest allocator for the Chio WASM guard ABI.
- glue
- ABI glue for the Chio WASM guard guest-host boundary.
- host
- Typed host function bindings for the Chio WASM guard runtime.
- prelude
- Prelude module re-exporting the complete guard-author API.
- types
- ABI types shared between the WASM guest guard and the Chio host runtime.