Aegis - WebAssembly Sandbox Runtime
Aegis is a local-first runtime that allows users and applications to execute untrusted WebAssembly code safely within a tightly controlled sandbox.
Features
- Security: Capability-based security with no ambient authority
- Resource Control: Memory limits, CPU limits (fuel), and timeouts
- Observability: Metrics collection and event subscription
- Embeddable: Library-first design for easy integration
Quick Start
use aegis::prelude::*;
// Create a runtime
let runtime = Aegis::builder()
.with_memory_limit(64 * 1024 * 1024) // 64MB
.with_fuel_limit(1_000_000_000) // 1B fuel units
.with_timeout(Duration::from_secs(30))
.build()?;
// Load a module
let module = runtime.load_file("plugin.wasm")?;
// Execute in a sandbox
let mut sandbox = runtime.sandbox().build()?;
sandbox.load_module(&module)?;
let result: i32 = sandbox.call("add", (2i32, 3i32))?;
assert_eq!(result, 5);
Security Model
Aegis follows the principle of least privilege:
- No Ambient Authority: All permissions must be explicitly granted
- Capability-Based: Each capability explicitly defines allowed actions
- Resource Limits: Memory, CPU, and time are bounded
- Isolation: Each sandbox runs in its own isolated environment
Architecture
┌─────────────────────────────────────────────────────────┐
│ Your Application │
├─────────────────────────────────────────────────────────┤
│ aegis (facade) │
│ ┌─────────────────┐ │
│ │ Aegis Builder │ │
│ └────────┬────────┘ │
│ │ │
│ ┌──────────────┬──────────┴───────┬───────────────┐ │
│ │ aegis-core │ aegis-capability │ aegis-observe │ │
│ │ (engine, │ (permissions) │ (metrics, │ │
│ │ sandbox) │ │ events) │ │
│ └──────────────┴──────────────────┴───────────────┘ │
├─────────────────────────────────────────────────────────┤
│ Wasmtime │
└─────────────────────────────────────────────────────────┘