caxton 0.1.4

A secure WebAssembly runtime for multi-agent systems
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228

# Domain Types in Caxton

This document describes the domain types used throughout the Caxton WebAssembly runtime to eliminate primitive obsession and improve type safety.

## Overview

Caxton uses the `nutype` crate to create strongly-typed domain values that prevent primitive obsession throughout the codebase. These domain types provide:

- **Compile-time validation**: Invalid values are caught at compile time
- **Type safety**: Operations on the wrong type are prevented
- **Clear intent**: Code is more readable and self-documenting
- **Reduced bugs**: Eliminates many common errors from primitive mixing

## Core Domain Types

### Agent Management

#### `AgentId`
- **Type**: `Uuid` wrapper
- **Purpose**: Unique identifier for agents
- **Usage**: `AgentId::generate()` creates a new random ID
- **Derives**: Debug, Clone, Copy, PartialEq, Eq, Hash, Serialize, Deserialize, Display

#### `AgentName`
- **Type**: `String` wrapper with validation
- **Validation**: 1-255 characters
- **Purpose**: Human-readable name for agents
- **Usage**: `AgentName::try_new("my-agent".to_string())?`

### Resource Management

#### `MemoryBytes`
- **Type**: `usize` wrapper with validation
- **Validation**: ≤ 1GB (1,073,741,824 bytes)
- **Purpose**: Memory size in bytes
- **Usage**: `MemoryBytes::from_mb(10)?` for 10MB
- **Helper methods**: `zero()`, `from_mb()`, `as_usize()`

#### `CpuFuel`
- **Type**: `u64` wrapper with validation
- **Validation**: ≤ 1 billion fuel units
- **Purpose**: CPU execution fuel for WebAssembly
- **Usage**: `CpuFuel::try_new(1_000_000)?`
- **Helper methods**: `zero()`, `saturating_add()`, `as_u64()`

#### `MaxAgentMemory`
- **Type**: `usize` wrapper with validation
- **Validation**: 0-10MB per agent
- **Purpose**: Maximum memory allocation per agent
- **Usage**: `MaxAgentMemory::try_new(1048576)?` for 1MB
- **Default**: 1MB

#### `MaxTotalMemory`
- **Type**: `usize` wrapper with validation
- **Validation**: 0-100MB total
- **Purpose**: Maximum total memory across all agents
- **Usage**: `MaxTotalMemory::try_new(104_857_600)?` for 100MB
- **Default**: 100MB

#### `MaxTableEntries`
- **Type**: `usize` wrapper with validation
- **Validation**: 1-100,000 entries
- **Purpose**: Maximum WASM table entries
- **Default**: 10,000 entries

### Message Routing

#### `MessageSize`
- **Type**: `usize` wrapper with validation
- **Validation**: ≤ 10MB
- **Purpose**: Size of messages in bytes
- **Usage**: `MessageSize::from_kb(100)?` for 100KB

#### `MessageCount`
- **Type**: `usize` wrapper
- **Purpose**: Count of messages processed
- **Usage**: `MessageCount::zero().increment()`
- **Helper methods**: `zero()`, `increment()`, `as_usize()`

#### `ChannelCapacity`
- **Type**: `usize` wrapper with validation
- **Validation**: 1-1,000,000
- **Purpose**: Capacity for message channels
- **Default**: 1,000

#### `MaxRetries`
- **Type**: `u8` wrapper with validation
- **Validation**: 1-10 retries
- **Purpose**: Maximum retry attempts for failed operations
- **Default**: 3 retries

#### `RetryDelayMs`
- **Type**: `u64` wrapper with validation
- **Validation**: 100ms - 5 minutes
- **Purpose**: Delay between retry attempts
- **Usage**: `delay.as_duration()` converts to `std::time::Duration`
- **Default**: 1 second

### Host Functions

#### `HostFunctionName`
- **Type**: `String` wrapper with validation
- **Validation**: 1-100 characters
- **Purpose**: Name of host functions exposed to WASM

#### `FunctionModuleName`
- **Type**: `String` wrapper with validation
- **Validation**: 1-100 characters
- **Purpose**: Module name containing the function

#### `FunctionDescription`
- **Type**: `String` wrapper with validation
- **Validation**: 1-1,000 characters
- **Purpose**: Human-readable description of function

#### `PermissionName`
- **Type**: `String` wrapper with validation
- **Validation**: 1-100 characters
- **Purpose**: Required permission to access host function

### Configuration Types

#### `ConnectionPoolSize`
- **Type**: `usize` wrapper with validation
- **Validation**: 1-1,000
- **Purpose**: Size of connection pools
- **Default**: 10

#### `StorageCleanupIntervalMs`
- **Type**: `u64` wrapper with validation
- **Validation**: 1 minute - 24 hours
- **Purpose**: Interval for storage cleanup operations
- **Default**: 1 hour

#### `RateLimitPerSecond`
- **Type**: `usize` wrapper with validation
- **Validation**: 1-100,000
- **Purpose**: Rate limit for messages per second
- **Default**: 1,000

## Usage Patterns

### Creating Domain Types

```rust
// Types WITH validation use try_new() -> Result<T, TError>
let agent_name = AgentName::try_new("my-agent".to_string())?;
let memory = MemoryBytes::from_mb(10)?;

// Types WITHOUT validation use new() -> T
let agent_id = AgentId::generate();
let timestamp = MessageTimestamp::now();
```

### Accessing Values

```rust
// Use into_inner() only at system boundaries
let raw_bytes: usize = memory.into_inner();

// Use helper methods for common operations
let bytes: usize = memory.as_usize();
let duration: Duration = timeout.as_duration();
```

### System Boundaries

Domain types should be used throughout internal APIs. Only extract primitive values when interfacing with external systems:

```rust
// ✅ Good: Internal APIs use domain types
pub fn allocate_memory(&self, agent_id: AgentId, bytes: MemoryBytes) -> Result<()>

// ❌ Bad: Internal APIs use primitives
pub fn allocate_memory(&self, agent_id: Uuid, bytes: usize) -> Result<()>
```

### Error Handling

All validation errors are handled at creation time:

```rust
// Handle validation errors appropriately
match AgentName::try_new(input) {
    Ok(name) => { /* use valid name */ },
    Err(e) => return Err(anyhow!("Invalid agent name: {}", e)),
}
```

## Benefits

1. **Type Safety**: Prevents mixing different numeric types
2. **Validation**: Ensures all values are within valid ranges
3. **Documentation**: Types are self-documenting
4. **IDE Support**: Better autocompletion and error messages
5. **Refactoring Safety**: Changes to types are caught at compile time
6. **Testing**: Domain types have built-in validation tests

## Testing

The `nutype` crate automatically generates tests for all domain types:

- Boundary validation tests
- Default value tests
- Serialization/deserialization tests

Custom tests can be added for business logic:

```rust
#[test]
fn test_memory_helper_methods() {
    let memory = MemoryBytes::from_mb(1).unwrap();
    assert_eq!(memory.as_usize(), 1_048_576);
}
```

## Migration Guidelines

When adding new domain types:

1. Identify primitive obsession instances
2. Create domain type with appropriate validation
3. Update all function signatures
4. Add helper methods as needed
5. Update tests to use domain types
6. Document the new type

This systematic approach to domain modeling helps create more maintainable and bug-free code.