caxton 0.1.4

A secure WebAssembly runtime for multi-agent systems
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313

# Agent Lifecycle Management

Caxton provides comprehensive agent lifecycle management capabilities for deploying, managing, and maintaining WebAssembly agents in production environments.

## Overview

The Agent Lifecycle Management system provides:

- **Secure WASM Deployment**: Deploy agents from validated WASM modules
- **State Management**: Type-safe lifecycle transitions with comprehensive tracking
- **Hot Reload**: Zero-downtime updates with multiple deployment strategies
- **Resource Control**: Configurable memory and CPU limits with enforcement
- **Fault Isolation**: Failed agents don't affect other agents in the system
- **Validation Pipeline**: Comprehensive WASM module validation before activation

## Agent Lifecycle States

Agents follow a well-defined state machine:

```
Unloaded → Loaded → Running ⇄ Draining → Stopped
                   Failed
```

### State Descriptions

- **Unloaded**: Agent is not present in the system
- **Loaded**: WASM module loaded and validated, but not executing
- **Running**: Agent is actively processing messages
- **Draining**: Agent finishing current work before shutdown
- **Stopped**: Agent cleanly shut down, resources released
- **Failed**: Agent encountered an error and was terminated

## Deployment Operations

### Basic Agent Deployment

Deploy an agent from a WASM module:

```rust
use caxton::{AgentLifecycleManager, DeploymentConfig, AgentVersion};

let manager = AgentLifecycleManager::new(/* dependencies */);

// Deploy agent
let result = manager.deploy_agent(
    agent_id,
    Some(agent_name),
    AgentVersion::generate(),
    version_number,
    DeploymentConfig::immediate(),
    wasm_bytes,
).await?;
```

### Deployment Strategies

#### Immediate Deployment
- Replaces agent instantly
- Minimal deployment time
- Brief service interruption

```rust
let config = DeploymentConfig::immediate();
```

#### Rolling Deployment
- Gradual replacement of instances
- Configurable batch size
- Maintains service availability

```rust
let config = DeploymentConfig::rolling(BatchSize::try_new(3)?);
```

#### Blue-Green Deployment
- Deploy to parallel environment
- Switch traffic instantly
- Easy rollback capability

```rust
let config = DeploymentConfig::new(DeploymentStrategy::BlueGreen);
```

#### Canary Deployment
- Deploy to subset of instances
- Gradual traffic increase
- Automatic rollback on issues

```rust
let config = DeploymentConfig::canary();
```

## Hot Reload Operations

### Zero-Downtime Updates

Hot reload enables updating agents without service interruption:

```rust
// Perform hot reload
let result = manager.hot_reload_agent(
    agent_id,
    Some(agent_name),
    new_version,
    version_number,
    HotReloadConfig::new(HotReloadStrategy::Graceful),
    new_wasm_bytes,
).await?;
```

### Hot Reload Strategies

#### Graceful Strategy
- Allows current requests to complete
- Starts new version in parallel
- Switches after warmup period

#### Traffic Splitting Strategy
- Routes percentage of traffic to new version
- Gradually increases traffic split
- Monitors metrics for issues

#### Parallel Strategy
- Runs both versions simultaneously
- Compares responses for validation
- Switches after verification

## Resource Management

### Setting Resource Limits

Configure memory and CPU limits during deployment:

```rust
let config = DeploymentConfig {
    strategy: DeploymentStrategy::Immediate,
    resource_requirements: ResourceRequirements::new(
        DeploymentMemoryLimit::from_mb(10)?,  // 10MB limit
        DeploymentFuelLimit::try_new(100_000)?, // 100K CPU cycles
    ),
    // ... other config
};
```

### Resource Enforcement

The system enforces limits through:

- **Memory Limits**: WebAssembly linear memory restrictions
- **CPU Limits**: Fuel-based execution metering
- **Execution Time**: Configurable timeouts for operations
- **Message Size**: Limits on incoming/outgoing message sizes

## WASM Module Validation

### Validation Pipeline

All WASM modules undergo comprehensive validation:

1. **Structure Validation**: Valid WASM format and sections
2. **Security Analysis**: Dangerous features detection
3. **Resource Analysis**: Memory and import requirements
4. **Function Validation**: Required exports present
5. **Custom Rules**: User-defined validation criteria

### Security Policies

The validator enforces security policies:

```rust
let policy = WasmSecurityPolicy {
    max_memory_pages: 16,           // 1MB max memory
    max_imports: 10,                // Limited imports
    allowed_imports: vec![          // Whitelist approach
        "env.print".to_string(),
    ],
    deny_unsafe_features: true,     // Block SIMD, etc.
};
```

## Monitoring and Observability

### Agent Status Tracking

Monitor agent health and status:

```rust
let status = manager.get_agent_status(agent_id).await?;

println!("State: {:?}", status.lifecycle.current_state);
println!("Memory: {} bytes", status.memory_allocated);
println!("Uptime: {:?}", status.uptime);
println!("Health: {:?}", status.health_status);
```

### Performance Metrics

Track deployment and operation metrics:

- Deployment duration and success rates
- Hot reload performance and rollback frequency
- Resource utilization per agent
- Message processing latency
- Error rates and failure patterns

## Error Handling and Recovery

### Fault Isolation

The system provides strong isolation guarantees:

- **Process Isolation**: Each agent in separate WASM instance
- **Memory Isolation**: No shared memory between agents
- **Failure Containment**: Failed agents don't affect others
- **Resource Protection**: Limits prevent resource exhaustion

### Recovery Strategies

When agents fail:

1. **Automatic Restart**: Failed agents restarted with exponential backoff
2. **Circuit Breaking**: Repeated failures trigger circuit breaker
3. **Graceful Degradation**: System continues with remaining healthy agents
4. **Rollback**: Automatic rollback to previous working version

### Error Categories

Common failure scenarios and handling:

- **Validation Errors**: WASM module rejected before deployment
- **Resource Exhaustion**: Agent stopped when exceeding limits
- **Runtime Errors**: Agent restarted or marked as failed
- **Deployment Failures**: Rollback to previous stable version

## Best Practices

### Development

- **Validate Early**: Test WASM modules with validator before deployment
- **Resource Planning**: Right-size memory and CPU limits
- **Error Handling**: Implement proper error responses in agents
- **Testing**: Use hot reload for rapid development iteration

### Production

- **Gradual Rollouts**: Use canary deployments for major changes
- **Monitoring**: Track agent health and performance metrics
- **Resource Margins**: Set limits with headroom for growth
- **Backup Strategy**: Maintain previous versions for quick rollback

### Performance

- **Batch Operations**: Group multiple agent operations when possible
- **Resource Reuse**: Pool and reuse WASM instances where appropriate
- **Monitoring Overhead**: Balance observability with performance impact
- **Load Testing**: Validate performance under expected load patterns

## API Reference

### AgentLifecycleManager

```rust
impl AgentLifecycleManager {
    // Deploy new agent
    async fn deploy_agent(&self, ...) -> Result<DeploymentResult>;

    // Update existing agent
    async fn hot_reload_agent(&self, ...) -> Result<HotReloadResult>;

    // Stop agent gracefully
    async fn stop_agent(&self, agent_id: AgentId, timeout: Option<Duration>)
        -> Result<OperationResult>;

    // Remove agent completely
    async fn remove_agent(&self, agent_id: AgentId) -> Result<OperationResult>;

    // Get agent status
    async fn get_agent_status(&self, agent_id: AgentId) -> Result<AgentStatus>;

    // List all agents
    async fn list_agents(&self) -> Result<Vec<AgentStatus>>;
}
```

For complete API documentation, see the [API Reference](../developer-guide/api-reference.md).

## Troubleshooting

### Common Issues

**Deployment Failures**
- Check WASM module validation errors
- Verify resource requirements are available
- Ensure agent exports required functions

**Hot Reload Issues**
- Monitor traffic split and rollback triggers
- Check version compatibility requirements
- Verify new version passes health checks

**Performance Problems**
- Review resource limit settings
- Analyze agent message processing patterns
- Check for memory leaks in agent code

**State Transition Errors**
- Ensure proper lifecycle state management
- Check for concurrent operation conflicts
- Review timeout configurations

For additional support, see the [Operational Runbook](operational-runbook.md).