Crate skill_runtime

Expand description

Skill Runtime - Universal execution engine for AI agent skills

This crate provides a secure, portable runtime for executing AI agent skills across multiple runtime types: WASM Component Model, Docker containers, and native command execution.

§Features

WASM Sandbox: Execute skills in isolated WASM environments with capability-based security
Docker Runtime: Run containerized skills with full environment control
Native Execution: Direct command execution for system tools (kubectl, git, etc.)
RAG-Powered Search: Semantic search with hybrid retrieval, reranking, and context compression
Multi-Instance Support: Configure multiple instances per skill (dev/staging/prod)
Audit Logging: Comprehensive execution tracking and security auditing

§Quick Start

use skill_runtime::{SkillEngine, SkillManifest};

// Initialize the runtime
let engine = SkillEngine::new()?;

// Load a skill manifest
let manifest = SkillManifest::from_file(".skill-engine.toml")?;

// Execute a tool
let result = engine.execute_tool("kubernetes", "get", serde_json::json!({
    "resource": "pods",
    "namespace": "default"
})).await?;

println!("Result: {}", result);

§Architecture

┌─────────────────────────────────────────┐
│           SkillEngine                    │
│  (Orchestrates execution & search)       │
└─────────────────────────────────────────┘
                  │
      ┌───────────┼───────────┐
      ▼           ▼           ▼
┌─────────┐ ┌──────────┐ ┌────────────┐
│  WASM   │ │  Docker  │ │   Native   │
│ Runtime │ │ Runtime  │ │  Executor  │
└─────────┘ └──────────┘ └────────────┘
      │           │           │
      └───────────┴───────────┘
                  │
      ┌───────────┴───────────┐
      ▼                       ▼
┌──────────────┐    ┌────────────────┐
│ Vector Store │    │  Audit Logger  │
│ (Search)     │    │  (Security)    │
└──────────────┘    └────────────────┘

§Security Model

Skills execute with capability-based security:

WASI Sandbox: Network and filesystem access must be explicitly granted
Command Allowlist: Native skills declare allowed commands in allowed-tools
Docker Isolation: Containerized skills run in separate namespaces
Audit Trail: All executions are logged with timestamps and arguments

§Performance

WASM cold start: ~100ms (includes AOT compilation)
WASM warm start: <10ms (cached)
Vector search: <50ms (384-dim embeddings)
Native commands: Near-instant (direct execution)

§Feature Flags

hybrid-search: BM25 + dense vector fusion with RRF
reranker: Cross-encoder reranking for improved precision
context-compression: Token-aware output compression
qdrant: Production vector database backend
job-queue: Async job scheduling and execution
sqlite-storage: SQLite-backed job storage

Re-exports§

pub use audit::AuditEntry;
pub use audit::AuditEventType;
pub use audit::AuditLogger;
pub use config_mapper::ConfigMapper;
pub use credentials::parse_keyring_reference;
pub use credentials::CredentialStore;
pub use credentials::SecureString;
pub use engine::SkillEngine;
pub use errors::RuntimeError;
pub use errors::Result;
pub use executor::ComponentCache;
pub use executor::SkillExecutor;
pub use git_loader::ClonedSkill;
pub use git_loader::GitSkillLoader;
pub use git_loader::SkillType;
pub use git_source::is_git_url;
pub use git_source::parse_git_url;
pub use git_source::GitRef;
pub use git_source::GitSource;
pub use instance::InstanceConfig;
pub use instance::InstanceManager;
pub use local_loader::LocalSkillLoader;
pub use docker_runtime::DockerOutput;
pub use docker_runtime::DockerRuntime;
pub use docker_runtime::DockerSecurityPolicy;
pub use manifest::DockerRuntimeConfig;
pub use manifest::ServiceRequirement;
pub use manifest::SkillManifest;
pub use manifest::SkillRuntime;
pub use manifest::ResolvedInstance;
pub use manifest::SkillInfo;
pub use manifest::expand_env_vars;
pub use metrics::ExecutionMetrics;
pub use sandbox::HostState;
pub use sandbox::SandboxBuilder;
pub use skill_md::parse_skill_md;
pub use skill_md::parse_skill_md_content;
pub use skill_md::find_skill_md;
pub use skill_md::SkillMdContent;
pub use skill_md::SkillMdFrontmatter;
pub use skill_md::ToolDocumentation;
pub use skill_md::CodeExample;
pub use skill_md::ParameterDoc;
pub use vector_store::VectorStore;
pub use vector_store::InMemoryVectorStore;
pub use vector_store::EmbeddedDocument;
pub use vector_store::DocumentMetadata;
pub use vector_store::Filter;
pub use vector_store::SearchResult;
pub use vector_store::UpsertStats;
pub use vector_store::DeleteStats;
pub use vector_store::HealthStatus;
pub use vector_store::DistanceMetric;
pub use vector_store::cosine_similarity;
pub use vector_store::euclidean_distance;
pub use embeddings::EmbeddingProvider;
pub use embeddings::EmbeddingConfig;
pub use embeddings::EmbeddingProviderType;
pub use embeddings::FastEmbedProvider;
pub use embeddings::FastEmbedModel;
pub use embeddings::OpenAIEmbedProvider;
pub use embeddings::OpenAIEmbeddingModel;
pub use embeddings::OllamaProvider;
pub use embeddings::EmbeddingProviderFactory;
pub use embeddings::create_provider;
pub use search::FusionMethod;
pub use search::reciprocal_rank_fusion;
pub use search::weighted_sum_fusion;
pub use search::QueryProcessor;
pub use search::QueryIntent;
pub use search::ExtractedEntity;
pub use search::EntityType;
pub use search::ProcessedQuery;
pub use search::QueryExpansion;
pub use search::IndexManager;
pub use search::IndexMetadata;
pub use search::SkillChecksum;
pub use search::IndexStats;
pub use search::SyncResult;
pub use search::SearchPipeline;
pub use search::PipelineSearchResult;
pub use search::PipelineIndexStats;
pub use search::PipelineHealth;
pub use search::ProviderStatus;
pub use search::IndexDocument;
pub use search_config::SearchConfig;
pub use search_config::BackendConfig;
pub use search_config::BackendType;
pub use search_config::EmbeddingConfig as SearchEmbeddingConfig;
pub use search_config::RetrievalConfig;
pub use search_config::RerankerConfig as SearchRerankerConfig;
pub use search_config::ContextConfig;
pub use search_config::QdrantConfig as SearchQdrantConfig;
pub use search_config::IndexConfig as SearchIndexConfig;
pub use search_config::FusionMethod as SearchFusionMethod;
pub use search_config::CompressionStrategy as SearchCompressionStrategy;
pub use search_config::AiIngestionConfig;
pub use search_config::AiProvider;
pub use search_config::OllamaLlmConfig;
pub use search_config::OpenAiLlmConfig;
pub use search_config::AnthropicLlmConfig;
pub use generation::GenerationEvent;
pub use generation::GeneratedExample;
pub use generation::AgentStep;
pub use generation::SearchResultRef;
pub use generation::GenerationStreamBuilder;
pub use generation::LlmProvider;
pub use generation::LlmResponse;
pub use generation::LlmChunk;
pub use generation::TokenUsage;
pub use generation::ChatMessage;
pub use generation::CompletionRequest;
pub use generation::create_llm_provider;
pub use generation::ExampleValidator;
pub use generation::ValidationResult;
pub use generation::ParsedCommand;
pub use generation::ExampleGenerator;
pub use generation::GeneratorConfig;
pub use types::*;

Modules§

audit
config_mapper
credentials
docker_runtime: Docker Runtime - Execute skills in Docker containers
embeddings: Embedding provider abstraction for vector generation
engine
errors
executor
generation: AI-powered example generation for skill tools
git_loader
git_source
instance
local_loader
manifest: Declarative skill manifest for stateless environments.
metrics
sandbox
search: Search module for hybrid retrieval
search_config: Configuration schema for RAG search pipeline
skill_md: SKILL.md parser for extracting rich skill documentation.
types
vector_store: Vector Store abstraction for pluggable vector database backends

Functions§

init: Initialize the skill runtime

Crate skill_runtime

Crate skill_runtime Copy item path

§Features

§Quick Start

§Architecture

§Security Model

§Performance

§Feature Flags

Re-exports§

Modules§

Functions§

Crate skill_runtime