skill-runtime 0.3.0

Core execution engine for Skill - WASM sandbox, Docker runtime, and native skill execution
Documentation

Skill Runtime - Universal execution engine for AI agent skills

This crate provides a secure, portable runtime for executing AI agent skills across multiple runtime types: WASM Component Model, Docker containers, and native command execution.

Features

  • WASM Sandbox: Execute skills in isolated WASM environments with capability-based security
  • Docker Runtime: Run containerized skills with full environment control
  • Native Execution: Direct command execution for system tools (kubectl, git, etc.)
  • RAG-Powered Search: Semantic search with hybrid retrieval, reranking, and context compression
  • Multi-Instance Support: Configure multiple instances per skill (dev/staging/prod)
  • Audit Logging: Comprehensive execution tracking and security auditing

Quick Start

use skill_runtime::{SkillEngine, SkillManifest};

# async fn run() -> anyhow::Result<()> {
// Initialize the runtime
let engine = SkillEngine::new()?;

// Load a skill manifest
let manifest = SkillManifest::from_file(".skill-engine.toml")?;

// Execute a tool
let result = engine.execute_tool("kubernetes", "get", serde_json::json!({
    "resource": "pods",
    "namespace": "default"
})).await?;

println!("Result: {}", result);
# Ok(())
# }

Architecture

┌─────────────────────────────────────────┐
│           SkillEngine                    │
│  (Orchestrates execution & search)       │
└─────────────────────────────────────────┘
                  │
      ┌───────────┼───────────┐
      ▼           ▼           ▼
┌─────────┐ ┌──────────┐ ┌────────────┐
│  WASM   │ │  Docker  │ │   Native   │
│ Runtime │ │ Runtime  │ │  Executor  │
└─────────┘ └──────────┘ └────────────┘
      │           │           │
      └───────────┴───────────┘
                  │
      ┌───────────┴───────────┐
      ▼                       ▼
┌──────────────┐    ┌────────────────┐
│ Vector Store │    │  Audit Logger  │
│ (Search)     │    │  (Security)    │
└──────────────┘    └────────────────┘

Security Model

Skills execute with capability-based security:

  • WASI Sandbox: Network and filesystem access must be explicitly granted
  • Command Allowlist: Native skills declare allowed commands in allowed-tools
  • Docker Isolation: Containerized skills run in separate namespaces
  • Audit Trail: All executions are logged with timestamps and arguments

Performance

  • WASM cold start: ~100ms (includes AOT compilation)
  • WASM warm start: <10ms (cached)
  • Vector search: <50ms (384-dim embeddings)
  • Native commands: Near-instant (direct execution)

Feature Flags

  • hybrid-search: BM25 + dense vector fusion with RRF
  • reranker: Cross-encoder reranking for improved precision
  • context-compression: Token-aware output compression
  • qdrant: Production vector database backend
  • job-queue: Async job scheduling and execution
  • sqlite-storage: SQLite-backed job storage