Expand description
WASM Plugin Runtime.
This module provides the wasmtime-based runtime for executing plugins.
§Security / Sandboxing
Plugins run in a fully sandboxed environment with the following guarantees:
- No filesystem access: Plugins cannot read or write files
- No network access: Plugins cannot make network connections
- No environment access: Plugins cannot read environment variables
- No system calls: No WASI or other system imports are provided
- Memory limits: Configurable max memory (default 256MB)
- Execution limits: Fuel-based execution time limits (default 30s)
The only way for plugins to communicate is through the process function
which receives serialized directive data and returns modified directives.
§Hot Reloading
The WatchingPluginManager provides file-watching capability for
development workflows. It tracks plugin file modification times and
reloads plugins when their source files change.
Structs§
- Plugin
- A loaded WASM plugin.
- Plugin
Manager - Plugin manager that caches loaded plugins.
- Runtime
Config - Configuration for the plugin runtime.
- Watching
Plugin Manager - Plugin manager with hot-reloading support.
Functions§
- validate_
plugin_ module - Validate that a WASM module doesn’t have any forbidden imports.