Expand description
WASM-Sandboxed Multi-Tenant Plugin Runtime
This module replaces the unsafe libloading-based dynamic plugin loader
with a secure, sandboxed WASM runtime.
§Security Model
- Memory Isolation: Each plugin runs in its own linear memory
- Fuel Limits: Instruction counting prevents infinite loops
- Capability-Based Access: Plugins can only access allowed resources
- No Syscalls: WASM code cannot directly access filesystem/network
§Performance
- Target overhead: ~100ns per host function call
- Memory-mapped WASM modules for fast instantiation
- Pooled instances for frequently-used plugins
§Architecture
┌─────────────────────────────────────────────────────────────┐
│ WASM Plugin Runtime │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ WasmPluginRegistry │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │
│ │ │Plugin A │ │Plugin B │ │Plugin C │ │ │
│ │ │(WASM) │ │(WASM) │ │(WASM) │ │ │
│ │ └────┬─────┘ └────┬─────┘ └────┬─────┘ │ │
│ └────────┼────────────┼────────────┼───────────────────┘ │
│ │ │ │ │
│ ┌────────┴────────────┴────────────┴───────────────────┐ │
│ │ Host Function ABI │ │
│ │ soch_read, soch_write, vector_search, emit_metric │ │
│ └──────────────────────────────────────────────────────┘ │
└─────────────────────────────────────────────────────────────┘Structs§
- Wasm
Instance Config - Configuration for a WASM plugin instance
- Wasm
Observability Plugin - Wrapper to use a WASM plugin as an ObservabilityExtension
- Wasm
Plugin Capabilities - Capabilities granted to a WASM plugin
- Wasm
Plugin Instance - A WASM plugin instance
- Wasm
Plugin Registry - Registry for WASM plugins
- Wasm
Plugin Stats - Statistics for a WASM plugin instance
Enums§
- Wasm
Plugin State - State of a WASM plugin instance
- Wasm
Value - WASM value types for function arguments and returns