Expand description
wafrift-plugin-api — External tamper plugin system.
Lets external contributors add tampers without a Rust rebuild.
Plugins live at ~/.wafrift/tampers/:
| Extension | Mechanism | Use case |
|---|---|---|
.toml | Regex substitution rules | ~80% of tampers (encoders / replacers) |
.wasm | WebAssembly (wasmtime) | Turing-complete logic |
§Security model
WASM modules run inside a wasmtime::Engine with no WASI
capabilities attached: no filesystem, no network, no environment
variables, no random, no clocks. The only ABI is a single exported
function tamper(ptr: i32, len: i32) -> i64 that receives the
payload as UTF-8 bytes via linear memory and returns a
(ptr << 32 | len) packed into an i64. Memory is bounded to 4 MiB.
Fuel limiting caps execution to 1 000 000 instructions per call.
§Quick start
use wafrift_plugin_api::load_all;
let tampers = load_all();
for t in &tampers {
println!("{}: {}", t.name(), t.apply("SELECT 1"));
}Structs§
- Tamper
Manifest - Metadata that every external contribution must declare.
- Tamper
Registry - Registry that holds all loaded external tampers.
Enums§
- Plugin
Error - Errors that can occur during plugin loading or execution.
Traits§
- Tamper
- Every plugin — TOML or WASM — implements this trait.
Functions§
- default_
plugin_ dir - Return the default plugin directory:
~/.wafrift/tampers/. - load_
all - Scan
~/.wafrift/tampers/and return all successfully-loaded plugins. - load_
from - Scan the given directory and return all successfully-loaded plugins.