[][src]Crate wascc_host

waSCC Host

The WebAssembly Secure Capabilities Connector (waSCC) host runtime manages actors written in WebAssembly (aka nanoprocesses) and capability providers written in WebAssembly (via WASI) or as OS-native plugin libraries. waSCC securely manages communications between actors and the capabilities they need.

To start a runtime, simply add actors and capabilities to the host. For more information, take a look at the documentation and tutorials at wascc.dev.

Example

use std::collections::HashMap;
use wascc_host::{Host, Actor, NativeCapability};

fn main() -> std::result::Result<(), Box<dyn std::error::Error + Send + Sync>> {
   env_logger::init();
   let host = Host::new();
   host.add_actor(Actor::from_file("./examples/.assets/echo.wasm")?)?;
   host.add_actor(Actor::from_file("./examples/.assets/echo2.wasm")?)?;
   host.add_native_capability(NativeCapability::from_file(
       "./examples/.assets/libwascc_httpsrv.so", None
   )?)?;

   host.set_binding(
       "MDFD7XZ5KBOPLPHQKHJEMPR54XIW6RAG5D7NNKN22NP7NSEWNTJZP7JN",
       "wascc:http_server",
       None,
       generate_port_config(8085),
   )?;

   host.set_binding(
       "MB4OLDIC3TCZ4Q4TGGOVAZC43VXFE2JQVRAXQMQFXUCREOOFEKOKZTY2",
       "wascc:http_server",
       None,
       generate_port_config(8084),
   )?;

   assert_eq!(2, host.actors().len());
   if let Some(ref claims) = host.claims_for_actor("MB4OLDIC3TCZ4Q4TGGOVAZC43VXFE2JQVRAXQMQFXUCREOOFEKOKZTY2") {
       let md = claims.metadata.as_ref().unwrap();
       assert!(md.caps.as_ref().unwrap().contains(&"wascc:http_server".to_string()));   
   }
    

   // Need to keep the main thread from terminating immediately
   // std::thread::park();

   Ok(())
}

fn generate_port_config(port: u16) -> HashMap<String, String> {
   let mut hm = HashMap::new();
   hm.insert("PORT".to_string(), port.to_string());

   hm
}

Re-exports

pub use middleware::Middleware;

Modules

errors

Custom error types

middleware

Structs

Actor

An actor is a WebAssembly module that conforms to the waSCC protocols and can securely consume capabilities exposed by native or portable capability providers

BindingEntry
Host

Represents an instance of a waSCC host runtime

HostBuilder

A builder pattern implementation for creating a custom-configured host runtime

HostManifest
Invocation

An immutable representation of an invocation within waSCC

InvocationResponse

The response to an invocation

NativeCapability

Represents a native capability provider compiled as a shared object library. These plugins are OS- and architecture-specific, so they will be .so files on Linux, .dylib files on macOS, etc.

WasiParams

Parameters defining the options for enabling WASI on a module (if applicable)

Enums

WasccEntity

Represents an invocation target - either an actor or a bound capability provider

Constants

REVISION
VERSION

Traits

Authorizer

An authorizer is responsible for determining whether an actor can be loaded as well as whether an actor can invoke another entity. For invocation checks, the authorizer is only ever invoked after an initial capability attestation check has been performed and passed. This has the net effect of making it impossible to override the base behavior of checking that an actor's embedded JWT contains the right capability attestations.

Type Definitions

Result
SubjectClaimsPair