Node Runtime Model
Fabric workflow nodes use a two-axis model that separates what a node does from how it runs:
- Semantic operation — what the node does (e.g.,
audio.transcribe,media.thumbnail) - Runtime implementation — how the node runs (Native, Tool, Provider, Wasm)
The semantic operation is the stable, canonical meaning. The runtime implementation can change without affecting workflow semantics.
Runtime Kinds
Section titled “Runtime Kinds”Native
Section titled “Native”Built-in Rust logic with no external dependencies.
| Operation | Description |
|---|---|
workflow.noop | No-op passthrough |
workflow.merge_context | Merge context values |
workflow.validate_context | Validate context shape |
workflow.fan_in | Collect parallel results |
text.transform_basic | Simple text transformations |
External binaries invoked safely through typed operations. Not raw shell commands.
| Tool | Operations |
|---|---|
| ffmpeg | media.transcode, media.extract_audio, media.thumbnail |
| yt-dlp | source.youtube_download |
Commands are constructed from typed operations — no arbitrary shell execution. See Tool Nodes for details.
Provider
Section titled “Provider”AI provider-backed operations via fabric-providers. Routes through ProviderRouter with tier/cost/health-based selection.
Supports all modalities: text, image, audio, video, embedding.
See Provider Nodes for details.
Sandboxed WebAssembly plugins for portable custom logic. Memory-limited, CPU/fuel-limited, capability-controlled.
See Wasm Nodes for details.
Node Definition
Section titled “Node Definition”NodeDefinition::provider("transcribe", "audio.transcribe", "audio") .input("audio_url", "$context.audio.url") .output("transcript", "$context.transcript.text", MergePolicy::Replace) .requires("provider.audio.transcribe") .with_policy(NodePolicy { timeout_ms: 120_000, ..Default::default() })Execution Flow
Section titled “Execution Flow”- Capability check — Dispatcher verifies required capabilities are available
- Input binding — Values resolved from shared context
- Runtime execution — The appropriate runtime executor is invoked
- Output binding — Results applied to shared context using the configured merge policy
- Result normalization — A
NodeExecutionResultis returned with status, output, and usage metadata
Security Boundaries
Section titled “Security Boundaries”Each runtime kind enforces specific security boundaries:
| Runtime | Security Model |
|---|---|
| Native | Trusted Rust code, no external dependencies |
| Tool | Validated command construction, no arbitrary shell, timeout enforced, stdout/stderr captured and truncated |
| Provider | Routes through policy-controlled ProviderRouter |
| Wasm | Memory/fuel limits, capability allowlist, no raw OS access |