Wasm Nodes
Wasm nodes run sandboxed WebAssembly plugins for safe, portable custom logic using Wasmtime.
Use Cases
Section titled “Use Cases”- Text transforms, validation, formatting
- Scoring, ranking, classification
- Tenant-defined business logic
- Cross-language portable extensions
Not For
Section titled “Not For”- ffmpeg / yt-dlp — use the Tool runtime
- AI inference — use the Provider runtime
- Unrestricted OS/process/network access
Configuration
Section titled “Configuration”NodeDefinition::wasm("format", "text.transform", "fabric://modules/formatter@v1") .requires("wasm.execute")WasmRuntimeConfig
Section titled “WasmRuntimeConfig”| Field | Default | Description |
|---|---|---|
module | required | Module reference (fabric://modules/name@version) |
memory_limit_bytes | 64 MB | Maximum memory |
fuel_limit | 1B instructions | CPU fuel limit |
Planned ABI
Section titled “Planned ABI”describe() -> module metadatavalidate(input, config) -> validation resultexecute(input, context, config) -> outputHost Capabilities (Planned)
Section titled “Host Capabilities (Planned)”- Logging
- Limited asset metadata reads
- Metrics emission
- Approved context value reads
- Structured output return
Sandboxing
Section titled “Sandboxing”All Wasm modules run in a sandboxed environment with strict limits:
- Memory limits enforced
- CPU/fuel limits enforced
- Timeout enforced
- Capability allowlist (only explicitly granted capabilities)
Security Boundaries
Section titled “Security Boundaries”| Concern | Policy |
|---|---|
| Filesystem | Denied |
| Network | Denied |
| Process spawning | Denied |
| Environment variables | Denied |
| Secrets | Denied |
| Context reads | Allowlisted paths only |
| Output | Structured JSON only |
Wasm modules cannot access the filesystem, network, spawn processes, read environment variables, or access secrets. They can only read allowlisted context paths and return structured JSON output.