wasm

package
v1.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 1, 2026 License: Apache-2.0 Imports: 14 Imported by: 0

Documentation

Overview

Package wasm provides HTTP sandboxing for Wasm skills.

Package wasm provides a sandboxed Wasm runtime for skill execution.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrNoEntrypoint is returned when module has no callable entrypoint.
	ErrNoEntrypoint = errors.New("wasm: no entrypoint found")

	// ErrExecutionTimeout is returned when execution exceeds time limit.
	ErrExecutionTimeout = errors.New("wasm: execution timeout")
)
View Source 
var (
	// ErrURLNotAllowed is returned when a URL is not in the allowlist.
	ErrURLNotAllowed = errors.New("wasm: URL not in allowlist")
)

Functions

func RegisterHostFunctions 

func RegisterHostFunctions(ctx context.Context, r wazero.Runtime, hf *HostFunctions) error

RegisterHostFunctions binds host functions to the Wasm runtime.

Types

type HTTPAllowlist 

type HTTPAllowlist struct {
	// contains filtered or unexported fields
}

HTTPAllowlist validates URLs against an allowed domains list.

func NewHTTPAllowlist 

func NewHTTPAllowlist(patterns []string) *HTTPAllowlist

NewHTTPAllowlist creates a new allowlist from patterns. Patterns can be:

func (*HTTPAllowlist) IsAllowed 

func (a *HTTPAllowlist) IsAllowed(rawURL string) bool

IsAllowed checks if a URL is permitted by the allowlist.

type HostFunctions 

type HostFunctions struct {
	// LLMGenerate is called when skill needs text generation.
	LLMGenerate func(ctx context.Context, prompt string) (string, error)

	// KVGet retrieves a value from key-value store.
	KVGet func(ctx context.Context, key string) ([]byte, error)

	// KVSet stores a value in key-value store.
	KVSet func(ctx context.Context, key string, value []byte) error

	// HTTPFetch performs an HTTP request (sandboxed).
	HTTPFetch func(ctx context.Context, url string, method string, body []byte) ([]byte, int, error)

	// Log writes to structured log.
	Log func(ctx context.Context, level string, msg string)
	// contains filtered or unexported fields
}

HostFunctions provides the Host API for Wasm skills.

func (*HostFunctions) ClearBuffers 

func (hf *HostFunctions) ClearBuffers()

ClearBuffers resets input and output buffers.

func (*HostFunctions) GetOutput 

func (hf *HostFunctions) GetOutput() []byte

GetOutput returns the output buffer from the skills.

func (*HostFunctions) SetInput 

func (hf *HostFunctions) SetInput(input []byte)

SetInput sets the input buffer for the skills.

type Limits 

type Limits struct {
	MaxMemoryBytes   int64
	MaxExecutionTime time.Duration
}

Limits defines resource constraints for Wasm execution.

func DefaultLimits 

func DefaultLimits() Limits

DefaultLimits returns sensible defaults.

type ModuleCache 

type ModuleCache struct {
	// contains filtered or unexported fields
}

ModuleCache provides LRU caching for compiled modules.

func NewModuleCache 

func NewModuleCache(capacity int) *ModuleCache

NewModuleCache creates a cache with given capacity.

func (*ModuleCache) Get 

func (c *ModuleCache) Get(key string) ([]byte, bool)

Get retrieves a cached module.

func (*ModuleCache) Put 

func (c *ModuleCache) Put(key string, data []byte)

Put stores a module, evicting oldest if at capacity.

type Runtime 

type Runtime struct {
	// contains filtered or unexported fields
}

Runtime wraps wazero for sandboxed Wasm execution.

func NewRuntime 

func NewRuntime() (*Runtime, error)

NewRuntime creates a new Wasm runtime.

func (*Runtime) Close 

func (r *Runtime) Close() error

Close releases all resources.

func (*Runtime) Execute 

func (r *Runtime) Execute(ctx context.Context, wasmBytes []byte, input []byte, limits Limits) ([]byte, error)

Execute runs a Wasm module with the given input and limits.

func (*Runtime) GetEngine 

func (r *Runtime) GetEngine() wazero.Runtime

GetEngine returns the underlying wazero runtime.

func (*Runtime) LoadModule 

func (r *Runtime) LoadModule(ctx context.Context, name string, wasmBytes []byte) (api.Module, error)

LoadModule compiles and caches a Wasm module.

func (*Runtime) RegisterHostFunctions 

func (r *Runtime) RegisterHostFunctions(ctx context.Context, hf *HostFunctions) error

RegisterHostFunctions registers the Host API functions in the runtime and stores the reference.

type SandboxedHTTPClient 

type SandboxedHTTPClient struct {
	// contains filtered or unexported fields
}

SandboxedHTTPClient performs HTTP requests with allowlist validation.

func NewSandboxedHTTPClient 

func NewSandboxedHTTPClient(allowlist *HTTPAllowlist, httpClient *http.Client) *SandboxedHTTPClient

NewSandboxedHTTPClient creates a new sandboxed HTTP client. If httpClient is nil, uses default with 30s timeout.

func (*SandboxedHTTPClient) Fetch 

func (c *SandboxedHTTPClient) Fetch(ctx context.Context, urlStr, method string, body []byte) ([]byte, int, error)

Fetch performs an HTTP request if the URL is allowed.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.