WEFT_OS/crates/weft-runtime/Cargo.toml

[package]
name = "weft-runtime"
version.workspace = true
edition.workspace = true
rust-version.workspace = true

[[bin]]
name = "weft-runtime"
path = "src/main.rs"

[features]
default = []
wasmtime-runtime = ["dep:wasmtime", "dep:wasmtime-wasi", "dep:cap-std"]
seccomp = ["dep:seccompiler", "dep:libc"]
net-fetch = ["dep:ureq"]

[dependencies]
anyhow = "1.0"
tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
wasmtime = { version = "30", optional = true }
wasmtime-wasi = { version = "30", optional = true }
cap-std = { version = "3", optional = true }
seccompiler = { version = "0.4", optional = true }
libc = { version = "0.2", optional = true }
ureq = { version = "2", optional = true }
feat(runtime): add weft-runtime crate skeleton New crate: weft-runtime — the child process spawned by weft-appd to execute WEFT application packages. src/main.rs: - Parses CLI arguments: <app_id> <session_id> (as per the supervisor contract in runtime.rs). - resolve_package(): searches user store (~/.local/share/weft/apps/<app_id>) then system store (/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden by WEFT_APP_STORE env var. - Verifies app.wasm exists in the resolved package directory. - Stubs Wasmtime execution with a TODO comment; prints 'READY' to stdout and exits cleanly so weft-appd's supervisor can complete the session lifecycle during development and integration testing. Tests (2): - package_store_roots_includes_system_path: system store path present. - package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE override replaces default search list. Also: - Added weft-runtime to workspace Cargo.toml members. - wsl-test.sh: added cargo test -p weft-runtime. 2026-03-11 08:27:30 +00:00			`[package]`
			`name = "weft-runtime"`
			`version.workspace = true`
			`edition.workspace = true`
			`rust-version.workspace = true`

			`[[bin]]`
			`name = "weft-runtime"`
			`path = "src/main.rs"`

feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime 2026-03-11 09:26:41 +00:00			`[features]`
			`default = []`
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature. 2026-03-11 14:10:11 +00:00			`wasmtime-runtime = ["dep:wasmtime", "dep:wasmtime-wasi", "dep:cap-std"]`
feat(runtime): seccomp blocklist filter via optional seccomp feature Add seccomp feature flag (seccompiler + libc, Linux-only, optional). When compiled with --features seccomp, weft-runtime installs a SECCOMP_MODE_FILTER immediately after argument parsing, before any package resolution or WASM execution. Filter strategy: default-allow with explicit KillProcess rules for high-risk syscalls a WASM runtime process has no legitimate need for: ptrace, process_vm_readv/writev, kexec_load, personality, syslog, reboot, mount/umount2, setuid/setgid/setreuid/setregid/setresuid/ setresgid, chroot, pivot_root, init_module/finit_module/delete_module, bpf, perf_event_open, acct. The feature is off by default so the standard build and tests are unaffected. Enable in production service builds with --features seccomp. 2026-03-11 14:34:21 +00:00			`seccomp = ["dep:seccompiler", "dep:libc"]`
feat: appd IPC relay, WIT interfaces, UI kit, gesture routing, and CI hardening - weft-appd: per-session IPC socket paths; bidirectional Wasm-HTML JSON relay via spawn_ipc_relay; SO_PEERCRED UID check on Unix socket connections; PanelGesture request and NavigationGesture broadcast for compositor gestures - weft-runtime: weft:app/ipc, weft:app/fetch, weft:app/notifications WIT interfaces; IpcState non-blocking Unix socket host functions; ureq-backed net:fetch host function (net-fetch feature); notify-send notifications host - weft-file-portal: spawn a thread per accepted connection for concurrent access - weft-app-shell: weft-system:// URL translation; WEFT UI Kit UserScript injection; resolve_weft_system_url helper - weft-servo-shell: forward compositor navigation gestures to weft-appd WebSocket as PanelGesture; WEFT UI Kit UserScript injection - infra/shell: weft-ui-kit.js with 11 custom elements (weft-button, weft-card, weft-dialog, weft-icon, weft-list, weft-list-item, weft-menu, weft-menu-item, weft-progress, weft-input, weft-label); system-ui.html handles NAVIGATION_GESTURE messages and dispatches weft:navigation-gesture CustomEvent - infra/systemd: add missing env vars to weft-appd.service; correct servo-shell.service binary path and system-ui.html argument - .github/workflows/ci.yml: exclude weft-servo-shell and weft-app-shell from cross-platform job; add them to linux-only job with libsystemd-dev dependency 2026-03-12 11:49:45 +00:00			`net-fetch = ["dep:ureq"]`
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime 2026-03-11 09:26:41 +00:00
feat(runtime): add weft-runtime crate skeleton New crate: weft-runtime — the child process spawned by weft-appd to execute WEFT application packages. src/main.rs: - Parses CLI arguments: <app_id> <session_id> (as per the supervisor contract in runtime.rs). - resolve_package(): searches user store (~/.local/share/weft/apps/<app_id>) then system store (/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden by WEFT_APP_STORE env var. - Verifies app.wasm exists in the resolved package directory. - Stubs Wasmtime execution with a TODO comment; prints 'READY' to stdout and exits cleanly so weft-appd's supervisor can complete the session lifecycle during development and integration testing. Tests (2): - package_store_roots_includes_system_path: system store path present. - package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE override replaces default search list. Also: - Added weft-runtime to workspace Cargo.toml members. - wsl-test.sh: added cargo test -p weft-runtime. 2026-03-11 08:27:30 +00:00			`[dependencies]`
			`anyhow = "1.0"`
			`tracing = "0.1"`
			`tracing-subscriber = { version = "0.3", features = ["env-filter"] }`
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime 2026-03-11 09:26:41 +00:00			`wasmtime = { version = "30", optional = true }`
			`wasmtime-wasi = { version = "30", optional = true }`
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature. 2026-03-11 14:10:11 +00:00			`cap-std = { version = "3", optional = true }`
feat(runtime): seccomp blocklist filter via optional seccomp feature Add seccomp feature flag (seccompiler + libc, Linux-only, optional). When compiled with --features seccomp, weft-runtime installs a SECCOMP_MODE_FILTER immediately after argument parsing, before any package resolution or WASM execution. Filter strategy: default-allow with explicit KillProcess rules for high-risk syscalls a WASM runtime process has no legitimate need for: ptrace, process_vm_readv/writev, kexec_load, personality, syslog, reboot, mount/umount2, setuid/setgid/setreuid/setregid/setresuid/ setresgid, chroot, pivot_root, init_module/finit_module/delete_module, bpf, perf_event_open, acct. The feature is off by default so the standard build and tests are unaffected. Enable in production service builds with --features seccomp. 2026-03-11 14:34:21 +00:00			`seccompiler = { version = "0.4", optional = true }`
			`libc = { version = "0.2", optional = true }`
feat: appd IPC relay, WIT interfaces, UI kit, gesture routing, and CI hardening - weft-appd: per-session IPC socket paths; bidirectional Wasm-HTML JSON relay via spawn_ipc_relay; SO_PEERCRED UID check on Unix socket connections; PanelGesture request and NavigationGesture broadcast for compositor gestures - weft-runtime: weft:app/ipc, weft:app/fetch, weft:app/notifications WIT interfaces; IpcState non-blocking Unix socket host functions; ureq-backed net:fetch host function (net-fetch feature); notify-send notifications host - weft-file-portal: spawn a thread per accepted connection for concurrent access - weft-app-shell: weft-system:// URL translation; WEFT UI Kit UserScript injection; resolve_weft_system_url helper - weft-servo-shell: forward compositor navigation gestures to weft-appd WebSocket as PanelGesture; WEFT UI Kit UserScript injection - infra/shell: weft-ui-kit.js with 11 custom elements (weft-button, weft-card, weft-dialog, weft-icon, weft-list, weft-list-item, weft-menu, weft-menu-item, weft-progress, weft-input, weft-label); system-ui.html handles NAVIGATION_GESTURE messages and dispatches weft:navigation-gesture CustomEvent - infra/systemd: add missing env vars to weft-appd.service; correct servo-shell.service binary path and system-ui.html argument - .github/workflows/ci.yml: exclude weft-servo-shell and weft-app-shell from cross-platform job; add them to linux-only job with libsystemd-dev dependency 2026-03-12 11:49:45 +00:00			`ureq = { version = "2", optional = true }`