marcoallegretti/WEFT_OS
marcoallegretti/WEFT_OS
1
0
Fork 0
mirror of https://github.com/marcoallegretti/WEFT_OS.git synced 2026-03-27 01:13:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
WEFT_OS/crates/weft-runtime/src/main.rs

324 lines
9.5 KiB
Rust
Raw Normal View History

feat(runtime): add weft-runtime crate skeleton New crate: weft-runtime — the child process spawned by weft-appd to execute WEFT application packages. src/main.rs: - Parses CLI arguments: <app_id> <session_id> (as per the supervisor contract in runtime.rs). - resolve_package(): searches user store (~/.local/share/weft/apps/<app_id>) then system store (/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden by WEFT_APP_STORE env var. - Verifies app.wasm exists in the resolved package directory. - Stubs Wasmtime execution with a TODO comment; prints 'READY' to stdout and exits cleanly so weft-appd's supervisor can complete the session lifecycle during development and integration testing. Tests (2): - package_store_roots_includes_system_path: system store path present. - package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE override replaces default search list. Also: - Added weft-runtime to workspace Cargo.toml members. - wsl-test.sh: added cargo test -p weft-runtime.
2026-03-11 08:27:30 +00:00
use std::path::PathBuf;
use anyhow::Context;
fn main() -> anyhow::Result<()> {
tracing_subscriber::fmt()
.with_env_filter(
tracing_subscriber::EnvFilter::try_from_default_env()
.unwrap_or_else(|_| tracing_subscriber::EnvFilter::new("info")),
)
.init();
let args: Vec<String> = std::env::args().collect();
if args.len() < 3 {
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature.
2026-03-11 14:10:11 +00:00
anyhow::bail!(
"usage: weft-runtime <app_id> <session_id> \
[--preopen HOST::GUEST]... [--ipc-socket PATH]"
);
feat(runtime): add weft-runtime crate skeleton New crate: weft-runtime — the child process spawned by weft-appd to execute WEFT application packages. src/main.rs: - Parses CLI arguments: <app_id> <session_id> (as per the supervisor contract in runtime.rs). - resolve_package(): searches user store (~/.local/share/weft/apps/<app_id>) then system store (/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden by WEFT_APP_STORE env var. - Verifies app.wasm exists in the resolved package directory. - Stubs Wasmtime execution with a TODO comment; prints 'READY' to stdout and exits cleanly so weft-appd's supervisor can complete the session lifecycle during development and integration testing. Tests (2): - package_store_roots_includes_system_path: system store path present. - package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE override replaces default search list. Also: - Added weft-runtime to workspace Cargo.toml members. - wsl-test.sh: added cargo test -p weft-runtime.
2026-03-11 08:27:30 +00:00
}
let app_id = &args[1];
let session_id: u64 = args[2]
.parse()
.with_context(|| format!("invalid session_id: {}", args[2]))?;
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature.
2026-03-11 14:10:11 +00:00
let mut preopen: Vec<(String, String)> = Vec::new();
let mut ipc_socket: Option<String> = None;
let mut i = 3usize;
while i < args.len() {
match args[i].as_str() {
"--preopen" => {
i += 1;
let spec = args.get(i).context("--preopen requires an argument")?;
if let Some((host, guest)) = spec.split_once("::") {
preopen.push((host.to_string(), guest.to_string()));
} else {
preopen.push((spec.clone(), spec.clone()));
}
}
"--ipc-socket" => {
i += 1;
ipc_socket = Some(
args.get(i)
.context("--ipc-socket requires an argument")?
.clone(),
);
}
other => anyhow::bail!("unexpected argument: {other}"),
}
i += 1;
}
feat(runtime): seccomp blocklist filter via optional seccomp feature Add seccomp feature flag (seccompiler + libc, Linux-only, optional). When compiled with --features seccomp, weft-runtime installs a SECCOMP_MODE_FILTER immediately after argument parsing, before any package resolution or WASM execution. Filter strategy: default-allow with explicit KillProcess rules for high-risk syscalls a WASM runtime process has no legitimate need for: ptrace, process_vm_readv/writev, kexec_load, personality, syslog, reboot, mount/umount2, setuid/setgid/setreuid/setregid/setresuid/ setresgid, chroot, pivot_root, init_module/finit_module/delete_module, bpf, perf_event_open, acct. The feature is off by default so the standard build and tests are unaffected. Enable in production service builds with --features seccomp.
2026-03-11 14:34:21 +00:00
#[cfg(feature = "seccomp")]
apply_seccomp_filter().context("apply seccomp filter")?;
feat(runtime): add weft-runtime crate skeleton New crate: weft-runtime — the child process spawned by weft-appd to execute WEFT application packages. src/main.rs: - Parses CLI arguments: <app_id> <session_id> (as per the supervisor contract in runtime.rs). - resolve_package(): searches user store (~/.local/share/weft/apps/<app_id>) then system store (/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden by WEFT_APP_STORE env var. - Verifies app.wasm exists in the resolved package directory. - Stubs Wasmtime execution with a TODO comment; prints 'READY' to stdout and exits cleanly so weft-appd's supervisor can complete the session lifecycle during development and integration testing. Tests (2): - package_store_roots_includes_system_path: system store path present. - package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE override replaces default search list. Also: - Added weft-runtime to workspace Cargo.toml members. - wsl-test.sh: added cargo test -p weft-runtime.
2026-03-11 08:27:30 +00:00
tracing::info!(session_id, %app_id, "weft-runtime starting");
let pkg_dir = resolve_package(app_id)?;
tracing::info!(path = %pkg_dir.display(), "package resolved");
let wasm_path = pkg_dir.join("app.wasm");
if !wasm_path.exists() {
anyhow::bail!("app.wasm not found at {}", wasm_path.display());
}
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
tracing::info!(session_id, %app_id, wasm = %wasm_path.display(), "executing module");
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature.
2026-03-11 14:10:11 +00:00
run_module(&wasm_path, &preopen, ipc_socket.as_deref())?;
feat(runtime): add weft-runtime crate skeleton New crate: weft-runtime — the child process spawned by weft-appd to execute WEFT application packages. src/main.rs: - Parses CLI arguments: <app_id> <session_id> (as per the supervisor contract in runtime.rs). - resolve_package(): searches user store (~/.local/share/weft/apps/<app_id>) then system store (/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden by WEFT_APP_STORE env var. - Verifies app.wasm exists in the resolved package directory. - Stubs Wasmtime execution with a TODO comment; prints 'READY' to stdout and exits cleanly so weft-appd's supervisor can complete the session lifecycle during development and integration testing. Tests (2): - package_store_roots_includes_system_path: system store path present. - package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE override replaces default search list. Also: - Added weft-runtime to workspace Cargo.toml members. - wsl-test.sh: added cargo test -p weft-runtime.
2026-03-11 08:27:30 +00:00
tracing::info!(session_id, %app_id, "exiting");
Ok(())
}
fn resolve_package(app_id: &str) -> anyhow::Result<PathBuf> {
for store_root in package_store_roots() {
let pkg_dir = store_root.join(app_id);
let manifest = pkg_dir.join("wapp.toml");
if manifest.exists() {
return Ok(pkg_dir);
}
}
anyhow::bail!("package '{}' not found in any package store", app_id)
}
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
#[cfg(not(feature = "wasmtime-runtime"))]
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature.
2026-03-11 14:10:11 +00:00
fn run_module(
_wasm_path: &std::path::Path,
_preopen: &[(String, String)],
_ipc_socket: Option<&str>,
) -> anyhow::Result<()> {
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
println!("READY");
Ok(())
}
#[cfg(feature = "wasmtime-runtime")]
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature.
2026-03-11 14:10:11 +00:00
fn run_module(
wasm_path: &std::path::Path,
preopen: &[(String, String)],
ipc_socket: Option<&str>,
) -> anyhow::Result<()> {
use cap_std::{ambient_authority, fs::Dir};
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
use wasmtime::{
Config, Engine, Store,
component::{Component, Linker},
};
use wasmtime_wasi::{
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature.
2026-03-11 14:10:11 +00:00
DirPerms, FilePerms, ResourceTable, WasiCtx, WasiCtxBuilder, WasiView, add_to_linker_sync,
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
bindings::sync::Command,
};
struct State {
ctx: WasiCtx,
table: ResourceTable,
}
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
impl WasiView for State {
fn ctx(&mut self) -> &mut WasiCtx {
&mut self.ctx
}
fn table(&mut self) -> &mut ResourceTable {
&mut self.table
}
}
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
let mut config = Config::new();
config.wasm_component_model(true);
let engine = Engine::new(&config).context("create engine")?;
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
let component = Component::from_file(&engine, wasm_path)
.with_context(|| format!("load component {}", wasm_path.display()))?;
let mut linker: Linker<State> = Linker::new(&engine);
add_to_linker_sync(&mut linker).context("add WASI to linker")?;
feat(runtime): add weft:app/notify WIT package and notify-ready host interface Adds crates/weft-runtime/wit/weft-app.wit defining package weft:app@0.1.0 with interface notify { ready: func() }. In the wasmtime-runtime path: - Registers weft:app/notify@0.1.0 in the component linker before instantiation - ready() prints
2026-03-11 14:15:11 +00:00
linker
.instance("weft:app/notify@0.1.0")
.context("define weft:app/notify instance")?
.func_wrap("ready", |_: wasmtime::StoreContextMut<'_, State>, ()| {
println!("READY");
Ok::<(), wasmtime::Error>(())
})
.context("define weft:app/notify#ready")?;
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
feat(runtime): add --preopen and --ipc-socket CLI arguments weft-runtime now parses optional flags after <app_id> <session_id>: --preopen HOST::GUEST pre-opens a host directory at GUEST path in the WASI filesystem (HOST::GUEST or HOST for same path) --ipc-socket PATH sets WEFT_IPC_SOCKET env var inside the component wasmtime-runtime path applies preopened dirs via cap_std and WasiCtxBuilder, and injects WEFT_IPC_SOCKET when --ipc-socket is present. Stub path ignores both flags. weft-appd: SessionRegistry gains ipc_socket field (set to the appd Unix socket path in run()), extracted alongside compositor_tx in dispatch(), and forwarded to supervise() as ipc_socket_path. supervise() passes --ipc-socket <path> to the spawned runtime when present. cap-std added as optional dep under wasmtime-runtime feature.
2026-03-11 14:10:11 +00:00
let mut ctx_builder = WasiCtxBuilder::new();
ctx_builder.inherit_stdout().inherit_stderr();
if let Some(socket_path) = ipc_socket {
ctx_builder.env("WEFT_IPC_SOCKET", socket_path);
}
for (host_path, guest_path) in preopen {
let dir = Dir::open_ambient_dir(host_path, ambient_authority())
.with_context(|| format!("open preopen dir {host_path}"))?;
ctx_builder.preopened_dir(dir, DirPerms::all(), FilePerms::all(), guest_path);
}
let ctx = ctx_builder.build();
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
let mut store = Store::new(
&engine,
State {
ctx,
table: ResourceTable::new(),
},
);
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
let command =
Command::instantiate(&mut store, &component, &linker).context("instantiate component")?;
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
feat(runtime): upgrade to WASI Preview 2 + Component Model Replaces the wasmtime-runtime run_module implementation: - wasmtime::Module → wasmtime::component::Component - wasmtime::Linker<WasiCtx> → wasmtime::component::Linker<State> - wasmtime_wasi::add_to_linker → wasmtime_wasi::add_to_linker_sync - _start typed func call → wasmtime_wasi::bindings::sync::Command::instantiate + call_run Config now sets wasm_component_model(true). State struct implements WasiView (ctx + table). app.wasm must be a WASI 0.2 component; core modules are no longer supported.
2026-03-11 14:03:16 +00:00
command
.wasi_cli_run()
.call_run(&mut store)
.context("call run")?
.map_err(|()| anyhow::anyhow!("wasm component run exited with error"))
feat(runtime): add wasmtime-runtime feature gate for real Wasm execution Cargo.toml: - New feature: wasmtime-runtime = [dep:wasmtime, dep:wasmtime-wasi] - Default is off so the normal build remains lightweight. - wasmtime 30 and wasmtime-wasi 30 added as optional dependencies. src/main.rs: - run_module(wasm_path) replaces the inline stub. - cfg(not(feature = wasmtime-runtime)): prints READY and returns. Preserves all existing test and development behaviour unchanged. - cfg(feature = wasmtime-runtime): creates a Wasmtime Engine + Module, builds a WASI linker with inherited stdout/stderr, prints READY, then instantiates the module and calls _start. READY is printed before _start so weft-appd can record the session as Running before the app enters its event loop. The production service binary is built with: cargo build -p weft-runtime --release --features wasmtime-runtime
2026-03-11 09:26:41 +00:00
}
feat(runtime): seccomp blocklist filter via optional seccomp feature Add seccomp feature flag (seccompiler + libc, Linux-only, optional). When compiled with --features seccomp, weft-runtime installs a SECCOMP_MODE_FILTER immediately after argument parsing, before any package resolution or WASM execution. Filter strategy: default-allow with explicit KillProcess rules for high-risk syscalls a WASM runtime process has no legitimate need for: ptrace, process_vm_readv/writev, kexec_load, personality, syslog, reboot, mount/umount2, setuid/setgid/setreuid/setregid/setresuid/ setresgid, chroot, pivot_root, init_module/finit_module/delete_module, bpf, perf_event_open, acct. The feature is off by default so the standard build and tests are unaffected. Enable in production service builds with --features seccomp.
2026-03-11 14:34:21 +00:00
#[cfg(feature = "seccomp")]
fn apply_seccomp_filter() -> anyhow::Result<()> {
use seccompiler::{BpfProgram, SeccompAction, SeccompFilter, SeccompRule};
use std::collections::BTreeMap;
use std::convert::TryInto;
#[cfg(target_arch = "x86_64")]
let arch = seccompiler::TargetArch::x86_64;
#[cfg(target_arch = "aarch64")]
let arch = seccompiler::TargetArch::aarch64;
let blocked: &[i64] = &[
libc::SYS_ptrace,
libc::SYS_process_vm_readv,
libc::SYS_process_vm_writev,
libc::SYS_kexec_load,
libc::SYS_personality,
libc::SYS_syslog,
libc::SYS_reboot,
libc::SYS_mount,
libc::SYS_umount2,
libc::SYS_setuid,
libc::SYS_setgid,
libc::SYS_setreuid,
libc::SYS_setregid,
libc::SYS_setresuid,
libc::SYS_setresgid,
libc::SYS_chroot,
libc::SYS_pivot_root,
libc::SYS_init_module,
libc::SYS_finit_module,
libc::SYS_delete_module,
libc::SYS_bpf,
libc::SYS_perf_event_open,
libc::SYS_acct,
];
let mut rules: BTreeMap<i64, Vec<SeccompRule>> = BTreeMap::new();
for &syscall in blocked {
rules.insert(syscall, vec![SeccompRule::new(vec![])?]);
}
let filter = SeccompFilter::new(
rules,
SeccompAction::Allow,
SeccompAction::KillProcess,
arch,
)?;
let bpf: BpfProgram = filter.try_into()?;
seccompiler::apply_filter(&bpf)?;
Ok(())
}
feat(runtime): add weft-runtime crate skeleton New crate: weft-runtime — the child process spawned by weft-appd to execute WEFT application packages. src/main.rs: - Parses CLI arguments: <app_id> <session_id> (as per the supervisor contract in runtime.rs). - resolve_package(): searches user store (~/.local/share/weft/apps/<app_id>) then system store (/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden by WEFT_APP_STORE env var. - Verifies app.wasm exists in the resolved package directory. - Stubs Wasmtime execution with a TODO comment; prints 'READY' to stdout and exits cleanly so weft-appd's supervisor can complete the session lifecycle during development and integration testing. Tests (2): - package_store_roots_includes_system_path: system store path present. - package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE override replaces default search list. Also: - Added weft-runtime to workspace Cargo.toml members. - wsl-test.sh: added cargo test -p weft-runtime.
2026-03-11 08:27:30 +00:00
fn package_store_roots() -> Vec<PathBuf> {
if let Ok(explicit) = std::env::var("WEFT_APP_STORE") {
return vec![PathBuf::from(explicit)];
}
let mut roots = Vec::new();
if let Ok(home) = std::env::var("HOME") {
roots.push(
PathBuf::from(home)
.join(".local")
.join("share")
.join("weft")
.join("apps"),
);
}
roots.push(PathBuf::from("/usr/share/weft/apps"));
roots
}
#[cfg(test)]
mod tests {
use super::*;
#[test]
fn package_store_roots_includes_system_path() {
let roots = package_store_roots();
assert!(
roots
.iter()
.any(|p| p == &PathBuf::from("/usr/share/weft/apps"))
);
}
#[test]
fn package_store_roots_uses_weft_app_store_when_set() {
// SAFETY: test binary is single-threaded at this point.
unsafe { std::env::set_var("WEFT_APP_STORE", "/custom/store") };
let roots = package_store_roots();
assert_eq!(roots, vec![PathBuf::from("/custom/store")]);
unsafe { std::env::remove_var("WEFT_APP_STORE") };
}
test(runtime): add resolve_package tests for found and not-found cases
2026-03-11 11:19:17 +00:00
#[test]
fn resolve_package_finds_installed_package() {
use std::fs;
let store =
std::env::temp_dir().join(format!("weft_runtime_resolve_{}", std::process::id()));
let pkg_dir = store.join("com.example.resolve");
fs::create_dir_all(&pkg_dir).unwrap();
fs::write(
pkg_dir.join("wapp.toml"),
"[package]\nid=\"com.example.resolve\"\n",
)
.unwrap();
let prior = std::env::var("WEFT_APP_STORE").ok();
unsafe { std::env::set_var("WEFT_APP_STORE", &store) };
let result = resolve_package("com.example.resolve");
unsafe {
match prior {
Some(v) => std::env::set_var("WEFT_APP_STORE", v),
None => std::env::remove_var("WEFT_APP_STORE"),
}
}
let _ = fs::remove_dir_all(&store);
assert!(result.is_ok());
assert!(result.unwrap().ends_with("com.example.resolve"));
}
#[test]
fn resolve_package_errors_on_unknown_id() {
let store =
std::env::temp_dir().join(format!("weft_runtime_resolve_empty_{}", std::process::id()));
let _ = std::fs::create_dir_all(&store);
let prior = std::env::var("WEFT_APP_STORE").ok();
unsafe { std::env::set_var("WEFT_APP_STORE", &store) };
let result = resolve_package("com.does.not.exist");
unsafe {
match prior {
Some(v) => std::env::set_var("WEFT_APP_STORE", v),
None => std::env::remove_var("WEFT_APP_STORE"),
}
}
let _ = std::fs::remove_dir_all(&store);
assert!(result.is_err());
}
feat(runtime): add weft-runtime crate skeleton New crate: weft-runtime — the child process spawned by weft-appd to execute WEFT application packages. src/main.rs: - Parses CLI arguments: <app_id> <session_id> (as per the supervisor contract in runtime.rs). - resolve_package(): searches user store (~/.local/share/weft/apps/<app_id>) then system store (/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden by WEFT_APP_STORE env var. - Verifies app.wasm exists in the resolved package directory. - Stubs Wasmtime execution with a TODO comment; prints 'READY' to stdout and exits cleanly so weft-appd's supervisor can complete the session lifecycle during development and integration testing. Tests (2): - package_store_roots_includes_system_path: system store path present. - package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE override replaces default search list. Also: - Added weft-runtime to workspace Cargo.toml members. - wsl-test.sh: added cargo test -p weft-runtime.
2026-03-11 08:27:30 +00:00
}
Reference in a new issue Copy permalink