Feature-gated Wasm host tools for the CLI#91
Conversation
Signed-off-by: akrm al-hakimi <alhakimiakrmj@gmail.com>
Signed-off-by: akrm al-hakimi <alhakimiakrmj@gmail.com>
Signed-off-by: akrm al-hakimi <alhakimiakrmj@gmail.com>
Signed-off-by: akrm al-hakimi <alhakimiakrmj@gmail.com>
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Adds support for registering and invoking host-side custom tools implemented as WASI Preview1 WebAssembly modules (behind an optional Cargo feature), including CLI flags and documentation updates.
Changes:
- Introduces a
wasm-host-fnsfeature with optionalwasmtime/wasmtime-wasidependencies and a new Wasm tool runner (WasmTool). - Extends the host CLI to register
--tool NAME=WASMtools and configure their WASI capabilities/limits (--tool-wasi-*). - Updates docs and README to describe the new tool mechanism and its security/limits model.
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 3 comments.
Show a summary per file
| File | Description |
|---|---|
| host/src/wasm_host_fns.rs | New Wasm tool loader/invoker with WASI Preview1 wiring, option parsing, stdout parsing, and tests. |
| host/src/main.rs | Adds feature-gated CLI flags for Wasm tools and registers tools into SandboxBuilder. |
| host/Cargo.toml | Adds wasm-host-fns feature and optional wasmtime / wasmtime-wasi deps. |
| docs/host_functions.md | Documents --tool and --tool-wasi-* behavior, protocol, and limits. |
| README.md | Updates dispatch surface description and adds usage docs for Wasm host tools. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Signed-off-by: akrm al-hakimi <alhakimiakrmj@gmail.com>
danbugs
left a comment
danbugs
left a comment
There was a problem hiding this comment.
This is AWESOME!! Thank you so much for the contribution! Just ggot some comments here and there for you to consider.
Signed-off-by: Akrm Al-Hakimi <alhakimiakrmj@gmail.com>
Signed-off-by: Akrm Al-Hakimi <alhakimiakrmj@gmail.com>
danbugs
left a comment
danbugs
left a comment
There was a problem hiding this comment.
Mostly LGTM. I think this should be good to merge after addressing the echo tool comment. Thanks!
Signed-off-by: Akrm Al-Hakimi <alk9fh@bosch.com>
danbugs
left a comment
danbugs
left a comment
There was a problem hiding this comment.
Thanks for rebasing. Mostly LGTM. I think we just need to remove leftover --enable-tools references from the host functions doc and main README as well as modify the existing python-host-tools example to use a wasm host function. You can commit the echo Wasm host fxn to the repo under smt like: examples/echo-wasm-host-fxn or smt like that.
This adds
--tool name=./handler.wasmsupport behind a newwasm-host-fnsCargo feature. The CLI now can register WASIp1 modules as custom host tools and route guest__dispatchcalls to them through the existingToolRegistrypath.Each Wasm tool is compiled and linked before the VM boots, then invoked as a fresh WASIp1 command per tool call. The handler gets the normal dispatch envelope on stdin,
{"name":"...","args":...}, and writes either a raw JSON result or a{"result": ...}/{"error": "..."}envelope to stdout. WASI filesystem and env access are capability-based and off by default, with explicit--tool-wasi-dir,--tool-wasi-dir-ro,--tool-wasi-env, and--tool-wasi-env-inheritflags. Calls also have fuel and stdout/stderr capture limits.Closes #84