← Back to context

Comment by westurner

9 hours ago

From the README:

> Security model

> The sandbox runs inside WebAssembly with WASI for a minimal syscall interface. WASM provides memory isolation by design—linear memory is bounds-checked, and there's no way to escape to the host address space. The wasmtime runtime we use is built with defense-in-depth and has been formally verified for memory safety.

> On top of WASM isolation, every tool call goes through capability validation: [...]

> The design draws from capability-based security as implemented in systems like seL4—access is explicitly granted, not implicitly available. Agents don't get ambient authority just because they're running in your process.

6 comments

westurner

Reply
westurner  8 hours ago

From "Show HN: NPM install a WASM based Linux VM for your agents" re: https://news.ycombinator.com/item?id=46686346 :

>> How to run vscode-container-wasm-gcc-example with c2w, with joelseverin/linux-wasm?

> linux-wasm is apparently faster than c2w.

container2wasm issue #550: https://github.com/container2wasm/container2wasm/issues/550#...

vscode-container-wasm-gcc-example : https://github.com/ktock/vscode-container-wasm-gcc-example

Cloudflare Runners also run WASM; with workerd:

cloudflare/workerd : https://news.ycombinator.com/item?id=46151170 :

> [ llvm-memsafe-wasm , wasmtime-mte , ]

  • souvik1997  8 hours ago

    agentvm looks very cool! They are taking a different approach - full Linux VM emulated in WASM. It's very impressive technically.

    We differentiate from agentvm by being lightweight (~11 MB Wasm binary, compared to 173 MB for agentvm). Though there is still a lot we can learn from agentvm, thank you for sharing their project.

    • schmuhblaster  8 hours ago

      Thank you! When I started working on agentvm my original goal was similar to yours, build a kind of Mingw or Cygwin for WASM. However, I quickly learned that this wouldn't really be feasible with reasonable amounts of time/token spend, mostly due to issues like having to find a way to make fork work, etc. I am no expert for WASM or Linux system programming, but it's been a lot of fun working on this stuff. I hope that the WASI standard and runtimes become more mature, as I feel that WASM sandboxes make a lot of sense in environments where containers are not an option.

      3 replies →