WebAssembly System Interface (WASI)

# WebAssembly System Interface (WASI) A modular, capability-based standard system interface for [[Web Assembly (WASM)]] outside the browser. WASI lets WASM modules access OS-like resources — files, network sockets, clocks, environment variables — in a portable, sandboxed way. The contract that makes WASM viable for servers, edge runtimes, CLI tools, and embedded systems. Spec: https://wasi.dev/ ## Why WASI Exists Browser WASM modules access the world only through JavaScript glue. Outside the browser, a portable system interface is needed: WASI fills the role POSIX plays for native binaries, but with capability-based security and a modular ABI. ## Capability-Based Security Default deny. A WASI module receives only the resources its host explicitly grants: - A specific directory, not the whole filesystem - A specific socket, not arbitrary network access - A specific clock granularity, not high-res timing for timing-attack vectors This is much stricter than POSIX, where any program can attempt to read `/etc/passwd`. WASI's security model is closer to browser tabs than to Unix processes. ## WASI Preview Generations | Version | Status | Notes | |---|---|---| | Preview 1 | Stable, widely deployed | The de facto WASI most runtimes implement today | | Preview 2 | Standardizing | Built on the WIT/Component Model; modular interfaces | | Preview 3 | In progress | Async / streams support | ## Where It Runs | Runtime | Use Case | |---|---| | Wasmtime | Reference runtime, CLI | | Wasmer | Plugin embedding, package manager | | WasmEdge | Edge / IoT | | Spin (Fermyon) | Microservices, serverless | | Cloudflare Workers | Edge functions (uses internal WASM runtime) | | Fastly Compute@Edge | Edge functions | | Shopify Functions | Customer-extensible apps | ## Why It Matters for AI / ML - WASI lets [[ONNX Runtime]] and other ML libs ship as portable WASM that runs identically across edge runtimes - [[Edge Computing]] platforms use WASI to safely run customer code with predictable resource limits - WASI + [[Web Assembly (WASM)]] SIMD/threads is becoming a viable path for ML inference at the edge ## Contrast with Containers | | Containers | WASI / WASM | |---|---|---| | Cold start | Hundreds of ms | Single-digit ms | | Image size | Hundreds of MB | Single MB | | Isolation | Namespaces + cgroups | Sandbox + capabilities | | Portability | OS+arch dependent | Truly portable | | Density | Dozens per host | Thousands per host | ## References - https://wasi.dev/ - https://github.com/WebAssembly/WASI ## Related - [[Web Assembly (WASM)]] - [[Edge Computing]] - [[Edge AI]] - [[ONNX Runtime Web]]