WASM Goblins — Capability-Secure Runtime Patterns

What it does

WASM Goblins documents patterns for integrating Goblins actor systems with verified WebAssembly runtimes (Wasmtime, Wasmer, WAMR, WasmEdge, wasm3 and Hoot). It maps syscall categories to capability models, explains verification properties (Iris-Wasm, Cranelift proofs), and provides code examples showing actors compiled to or wrapping WASM modules. The material is a technical cookbook for teams building capability-isolated, sandboxed actor systems where compositional security and verified semantics matter.

When to use it

Use this skill when designing or auditing an architecture that runs untrusted modules in WASM sandboxes, when selecting a runtime for specific constraints (edge, enclave, POSIX-capable), or when implementing capability-passing between actors and WASM modules. It's aimed at engineers working on runtime security, embedded/IoT deployments, or cloud-native WASM platforms.

What's included

• Scripts: no executable scripts detected in the snapshot.
• References: in-body references to verification tools and proposals (Iris-Wasm, WASI/WASIX, Cranelift).
• Instructions: interaction patterns (Actor-as-WASM, WASM-as-Actor, capability handles), syscall category mappings, runtime selection matrix, and security/property checklists.

Compatible agents

Best consumed by developer-oriented agents with code-reading and synthesis skills (Copilot-style or Code-focused LLMs) able to produce integration examples and runtime configuration recommendations.