ADR-005: Execution Sandbox via WASM and Sidecars
- Status: Accepted
- Date: 2026-02-07
Context
Steps can contain untrusted or third-party code. The runtime must isolate execution while keeping latency predictable.
Decision
Adopt WASM as the default sandbox for steps, with optional sidecar execution for non-WASM languages.
Consequences
- Strong isolation and portability.
- Additional tooling to compile or package steps into WASM.
- Sidecar complexity for Python/JS steps but retains flexibility.