Summary
Anchor currently downloads and executes the WASM runtime automatically when sandbox execution is required.
Although this enables secure behavioral evaluation with minimal setup, it introduces unexpected network activity and binary execution during a developer's first scan.
Runtime installation should require explicit user consent.
Problem
During the first execution requiring the sandbox, Anchor automatically:
- downloads the WASM runtime,
- installs required runtime components,
- executes the downloaded runtime.
While this behavior is functional, developers generally expect security tooling to explain before:
- accessing the network,
- downloading executables,
- executing newly downloaded binaries.
Unexpected runtime installation can reduce trust and complicate use in restricted or offline environments.
Proposed Solution
Treat runtime installation as an explicit setup step.
When the runtime is not available:
Sandbox runtime not found.
Anchor uses WASMEdge to execute policies inside an isolated sandbox.
The runtime must be downloaded once before sandbox execution.
Download and install now?
[Y/n]
If accepted:
- download the runtime,
- verify its integrity,
- install it,
- continue execution.
If declined:
- continue static analysis,
- disable sandbox-based evaluation,
- explain which runtime capabilities are unavailable.
Benefits
- Makes network activity explicit.
- Improves developer trust.
- Supports offline workflows.
- Better accommodates enterprise and restricted environments.
- Clearly separates installation from execution.
Acceptance Criteria
Design Notes
Anchor should never perform unexpected network access or execute downloaded binaries without informing the developer.
Runtime installation should remain simple while following the principle of explicit consent for network operations and executable downloads.
This preserves Anchor's offline-first philosophy while maintaining a transparent and predictable developer experience.
Summary
Anchor currently downloads and executes the WASM runtime automatically when sandbox execution is required.
Although this enables secure behavioral evaluation with minimal setup, it introduces unexpected network activity and binary execution during a developer's first scan.
Runtime installation should require explicit user consent.
Problem
During the first execution requiring the sandbox, Anchor automatically:
While this behavior is functional, developers generally expect security tooling to explain before:
Unexpected runtime installation can reduce trust and complicate use in restricted or offline environments.
Proposed Solution
Treat runtime installation as an explicit setup step.
When the runtime is not available:
If accepted:
If declined:
Benefits
Acceptance Criteria
Design Notes
Anchor should never perform unexpected network access or execute downloaded binaries without informing the developer.
Runtime installation should remain simple while following the principle of explicit consent for network operations and executable downloads.
This preserves Anchor's offline-first philosophy while maintaining a transparent and predictable developer experience.