Skip to content

Require Explicit Consent Before Downloading and Executing WASM Runtime #24

Description

@Tanishq1030

Summary

Anchor currently downloads and executes the WASM runtime automatically when sandbox execution is required.

Although this enables secure behavioral evaluation with minimal setup, it introduces unexpected network activity and binary execution during a developer's first scan.

Runtime installation should require explicit user consent.


Problem

During the first execution requiring the sandbox, Anchor automatically:

  • downloads the WASM runtime,
  • installs required runtime components,
  • executes the downloaded runtime.

While this behavior is functional, developers generally expect security tooling to explain before:

  • accessing the network,
  • downloading executables,
  • executing newly downloaded binaries.

Unexpected runtime installation can reduce trust and complicate use in restricted or offline environments.


Proposed Solution

Treat runtime installation as an explicit setup step.

When the runtime is not available:

Sandbox runtime not found.

Anchor uses WASMEdge to execute policies inside an isolated sandbox.

The runtime must be downloaded once before sandbox execution.

Download and install now?

[Y/n]

If accepted:

  • download the runtime,
  • verify its integrity,
  • install it,
  • continue execution.

If declined:

  • continue static analysis,
  • disable sandbox-based evaluation,
  • explain which runtime capabilities are unavailable.

Benefits

  • Makes network activity explicit.
  • Improves developer trust.
  • Supports offline workflows.
  • Better accommodates enterprise and restricted environments.
  • Clearly separates installation from execution.

Acceptance Criteria

  • Detect missing runtime before execution.
  • Prompt before downloading runtime components.
  • Verify downloaded runtime before installation.
  • Continue static analysis if installation is declined.
  • Clearly communicate unavailable sandbox features.
  • Documentation updated with runtime installation workflow.

Design Notes

Anchor should never perform unexpected network access or execute downloaded binaries without informing the developer.

Runtime installation should remain simple while following the principle of explicit consent for network operations and executable downloads.

This preserves Anchor's offline-first philosophy while maintaining a transparent and predictable developer experience.

Metadata

Metadata

Assignees

No one assigned

    Labels

    developer-experienceImproves developer workflowexternal-feedbackCreated from external technical review or community feedback.runtimeRuntime enforcement engine

    Fields

    No fields configured for Feature.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions