Trust nothing
Run untrusted code with Steel
Steel is a plugin framework that executes isolated components with zero-trust, per-call authorization and argument validation. Every function call is verified. Every session is sandboxed.
Get StartedWhat is Steel?
Steel is a plugin framework that performs loading, binding, and execution of plugins with built-in security. It enforces authorization on every function call before it reaches your code.
Plugins are packaged as OCI artifacts and distributed through standard container registries. Interfaces are defined with WIT (WebAssembly Interface Types), and executed inside a sandboxed environment.
Why Steel?
Zero-Trust by Default
No implicit permissions. Every call is denied unless a policy explicitly allows it. Even if your application has a bug, the plugin can only do what the policy permits.
Per-User Isolation
Each user gets their own isolated sandbox, linker, and policy engine. One user cannot see or affect another user's execution, even within the same plugin.
Policy-as-Code
Authorization rules are written in Rego and evaluated at runtime. Change policies without redeploying your application. Audit every decision.
OCI-Native Distribution
Ship plugins as OCI artifacts. Pull from GHCR, ECR, Docker Hub, or load from local archives. Use the container tooling you already have.
How It Works
- Your application starts a Steel runtime and loads plugins from OCI archives.
- A user authenticates and Steel opens an isolated session for them.
- The user invokes a function — Steel evaluates the Rego policy against the call arguments.
-
If the policy returns
true, the call executes inside an isolated sandbox. - If not, the call is denied. No code runs.
Built for Real Security Requirements
Steel was designed for environments where plugins execute sensitive operations and every call must be authorized. It provides the building blocks for zero-trust plugin systems:
- Fine-grained, per-call authorization with Rego policies.
- Per-user session isolation with separate sandboxes.
- Defense-in-depth: policy engine and linker are independent enforcement layers.
- Content-addressed plugin distribution with integrity verification.
- C-compatible FFI for embedding in a wide range of applications.
Crate Overview
| Crate | Role |
|---|---|
steel-core | Types, traits, policy engine, calling conventions |
steel-runtime | Runtime, plugin loading, FFI, OCI loader |
steel-sdk-schema | OCI artifact schema and media types |
steel-sdk | Developer SDK and bindgen! macros |
steel-tools | CLI for building and inspecting plugins |