Run untrusted code.
Trust nothing.

Steel is a plugin runtime that executes WebAssembly components with per-call authorization, zero-trust isolation, and policy-as-code. Every function call is verified. Every session is sandboxed.

Get Started
0
Implicit permissions
1
Policy evaluated per call
Isolation per session

What is Steel?

Steel is a Rust-based runtime for loading, binding, and executing WebAssembly plugins with built-in security. It enforces authorization on every function call before it reaches your code.

Plugins are packaged as OCI artifacts and distributed through standard container registries. Interfaces are defined with WIT (WebAssembly Interface Types), compiled to wasm32-wasip2, and executed inside wasmtime sandboxes.

Why Steel?

Zero-Trust by Default

No implicit permissions. Every call is denied unless a policy explicitly allows it. Even if your application has a bug, the plugin can only do what the policy permits.

Per-User Isolation

Each user gets their own Wasm sandbox, linker, and policy engine. One user cannot see or affect another user's execution, even within the same plugin.

Policy-as-Code

Authorization rules are written in Rego and evaluated at runtime. Change policies without redeploying your application. Audit every decision.

OCI-Native Distribution

Ship plugins as OCI artifacts. Pull from GHCR, ECR, Docker Hub, or load from local archives. Use the container tooling you already have.

How It Works

Built for Real Security Requirements

Steel was designed for environments where plugins execute sensitive operations and every call must be authorized. It provides the building blocks for zero-trust plugin systems:

Crate Overview

CrateRole
steel-coreTypes, traits, policy engine, calling conventions
steel-runtimeRuntime, plugin loading, FFI, OCI loader
steel-sdk-schemaOCI artifact schema and media types
steel-sdkDeveloper SDK and bindgen! macros
steel-toolsCLI for building and inspecting plugins