feat(runtime): add configurable wasm security runtime and tooling

src/runtime/mod.rs

@@ -1,10 +1,12 @@
 pub mod docker;
 pub mod native;
 pub mod traits;
+pub mod wasm;
 
 pub use docker::DockerRuntime;
 pub use native::NativeRuntime;
 pub use traits::RuntimeAdapter;
+pub use wasm::{WasmCapabilities, WasmExecutionResult, WasmRuntime};
 
 use crate::config::RuntimeConfig;
 
@@ -13,13 +15,16 @@ pub fn create_runtime(config: &RuntimeConfig) -> anyhow::Result<Box<dyn RuntimeA
     match config.kind.as_str() {
         "native" => Ok(Box::new(NativeRuntime::new())),
         "docker" => Ok(Box::new(DockerRuntime::new(config.docker.clone()))),
+        "wasm" => Ok(Box::new(WasmRuntime::new(config.wasm.clone()))),
         "cloudflare" => anyhow::bail!(
             "runtime.kind='cloudflare' is not implemented yet. Use runtime.kind='native' for now."
         ),
         other if other.trim().is_empty() => {
-            anyhow::bail!("runtime.kind cannot be empty. Supported values: native, docker")
+            anyhow::bail!("runtime.kind cannot be empty. Supported values: native, docker, wasm")
+        }
+        other => {
+            anyhow::bail!("Unknown runtime kind '{other}'. Supported values: native, docker, wasm")
         }
-        other => anyhow::bail!("Unknown runtime kind '{other}'. Supported values: native, docker"),
     }
 }
 
@@ -49,6 +54,17 @@ mod tests {
         assert!(rt.has_shell_access());
     }
 
+    #[test]
+    fn factory_wasm() {
+        let cfg = RuntimeConfig {
+            kind: "wasm".into(),
+            ..RuntimeConfig::default()
+        };
+        let rt = create_runtime(&cfg).unwrap();
+        assert_eq!(rt.name(), "wasm");
+        assert!(!rt.has_shell_access());
+    }
+
     #[test]
     fn factory_cloudflare_errors() {
         let cfg = RuntimeConfig {