AGENTS.md: wasmtime Architectural Context & Engagement Rules

1. Information Flow & Purpose (The Executive Summary)

You are operating within the wasmtime repository, a fast and secure standalone WebAssembly (Wasm) runtime that includes the Cranelift code generator. The codebase is heavily dominated by Rust (86.6%) and implements complex compiler pipelines, JIT execution, and the WebAssembly System Interface (WASI).

• Architectural Paradigm: The repository functions as a "Cluster 4" macro-species, characterized by clean micro-boundaries (Modularity: 0.6897) but significant single-point-of-failure fragility (Assortativity: -0.4411). This defines a system where domain-specific crates (cranelift, wasi, wasmtime) are well-segregated but heavily rely on core runtime and memory management orchestrators.
• Information Flow: Information flows from Wasm binary parsing/validation into Cranelift's Intermediate Representation (IR), through the ISLE (Instruction Selection Lowering Expressions) semantic matching, and finally into architecture-specific JIT emission (x64, aarch64, riscv64, s390x).
• Core Rule: Maintain strict adherence to Rust's memory safety guarantees and explicit unsafe boundaries. When working within the JIT compiler (cranelift) or the C-API (crates/c-api), extreme care must be taken to maintain the invariants required for sandboxed Wasm execution.

2. Notable Structures & Architecture

• Foundational Load-Bearers (High Blast Radius): The C-API headers (wasm.h, wasmtime.hh) act as the primary integration layer for embedding Wasmtime, carrying high inbound connections. Internally, tests/all/memory.rs acts as a critical structural pillar for validating runtime invariants.
• Fragile Orchestrators (High Coupling): The runtime's Virtual Machine layer (crates/wasmtime/src/runtime/vm.rs, 43 outbound dependencies) and the component model's concurrency engine (crates/wasmtime/src/runtime/component/concurrent.rs) dictate execution flow and state management. The Cranelift compiler orchestrator (crates/cranelift/src/compiler.rs) routes the entire JIT lowering process.
• Algorithmic Complexity: The ISLE instruction selector and backend emitters (emit.rs across various ISAs, from_ast in sema.rs) exhibit O(2^N) static analysis signatures. These represent dense, pattern-matching state machines and graph traversals.

3. Security & Vulnerabilities

Status: SECURE PERIMETER (WITH RAW MEMORY AND JIT CAVEATS). The Structural Threat Intelligence audits flagged 0 malicious artifacts.

CRITICAL WARNINGS: 1. Raw Memory Manipulation: The execution of WebAssembly inherently requires managing raw, untrusted memory boundaries. Files like crates/c-api/include/wasm.hh, linker.h, and the fuzzing generators exhibit raw memory manipulation traits. Any modifications to memory mapping, page fault handling, or bounding must be formally validated to prevent escape from the Wasm sandbox. 2. Exploit Generation Surface: The Cranelift Dominator Tree (dominator_tree.rs), AArch64 emitter (emit.rs), and WASI-HTTP types expose logical surfaces that could be leveraged for JIT spraying or sandbox escapes if exploited. Strict control-flow integrity must be maintained during code generation. 3. Weaponizable Injection Vectors: The CLI interface for WASI networking (p2_cli_no_ip_name_lookup.rs) and TLS deferred operations (crates/wasi-tls/src/p3/util/deferred.rs) possess high exposure to injection. Ensure stringent input validation on host-provided file paths, environment variables, and network addresses before passing them into the WASI environment.

4. Outliers & Extremes

• High Volatility & Risk (The Hotspot Matrix): crates/wasmtime/src/config.rs operates at 87% churn and 99% tech debt, serving as a highly volatile central configuration hub. Similarly, crates/environ/src/collections.rs and gc.rs are frequent targets for modification that carry systemic risk.
• Severe Silo Risk: Critical compilation and WASI layers are entirely siloed. crates/wasi/src/p1.rs (Alex Crichton), cranelift/reader/src/parser.rs (Chris Fallin), and the ISLE semantic analyzer cranelift/isle/isle/src/sema.rs (Michael McLoughlin) operate at 100% isolated ownership.
• Design Slop: Files such as winch/codegen/src/visitor.rs (249 orphaned functions) and winch/codegen/src/isa/x64/asm.rs reflect heavy code-generation and macro expansion. Do not prune this code; it represents ISA-specific instruction handlers that bypass static graphing.
• Blind Bottlenecks: tests/all/memory.rs and cranelift/codegen/src/isa/riscv64/inst/vector.rs possess extreme "God Node" characteristics (high blast radius) but lack structured architectural documentation (100% Doc Risk).

5. Recommended Next Steps (Refactoring for Stability)

To stabilize the architecture and mitigate single-point-of-failure risks, prioritize the following engineering efforts:

1. De-Silo the ISLE and WASI Layers: Address the 100% Key Person Dependency in the Cranelift parser/semantic analyzer (sema.rs, parser.rs) and the wasi/src/p1.rs implementation. Distribute domain knowledge through architectural documentation and pairing to lower the Bus Factor.
2. Mitigate Blind Bottlenecks in Memory Tests: Document the implicit contracts and invariants tested within tests/all/memory.rs and crates/wiggle/tests/variant.rs. Because they serve as structural pillars with near 100% Doc Risk, explicit comments detailing the memory model assumptions will prevent regressions during future Wasm spec updates.
3. Stabilize JIT Configuration: crates/wasmtime/src/config.rs exhibits dangerous volatility. Consider decoupling this configuration hub into smaller, domain-specific configuration structs (e.g., separating Cranelift tuning from WASI capabilities) to isolate churn and reduce merge conflicts.