WebAssembly System Interface
A standardized, capability-based system interface that lets WebAssembly programs interact with the outside world portably
The WebAssembly System Interface (WASI) is a standardized API that gives WebAssembly modules portable, capability-based access to system resources like files, clocks, and networking outside the browser, without tying that access to any…
Definition
The WebAssembly System Interface (WASI) is a standardized API that gives WebAssembly modules portable, capability-based access to system resources like files, clocks, and networking outside the browser, without tying that access to any specific operating system.
Overview
WebAssembly (Wasm) was originally designed for the browser sandbox, where the host environment — JavaScript and the DOM — already defines how a Wasm module talks to the outside world. As WebAssembly usage expanded to server-side and edge computing, plugin systems, and standalone CLI tools, there was no browser and no JavaScript host to provide that interface, and no standard way for a Wasm module to, say, read a file or get the current time without every runtime inventing its own incompatible system-call API. WASI was created to fill that gap: a standardized set of system interfaces that any Wasm runtime — Wasmtime, Wasmer, WasmEdge, and others — can implement, so a single compiled Wasm module can run unmodified across different runtimes and host operating systems. WASI's defining design principle is capability-based security: a WebAssembly module has no ambient access to the filesystem, network, or environment by default. Instead, the host explicitly grants access to specific resources — a particular directory rather than the whole filesystem, for instance — when the module is instantiated, and the module can only use what it was explicitly handed. This is a deliberate departure from the ambient-authority model of traditional operating system APIs like POSIX, where any process can, in principle, attempt to open any file path and be denied only by OS-level permission checks after the fact; WASI instead makes it structurally impossible for a module to reference a resource it wasn't given a handle to. WASI has evolved through distinct phases: WASI Preview 1 (often called wasi_snapshot_preview1) established the original, POSIX-influenced surface with filesystem, clock, and random-number APIs, and became a widely supported baseline across runtimes despite being labeled a preview. WASI Preview 2 represents a more significant redesign, built on the WebAssembly Component Model and defined using the WIT (WebAssembly Interface Types) language, adding structured support for networking (sockets), a cleaner separation of interfaces, and better composability between Wasm components written in different source languages. This standardization work happens through the Bytecode Alliance and a W3C Community Group, and is a key enabling technology for using WebAssembly as a portable, secure unit of server-side and edge compute, independent of any specific cloud provider's runtime.
Specification
- Capability-based security: modules get access only to explicitly granted resources
- Standardized filesystem, clock, random-number, and (in Preview 2) networking APIs
- Runtime-agnostic: implemented by Wasmtime, Wasmer, WasmEdge, and other Wasm runtimes
- No ambient authority — no default access to the host filesystem or network
- WASI Preview 1: original POSIX-influenced baseline API surface
- WASI Preview 2: rebuilt on the WebAssembly Component Model using WIT interface definitions
- Enables portable server-side and edge WebAssembly independent of a specific OS or cloud provider
- Standardized through the Bytecode Alliance and a W3C Community Group
Use Cases
Alternatives
History
The WebAssembly System Interface (WASI) extends WebAssembly beyond the browser by giving modules a standardized, portable way to access operating-system services. WebAssembly itself is a sandboxed bytecode with no inherent access to the outside world; WASI fills that gap with a POSIX-like interface covering files, sockets, clocks, and randomness, exposed through a capability-based security model so a module only receives the resources it is explicitly granted. Mozilla announced the initiative in March 2019, articulating a vision of "write once, run anywhere" with strong sandboxing. The effort is stewarded by the Bytecode Alliance, formed in November 2019 by Mozilla, Fastly, Intel, and Red Hat. WASI underpins the use of WebAssembly as a secure, language-agnostic runtime for server-side and edge deployments.
Sources
- Mozilla Hacks — "Standardizing WASI: A WebAssembly system interface" (2019) · as of 2026-07-17
- Bytecode Alliance — announcing the Bytecode Alliance (2019) · as of 2026-07-17