Omnia

A WebAssembly runtime for
safe hosting of
agent-generated code.

Omnia wraps Wasmtime with ergonomic host services for WASI components — giving your sandboxed code the capabilities it needs without compromising the isolation you require.

View on GitHub Get started
v0.27.0 MIT / Apache-2.0 Rust 1.93+
handler.rs 
use omnia_sdk::{Config, HttpRequest, Result};
use omnia_sdk::api::{Context, Handler, Reply};

async fn handle<P>(
    owner: &str,
    req: MyRequest,
    provider: &P,
) -> Result<Reply<MyResponse>>
where
    P: Config + HttpRequest,
{
    // Your business logic here
    Ok(Reply::ok(response))
}

The Runtime

Host services,
without the host risk.

Agent-generated code needs to call APIs, store state, publish messages, and query databases. But running untrusted code with direct access to your infrastructure is a non-starter.

Omnia bridges this gap. It compiles your Rust handlers to wasm32-wasip2 components and runs them inside a sandboxed Wasmtime runtime — where every external operation routes through typed provider traits that you control.

No direct network access. No filesystem. No env vars. Just capability-scoped interfaces that your guest code asks for and the runtime decides whether to grant.

Runtime Architecture

Agent Code Rust handlers
WASM Component wasm32-wasip2
Omnia Runtime Wasmtime sandbox
HTTP
State
SQL
Auth
Events
Config

Host Services · Provider Traits

Provider Traits

Seven capabilities.
Zero direct access.

Every external operation your WASM guest needs is expressed as a Rust trait. Compose only what you use — fewer bounds means more testable, more auditable code.

Config

Configuration

Environment variables, URLs, and feature flags — without std::env.

HttpRequest

HTTP

Outbound HTTP calls routed through the host. No reqwest, no hyper.

Publish

Messaging

Publish events to Kafka topics with typed Message structs.

StateStore

State

Key-value persistence and caching, backed by the host's store.

Identity

Auth

OAuth and Azure AD tokens acquired by the host, passed to your code.

TableStore

SQL

Typed database queries via sea-query, executed host-side.

Broadcast

WebSocket

Real-time send and reply over WebSocket connections.

Composition, not inheritance.

Handler trait bounds are the union of all capabilities the function calls. A handler that only reads config and makes HTTP calls declares P: Config + HttpRequest — nothing more.

Get Started

From Rust to
running WASM
in minutes.

Build your handlers as a standard Rust crate, compile to wasm32-wasip2, and let the runtime handle the rest.

Browse examples on GitHub

1 Build your runtime

terminal 
# Build with the features you need
cargo build \
  --bin=realtime \
  --features=realtime \
  --release

2 Wire your guest provider

lib.rs 
use omnia_sdk::{Config, HttpRequest, Identity};

#[derive(Clone, Default)]
pub struct Provider;

impl Provider {
    pub fn new() -> Self {
        ensure_env!("API_URL", "AZURE_IDENTITY");
        Self
    }
}

impl Config for Provider {}
impl HttpRequest for Provider {}
impl Identity for Provider {}

3 Deploy

terminal 
docker build \
  --build-arg BIN="realtime" \
  --build-arg FEATURES="realtime" \
  --tag ghcr.io/augentic/realtime .

Built on

Wasmtime v42.0 WASI Preview 2 Rust 1.93+