Components only have access to what you explicitly grant (e.g. a single directory). They're written in any language (Rust, Go, Python, JS) and pulled from the asterai registry.
Under the hood, asterai is a WASM component model registry and runtime built on wasmtime. You publish a component, set an env var to authorize it as a tool, and asterbot discovers and calls it automatically.
I built this because I think the WASM component model is a great way to build software but the ecosystem is missing key infrastructure (especially an open, central registry). AI agents felt like a natural fit since tool security is a real problem, and WASM sandboxing addresses it by default.
Still early stage, but all functionality in the repo is tested and working. Happy to answer questions!