Automic VaultAutomic Vault

brew

Install wassette with Homebrew, winget

Security-oriented runtime that runs WebAssembly Components via MCP. Version 0.4.0 via Homebrew; verified 2026-06-15.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install wassette

local Homebrew formula metadata

Windows

Windows Package Managerverified · 92%
winget install --id Microsoft.Wassette -e

Windows Package Manager source index · Microsoft.Wassette · source: cdn.winget.microsoft.com

overview

Package summary

Security-oriented runtime that runs WebAssembly Components via MCP

Commands and aliases

  • wassette

history

Project history and usage

Wassette is a Microsoft open source runtime and MCP server that exposes WebAssembly Components as tools for AI agents. Its history is short, but it is notable because it applies Wasmtime, the Component Model, OCI artifacts, and deny-by-default permissions to the emerging Model Context Protocol tool ecosystem.

Project history

The project's changelog records v0.1.0 on August 5, 2025 as the initial Wassette release, adding the core MCP server, SSE and stdio transports, component lifecycle management, policy-based permissions, examples, CLI support, installation, and documentation.

Microsoft's open source blog introduced Wassette on August 6, 2025 through the Azure Core Upstream team. The announcement described it as a security-oriented runtime for running WebAssembly Components via MCP, able to fetch components from OCI registries and execute them with Wasmtime-backed sandboxing.

Adoption history

As of its early public releases, Wassette is explicitly marked by its repository as early development and not production ready. Its adoption story is therefore mostly experimental: agent developers can wire it into MCP-capable clients such as GitHub Copilot, Cursor, Claude Code, and Gemini CLI, then load Wasm components as tools.

Its significance comes from timing. MCP made agent tools easy to connect, but also raised the risk of giving agents arbitrary local executables. Wassette's answer is to package tools as WebAssembly Components, inspect typed interfaces, and enforce a deny-by-default permission model before granting filesystem, network, or other host access.

How it is used

Users register Wassette as an MCP server with an agent, then ask the agent to load a WebAssembly Component. Wassette translates the component's typed exports into MCP tools and brokers calls through a Wasmtime sandbox.

Component authors can build tools in languages that target the WebAssembly Component Model, publish them as OCI artifacts, and let Wassette fetch and run them. That makes it a package-oriented security layer for agent tools rather than a general-purpose Wasm CLI.

Why package nerds care

Wassette is package-nerd interesting because it combines three packaging interfaces that usually live separately: MCP tool registration, OCI artifact distribution, and Wasm Component interfaces. It treats tool installation as something an agent may request dynamically, but tries to keep the runtime authority narrow and auditable.

For the WebAssembly ecosystem, it is a concrete example of the Component Model's promise: tools can expose typed functions instead of ad hoc JSON-over-process contracts, and the host can reason about permissions before executing untrusted code.

Timeline

  • 2025-08-05: Wassette v0.1.0 initial release added the core MCP server, component lifecycle management, and permission system.
  • 2025-08-06: Microsoft Open Source introduced Wassette publicly as WebAssembly-based tools for AI agents.
  • 2025-2026: Documentation and repository warnings continued to frame Wassette as early-stage, security-oriented infrastructure for MCP and WebAssembly Component experiments.

Related projects

  • Wasmtime provides the underlying WebAssembly runtime sandbox.
  • The WebAssembly Component Model and WIT provide the typed interfaces Wassette exposes as tools.
  • The Model Context Protocol is the protocol surface through which AI agents call Wassette-managed tools.
  • OCI registries are used as a distribution mechanism for WebAssembly Components.

security posture

Risk level: yellow

generalized runtime or code generation signal.

Risk classifier

yellow risk · medium confidence · runtime

Why

  • generalized runtime or code generation signal

Signals

  • text:runtime

Install behavior

  • No Homebrew post-install hook is recorded in formula metadata.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Build metadata lists 2 build dependencies.

Recommended review

Before unattended agent use, check whether the tool reads plaintext credentials, writes remote state, publishes artifacts, or shells out to plugins.

executables

Installed executables

CommandKindExposureNote
wassettecliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version0.4.0
manager updated2026-06-15
local dataok
upstreamcurrent
latest detectedv0.4.0

https://github.com/microsoft/wassette

  • okNo freshness warnings were generated.

install metadata

Package metadata

Package keybrew:wassette
Version0.4.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/wassette
Homepagehttps://microsoft.github.io/wassette/
Repositoryhttps://github.com/microsoft/wassette
Upstream docshttps://github.com/microsoft/wassette#readme
LicenseMIT
Source archivehttps://github.com/microsoft/wassette/archive/refs/tags/v0.4.0.tar.gz
Last updated2026-06-15T10:21:23-04:00
Pulseupdated
Build dependenciespkgconf, rust
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installnot defined
Servicenone declared

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namewassette
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

winget95%

Microsoft.Wassette

winget install --id Microsoft.Wassette -e
  • normalized package name match
  • Matched by: Wassette
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: Microsoft.Wassette from https://cdn.winget.microsoft.com/cache/source.msix

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment