# Install wassette with Homebrew, winget

Security-oriented runtime that runs WebAssembly Components via MCP. Version 0.4.0 via Homebrew; verified 2026-06-15.

## Install

```sh
sudo av install brew:wassette
```

Additional install commands:

### macOS

- Homebrew (100%):

```sh
brew install wassette
```

  Evidence: local Homebrew formula metadata

### Windows

- winget (92%):

```sh
winget install --id Microsoft.Wassette -e
```

  Evidence: Windows Package Manager source index: Microsoft.Wassette from https://cdn.winget.microsoft.com/cache/source.msix

## Package facts

- **Package key:** brew:wassette
- **Package manager:** Homebrew
- **Package manager page:** <https://formulae.brew.sh/formula/wassette>
- **Version:** 0.4.0
- **Source summary:** Security-oriented runtime that runs WebAssembly Components via MCP
- **Homepage:** <https://microsoft.github.io/wassette/>
- **Repository:** <https://github.com/microsoft/wassette>
- **Upstream docs:** <https://github.com/microsoft/wassette#readme>
- **License:** MIT
- **Source archive:** <https://github.com/microsoft/wassette/archive/refs/tags/v0.4.0.tar.gz>
- **Last updated:** 2026-06-15T10:21:23-04:00
- **Generated:** 2026-07-08T07:18:31+00:00

## Executables

- wassette (cli)
- wassette (alias)

## Build dependencies

- pkgconf
- rust

## Install behavior

- Post-install hook: not defined
- Bottle: available on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux

## Freshness

- Page generated: 2026-07-08
- Package-manager version: 0.4.0
- Package-manager updated: 2026-06-15
- Local data: ok
- Upstream repository: https://github.com/microsoft/wassette
- Upstream latest detected: v0.4.0 (current)
## Project history and usage

Wassette is a Microsoft open source runtime and MCP server that exposes WebAssembly Components as tools for AI agents. Its history is short, but it is notable because it applies Wasmtime, the Component Model, OCI artifacts, and deny-by-default permissions to the emerging Model Context Protocol tool ecosystem.

### Project history

The project's changelog records v0.1.0 on August 5, 2025 as the initial Wassette release, adding the core MCP server, SSE and stdio transports, component lifecycle management, policy-based permissions, examples, CLI support, installation, and documentation.

Microsoft's open source blog introduced Wassette on August 6, 2025 through the Azure Core Upstream team. The announcement described it as a security-oriented runtime for running WebAssembly Components via MCP, able to fetch components from OCI registries and execute them with Wasmtime-backed sandboxing.

### Adoption history

As of its early public releases, Wassette is explicitly marked by its repository as early development and not production ready. Its adoption story is therefore mostly experimental: agent developers can wire it into MCP-capable clients such as GitHub Copilot, Cursor, Claude Code, and Gemini CLI, then load Wasm components as tools.

Its significance comes from timing. MCP made agent tools easy to connect, but also raised the risk of giving agents arbitrary local executables. Wassette's answer is to package tools as WebAssembly Components, inspect typed interfaces, and enforce a deny-by-default permission model before granting filesystem, network, or other host access.

### How it is used

Users register Wassette as an MCP server with an agent, then ask the agent to load a WebAssembly Component. Wassette translates the component's typed exports into MCP tools and brokers calls through a Wasmtime sandbox.

Component authors can build tools in languages that target the WebAssembly Component Model, publish them as OCI artifacts, and let Wassette fetch and run them. That makes it a package-oriented security layer for agent tools rather than a general-purpose Wasm CLI.

### Why package nerds care

Wassette is package-nerd interesting because it combines three packaging interfaces that usually live separately: MCP tool registration, OCI artifact distribution, and Wasm Component interfaces. It treats tool installation as something an agent may request dynamically, but tries to keep the runtime authority narrow and auditable.

For the WebAssembly ecosystem, it is a concrete example of the Component Model's promise: tools can expose typed functions instead of ad hoc JSON-over-process contracts, and the host can reason about permissions before executing untrusted code.

### Timeline

- 2025-08-05: Wassette v0.1.0 initial release added the core MCP server, component lifecycle management, and permission system.
- 2025-08-06: Microsoft Open Source introduced Wassette publicly as WebAssembly-based tools for AI agents.
- 2025-2026: Documentation and repository warnings continued to frame Wassette as early-stage, security-oriented infrastructure for MCP and WebAssembly Component experiments.

### Related projects

- Wasmtime provides the underlying WebAssembly runtime sandbox.
- The WebAssembly Component Model and WIT provide the typed interfaces Wassette exposes as tools.
- The Model Context Protocol is the protocol surface through which AI agents call Wassette-managed tools.
- OCI registries are used as a distribution mechanism for WebAssembly Components.

### Sources

- <https://github.com/microsoft/wassette>
- <https://github.com/microsoft/wassette/blob/main/CHANGELOG.md>
- <https://microsoft.github.io/wassette/>
- <https://microsoft.github.io/wassette/latest/concepts.html>
- <https://opensource.microsoft.com/blog/2025/08/06/introducing-wassette-webassembly-based-tools-for-ai-agents/>


## Security Notes

generalized runtime or code generation signal.

- **Geiger risk:** yellow / medium
- generalized runtime or code generation signal

## Source Database Details

- **Source Database:** Homebrew formula API
- **Tap:** homebrew/core
- **Full Name:** wassette
- **Version Scheme:** 0
- **Revision:** 0
- **Head Version:** HEAD
- **Bottle Stable Root URL:** <https://ghcr.io/v2/homebrew/core>
- **Deprecated:** no
- **Disabled:** no
- **Keg Only:** no
- **URL Keys:** head, stable

## Other Package-Manager Records

- winget - Microsoft.Wassette: normalized package name match | Windows Package Manager source index: Microsoft.Wassette from https://cdn.winget.microsoft.com/cache/source.msix


## Related links

- [Source-control packages](https://www.automicvault.com/pkg/source-control-tools/) - Belongs to a source-control command family.
- [MCP tool packages](https://www.automicvault.com/pkg/mcp-tools/) - Mentions MCP or Model Context Protocol.
- [Secret-risk packages](https://www.automicvault.com/pkg/secret-risk-packages/) - Has protected-tool coverage, approval-gate, or non-low Geiger security signals.
- [Terminal utility packages](https://www.automicvault.com/pkg/terminal-utilities/) - Matched terminal and command-line workflow metadata.
- [pkgconf](https://www.automicvault.com/pkg/brew/pkgconf/) - Build dependency declared by Homebrew.
- [rust](https://www.automicvault.com/pkg/brew/rust/) - Build dependency declared by Homebrew.
- [modsurfer](https://www.automicvault.com/pkg/brew/modsurfer/) - Shares av.db curated category or tags: cli, security, webassembly.
- [jailkit](https://www.automicvault.com/pkg/brew/jailkit/) - Shares av.db curated category or tags: cli, sandboxing, security.
- [snyk-agent-scan](https://www.automicvault.com/pkg/brew/snyk-agent-scan/) - Shares av.db curated category or tags: cli, mcp, security.
- [aide](https://www.automicvault.com/pkg/brew/aide/) - Shares av.db curated category or tags: cli, security.
- [aircrack-ng](https://www.automicvault.com/pkg/brew/aircrack-ng/) - Shares av.db curated category or tags: cli, security.
- [amass](https://www.automicvault.com/pkg/brew/amass/) - Shares av.db curated category or tags: cli, security.
- [anubis](https://www.automicvault.com/pkg/brew/anubis/) - Shares av.db curated category or tags: cli, security.
- [authoscope](https://www.automicvault.com/pkg/brew/authoscope/) - Shares av.db curated category or tags: cli, security.
- [bandit](https://www.automicvault.com/pkg/brew/bandit/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, oriented, security, security-oriented.
- [falcoctl](https://www.automicvault.com/pkg/brew/falcoctl/) - Security-sensitive metadata or terminology overlaps. Shared terms: cli, components, runtime, security.

## Combined YAML source

View the package source record on GitHub. [combined/wassette.yml](https://github.com/automic-vault/db/blob/main/combined/wassette.yml)


## Sources

- Nucleus package database
- Geiger risk classifier
- package-page enrichment
- curated package history
- package version freshness
- av.db category and tag curation
- package relationship graph
- external package-manager database matches
- cross-ecosystem install command graph
