Mashin is designed with a modular architecture, consisting of several core components implemented as Rust crates. These components include:
mashin: The main command-line interface (CLI) for executing the runtime. This component serves as the entry point for users interacting with the Mashin engine.
mashin_core: Provides the core functionality for the Mashin engine, simplifying the runtime.
mashin_sdk: Exposes macros and traits to streamline the process of building and shipping new providers for the Mashin engine.
One of the key features of Mashin's isolation mechanism is its fine-grained permission system.
By default, the engine restricts access to all external resources, such as environment variables. To grant access to a specific resource, users must explicitly allow it using command-line flags. For example, to access an environment variable, the user must use the
mashin run --allow-env=API_KEY https://mashin.land/test/create_namespace.ts
This permission system significantly reduces the risk of data leakage and ensures that the execution environment remains secure and controlled.
Additionally, it is worth noting that the V8 engine used in Mashin is not linked to the Node.js ecosystem. This design choice further enhances the isolation and security of the runtime environment, as it avoids potential vulnerabilities and dependencies associated with the Node.js ecosystem.