Local and WASI
Local execution is where agents are built and tested. WASI execution is where the same logic can run with a tighter host capability boundary.
Local development
Local runs may use:
- development identities
- local provider credentials
- in-memory tools
- in-memory vector stores
- local telemetry output
Development identities must remain visibly non-production. They should not be promoted into production deployments.
WASI execution
WASI-hosted agents should receive only the host capabilities they need:
- network access for provider calls, if the host grants it
- filesystem access for specific mounted paths, if needed
- clocks and randomness as explicitly allowed
- tool host calls through a controlled boundary
WASI does not replace Forge auth. Tool tiering, ACT checks, identity, and telemetry still apply.
Good fit
Use local and WASI deployment for:
- conformance runs
- plugin-like agents
- edge-compatible agent modules
- deterministic identity and auth tests
- sandbox-first prototypes