1:59 Hello, and welcome back to the Rawkode Academy. This is an episode of Rawkode Live where we take a look at all the latest and greatest open source Cloud Native projects to help you on your Cloud Native journey. And today, we're hooking in a little bit of AI, which I'm sure is no surprise to anyone in 2025, and we're taking a look at how to make MCP more secure. We have a new project called Wazette, which you may have seen me fixing a typo in the headline. I hope the Microsoft people did notice that on the intro.

2:27 Let's say hello to the team from Microsoft joining us today. Hey, y'all. How y'all doing? Hey. How's it going? Did anyone notice a typo and me frantically fixing it or I just No. It's a Alright. Perfectly flawlessly executed recovery. Nice. Alright. Can you all please just take a moment to say hello and introduce yourself to the audience? Absolutely. So yeah. Oh, sorry. I'll I'll I'll go and tap right. Right? So Josh Duffy. I'm a senior cloud advocate here at Microsoft. One little fun fact I'll leave with everyone about me is I'm relearning to type on this,

3:09 and Josh is in the same boat as me. So it's a very painful process. Hopefully, it'll be worth it. But, yeah, that's just a fun fact about me. Joe, over to you. Hey, everyone. So Joe here, and I also go by, alias Mosaka. And I am a software engineer at Microsoft, and I'm based on Seattle. And I like to code, and, I'm a main maintainer of the Wasat project. I'll go next. Hey. Hi. Hi, everyone. I'm Josh. I just like Josh. So we we have two Josh's on the team, which is a little confusing, but I'm I'm the other one.

3:49 I also work as a developer advocate in Azure. I also am involved with Wazi directly. I co chaired Wazi subgroup in the W3C, and I'm involved with the Rust project as well. So I am not officially a lang team member, but, I am part of the async working group, which is under the Rust language team. So I also help develop programming languages. That's another thing. And, yeah, I I got Josh into, like, the teeny tiny keyboards, which I've also not the best at, but it's very fun. Alright. Thank you for taking time to introduce yourself.

4:26 I've got three points on that. One, I didn't realize we were now gonna be fixing all of my Tokyo problems. Well, thank you for joining us for that because, you know, hang around. The other one is I'm also trying to navigate this, like, keyboard world, but I won't do it on a stream. I'm not gonna do that in front of anyone. And I have not went as tiny. I I still like 80%. I I struggle to go less than that. Maybe maybe there needs to be a mechanical keyboard podcast. I'm gonna have to speak to

4:53 you too after the show as well. It's gonna have to happen. We'll be frequent guests. Yeah. Yeah. Because, obviously, it's easier to talk than that as to type in any of our keyboards. So I think it's a fitting medium. And lastly, you know, we've all now mentioned WebAssembly or Wazee to some capacity, but I thought we were here to talk about AI and MCP. So I think that directly leads us into what is with Zet and what are we gonna be looking at today? Who wants to tackle that? Well, I can begin. So be before I talk about Zet, I just

5:27 wanna talk about kind of the transformations we've seen in the last two years about AI. It used to begin with the AI chatbot. Like, everyone uses ChatGPT, but now we've seen the rise of AI agents. They have memory. They can use tools. They can do sorts of plannings. And so how do AI agents use their tools? Well, there's a protocol called MCP or model context protocol, and I think a lot of people have heard about it. You can think of it like a USB C for AI just connects to different type of services and tools,

6:04 and your LLM is able to invoke those tools and do a bunch of things for you. So they are they are more organic in that sense. And MCP is open protocol that's supported by all major vendors, including Microsoft, OpenAI, Anthropic, Google. So it's not just one company dominates. And when I got into MCPs, I was really interested in the security side of things. And and after I've done some research, I found there are some security vulnerabilities that are concerning. So one of them is prompt injections. And this is pretty unique to the AI field where because the LLMs

6:53 can hallucinate and there's no, like, 100% guarantee that they would know your intentions. So malicious actors can treat the AI agents with clever instructions. And I found there are other type of security attacks like common in traditional softwares, like over permissioning and supply chain attacks. So I was thinking, okay, maybe I can do something given my kind of background working the WAVs and sandbox in the past. And, maybe we should have something that constrain those tools, third party tools, not having them all the permissions to access your systems. So that is Westat. Westat is a security

7:35 oriented MCP server that runs your AI agent tools in WebAssembly components. Its core job is to act as the security guard between AI agent and the tools it wants to use. So that's it. Alright. Awesome. Yeah. I think the security thing with MCP is, you know, is is definitely paramount. I mean, I've often seen people saying that, you know, the meme on social media is that they've spelled MCP wrong because it's RCE, And there is an aspect of that. Right? You can do you're given these agentic workflows, but then everyone else has access to those MCPs. And with remote MCPs, obviously,

8:21 things can be a little bit skidier depending on how you operate them. But, yeah, we're giving these things a lot of abilities. We're giving them the ability to speak to our email. We're giving them the ability to speak to our calendar. We're them the ability to speak to all of our SaaS services our file system and a whole bunch of other stuff. And when I again, just speaking from my own experience, when I seen the Wizzette project was announced, I was so glad to see that someone was taking a different approach to it rather than

8:49 just running MPX, BunX, and then these other Exactly. Yeah. That deployment mechanism filled me with dread because I mean, especially this week alone with their two major NPM vulnerabilities, CVEs, because accounts were fished. So people publish malicious packages, very popular packages. Now they were caught quickly, but, you know, if we're distributing binaries, MPX is not the right way to do that. And I think, you know, OCI exists. These things can be saying they have s bombs, and we have WebAssembly for the ability to run untrusted code, which is a long way of me saying, like, I'm just so excited when I when

9:29 I seen the Rawkode Academy. We I published a a blog just about the project in general because I was so excited about it. So I'm so glad that we get to sit down and hopefully share my excitement and your excitement with the audience today. Now oh, no. Please go. On your go. I'm I'm so glad you you recognize that. Like, it's scary to, like, look at, you know, the way things are deployed. And, like, security doesn't really seem to be a priority for how a lot of, like, these plug ins are, like, being developed. So for you

9:58 to say, like, hey. I see what you're doing. And, That's great because it's sandbox and secure. Like, oh, makes me so happy. So thank thank you for, like, recognizing that because we're we're sitting over here, also, like, hey. This this needs to improve. Right? Yeah. I think I I always try to look at it for multiple lenses. Right? Now my background is in the container space. Right? I've been using Kubernetes since almost day one, and, you know, we've always had container images that we ship. And, you know, those were wild back in the day too. Right? You used to just

10:27 docker run anything, but at least to run-in a kernel native container namespace. Right? It's it's a sandbox. But then you jump over to the front end world or the full stack world and, like, you know, to deploy anything to Cloudflare. Mhmm. The way that they tell you to install Wrangler is by NPM install or MPX Wrangler. And this is a Rust binary. And I'm like, why are you doing this? Like, either tell people to cargo install it because at least then I'm compiling it myself. It's coming from the repository. There's some guarantees. Tell people to use Next. This is the

10:58 solved problem. Well, there's lots of other Next problems, which I'll run about later probably if we do the demo. They're diff they're they're they're wasteful. There's OCI. Right? Like, I'm like, these are all solved problems, but for some weird reason, the default distribution for many binaries these days just seems to be MPX, MPM install. And it's very, very frustrating, especially when Homebrew is right there, and it's using OCI under the hood as well. I'm like, there's so much best practice everywhere. Security has been a big deal for a number of years. We're trying to solve this. There's

11:28 s bombs, and, you know, we've got all these different frameworks we can use to for supply chain, but the NPM world has been oblivious. And I hope that the two different things that happened this week had a bit of a kick up the arse for these people to go, okay. We need to stop using NPM as a distribution channel. That's my rant finish. I'm not going to anymore. But things need to improve. And I think with that especially with the AI adoption. Right? Everybody must be at this point using AI at some point in their development pipeline, whether

11:57 it's to help them write PRDs, whether it's to speak to their project manager and they wanna summarize get history, or whether it's even just to have agentic workflows. And MCPs are gonna be a big part of this. And not just development. I know we're speaking to developers today because we are developers and developers watch. But AI really can augment every part of our day to day beyond code as well. So I'm I'm really pumped for where was that could go. I wanna tackle one thing before we get into the demo. Right? Because I, again, love WebAssembly and talk about WebAssembly

12:27 at every conference to anyone that will listen to me. But the first question is always, well, how can I do it in WebAssembly? It's a browser based sandbox. Can we dive into the implementation detail? How are we able to do things with MCP and with that on WebAssembly in a way that allows people to actually do real stuff? I think this is a joke question. Yeah. So I think you're right that the first impression would be WebAssembly was designed to be running the browser, and that was actually the original design goals. But over the years, people have found that

12:59 the same principles that, you know, applies to sandboxing on trusted code in the browser can be very useful in the server side as well. And for example, portability, secure by default sandboxing, those are all, like, characteristics we want in running server side code. And so people started to bringing WebAssembly back to the server. And one of the core issue there is, obviously, you have to talk to the operating systems, be able to make system calls. And that's where WebAssembly systems interface comes in or shorted as WASI. So Wazee is this, like, virtualization layer where they provide the system cost to

13:41 WebAssembly modules where they can talk to the system and access system resources, like systems clock, manipulate file systems, or make outbound network calls. So for from the developer experience side, you just write your code or in whatever language like Rust, in Go, or in Java. And then you might use a feature in their compiler or alternative compiler in the Go case. TinyGo would be a alternative compiler, and then you compile your code into WebAssembly and with Wazy interfaces. That's how you run those Wazyam modules. Oh, and in addition to that, you have a a runtime,

14:28 and a popular runtime would be WazyamTime. They provide the best in class securities guarantees, and they supports they're extremely portable to all sorts of hotwares. So it can run those WebSocket modules in WatsonTime, and they provide you the YZ host functions for you to access the the systems. Nice. Alright. Let's pivot a little bit then. What do you see stab at kind of, like, condensing a little bit. Would that be okay? Of course. And then I I'll run it through Josh and Joe. So I have the least experience with these technologies too. And so sometimes I like to be,

15:12 like, the somewhat silly synthesizer, so to speak. So, anyway, if you can compare it, because a lot of people are familiar with containers. And so you you have Runtime. You've got Docker and Docker daemon that's gonna run the container, and then you have the container. And if you were to look any deeper in that, you have layers that consist of the file system most typically, and then you have the configuration file that determines the run like, gives the runtime information about how it should run, resource constraints, whatever. And but it's still full operating system as

15:41 well as, like, the file system is concerned. So if you go over into the Wazi world and you're already gonna create a modular, what's also called a component, and Josh can dive into that later on, think of it as like a single process that is that exists now, and then that's gonna run your code. So we move from, like, a whole VM to a container, like multiple operating systems on on it. And now we're down to the process level with WebAssembly. And then so that's where Joe was talking about with the Wazee. It's that process now

16:07 can talk back and forth with system calls back and forth. And if you look into the code for Docker, that's what the containers are also doing too. They're making system calls to create the namespace to do all these different things. And so now we even have a super, super small footprint where a lot of the code that we write, especially in the MCP space, isn't a lot of like, it doesn't need to be so robust. It doesn't need the whole functionality of a container or a virtual machine. And the business logic can be more tightly bound and

16:39 constrained, and you don't have to bring in so many extra things. And then with the runtime, we can actually grant whatever system calls that are going in there. So if you're gonna run, like, a a standard in, standard out, you can pass that into the runtime and say, hey. Allow these things. But by default, it doesn't let you. If you open a container, it's gonna let you do whatever the file system has there, the commands it has, the network calls it makes. Where with the WebAssembly and the the runtime for it, it will you have to explicitly state what

17:10 capabilities you're going to give it. And so that makes it just even better option for MCP because now we have to be very explicit in what it can do and what it and by default, it can do nothing, which is a reverse pair a reverse environment of what we're typically used to where it's, like, everything included. So, hopefully, that is a better not a better, but, like, a an overview. Right? Awesome. Yeah. Definitely. I think that's definitely valuable, so appreciate it. And Sorry. One last thing I wanna make sure that Joe gets to bring is, like, how is it doing all this

17:44 stuff, Joe? So we've got an MCP and it communicates over, like, JSON RPC or something. Right? And then, like, how is that breaching into the component actually running and going back and forth? Because that's a really critical piece to to mention. Alright. I will point out Brian had a comment. The same was that isolates agents and limits the reach or exposure of the host with better than full resource access. Yeah. I mean, that's a and a and a one liner. Right? Yeah. What I will say then is just to be balanced. Right? Now I've already said that MPX NFN is a.

18:17 Right? We really just don't want people doing that. But it's not fair to omit the fact that you can also run a lot of these as a container as well. Right? You can do pod man run, docker run, and it's like that. What I'd like to try and do for the audience is let you three explain the differences between running an MTP as a container versus running something as a web assembly or via. Right? Is there any explicit benefits that people should be aware of a good on this model versus running the containers or just and a caveat or, like, surround

18:48 that by an even broader question is, like, do you see a future where all MCP servers are written using WebAssembly or do you still see a hybrid in the future with containers? I I kinda wish there was that future. Like, you know, it's it's hard to predict the future, but like, do we want that to be the case is probably for a large part. So my colleague Aaron has really nice analogy that he's been like using for the benefits of WebAssembly for workloads like these. So, you know, originally the unit of virtualization was VMs that you

19:26 could run like how many VMs per machine, two, three, you know, on a laptop ten years ago. That's when I started programming. I was like, okay, that's kind of pushing it, right? I had like two or three VMs. And then Docker came along and I was like, oh, wow, we get to like run a bunch more of these. Maybe 10 is doable. Right? And I know these days, like you can get into the, maybe like the low hundreds if you like really know what you're doing. You've got these hyper optimized containers. But WebAssembly is a step up from that where you can

19:56 run thousands in parallel on a machine like no problem, or you can spin them down because you know like spawning WebAssembly thing is I think in the microseconds. So you go from nothing to like a running instance of a Wasm like component in like no time at all. And then you spin it back down, that's gone again. So the MCP model, if you want to secure that typically what you do is you would get a container which is spin that thing up, it takes a couple of seconds and then probably you keep it around for the lifetime of whatever session you have.

20:32 At the end of it, you spin it back down And that can take several gigs of memory. You don't want to have too many of these like running in parallel because your system resources will be constrained. Maybe you'll instead resort to a security model where you, I don't know, have a big VM and put all your MCP servers within that sandbox. So you don't sandbox per MCP server, but you sandbox all of them at the same time. With Plasm components, it's like, you're paying nothing for security. It costs like nothing to run. So everything is in its own individual sandbox with fine

21:07 grained permissions everywhere. And like, that just seems like, you know, we we have it now, so that that seems like the right model. Yeah. Yeah. I'm gonna double down on that because I feel like I find my people. Right? I'm I've I've always been in the container space, I see the power of WebAssembly. And I'm gonna mention from the team. As you said, you know, the invocation is is is microseconds. He's been as bold to claim that you can measure WebAssembly startup times or invocations in nanoseconds. Your 50 percentile might be microseconds. So but you can definitely get it right

21:43 down, right, because that really is shut back. Not only that, container images are huge. I mean, even if you optimize the absolute everything out of a container image, you're probably still not getting less than 50 meg, and that's for a real image. You can get it smaller for, like, hello world, and you go into, like, assembly code. You can get it smaller. But why we're not doing that. Right? We're trying to ship real production software. So, realistically, your container image is gonna always be 80 plus meg. And, you know, WebAssembly components shipped as wasm by code

22:12 is megabytes. Right? It's it it can be. Again, it comes down to use cases, what you're building, but they're much, much smaller. And we get all the same convenience mechanisms. We can distribute all of this stuff over OCI. So, like, I'm super bullish on WebAssembly for everything across the board, and I think this is a fantastic use case for it as well. WebDAT extra paradigm and the the extra cam the the sandboxing. Right? Like, the fact that you can use the component model to say, yes. You have access to HTTP, but you can only speak

22:40 to these domains. Mhmm. That is really hard to do in the container world. Really, really hard to do. So there's just so much value here in the WebAssembly model. And I I share a vision for the future where hopefully everything does move that way. Yes. But it's a it's a long road and it's a tough sell, but I hope we get there. Yeah. Like, for for us, the challenge with WebAssembly is we're essentially in a rewrite the world sort of situation where we're not a lot of people working on WebAssembly are former, like, Rust programmers, like, working on Rust

23:11 itself. And, like, the the joke that we have between us, it's like, yeah, with Rust, we boiled the ocean once where we introduced a valid, you know, competitor to c plus plus So now we're on our on our second round to, like, go to a different ocean and boil that one by, like, building, you know, the underpinnings of of everything that goes underneath the programming language. We really hope that we can do it because it would be great. But it's an enormous amount of work. The challenge with this stuff is you know, have these technical foundations that must be solid

23:44 and then we built those out and then building out the entire user experience on top of that tends to be tricky. So one of the things, for example, that we're like really excited for, but we don't have is on a per component or per binary basis, it would be lovely if it could declare upfront like, hey, this binary doesn't just want to like talk HTP. This binary declares upfront that it, you know if it's a GitHub client or something that it will talk to gitup.com and nothing else. And like things like that would, you know,

24:17 yeah, yes, yes. So we're trying to steer that way and like do more things and we're not there yet, but you know, we're trying to get there. Awesome. Yeah. I can also provide kind of a personal anecdote for containers versus WASM. When I started doing was SAT, which is WASM based isolations for MCP tools. At the same time, I'm also thinking about other isolation technologies out there, virtual machines, containers, and WASM, even programming a runtime based isolation like DNO. And when I look at all of those isolation and virtualization technologies, I actually try them out

24:56 to virtualize the MCP tools. Because to me, the primary goal is to constrain them, right? So container can constrain them, WASM can constrain them, virtual machines can shrink. They all have pros and cons, it's all like a trade off. Like for virtual machines, you get the best in class security guarantees. There is a virtual machine boundary out there. This is the strongest guarantee you can get, but also it suffers from huge binary size and slower startup time. Typically, startup time will be in the late levels of thirty seconds or even two minutes. And with containers, you get faster startup time.

25:38 And we talked about this in WASM. You get microsecond startup time there. And also what's really interesting to me is how easy it is for WASM to have those policies for MCP tools. So I worked on a policy standardization called PolicyMCP, and they can define permissions like file system access, network access, environment variable access, CPUs. And those are very similar to the volume mounting in Docker or the Wazy file systems in Wasm. And what I found really easy to set up is how you can intercept outbound HTPs. Like for containers, you actually have to either modify the IP tables and set up

26:31 a proxy container, and then you can have a proxy to kind of do your traffic controls. And that's kind of hard for every MCP service out there. You have to have a sidecar container basically running to control traffic. But for WASM, everything happens within the process, and the host can, because they virtualize the entire network stack, the host can easily be set up to intercept your outbound traffic. And you can just declare it in this static policy file and it just works. And so so much easier and so less memory footprint and less complexity in terms of

27:13 management. So because you don't have a second container you have to manage. So that's kind of the trade off there. Awesome. I mean, I I think the message is simple to anyone watching. Right? Just get on the WebAssembly train. Come on. Alright. Before we dive into the demo, let's just send us let's why have I got no words today? It's a Friday and it's late. Let's set the scene. What can people do with Wizzette today? So Wizzet is, first of all, it's a MCP server. So just like any MCP servers, you need to run Wizzet and it provides

27:58 both standard IO and streamable HTTP transport. And the easiest one to get started with is the standard IO. And because it's MCP server, it pumps it works with any MCP compatible clients like Versus Code, Gemini, Cloud Code, Codecs, and a bunch more agents out there that supports each MCP. So you start running Wazad as MCP server, and you can then they provide, some building tools for the AI agents to dynamically load components. And they can either load components from the local file system or from the OCI path. And that's what's interesting about Wazette. It supports

28:47 component in the OCIs so you can apply everything you the best practices in terms of supply chain security in OCI registries. So for example, the image can be signed, and there is SBOM. You can do a scanning of the dependencies there to find if there is vulnerabilities. So you can tell the AI agent, hey. Can I load this tool dynamically from this OCI path? And they will install and they'll fetch the tool from a third party source. And when the when the a AI agent runs the tool, if the tool wants any permissions to access

29:24 external world, such as your file system or make an outbound HTTP request, it will just say, hey, I don't have the permission to do that. Can you grant me the permission? And the AI agent will call another tool called grant permissions, and this is a granular permission control in Wasat that you can say, I want to grant this file system path access to this specific file or this specific directory to access, or I want to grant this host domain for the tool to access. So this is we want the experience to be similar to the experience you see in iOS. Like, whenever

30:07 your phone wants to access photos, you grant that permission with approval. And this is what Wassad is doing. It asks the user to grant permissions to for the tool to access the system resources. And once it granted, the agent is ready to make the request and can use that tool. Alright. Sounds amazing. I think we should show the people how it works. We're good? Anything else? No? No? Alright. You know, I'll just let you go. All my back. Come on. Alright. Let's move over. Let me pop my screen on here. And I have gone ahead and just pulled

30:51 up the repository and the documentation. So I will zoom in a little bit here. So you can go to github.com/wizzette where everything that you need here is explained. We're not gonna waste any time on that. We just wanna go straight to actually running this and see how it works. You can click the link on the right hand side that brings you to the documentation using, obviously, the Rust doc book, MDBook. I can't remember what it's called, where you can see how to get started. And then I'll just, you know, pat myself on the back and say that the next

31:22 instructions are here. Without them, I would be screwed. So Thank very much. However, I'm gonna moan at you all because Uh-oh. I did try to run my flake, and y'all broke it. Uh-oh. Sorry about that. So the inputs need modified because there's some sort of new files that seems to be added to the repository that's indeed some sort of JSON file. Component registered JSON. So I'll fix that later. So I have instead just jumped into my my local clone of it and and done a compile. I am really hoping that we should be able to run it

32:04 and we get help. Right? Okay. So we're in a position where we have the. Of course, you don't need to be running this on Next yourself. The instructions are there. You can use Homebrew for all you sane people that are running a crazy operating system. Cool. So let's run it. If I'm not taking the right path that you would all use to demo this, do let me know because we're not working off any I don't think there is a get started gate. Right? You just kinda die straight in. So I'm just gonna go for We could do a serve, and I think

32:38 it requires standard IO. No. Am I wrong? Is that the standard IO one? Alright. Okay. So we're now running flag, but yeah. Sorry. Can you say that again? Oh, the s t d I. It'd be a flag, hyphen hyphen, and then that would start the s t d I o. But I think it defaults to that, and then you'd have to do or does it default to SSE? Oh, is there is there a transport flag? Yeah. Oh, no. Alright. Okay. Alright. Okay. Alright. Standard IO. Yeah. So you can do SSE or standard IO or a streamable HTTP.

33:06 Alright. Cool. So that that's it. It's working. Right? Job's done. Demo's finished. We can go home. Sure. Sure. Obviously, we need some sort of agent. Do you say you have a preference? I think I've got them all. What what agents are you all using? Any Microsoft branded one would be great. Okay. Anyway you prefer, really. Yeah. I mean, the only the only Microsoft one would be Copilot and and Versus Code. Right? There's no CLI agent yet at the moment. Is that right? No. I don't think so. Alright. Let's just code then. By the way, if you prefer a different

33:49 one, just, like, feel free to. I was mainly joking. It's alright. I have them all. Okay. But to be honest, it's gonna be a lot easier to configure it for Versus Code. So we can in fact, I already have it running. Right? It should be. Or Well, so because you're running the STD IO Oh, okay. You have to, like, you have to run what's set in the m c p dot json in Versus Code. So that's how they kind of run MCP servers there. I thought I had it already. Yeah. I do. I'm pretty sure I have it in my

34:30 global one with servers. Was that stopped? Start. Alright. Okay. We're not doing it. Let's go here. Yes. So if I do MCP, I've only got contact seven right now, so we need to add this. So, yeah, I don't need to be running this right now because we're using standard IO. So what I want to do is do clot MCP at was that we then need to use transport and say standard IO, and this is just going to run target debug was that standard no. Serve standard IO. I think that's right. We have a guide for Claude up on

35:21 the repo. It gives you It's okay. It was just parsing the the flag. So I think we should be good, but we'll see. Perfect. Alright. We have Wizz Air. So we can click on this, and it tells us it's connected. It shows us the command and the ARGs, and we can view all the tools, and we can see the tools that you've already been. Is that big enough? Do you just want me to zoom that in? Looks good to me. I can see it fine. Yeah. Alright. Okay. Perfect. We can see the tools that was set provides, load component,

35:50 unload component, list components, get policy, grant storage permission, etcetera. If we So these are the the built in tools? Yeah. We we haven't actually added any real functionality to do with that yet. Right? There's nothing I could really do with this except for ask it to go and load a component. Is that correct? Yeah. Correct. Alright. We could look at the load component tool. We can get the description. Of course, this is not very useful to us at the moment. You you don't have search in it. Right? Not yet. No. Not in the No. Got

36:22 it. Got it. It's coming soon. Yes. Oh, search components. Oh, there you go. Oh, you built from main. So, yeah, you do have it. Yeah. Because I couldn't run my fleet. Remember? You broke it. I'll try to be less snarky now. Sorry. No. No. That's fine. I I tried to use the search. Yeah. I'm I'm sorry. It's my fault, really. I should have to see ICD workflow to make sure that the flake was valid on every push. I did not. So we'll fix that and make it properly. Now the only way I know to add tools is to come to the

36:59 examples where I just read the README for each tool. Is there a Check out the new search that we just added from the main. So this isn't released yet, prerelease. So go back to your terminal and just call the search component tool from Waset. In fact, I'm gonna try it in natural language first rather than being very explicit just to see if Claude is gonna pick that up. So Try try what is the current time? I mean I mean, I I know I went from let's not be too explicit to a middle lane, but you're just way out there. Let's

37:40 see if it figures it out. I mean, surely it's gonna just shell out and run date. Yeah. Oh. Oh, bash. Dirty. Dirty. Side trick. Could we do this with with that? List component. Okay. That's a good start. Alright. So it's making this first tool call. Mhmm. Mhmm. Oh, there we go. Isn't that nice? Yes. So this is just brand new then. Mhmm. This this is cool. The implementation is a single file right now. So we have, like, fake search, which is like a static index. Well, that was that was gonna be my question. That's sort of a registry that I'm

38:28 not aware of here. I mean, I know that GitHub was this just yesterday. Right? Yeah. Just yesterday. Yeah. Added github.com/mcp. Oh. Which is good. Right? Now we have a trusted place we can go to get a list of MCP servers that hopefully aren't compromised. So it's fantastic. But then we're not adding the MCPs to Bizzet. Right? We're adding components. So Right. As a there gonna be some sort of web interface for that, or, like, what's what's your plans for this? So we're we're still trying to figure out exactly what shape it should take. But generally,

39:02 everyone I've talked to is like, yeah, we should have, like we should centralize discovery even if we don't necessarily want to centralize hosting. So right now, we what we've done is we've checked in, a single I think it's a JSON file that just lists, like, a bunch of, like, known locations for components. Oh, that's the one that broke the flick. That's right. That's what I said. It was me. I'm sorry. You know? But, like, ideally, that'd be like some sort of, like, trusted endpoint that, you know, people can, like, upload their their thing to and are

39:34 like, hey. Here's the OCI URL, and this is what the component does. Feel free to, like, get it there, you know, and then, like, that becomes dynamic and and yeah. Nice. Okay. Cool. So it's now loaded the component. So it's gonna do a last, I guess, just to make sure that that worked. We can expand that to see that it is there, which is good. I wonder if it's gonna go ahead and do the well, it's getting get policy. Mhmm. It's configuring the time server to allow it. So it's not directly available. Alright. Okay. What was it? Is it getting confused there?

40:17 Oh, it's doing bash l s l a plugin slash? Yeah. Think it's trying to find the code. So it tried to run get policy, and it said there was no policy. I'm not gonna let it go into the examples directory. So it says it's not directly available, and I wanted to get a policy. Is that the right thing that it should have been done there? Can we guide it in the right direction? Or do I just tell it to use the tool? Can you try restart the cloud? You want me to restart the MCP? Oh, no. Just, like, exit the session and

40:53 just call cloud again. Oh, yeah. I can do that. It's gonna use the assistance again. Right? No. Mhmm. Oh. It got it. There we go. Hey. I think what happened here is cloud so when whenever Wasat dynamically loads the tool, it will notify the agent that, well, the tool list has changed. And some AI agent don't haven't implemented that feature yet. Like, they haven't, like, they haven't implemented the feature to get notified by tool list change and update their available tools because this all happening in the dynamic. So this might be something that is, like,

41:49 missing from the cloud code. Ah, so if we do MCP was at view tools, there we go. That's the first tool. So the local time one is now there and available. Alright. I'm curious then. If we come back to the examples, we've done time. Let's do weather. Right? This is gonna have to make a HTTP request. And we can also just so in the event that there's no registry right now and there's no search on a tagged release. Mhmm. We could just tell it to load a component, and this is gonna be smart enough to know that it

42:21 goes through the Wizard MCP to pull down our new component. Right? It's hard. I know. The nondeterminism of the AI world. You never know what you're gonna get, but at least I could pick that up just fine. And I'm curious to do the less tools and see if this is immediately available or not with Claude. So I'll take a look. What what's interesting about this component is in order to get the weather, you have to provide a API key for the weather service or otherwise, you won't be able to work it. Oh, it's alright. I'll find an API key.

43:00 I'll try a BC123 if that may work. Alright. Let's check the tools first. Yeah. Okay. So it doesn't seem to have that Mhmm. Dynamic reload feature yet that you were talking about. But if we hit reconnect oh, we have GetWeather. Okay. Cool. So let's see what happens then. You've told me that it needs an API key. So what's the weather in Bellevue, Nebraska? That's where you're based, I take it? No. I'm in Scotland. Oh, okay. Hey. It's just a just stuff we were talking about earlier before we went live. Alright. So we did an open weather API

44:01 key. Just tell it to make one up. Let's see if it works. Ah, that's just interesting. Alright. So it's now entered into the permission model where it's like, do we grant this tool access to an environment variable? That is very nice. I like that. I mean, that environment variable doesn't exist, but that's cool. I'll I'll just say no. I don't trust you. Alright. Let's go through one more example then. So I guess if we just do regular fetch, if we can do any web page that we want. Right? And we're gonna get some sort of host

44:37 based permission system. That's right. Love this project. It's like so we we we like to say it has an iOS like permission model, but I think it's fair to say we might be more fine grained than iOS even here. So something that I personally care about a lot is I wanna make sure that my data doesn't just randomly get uploaded to places I don't trust or I don't know about. On my local machine, I run little snitch also to make sure that doesn't happen. But this is like right built in. So when you have an agent or any sort of

45:19 AI model thing happening, like you might want to connect it to say your bank, but also to something else. And like the exfiltration of that data, you know, by making sure that, hey, your time component doesn't like upload your SSH keys or your bank account details or anything like that. You know? That that seems very important for that trust. So, yeah, that that's why we were like, okay. We gotta lock it down, like, on a host basis. Like, really make sure we don't just, like, exfiltrate any data anywhere. Nice. I forgot to re reconnect to get our

45:56 new tool. So I did that, and I've just prompted that to try and get the open graph tags from the Rawkode Academy website. And, again, directly, it's went straight to that fetch tool with the URL. So this isn't gonna work yet. Yeah. Request denied. And now we want to grant network permissions to the Microsoft fetch component, and we get to provide a little config there. This is so cool. And then it fetches a large response. That's alright. You can handle it, Claude. Why is it went back to get boarding fetch? It's because it couldn't find the open oh,

46:45 yeah. They're probably I put the JavaScript rendered because it's an actual website. Although it should be static. It doesn't really matter. I'm not gonna push it. It did fetch. I guess we can ask something simpler of it. What about A title tag maybe? Yeah. What's in the HTML head for there? Now you're just trying to fall back in your old and pure waste cloud. Keep typing typing with that with one s. It's the fetch component actually converts the HTML into a markdown file as the return. That's why. Ah, alright. Okay. That's interesting to know. Okay. So you're stripping

48:07 out any sort of HTML and you're just giving them a rendered way. So I guess that's a lot easier for the I mean, unless I'm doing web development, but it's a lot easier for the agent to be able to, like, work with the text content of the page. So I get that. Alright. I'm I'm gonna just ask it to describe it. We'll see what we get. It's the last time, and then we'll move on to a different example. Nice. I bet he's gonna try and use I don't know. It's now just using his own memory. Thank you.

48:39 Perfect. They're probably the members because there's no pool that a few times. Right? So Yeah. I think it's already in their context. Yeah. Exactly. Alright. Okay. So let's talk about these examples then. Right? So these are implementations of two calls. We can see right off the bat, there's multiple languages at play here because WebAssembly makes that available to people. So there's I'm assuming this eval Python is the ability to evaluate Python code. Yeah. Okay. Which is an interesting demo. We've got fetch. We've got file system access. We've got the weather, which exposes environment variables, go modules, time servers. So people can write

49:21 these tools in any WebAssembly supported language. They can be loaded over OCI with finger and permissions in the Wizzette system. Right. System. Right? I like it. Oh, what what do you what have you been building then? Let's try and talk about something on the more interesting side. So your examples are there for people just to understand how to structure one of these tools. Right? If we look at time.gs, is this export just making this get current time available as a tool call? That's right. Mhmm. Alright. So what have you just been building tool wise then for Wizzet?

50:01 Okay. Any interest in demos? Got a couple on that docket that Josh and I have been tinkering around with. For me, it was greatly inspired by the Context seven and just being able to fetch the docs. Mhmm. But what if I what if I don't wanna put it in an API key or if I want it to work offline? And so some kind of a component that is able to have basically a souped up version of the Go mod. Right? We're getting just a Go module, but a bunch of different context for idioms and programming paradigms.

50:31 Yash is a background in Rust, probably pick up the Rust one. I use Go most often, so I'd probably do that. The thing I still need to get a better idea of what tools I build, but one thing I just wanna mention quickly that I enjoy about designing the tools for this is I actually am just worried about the logic of the component itself and whatever that tool is gonna expose. Whereas when you have to go over and build the whole MCP server, you're worrying about the server and the client and that whole system together. And so with Waset, you'd really just

51:03 do the component part. And what's super cool about that is you can also take that component and use it in the CLI or use it in a different way, because it is a component. It's just being invoked by Waset from the MCP perspective, making it an MCP tool, but it isn't actually just a fully fledged MCP tool. But, yeah, to answer your question directly, more coding documentation locally would be would be cool. So I mean, do you see, like, the GitHub MCP server ever being converted to a bunch of tools for was that I mean, is that where is that can

51:41 we go as powerful as that web model? Are there any limitations or constraints that people should be aware of? That would be I mean, I'd love to see those ported in. Those very useful, like, and GitHub and the context seven type tools ported in the modules where they're why not constrain it to the particular URLs, you know, that it has? It shouldn't reach outside GitHub. Right? Yeah. The limitations would be those tools don't exist here. You got to write them. Right? Like, these are kind of all we have for now. I mean, I I think it's worth, like,

52:13 teasing apart, like, whether is it possible to? And is this a business decision that GitHub from its organization will make? Like, that latter one, unsure. Don't know. But can we do it? The answer is yes. Definitely. We we've had some experiments where we've been, like, rewriting, taking existing SDKs, and just, like, hooking them up, putting them in a component, and then being like, voila, now we have a component that encapsulates this, like, you know, SDK. One of our colleagues, Ralph, I think took the Probot SDK, which is a JavaScript one. And we have a JavaScript to WebAssembly

52:52 component compilation tool chain called Jko. I believe our getweather. Js here makes use of that. And, yeah, it just put the Probot SDK inside of a component and started exposing APIs, and it just worked. So, it is possible. We've had it working, but yeah, whether that is the future of github.com, I don't know, but we'd like it to be. All right. Yeah. I I do wanna mention that there is a a very interesting community example in the website repo in the read me. I think I think it's created by Brian. It's called QR code generator.

53:36 And that to me is, like, a very interesting component because if you just look up, like, QR code generator, MCP servers, there are probably, like, 10 out there in the Internet. Like, if you don't know which one to use, like, you just blindly download one and start using it. There there is a pretty good chance that they may contain malicious instructions that may leak your secrets. But if you run the QR code generator component in WASM, there's by default, there's just no permissions granted for that component to make any modifications to our systems. So I

54:15 think that's a pretty interesting example. And regarding the Github MCP server, there are there are actually two kind of path to componentize it. One is to just take the GitHub MCP server, compile the entire thing to Wasm. So that includes, you know, your network stack server code in the Wasm component itself. And the other approach, which is what Wasat is taking, is this is more like a serverless approach. Like, all the examples you see here are very simple export functions. One function corresponds to one tool in MCP SANS. So you just export a bunch of

55:02 functions. There is no server code, and this is more like a of you write, like, serverless code, like, one function. And in that sense, you can rewrite the entire m c GitHub MCP server, which they have 74 tools in total. And you just write every function in one of those export functions, and you have a component that can export 74 functions and working with that. Nice. I see you're using the spin SDK HTTP stuff. That's really cool. We have a question on the chat before I digress this down more paths, but Ian is asking, in the future, could Wasi enable was that

55:48 itself to be implemented as a component rather than a native host runtime? I could take that. And the the the answer is almost. There there might be, like, some rough edges. So we're okay. Okay. Right? I'm, like, stretching out, being like, okay. I need to explain some things. Where do I start? So WebAssembly, WebAssembly Components, Wazee, Wazee versions. These are all like a bunch of words. Right now we have as a stable version, we're on Wazee 0.2. What we're working on next is Wazee zero three. Before the end of the year, there should be a release there. With my, you know,

56:30 Wazee Coachera hat on, I'm saying like projected before the end of the year should be Wazee zero three. What this will give us is, in practical terms, it will allow us to layer protocols. So the way that works today is it takes a WebAssembly component, and that component is, you can think of it as like a library with a bunch of like functions that exports and says stuff like, hey, get weather or something, you know, a function named get weather. What does it take? It takes a location. What does it return? Like another string, so string and string out. That

57:05 knows nothing about MCP. So what Wazette does is it takes that library and it hooks it up to the MCP protocol, like knows how to translate it, like take an arbitrary component, make it talk MCP exposed as a tool. In the future, so in 0.3, what we can do is we can like take a component, wrap it inside of another component, and wrap that in even more components. So we could have like a arbitrary library component that we convert to a component that says at the boundary, hey, I speak the MCP protocol that we convert into another component that says,

57:41 I speak HTTP. So we convert it to yet another component that says, okay, all I need is a TCP connection and I'm good. And so, that's this layering of protocols that we will enable. Now, is that enough to do everything Wazette does today including permissions and all that stuff? That gets a little bit more complicated. But from a protocol perspective, yeah, we can go there definitely. I don't know. But it was did did that make any sense or was that like too many words all at once? Because I I tend to like throw too much jargon

58:16 in a single go. Yeah. Monadic components. I get it. It's fine. That's a fair fair way of putting it. Yeah. I think it's a very interesting feature, and I'm definitely keen to see where it goes. Yes. And by by future, I I don't mean like, you know, like years away, but it's like, no. We're we're kinda counting the weeks. You know? Yeah. I mean, in in tech, especially in AI, we don't measure. And I don't even think we measure months anymore. Things just seem to be moving so fast these days. And and this is why again, security is so

58:51 paramount. Right? I can't emphasize enough. We need to stop MPX and all of these MTP things. It's just absolutely crazy. Alright. I'm gonna ask a question. I know we're one hour in. How hard is it to write a new tool? I'd say pretty easy. So all you need to do is so in WASM components, you can define a Width file. A Width file is basically like an interface file, and you define the world the component is gonna to run-in, and you define the imports and exports. And then you use a tool to generate the bindings from your, you know,

59:37 programming code to the WebAssembly APIs called WebAssembly. Stop you there for a second because as soon as you said it was easy, I I just started putting together a project. Let's let's just build a tool. Right? Are we confident? Yeah. Choose a programming language as well. I mean, I would love to do Rust, but I I I feel like there's a lot more boilerplate, and maybe that's just the fetch one. Mhmm. But it felt like that we we'd had to type more and there would be bindings. And I thought, why don't we keep things simple?

1:00:11 The JavaScript one looked like something we could do pretty quickly. Right? Like, I I can do this. Even my skill set can handle this. So what I'm gonna do is I created a directory called new tool. I just did a bun in it. We have an index dot t s. Am I on the right path for a start? Go away Codex. I love how you're calling our bluff when we say like, yeah. No. It's easy. You're like, okay. Great. Show it then. Let's build one. I'm like, okay. Alright. I mean, I'm gonna copy this. Right?

1:00:40 I don't wanna do a time. Right? We're seeing time, but we're gonna have some sort of function that does something. Right? So I'm just gonna say translate to Scottish. This is this is the MCP I wanna build for people today. And that will do something, which I'm not it doesn't matter what that something is right now. And we're gonna expose translate to Scottish. Now I'm assuming the tool call name is gonna be the the const. Is that correct? I think you can even just directly export it. I could just export it directly. Right? Yeah. Just export your function.

1:01:14 That's right. So I have a as I have a tool. Not quite, but we have some code. Now looking at this directory, and this is where you're all gonna have to keep me right. We've got policy. I'm assuming this is the permission set. We have the web interface text definitions. So I'm assuming we're gonna need a world.web. Is that right? That that's the most important one. Now do we generate this, or do we handcraft this? Is this artisanal or compute? I mean, you can try and generate it, but so I I handcraft most things, but you know?

1:01:50 Even have my wet syntax highlighting, which I'm not very happy about. Okay. So let's walk through this. I I'm I'm not gonna make any more assumptions. I'm gonna let you guide me. Right? So we have a package thing. What what should I start changing in this web fail? And let's try and talk about what the web is and give people some context that aren't aware about WebAssembly interfaces. Yeah. So local is the namespace, and time server is the package name. You can change it to whatever. And because you just export the function, you don't need the interface.

1:02:26 You can get rid of that entire thing. Okay. So let's make that very explicit then. What you're saying is this interface allows me if I say I wanted to expose multiple tools. Oh, no. It's more like a namespace, the way to think about it. So you can group a bunch of things in a sub module. But we're saying, well, let's not do a sub module. Let's all put it in in the root module, which here would be your world time server. Okay. I don't think I understand that. So let's use this one as an example. Right?

1:03:06 Excuse me. So here, this has an export const time, and we have an interface time. Now they're not directly correlated. Right? This is just something else. The export time here comes from the export and the code. Is that correct? So they are correlated. Oh, they are? Yeah, yeah, yeah. So you have an export, you have a named export, which is an object called time under like the implicit sort of root scope of, you know, your JavaScript module. So what we're saying here is like the implicit root scope is called time server. That named object that contains a bunch of stuff

1:03:44 in it, we're naming that time. Like these hierarchies must match. So if you delete that object and you just say, hey, we're gonna export a function directly, you can stick it directly under the the main world. Gotcha. Okay. Thank you. So this has to match my package name above. Is that right? No? I don't think so, but Joe can answer this one better than me. No. The word can be whatever name. Alright. And I have this export. Does that mean I just do export here? Yeah. But you have to say this is a function and

1:04:25 the signature. So if you go back, there's a translate to Scottish. There's a function signature that returns a string, takes no parameters, and you need to Yeah. Copy Let me look at the old one. This bit? Yep. That's right. I think you have double column here. Yeah. But I think it's it doesn't not like camel case. Is that a a wet thing? I don't think it has to, but, yeah, that's better. K. So how does this correlate to my function name? Does it I think it just map yeah. It just maps to it. So do I need to rename this to

1:05:17 the same? Nope. You can't keep it. So what we're going to do now is we need a tool called Jayco. That is the compiler that takes takes JavaScript or TypeScript in and then outputs a component. So you know how we've been saying don't use NPX? We may want to use NPX here to use the compiler. What's the TOE called? J c o. J co. J c o. Alright. Sorry. I forgot you were on the ex like, yes. Yeah. I I mean, Fair enough. Fair enough. Oh, I should just search by myself. It's so slow. Alright. Unstable.

1:06:16 Oh, no. I think you can just do npm install by call lines j code. Oh, yeah. That's right. I'm not sure. I mean, we could try, but if it it depends on the type of binary as and what Gleb see it as. And this, yeah, this may not end well for me. I'm excited. Like, I haven't seen Nicks like much. That's pretty cool. What's the comma prefix there? Ah, this is like this it's a tool called comma. So, like, I don't have FMMPEG installed. Obviously, Next will tell me how. But if I prefix it with comma, it uses

1:07:06 a Next index. And then just behind the scenes will go and get me the tool that I'm trying to run. Oh, that's cool. You could do comma on anything, and it just finds the package and starts running it for you, which is very, very cool. And there's no flake dot next in here. So I'm either gonna have to compare this from source or hope the MPX works. So let's try BunX. Bun paste. Oh, does that work? It does. Oh, wow. We got very lucky. Alright. So what am I doing with JCO then? Do you wanna use the first one, componentize?

1:07:49 Because we are taking in JavaScript, and we are producing a dot wasm out. But we can also do the inverse. It's it's meant to be like a complete toolchain for JavaScript. So it can also take dot wasm and put JavaScript out. So we need to provide our wit. Do I need the world or just the directory? I don't remember. Oh, you can do both. Alright. I will call it dot ones dot Plasm. Okay. So that is button now being a problem, I think, because it's not implementing the Node SDK. So we'll make shell Node JS.

1:08:32 And I know everything is just 10 times harder on Next, but I promise people it's it's worth it. What else did we need? The outer. Oh, that that's right. Thank you. Unknown command index. Oh, it was Yeah. Oh, yes. Thank you. Alright. We've had the next wall because there is a binary there that has to be run. Right. Right. Right. Right. Yeah. Let me think. Oh, wait. There's no. Right? Yes. This should be n p n NpXable, and it pulls in all the required binaries and things. It should be precompiled. Where? I should just go back to running arch,

1:09:59 shouldn't It's hard to go back from next. That's the thing. Right? Like, everyone on this machine is configured as code in my dot files repository down to, like, the boot emojis, the style, the theme for everything is done in one place, and they every application consumes it. Like and it's just it's really hard to say, oh, I wanna give that up. So we we'll just do this the hard way. No. I don't trust well, maybe the node modules will be okay, but I'm not convinced, but we can try. Componentize index dot ts dash o scotland dot and

1:10:46 dash w wet world dot WEP. Nice. And if it does fail, it's just because the node modules only need re fetch on the container, but the clip c version might be okay. It worked. Oh, wow. And because WASM and WebAssembly is truly universal, unlike shitty Linux stuff. On my host, we have scotland.wasm. Isn't that cool? Beautiful. Yeah. Alright. So what do we do next? Oh, we haven't actually built a real function. So how do we handle inputs then to our tool call? Let's walk me through that. Just add parameters. So if I say phrase is a string

1:11:43 string. Yep. And we just return whatever we want. Alright. I mean, I never actually thought this through about translating stuff to Scottish, but please all. I'm just gonna do something stupid for the demo. I'm not gonna try and be funny. Let's see. I mean, that's kind of Scottish and that makes sense, I suppose, at some point. Perfect. I love it. And you'll have to change the the waiting function signature as well. Alright. Because you added one more parameters. Oh, of course. Of course. Of course. Okay. So they just do string, or do I need to name it? You need to name

1:12:31 it. Okay. Perfect. Alright. So I'm gonna have to take that command out again because I hit myself. Component ties index dot t dash o Scotland dot Wasm. It's easier to type when you, you know, just verbalize it too. Alright. I'm gonna assume that's gonna pass. And you said that when we are working with with that, we can tell it to oh, I assumed wrong. That's it. Missing let's look at the examples. You just hate me so much right now, don't you? Oh, no. No. It's good stuff. Listen. I mean, really, you should hate Joel. He said it was easy. I'm just I'm

1:13:44 just I mean, to be fair, you are picking up a new compilation model slash programming language in a way. So, you know, if you could get it done in like, I don't know, fifteen minutes, that's pretty good. Right? Average looks just like this. Yeah. I think the wait file is fine. Can I take a look at the error message again? Oh, yeah. Of course. Sorry. Oh, it's the Java it's the index. Ts. Right. Can you just remove that stream? Well, TypeScript doesn't like that. If you change the extension to dot j s, maybe it'll just I'm just in the

1:14:37 wrong string. Can never it's it's capital s. Right? Is that it? Oh, yeah. Yeah. You're right. Oh, no. Insert function. Oh, maybe it's the no. It's not the async. Right? That's not the Thank you. Problem. Oh, promise. I mean, it's not async. Does it have to be async? Don't think so. Just wondering if this on this. Yeah. I think TypeScript string should be lowercase. I can never remember. Yeah. It's like Rust where you got string, string, and string. Yeah. It's lower cost. Listen. If it was rust, I could tell you. But Messing after formal parenthesis. I you know what?

1:15:37 This is what the this is what the machines are for. Oh, yeah. Fair. It's in the return type. I don't think that is. Well, they're not always good, are they? Okay. My IDE hates me. But, yeah, it's happy. Alright. That's good. It bugged me what was wrong with that. We have a scotland.wasm. So I can pop open club. We should still have Fazette running. Mhmm. Don't you start. Why is that broke? Are we still in a very chase? Oh, because I used to look up oh, no. I really hate myself. Alright. I'm and this is it's just I'm the

1:16:58 problem. It's not it's not was that it is not you. It's me. Alright. Load. Was that component in new to scot on the. Oh, I'm so excited. I hope this works. Seems like it. Usually, when we talk about language support, we don't mean, like, you know, human languages, but I think you're about to teach it Scottish. No? I I was too busy focusing on my error messages, but I didn't realize the chat was trying to help us out here. Oh. Alright. Andrew's gonna watch this later because for sure what he wants to do, but he

1:17:52 doesn't actually know Rust or VASM yet. Well, this is a time to learn. Ian McDonald's is not TypeScript. My my code? Brian's asked to tell us that thing. The other agent fixed it, and then Adam's telling us the restart. Adam, don't know. We've loaded our component. We do need to do the reconnect. Right? This is how we get the new tool. Mhmm. And then if I say, show me the tools, we've got translate to Scottish. Oh, that is amazing. Okay. So translate. Oh, again, I'm the problem. Just Scottish. One two call me. So stupid. But yeah. In Scotland, we wouldn't

1:18:53 say alright. We say alright. So, I mean, that's as close as we're gonna get to Scottish translation for today. That was awesome. I I just wanna recap then. Right? So all this really was we just export a function. There's no WebAssembly here. It's just writing in the language that you enjoy writing on, whether that be Rust, Python, or JavaScript. You do need to provide the WebAssembly interface, which just tells it how to work with that. I'm gonna be honest. I have no idea how we're correlating my function to this. I I don't know how we got there.

1:19:25 Yeah. So the Wit file just uses kebab syntax, and they will map to what language their idiomatic syntax will be for variable names. Alright. That is cool. Okay. So it knows that. So so it would actually break then if I did that. Right? Because it it wouldn't convert the Camel case to the the kebab case. Okay. So that makes sense. I got it. Thank you so much for telling me And that's it. Like, you can literally rate a that would have taken us three minutes if it wasn't for my terrible operating system. That is that is so so fucking cool.

1:20:02 And we we really hope to bring that time down as well. Because right now you're like by hand being like, okay, these two things need to match. Like what if it just generated that, right? We have the TypeScript source. We could just generate the API and we don't have it now, that's the kind of like, those are kind of improvements that we're, like, working on behind Yeah. I'm sure you could write a vape plugin that just extracts the function signatures that are exported and and flow together that way. That I don't even think that would be hard.

1:20:33 No. Exactly. I won't give us another mission on the stream. I'm gonna pop us back over to big face mode. Alright. Thank you for entertaining my my random segue into writing the. I hope people enjoyed watching me struggle a bit, but also seeing the value and how easy it is. Being able to build your. Oh, David, the audio might sound a bit off. I don't know if this is just my problem. Oh, no. I also was wondering. Oh, have I have I gone weird? There you are. No. You're now you're fine. Alright. Do I need to repeat everything I said?

1:21:20 I think so. Oh, alright. Aaron's on there telling me to never late that guy. Alright. All I was saying was I hope people enjoyed watching me struggle a little bit with that. But at the same time, I hope people see how valuable and how easy and ergonomic that was to put together. I just wrote a TypeScript JavaScript function, whatever you wanna write. You apply a little bit of interface glue and you can pile it. And that was loaded into in seconds, and we were using our own tool calls. Like, the power there to be able to layer these things and

1:21:51 compose them together, I'm so excited. I I just think that was fantastic. I could not be more genuinely excited for what y'all are building. So thank you so much. And make me struggle again. I didn't usually watch yourself, son. So before we wrap this up, I know I've kept you a little bit longer than I said I would, but let's just give people an idea of where are we going next. I'd love because we have, you know, the three of you on it, if we can talk about, you know, what is happening with Wazee 0.3, what's gonna happen with with Zet,

1:22:21 and, you know, a general insight to how you are using AI to maybe work on Zet would also be interest if you're happy to share. So whoever wants to go first, please feel free. Yeah. I can talk about what's kind of the road map for Wasat. So we are going to release a new version pretty soon, and they will pack all the features that in WasApp, including a COI experience. And we also talked about having so WasApp was built for interactive mode, and we talked about we want to have a more, like, offline mode or autopilot mode for WhatsApp that

1:23:00 would just run-in those background tasks. And that would be ideal for GitHub Actions and CICD pipelines of sort. And I'm very interested in seeing more components build and running in Wasatch and happy to see, like, a component index that can provide all the Wasatch components here, and Wasatch can just search for it and download whatever interesting tools that people want to use. Sweet. I can say a little more about WASM and what we're doing there. So the the big work the big effort that we're like doing right now is Wazi zero three, which will give us native async exports

1:23:46 in WebAssembly components. So WebAssembly components have these interfaces that we just looked at, the way the interface types. But natively there we don't yet have async functions. We only have, you know, it says FN not async. So we're adding async FN. We're adding native support for async streams as well. And what that will give us is the ability to take a component and another component and link them to each other and they can talk natively async to async with each other. And like languages like Rust and JavaScript, TypeScript, I think even, yeah, no Python too.

1:24:24 Like they have a sense of like, sorry. When I say Python too, mean like, I don't write Python. I'm trying to remember it does Python have it? Yes, it does. But like they have a sense of like, hey, this is what an async function is. And now we'll be able to like very directly map these async language features back through the component model and make all of them like talk to each other. And what's really exciting for this is once we have async to async linking of components, we can also start packaging these up. So

1:24:57 say you have an HTTP transformer, something that rewrites URLs or does any form of like middleware handling, we can package that up and connect it to like other components and then all the way down and link that all together into a single static component. We call that service chaining. But not just that, wait hold on, I'm trying to remember like what else is exciting about that? So much stuff. I'm blanking. Yeah, hold on. Yeah, no, I'm absolutely blanking. I'm like, holy, I've been like working on that stuff like the entire week. It's like Friday 8PM and

1:25:38 I'm like, WebAssembly zero, like, why is why is he 03? Like what's what's exciting about that? Yeah. It's the end of the week. Yeah, it really is. Oh my God. But yeah, no, good stuff's happening there. Yeah. Oh my God. And by the end of the year, everyone's gonna hold you to that day as well. People already are, but yeah. No. Absolutely. And they'll they'll be right to because I I have been promising it. Yeah. Woah. Okay. Hey. I'll I'll yield. Alright. Anything else, Josh? No. Nothing for me. No. Then I'll give you one question from the

1:26:18 audience, and then we'll wrap this up. So, Brian, I was curious if you have an example of where two components are working and communicating together via Wazy Peaches. That kind of ties into what you were just talking about as well. Right? Yeah. Definitely. So right right now, if you have two components and you want to connect them to each other, you can't, like, link them to each other directly. You need to sort of take them apart and link them through something like JSON RPC. So you have two separate instances and they're running both as servers and you have

1:26:52 a network connection between the two, and you inject the protocol there and that works. In Wazi zero three, what we can do Oh yeah, that's what I was trying to say. It'll be really exciting because you can take a component that says like, hey, I'm server A, I've got a bunch of sub services that depend on, I don't know, a database, another payment thing or whatever. And if you deploy these and they run on separate services, they can connect over the network and link to each other that way. But like if you run them on

1:27:22 the same machine, what we'll be able to do is take away the network connection, put them potentially even in the same process and link them directly to each other. So they, you know, we remove the network overhead and that'll just work. So right now it is possible to connect them to each other. And I think both Spin and WASM Cloud have support for this, but they use an intermediate network connection to like connect these things. So both of these can be used with Kubernetes and they'll have examples like on their repos for like, hey, know, here's how you deploy

1:27:58 multiple components that talk to each other. But yeah, in 0.2 it is possible but kind of complicated to implement and quite inefficient but in 0.3 it'll be like really efficient and also from a model model perspective, real like a lot simpler. That was a lot of words. Did did that answer your question? I believe it did. And Brian has also said he's gonna hold you to that. Oh, no. It's on video now. You know? So So Yeah. Yeah. Yeah. Well, thank you all so much for your time. I always like to finish off one last question. It's just that how can people

1:28:31 get involved? Where can they learn more? What's the best course of action for people? Like, I've watched estimate. You know what? That is really fucking cool. I wanna check it out, contribute, etcetera. Where do we put them? Well yeah. So was that is open source Microsoft. You can go to github.com/microsoft/wasthat and check out the repo. We have a bunch of issues that tagged with, like, first time contributor or help needed. You can if you wanna contribute to Wazad, that will be the starting point. We do have a community channel in the Discord Microsoft open source channel, and there is a

1:29:10 server. There is a channel called WhatsApp. You can join it there. Alright. Any last words from anyone before I say goodbye? Oh, yeah. To to add to that. Hold on. Like, my my memories are floating back in as we're, like, rounding up here. If you if you're interested in WebAssembly components and you're like, hey. What's the state? Like, I haven't heard of this before. I created a repo last week called awesome WASM components. If you look for it on GitHub, you should find it. But it it lists a bunch of like programming languages, their support for it, runtime, some examples, blog posts,

1:29:45 etcetera. Give it a look. Yeah. Might might be useful complimentary resource there. Alright. Awesome. I'll grab all those links off of you. The ones I'm not familiar with, I will make sure they're all in the description below, etcetera, people that are watching this after the fact. Lastly, again, I'll just say thank you so much. It's been an absolute pleasure to have you. I'm very excited for this project. I think it's awesome. I hope other people check it out. And, thank you. Enjoy your weekend, and I will see you all next time. Thanks very much. Thanks for having us. Thanks.