A safer, permissioned runtime for WASM extensions. Needed to run permission based wasm extensions, a safe way to run unvetted extensions. An example wasm based extension can be found here.
WASM extensions have:
- No filesystem access (can’t read/write host files).
- No OS command execution or process spawning.
- No Python execution or core code patching.
- No long‑running processes (per‑call, time‑boxed runtime).
- No access to core DB tables (only its own KV/secret KV).
- No network access beyond explicitly permitted internal API routes.
- No cross‑schema SQL or privileged data unless granted.
- No unbounded storage/memory (module size, timeouts, DB op limits, KV quota).
- Per-extension KV and secret storage
- Public handlers and public KV reads
- Payment watchers (by tag) and scheduled tasks
- Authenticated handler calls for backend APIs
- Explicit permission model for internal API access
- Enable the
wasmextension in the LNbits UI. - Install a WASM extension under
lnbits/extensions/<ext_id>/. - Drop your module in
lnbits/extensions/<ext_id>/wasm/module.wasm(or.wat). - Define permissions and public handlers in
config.json.
For POST /api/v1/payments, declare policy.payments_out in config.json and include "out": true or "out": false in every payment request body. Invoice/payment side effects should be encoded by the WASM module, for example in the invoice extra metadata, rather than trusted from public browser payloads.
The host settings are available at /wasm for admins:
Timeout (seconds)Max module bytesMax DB ops per minuteMax KV bytes per extension