Declarative WASM orchestration platform for building, deploying, and managing microservices.
Fabricks is a next-generation orchestration platform for WebAssembly (WASM) microservices. Think "Docker Compose for WASM" - but built from the ground up for the unique capabilities and constraints of WebAssembly.
Key Features:
- Declarative Configuration - Define services in TOML (Fabrickfile & fabricks-mortar.toml)
- Capability-based Security - Deny-by-default security model with explicit grants
- Network Segmentation - Built-in network isolation and policy enforcement
- Lightning Fast - Sub-millisecond cold starts, minimal resource overhead
- OCI Registry Compatible - Works with Docker Hub, GHCR, ECR, Harbor, and more
- Component Model Native - First-class support for WASM Component Model
- Developer Friendly - Hot reload, auto-rebuild, comprehensive CLI
- ️ Kubernetes Ready - Generate SpinKube manifests or deploy standalone
# Clone the repository
git clone https://github.com/Liquescent-Development/fabricks.git
cd fabricks
# Build all crates
cargo build --release
# Install cargo-component for building WASM HTTP services
cargo install cargo-component1. Start the daemon (in a separate terminal):
./target/release/fabricksd2. Deploy the example service:
# Option A: Deploy from path (builds automatically if needed)
./target/release/fabricks service run examples/hello-http
# Option B: Build first, then run by tag
./target/release/fabricks build examples/hello-http
./target/release/fabricks images # List stored modules
./target/release/fabricks service run hello-http:0.1.03. Test it:
curl http://localhost:8080/
# Response: Hello from Fabricks!4. Manage the service:
# List services
./target/release/fabricks service ls
# View service details
./target/release/fabricks service inspect <service-id>
# Stop the service
./target/release/fabricks service stop <service-id>
# Remove the service
./target/release/fabricks service rm <service-id>Fabrickfile:
fabrick_version = "1.0"
[info]
name = "my-api"
version = "1.0.0"
[from]
source = "rust"
[build]
command = "cargo build --target wasm32-wasi --release"
output = "target/wasm32-wasi/release/my_api.wasm"
[capabilities.network]
listen = [8080]
[health_check.http]
path = "/health"
interval = "30s"fabricks-mortar.toml:
mortar_version = "1.0"
[project]
name = "my-app"
[service.api]
build = "./services/api"
networks = ["application"]
ports = ["8080:8080"]
[service.postgres]
image = "wasm://pglite:latest"
networks = ["data"]
[service.postgres.volumes]
postgres_data = "/data"
[network.application]
internal = true
[network.data]
internal = true
ingress = ["application"]
[volume.postgres_data]
size = "10Gi"Deploy:
# Build all services
fabricks mortar build
# Start everything
fabricks mortar up
# View logs
fabricks mortar logs --follow
# Scale services
fabricks mortar scale api=5
# Stop everything
fabricks mortar down- ✅ Lightweight - Run more services per node vs containers
- ✅ Instant startup - Sub-millisecond cold starts
- ✅ Declarative everything - Networks and volumes defined in config, no orphans
- ✅ Explicit capabilities - Deny-by-default security model
- ✅ WASM-native - Built specifically for WebAssembly's strengths
Fabricks consists of two main components:
Defines how to build and run a single WASM module:
fabrick_version = "1.0"
[info]
name = "product-service"
version = "2.1.0"
[from]
source = "rust" # or: image = "wasm://base:v1.0"
[build]
command = "cargo build --target wasm32-wasi --release"
output = "target/wasm32-wasi/release/product_service.wasm"
exports = ["list_products", "get_product"]
[imports]
logger = "wasm://logger:v1.0"
[capabilities]
env = ["DATABASE_URL"]
[capabilities.network]
listen = [8080]
connect = ["postgres:5432", "redis:6379"]
[health_check.http]
path = "/health"
interval = "30s"Composes multiple services into a complete application:
mortar_version = "1.0"
[project]
name = "e-commerce"
[service.product]
build = "./services/product"
networks = ["application"]
environment = { DATABASE_URL = "postgres://db:5432/products" }
[service.product.replicas]
min = 2
max = 10
cpu_threshold = 70
[network.application]
internal = true
[volume.postgres_data]
size = "50Gi"
encrypted = trueComprehensive documentation is available in the /docs directory:
- Fabrickfile and fabricks-mortar.toml Reference - Complete Fabrickfile and fabricks-mortar.toml specification
- CLI Reference - All
fabrickscommands - Daemon API Reference - REST API for fabricksd
- Registry Specification - OCI registry integration
- Installation - Install Fabricks
- Quick Start - Your first fabrick
- Tutorial - Build a complete application
- Network Segmentation - Security and isolation
- Capability Model - Fine-grained permissions
- Component Model - WASM imports/exports
- Kubernetes Integration - Deploy to K8s
- Production Best Practices - Running in production
Fabricks is declarative-first. Unlike Docker where you can imperatively create networks and volumes that get lost, everything in Fabricks is defined in your mortar file:
# This creates the network when you run `fabricks mortar up`
[network.application]
internal = true
# This creates the volume
[volume.postgres_data]
size = "50Gi"
# When you run `fabricks mortar down`, everything is cleaned upNo more docker volume ls showing dozens of orphaned volumes!
Fabricks uses deny-by-default security. Services can only access what you explicitly grant:
[capabilities]
env = ["DATABASE_URL"] # Can only read DATABASE_URL
[capabilities.network]
listen = [8080] # Can only listen on port 8080
connect = ["postgres:5432"] # Can only connect to postgres
[capabilities.filesystem]
read = ["./config"] # Can only read ./configIf it's not listed, access is denied.
Built-in network isolation prevents unauthorized communication:
[network.dmz]
ingress = "0.0.0.0/0" # Public internet
egress = ["application"]
[network.application]
internal = true
egress = ["data"]
[network.data]
internal = true
# Databases can't reach the internet
[network.payment]
isolated = true # Completely isolated
audit_all = true # Log everything (PCI compliance)Native support for WASM Component Model:
# Export functions
exports = ["handle_request", "process_payment"]
# Import from other services
[imports]
logger = "wasm://logger:v1.0"
cache = { service = "redis", interface = "cache" }
# Component Model makes these direct function calls (no network overhead!)Fabricks uses OCI registries for distribution. Any OCI-compliant registry works:
# Docker Hub
fabricks pull docker.io/library/redis:7.2
# GitHub Container Registry
fabricks pull ghcr.io/myorg/my-service:v1.0.0
# AWS ECR
fabricks pull 123456789.dkr.ecr.us-east-1.amazonaws.com/my-service:v1.0.0
# Private registry
fabricks pull registry.acme.io/my-service:v1.0.0
# Fabricks shorthand
fabricks pull wasm://redis:7.2Benefits:
- Works with existing registry infrastructure
- Standard authentication (
docker loginworks) - Content-addressable storage (automatic deduplication)
- Cosign signature support
- SBOM attestation
Fabricks is in active development.
Implemented:
- ✅ Core WASM runtime (Wasmtime integration)
- ✅ HTTP service support (
wasi:http/incoming-handler) - ✅ CLI tool (
fabricks) - ✅ Daemon (
fabricksd) with REST API - ✅ Service management (create, start, stop, scale, delete)
- ✅ Network management and port binding
- ✅ Fabrickfile and mortar file parsing
- ✅ OCI registry client with local storage
- ✅ Health monitoring infrastructure
- ✅ Module storage integration (
fabricks images, run by tag) - ✅ Build-on-run (automatic build when running from path)
In Progress:
- 🔄 Auto-scaling
- 🔄 Policy engine
- 🔄 Volume management
Planned:
- ⏳ Kubernetes operator
- ⏳ SpinKube manifest generation
- ⏳ Public registry (registry.fabricks.dev)
We welcome contributions! Fabricks is an open-source project and we'd love your help building it.
- Review the design - Read through the specifications in
/docs - Open an issue - Discuss ideas, report bugs, suggest features
- Submit PRs - Implementation, documentation, examples
- Share feedback - Tell us what you think!
# Clone the repository
git clone https://github.com/Liquescent-Development/fabricks.git
cd fabricks
# Read the specifications
ls docs/
# Start implementing!- Core runtime (Wasmtime integration)
- Basic CLI (
build,run,push,pull) - OCI registry client
- Simple daemon for
fabricks mortar up - Fabrickfile parsing and validation
- Full daemon API
- Health checks and auto-restart
- Auto-scaling
- Network management
- Volume management
- Policy engine
- Kubernetes operator
- SpinKube manifest generation
- High availability
- Monitoring and observability
- Security scanning
- Production documentation
- Public registry (registry.fabricks.dev)
- Template library
- IDE extensions (VS Code, IntelliJ)
- CI/CD integrations
- Community fabricks registry
Check out the /examples directory for working examples:
- hello-http - HTTP service using
wasi:http/incoming-handler
See examples/README.md for detailed instructions on building and running examples
- GitHub Issues - Report bugs, request features
- GitHub Discussions - Ask questions, share ideas
- Discord - Join our community (coming soon)
Fabricks is licensed under the AGPL-3.0 License.
Fabricks is developed by Liquescent Development LLC.
Author: Richard Kiene (@richardkiene)