Wassette

A security-focused runtime by Microsoft that executes WebAssembly Components via MCP, enabling AI agents to dynamically load and run sandboxed tools from an OCI registry without leaving the chat interface, using Wasmtime for browser-grade isolation.

Evaluated Mar 06, 2026 (0d ago) vlatest
Homepage ↗ Repo ↗ Other webassembly wasm sandbox security rust microsoft mcp wasmtime oci
⚙ Agent Friendliness
70
/ 100
Can an agent use this?
🔒 Security
69
/ 100
Is it safe for agents?
⚡ Reliability
58
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
68
Documentation
72
Error Messages
60
Auth Simplicity
78
Rate Limits
62

🔒 Security

TLS Enforcement
85
Auth Strength
68
Scope Granularity
60
Dep. Hygiene
72
Secret Handling
62

Workflow/automation agent tool. Local execution context. Validate all inputs and outputs. Sandbox tool execution for untrusted workflows.

⚡ Reliability

Uptime/SLA
58
Version Stability
60
Breaking Changes
55
Error Recovery
58
AF Security Reliability

Best When

You need to run dynamically loaded, potentially untrusted tools in an AI agent context and want strong isolation guarantees without containerization overhead.

Avoid When

Your tools are trusted first-party code — the sandboxing overhead isn't worth it for internal tools. Use standard MCP servers instead.

Use Cases

  • Extending AI agents with new sandboxed tools dynamically during chat sessions
  • Running untrusted or third-party tools in isolation without risk to the host system
  • Distributing reusable WebAssembly tool components via OCI container registries
  • Building secure multi-tool agent environments where tool code is isolated from agent state

Not For

  • General-purpose MCP servers that don't need WebAssembly sandboxing
  • Production deployments requiring enterprise SLAs (currently early-stage)
  • Teams unfamiliar with WebAssembly component model tooling

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

OAuth: No Scopes: No

No authentication documented; OCI registry access follows standard container registry auth patterns.

Pricing

Model: open_source
Free tier: Yes
Requires CC: No

MIT licensed by Microsoft. No service costs; self-hosted runtime.

Agent Metadata

Pagination
none
Idempotent
Unknown
Retry Guidance
Not documented

Known Gotchas

  • Not production-ready — project is in early development stage
  • WebAssembly Components must be compiled and published to OCI registry before use
  • Component model toolchain (wasm-tools, cargo-component) adds developer complexity
  • Cold-start latency for loading components from OCI registry may be noticeable

Alternatives

docker-mcp standard-mcp-servers toolhouse

Full Evaluation Report

Detailed scoring breakdown, competitive positioning, security analysis, and improvement recommendations for Wassette.

$99
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-06.

5178
Packages Evaluated
26151
Need Evaluation
173
Need Re-evaluation
Community Powered