🛠️ Create Bazel toolchain for component selection and integration

[avrabe]

Overview

Create Bazel rules and toolchain infrastructure for selecting between TinyGo and Rust implementations with security configuration.

Tasks

• Create file_ops_toolchain rule definition
• Implement component selection logic (auto/tinygo/rust)
• Add security level configuration (standard/high/strict)
• Create file_ops_action rule for easy integration
• Implement wasmtime integration with preopen directories
• Add backward compatibility layer for JSON configs
• Create comprehensive examples and documentation
• Add integration helpers for common patterns

Key Rules to Create

• file_ops_toolchain: Toolchain configuration
• file_ops_action: Main user-facing rule
• file_ops_component_library: For embedding components
• Helper functions for workspace preparation

Selection Logic

file_ops_action(
    implementation = "auto",  # auto, tinygo, rust
    security_level = "high",   # standard, high, strict  
    operations = [...],
    preopen_dirs = [...],
)

Security Integration

• Configure wasmtime preopen directories
• Implement path validation at rule level
• Add security policy enforcement
• Create audit logging for operations

Acceptance Criteria

• Users can easily select implementation (auto/manual)
• Security levels properly configure sandbox restrictions
• Backward compatibility with existing JSON workflows
• Integration works seamlessly with rules_wasm_component
• Examples demonstrate all major use cases
• Performance overhead is minimal
• Error messages are clear and actionable

Related

Part of Phase 4 toolchain integration. Depends on both TinyGo (#2) and Rust (#3) implementations.

[avrabe]

📋 Status Update

This issue is part of Phase 4 (Toolchain Integration) and is currently not started.

Dependencies

This issue depends on:

• ✅ Issue 🔧 Port Go file operations to TinyGo with WIT bindings #2 (TinyGo implementation) - Completed
• ❌ Issue 🦀 Enhance Rust implementation with unified WIT interface #3 (Rust implementation) - Closed/Descoped
• ⏳ Issue 🔗 Update rules_wasm_component integration to use external component #6 (rules_wasm_component integration) - Ready to start

Current Situation

With the Rust implementation descoped (Issue #3 closed), the toolchain will initially only support TinyGo. The selection logic can be simplified:

Simplified Implementation Selection:

file_ops_action(
    implementation = "tinygo",  # Only option initially
    security_level = "high",
    operations = [...],
    preopen_dirs = [...],
)

Later, if Rust implementation is added, we can extend to:

file_ops_action(
    implementation = "auto",  # auto, tinygo, rust
    # ...
)

Recommendation

This issue can be started after Issue #6 (rules_wasm_component integration) is complete. The integration in Issue #6 will inform the toolchain design needed here.

Priority

Medium - Part of Phase 4, not blocking Phase 1 integration.