Skip to content

docs: add HOST_FUNCTIONS.md for guest host surface#78

Merged
danbugs merged 2 commits into
hyperlight-dev:mainfrom
cachebag:docs/host-functions
May 23, 2026
Merged

docs: add HOST_FUNCTIONS.md for guest host surface#78
danbugs merged 2 commits into
hyperlight-dev:mainfrom
cachebag:docs/host-functions

Conversation

@cachebag
Copy link
Copy Markdown
Contributor

@cachebag cachebag commented May 22, 2026

Document __dispatch tools, CLI flags, limits, and security model.

Closes #42.

@cachebag
docs: add HOST_FUNCTIONS.md for guest host surface
39a2bab 
Document __dispatch tools, CLI flags, limits, and security model.
Closes hyperlight-dev#42.

Signed-off-by: Akrm Al-Hakimi <alhakimiakrmj@gmail.com>
Copilot AI review requested due to automatic review settings May 22, 2026 13:16
Copilot AI reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Adds a comprehensive reference document describing the Hyperlight host tool/host-function surface exposed to Unikraft guests, including defaults, opt-in flags, wire format, and security boundaries.

Changes:

  • Documents the __dispatch JSON request/response envelope and debug behavior.
  • Enumerates filesystem (fs_*) and network (net_*) tools, resource limits, and enablement flags.
  • Summarizes security posture/attack surface and provides a small programmatic API example.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread docs/host_functions.md
Comment thread HOST_FUNCTIONS.md Outdated
Comment thread HOST_FUNCTIONS.md Outdated
Comment thread HOST_FUNCTIONS.md Outdated
Comment thread HOST_FUNCTIONS.md Outdated
Comment thread HOST_FUNCTIONS.md Outdated
danbugs
danbugs reviewed May 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@danbugs danbugs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you so much for the contribution! Just some comments here and there :)

Comment thread HOST_FUNCTIONS.md Outdated
Comment thread HOST_FUNCTIONS.md Outdated
Comment thread HOST_FUNCTIONS.md Outdated
Comment thread HOST_FUNCTIONS.md Outdated
Comment thread docs/host_functions.md
Comment thread docs/host_functions.md
Comment thread HOST_FUNCTIONS.md Outdated
Comment thread docs/host_functions.md
@cachebag
docs: move host_functions to docs/, fix links, clarify net limits and…
b7f7012 
… fs_list, add end-to-end call example

Signed-off-by: akrm al-hakimi <alhakimiakrmj@gmail.com>
@cachebag cachebag force-pushed the docs/host-functions branch from 2450b19 to b7f7012 Compare May 23, 2026 01:08
@cachebag cachebag requested a review from danbugs May 23, 2026 01:13
@cachebag
Copy link
Copy Markdown
Contributor Author

cachebag commented May 23, 2026

hey! @danbugs sorry for some of the slop :p the same session i used to debug building the examples i used to write/understand the docs.

Would also be good to make an issue to expand --enable-tools to actually allow a CLI user to provide different host functions.

Agreed definitely. I'm still getting my bearings but we could probably run the handler in a wasm runtime? I guess it would be something like --tool greet=./foo.wasm. adds a bit of overhead but in my mind it seems nicer than spawning a subprocess or plugin or something.

@danbugs
Copy link
Copy Markdown
Contributor

danbugs commented May 23, 2026

hey! @danbugs sorry for some of the slop :p the same session i used to debug building the examples i used to write/understand the docs.

No worries--thank you for taking the time to run the examples and understand the host function mechanism and attack surface :)

Agreed definitely. I'm still getting my bearings but we could probably run the handler in a wasm runtime? I guess it would be something like --tool greet=./foo.wasm. adds a bit of overhead but in my mind it seems nicer than spawning a subprocess or plugin or something.

I'm not sure. Wasm does seem like a good format to distribute host functions and getting the sandboxing for free is nice, but it will inevitably restrict what the host function can do. If we're going that route, maybe a scripting language like Lua/Rhai works best (i.e., to remove the compilation step) and then hyperlight-unikraft can just have an embedded lightweight Lua/Rhai interpreter behind a feature flag? I created an issue tracking this w/ some of my thoughts: #84

danbugs
danbugs approved these changes May 23, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@danbugs danbugs left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM--again, thanks for contributing!!

@danbugs danbugs enabled auto-merge (squash) May 23, 2026 19:20
@danbugs danbugs merged commit 05d232a into hyperlight-dev:main May 23, 2026
76 checks passed
@cachebag cachebag deleted the docs/host-functions branch May 23, 2026 20:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@danbugs danbugs danbugs approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Document host functions and attack surface

3 participants

@cachebag @danbugs