Skip to content
HeliosDB HeliosProxy

WASM Plugins

WASM Plugins

HeliosProxy v0.4 ships a real WebAssembly plugin runtime. The first-party plugins, the helios-plugin CLI, and the helios-plugin-abi crate live in a separate repository.

Source on GitHub: HDB-HeliosDB-Proxy-Plugins

First-party plugins (8 ship in v0.4)

PluginPurpose
cost-governorPer-tenant query cost budgets (minute / hour / day)
ai-classifierDetects LLM-generated SQL via application_name + markers
token-budgetPer-(agent, model) cost gating for AI traffic
llm-guardrailRefuses dangerous SQL from AI traffic (DROP, missing WHERE, etc.)
pgvector-routerRoutes pgvector top-K queries to a tagged vector replica
column-maskPer-role column masking via SQL rewriting
audit-chainHash-chained tamper-evident audit log
residency-routerPer-user data-residency routing

helios-plugin CLI

Pack, inspect, and verify WASM plugin artefacts as portable .tar.gz:

Terminal window
helios-plugin pack    --wasm <path> --name X --version 1.0 \
                      --hooks pre_query,post_query [--sig <path>] \
                      --out <path>
helios-plugin inspect <artefact.tar.gz>
helios-plugin verify  <artefact.tar.gz> --trust-root <dir>

Same Ed25519 trust-root format as the proxy loader. Interoperates with openssl/signify.

Authoring a plugin

my-plugin/src/lib.rs
use helios_plugin_abi::*;


#[hook(PreQuery)]
fn check_query(ctx: &HookContext) -> PreQueryResult {
    if ctx.sql.to_uppercase().contains("DROP TABLE") {
        return PreQueryResult::Block { reason: "DROP forbidden".into() };
    }
    PreQueryResult::Continue
}

Compile with cargo build --release --target wasm32-wasi. Sign and pack:

Terminal window
cargo helios-plugin sign --key signing.pem --input target/wasm32-wasi/release/my_plugin.wasm
helios-plugin pack --wasm target/wasm32-wasi/release/my_plugin.wasm --out my-plugin-1.0.0.tar.gz \
                   --name my-plugin --version 1.0.0 --hooks pre_query

Push to any OCI registry:

Terminal window
oras push registry.example.com/my-org/my-plugin:1.0.0 my-plugin-1.0.0.tar.gz

Reference in proxy.toml:

[[plugins]]
name        = "my-plugin"
source      = "oci://registry.example.com/my-org/my-plugin:1.0.0"
hooks       = ["pre_query"]
verify_with = "/etc/heliosproxy/plugin-keys"

Host imports

The helios-plugin-abi crate provides safe Rust wrappers for the host imports:

WrapperHost importPurpose
kv_read(key) / kv_write(key, val) / kv_remove(key)env.kv_*Per-plugin namespaced KV store
sha256_digest_hex(input)env.sha256_hexReal SHA-256 (the host runs the audited sha2 crate)

Plugin KV namespaces are isolated by construction — Plugin A cannot read Plugin B’s keys, even with a malicious key.