Isolation Model

Synapse executes untrusted code in a deterministic, sandboxed WebAssembly arena. No filesystem. No network from guest code. Memory wiped between every request.

EXECUTION SANDBOX

Each execution runs in a 64KB Wasm linear memory arena.

No filesystem access — guest code cannot read or write files

No network access — guest code cannot open sockets or make HTTP requests

No syscalls — Wasm modules interact only through explicit FFI host functions. Most are reserved stubs in the public runtime — only print is active.

Memory isolation — each module has its own linear memory, invisible to others

Arena reset — memory is wiped to zero between every request

Fuel metering — infinite loops are terminated after a configurable instruction budget

HOST / GUEST BOUNDARY

Guest Wasm Module

64KB linear memory
No fs, no net, no syscalls

13 FFI Functions (Host-Side Only)

Active: print
Reserved: tcp, crypto, spawn, kv, sql
Reserved functions are defined in the FFI spec but return stub values in the public runtime. They are not exposed to guest code on the demo gateway.

Host: Rust Gateway

wasmtime 43, fuel metering
moka cache, arena allocator

DEPLOYMENT MODEL

The gateway is a single ~15 MB Rust binary with zero external runtime dependencies.

No GPU required — runs on commodity CPUs

Deployable behind firewalls — air-gapped networks supported

No telemetry — no phone-home, no external calls

Reduced runtime supply-chain surface — single statically-linked binary

Long-term stability — if it runs today, it runs identically in ten years

OPERATIONAL SAFEGUARDS

Hosted demo throttling — the public demo surface is IP-throttled and intended for evaluation, not shared production traffic

Self-hosted edge control — operators are expected to terminate auth and TLS at their own edge while the core gateway stays focused on deterministic execution

Fuel metering — prevents resource exhaustion from runaway programs

Thread-per-core model — no contention between requests

No data persistence — stateless by default, no data retained between executions

SCOPE

Synapse is not a general-purpose operating system. The production runtime runs on Linux via wasmtime. The UEFI bare-metal kernel in boot/ is a research component — it demonstrates the architecture can eliminate the OS entirely, but it is not the production path today.

The Python support is a constrained subset (arithmetic, conditionals, loops, functions, lists). It is not a general CPython replacement.

WHO NEEDS THIS

Verified execution maps cleanly to compliance and safety problems in regulated environments. The current product is a self-hosted runtime; broader domain-specific assurance remains part of the R&D stack.

Banking & Financial Services

OSFI B-13 · SR 11-7

AI loan approvals, risk calculations, and compliance reporting must be explainable, reproducible, and auditable. Regulators don’t accept “the model said so.”

Current proof path: deterministic execution, receipts, and a bounded verification boundary for generated logic. Broader privacy and compliance guarantees are active research, not the default product claim.

Healthcare & Medical Devices

Health Canada · FDA

Diagnostic AI must never return values outside calibrated ranges. Proving “never returns dangerous values” requires more than statistical testing.

Relevant R&D: output bounds, self-gating inference, and verified fine-tuning are demonstrated research threads. The current stable gateway boundary remains limited to @inv pure, @inv terminates, and @inv no_oob.

Government & Defense (Sovereign AI)

Data Sovereignty

AI infrastructure depends entirely on foreign vendors (NVIDIA, Microsoft, Google). Data sovereignty laws require domestic control of sensitive computation.

Current product:self-hosted execution on commodity hardware with no guest filesystem, no guest network, and deterministic receipts. Deeper sovereignty work such as bare-metal and networked compute remains R&D.