Risks and Technical Debts

Identified risks

• WASM Component Model maturity
• Risk: Ecosystem and tooling still evolving; potential breaking changes.

• Mitigation: Encapsulate bindings generation; track upstream; version APIs and packages.

• Security of embedded capabilities

• Risk: Host APIs expose powerful operations (HTTP, IPFS, storage).

• Mitigation: Constrain WIT APIs; validate inputs; enforce VFS permissions; signature verification.

• IPFS/libp2p network behavior

• Risk: Untrusted network; message floods; partitioning.

• Mitigation: Message validation and peer eviction; topic scoping; backpressure via queue; deploy multiple nodes.

• Performance regressions

• Risk: High per-call overhead, contention on queue/locks.

• Mitigation: Pre-linked instances; per-core worker pool; careful synchronization; benchmark features.

• Package trust and revocation

• Risk: Compromised keys or certificates.

• Mitigation: Certificate store management; rotate and revoke; verify kid and chains; prefer short-lived keys.

• API evolution and compatibility

• Risk: Breaking changes across Hermes releases.
• Mitigation: Explicit API version in package metadata; ADRs for changes; deprecation windows where possible.