A Sovereign, In-Process Serverless Runtime for Caddy
Execute untrusted code securely with WebAssembly β no containers, no orchestration, no control plane.
Gojinn is a high-performance WebAssembly runtime embedded directly into the Caddy web server.
It allows you to run isolated, deterministic functions inside the HTTP request lifecycle β safely and with near-native performance.
- A WASM-based serverless runtime
- Single-binary, self-hosted, and auditable
- Deterministic, sandboxed, and capability-based
- Designed for sovereign infrastructure and edge environments
- A container orchestrator
- A Kubernetes replacement
- A managed cloud service
- A general-purpose VM or process supervisor
Gojinn executes code and events β not infrastructure.
Modern serverless stacks suffer from:
- cold starts
- idle resource waste
- infrastructure sprawl
- opaque control planes
- vendor lock-in
Gojinn takes a different approach:
- In-process execution β no network hops, no sidecars
- Zero idle cost β no requests, no memory usage
- Strong isolation β every request runs in a fresh WASM sandbox
- Opinionated design β fewer knobs, more correctness
- Open & Sovereign β Apache-2.0, self-hosted, auditable
| Metric | Docker (Alpine/Go) | Gojinn (WASM) |
|---|---|---|
| Artifact Size | ~20 MB image | ~3 MB binary |
| Execution Model | Persistent daemon | Ephemeral sandbox |
| Idle Resource Usage | Always-on | Zero |
| Cold Start | ~1500ms | <1ms |
Gojinn prioritizes predictable latency and isolation over long-lived processes.
Detailed benchmarks: docs/benchmark.md
All user code executes inside a deterministic, isolated, ephemeral WASM sandbox and is never trusted by default.
This invariant is non-negotiable and enforced by governance.
Any feature or contribution that violates it will be rejected.
See: GOVERNANCE.md
Gojinn runs inside Caddy, not behind it.
sequenceDiagram
Client->>Caddy: HTTP Request
Caddy->>Gojinn: Intercept + Context Injection
Gojinn->>Wazero: Create Sandbox (CPU / Memory limits)
Wazero->>WASM: JSON via stdin
WASM->>Wazero: JSON via stdout
Wazero->>Gojinn: Response
Gojinn->>Caddy: Stream Response
Gojinn->>Wazero: Destroy Sandbox
Architecture details: docs/concepts/architecture.md
Gojinn is distributed as a Caddy plugin.
xcaddy build \
--with github.com/pauloappbr/gojinn{
order gojinn last
admin :2019
}
:8080 {
handle /api/* {
gojinn ./functions/processor.wasm {
timeout 2s
memory_limit 128MB
env DB_HOST "localhost"
env API_KEY {env.SECRET_KEY}
}
}
}Full reference: docs/reference/caddyfile.md
Gojinn uses a strict JSON protocol over stdin/stdout.
stdinβ request context (JSON)stdoutβ response (JSON)stderrβ logs only
Language support is polyglot via WASM:
- Go
- Rust
- Zig
- C / C++
- Swift (experimental)
Contract definition: docs/concepts/contract.md
Built-in, no sidecars required:
- Metrics β Prometheus
- Tracing β OpenTelemetry
- Logs β Structured, via Caddy
Metrics endpoint:
http://localhost:2019/metrics- Getting Started
- Guides
- Concepts
- Use Cases
- Roadmap
- Manifesto
- Governance
Gojinn is built with long-term correctness, not short-term convenience.
- Contributions
- Support policy
- Security issues
Apache License 2.0
See LICENSE