#fluence #air #webassembly #security #authorization


Security primitives to verify origin of service calls in Fluence network

5 unstable releases

0.3.0 Jul 27, 2022
0.2.0 Nov 2, 2021
0.1.2 Sep 15, 2021
0.1.1 May 14, 2021
0.1.0 May 14, 2021

#13 in Authentication

Download history 700/week @ 2022-04-21 415/week @ 2022-04-28 68/week @ 2022-05-05 401/week @ 2022-05-12 129/week @ 2022-05-19 120/week @ 2022-05-26 135/week @ 2022-06-02 91/week @ 2022-06-09 112/week @ 2022-06-16 297/week @ 2022-06-23 211/week @ 2022-06-30 164/week @ 2022-07-07 105/week @ 2022-07-14 134/week @ 2022-07-21 263/week @ 2022-07-28 157/week @ 2022-08-04

685 downloads per month
Used in 12 crates (2 directly)


78 lines

crates.io version npm version


AquaVM executes compiled Aqua, i.e., Aqua Intermediate Representation (AIR) scripts, and plays an integral part in the implementation of the Fluence peer-to-peer compute protocol. Specifically, AquaVM allows expressing network choreography in scripts and composing distributed, peer-to-peer hosted services. Moreover, AquaVM plays a significant role in facilitating function addressability in the Fluence network. Figure 1.

Figure 1: Stylized AquaVM And AIR Model

AquaVM & AIR model

Since AquaVM compiles to Wasm, it can run in both client, such as browsers and nodejs apps, and server environments.

AquaVM: Interpreter Execution Model

AquaVM's execution model facilitates Fluence protocol's data push model implemented as a particle, i.e., a smart packet comprised of data, AIR, and some metadata. In this context, AquaVM can be viewed as a pure state transition function that facilitates particle updates, which includes state management of particle data by taking previous and current state to produce a new state and an updated list of peers and call requests in the remaining AIR workflow. In addition to local service call execution, AquaVM handles requests from remote peers, e.g. as part of a parallel execution block, to call local services and handle the future response. See Figure 2.

Figure 2: AquaVM Interpreter Execution Model

interpreter execution model

In summary, the AquaVM execution model handles the topological hops for simple and advanced composition patters, such as (async) parallel service execution on one or multiple peers.

Aquamarine Intermediate Representation (AIR): IR For P2P Systems

AIR scripts control the Fluence peer-to-peer network, its peers and, through Marine adapter services, even resources on other (p2p) networks, such as IPFS and Filecoin, e.g., Fluence IPFS library.

What is AIR?

AIR: Instructions


(call <peer_id> (<service name> <service function>) [<arguments list>] <output name>)
  • moves execution to the peer_id specified
  • the peer is expected to host Wasm service with the specified service name
  • the service function is expected to contain the specified function
  • the arguments list is given to the function and may be empty
  • the result of the function execution is saved and returned by it's output name


(call "peer_id" ("dht" "put") [key value] result)


(seq <left_instruction> <right_instruction>)
  • executes instructions sequentially: right_instruction will be executed iff left_instruction finished successfully


(par <left_instruction> <right_instruction>)
  • executes instructions in parallel: right_instruction will be executed independently of the completion of left_instruction


(ap <literal> <dst_variable>)
(ap <src_variable>.$.<lambda> <dst_variable>)
  • puts literal into dst_variable
  • or applies lambda to src_variable and saves the result in dst_variable


    (call "peer_id" ("user-list" "get_users") [] users)
    (ap users.$.[0].peer_id user_0)


(match <variable> <variable> <instruction>)
(mismatch <variable> <variable> <instruction>)
  • executes the instruction iff variables are equal/notequal


    (call "peer_id" ("user-list" "get_users") [] users)
    (mismatch users.$.length 0
        (ap users.$.[0].peer_id user_0)


(fold <iterable> <iterator> <instruction>)
  • is a form of a fixed-point combinator
  • iterates through the iterable, assigning each element to the iterator
  • on each iteration instruction is executed
  • next triggers next iteration


(fold users user
        (call user.$.peer_id ("chat" "display") [msg])
        (next user)


(xor <left_instruction> <right_instruction>)
  • right_instruction is executed iff left_instruction failed


(new <variable>)
  • creates a new scoped variable with the provided name (it's similar to \mu operator from pi-calculus that creates an anonymous channel)


(fail <variable>)
(fail <error code> <error message>)
  • throws an exception with provided error code and error message or construct it from a provided variable]


(fail 1337 "error message")


  • does nothing, useful for code generation

AIR: values


  • scalars are fully consistent - have the same value on each peer during a script execution
  • could be an argument of any instruction
  • JSON-based (fold could iterate only over array-based value)


  • streams are CRDT-like (locally-consistent) - have deterministic execution wrt one peer
  • versioned
  • could be used only by call and fold instructions (more instructions for streams to come)
  • could be turned to scalar (canonicalized)


~38K SLoC