From a9cfc25e7cbbe43387c25c8be55c61bb158c041b Mon Sep 17 00:00:00 2001
From: Flavio Castelli <fcastelli@suse.com>
Date: Fri, 24 Apr 2026 10:21:32 +0200
Subject: [PATCH] fix: allow usage of Go WASI policies built by go 1.26

These changes are required to run policies built by the official go
compiler, starting from release 1.26.0

Signed-off-by: Flavio Castelli <fcastelli@suse.com>
---
 crates/policy-evaluator/Cargo.toml            | 47 +++++++++----------
 .../policy_evaluator_builder.rs               |  2 +
 crates/policy-server/src/lib.rs               |  4 +-
 3 files changed, 28 insertions(+), 25 deletions(-)

diff --git a/crates/policy-evaluator/Cargo.toml b/crates/policy-evaluator/Cargo.toml
index 1961f1b3c..db421faf1 100644
--- a/crates/policy-evaluator/Cargo.toml
+++ b/crates/policy-evaluator/Cargo.toml
@@ -66,30 +66,29 @@ wasmtime = { workspace = true, default-features = true }
 # Workaround for https://github.com/bytecodealliance/wasmtime/issues/12217
 [target.'cfg(all(target_os = "macos", target_arch = "x86_64"))'.dependencies]
 wasmtime = { workspace = true, features = [
-  "addr2line",
-  "async",
-  "cache",
-  "compile-time-builtins",
-  "component-model",
-  "component-model-async",
-  "coredump",
-  "cranelift",
-  "debug",
-  "debug-builtins",
-  "demangle",
-  "gc",
-  "gc-drc",
-  "gc-null",
-  "once_cell",
-  "parallel-compilation",
-  "pooling-allocator",
-  "profiling",
-  "runtime",
-  "std",
-  "threads",
-  "wasmtime-jit-debug",
-  "wasmtime-jit-icache-coherence",
-  "wat",
+  'addr2line',
+  'anyhow',
+  'async',
+  'backtrace',
+  'cache',
+  'compile-time-builtins',
+  'component-model',
+  'component-model-async',
+  'coredump',
+  'cranelift',
+  'debug',
+  'debug-builtins',
+  'demangle',
+  'gc',
+  'gc-drc',
+  'gc-null',
+  'parallel-compilation',
+  'pooling-allocator',
+  'profiling',
+  'runtime',
+  'std',
+  'threads',
+  'wat',
 ] }
 
 
diff --git a/crates/policy-evaluator/src/policy_evaluator/policy_evaluator_builder.rs b/crates/policy-evaluator/src/policy_evaluator/policy_evaluator_builder.rs
index 2aad761b4..1792fab8f 100644
--- a/crates/policy-evaluator/src/policy_evaluator/policy_evaluator_builder.rs
+++ b/crates/policy-evaluator/src/policy_evaluator/policy_evaluator_builder.rs
@@ -205,6 +205,8 @@ impl PolicyEvaluatorBuilder {
                     if self.epoch_deadlines.is_some() {
                         wasmtime_config.epoch_interruption(true);
                     }
+                    // required by policies built by the official go compiler >= 1.26.0
+                    wasmtime_config.wasm_function_references(true);
 
                     wasmtime::Engine::new(&wasmtime_config)
                 },
diff --git a/crates/policy-server/src/lib.rs b/crates/policy-server/src/lib.rs
index e171011d0..6d1002336 100644
--- a/crates/policy-server/src/lib.rs
+++ b/crates/policy-server/src/lib.rs
@@ -145,7 +145,9 @@ impl PolicyServer {
             )
             .await;
 
-        let mut wasmtime_config = wasmtime::Config::new();
+        let mut wasmtime_config = wasmtime::Config::default();
+        // required by policies built by the official go compiler >= 1.26.0
+        wasmtime_config.wasm_function_references(true);
 
         let any_policy_has_timeout = config.policies.values().any(|policy| match policy {
             config::PolicyOrPolicyGroup::Policy {