wasmtime, wasmer, and WasmEdge are real, actively-maintained runtimes that implement wasi_snapshot_preview1 exactly as described here, and this capability-based model — no filesystem or network access without an explicit preopened handle — is what lets Fastly's Compute@Edge and similar platforms run untrusted customer code safely outside a browser. Understanding fd_write as the WASI equivalent of POSIX write(2) is the bridge between sandboxed Wasm and real system programming.