[cohix]

The end goal is that Docker isn't needed at all, you could just run Sat on bare metal and you'd get all the nice sandboxing properties of Wasm. That said, the tooling in the industry is largely container-based, so that's the starting point for now.

The benefit you get today is you can actually run un-trusted code in Wasm and have a higher level of sandboxing than a container, for example you can run user-submitted code with the right configuration.

When writing for Wasm, I'd say the best thing to keep in mind is that the ecosystem is young and so not everything is fleshed out, but there are already a ton of cool things you can do, and the experience will vary depending on the language you're using to target it.