feat(userspace): App Runtime v1 — immutable core + sandboxed userspace#476
feat(userspace): App Runtime v1 — immutable core + sandboxed userspace#476jaylfc wants to merge 21 commits into
Conversation
…ive + path traversal)
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Security review of the App Runtime routes flagged two HIGH issues: - SSRF: POST /install fetched an arbitrary source_url. Add is_safe_public_url() (reject non-http(s), and any host resolving to private/loopback/link-local/ reserved/unspecified/multicast — e.g. 169.254.169.254 metadata, localhost, 10/8, 192.168/16) and fetch with follow_redirects=False so a 3xx can't bounce to a blocked host. - Stored XSS: bundles were served same-origin with a permissive CSP, so a direct navigation to a bundle file would execute on the core origin with the session cookie. Harden the bundle CSP with 'sandbox allow-scripts ...' (no allow-same-origin) which forces an opaque origin even on top-level navigation, plus default-src 'none' with explicit self/inline allowances. Apps still run their own scripts, but never on the core origin.
… cross-app isolation)
…make container re-install idempotent
|
Closing this. The App Runtime foundation shipped incrementally over the past month rather than as this one branch. M1 (userspace store, .taosapp packaging, install/lifecycle routes), M2 (per-app data store, capability broker, sandboxed iframe + SDK, per-app bundle token), and the M3 backend (permission model, provenance-keyed capability ceilings, url-guard) are all on dev and released. This branch is based on master from May 30 and is long superseded, so it will not rebase cleanly. The two pieces not yet on dev, the install-time consent UI (M3 frontend) and the userspace container app tier (M4), are being rebuilt fresh against current dev and will land as their own PRs. #196 stays open to track them. |
Draft / WIP — building the App Runtime foundation (#196) so users can install sandboxed, agent-built apps that can't break the core OS. Subagent-driven build, landing milestone by milestone.
Design
Immutable core (compiled SPA + controller, read-only) + a sandboxed userspace under
data/apps/{id}/. Userspace apps are web (opaque-origin sandbox iframe) or container — never in-processnative. All core access goes through a capability broker (single chokepoint) that enforces install-time-granted permissions and namespaces every call by app_id. Local design spec:docs/superpowers/specs/2026-05-30-app-runtime-immutable-userspace-design.md.Milestones
UserspaceAppStore,.taosapppackage parse/validate/extract (rejectsnative+ path traversal), app.py wiring,/api/userspace-appslifecycle + bundle routes, frontend registry merge. (9 backend + 3 frontend tests; app boots; 8 routes.)taos-app-sdk, per-app bundle token (opaque-origin iframes don't reliably carry the session cookie, so bundle/serve auth uses a short-lived per-app token, mirroring the shortcut/redeempattern).Closes #196 when complete. Gates #184 (App Builder), #103 (signed store sharing), and a future gitaos forge.