feat(userspace): App Runtime v1 — immutable core + sandboxed userspace#476
Draft
jaylfc wants to merge 21 commits into
Draft
feat(userspace): App Runtime v1 — immutable core + sandboxed userspace#476jaylfc wants to merge 21 commits into
jaylfc wants to merge 21 commits into
Conversation
…ive + path traversal)
|
Important Review skippedDraft detected. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: defaults Review profile: CHILL Plan: Pro Plus Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
Security review of the App Runtime routes flagged two HIGH issues: - SSRF: POST /install fetched an arbitrary source_url. Add is_safe_public_url() (reject non-http(s), and any host resolving to private/loopback/link-local/ reserved/unspecified/multicast — e.g. 169.254.169.254 metadata, localhost, 10/8, 192.168/16) and fetch with follow_redirects=False so a 3xx can't bounce to a blocked host. - Stored XSS: bundles were served same-origin with a permissive CSP, so a direct navigation to a bundle file would execute on the core origin with the session cookie. Harden the bundle CSP with 'sandbox allow-scripts ...' (no allow-same-origin) which forces an opaque origin even on top-level navigation, plus default-src 'none' with explicit self/inline allowances. Apps still run their own scripts, but never on the core origin.
… cross-app isolation)
…make container re-install idempotent
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Draft / WIP — building the App Runtime foundation (#196) so users can install sandboxed, agent-built apps that can't break the core OS. Subagent-driven build, landing milestone by milestone.
Design
Immutable core (compiled SPA + controller, read-only) + a sandboxed userspace under
data/apps/{id}/. Userspace apps are web (opaque-origin sandbox iframe) or container — never in-processnative. All core access goes through a capability broker (single chokepoint) that enforces install-time-granted permissions and namespaces every call by app_id. Local design spec:docs/superpowers/specs/2026-05-30-app-runtime-immutable-userspace-design.md.Milestones
UserspaceAppStore,.taosapppackage parse/validate/extract (rejectsnative+ path traversal), app.py wiring,/api/userspace-appslifecycle + bundle routes, frontend registry merge. (9 backend + 3 frontend tests; app boots; 8 routes.)taos-app-sdk, per-app bundle token (opaque-origin iframes don't reliably carry the session cookie, so bundle/serve auth uses a short-lived per-app token, mirroring the shortcut/redeempattern).Closes #196 when complete. Gates #184 (App Builder), #103 (signed store sharing), and a future gitaos forge.