- Add servo/winit/softbuffer as optional deps in weft-servo-shell and
weft-app-shell Cargo.toml, gated on servo-embed feature
- Replace ShellClient::connect() and connect_as_app() with
connect_with_display() and connect_as_app_with_display(), using
Backend::from_foreign_display to share the winit wl_display connection
- Move ShellClient construction into resumed() in both embedders after
winit window and wl_surface are available
- Pass actual wl_surface to create_window instead of None
- Fix pre-existing field name bug: wayland-scanner generates _type for
the reserved keyword arg name=type, not r#type
Task 10 -- App WebView lifecycle.
appd_ws module (servo-embed gated):
Background thread connects to the appd WebSocket on startup.
Sends QUERY_RUNNING to receive initial running sessions.
Translates LAUNCH_ACK -> AppdCmd::Launch and APP_STATE stopped
-> AppdCmd::Stop, then wakes the winit event loop via the
shared EventLoopWaker.
embedder changes:
App struct gains app_rx (mpsc receiver), app_webviews
(HashMap<session_id, WebView>), active_session, and a stored
rendering_context used when creating app WebViews later.
create_app_webview(): resolves weft-app://<app_id>/index.html
to a file URL, creates a dedicated UserContentManager with the
weftIpc bridge injected (includes window.weftSessionId), builds
and registers a new WebView.
about_to_wait() drains app_rx: creates WebViews for Launch
commands, removes and clears active_session for Stop commands.
active_webview() returns the active-session WebView when one
exists, falling back to the system-ui WebView. Rendering,
keyboard, and mouse events all route through active_webview().
Resize propagates to both the system WebView and all app WebViews.
run() creates the mpsc channel and spawns the appd listener
before entering the winit event loop.
New crate. Per-session file proxy that gates filesystem access to an
explicit allowlist of paths passed at startup.
Usage: weft-file-portal <socket_path> [--allow <path>]...
Listens on a Unix domain socket. Each connection receives newline-
delimited JSON requests and returns newline-delimited JSON responses.
File content is base64-encoded. Operations: read, write, list.
Empty allowlist rejects all requests; paths checked with starts_with.
7 unit tests covering access control, read/write roundtrip, and list.
New crate: weft-mount-helper. A privileged helper binary that sets up
dm-verity devices and mounts EROFS images for app isolation.
Commands:
mount <img> <hash_dev> <root_hash> <mountpoint>
- opens a named dm-verity device via veritysetup open
- mounts the resulting /dev/mapper/<name> as EROFS read-only
- cleans up the dm device if mount fails
umount <mountpoint>
- unmounts the mountpoint
- closes the dm-verity device via veritysetup close
Device naming: derives a stable name from the mountpoint path, limited
to 31 chars (DM limit), always prefixed weft-. Root check reads
/proc/self/status euid rather than using unsafe libc calls.
Tests: device_name_sanitizes_path, device_name_truncates_long_paths.
New crate: weft-pack — command-line tool for validating WEFT application
package directories against the app-package-format spec.
src/main.rs:
- check <dir>: loads wapp.toml, validates app ID format, verifies
package.name is non-empty and <=64 chars, confirms runtime.module and
ui.entry files exist. Prints 'OK' on success or the list of errors.
- info <dir>: prints all manifest fields to stdout.
- load_manifest(): reads and parses wapp.toml with toml crate.
- is_valid_app_id(): enforces reverse-domain convention (>=3 components,
each starting with a lowercase letter, digits allowed, no hyphens or
uppercase).
Tests (5):
- app_id_valid: accepts well-formed reverse-domain IDs.
- app_id_invalid: rejects two-component, uppercase, hyphen, empty IDs.
- check_package_missing_manifest: error when wapp.toml is absent.
- check_package_valid: full happy-path with real temp files.
- check_package_invalid_app_id: error on a hyphenated app ID.
New deps: toml 0.8, serde 1 (derive).
Added weft-pack to workspace Cargo.toml; wsl-test.sh extended.
New crate: weft-runtime — the child process spawned by weft-appd to
execute WEFT application packages.
src/main.rs:
- Parses CLI arguments: <app_id> <session_id> (as per the supervisor
contract in runtime.rs).
- resolve_package(): searches user store
(~/.local/share/weft/apps/<app_id>) then system store
(/usr/share/weft/apps/<app_id>) for a wapp.toml manifest. Overridden
by WEFT_APP_STORE env var.
- Verifies app.wasm exists in the resolved package directory.
- Stubs Wasmtime execution with a TODO comment; prints 'READY' to
stdout and exits cleanly so weft-appd's supervisor can complete the
session lifecycle during development and integration testing.
Tests (2):
- package_store_roots_includes_system_path: system store path present.
- package_store_roots_uses_weft_app_store_when_set: WEFT_APP_STORE
override replaces default search list.
Also:
- Added weft-runtime to workspace Cargo.toml members.
- wsl-test.sh: added cargo test -p weft-runtime.
Implements the weft-appd WebSocket server that allows the system-ui.html
page running inside Servo to send requests and receive push notifications
without requiring custom SpiderMonkey bindings.
ws.rs — WebSocket connection handler:
- Accepts a tokio TcpStream, performs WebSocket handshake via
tokio-tungstenite accept_async.
- Reads JSON Text frames, deserializes as Request (serde_json), calls
dispatch(), sends Response as JSON Text.
- Subscribes to a broadcast::Receiver<Response> for server-push
notifications (APP_READY, etc.); forwards to client via select!.
- Handles close frames, partial errors, and lagged broadcast gracefully.
main.rs — server changes:
- broadcast::channel(16) created at startup; WebSocket handlers
subscribe for push delivery.
- TcpListener bound on 127.0.0.1:7410 (default) or WEFT_APPD_WS_PORT.
- ws_port() / write_ws_port(): port written to
XDG_RUNTIME_DIR/weft/appd.wsport for runtime discovery.
- WS accept branch added to the main select! loop alongside Unix socket.
ipc.rs — Response and AppStateKind now derive Clone (required by
broadcast::Sender<Response>).
system-ui.html — appd WebSocket client:
- appdConnect(): opens ws://127.0.0.1:<port>/appd with exponential
backoff reconnect (1s → 16s max).
- On open: sends QUERY_RUNNING to populate taskbar with live sessions.
- handleAppdMessage(): maps LAUNCH_ACK and RUNNING_APPS to taskbar
entries; APP_READY shows a timed notification; APP_STATE::stopped
removes the taskbar entry.
- WEFT_APPD_WS_PORT window global overrides the default port.
New deps: tokio-tungstenite 0.24, futures-util 0.3 (sink+std),
serde_json 1.
Generate client-side protocol types from weft-shell-unstable-v1.xml
using wayland-scanner, following the same module structure as the
compositor server side.
- crates/weft-servo-shell/src/protocols/mod.rs: generate_interfaces!
inside __interfaces submodule, generate_client_code! at client module
level, with use wayland_client in scope. Re-exports
ZweftShellManagerV1 and ZweftShellWindowV1 for use by embed_servo
once the Wayland connection is established.
- New deps: wayland-client, wayland-backend, wayland-scanner, bitflags
(version-matched to existing workspace resolution).
The binding compiles but is not yet wired into embed_servo(); that
connection is deferred until the Servo embedder contract is ready.
Add the WEFT compositor-shell Wayland protocol and wire it into the
compositor state.
Protocol definition:
- protocol/weft-shell-unstable-v1.xml: defines zweft_shell_manager_v1
(global, bound once by servo-shell) and zweft_shell_window_v1
(per-window slot). Requests: destroy, create_window,
update_metadata, set_geometry. Events: configure, focus_changed,
window_closed, presentation_feedback.
Generated code + bindings:
- crates/weft-compositor/src/protocols/mod.rs: uses wayland-scanner
generate_interfaces! inside a __interfaces sub-module and
generate_server_code! at the server module level, following the
wayland-protocols-wlr crate structure. Exports WeftShellState
(holds the GlobalId) and WeftShellWindowData (per-window user data).
Server-side dispatch (state.rs):
- GlobalDispatch<ZweftShellManagerV1, ()>: binds the global, inits
each bound resource with unit user data.
- Dispatch<ZweftShellManagerV1, ()>: handles create_window by
initialising a ZweftShellWindowV1 and sending an initial configure.
- Dispatch<ZweftShellWindowV1, WeftShellWindowData>: handles
update_metadata (stores advisory data) and set_geometry (echoes
compositor-adjusted configure back to client).
WeftCompositorState.weft_shell_state initialised in new() alongside
all other protocol globals.
New direct deps in weft-compositor: wayland-scanner, wayland-server,
wayland-backend, bitflags (all version-matched to Smithay 0.7).
New crate implementing the application daemon entry point:
- crates/weft-appd/Cargo.toml: tokio (current-thread runtime), anyhow,
sd-notify, tracing dependencies
- crates/weft-appd/src/main.rs: async run() resolves IPC socket path
from WEFT_APPD_SOCKET or XDG_RUNTIME_DIR/weft/appd.sock; stubs for
AppRegistry, IpcServer, CompositorClient, RuntimeSupervisor,
CapabilityBroker, ResourceController per WEFT-OS-APPD-DESIGN.md;
sd_notify(READY=1) to be sent after IpcServer bind + CompositorClient
connect
- infra/systemd/weft-appd.service: Type=notify, Requires+After
weft-compositor.service, After servo-shell.service
Also fix two winit backend issues that were present in the working tree:
- remove spurious mut on display binding (never mutated after init)
- wrap std::env::set_var in unsafe block (required since Rust 1.80)
Add full DRM/KMS backend with libseat session, GBM allocation, EGL
display initialisation, and a GpuManager-driven rendering loop.
- drm_device.rs: type aliases and per-device/per-output state structs
(WeftDrmDevice, WeftOutputSurface, WeftDrmData)
- drm.rs: replace skeleton with complete backend libseat session,
udev device enumeration, libinput event source, connector scanning
via smithay-drm-extras DrmScanner, DrmOutputManager initialisation
per CRTC, VBlank-driven render_output, sd_notify(READY=1)
- state.rs: add drm: Option<WeftDrmData> field; route dmabuf import
through GPU manager when the DRM path is active
- Cargo.toml: add renderer_multi, use_system_lib Smithay features;
add smithay-drm-extras and sd-notify Linux dependencies
render_output submits a clear-colour-only frame to establish
the VBlank pipeline. Surface compositing is wired up in a subsequent commit.
