marcoallegretti/WEFT_OS
marcoallegretti/WEFT_OS
1
0
Fork 0
mirror of https://github.com/marcoallegretti/WEFT_OS.git synced 2026-03-26 17:03:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
WEFT OS is a Wayland compositor and application runtime where every app is a WebAssembly component rendered in an isolated Servo WebView.
132 commits 1 branch 0 tags 472 KiB
Rust 88.9%
JavaScript 3.9%
HTML 3.7%
Nix 2.2%
Shell 1.2%
Find a file
Marco Allegretti 54b5fb662b fix(runtime): update for wasmtime-wasi 30 and fix seccomp filter 
- IoView/WasiView split: implement IoView for State, remove table()
  from WasiView impl
- preopened_dir: new signature takes host path and guest path directly
- LinkerInstance::func_wrap returns Result in wasmtime 30; use a
  variable for the clipboard LinkerInstance
- Set PR_SET_NO_NEW_PRIVS before applying the seccomp filter
- Unconditional syscall block uses empty Vec<SeccompRule>
2026-03-12 20:03:33 +01:00
.github/workflows feat(infra): NixOS VM config, CI type-check job, documentation 2026-03-12 20:03:25 +01:00
.vscode feat: appd IPC relay, WIT interfaces, UI kit, gesture routing, and CI hardening 2026-03-12 12:49:45 +01:00
crates fix(runtime): update for wasmtime-wasi 30 and fix seccomp filter 2026-03-12 20:03:33 +01:00
docs feat(infra): NixOS VM config, CI type-check job, documentation 2026-03-12 20:03:25 +01:00
examples feat(examples): add counter and notes demo apps 2026-03-12 15:31:20 +01:00
infra feat(infra): NixOS VM config, CI type-check job, documentation 2026-03-12 20:03:25 +01:00
protocol feat: appd IPC relay, WIT interfaces, UI kit, gesture routing, and CI hardening 2026-03-12 12:49:45 +01:00
scripts feat: weft-file-portal -- sandboxed file access broker 2026-03-11 15:52:33 +01:00
.gitattributes Initialize Rust workspace and repository metadata 2026-03-10 18:47:06 +01:00
.gitignore Initialize Rust workspace and repository metadata 2026-03-10 18:47:06 +01:00
Cargo.lock feat(servo-embed): wire Servo deps and share Wayland surface with shell client 2026-03-12 15:16:17 +01:00
Cargo.toml feat(examples): add counter and notes demo apps 2026-03-12 15:31:20 +01:00
flake.nix feat(infra): NixOS VM config, CI type-check job, documentation 2026-03-12 20:03:25 +01:00
justfile Add repository validation and CI checks 2026-03-10 18:47:16 +01:00
README.md feat(infra): NixOS VM config, CI type-check job, documentation 2026-03-12 20:03:25 +01:00
rust-toolchain.toml Initialize Rust workspace and repository metadata 2026-03-10 18:47:06 +01:00

README.md

WEFT OS

WEFT OS is a Wayland compositor and application runtime where every app is a WebAssembly component rendered in an isolated Servo WebView. No capability is granted by default; all resource access is declared in a per-app manifest and enforced at runtime.

What is implemented

Compositorweft-compositor is a Smithay-based Wayland compositor with DRM/KMS and winit backends. It implements the zweft-shell-unstable-v1 protocol extension, which typed shell slots (panel, application) register against.

System shellweft-servo-shell embeds Servo (feature-gated, --features servo-embed) and renders system-ui.html as a Wayland panel. Without servo-embed, the binary builds as a no-op stub. Navigation gestures from the compositor are forwarded to weft-appd over WebSocket.

App shellweft-app-shell is a per-process Servo host for application WebViews. It resolves weft-app://<id>/ui/index.html, injects a weftIpc WebSocket bridge into the page, and registers with the compositor as an application surface. Also feature-gated behind servo-embed.

App daemonweft-appd supervises sessions: spawns weft-runtime, waits for READY, spawns weft-app-shell, manages the per-session IPC relay between the Wasm component and the WebView, and handles session teardown. Wraps processes in systemd scopes (CPUQuota=200%, MemoryMax=512M) when available.

Runtimeweft-runtime runs WASI Component Model binaries under Wasmtime 30 (--features wasmtime-runtime). Provides weft:app/notify, weft:app/ipc, weft:app/fetch, weft:app/notifications, and weft:app/clipboard host imports. Preopens filesystem paths according to declared capabilities.

Package managementweft-pack handles check, sign, verify, install, uninstall, list, build-image (EROFS dm-verity), and info. Validates capability strings at check time.

File portalweft-file-portal is a per-session file proxy with a path allowlist and .. blocking.

Mount helperweft-mount-helper is a setuid helper for EROFS dm-verity mount/umount via veritysetup.

Demo appsexamples/org.weft.demo.counter and examples/org.weft.demo.notes are pre-built Wasm Component binaries (wasm32-wasip2, wit-bindgen 0.53) with HTML UIs, signed with a committed demo keypair.

Repository layout

crates/           Rust workspace members
examples/         Demo app packages (wasm32-wasip2, not workspace members)
  keys/           Demo Ed25519 keypair
protocol/         zweft-shell-unstable-v1 Wayland protocol XML
infra/
  nixos/          NixOS VM configuration and package derivations
  scripts/        check.ps1, check.sh
  shell/          system-ui.html, weft-ui-kit.js
  systemd/        service unit files
  vm/             build.sh, run.sh (QEMU)
docs/
  architecture.md Component map, IPC, capability table, env vars
  security.md     Capability model, process isolation, GAP-6 statement
  building.md     Build instructions for all targets

Building

Linux system packages required (Ubuntu/Debian):

sudo apt-get install -y \
  libwayland-dev libxkbcommon-dev libegl-dev libgles2-mesa-dev \
  libgbm-dev libdrm-dev libinput-dev libseat-dev libudev-dev \
  libsystemd-dev pkg-config clang cmake python3

Build non-Servo crates:

cargo build --workspace --exclude weft-servo-shell --exclude weft-app-shell

Build Linux-only crates (no Servo):

cargo build -p weft-compositor -p weft-servo-shell -p weft-app-shell

Build with Servo embedding (3060 min, requires clang + python3):

cargo build -p weft-servo-shell --features servo-embed
cargo build -p weft-app-shell --features servo-embed

See docs/building.md for full instructions including Wasm component builds, NixOS VM, and signing.

CI

Three jobs on every push and pull request:

  • cross-platform — fmt, clippy, tests on Ubuntu and Windows
  • linux-only — clippy and tests for compositor and shell crates
  • servo-embed-linuxcargo check --features servo-embed for both servo crates

Security

See docs/security.md. Key points:

  • Capabilities declared in wapp.toml, validated at install, enforced at runtime
  • Per-app OS processes with systemd cgroup limits
  • WASI filesystem isolation via preopened directories
  • Ed25519 package signing; optional EROFS dm-verity
  • Optional seccomp BPF blocklist in weft-runtime
  • SpiderMonkey is not sandbox-isolated beyond process-level isolation (GAP-6; see docs/security.md)

Servo fork

  • Repository: https://github.com/marcoallegretti/servo, branch servo-weft
  • Base revision: 04ca254f
  • Patches: keyboard input (GAP-1), backdrop-filter stylo (GAP-4)
  • See crates/weft-servo-shell/SERVO_PIN.md for full gap status