diff --git a/kinode/packages/app_store/app_store/src/http_api.rs b/kinode/packages/app_store/app_store/src/http_api.rs index 8eb68fa4..30bb66e8 100644 --- a/kinode/packages/app_store/app_store/src/http_api.rs +++ b/kinode/packages/app_store/app_store/src/http_api.rs @@ -1,13 +1,9 @@ -use crate::{ - DownloadResponse, OnchainPackageMetadata, PackageListing, PackageState, RequestedPackage, State, -}; +use crate::{DownloadResponse, PackageListing, PackageState, RequestedPackage, State}; use kinode_process_lib::{ - eth::EthAddress, http::{send_response, IncomingHttpRequest, Method, StatusCode}, print_to_terminal, Address, NodeId, PackageId, }; use serde_json::json; -use sha3::digest::generic_array::arr::Inc; use std::collections::HashMap; /// Actions supported over HTTP: diff --git a/kinode/packages/app_store/app_store/src/lib.rs b/kinode/packages/app_store/app_store/src/lib.rs index b18a53f3..49475db9 100644 --- a/kinode/packages/app_store/app_store/src/lib.rs +++ b/kinode/packages/app_store/app_store/src/lib.rs @@ -5,7 +5,6 @@ use kinode_process_lib::*; use kinode_process_lib::{call_init, println}; use serde::{Deserialize, Serialize}; use std::collections::{HashMap, HashSet}; -use std::io::Read; use std::str::FromStr; wit_bindgen::generate!({ @@ -539,13 +538,6 @@ pub fn handle_install( format!("/{}", entry.process_wasm_path) }; let wasm_path = format!("{}{}", drive_path, wasm_path); - // build initial caps - let mut initial_capabilities: HashSet = HashSet::new(); - if entry.request_networking { - initial_capabilities.insert(kt::de_wit_capability(networking_cap.clone())); - } - initial_capabilities.insert(kt::de_wit_capability(read_cap.clone())); - initial_capabilities.insert(kt::de_wit_capability(write_cap.clone())); let process_id = format!("{}:{}", entry.process_name, package_id); let Ok(parsed_new_process_id) = process_id.parse::() else { return Err(anyhow::anyhow!("app store: invalid process id!")); @@ -563,17 +555,37 @@ pub fn handle_install( action: vfs::VfsAction::Read, })?) .send_and_await_response(5)??; + + Request::new() + .target(("our", "kernel", "distro", "sys")) + .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { + id: parsed_new_process_id.clone(), + wasm_bytes_handle: wasm_path, + wit_version: None, + on_exit: entry.on_exit.clone(), + initial_capabilities: HashSet::new(), + public: entry.public, + })?) + .inherit(true) + .send_and_await_response(5)??; + // build initial caps + let mut requested_capabilities: Vec = vec![]; for value in &entry.request_capabilities { - let mut capability = None; match value { serde_json::Value::String(process_name) => { if let Ok(parsed_process_id) = process_name.parse::() { - capability = get_capability( - &Address { + requested_capabilities.push(kt::Capability { + issuer: Address { node: our.node.clone(), process: parsed_process_id.clone(), }, - "\"messaging\"".into(), + params: "\"messaging\"".into(), + }); + } else { + println!( + "app-store: invalid cap: {} for {} to request!", + value.to_string(), + package_id ); } } @@ -585,12 +597,18 @@ pub fn handle_install( .parse::() { if let Some(params) = map.get("params") { - capability = get_capability( - &Address { + requested_capabilities.push(kt::Capability { + issuer: Address { node: our.node.clone(), process: parsed_process_id.clone(), }, - ¶ms.to_string(), + params: params.to_string(), + }); + } else { + println!( + "app-store: invalid cap: {} for {} to request!", + value.to_string(), + package_id ); } } @@ -600,26 +618,18 @@ pub fn handle_install( continue; } } - if let Some(cap) = capability { - initial_capabilities.insert(kt::de_wit_capability(cap)); - } else { - println!( - "app-store: no cap: {} for {} to request!", - value.to_string(), - package_id - ); - } } - Request::to(("our", "kernel", "distro", "sys")) - .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { - id: parsed_new_process_id.clone(), - wasm_bytes_handle: wasm_path, - wit_version: None, - on_exit: entry.on_exit.clone(), - initial_capabilities, - public: entry.public, + if entry.request_networking { + requested_capabilities.push(kt::de_wit_capability(networking_cap.clone())); + } + requested_capabilities.push(kt::de_wit_capability(read_cap.clone())); + requested_capabilities.push(kt::de_wit_capability(write_cap.clone())); + Request::new() + .target(("our", "kernel", "distro", "sys")) + .body(serde_json::to_vec(&kt::KernelCommand::GrantCapabilities { + target: parsed_new_process_id.clone(), + capabilities: requested_capabilities, })?) - .inherit(true) .send_and_await_response(5)??; } // THEN, *after* all processes have been initialized, grant caps in manifest diff --git a/kinode/packages/app_store/app_store/src/types.rs b/kinode/packages/app_store/app_store/src/types.rs index 0ffa65a4..babbbadf 100644 --- a/kinode/packages/app_store/app_store/src/types.rs +++ b/kinode/packages/app_store/app_store/src/types.rs @@ -1,4 +1,3 @@ -use alloy_primitives::FixedBytes; use alloy_rpc_types::Log; use alloy_sol_types::{sol, SolEvent}; use kinode_process_lib::kernel_types as kt; @@ -172,7 +171,7 @@ impl State { pub fn add_downloaded_package( &mut self, package_id: &PackageId, - mut package_state: PackageState, + package_state: PackageState, package_bytes: Option>, ) -> anyhow::Result<()> { if let Some(package_bytes) = package_bytes { diff --git a/kinode/packages/terminal/pkg/scripts.json b/kinode/packages/terminal/pkg/scripts.json index 77f18429..d555c90c 100644 --- a/kinode/packages/terminal/pkg/scripts.json +++ b/kinode/packages/terminal/pkg/scripts.json @@ -52,7 +52,7 @@ }, "m.wasm": { "root": true, - "public": false, + "public": true, "request_networking": true } } \ No newline at end of file diff --git a/kinode/packages/terminal/terminal/src/lib.rs b/kinode/packages/terminal/terminal/src/lib.rs index 31ddb0fc..3636477f 100644 --- a/kinode/packages/terminal/terminal/src/lib.rs +++ b/kinode/packages/terminal/terminal/src/lib.rs @@ -2,8 +2,8 @@ use anyhow::anyhow; use kinode_process_lib::kernel_types as kt; use kinode_process_lib::kinode::process::standard as wit; use kinode_process_lib::{ - get_blob, get_capability, get_typed_state, our_capabilities, println, set_state, vfs, Address, - Capability, PackageId, ProcessId, Request, + get_blob, get_typed_state, our_capabilities, print_to_terminal, println, set_state, vfs, + Address, Capability, PackageId, ProcessId, Request, }; use regex::Regex; use serde::{Deserialize, Serialize}; @@ -205,13 +205,6 @@ fn handle_run( }; let wasm_path = format!("{}{}", drive_path, wasm_path); // build initial caps - let mut initial_capabilities: HashSet = HashSet::new(); - if entry.request_networking { - initial_capabilities.insert(kt::de_wit_capability(Capability { - issuer: Address::new(&our.node, ("kernel", "distro", "sys")), - params: "\"network\"".to_string(), - })); - } let process_id = format!("{}:{}", rand::random::(), package); // all scripts are given random process IDs let Ok(parsed_new_process_id) = process_id.parse::() else { return Err(anyhow::anyhow!("app store: invalid process id!")); @@ -224,19 +217,31 @@ fn handle_run( action: vfs::VfsAction::Read, })?) .send_and_await_response(5)??; + Request::new() + .target(("our", "kernel", "distro", "sys")) + .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { + id: parsed_new_process_id.clone(), + wasm_bytes_handle: wasm_path.clone(), + wit_version: None, + on_exit: kt::OnExit::None, // TODO this should send a message back to runner:script:sys so that it can Drop capabilities + initial_capabilities: HashSet::new(), + public: entry.public, + })?) + .inherit(true) + .send_and_await_response(5)??; + let mut requested_caps: Vec = vec![]; if let Some(to_request) = &entry.request_capabilities { for value in to_request { - let mut capability = None; match value { serde_json::Value::String(process_name) => { if let Ok(parsed_process_id) = process_name.parse::() { - capability = get_capability( - &Address { + requested_caps.push(kt::Capability { + issuer: Address { node: our.node.clone(), process: parsed_process_id.clone(), }, - "\"messaging\"".into(), - ); + params: "\"messaging\"".into(), + }); } } serde_json::Value::Object(map) => { @@ -247,13 +252,13 @@ fn handle_run( .parse::() { if let Some(params) = map.get("params") { - capability = get_capability( - &Address { + requested_caps.push(kt::Capability { + issuer: Address { node: our.node.clone(), process: parsed_process_id.clone(), }, - ¶ms.to_string(), - ); + params: params.to_string(), + }); } } } @@ -262,36 +267,44 @@ fn handle_run( continue; } } - if let Some(cap) = capability { - initial_capabilities.insert(kt::de_wit_capability(cap)); - } else { - println!( - "runner: no cap: {}, for {} to request!", - value.to_string(), - package - ); - } } } + if entry.request_networking { + requested_caps.push(kt::de_wit_capability(Capability { + issuer: Address::new(&our.node, ("kernel", "distro", "sys")), + params: "\"network\"".to_string(), + })); + } + if entry.root { + for cap in our_capabilities() { + requested_caps.push(kt::de_wit_capability(cap.clone())); + } + } + print_to_terminal( + 1, + &format!( + "{}: Process {{\n wasm_bytes_handle: {},\n wit_version: {},\n on_exit: {:?},\n public: {}\n capabilities: {}\n}}", + parsed_new_process_id.clone(), + wasm_path.clone(), + "None", + kt::OnExit::None, + entry.public, + { + let mut caps_string = "[".to_string(); + for cap in requested_caps.iter() { + caps_string += &format!("\n {}({})", cap.issuer.to_string(), cap.params); + } + caps_string + "\n ]" + }, + ), + ); Request::new() .target(("our", "kernel", "distro", "sys")) - .body(serde_json::to_vec(&kt::KernelCommand::InitializeProcess { - id: parsed_new_process_id.clone(), - wasm_bytes_handle: wasm_path, - wit_version: None, - on_exit: kt::OnExit::None, // TODO this should send a message back to runner:script:sys so that it can Drop capabilities - initial_capabilities: if entry.root { - our_capabilities() - .iter() - .map(|wit: &kinode_process_lib::Capability| kt::de_wit_capability(wit.clone())) - .collect() - } else { - initial_capabilities - }, - public: entry.public, + .body(serde_json::to_vec(&kt::KernelCommand::GrantCapabilities { + target: parsed_new_process_id.clone(), + capabilities: requested_caps, })?) - .inherit(true) - .send_and_await_response(5)??; + .send()?; if let Some(to_grant) = &entry.grant_capabilities { for value in to_grant { match value {