wasm-gui: a WebAssembly Linux desktop (M1–M6) rendered by the native Rust client

Cargo.toml

@@ -1,6 +1,7 @@
 [workspace]
 resolver = "2"
 members = [
+    "experiments/wasm-gui/host",
     "crates/bridge",
     "crates/kernel",
     "crates/execution",

crates/execution/assets/v8-bridge.source.js

@@ -3943,6 +3943,16 @@ var __bridge = (() => {
       classification: "hardened",
       rationale: "Host PTY bridge reference for stdin.setRawMode()."
     },
+    {
+      name: "_ptyReadRaw",
+      classification: "hardened",
+      rationale: "Host PTY bridge reference for reading a terminal's PTY master fd (__pty_read)."
+    },
+    {
+      name: "_ptyWriteRaw",
+      classification: "hardened",
+      rationale: "Host PTY bridge reference for writing a terminal's PTY master fd (__pty_write)."
+    },
     {
       name: "require",
       classification: "hardened",
@@ -6404,6 +6414,8 @@ var __bridge = (() => {
   var _processResourceUsage = createBridgeSyncFacade("process.resourceUsage");
   var _processVersions = createBridgeSyncFacade("process.versions");
   var _kernelPollRaw = createBridgeSyncFacade("_kernelPollRaw");
+  var _ptyReadRaw = createBridgeSyncFacade("_ptyReadRaw");
+  var _ptyWriteRaw = createBridgeSyncFacade("_ptyWriteRaw");
   function decodeBridgeJson(value) {
     return typeof value === "string" ? JSON.parse(value) : value;
   }

crates/execution/src/v8_runtime.rs

@@ -373,6 +373,8 @@ pub fn map_bridge_method(method: &str) -> (&str, bool) {
 
         // PTY
         "_ptySetRawMode" => ("__pty_set_raw_mode", false),
+        "_ptyReadRaw" => ("__pty_read", false),
+        "_ptyWriteRaw" => ("__pty_write", false),
 
         // Pass through unknown methods
         _ => (method, false),

crates/execution/src/wasm.rs

@@ -3339,9 +3339,10 @@ if (typeof globalThis !== "undefined" && typeof globalThis.__agentOsWasiModule =
             typeof globalThis?.__agentOsSyncRpc?.callSync === "function"
               ? globalThis.__agentOsSyncRpc
               : null;
-          const sidecarManagedProcess =
-            typeof process?.env?.AGENT_OS_SANDBOX_ROOT === "string" &&
-            process.env.AGENT_OS_SANDBOX_ROOT.length > 0;
+          // AGENT_OS_SANDBOX_ROOT is scrubbed from the public process.env, so check the hidden
+          // internal env too (via _sidecarManagedProcess) — otherwise sidecar-managed guests fall to
+          // the passthrough stdin read, which never receives host write_stdin (kernel pipe) data.
+          const sidecarManagedProcess = this._sidecarManagedProcess();
           if (syncRpc && (sidecarManagedProcess || __agentOsKernelStdioSyncRpcEnabled())) {{
             try {{
               let chunk = null;
@@ -4248,6 +4249,16 @@ if (typeof globalThis !== "undefined" && typeof globalThis.__agentOsSyncRpc ===
             throw new Error("secure-exec WASM kernel poll bridge is unavailable");
           }}
           return _kernelPollRaw.applySync(void 0, args);
+        case "__pty_read":
+          if (typeof _ptyReadRaw === "undefined") {{
+            throw new Error("secure-exec WASM pty read bridge is unavailable");
+          }}
+          return _ptyReadRaw.applySync(void 0, args);
+        case "__pty_write":
+          if (typeof _ptyWriteRaw === "undefined") {{
+            throw new Error("secure-exec WASM pty write bridge is unavailable");
+          }}
+          return _ptyWriteRaw.applySync(void 0, args);
         case "child_process.spawn": {{
           if (typeof _childProcessSpawnStart === "undefined") {{
             throw new Error("secure-exec WASM child_process bridge is unavailable");

crates/kernel/src/kernel.rs

@@ -1292,6 +1292,64 @@ impl<F: VirtualFileSystem + 'static> KernelVm<F> {
         Ok(self.ptys.create_pty_fds(table)?)
     }
 
+    /// Allocate a PTY pair and split its ends across two processes: the master fd lands in
+    /// `parent_pid`'s fd table (the terminal emulator reads/writes it) and the slave fd lands in
+    /// `child_pid`'s fd table (dup'd onto the shell's stdin/stdout/stderr by the caller). This is
+    /// the kernel primitive behind `__pty_spawn`: unlike `open_pty`, which places both ends in one
+    /// process, a terminal needs the two ends in distinct processes.
+    pub fn open_pty_split(
+        &mut self,
+        requester_driver: &str,
+        parent_pid: u32,
+        child_pid: u32,
+    ) -> KernelResult<(u32, u32, String)> {
+        self.assert_not_terminated()?;
+        self.assert_driver_owns(requester_driver, parent_pid)?;
+        self.assert_driver_owns(requester_driver, child_pid)?;
+        self.resources
+            .check_pty_allocation(&self.resource_snapshot())?;
+        let pty = self.ptys.create_pty();
+        let mut tables = lock_or_recover(&self.fd_tables);
+        let master_fd = match tables.get_mut(parent_pid) {
+            Some(parent_table) => parent_table.open_with(
+                Arc::clone(&pty.master.description),
+                FILETYPE_CHARACTER_DEVICE,
+                None,
+            )?,
+            None => {
+                self.ptys.close(pty.master.description.id());
+                self.ptys.close(pty.slave.description.id());
+                return Err(KernelError::no_such_process(parent_pid));
+            }
+        };
+        let slave_fd = match tables.get_mut(child_pid) {
+            Some(child_table) => match child_table.open_with(
+                Arc::clone(&pty.slave.description),
+                FILETYPE_CHARACTER_DEVICE,
+                None,
+            ) {
+                Ok(slave_fd) => slave_fd,
+                Err(error) => {
+                    if let Some(parent_table) = tables.get_mut(parent_pid) {
+                        parent_table.close(master_fd);
+                    }
+                    self.ptys.close(pty.master.description.id());
+                    self.ptys.close(pty.slave.description.id());
+                    return Err(error.into());
+                }
+            },
+            None => {
+                if let Some(parent_table) = tables.get_mut(parent_pid) {
+                    parent_table.close(master_fd);
+                }
+                self.ptys.close(pty.master.description.id());
+                self.ptys.close(pty.slave.description.id());
+                return Err(KernelError::no_such_process(child_pid));
+            }
+        };
+        Ok((master_fd, slave_fd, pty.path))
+    }
+
     pub fn socket_create(
         &mut self,
         requester_driver: &str,

crates/kernel/tests/api_surface.rs

@@ -1149,6 +1149,94 @@ fn open_shell_configures_pty_and_exec_uses_shell_driver() {
     kernel.waitpid(exec.pid()).expect("wait exec");
 }
 
+#[test]
+fn open_pty_split_wires_master_in_parent_and_slave_in_child() {
+    use secure_exec_kernel::pty::LineDisciplineConfig;
+    let mut config = KernelVmConfig::new("vm-api-pty-split");
+    config.permissions = Permissions::allow_all();
+    let mut kernel = KernelVm::new(MemoryFileSystem::new(), config);
+    kernel
+        .register_driver(CommandDriver::new("shell", ["sh"]))
+        .expect("register shell");
+
+    // Two processes: a terminal (parent, holds the master) and a shell (child, holds the slave).
+    let terminal = kernel
+        .exec(
+            "term",
+            ExecOptions {
+                requester_driver: Some(String::from("shell")),
+                ..ExecOptions::default()
+            },
+        )
+        .expect("spawn terminal");
+    let shell = kernel
+        .exec(
+            "shell",
+            ExecOptions {
+                requester_driver: Some(String::from("shell")),
+                ..ExecOptions::default()
+            },
+        )
+        .expect("spawn shell");
+
+    let (master_fd, slave_fd, path) = kernel
+        .open_pty_split("shell", terminal.pid(), shell.pid())
+        .expect("open pty split");
+    assert!(path.starts_with("/dev/pts/"), "pty path was {path}");
+
+    // Raw mode on the slave so the line discipline does not cook/echo our test bytes.
+    kernel
+        .pty_set_discipline(
+            "shell",
+            shell.pid(),
+            slave_fd,
+            LineDisciplineConfig {
+                canonical: Some(false),
+                echo: Some(false),
+                isig: Some(false),
+            },
+        )
+        .expect("set raw mode");
+
+    // Input direction: the terminal writes the master, the shell reads it from the slave.
+    assert_eq!(
+        kernel
+            .fd_write("shell", terminal.pid(), master_fd, b"ping")
+            .expect("write master"),
+        4
+    );
+    assert_eq!(
+        kernel
+            .fd_read("shell", shell.pid(), slave_fd, 64)
+            .expect("read slave"),
+        b"ping"
+    );
+
+    // Output direction: the shell writes the slave, the terminal reads it from the master.
+    assert_eq!(
+        kernel
+            .fd_write("shell", shell.pid(), slave_fd, b"pong")
+            .expect("write slave"),
+        4
+    );
+    assert_eq!(
+        kernel
+            .fd_read("shell", terminal.pid(), master_fd, 64)
+            .expect("read master"),
+        b"pong"
+    );
+
+    // A nonexistent child must fail (and roll back the master fd it tentatively opened).
+    assert!(kernel
+        .open_pty_split("shell", terminal.pid(), 999_999)
+        .is_err());
+
+    terminal.finish(0);
+    shell.finish(0);
+    kernel.waitpid(terminal.pid()).expect("wait terminal");
+    kernel.waitpid(shell.pid()).expect("wait shell");
+}
+
 #[test]
 fn pty_resize_delivers_sigwinch_to_the_foreground_process_group() {
     let mut config = KernelVmConfig::new("vm-api-shell");