- Fully typed checked with JSdoc, and Bun/TS for testing.
- stdlib-js is injected into every js runner and notebook for better math capabilities than vanilla js, and also charts etc.
- App dev tasks utilize mithril for making SPAs, a very small no-dependency framework that is very fit to purpose for the client side nature of peerd apps.
- Currently on main, tabs are global objects each chat session can freely mutate, which is not great. The new in progress model has one "resident" agent own every tab. Only they have the exposed capability to mutate it, and everything between agents/sessions is message based. This has some cool properties: further isolation between contexts, mirroring the web runner subagent. Explicit ownership and scope is cleaner and better for parallel ops. Context and system prompts can be reduced and focused to the specific context the session is exposed to. The orchestrator doesn’t have any low level tab interactions available to it. The tab residents have only the tab interaction tools relevant to it, and the instructions specific to the tab type (js notebook, linux vm, app dev, etc). Over time model usage can be tuned and optimized for each specific context etc.
I hope so! There's different approaches for different use cases, for sure. This seemed like a genuinely new one worth exploring and seeing where it goes. I think the benefits are that the agent "lives" where most people already work and live their online lives. Has direct web access, and all the other browser primitives I've tried to demo. But yeah, wasm especially opens up literally any kind of application as well. The guys at CheerpX have made a great engine and 64-bit is going to be a big unlock.
I'm going to do a simonw here and coin "Markdown hoarding" for the Claudeism of producing reams of hyper-dense prose and compounding it with every commit that touches docs. The documentation gets more and more bloated.
The default Claude voice is breathless, jargon-heavy showboating:
WebRTC transport (trickle ICE) — RTCPeerConnection data channels with trickle signaling; same-machine mDNS-loopback rewrite. Browser/device-verified. peerd-distributed/transport/transports/webrtc.js
TOFU rootfs integrity pin — pure decision logic: trust-on-first-use pin of base-image size + first-64KiB SHA-256, verified each boot, fails closed on drift. Head-only by construction — a faithful-head/tampered-tail host is an acknowledged residual gap. peerd-engine/image-pin.js (partial)
PDF reading (read_pdf) — pdf.js text-layer extraction with opt-in SRI-pinned OCR engine + page assembly. pdf/, tools/defs/read-pdf.js
If the web runners return summarized results and those are still treated as untrusted, what's stopping a summary itself from carrying the injection up to the main loop?
It's defense in depth, definitely not a silver bullet. The web runner has no access to wider capabilities outside of that page. So the only path for a prompt injection to do anything is to try and get itself included in the summary, and get the main loop to act on an instruction in that summary. That means getting pass two sets of <untrusted> tags and explicit instructions to treat everything inside as information, not instruction. Then the egress checkpoint and allow/deny whitelists are the final guards regardless of what the main loop decides to do. Trying to harden wherever I can if you have any recs.
- Fully typed checked with JSdoc, and Bun/TS for testing.
- stdlib-js is injected into every js runner and notebook for better math capabilities than vanilla js, and also charts etc.
- App dev tasks utilize mithril for making SPAs, a very small no-dependency framework that is very fit to purpose for the client side nature of peerd apps.
- Currently on main, tabs are global objects each chat session can freely mutate, which is not great. The new in progress model has one "resident" agent own every tab. Only they have the exposed capability to mutate it, and everything between agents/sessions is message based. This has some cool properties: further isolation between contexts, mirroring the web runner subagent. Explicit ownership and scope is cleaner and better for parallel ops. Context and system prompts can be reduced and focused to the specific context the session is exposed to. The orchestrator doesn’t have any low level tab interactions available to it. The tab residents have only the tab interaction tools relevant to it, and the instructions specific to the tab type (js notebook, linux vm, app dev, etc). Over time model usage can be tuned and optimized for each specific context etc.
You might be interested in this browser-based agentic solution I'm currently building in the open: https://github.com/codename-co/devs
You don't want it to access your files, just give it its own Linux user. You don't even need a container.
Better yet, you can give it root on a $3 VPS (or $30 Thinkpad) and get a sysadmin for free :)
Although, Cheerpx... that seems to imply your agent can play Java and Flash games. Alright, you might be on to something!
it's never "just" ...
(for example: how do you manage this across multiple isolated sessions?)
opening a browser is much easier
... and the entry barrier for non-linux people at your company is much much lower
... and the compliance barrier for companies is much much lower (how do you ensure that everyone creates the users correctly?)
Gotta love it when agent instructions get blurted out in user-facing documentation
Why has AI writing become so insufferable?
The project would be a lot more credible if the feature list wasn't so comically extensive and verbose [1]. Slop overload.
[1] https://github.com/NotASithLord/peerd/blob/main/FEATURES.md
The default Claude voice is breathless, jargon-heavy showboating:
This isn't a critique of the author, more of Opus, but I'd be curious what effect https://github.com/blader/humanizer/blob/main/SKILL.md might have.