Real Linux kernel in the browser — Phases 1–3 (boot, persistence, networking)#1
Draft
ETPDEV wants to merge 25 commits into
Draft
Real Linux kernel in the browser — Phases 1–3 (boot, persistence, networking)#1ETPDEV wants to merge 25 commits into
ETPDEV wants to merge 25 commits into
Conversation
…t-dispose guard, rolling tail, test coverage
…m fallback intact)
…ntil modern image)
…n; kernel opt-in via ?engine=kernel
…etry limit; doc cleanups (final review)
…rm-restore (P2.1)
…nst false-pass Kernel panicked at setup_IO_APIC (i386_defconfig SMP/APIC vs v86's incomplete APIC emulation). Fixed via cmdline nolapic noapic. A panicking kernel had passed the old gate because (a) promptPattern matched stray boot-log #/$/% and (b) the version regex matched the kernel banner not uname. Now: boot() rejects on Kernel panic; promptPattern = login prompt only; e2e requires a computed shell marker (READY_$((6*7))_$(uname -r)) + asserts no panic + reached login.
VM snapshot -> gzip -> IndexedDB -> reload -> warm-restore. Warm boot 267ms vs 14.5s cold. Key fix: restore via v86 initial_state config + emulator-ready event (manual restore_state on a fresh emu throws set_state). initialState accepts an async thunk; snapshot-store compresses (~73MB raw VM state). 23 unit + G1 + G2 green.
Boots the kernel once and verifies real Linux behavior across 6 domains (~55 checks): filesystem, text processing, shell scripting, permissions, processes, archives — all green. Plus command-availability matrix (63/88) + extended-gap audit (networking transport / packages / languages = Phase 3+ roadmap). Helper uploads scripts via chunked base64 to survive the ~255-char serial tty line limit. Full report: docs/LINUX-CONFORMANCE.md.
… (PROVEN) KernelSession networkRelayUrl option (?net=wisp://host/). proxy/ = hardened WISP server (@mercuryworkshop/wisp-js) with host allowlist (resolved to IPs, since v86's WISP client sends IPs), port allowlist [53,80,443], SSRF guards (no private/loopback), per-client rate limit, and connection audit. Proven via Playwright: real DHCP/DNS/ TCP/HTTPS; allowlist refuses non-allowlisted IPs. Key: v86 uses URL SCHEME to pick protocol — wisp:// for WISP. node_modules gitignored.
…ne/http failures are out of scope)
…se 3 finish) Cold boot now lands at a networked root shell with ZERO manual steps (verified: whoami=root, eth0 auto-leases 192.168.86.100 via the relay, ~6.9s boot). post-build.sh auto-logins root on ttyS0; BR2_SYSTEM_DHCP brings eth0 up; nano baked in. main.ts: promptPattern now matches the auto-login '# ' shell + app re-runs udhcpc post-boot (boot-time DHCP races the relay). KNOWN GAPS for next toolset rebuild: busybox wget has NO TLS (HTTPS fails; HTTP works) + bash/python3/git/coreutils.
…ed marker) + headed demo script
…rdened proxy Image: openssl + ca-certificates + libcurl/curl + python3(+ssl) + nano (VERIFIED: python3 3.11 with ssl; curl http+HTTPS both 200 w/ real body). bash/coreutils need a wchar/glibc toolchain (deferred, documented). Proxy: egress default is 'public web + SSRF + ports + rate-limit + audit' (strict per-IP allowlist now opt-in via WISP_STRICT_ALLOWLIST — it's impractical with v86's local DNS). FIXED the real blocker: wisp-js 0.4.1 'connection.streams is not iterable' (filter.mjs:103) triggered by stream_limit_per_host — removed it, streams flow now.
…n boot (embed-SDK surface) + gate
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What this is
Replaces the simulated shell with a real Linux 6.6 kernel running in-browser via v86, behind
?engine=kernel(default stayssim). 19 commits across three phases, all gates verified locally.Done & verified
nolapic noapic, panic-reject, computed-marker assertion).proxy/) with allowlist + port-restrict + SSRF guards + rate-limit + audit. Capability proven; finishing items below.docs/LINUX-CONFORMANCE.md.Verified green
runtime-sdk23 unit tests · web build · kernel/persistence/conformance e2e (local; need image binaries).NOT done (see gap analysis)
Notes
bzImage,rootfs.cpio.gz, v86 engine) are gitignored — rebuild viaimage/build.sh(WSL).