Rendered at 17:00:33 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
NotASithLord 1 days ago [-]
Author here. Some other technical tidbits:
- Fully typed checked with JSdoc, and Bun/TS for testing.
- stdlib-js is injected into every js runner and notebook for better math capabilities than vanilla js, and also charts etc.
- App dev tasks utilize mithril for making SPAs, a very small no-dependency framework that is very fit to purpose for the client side nature of peerd apps.
- Currently on main, tabs are global objects each chat session can freely mutate, which is not great. The new in progress model has one "resident" agent own every tab. Only they have the exposed capability to mutate it, and everything between agents/sessions is message based. This has some cool properties: further isolation between contexts, mirroring the web runner subagent. Explicit ownership and scope is cleaner and better for parallel ops. Context and system prompts can be reduced and focused to the specific context the session is exposed to. The orchestrator doesn’t have any low level tab interactions available to it. The tab residents have only the tab interaction tools relevant to it, and the instructions specific to the tab type (js notebook, linux vm, app dev, etc). Over time model usage can be tuned and optimized for each specific context etc.
beepbooptheory 23 hours ago [-]
JSdoc? Not typescript? What is this, 2010?
NotASithLord 23 hours ago [-]
It's vanilla JS with no unnecessary build step. Runs in the browser as is, and easy to audit.
arnley 21 hours ago [-]
Congratz on your project. Yet I feel that the browser extension part is doing damage to its discoverability hence democratization.
Hey, cool project. Lots of simpler inspirations obviously. Ultimately an extension is more friction than a web page, but it comes with much wider capabilities when you're not locked to a single tab. So it's the right choice for peerd in particular, but the web page approach for a low friction demo is a good idea. I have two small ones on peerd.ai (the real linux terminal, and the p2p connections) but can probably flesh that out more in a compelling way.
danielrmay 24 hours ago [-]
> The name is always lowercase: peerd.
Gotta love it when agent instructions get blurted out in user-facing documentation
NotASithLord 24 hours ago [-]
It's a project convention for human contributors as well. Agree it can probably be relocated though.
NotASithLord 23 hours ago [-]
Moved
andai 24 hours ago [-]
That's cool. Sounds very impressive. What's the point of all this security though?
You don't want it to access your files, just give it its own Linux user. You don't even need a container.
Better yet, you can give it root on a $3 VPS (or $30 Thinkpad) and get a sysadmin for free :)
Although, Cheerpx... that seems to imply your agent can play Java and Flash games. Alright, you might be on to something!
NotASithLord 24 hours ago [-]
I hope so! There's different approaches for different use cases, for sure. This seemed like a genuinely new one worth exploring and seeing where it goes. I think the benefits are that the agent "lives" where most people already work and live their online lives. Has direct web access, and all the other browser primitives I've tried to demo. But yeah, wasm especially opens up literally any kind of application as well. The guys at CheerpX have made a great engine and 64-bit is going to be a big unlock.
Garlef 23 hours ago [-]
> just give it its own Linux user
it's never "just" ...
(for example: how do you manage this across multiple isolated sessions?)
opening a browser is much easier
... and the entry barrier for non-linux people at your company is much much lower
... and the compliance barrier for companies is much much lower (how do you ensure that everyone creates the users correctly?)
andai 17 hours ago [-]
>how do you manage this across multiple isolated sessions
I actually ran into this today. Needed a fresh environment to replicate a bug.
sudo adduser agent2
Garlef 8 hours ago [-]
and your orchestrating agent has permissions to add users?
ricardobeat 23 hours ago [-]
> The bet is structural
Why has AI writing become so insufferable?
The project would be a lot more credible if the feature list wasn't so comically extensive and verbose [1]. Slop overload.
Yeah those C suite press-release "white paper" articles I always avoided reading are now infecting everything.
NotASithLord 23 hours ago [-]
Scrubbed. Taking a fresh pass through.
da_grift_shift 22 hours ago [-]
I'm going to do a simonw here and coin "Markdown hoarding" for the Claudeism of producing reams of hyper-dense prose and compounding it with every commit that touches docs. The documentation gets more and more bloated.
The default Claude voice is breathless, jargon-heavy showboating:
WebRTC transport (trickle ICE) — RTCPeerConnection data channels with trickle signaling; same-machine mDNS-loopback rewrite. Browser/device-verified. peerd-distributed/transport/transports/webrtc.js
TOFU rootfs integrity pin — pure decision logic: trust-on-first-use pin of base-image size + first-64KiB SHA-256, verified each boot, fails closed on drift. Head-only by construction — a faithful-head/tampered-tail host is an acknowledged residual gap. peerd-engine/image-pin.js (partial)
PDF reading (read_pdf) — pdf.js text-layer extraction with opt-in SRI-pinned OCR engine + page assembly. pdf/, tools/defs/read-pdf.js
Agree on markdown bloat/hoarding. Appreciate the feedback, already doing a pass based on other feedback and trimming fat.
StahlGuo 12 hours ago [-]
Broswer contains many security concerns, how do you solve privacy and security.
toozitax 1 days ago [-]
If the web runners return summarized results and those are still treated as untrusted, what's stopping a summary itself from carrying the injection up to the main loop?
NotASithLord 24 hours ago [-]
It's defense in depth, definitely not a silver bullet. The web runner has no access to wider capabilities outside of that page. So the only path for a prompt injection to do anything is to try and get itself included in the summary, and get the main loop to act on an instruction in that summary. That means getting pass two sets of <untrusted> tags and explicit instructions to treat everything inside as information, not instruction. Then the egress checkpoint and allow/deny whitelists are the final guards regardless of what the main loop decides to do. Trying to harden wherever I can if you have any recs.
- Fully typed checked with JSdoc, and Bun/TS for testing.
- stdlib-js is injected into every js runner and notebook for better math capabilities than vanilla js, and also charts etc.
- App dev tasks utilize mithril for making SPAs, a very small no-dependency framework that is very fit to purpose for the client side nature of peerd apps.
- Currently on main, tabs are global objects each chat session can freely mutate, which is not great. The new in progress model has one "resident" agent own every tab. Only they have the exposed capability to mutate it, and everything between agents/sessions is message based. This has some cool properties: further isolation between contexts, mirroring the web runner subagent. Explicit ownership and scope is cleaner and better for parallel ops. Context and system prompts can be reduced and focused to the specific context the session is exposed to. The orchestrator doesn’t have any low level tab interactions available to it. The tab residents have only the tab interaction tools relevant to it, and the instructions specific to the tab type (js notebook, linux vm, app dev, etc). Over time model usage can be tuned and optimized for each specific context etc.
You might be interested in this browser-based agentic solution I'm currently building in the open: https://github.com/codename-co/devs
Gotta love it when agent instructions get blurted out in user-facing documentation
You don't want it to access your files, just give it its own Linux user. You don't even need a container.
Better yet, you can give it root on a $3 VPS (or $30 Thinkpad) and get a sysadmin for free :)
Although, Cheerpx... that seems to imply your agent can play Java and Flash games. Alright, you might be on to something!
it's never "just" ...
(for example: how do you manage this across multiple isolated sessions?)
opening a browser is much easier
... and the entry barrier for non-linux people at your company is much much lower
... and the compliance barrier for companies is much much lower (how do you ensure that everyone creates the users correctly?)
I actually ran into this today. Needed a fresh environment to replicate a bug.
Why has AI writing become so insufferable?
The project would be a lot more credible if the feature list wasn't so comically extensive and verbose [1]. Slop overload.
[1] https://github.com/NotASithLord/peerd/blob/main/FEATURES.md
The default Claude voice is breathless, jargon-heavy showboating:
This isn't a critique of the author, more of Opus, but I'd be curious what effect https://github.com/blader/humanizer/blob/main/SKILL.md might have.