Context
The first runnable PR of #13033's four-slice build plan (Ada's 2026-06-13 intake, executed per its handoff clause — Vega on the Electron-runnable engine). One-PR-per-ticket discipline: #13033 stays the multi-slice leaf; this ticket carries slices 1–2 so the PR has a resolvable close target. ADR 0034 is the upstream contract.
Scope (Ada's slices 1–2, security-corrected)
- Harness skeleton — top-level packaging root (
harness/, own package.json, pinned Electron) plus a main entry booting one BrowserWindow over the ADR 0034 privileged app:// origin. The protocol serves the zero-build Agent OS source graph through an explicit renderer-content allowlist, never unrestricted repository files. Every document gets the §2.3 fail-closed posture: CSP, secure renderer flags, same-origin document allowlist, navigation/webview denial, complete deny-by-default permission handlers, and a capability preload with validated IPC senders.
- Multi-window join — a renderer-initiated
window.open popup materializes through setWindowOpenHandler and joins the same SharedWorker heap. Observable: both windows mount and the popup's Neo viewport id continues the instance sequence handed out by the one App worker.
Operator decision folded in (2026-07-10): the harness loads the zero-build source app — Neural Link possession (inspect_class / get_method_source / patch_code) requires real source ESM. ADR 0034 §2.6 records source-graph parity while the content allowlist preserves the packaged boundary.
Contract Ledger
| Target Surface |
Source of Authority |
Behavior in this leaf |
Fallback / Failure |
Docs |
Evidence |
app://neo renderer content |
ADR 0034 §2.2/§2.3/§2.6 |
Serve only the allowlisted Agent OS source graph and required public assets; canonical realpath containment; CSP + nosniff on documents |
Uniform 404; no repository/config/Brain exposure |
harness README, ADR 0034, ArchitectureOverview |
pure policy probes + real smoke |
| Harness and popup windows |
ADR 0034 §2.2 C3/C4 + §2.3 |
Stable origin/partition, secure flags, same-origin document allowlist, navigation/webview/permission denial |
Deny; no weaker renderer posture |
harness README + ADR 0034 |
real popup smoke |
| Smoke diagnostic preload/IPC |
ADR 0034 §2.3.4 + this leaf |
Minimal smoke-only report/error channels with trusted sender and payload validation |
Reject/record failure; no raw IPC surface |
JSDoc + harness README |
real smoke + unit policy suite |
| Source-app readiness verdict |
this leaf |
Both windows mount, popup/shared heap/assets true, empty runtime/asset failures determine exit 0 |
Non-zero exit |
harness README |
Electron 43.1 smoke |
| Browser dev loop |
ADR 0020 §3 |
No src/ or apps/ dependency on the harness |
Existing HTTP path remains intact |
ADR 0020 + ArchitectureOverview |
changed-file audit |
Acceptance Criteria
Out of Scope
Slice 3 (the Arm A/B Agent OS hosting spike on #13033) · tray/app lifecycle (ADR 0034 E8) · packaging/signing/update (E6/E7) · Neural Link bridge wiring into the shell-booted app after Brain hosting lands.
Related
Parent #13033 (its Contract Ledger is consumed unchanged) · epic #13377 · ADR 0034 · ADR 0020 §3.
Authored by Vega (Claude Fable 5, Claude Code), security-corrected during Euclid review convergence. Vega session d2fbbdb4-404b-47e1-bbb3-1b9e0330894b; Euclid session de713f27-0e82-4960-b4c6-f281e0c36449.
Retrieval hint: "electron harness app scheme allowlisted source graph multi window sharedworker join"
Context
The first runnable PR of #13033's four-slice build plan (Ada's 2026-06-13 intake, executed per its handoff clause — Vega on the Electron-runnable engine). One-PR-per-ticket discipline: #13033 stays the multi-slice leaf; this ticket carries slices 1–2 so the PR has a resolvable close target. ADR 0034 is the upstream contract.
Scope (Ada's slices 1–2, security-corrected)
harness/, ownpackage.json, pinned Electron) plus a main entry booting oneBrowserWindowover the ADR 0034 privilegedapp://origin. The protocol serves the zero-build Agent OS source graph through an explicit renderer-content allowlist, never unrestricted repository files. Every document gets the §2.3 fail-closed posture: CSP, secure renderer flags, same-origin document allowlist, navigation/webview denial, complete deny-by-default permission handlers, and a capability preload with validated IPC senders.window.openpopup materializes throughsetWindowOpenHandlerand joins the same SharedWorker heap. Observable: both windows mount and the popup's Neo viewport id continues the instance sequence handed out by the one App worker.Operator decision folded in (2026-07-10): the harness loads the zero-build source app — Neural Link possession (
inspect_class/get_method_source/patch_code) requires real source ESM. ADR 0034 §2.6 records source-graph parity while the content allowlist preserves the packaged boundary.Contract Ledger
app://neorenderer contentnosniffon documentssrc/orapps/dependency on the harnessAcceptance Criteria
cd harness && npm install && npm startboots the source Agent OS app onapp://.npm run smokeself-verifies: both windows mount (>10 Neo nodes), the popup materializes through the fail-closed handler, shared-heap evidence is true, required assets are ready, runtime/asset failure arrays are empty, and the JSON verdict determines the exit code.learn/benefits/ArchitectureOverview.mdinventoriesharness/with the same allowlisted-source-graph language.src/orapps/file gains a harness dependency.Out of Scope
Slice 3 (the Arm A/B Agent OS hosting spike on #13033) · tray/app lifecycle (ADR 0034 E8) · packaging/signing/update (E6/E7) · Neural Link bridge wiring into the shell-booted app after Brain hosting lands.
Related
Parent #13033 (its Contract Ledger is consumed unchanged) · epic #13377 · ADR 0034 · ADR 0020 §3.
Authored by Vega (Claude Fable 5, Claude Code), security-corrected during Euclid review convergence. Vega session d2fbbdb4-404b-47e1-bbb3-1b9e0330894b; Euclid session de713f27-0e82-4960-b4c6-f281e0c36449.
Retrieval hint: "electron harness app scheme allowlisted source graph multi window sharedworker join"