{"id":13576944,"url":"https://github.com/gate-computer/gate","last_synced_at":"2025-04-05T12:07:41.829Z","repository":{"id":57489321,"uuid":"54274449","full_name":"gate-computer/gate","owner":"gate-computer","description":"Benign remote code execution","archived":false,"fork":false,"pushed_at":"2025-03-19T21:15:10.000Z","size":4436,"stargazers_count":111,"open_issues_count":23,"forks_count":7,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-03-29T03:11:57.890Z","etag":null,"topics":["go","networking","runtime","server","webassembly"],"latest_commit_sha":null,"homepage":"https://gate.computer","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"bsd-3-clause","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/gate-computer.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2016-03-19T16:05:15.000Z","updated_at":"2025-03-19T21:15:15.000Z","dependencies_parsed_at":"2023-12-02T16:23:06.985Z","dependency_job_id":"504f297b-76db-45e1-b2b1-7434fa3a813f","html_url":"https://github.com/gate-computer/gate","commit_stats":{"total_commits":1323,"total_committers":1,"mean_commits":1323.0,"dds":0.0,"last_synced_commit":"7a19e20dca4b0e6512cc4d96d2f7e55c3364132c"},"previous_names":["tsavola/gate"],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gate-computer%2Fgate","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gate-computer%2Fgate/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gate-computer%2Fgate/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/gate-computer%2Fgate/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/gate-computer","download_url":"https://codeload.github.com/gate-computer/gate/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247332609,"owners_count":20921853,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["go","networking","runtime","server","webassembly"],"created_at":"2024-08-01T15:01:16.150Z","updated_at":"2025-04-05T12:07:41.803Z","avatar_url":"https://github.com/gate-computer.png","language":"Go","funding_links":[],"categories":["Go"],"sub_categories":[],"readme":"# Gate\n\nRun untrusted code from anonymous sources.  Instead of sending messages\ncomposed of passive data, send programs which can react to their environment.\nMigrate or duplicate running applications across hosts and computer\narchitectures.\nSee [Introduction to Gate](https://savo.la/introduction-to-gate.html).\n\n- License: [3-clause BSD](LICENSE)\n- Author: Timo Savola \u003ctimo.savola@iki.fi\u003e\n\n\n## Foundations\n\n[WebAssembly](https://webassembly.org) is the interchange format of the user\nprograms.  However, the APIs are different from the browsers' usual WebAssembly\nenvironments.  See low-level [C API](doc/c-api.md) or the higher-level\n[Rust crate](https://crates.io/crates/gain) for details.\n\nThe sandboxing and containerization features of the Linux kernel provide layers\nof security in addition to WebAssembly.  See [Security](doc/security.md) for\ndetails.\n\nGate *services* are akin to syscalls, but they work differently.  New services\ncan be added easily, and available services are discovered at run time.  See\n[Service implementation](doc/service.md) for details.\n\n\n## Building blocks\n\nGate appears as [Go](https://go.dev) packages and programs.  The execution\nmechanism is implemented in C++ and assembly.  It is highly Linux-dependent.\nx86-64 and ARM64 are supported.\n\nImportant Go packages:\n\n  - [**wag**](https://pkg.go.dev/gate.computer/wag):\n    The WebAssembly compiler (implemented in a\n    [separate repository](https://gate.computer/wag)).\n\n  - [**gate/runtime**](https://pkg.go.dev/gate.computer/gate/runtime):\n    Core functionality.  Interface to the execution mechanism.\n\n  - [**gate/image**](https://pkg.go.dev/gate.computer/gate/image):\n    Low-level executable building and instance management.\n\n  - [**gate/build**](https://pkg.go.dev/gate.computer/gate/build):\n    High-level executable building and snapshot restoration.\n\n  - [**gate/server/webserver**](https://pkg.go.dev/gate.computer/gate/server/webserver):\n    HTTP server component which executes your code on purpose.  It has a\n    [RESTful API](doc/web-api.md), but some actions can be invoked also via websocket.\n\n  - [**gate/service**](https://pkg.go.dev/gate.computer/gate/service):\n    Service implementation support and built-in services.\n\nSee the complete [list of Go packages](https://pkg.go.dev/gate.computer/gate).\n\nPrograms:\n\n  - **gate**:\n    Command-line client for local daemon and remote servers.  Uses SSH keys\n    (Ed25519) for authentication.\n\n  - **gate-daemon**:\n    D-Bus daemon for running and managing instances and wasm modules locally.\n\n  - **gate-server**:\n    Standalone web server which can serve the public or require authentication.\n\n  - **gate-runtime**:\n    For optionally preconfiguring the execution environment for daemon/server,\n    e.g. as a system service.\n\nThe available services are determined by what is built into the **gate-daemon**\nand **gate-server** programs.  The versions provided by this Go module include\nonly the services implemented in this repository.  See\n[extension](doc/extension.md) about bundling additional services.\n\n\n## Objectives\n\nWhile code is data, most of the time data cannot be treated as code for safety\nreasons.  Change that at the Internet level.  Data encapsulated in code can\ndescribe and transform itself.\n\nApplication portability.  Migrate processes between mobile devices and servers\nwhen circumstances change: user presence, resource availability or demand,\ncontinuity etc.\n\nOverhead needs to be low enough so that the system can be practical.  Low\nstartup latency for request processing.  Low memory overhead for high density\nof continually running programs.\n\n\n## Work in progress\n\n  - [x] Linux x86-64 host support\n  - [x] Android host support ([#33](https://github.com/gate-computer/gate/issues/33))\n  - [x] Support for WebAssembly version 1\n  - [x] Planned security measures have been implemented\n  - [x] HTTP server for running programs\n  - [x] Client can communicate with the program it runs on the server\n  - [x] Speculative execution security issue mitigations\n  - [x] Pluggable authentication\n  - [x] Load programs from IPFS\n  - [x] Reconnect to program instance\n  - [x] Snapshot\n  - [x] Restore\n  - [x] Mechanism for implementing external services in language agnostic way (gRPC)\n  - [x] Full ARM64 host support\n  - [ ] Programs can discover and communicate with their peers on a server ([#23](https://github.com/gate-computer/gate/issues/23))\n  - [ ] [Milestone 1](https://github.com/gate-computer/gate/milestone/1)\n  - [ ] Clone programs locally or remotely, with or without snapshotting ([#9](https://github.com/gate-computer/gate/issues/9))\n  - [ ] [Milestone 2](https://github.com/gate-computer/gate/milestone/2)\n  - [ ] Useful resource control policies need more thought (cgroup configuration etc.)\n  - [ ] More services\n  - [ ] Stable APIs\n  - [ ] Additional security measures ([#24](https://github.com/gate-computer/gate/issues/24), [#25](https://github.com/gate-computer/gate/issues/25))\n  - [ ] Non-Linux host support\n\nUser program support:\n\n  - [x] Low-level C API\n  - [x] [Rust](https://crates.io/crates/gain) support\n  - [ ] Go support\n  - [ ] Approach for splitting WebAssembly app between browser (UI) and server (state)\n\n\n## Requirements and build instructions\n\nRun-time dependencies:\n\n- Programs other than **gate** require Linux 5.3.  **gate**'s remote access\n  features should work on any operating system, but are routinely tested only\n  on Linux.\n\n- D-Bus is used for communication between **gate** and **gate-daemon**,\n  requiring D-Bus user service (dbus-user-session).  **gate** doesn't require\n  D-Bus when accessing a remote server.\n\n- Programs other than **gate** may need external tools depending on their\n  configuration and [capabilities](doc/linux-capabilities.md).\n\nThere are two approaches to building Gate: the normal Go way, or via the\nmake.go build system.\n\n\n### Normal build using Go\n\nThe Gate programs can be built normally using the Go toolchain:\n\n\tgo install gate.computer/cmd/gate@latest\n\tgo install gate.computer/cmd/gate-daemon@latest\n\tgo install gate.computer/cmd/gate-runtime@latest\n\tgo install gate.computer/cmd/gate-server@latest\n\nGo 1.21 is required.\n\nGate runtime needs to execute some separately built binaries.  To make the\nbuilt Go programs self-contained, pre-built binaries are bundled into them by\ndefault.  The pre-built binary files are under version control, and can be\nrebuilt using `go generate`.  To disable bundling of pre-built binaries,\nspecify `-tags=gateexecdir` for the Go build command, and use make.go to build\nand install them separately.\n\n\n### Build everything using make.go\n\nBuild targets:\n\n  - `go run make.go lib` builds components implemented with C++ and assembly.\n  - `go run make.go bin` builds Go programs without bundling non-Go components.\n  - `go run make.go` builds all of the above and more.\n  - `go run make.go check` runs tests.\n  - `go run make.go -h` shows all targets and options.\n\nBuild requirements:\n\n  - Linux\n  - C++ compiler\n  - Go compiler\n\nTest requirements:\n\n  - Python 3\n  - uidmap (shadow-utils)\n\n\n### Installation\n\nThe build system builds a standalone installer which can be invoked as root:\n\n  1. `go run make.go` or `go run make.go installer ...`\n  2. `sudo bin/install`\n\n\n## See also\n\n- [Gain crate for Rust user programs](https://crates.io/crates/gain)\n- [C API for user programs](doc/c-api.md)\n- [ABI for user programs](doc/abi.md)\n- [Web API documentation](doc/web-api.md)\n- [OpenAPI definition](openapi.yaml)\n- [Service implementation](doc/service.md)\n- [Build-time extensions](doc/extension.md)\n- [Security](doc/security.md)\n- [Container capabilities](doc/linux-capabilities.md)\n- [Go packages](https://pkg.go.dev/gate.computer/gate)\n- [wag](https://gate.computer/wag)\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgate-computer%2Fgate","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgate-computer%2Fgate","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgate-computer%2Fgate/lists"}