typebulb 0.13.3 → 0.13.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/README.md CHANGED
@@ -289,6 +289,57 @@ The host owns a bulb's **width**; you own its **height**.
289
289
  - **`config.json` → `ts.jsxImportSource`** — the one supported `ts` option; defaults to `react`. Set it to use a different JSX runtime (e.g. `preact`).
290
290
  - **Never invent a connection string or API key** — a `server.ts` that needs a database or API reads it from `.env` (loaded from the directory you run in). Ask the user for the value; don't fabricate one or commit it.
291
291
 
292
+ ## Trust Model
293
+
294
+ Typebulb has 3 trust tiers for a bulb, captured by 2 axes:
295
+
296
+ | | browser: **iframe** | browser: **top-level** |
297
+ |---|:---:|:---:|
298
+ | node access: **no** | **Embedded** | **Restricted** |
299
+ | node access: **yes** | — | **Trusted** |
300
+
301
+ The 3 Tiers from least to most powerful:
302
+
303
+ * **Embedded**: These bulbs live in an iframe, and have the most restricted capability. They're created by Typebulb's Agent Mirror when rendering chat files. When bulb-markdown is detected in your agent's replies, they're rendered as embedded bulbs.
304
+ * **Restricted**: These bulbs are launched as localhost pages. Unlike embedded bulbs, they can also access storage, cookies, web workers, WebGPU etc.
305
+ * **Trusted**: These bulbs are the most powerful and must be explicitly marked as trusted. Unlike restricted bulbs, they can access node via your `server.ts` or via privileged `tb.*` functions such as `tb.fs` or `tb.ai`. To grant, call typebulb with `--trust` for one run, or `typebulb trust <file>` to remember it — per file, for your user account, across all your projects. Revoke a remembered grant with `typebulb untrust <file>`; `--no-trust` forces a single sandboxed run without forgetting the grant.
306
+
307
+ Here's a state transition diagram for the trust tiers:
308
+
309
+ ```mermaid
310
+ stateDiagram-v2
311
+ direction LR
312
+ [*] --> Embedded
313
+ [*] --> Restricted
314
+ Embedded --> Restricted: breakout
315
+ Restricted --> Trusted: trust
316
+ Trusted --> Restricted: untrust
317
+ ```
318
+ **Capability Summary Table**:
319
+
320
+ | Capability | Embedded | Restricted | Trusted |
321
+ |---|:--:|:--:|:--:|
322
+ | Run code in browser, access network including localhost | ✅ | ✅ | ✅ |
323
+ | Use storage, cookies, background threads, and the GPU | 🚫 | ✅ | ✅ |
324
+ | Read local files, run node code with `server.ts`, use your AI keys | 🚫 | 🚫 | ✅ |
325
+
326
+ ## Bulb Imports
327
+
328
+ Imports in `code.tsx` can only use bare specifiers (otherwise the linter will error):
329
+
330
+ ```ts
331
+ import React, { useState } from "react"
332
+ ```
333
+
334
+ Which must be declared in the dependencies section:
335
+ ```json
336
+ "dependencies": {
337
+ "react": "^19.2.9"
338
+ }
339
+ ```
340
+
341
+ Typebulb has a package resolver that will load and cache these packages from `esm.sh` when the bulb runs.
342
+
292
343
  ## License
293
344
 
294
345
  MIT