Status: draft Scope: privileged bridge between SourceOS UI, browser, terminal, shell, MCP, agents, local daemons, and enterprise/workspace consoles.
SourceChannel is the mandatory bridge contract for privileged communication between product surfaces and local or remote authority-bearing services.
It exists because browser UIs, workspace UIs, terminal UIs, MCP servers, extensions, and local web apps must not receive ambient authority merely because they run locally or are presented inside a trusted product.
No surface is trusted because it can reach localhost. No web origin controls agents directly. No terminal UI bypasses policy. No MCP server receives secrets or tool access without a scoped capability lease.
{
"$schema": "https://sourceos-linux.github.io/sourceos-spec/schemas/SourceChannelEnvelope.json",
"channelId": "urn:srcos:channel:example",
"requestId": "urn:srcos:request:example",
"origin": "https://workspace.example",
"surface": "prophet-workspace",
"profileId": "urn:srcos:profile:user",
"workspaceId": "urn:srcos:workspace:example",
"deviceId": "urn:srcos:device:example",
"agentId": "urn:srcos:agent:example",
"capability": "agent.execute.tool",
"scope": {
"repo": "owner/name",
"paths": [],
"tools": [],
"memoryScopes": []
},
"policyBundleHash": "sha256:example",
"nonce": "example-nonce",
"issuedAt": "2026-05-04T00:00:00Z",
"expiresAt": "2026-05-04T00:05:00Z",
"reason": "Human-readable reason for this privileged request.",
"auditId": "urn:srcos:audit:example",
"signature": "base64url-signature"
}- prophet-workspace
- turtleterm
- bearbrowser
- agent-term
- mcp
- daemon
- admin-console
Low-risk:
- graph.read.metadata
- workspace.view.status
- sync.read.health
Medium-risk:
- workspace.update.layout
- browser.update.workspace_session
- memory.propose
High-risk:
- agent.execute.tool
- shell.update.profile
- model.route.update
- browser.bridge.agent
- extension.enable
Critical-risk:
- policy.bundle.update
- agent.lease.grant
- secret.lease.issue
- device.command.remote
- sync.collection.wipe
- workspace.replace.local
- SourceChannel requests are denied by default.
- A request must be validated before policy evaluation.
- Policy evaluation must happen before execution.
- A valid envelope does not imply permission.
- A valid policy decision must reference a policy bundle hash and reason code.
- High-risk and critical-risk requests must emit audit events whether allowed or denied.
- Critical-risk requests must be signed by an authority recognized for the relevant profile, workspace, org, or device.
- Every request requires a nonce.
- Nonces must be single-use within their profile/workspace/device scope.
- Expired requests are denied.
- Replayed requests are denied and audited.
- Stale policyBundleHash values require policy refresh or denial.
- sourcechannel.request.received
- sourcechannel.request.validated
- sourcechannel.request.rejected
- sourcechannel.policy.allow
- sourcechannel.policy.deny
- sourcechannel.policy.require_review
- sourcechannel.execution.started
- sourcechannel.execution.completed
- sourcechannel.execution.failed
- sourcechannel.replay.denied
- sourcechannel.expired.denied
- Trusting localhost as authority
- Letting browser JavaScript call agent runtimes directly
- Letting terminal UI mutate shell startup files without policy review
- Letting MCP servers inherit all local tools
- Letting workspace UI issue persistent memory writes directly
- Letting extension state sync without policy class and audit
- Letting enterprise admin surfaces inspect personal local-first data by default
- Every privileged surface uses SourceChannel for high-risk and critical-risk operations.
- Every SourceChannel request has origin, profile, workspace, device, capability, nonce, expiry, policy hash, reason, audit pointer, and signature.
- Every high-risk and critical-risk operation has a PolicyDecision.
- Every denied request emits an audit event with reason code.
- No product surface is trusted solely because it runs locally.
- No web origin communicates directly with agent, shell, secret, model, or policy services without SourceChannel.