Acoder - classic confinement request

Acoder is a developer tool that needs to be able to read and write to files (the path to the files is given by the user). Ideally, it should be able to read/write outside “home” folder too.

If I understand the information on snapcraft.io correctly, I need ‘classic’ confinement for that.

I have built the snap and tested it in “devmode”. It’s not clear to me if I should make that snap somehow available/accessible to you so that you can see it when reviewing. From the information on the website, before I release my application, I should test it in ‘strict’ or ‘classic’ mode. I can’t do that because I need your approval to be able to make that work in ‘classic’ mode, from what I understand. Therefore, It’s not clear to me how I can make it available to you so that you can review this request (unless you don’t need to be able to see it in order to review it).

I don’t know what information you need, but Acoder is a developer tool that generates code (using AI, specifically GPT3 from OpenAI). If you need any other information, then please let me know.

Please refer to the Process for reviewing classic confinement snaps - access to arbitrary files alone is not sufficient for classic confinement requests. A snap must also fit within one of the known exception categories for classic confinement detailed on that page as well.

Also the vast majority of users will store information in their home directories or perhaps on removable media - as such the existing home and removable-media plugs should provide sufficient access for most use-cases in strict confinement - if this is not sufficient then can you please explain why with specific use-cases?

Finally, if you could provide more details on specifically what acoder does and why it would need arbitrary file access that would also be needed to try and proceed with this request. However at this stage, I feel that strict confinement and plugging home (and optionally removable-media) would likely cover the majority of use-cases, but I would welcome more information to help guide this decision.

What Acoder does is as follows.

Acoder is an “artificial programmer / programming assistant”.

The user provides the following input:

  1. Task description - what needs to be done, e.g. “change the HTML form to use tables, instead of divs”. The task must be small, otherwise Acoder will not produce good output.
  2. The paths to the files that need to be changed/created in order to accomplish the task (e.g. form.html) - Acoder will modify those files.
  3. The paths to the files that Acoder needs to read in order to know the context / what code to write (e.g. styles.css) - Acoder will read those files.

The program proposes changes to the code. If the user approves the changes, the changes are made to the files.

Acoder also needs to connect to the Internet in order to accomplish it’s job (from what I understand that would be possible within standard ‘strict’ confinement).

The use case in which Acoder might need to modify the files outside /home folder is as follows. The user works on a website and their files are located in “/var/www/html” folder. Acoder needs to modify the files outside “/home” folder then.

I agree that plugging home interface should cover majority of the use cases. I requested ‘classic’ confinement so that I can cover all use cases (like the one above).

In case if ‘classic’ confinement can’t be approved for Acoder, I would like to request the permission to have the “home” and “removable-media” interfaces connected automatically.

I’m kindly following up on this.

If you need more information or there’s something that I’m missing, then I can answer any questions.

Hey @damc4,

home is auto-connected by default ;).

Do you consider accessing files from removable media is a typical use case for your acoder? I ask since as you can read in Process for aliases, auto-connections and tracks, when the interface is connected, it gets unrestricted access to all data from any plugged media. The user voice is then very important to allow such access. As you can also see in the documentation, if granted you will need to be vetted. Does acoder have an official contact/support email?

You can otherwise prompt the user to manually connect it if needed (e.g. Approval request for list-filesystem - lfs)

@damc4 ping, can you please provide the requested information?

Thanks for your response and sorry for the late reply.

If home is connected by default, I think I will be happy with it for now and possibly request ‘classic’ confinement in the future. I will provide the requested information, when that happens.

By the way, this sentence is what me thought that ‘home’ is not connected by default:

A snap developer can request permission to have the home interface connected automatically

I thought that if the developer can request it, then it’s not connected automatically.

On Ubuntu Core home is not auto-connected but on regular Ubuntu and other Linux distributions, it is auto-connected (ping @degville can we clarify this in the documentation for the home interface?)

Thanks for pinging me. I’ve updated the home interface document to hopefully make this clearer.

Hey @damc4,

So based on this we are removing this request from our review queue. When needed, simply write here and we can add the request back to the queue. Thanks!