Autoconnect request for ask-ubuntu

kenvandine · March 8, 2026, 3:16am

name: ask-ubuntu
description: AI-powered Ubuntu assistant with deep system awareness
snapcraft: GitHub - kenvandine/ask-ubuntu: Ask Ubuntu -- your Ubuntu AI Assistant · GitHub
upstream: GitHub - kenvandine/ask-ubuntu: Ask Ubuntu -- your Ubuntu AI Assistant · GitHub
upstream-relation: maintainer
interfaces:
- hardware-observe:
  - request-type: auto-connection
  - reasoning: Ask Ubuntu reads hardware facts (CPU/GPU model, thermal and power context, device info) to give accurate diagnostics and guidance for the current machine.
- system-observe:
  - request-type: auto-connection
  - reasoning: Ask Ubuntu inspects runtime system state (process/service presence, memory/pressure, uptime, and related telemetry) so troubleshooting answers are grounded in live system facts.
- desktop-launch:
  - request-type: auto-connection
  - reasoning: Ask Ubuntu uses the limited snapd socket exposed by this interface (/run/snapd-snap.socket) to read installed snap metadata (/v2/snaps, /v2/snaps/{name}), including tracking-channel/version context, so package guidance reflects what is actually installed.
- system-files:
  - request-type: auto-connection
  - reasoning: All system-files plugs below are strictly read-only. Ask Ubuntu does not modify host files and only reads package metadata needed to answer package-management questions accurately.
  - read-only-plugs:
    - var-lib-dpkg: read-only access to /var/lib/snapd/hostfs/var/lib/dpkg so the app can parse dpkg status and determine installed deb packages.
    - var-lib-apt-lists: read-only access to /var/lib/snapd/hostfs/var/lib/apt/lists so the app can determine apt package availability from local apt index files.
    - usr-share-man: read-only access to /var/lib/snapd/hostfs/usr/share/man so the app can index local man pages via system-files. This may be replaced with system-packages-doc eventually if my snapd PR lands feat: Added /usr/share/man and /usr/share/help to system-packages-doc by kenvandine · Pull Request #16681 · canonical/snapd · GitHub
    - usr-share-help: read-only access to /var/lib/snapd/hostfs/usr/share/help so the app can index local Ubuntu help files via system-files. This may be replaced with system-packages-doc eventually if my snapd PR lands feat: Added /usr/share/man and /usr/share/help to system-packages-doc by kenvandine · Pull Request #16681 · canonical/snapd · GitHub

store-requests-bot · March 8, 2026, 3:16am

This request has been added to the queue for review by the @reviewers team.

kenvandine · March 16, 2026, 1:15pm

@reviewers can someone please help with this request?

kenvandine · March 19, 2026, 1:26pm

@policy-reviewers can someone please help with this?

jslarraz · March 20, 2026, 8:53am

Hey @kenvandine, sorry for the delay.

Even if these interfaces does not allow the snap to compromise the system directly, the information provided by all of them is somehow privileged as it reveal details about the host that can be used in later compromise attempts. However, considering that you are a established member of the community, I’m still happy to #voteFor (+1) granting this request.

Thanks!

shishirsub10 · March 20, 2026, 9:04am

+1 (#voteFor) from me to grant the requested auto-connections to ask-ubuntu snap.

zyga · March 23, 2026, 11:19am

The set of interfaces and the rationale provided is sound. +1 from me.

jslarraz · March 24, 2026, 5:37pm

+2 for, 0 against granting ask-ubuntu auto-connection to the requested interfaces. This is now live