- name: tempest-desktop
- description: Tempest is a modern, cross-platform SSH & SFTP client and terminal emulator with AI-powered copilot assistance. It provides local shell access, SSH connectivity, SFTP file management, port forwarding, scheduled tasks, and push notifications. Built with Electron and a native Rust core (via NAPI-RS) for SSH protocol handling and job scheduling.
- snapcraft: PRIVATE
- upstream: PRIVATE
- upstream-relation: I am the developer and publisher of Tempest.
- supported-category: terminal-emulator
- reasoning: Tempest is a terminal emulator and SSH client that needs classic confinement for the following technical reasons:
-
Arbitrary shell and command execution: As a terminal emulator, Tempest must be able to spawn arbitrary shell processes (bash, zsh, fish, etc.) and execute any user-specified command. The existing interfaces under strict confinement do not allow launching arbitrary executables outside the snap’s own sandbox.
-
PTY allocation: Tempest allocates pseudo-terminals (PTY) via the system’s PTY subsystem to provide interactive shell sessions. Strict confinement restricts access to
/dev/ptmxand/dev/pts/*, which are essential for terminal emulation. -
Full filesystem access: Users expect a terminal emulator to navigate and manipulate files anywhere on the filesystem — home directories, mounted volumes, system paths, etc. The
homeandremovable-mediainterfaces are insufficient as they do not cover paths like/etc,/var,/tmp, or custom mount points that users routinely access from a terminal. Additionally, SFTP file transfers require read/write access to arbitrary paths for downloading and uploading files. -
SSH and network access with host key/config files: Tempest includes a built-in SSH client (powered by a native Rust libssh2 binding). It needs to read
~/.ssh/config,~/.ssh/known_hosts, private keys in arbitrary locations, and SSH agent sockets (SSH_AUTH_SOCK). Strict confinement’sssh-keysinterface only provides read access to~/.ssh/and does not cover agent socket forwarding or keys stored in non-standard paths. -
Environment variable and system integration: Terminal emulators must inherit and propagate the full user environment (
PATH,LANG, custom variables, etc.) and integrate with system tooling (e.g.,gpg-agent,ssh-agent, package managers). Strict confinement sanitizes the environment and restricts access to these system services.
-
I understand that strict confinement is generally preferred over classic.
-
I’ve tried the existing interfaces to make the snap work under strict confinement. The combination of
home,ssh-keys,network,network-bind,process-control, andsystem-observeinterfaces is insufficient for a terminal emulator that must spawn arbitrary processes, allocate PTYs, and provide unrestricted filesystem access — which are core, non-optional functionalities of any terminal emulator.