Osgood is a secure, fast, and simple platform for running JavaScript HTTP servers. It is written using Rust and V8.
Services written today share a common flaw: Being over-privileged. Osgood is an attempt to build a platform from the ground up, one which applies the Principle of Least Privilege at its very core. Osgood requires that policies be written ahead of time describing the I/O requirements of an application. If such an operation hasn't been whitelisted, it will fail. Developers familiar with JavaScript development in the web browser should feel right at home with the APIs provided in Osgood.
- Osgood API Docs
- Introducing Osgood (blog)
- Hosting a Static Site and Contact Form with Osgood (blog)
- Osgood and CouchDB (blog)
- Introducing Osgood (presentation)
// app.js
app.port = 3000;
app.get('/hello', 'hello-worker.js');// hello-worker.js
export default () => 'Hello, World!';$ osgood app.js
$ curl http://localhost:3000/helloOsgood is a JavaScript runtime purpose-built to run HTTP servers. Its goals are to provide a secure way to build HTTP servers that are fast and simple. Osgood handles server routing and configuration for you, allowing you to focus on application code.
Today we build web applications with general purpose language runtimes. Osgood is an experiment that asks the question: "What if we built a runtime specifically for web apps? What kind of benefits can we get from being at a higher level of abstraction?"
Since the Osgood runtime has intimate knowledge of the routing table we get the ability to isolate controllers for free (we refer to these as Workers). The I/O performed by the application, as well as policy enforcement, happens in Rust-land. Each worker has its own set of permissions.
Here's an example policy:
policy.outboundHttp.allowGet('https://intrinsic.com');Consider the situation where Controller A has permission to send a message to
intrinsic.com, and Controller B has access to user credentials. Within
a properly configured Osgood application this means it's not possible to
transmit user credentials to intrinsic.com.
All prebuilt releases can be downloaded from the Releases page.
We have more information on compiling Osgood on our Building Osgood wiki page.
An Osgood application file is essentially the entrypoint for the application.
Each application will have a single application file. It is the only necessary
argument for the osgood command.
This file has three purposes:
- Configure global settings such as port and interface
- Route incoming requests to the desired Osgood worker
- Configure the security policies for each Osgood worker
More information about Osgood application files are available on the Osgood Application File wiki page.
An Osgood worker file works by exporting a default function. Typically you'll
export an async function but it also works fine by returning a promise or a
string value.
Workers are called with information about the incoming request and the returned value is then used to dictate the response to the client.
More information about Osgood worker files are available on the Osgood Worker Files wiki page.
Contributions are welcome! Please see CONTRIBUTING.md.
Osgood uses the MIT License. Please see LICENSE.txt.