Skip to content

ayosafacundo/Talos

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

15 Commits
.github/workflows
.github/workflows
 
 
Packages
Packages
 
 
api/proto/talos/hub/v1
api/proto/talos/hub/v1
 
 
build
build
 
 
docs
docs
 
 
internal
internal
 
 
scripts
scripts
 
 
sdk
sdk
 
 
.gitignore
.gitignore
 
 
AGENTS.md
AGENTS.md
 
 
CursorPrompt.MD
CursorPrompt.MD
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
SRS.MD
SRS.MD
 
 
app.go
app.go
 
 
app_dev_fallback_test.go
app_dev_fallback_test.go
 
 
app_dev_per_dir_test.go
app_dev_per_dir_test.go
 
 
app_install.go
app_install.go
 
 
app_launchpad_test.go
app_launchpad_test.go
 
 
app_permissions_test.go
app_permissions_test.go
 
 
app_sdk_log_test.go
app_sdk_log_test.go
 
 
app_trust.go
app_trust.go
 
 
app_updates.go
app_updates.go
 
 
file_icon_test.go
file_icon_test.go
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 
package_asset_server.go
package_asset_server.go
 
 
package_asset_server_test.go
package_asset_server_test.go
 
 
package_local_http.go
package_local_http.go
 
 
package_local_http_test.go
package_local_http_test.go
 
 
wails.json
wails.json
 
 

Repository files navigation

Talos

Talos is a secure desktop workspace for running internal "Tiny Apps" in one place.
It helps teams centralize tools, reduce context-switching, and keep sensitive workflows local-first.

Why Talos

Talos is designed for users and organizations that need:

  • A consistent employee app experience from onboarding to daily operations.
  • Better security boundaries between internal tools.
  • Fast internal tool distribution without relying on public app stores.
  • Local-first reliability for teams with intermittent or restricted internet access.

In practical terms, Talos gives people one desktop hub where approved mini apps can be launched safely, while IT and engineering keep control over permissions, trust, and update channels.

Product Snapshot

  • Host shell: Wails + Go desktop runtime
  • App surface: iframe-based Tiny Apps + optional sidecar binaries
  • IPC: gRPC over local sockets/pipes (no public TCP exposure by default)
  • Security model: permission requests, trust states, scoped filesystem access
  • Distribution model: package install/update + optional signature trust
  • UI platform: asset-driven themes + Talos Web Components (@talos/web-components)

With fully customizable Launchpad and fully customizable themes for the apps inside!

Launchpad home showing installed apps, trust badge, and quick actions.

Permission prompt modal (allow/deny) for a Tiny App requesting internet access.

Active app tab view with one Tiny App running inside an iframe.

Install Talos (End Users)

Option 1: Download from GitHub Actions artifacts

  1. Go to the Actions tab in this repository.
  2. Open the latest run of the Build Talos Installer workflow.
  3. Download the artifact for your OS:
    • talos-installer-linux-*
    • talos-installer-windows-*
    • talos-installer-macos-*
  4. Unpack/install according to your platform conventions.

Option 2: Build locally

make app-build

This produces production artifacts under build/bin.

Run in Development Mode

make dev

What this does:

  • Regenerates protobufs
  • Builds Launchpad frontend
  • Starts Talos with TALOS_DEV_MODE=1

Build and Develop Tiny Apps

If you want to build internal apps for Talos:

  1. Read the package guide: docs/build-your-app/README.md
  2. Start with manifest and layout rules: docs/build-your-app/02-package-layout-and-manifest.md
  3. Follow Tiny App bootstrap: docs/TINY_APP_INIT.md
  4. Use SDK docs: docs/SDK_GUIDE.md
  5. Use component/theming docs: docs/ASSET_DRIVEN_THEMES.md and docs/build-your-app/07-talos-ui-and-themes.md

Quick command set (Talos + Launchpad only; build each package under Packages/ yourself — see docs/DEVELOPMENT.md):

make help
make proto
make verify
make dev
make app-build

Default example apps are package-local under:

  • Packages/Example Go App
  • Packages/Example Rust App
  • Packages/Example TS App

The TypeScript example app demonstrates:

  • React + @talos/web-components
  • host-driven theme sync on first launch and live updates
  • scoped file read/write through Talos runtime with permission checks

Security and Trust Summary

  • Package trust statuses are surfaced in Launchpad (ok, unsigned, signed_ok, signed_invalid, tampered).
  • Permissions are host-mediated and auditable.
  • Filesystem writes are scoped by default to package-local data directories.
  • Iframe bridge requests are validated by channel, instance source, bridge token, and allowed origins.
  • Optional strict trust mode can block tampered packages from running.

See:

  • docs/PHASE3.md
  • docs/STATUS.md
  • docs/dev/IFRAME_THREAT_MODEL.md

Engineering References

  • docs/DEVELOPMENT.md
  • docs/DEVELOPMENT_FULL.md
  • docs/dev/README.md
  • docs/STATUS.md
  • docs/PHASE4.md
  • docs/ASSET_DRIVEN_THEMES.md

About

Talos is a high-performance, security-hardened desktop utility dashboard. It serves as a host for "Tiny Apps"—modular, self-contained plugins that provide specialized functionality (calculators, color pickers, etc.) without the overhead or privacy risks of cloud-based solutions.

Topics

react go multi-tenant protobuf cross-platform ipc grpc desktop-application sandboxing developer-tools security-hardening plugin-system software-architecture micro-frontends wails local-first token-verification

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages