casset/docs
FeaturesOpen app
docs indexreference
00Overview01Thesis02Architecture03Casset Apps04System reality05Roadmap06Investor brief07Technical brief08Full tech HTML09API reference10Playback11Audio pipeline12Commerce13Base anchoring14Hook system15Music video16Theming17Creator guide18Glossary
LearnQuickstartApp modelSDKStartersReferenceDistribution

Casset Apps · Distribution

0.1 alpha · repository local

Build locally. Distribution stays curated.

The SDK and starters make the developer contract concrete. They do not open the marketplace. Production Casset Apps remain reviewed first-party capabilities mounted by Casset's own host.

Current truth

Availability at a glance

Casset Apps distribution availability
CapabilityStatusConstraint
Repository-local SDKAvailableConsumable in this repository and vendored into starter downloads; not published to npm.
Local development fixturesAvailableDeterministic host snapshots and lifecycle simulation; no production credentials.
Trusted App installationInternalReviewed code-owned Apps can be installed, enabled, disabled, and removed in Studio.
Internal Workbench / SimulatorInternalAuthenticated tooling for the reviewed Pretty Shades World and Mood Ring candidates only.
Third-party submissionUnavailableNo external account, upload, review queue, credential, signing, or submission API exists.
Arbitrary production bundlesUnavailableListener runtime dispatch remains exhaustive, first-party, and code owned.

Artist lifecycle

Installation is server truth, not a manifest claim.

A downloaded starter cannot install itself. Casset resolves an approved code-owned definition, exact artist scope, grants, placement, listener access, and fresh launch eligibility.

Artist owned

Install and enable

Studio writes a bounded artist-scoped installation. Stored data cannot choose executable code, a runtime key, an origin, or a new permission.

Fail closed

Disable or remove

Subsequent route/context creation fails. Core artist data and existing Casset purchases remain untouched.

Separate gate

Listener access

Reviewed Apps may be free or reuse same-artist Casset-purchase access where the host enforces it before App data mounts.

Active-session limitation

A Track Runtime does not yet receive live installation or entitlement revocation. Disablement blocks a new launch, but an already-active session can remain until expiry, track change, exit, or unmount.

Security

What an App never receives

  • No Prisma model, database connection, server secret, session cookie, Studio record, or raw Artist.themeJson.
  • No audio element, audio token, storage key, raw audio URL, playback store, clock implementation, analyser, or render scheduler.
  • No private Audience identity, Campaign participant, purchase row, payment metadata, or financial record.
  • No authority derived from a visible launcher, client permission list, fixture, local proof, or manifest alone.

Two development environments

Local starters and the internal Simulator are not the same thing.

Development environment boundaries
EnvironmentWhat it doesWhat it cannot do
Downloaded starterRuns your UI against deterministic SDK fixtures and a development host.Cannot access Casset accounts, install an App, or prove production isolation.
Internal Profile SimulatorRehearses two reviewed declarative candidates in an opaque static iframe and binds QA proof to an exact revision.Cannot load the downloaded starter or arbitrary JavaScript.
Trusted listener runtimeFreshly authorizes and mounts reviewed in-repository components inside the Profile World.Cannot execute an unregistered external bundle.

Future admission

What must ship before third-party distribution opens

  • External developer and team identity, scoped credentials, immutable App/version persistence, and audit history.
  • Signed artifacts, isolated cookie-free hosting, response-level CSP, malware/review policy, quotas, performance budgets, suspension, rollback, and incident response.
  • A generic fresh Profile Surface launch boundary, a real Track Runtime command bridge, resource brokering, and live revocation.
  • Submission/review UI, versioned compatibility enforcement, entitlement-safe updates/removal, and a production threat model for arbitrary code.

FAQ

Common distribution questions

Can I publish to the Casset Store?

No. Build and validate locally, but there is no public submission or publishing flow.

Can I install @casset/apps from npm?

No. The alpha package is repository-local and included inside each downloadable starter as a file dependency.

Can the starter call Casset APIs?

Not as an installed App. It has no production credential. The separate public HTTP/Agent API does not make a caller a native Casset App.

Where do I go next?

Run a starter, change its manifest and interface, then exercise sparse, denied, expired, and responsive states locally.

Canonical boundary

For the full internal architecture, see Architecture. This public guide remains the developer contract; internal docs do not grant extra capabilities.
© Casset 2026
Trust & PrivacyTerms