惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

小众软件
小众软件
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
有赞技术团队
有赞技术团队
S
Securelist
Attack and Defense Labs
Attack and Defense Labs
T
Threat Research - Cisco Blogs
L
LINUX DO - 最新话题
The GitHub Blog
The GitHub Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
S
Security Affairs
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
WordPress大学
WordPress大学
美团技术团队
量子位
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
GbyAI
GbyAI
O
OpenAI News
IT之家
IT之家
F
Full Disclosure
W
WeLiveSecurity
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Palo Alto Networks Blog
P
Privacy International News Feed
Webroot Blog
Webroot Blog
C
CERT Recently Published Vulnerability Notes
Latest news
Latest news
月光博客
月光博客
博客园 - 【当耐特】
N
News | PayPal Newsroom
Cloudbric
Cloudbric
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
The Exploit Database - CXSecurity.com
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Hugging Face - Blog
Hugging Face - Blog
博客园 - 三生石上(FineUI控件)
K
Kaspersky official blog
云风的 BLOG
云风的 BLOG
宝玉的分享
宝玉的分享
博客园 - 叶小钗
TaoSecurity Blog
TaoSecurity Blog
Martin Fowler
Martin Fowler
Simon Willison's Weblog
Simon Willison's Weblog
A
Arctic Wolf
Apple Machine Learning Research
Apple Machine Learning Research
D
Docker
aimingoo的专栏
aimingoo的专栏
Microsoft Security Blog
Microsoft Security Blog
PCI Perspectives
PCI Perspectives
Microsoft Azure Blog
Microsoft Azure Blog
雷峰网
雷峰网

DEV Community

Authentication Security Deep Dive: From Brute Force to Salted Hashing (With Java Examples) Why AI Systems Don’t Fail — They Drift Spilling beans for how i learn for exam😁"Reinforcement Learning Cheat Sheet" I Replaced Chrome with Safari for AI Browser Automation. Here's What Broke (and What Finally Worked) How Python Borrows Other People's Work The $40 Architecture: Processing 1 Billion API Requests with 99.99% Uptime Vibe Coding: A Workflow Guide (From Zero to SaaS) Most webhook security guides protect the wrong side. The scary part is delivery. Headless CMS for TanStack Start: Build a Blog with Cosmic EU Age Verification App "Hacked in 2 Minutes" — What Actually Happened Comfy Cloud’s delete function does not actually remove files Running AI Models on GPU Cloud Servers: A Beginner Guide Event-driven media intelligence with AWS Step Functions and Bedrock I scored 500 AI prompts across 8 quality dimensions — here's what broke How to Call Google Gemini API from Next.js (Free Tier, No Backend Needed) The Portal Protocol: Reclaiming Human Connection in the Age of AI How to Fix Your Team's Scattered Knowledge Problem With a Self-Hosted Forum Intro to tc Cloud Functors: A Graph-First Mental Model for the Modern Cloud Designing Multi-Tenant Backends With Both Ownership and Team Access I Built a Neumorphic CSS Library with 77+ Components — Here's What I Learned PostgreSQL Performance Optimization: Why Connection Pooling Is Critical at Scale Cómo construí un SaaS multi-rubro para gestionar expensas en Argentina con FastAPI + Vue 3 🚀 I Built an Ethical Hacking Scanner Tool – Open Source Project I Replaced /usage and /context in Claude Code With a Single Statusline A Pythonic Way to Handle Emails (IMAP/SMTP) with Auto-Discovery and AI-Ready Design I Collected 8.9 Million Polymarket Price Points — Here's What I Found About How Markets Really Move EcoTrack AI — Carbon Footprint Tracker & Dashboard Everyone's Using AI. No One Agrees How. 5 self-hosted ebook managers worth trying in 2026 Building Your First AI Agent with LangChain: From Chatbot to Autonomous Assistant Common SOC 2 Failures (Real World) Stop Vibe-Checking Your AI App: A Practical Guide to Evals How to Use SonarQube and SonarScanner Locally to Level Up Your Code Quality Your Next To-Do App Is Dead — I Replaced Mine with an OpenClaw AI Sign a Nostr event in 60 lines of Python using coincurve — no nostr-sdk, no nbxplorer, no rust toolchain ITGC Audit Explained Like You’re in Big 4 Patch Tuesday abril 2026: Microsoft parcha 163 vulnerabilidades y un zero-day en SharePoint Stop scraping everything: a better way to track competitor price changes Listing on MCPize + the Official MCP Registry while routing payments OUTSIDE the marketplace — how I kept 100% of my x402 revenue Building an AI-Powered Risk Intelligence System Using Serverless Architecture Why We Ripped Function Overloading Out of Our AI Toolchain Testing AI-Generated Code: How to Actually Know If It Works SaaS Churn Is Killing Your Business. Here Is What to Do About It (Without a Support Team) The Speed of AI Is No Longer Linear - And Self-Improving Models Are Why How to Implement RBAC for MCP Tools: A Practical Guide for Engineering Teams From Standard Quote to Persuasive Proposal: AI Automation for Arborists I built a CLI that scaffolds complete multi-tenant SaaS apps Axios CVE-2025–62718: The Silent SSRF Bug That Could Be Hiding in Your Node.js App Right Now The dashboard that ended our friendship Data Pipelines Explained Simply (and How to Build Them with Python) The Hidden Cost of AI Systems Nobody Talks About. undefined vs undeclared, and how typeof behaves Switching from file-based jobs to NATS/Kafka in Rust without changing code io_uring Adventures: Rust Servers That Love Syscalls Why Agentic AI is Killing the Traditional Database The POUR principles of web accessibility for developers and designers Quantum Neural Network 3D — A Deep Dive into Interactive WebGL Visualization How To Install Caveman In Codex On macOS And Windows Automation Pipeline Reliability: Why Your Workflow Breaks When Nobody Is Watching I Built an 'Open World' AI Coding Agent — It Works From ANY Folder From Freelancing to Product: A Tech Service Company's SaaS Transformation China's AI Giants: Adding Tencent Hunyuan & ByteDance Doubao to AI University (74 Providers) On the Vibe Coders and Their Lies clerk: Auto-Summarize Your Claude Code Sessions AI Weekly — 2026/04/10–04/17 | The Model Lockdown Is Here, but the Toolchain Is the Real Battleground AI 週報 — 2026/04/10–2026/04/17 模型封鎖潮來了,但工具鏈才是真戰場 Maybe this is how Open-Source apps are born... 🚀 Fine-Tune LLMs with LoRA and QLoRA: 2026 Guide tRPC v11 + Next.js App Router: End-to-End Type Safety Without the Boilerplate ShadCN UI in 2026: Why I Stopped Installing Component Libraries and Started Owning My Components SaaS Billing in React Server Components: Stripe + Supabase Without a Single `useEffect` Join our DEV Weekend Challenge — $1,000 in Prizes Across TEN winners! Submissions Due April 20 at 6:59 AM UTC. Implementing FSRS Spaced Repetition in Flutter + Supabase — Adding Memory Science to an AI Learning App "I Texted My Localhost From the Train — Claude Code Fixed the Bug Before I Got Home" I Built a Sales Prep AI and It Went Deeper Than Expected Design to Code #2: One JSON, Eleven Outputs Solving the 100M-Row Problem: A Summary Table Pattern for High-Volume Push Notification Logs Flutter Web With Wasm: What Actually Changes For Developers I Built 50 Royalty-Free Soundtracks for My Side Project in a Weekend Using AI Music Generation The Vibe Coding Security Checklist: 7 Things to Check Before You Ship Stop Letting Googlebot Guess Fix Your React App's SEO Right Desconstruindo o Streaming do LinkedIn: Como Criar um Engine de Extração de Vídeo de Alta Performance com HLS e FFmpeg (EDA Part-1) EDA (Exploratory Data Analysis) Explained With Real Life — Why Looking at Your Data Is the Most Important Step in Machine Learning Brand Relationship Management at Scale: Our 4-Touch Outreach System for 200+ Brands Why String.fromEnvironment() Might Return an Empty String in Dart JGuardrails 1.0.0 — Hardening Java LLM Apps Against Jailbreaks, Toxicity, and Prompt Injection Plan and Schedule a Full Week of Threads Content From One Claude Conversation Coding Cat Oran Ep3, Five Tables Changed Everything Updated: BFF Pattern I'm done watching freelancers get buried by 200 proposals. So I'm building the alternative. This is my first post BFS Algorithm in Java Step by Step Tutorial with Examples Tracking LLM Pricing Monthly: An Open Dataset for 22 AI Models How We Measure Content ROI on a Comparison Site: Revenue Attribution Without Perfect Data Introducing Nova AI Ops: The AI-Native Operating System for SRE Teams I built a free desktop video downloader for Windows — Grabbit How Talkie OCR Helps Vision-Impaired & Dyslexic Users Read the World Around Them VRCFaceTracking安装和iPhone面捕配置教程,有bug Even CrowdStrike Can't See Your Agents The Automation Gold Rush: What n8n Workflows and Claude Are Opening Up for Developers Right Now
Bringing Apps Script to the desktop – the why, where and how of gas-fakes
Bruce Mcpherson · 2026-06-03 · via DEV Community

A brief summary on approaching parity of Google Apps Script methods and classes, some of the 'extras' gas-fakes provides for platform variety, production, development and testing and glimpse of some of the techniques used to get there.

Introduction: The Challenge of the Scripting Layer

Google Apps Script (GAS) is a powerful tool for extending Google Workspace, automating workflows, and building lightweight backend services. It excels at rapid prototyping and integration within the Google ecosystem. However the limitations of the GAS environment (its proprietary runtime, laborious deployment cycle, and lack of modern tooling and debugging) become significant bottlenecks.

We love the power and integration of GAS, but we require the debuggability and flexibility of a modern Node.js environment.

This is the problem that gas-fakes is designed to address.

gas-fakes is an architectural emulation layer designed to bring the entire GAS runtime experience (its APIs, its behaviors, and its constraints) into a robust, controllable Node.js environment. It allows developers to write GAS-like code while leveraging the full power of modern software engineering practices.

gas-fakes what

1. The Path to Parity: Emulating the GAS Runtime

The core challenge in building gas-fakes is the fundamental mismatch between the GAS execution model and the Node.js event loop. GAS is inherently asynchronous, relying on a managed, proprietary execution environment. Node.js, is designed for high-throughput, asynchronous execution and non-blocking I/O.

Our architectural approach to achieving parity focuses on accurate API simulation and execution model transformation.

The API Contract: Discovery Documents and REST

The foundation of GAS is its reliance on Google's ecosystem of REST APIs, exposed through its own managed runtime. We've mapped the exact schema, parameters, and expected responses of every GAS service (e.g., SpreadsheetApp, GmailApp). This allows gas-fakes to treat the GAS environment as a highly structured, predictable API contract.

The Execution Model: Synchronous Emulation via Worker Threads

The most complex hurdle is the transformation of GAS's asynchronous API calls (which often feel synchronous to the developer) into a predictable, synchronous-feeling flow within Node.js.

We achieve this by employing Worker Threads and Atomics.

  1. Worker Isolation: When a GAS method is called (e.g., SpreadsheetApp.getActiveSpreadsheet().getRange().getValue()), the request is routed to a dedicated Worker Thread. This isolates the simulated GAS execution from the main Node.js event loop, preventing blocking while maintaining the illusion of synchronous execution.
  2. Asynchronous-to-Synchronous Bridge: The Worker Thread executes the simulated API call. Instead of returning a standard Promise, we use Atomics to manage shared memory state between the Worker and the main thread. This allows the main thread to effectively "wait" for the combined result from the Worker, mimicking the blocking behavior of the original GAS runtime, while allowing the worker to execute multiple asynchronous activities.

The Importance of Behavioral Oddities

A perfect API contract is insufficient. GAS has numerous subtle, undocumented behaviors such as rate limiting quirks, specific error codes, divergences from the associated API behavior, ID transformations, and timing dependencies that need to be understood and emulated for true parity.

A significant part of the gas-fakes development process is the meticulous documentation and reproduction of these behavioral oddities. We don't just emulate the happy path; we emulate the edge cases and the developer experience of the live GAS environment, ensuring that code written in gas-fakes behaves identically to how it would in production.

🧪 Rigorous Testing Regime: gas-fakes fidelity assurance

To validate the claim of behavioral parity, gas-fakes operates under a massive, dual-environment testing regime. We maintain a comprehensive suite of over 10,500 tests (as of version 2.5.3) that are executed across two distinct environments:

  1. The Local gas-fakes Emulator: This allows for rapid, isolated unit and integration testing of the simulated runtime, ensuring the internal logic and API contracts are sound.
  2. The Live Google Apps Script Environment: Crucially, every test suite is also executed against the actual, live GAS runtime.

This dual-environment verification ensures that the emulation is not merely "close," but behaviorally identical to production GAS, including the precise handling of complex error states, rate limiting, and obscure edge cases that only manifest in the live Google ecosystem.


2. Transparency and Auditing: The Documentation Layer

Beyond achieving functional parity, gas-fakes is engineered with a core commitment to engineering transparency. We recognize that for enterprise adoption, developers require not just a working emulator, but a fully auditable and self-documenting environment.

To address this, we have built a sophisticated documentation layer that provides unprecedented visibility into the emulation process.

📚 Embedded API Documentation

The repository includes a locally accessible and searchable version of the official Google Apps Script documentation. This documentation is integrated directly into the development environment, allowing developers to reference precise API definitions, parameter types, and expected behaviors without needing to switch context or leave their local codebase. This eliminates the friction of external documentation lookups, accelerating the development cycle while maintaining technical accuracy.

📊 Fidelity Progress Summary

To manage the monumental task of API parity, we provide an automated Fidelity Progress Summary. This system offers a clear, high-level overview of the implementation status for every class and method across all supported services. Developers can instantly see whether a specific function is Completed, In Progress, or Not Started, providing a transparent roadmap of the emulation effort and allowing them to gauge the maturity of the API they are using.

As of version 2.5.3, 4399 of Apps Scripts total of 6708 are implemented.

🔍 Deep Implementation Links: The Audit Trail

A unique feature of gas-fakes is deep implementation transparency. The documentation includes direct, clickable links to the exact line of source code where every single method is implemented within the emulator. This feature allows for instant verification and auditing of the emulation logic. If a developer questions the behavior of SpreadsheetApp.getRange(), they can instantly trace the call through the documentation to the specific line of code in gas-fakes that dictates its behavior, providing a high level of trust and debuggability.


3. Beyond Parity: The gas-fakes Advantage

While achieving parity is a huge task, another value of gas-fakes lies in the capabilities it enables. Capabilities that are fundamentally impossible or prohibitively difficult within the constraints of the live Google Apps Script environment. This includes the elimination of theat troublesome 6 minute execution time limit on Live Apps Script.

gas-fakes transforms the Apps Script language into a modern application development platform by separating its syntax from the place it traditionally runs.

🚀 GAS Syntax for Regular Node Apps: Simplified Workspace Access

A transformative features of gas-fakes is its ability to inject the familiar, high-level syntax of Google Apps Script directly into a standard Node.js runtime.

Even if you have no intention of ever deploying to Google Apps Script, you can use the simple, intuitive GAS syntax (e.g., SpreadsheetApp, DriveApp) in your regular Node.js apps. This provides a much simpler interface for accessing Workspace resources compared to the complex, low-level parameters of the raw REST APIs. It reduces cognitive load, improves maintainability, and abstracts away the complexity of OAuth scopes and request formatting.

🔑 Auth Provisioning & Token Reuse: A Unified Credential Manager

Managing authentication tokens across multiple services is an operational burden. gas-fakes auth acts as a powerful, centralized credential manager. It provisions OAuth tokens for multiple backends (Google, KSuite, MS Graph) scoped to your provided manifest which can then be easily retrieved and reused by other parts of your Node application or even by separate CLI tools. This creates a streamlined, single source of truth for credentials.

☁️ Containerization and Multi-Cloud Deployment

The entire GAS runtime emulation can be packaged using Docker. This allows developers to deploy and run GAS-like logic in modern, serverless, and scalable multi-cloud environments. By leveraging the container image, gas-fakes is fully compatible with leading cloud platforms, including:

  • Google Cloud Run, Azure Container Apps, AWS Lambda, IBM Cloud, and Kubernetes.

This capability fundamentally breaks the vendor lock-in associated with proprietary GAS deployment, allowing the same business logic to be executed in any serverless or containerized architecture.

🚀 CLI Workflow and Initialization

While the core functionality of gas-fakes provides a local execution environment, the initial setup and integration with live cloud services are handled through a streamlined Command Line Interface (CLI). This workflow is designed to minimize friction, automate complex configuration tasks, and ensure that your local testing environment perfectly mirrors the permissions and dependencies of your production Apps Script project.

🛠️ Streamlined Project Setup (gas-fakes init)

The gas-fakes init command serves as the foundational step for any new project. It automates the tedious process of environment configuration, allowing developers to focus immediately on coding. It automatically generates a local .env file, which securely stores necessary configuration variables and prompts the user to select the target cloud backends (e.g., Google Workspace, KSuite, MS Graph).

🔑 Authentication and Token Management (gas-fakes auth)

Connecting a local environment to live cloud services requires managing complex OAuth flows and token lifecycles. The gas-fakes auth command abstracts this complexity, providing a robust mechanism for secure, persistent authentication across all supported backends. It handles initial authorization guiding the user through browser redirects and manages secure token storage and refresh logic.

🔬 Automatic Scope Discovery: Precision Permissions

The CLI automatically reads the appsscript.json manifest file from your project. By parsing this file, gas-fakes automatically infers and registers the exact OAuth scopes necessary for local execution. This ensures that your local environment is provisioned with the precise permissions required by the live project, guaranteeing parity without requiring developers to manually track or update scope lists.

gas-fakes even supports existing published Apps Script libraries. If they are mentioned in your manifest, they can be accessed remotely from live Apps Script and executed locally.

🚀 Local Web Server and RPC Testing

In live GAS, testing a Web App requires deployment and a live URL. In gas-fakes, you can use its cli to instantiate the entire GAS environment locally, deploy your code to a simulated endpoint, and test complex google.script.run interactions and HTML Service templating with full local debugging tools without the need for any actual deployments. This accelerates the development feedback loop, with code changes showing up live in your local environment.

🌐 Multi-Backend Architecture

Live GAS is tightly coupled to Google services. gas-fakes decouples the business logic from the data source. By simply switching a configuration property, your GAS-like code can run against Google Services, KSuite, or MS Graph. This enables hybrid architectures and sovereign cloud, with increased parity for non-Google backends currently being prioritized.

🧠 The Automation Layer: CLI, gf_agent, and togas

While the sandbox provides the secure environment, the gas-fakes CLI and the specialized gf_agent provide the intelligence and accessibility needed for modern automation.

  • The CLI: A robust command-line tool for running scripts, starting local servers, and managing the sandbox.
  • gf_agent: This AI-powered companion acts as a translator, bridging the gap between natural language intent and executable code. For example, a request like "Summarize my last 5 emails and put them in a new spreadsheet" is instantly converted into optimized Apps Script and executed by your AI agent. This is a self learning skills agaent which can both enhance its own knowledge, and optionally contribute towards community skills.
  • togas & Clasp Integration: The togas command acts as a high-level orchestrator for deployment. It automates the process of bundling and synchronizing local files with a live GAS project. It builds upon and enhances the core functionality of clasp, providing a streamlined local-to-cloud workflow and making the necessary adjustments to local 'Node specific' ES syntax.
  • Sandbox-Agent Synergy: This combination enables safe, instant Workspace automation. The agent handles the what, and the sandbox ensures the how, guaranteeing that code only touches whitelisted resources without the overhead of building complex specialized agents or MCP servers.

🛠️ Modern Tooling and Developer Experience

A big pain point for GAS developers is the lack of modern tooling. gas-fakes eliminates this by providing a full Node.js development stack:

  • NPM Ecosystem: Utilize any modern NPM package, allowing access to thousands of specialized libraries.
  • Advanced Debugging: Leverage industry-standard Node.js debuggers (e.g., VS Code, AntiGravity) to step through code, inspect variables, and trace execution paths—a luxury unavailable in the GAS runtime—while simultaneously inspecting client-side HTML Service code in the Chrome debugger in its original structure, line numberings and format.

🛡️ Granular Sandbox and Security

The live GAS environment offers a broad permission model. gas-fakes provides a fine-grained, developer-controlled sandbox:

  • File-Level Whitelisting: Define exactly which files or modules the script is allowed to access.
  • Service-Level Permission Controls: Explicitly define which simulated services (e.g., GmailApp, DriveApp) the script is permitted to call, allowing for highly secure, auditable execution environments.

This optional level of granularity gives protection against Vibe coding hallucination.

🔗 Hybrid Interoperability: Bridging Local and Live

You often need to maintain state across environments. gas-fakes supports Hybrid Interoperability.

By integrating with external services like Redis or Upstash, gas-fakes allows the local development environment to share cache data, properties, and session state with the live, deployed GAS instance. This means your local tests are not isolated; they are running against a realistic, persistent state, ensuring seamless transition from development to production. We provide a drop-in replacement property and cache service library for live Apps Script, so you can share exactly the same stores between your local environment and the live deployed GAS.


Conclusion: Apps Script as a 'Lingua Franca'

gas-fakes elevates Apps Script, a powerful yet constrained scripting language, to the level of a modern, maintainable, and scalable application framework—a lingua franca for Google Workspace integration. It allows teams to write the code they know, test it with the fidelity they require, and deploy it with the control they deserve.

We are not just emulating GAS; we are liberating it.

Links

This full article
This repo