Intent to Experiment: Origin Private File System extension: AccessHandle

Skip to first unread message

Emanuel Krivoy

Sep 8, 2021, 3:40:41 AM9/8/21
to blink-dev,, Emanuel Ziegler, Chris Harrelson, Yoav Weiss, Mike West, Domenic Denicola, Lutz Vahl, Thomas Steiner

Contact emails,



Work in progress. See explainer for WebIDL definition.


The Origin Private File System (OPFS, part of the File System Access API) is augmented with a new surface that brings very performant access to data. This new surface differs from existing ones by offering in-place and exclusive write access to a file’s content. This change, along with the ability to consistently read unflushed modifications and the availability of a synchronous variant on dedicated workers, significantly improves performance and unblocks new use cases (especially for porting existing IO-heavy applications to WebAssembly).

This Intent-to-Experiment is only in reference to the sync variant of the API i.e., the createSyncAccessHandle() method and the SyncAccessHandle object (only exposed in worker contexts):

const handle = await file.createSyncAccessHandle();

var writtenBytes = handle.write(buffer);

var readBytes = {at: 1});

The sync variant is meant to be consumed by low-level entities like toolchains. We expect application developers to prefer the async API with its streaming interface which will be shipped later.

AccessHandles is the new API shape for what was previously called Storage Foundation API (Intent-to-Experiment:

Blink component


TAG review

TAG review status

Preliminary positive feedback, pending closure after plenary session.


Interoperability and Compatibility

The feature has to be compatible with existing ways to access data on OPFS i.e., createWritable() and getFile(). The use of write locks and care for backwards compatibility should mean that the risk here is low. In order to ease compatibility concerns in the future, we've added an optional 'mode' parameter to createAccessHandle()/createSyncAccessHandle(). This allows us to eventually extend AccessHandle functionality to non-OPFS file systems without necessarily taking the OPFS behaviour as default (more details here:

There is a risk of interoperability between vendors, pending the position on implementing this surface. This design is the result of feedback from Gecko and WebKit, who reviewed previous iterations of this functionality and gave feedback that it should integrate more strongly with OPFS. We directly shared documents outlining alternatives considered, and later our recommendation towards this particular API shape.

We believe that the new design, when paired with a separate streams-based extension to OPFS, meets the goal of more strongly integrating with the existing surface. However, we have not yet received replies to the position requests below.

Gecko: No formal signal, but generally positive reception with questions about supporting existing surfaces (

WebKit: No signal (

Web developers: Positive

From our Storage Foundation OT, we received very positive feedback on the need for high performance storage, as well as on the general shape of the API:

SyncAccessHandles have a very similar shape to the surface that was exposed in Storage Foundation’s Origin Trial. The current implementation in Chrome is currently being tested by partners to confirm it is a good replacement of Storage Foundation for their needs.


As mentioned above, SyncAccessHandles offer a very similar surface to the one positively received during Storage Foundation’s OT. The main differences are the migration of file system operations into OPFS and the asynchronicity of auxiliary methods (i.e. methods other than read and write). 

Since many of our use cases require good interoperability between this API and Wasm, we’ve developed an Emscripten file system that allows ported applications to use SyncAccessHandles. This simplifies both activation and use, since the API can be accessed through standard C/C++ file system libraries.

Security and Privacy

SyncAccessHandles have received approval for Security and Privacy in our launch bug.

Goals for experimentation

In general, we want to validate the new surface against "real world" use cases from our partners and developers at large. In particular, we are interested in the relative usage between the sync and async methods, since this could have an impact on performance when using Asyncify. We also would like to receive qualitative feedback on the ease of use of the API from within Wasm.


Basic tooling: Autocomplete works as described in "New WebIDL/DOM interfaces and attributes".

Extended tooling: we'll eventually want to be able to explore files stored in OPFS. There are two tracking bugs related to this: and This API doesn't really add new storage backends, just new ways to interact with files, so we'd be covered by those as well.

File System Access API usage is also reflected in user settings pages such as chrome://settings/siteData.

Is this feature fully tested by web-platform-tests?

Yes, we’ve added tests for all new functionality, as well as for the intersection between this surface and existing parts of OPFS (in particular for locking semantics). Our test suite is also run against our Incognito mode implementation, since it is significantly different from the regular mode one. results:

Is this feature supported on all six Blink platforms?

No. File System Access API is not currently available on Android or Android WebView.

DevTrial instructions

Flag name


Requires code in //chrome?


Tracking bug

Launch bug

Estimated milestones

Access Handles

OriginTrial desktop last


OriginTrial desktop first


DevTrial on desktop


Link to entry on the Chrome Platform Status

Links to previous Intent discussions

Intent to prototype:

Ready for Trial:

This intent message was mostly generated by Chrome Platform Status.

Yoav Weiss

Sep 9, 2021, 7:40:57 AM9/9/21
to blink-dev, Emanuel Krivoy,, Emanuel Ziegler, Chris Harrelson, Yoav Weiss, Mike West, Domenic Denicola,, Thomas Steiner
LGTM to experiment M95-M98

Thomas Steiner

Sep 20, 2021, 4:13:11 AM9/20/21
to Yoav Weiss, blink-dev, Emanuel Krivoy,, Emanuel Ziegler, Chris Harrelson, Yoav Weiss, Mike West, Domenic Denicola,, Thomas Steiner
FYI: updated our documentation accordingly (PR).
Thomas Steiner, PhD—Developer Advocate (,

Google Germany GmbH, ABC-Str. 19, 20354 Hamburg, Germany
Geschäftsführer: Paul Manicle, Halimah DeLaine Prado
Registergericht und -nummer: Hamburg, HRB 86891

Version: GnuPG v2.1.23 (GNU/Linux)


Dan Dumont

Nov 3, 2021, 2:22:58 PM11/3/21
to blink-dev, Thomas Steiner, blink-dev, Emanuel Krivoy,, Emanuel Ziegler, Chris Harrelson, Yoav Weiss, Mike West,,,
What happens after 98?  Is it going live?
Reply all
Reply to author
0 new messages