mirror of
https://github.com/AgentSeal/codeburn.git
synced 2026-04-28 06:59:37 +00:00
495a254338
Introduces mac/ with a native SwiftUI menubar app that replaces the previous SwiftBar plugin entirely. Install via `npx codeburn menubar`, which downloads the .app from GitHub Releases, strips Gatekeeper quarantine, and drops it into ~/Applications. Highlights - mac/ SwiftUI app: agent tabs, Today/7/30/Month/All period switcher, Trend/Forecast/Pulse/Stats/Plan insights, activity + model breakdowns, optimize findings, CSV/JSON export, Star-on-GitHub banner, live 60s refresh, instant currency switching with offline FX cache. - Security: CodeburnCLI argv-based spawn (no shell interpretation), SafeFile symlink guards + O_NOFOLLOW writes, FX rate clamping to [0.0001, 1_000_000], keychain filtered to account == "default", removed byte-window credential log, in-flight refresh guard, POSIX flock on config.json writes, TerminalLauncher validates argv before AppleScript interpolation. - Performance: shared static NumberFormatter (thousands of allocations per popover redraw eliminated), concurrent pipe drain with 20 MB cap + 60s timeout in DataClient, Observation-tracked reactive UI, 5-min payload cache keyed on (period, provider). - CLI: new `codeburn menubar` subcommand that downloads + installs + launches the .app (no clone, no build). New `status --format menubar-json` payload builder. `export` rewritten to produce a folder of one-table-per-file CSVs with a `.codeburn-export` marker so arbitrary -o paths cannot be silently deleted. - Removed: src/menubar.ts (SwiftBar plugin generator), install-menubar / uninstall-menubar subcommands, `status --format menubar` directive output, tests/menubar.test.ts, tests/security/menubar-injection.test.ts. - Release: .github/workflows/release-menubar.yml builds universal binary, assembles .app, ad-hoc signs, zips, uploads on mac-v* tag push. Runs on the free macos-latest runner. Tests - 230 TypeScript tests pass - 10 Swift CapacityEstimator tests pass - TypeScript typecheck clean - Swift release build clean
209 lines
7.6 KiB
Swift
209 lines
7.6 KiB
Swift
import Foundation
|
|
import Observation
|
|
|
|
private let fxCacheTTLSeconds: TimeInterval = 24 * 3600
|
|
private let frankfurterBaseURL = "https://api.frankfurter.app/latest?from=USD&to="
|
|
/// Defensive bounds on any fetched FX rate. Real-world USD→X rates sit in [0.0001, 200000]
|
|
/// for every ISO 4217 pair; anything outside is either a parser bug or a MITM poisoning
|
|
/// attempt. We clamp hard so UI can't render NaN, negative, or astronomical numbers.
|
|
private let minValidFXRate: Double = 0.0001
|
|
private let maxValidFXRate: Double = 1_000_000
|
|
private let fxFetchTimeoutSeconds: TimeInterval = 10
|
|
|
|
@Observable
|
|
final class CurrencyState: @unchecked Sendable {
|
|
static let shared = CurrencyState()
|
|
|
|
var code: String = "USD"
|
|
var rate: Double = 1.0
|
|
var symbol: String = "$"
|
|
|
|
private init() {}
|
|
|
|
/// Applies a new currency context. Callers must invoke on the main actor so @Observable
|
|
/// view updates run on the UI thread. Rejects non-finite or out-of-band rates so a
|
|
/// poisoned Frankfurter response can't corrupt displayed costs.
|
|
func apply(code: String, rate: Double?, symbol: String) {
|
|
self.code = code
|
|
self.symbol = symbol
|
|
if let r = rate, r.isFinite, r >= minValidFXRate, r <= maxValidFXRate {
|
|
self.rate = r
|
|
}
|
|
}
|
|
|
|
static func symbolForCode(_ code: String) -> String {
|
|
// Some locales return "US$" for USD or "CA$" for CAD via NumberFormatter. Prefer the
|
|
// plain glyph form everyone recognises.
|
|
if let override = symbolOverrides[code] { return override }
|
|
let formatter = NumberFormatter()
|
|
formatter.numberStyle = .currency
|
|
formatter.currencyCode = code
|
|
formatter.locale = Locale(identifier: "en_\(code.prefix(2))")
|
|
return formatter.currencySymbol ?? code
|
|
}
|
|
|
|
private static let symbolOverrides: [String: String] = [
|
|
"USD": "$",
|
|
"CAD": "$",
|
|
"AUD": "$",
|
|
"NZD": "$",
|
|
"HKD": "$",
|
|
"SGD": "$",
|
|
"MXN": "$",
|
|
"EUR": "\u{20AC}",
|
|
"GBP": "\u{00A3}",
|
|
"JPY": "\u{00A5}",
|
|
"CNY": "\u{00A5}",
|
|
"KRW": "\u{20A9}",
|
|
"INR": "\u{20B9}",
|
|
"BRL": "R$",
|
|
"CHF": "CHF",
|
|
"SEK": "kr",
|
|
"DKK": "kr",
|
|
"ZAR": "R"
|
|
]
|
|
}
|
|
|
|
actor FXRateCache {
|
|
static let shared = FXRateCache()
|
|
|
|
private struct Entry: Codable {
|
|
let rate: Double
|
|
let savedAt: TimeInterval
|
|
}
|
|
|
|
private var entries: [String: Entry] = [:]
|
|
private var loaded = false
|
|
|
|
private var cacheFilePath: String {
|
|
let base = FileManager.default.urls(for: .cachesDirectory, in: .userDomainMask)[0]
|
|
return base
|
|
.appendingPathComponent("codeburn-mac", isDirectory: true)
|
|
.appendingPathComponent("fx-rates.json")
|
|
.path
|
|
}
|
|
|
|
private func loadIfNeeded() {
|
|
guard !loaded else { return }
|
|
loaded = true
|
|
do {
|
|
let data = try SafeFile.read(from: cacheFilePath)
|
|
let decoded = try JSONDecoder().decode([String: Entry].self, from: data)
|
|
// Drop any persisted entries whose rate violates the sanity bounds -- covers an
|
|
// old cache that was written before the clamp was introduced.
|
|
entries = decoded.filter { _, entry in
|
|
entry.rate.isFinite && entry.rate >= minValidFXRate && entry.rate <= maxValidFXRate
|
|
}
|
|
} catch {
|
|
entries = [:]
|
|
}
|
|
}
|
|
|
|
private func persist() {
|
|
guard let data = try? JSONEncoder().encode(entries) else { return }
|
|
try? SafeFile.write(data, to: cacheFilePath)
|
|
}
|
|
|
|
/// Returns a cached rate regardless of freshness. Nil if never fetched.
|
|
func cachedRate(for code: String) -> Double? {
|
|
if code == "USD" { return 1.0 }
|
|
loadIfNeeded()
|
|
return entries[code]?.rate
|
|
}
|
|
|
|
/// Returns a fresh rate, fetching from Frankfurter when cache is stale or absent. Nil on
|
|
/// failure. The returned rate is always finite, positive, and within the sanity bounds.
|
|
func rate(for code: String) async -> Double? {
|
|
if code == "USD" { return 1.0 }
|
|
loadIfNeeded()
|
|
|
|
if let entry = entries[code],
|
|
Date().timeIntervalSince1970 - entry.savedAt < fxCacheTTLSeconds {
|
|
return entry.rate
|
|
}
|
|
|
|
guard let url = URL(string: "\(frankfurterBaseURL)\(code)") else { return entries[code]?.rate }
|
|
|
|
let config = URLSessionConfiguration.ephemeral
|
|
config.timeoutIntervalForRequest = fxFetchTimeoutSeconds
|
|
config.tlsMinimumSupportedProtocolVersion = .TLSv12
|
|
let session = URLSession(configuration: config)
|
|
|
|
do {
|
|
let (data, response) = try await session.data(from: url)
|
|
guard let http = response as? HTTPURLResponse, http.statusCode == 200 else {
|
|
return entries[code]?.rate
|
|
}
|
|
struct Response: Decodable { let rates: [String: Double] }
|
|
let decoded = try JSONDecoder().decode(Response.self, from: data)
|
|
guard let fresh = decoded.rates[code],
|
|
fresh.isFinite, fresh >= minValidFXRate, fresh <= maxValidFXRate else {
|
|
NSLog("CodeBurn: discarding out-of-band FX rate for \(code)")
|
|
return entries[code]?.rate
|
|
}
|
|
entries[code] = Entry(rate: fresh, savedAt: Date().timeIntervalSince1970)
|
|
persist()
|
|
return fresh
|
|
} catch {
|
|
return entries[code]?.rate
|
|
}
|
|
}
|
|
}
|
|
|
|
/// Reads and writes the CLI's persisted currency config (~/.config/codeburn/config.json).
|
|
/// Uses an on-disk flock so a concurrent `codeburn currency ...` invocation from a terminal
|
|
/// can't race the menubar and silently drop each other's writes (TOCTOU on config.json).
|
|
enum CLICurrencyConfig {
|
|
private static var configDir: String {
|
|
(NSHomeDirectory() as NSString).appendingPathComponent(".config/codeburn")
|
|
}
|
|
private static var configPath: String {
|
|
(configDir as NSString).appendingPathComponent("config.json")
|
|
}
|
|
private static var lockPath: String {
|
|
(configDir as NSString).appendingPathComponent(".config.lock")
|
|
}
|
|
|
|
static func loadCode() -> String? {
|
|
guard
|
|
let data = try? SafeFile.read(from: configPath),
|
|
let json = try? JSONSerialization.jsonObject(with: data) as? [String: Any],
|
|
let currency = json["currency"] as? [String: Any],
|
|
let code = currency["code"] as? String
|
|
else {
|
|
return nil
|
|
}
|
|
return code.uppercased()
|
|
}
|
|
|
|
static func persist(code: String) {
|
|
do {
|
|
try SafeFile.withExclusiveLock(at: lockPath) {
|
|
var existing: [String: Any] = [:]
|
|
if let data = try? SafeFile.read(from: configPath),
|
|
let parsed = try? JSONSerialization.jsonObject(with: data) as? [String: Any] {
|
|
existing = parsed
|
|
}
|
|
|
|
if code == "USD" {
|
|
existing.removeValue(forKey: "currency")
|
|
} else {
|
|
existing["currency"] = [
|
|
"code": code,
|
|
"symbol": CurrencyState.symbolForCode(code)
|
|
]
|
|
}
|
|
|
|
guard let data = try? JSONSerialization.data(
|
|
withJSONObject: existing,
|
|
options: [.prettyPrinted, .sortedKeys]
|
|
) else {
|
|
return
|
|
}
|
|
try SafeFile.write(data, to: configPath, mode: 0o600)
|
|
}
|
|
} catch {
|
|
NSLog("CodeBurn: failed to persist currency config: \(error)")
|
|
}
|
|
}
|
|
}
|