mirror of
https://github.com/AgentSeal/codeburn.git
synced 2026-07-09 17:19:15 +00:00
* feat(sharing): pairing, token, and device-identity core First piece of local device sharing: self-cert fingerprint identity (trust-on-first-use), a one-time expiring pairing PIN, fingerprint-bound tokens, and a peer store that authorizes a pull only when both the token and the TLS peer fingerprint match the same paired device. Pure logic, fully unit-tested; the TLS share server and host pull build on this. * feat(sharing): secure mutual-TLS transport + pairing handshake Add device identity (self-signed cert, persisted; fingerprint = sha256 of the cert DER), an HTTPS share server (mutual TLS: presents its cert, reads the client's, and serves /api/usage only when the bearer token AND the client fingerprint match the same paired peer), a one-time-PIN pairing endpoint, and a fingerprint-pinning client. Verified end to end on loopback: PIN pairing, pinned authed pull, and rejection of a wrong PIN, a token replayed from another device, and a mismatched server fingerprint. Adds the selfsigned dep (Node cannot generate certs natively). * feat(sharing): share + devices CLI (pair, pull, combine) Phase 3 terminal flow: codeburn share runs the secure server on-demand (stops after 10 min idle; --always to persist, --pair to add a device), and codeburn devices add <host> --pin <pin> pairs and pins a remote. codeburn devices pulls this machine plus every paired device, keeps each separate, and prints a per-device table with a simple summed Combined row (no server-side merge). Persists identity and peers under the config dir. Host pair-and-pull flow covered by a loopback integration test. * feat(sharing): mDNS discovery + approve-style (no-PIN) pairing Add bonjour-service discovery (advertise/browse over the LAN), a short confirmation code derived from both cert fingerprints (Bluetooth-style 'do these match?' check), and an approve-style pairing endpoint that prompts the owner instead of requiring a typed PIN. Loopback-tested: approved device gets a working token with a matching code on both sides, declined device is rejected. * feat(sharing): AirDrop-style discover + approve UX codeburn share now advertises on the LAN and approves incoming devices interactively (confirm the matching code, no typed PIN). codeburn devices add (no args) discovers nearby devices, lets you pick one, shows the confirmation code, and waits for the owner to approve. Manual add <host> --pin stays as a fallback for networks that block mDNS. * feat(sharing): share only aggregates, never project names or paths Sanitize each device's payload before it leaves the machine: drop topProjects and topSessions (project names + session detail) and send only aggregate numbers (cost, tokens, models, tools, activities, daily). What you are working on stays local; only the totals travel.
46 lines
1.6 KiB
TypeScript
46 lines
1.6 KiB
TypeScript
import { describe, it, expect } from 'vitest'
|
|
|
|
import { sanitizeForSharing } from '../../src/sharing/sanitize.js'
|
|
import type { MenubarPayload } from '../../src/menubar-json.js'
|
|
|
|
function fixture(): MenubarPayload {
|
|
return {
|
|
generated: 'now',
|
|
current: {
|
|
label: 'June',
|
|
cost: 100,
|
|
calls: 5,
|
|
sessions: 2,
|
|
oneShotRate: 1,
|
|
inputTokens: 10,
|
|
outputTokens: 20,
|
|
cacheHitPercent: 90,
|
|
codexCredits: 0,
|
|
topActivities: [{ name: 'Coding', cost: 50, savingsUSD: 0, turns: 3, oneShotRate: 1 }],
|
|
topModels: [{ name: 'Opus', cost: 80, savingsUSD: 0, savingsBaselineModel: '', calls: 4 }],
|
|
providers: { claude: 100 },
|
|
topProjects: [
|
|
{ name: 'secret-project', cost: 100, savingsUSD: 0, sessions: 2, avgCostPerSession: 50, sessionDetails: [] },
|
|
],
|
|
tools: [{ name: 'Bash', calls: 9 }],
|
|
topSessions: [{ project: 'secret-project', cost: 100, savingsUSD: 0, calls: 5, date: '2026-06-01' }],
|
|
},
|
|
history: { daily: [] },
|
|
} as unknown as MenubarPayload
|
|
}
|
|
|
|
describe('sanitizeForSharing', () => {
|
|
it('strips project names and session detail but keeps aggregates', () => {
|
|
const clean = sanitizeForSharing(fixture())
|
|
expect(clean.current.topProjects).toEqual([])
|
|
expect(clean.current.topSessions).toEqual([])
|
|
expect(clean.current.cost).toBe(100)
|
|
expect(clean.current.topModels[0]!.name).toBe('Opus')
|
|
expect(clean.current.providers).toEqual({ claude: 100 })
|
|
})
|
|
|
|
it('leaks no project name anywhere in the shared payload', () => {
|
|
const clean = sanitizeForSharing(fixture())
|
|
expect(JSON.stringify(clean)).not.toContain('secret-project')
|
|
})
|
|
})
|