chore: share bonjour escapes + refresh webchat bundle

2025-12-13 10:59:48 +00:00
parent cbc34e1c8a
commit ec653b7b80
9 changed files with 1773 additions and 1768 deletions
--- a/apps/ios/Sources/Bridge/BridgeDiscoveryModel.swift
+++ b/apps/ios/Sources/Bridge/BridgeDiscoveryModel.swift
@@ -50,7 +50,7 @@ final class BridgeDiscoveryModel: ObservableObject {
                self.bridges = results.compactMap { result -> DiscoveredBridge? in
                    switch result.endpoint {
                    case let .service(name, _, _, _):
-                        let decodedName = BonjourEscapeDecoder.decode(name)
+                        let decodedName = BonjourEscapes.decode(name)
                        return DiscoveredBridge(
                            name: decodedName,
                            endpoint: result.endpoint,
@@ -75,6 +75,6 @@ final class BridgeDiscoveryModel: ObservableObject {
    }

    private static func prettyEndpointDebugID(_ endpoint: NWEndpoint) -> String {
-        BonjourEscapeDecoder.decode(String(describing: endpoint))
+        BonjourEscapes.decode(String(describing: endpoint))
    }
 }
--- a/apps/ios/Sources/Bridge/BridgeSession.swift
+++ b/apps/ios/Sources/Bridge/BridgeSession.swift
@@ -27,9 +27,9 @@ actor BridgeSession {
    private static func prettyRemoteEndpoint(_ endpoint: NWEndpoint) -> String? {
        switch endpoint {
        case let .hostPort(host, port):
-            return "\(host):\(port)".replacingOccurrences(of: "::ffff:", with: "")
+            "\(host):\(port)".replacingOccurrences(of: "::ffff:", with: "")
        default:
-            return String(describing: endpoint)
+            String(describing: endpoint)
        }
    }

--- a/apps/ios/Sources/Model/NodeAppModel.swift
+++ b/apps/ios/Sources/Model/NodeAppModel.swift
@@ -58,7 +58,7 @@ final class NodeAppModel: ObservableObject {
        self.bridgeStatusText = "Connecting…"
        self.bridgeServerName = nil
        self.bridgeRemoteAddress = nil
-        self.connectedBridgeDebugID = BonjourEscapeDecoder.decode(String(describing: endpoint))
+        self.connectedBridgeDebugID = BonjourEscapes.decode(String(describing: endpoint))

        self.bridgeTask = Task {
            do {
@@ -71,13 +71,14 @@ final class NodeAppModel: ObservableObject {
                        platform: platform,
                        version: version),
                    onConnected: { [weak self] serverName in
+                        guard let self else { return }
                        await MainActor.run {
-                            self?.bridgeStatusText = "Connected"
-                            self?.bridgeServerName = serverName
+                            self.bridgeStatusText = "Connected"
+                            self.bridgeServerName = serverName
                        }
                        if let addr = await self.bridge.currentRemoteAddress() {
                            await MainActor.run {
-                                self?.bridgeRemoteAddress = addr
+                                self.bridgeRemoteAddress = addr
                            }
                        }
                    },
--- a/apps/ios/Sources/Voice/VoiceWakeManager.swift
+++ b/apps/ios/Sources/Voice/VoiceWakeManager.swift
@@ -28,8 +28,8 @@ private final class AudioBufferQueue: @unchecked Sendable {
    }
 }

-private extension AVAudioPCMBuffer {
-    func deepCopy() -> AVAudioPCMBuffer? {
+extension AVAudioPCMBuffer {
+    fileprivate func deepCopy() -> AVAudioPCMBuffer? {
        let format = self.format
        let frameLength = self.frameLength
        guard let copy = AVAudioPCMBuffer(pcmFormat: format, frameCapacity: frameLength) else {
--- a/apps/macos/Sources/Clawdis/Resources/WebChat/webchat.bundle.js
+++ b/apps/macos/Sources/Clawdis/Resources/WebChat/webchat.bundle.js
--- a/apps/shared/ClawdisKit/Sources/ClawdisKit/BonjourEscapes.swift
+++ b/apps/shared/ClawdisKit/Sources/ClawdisKit/BonjourEscapes.swift
@@ -1,9 +1,9 @@
 import Foundation

-enum BonjourEscapeDecoder {
-    static func decode(_ input: String) -> String {
-        // mDNS / DNS-SD commonly escapes bytes in instance names as `\\DDD`
-        // (decimal-encoded), e.g. spaces are `\\032`.
+public enum BonjourEscapes {
+    /// mDNS / DNS-SD commonly escapes bytes in instance names as `\DDD` (decimal-encoded),
+    /// e.g. spaces are `\032`.
+    public static func decode(_ input: String) -> String {
        var out = ""
        var i = input.startIndex
        while i < input.endIndex {
@@ -31,4 +31,3 @@ enum BonjourEscapeDecoder {
        return out
    }
 }
-
--- a/docs/clawdis-mac.md
+++ b/docs/clawdis-mac.md
@@ -42,7 +42,7 @@ enum Request {
 }
 struct Response { ok: Bool; message?: String; payload?: Data }
 ```
- Listener validates caller `auditToken` == same UID, rejects oversize/unknown cases.
+- Listener rejects oversize/unknown cases and validates the caller by code signature TeamID (with a `DEBUG`-only same-UID escape hatch controlled by `CLAWDIS_ALLOW_UNSIGNED_SOCKET_CLIENTS=1`).

 ## App UX (Clawdis)
 - MenuBarExtra icon only (LSUIElement; no Dock).
--- a/docs/mac/peekaboo.md
+++ b/docs/mac/peekaboo.md
@@ -30,8 +30,9 @@ Consume only:
 - `PeekabooVisualizer` (overlay visualizations).

 Important nuance:
- `PeekabooVisualizer` currently ships as the `PeekabooVisualizer` product inside `PeekabooCore/Package.swift`. That package declares other dependencies (including a path dependency to Tachikoma). SwiftPM will still need those paths to exist during dependency resolution even if we don’t build those targets.
-  - If this is too annoying for Clawdis, the follow-up is to extract `PeekabooVisualizer` into its own standalone Swift package that depends only on `PeekabooFoundation`/`PeekabooProtocols`/`PeekabooExternalDependencies`.
+- `PeekabooAutomationKit` is a standalone SwiftPM package and does **not** require Tachikoma/MCP/Commander.
+- `PeekabooVisualizer` ships as a product inside `PeekabooCore/Package.swift`. That package declares other dependencies (including a path dependency to Tachikoma). SwiftPM will still need those paths to exist during dependency resolution even if we don’t build those targets.
+  - If this becomes annoying for Clawdis, the follow-up is to extract `PeekabooVisualizer` into its own standalone Swift package that depends only on `PeekabooFoundation`/`PeekabooProtocols`/`PeekabooExternalDependencies`.

 ## IPC / CLI surface
 ### Namespacing
@@ -46,6 +47,8 @@ Change `clawdis-mac` to default to human text output:

 This applies globally, not only `ui` commands.

+Note (current state as of 2025-12-13): `clawdis-mac` prints JSON by default. This is a planned behavior change.
+
 ### Timeouts
 Default timeout for UI actions: **10 seconds** end-to-end (CLI already defaults to 10s).
 - CLI: keep the fail-fast default at 10s (unless a command explicitly requests longer).
@@ -78,14 +81,18 @@ All “see/click/type/scroll/wait” requests should accept a target (default: f
 Peekaboo already has the core ingredients:
 - element detection yielding stable IDs (e.g., `B1`, `T3`)
 - bounds + labels/values
- session IDs to allow follow-up actions without re-scanning
+- snapshot IDs to allow follow-up actions without re-scanning

 Clawdis’s `ui see` should:
 - capture (optionally targeted) window/screen
- return a **session id**
+- return a **snapshot id**
 - return a list of elements with `{id, type, label/value?, bounds}`
 - optionally return screenshot path/bytes (pref: path)

+Snapshot lifecycle requirement:
+- Clawdis runs long-lived in memory, so “snapshot state” should be **in-memory by default** (no disk-backed JSON concept).
+- Peekaboo already supports this via an `InMemorySnapshotManager` (keep disk-backed snapshots as an optional debug mode later).
+
 ## Visualizer integration
 Visualizer must be user-toggleable via a Clawdis setting.

@@ -96,11 +103,7 @@ Implementation sketch:

 Current state:
 - `PeekabooVisualizer` already includes the visualization implementation (SwiftUI overlay views + coordinator).
-
-Open requirement:
- “Any AX event should be clickable.” Today the visualizer is display-only; the likely follow-up is:
-  - make the annotated element overlays tappable (debug tool)
-  - surface tap → element id → send a `ui click --element <id> --session <sid>` request back through Clawdis’ control channel (or a local callback if the visualizer runs inside the app)
+The visualizer is intentionally display-only (no clickable overlays needed).

 ## Screenshots (legacy → Peekaboo takeover)
 Clawdis currently has a legacy `screenshot` request returning raw PNG bytes in `Response.payload`.
--- a/docs/mac/xpc.md
+++ b/docs/mac/xpc.md
@@ -5,6 +5,8 @@ read_when:
 ---
 # Clawdis macOS XPC architecture (Dec 2025)

+Note: the current implementation primarily uses a local UNIX-domain control socket (`controlSocketPath`) between `clawdis-mac` and the app. This doc describes the intended long-term XPC/Mach-service architecture and the security constraints; update it as the implementation converges.
+
 ## Goals
 - Single GUI app instance that owns all TCC-facing work (notifications, screen recording, mic, speech, AppleScript).
 - A small surface for automation: the `clawdis-mac` CLI and the Node gateway talk to the app via a local XPC channel.
@@ -33,6 +35,6 @@ read_when:
 - RunAtLoad without KeepAlive means the app starts once; if it crashes it stays down (no unwanted respawn), but CLI calls will re-spawn via launchd.

 ## Hardening notes
- Audit-token check currently allows same-UID fallback; to lock down further, remove that fallback and require the team ID match.
+- Prefer requiring a TeamID match for all privileged surfaces. The codebase currently has a `DEBUG`-only same-UID escape hatch gated behind `CLAWDIS_ALLOW_UNSIGNED_SOCKET_CLIENTS=1` for local development.
 - All communication remains local-only; no network sockets are exposed.
 - TCC prompts originate only from the GUI app bundle; run scripts/package-mac-app.sh so the signed bundle ID stays stable.