Breadway/bread
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor: remove remote module install, extract bread-sync, make CI real

Browse source 
Security:
- Remove `bread modules install github:…`. Remote fetch pulled unreviewed
  third-party Lua and ran it with full bread.exec() privileges in an
  unsandboxed runtime. Module install is now local-only; parse_source
  rejects github:/git: with an explicit message.

bread-sync extracted from the workspace (parked for its own project):
- Removed from workspace members (now excluded); see bread-sync/EXTRACTION.md
- Removed the entire `bread sync` CLI surface and now-unused deps
  (bread-sync, reqwest, tar, flate2; tempfile demoted to dev-dependency)
- Removed the sync.status IPC method from breadd plus its integration tests
- Moved the generic `expand_path` helper into bread-shared (with unit tests)

CI now actually runs and gates quality:
- Trigger on master/dev (was `main` — CI had never run, not once)
- Added `cargo fmt --check` and `clippy -D warnings`; fixed 4 clippy warnings
- Dropped the macOS matrix entry (breadd is Linux-only: udev/rtnetlink);
  added the libudev-dev system dependency the Linux build needs

Hardening / honesty:
- New ipc test: daemon survives repeated reloads and the event pipeline
  resumes (the prior suite only had a single happy-path reload check)
- Docs scrubbed of sync across README/Documentation/Overview/DAEMON
- "production-ready" and "compositor-agnostic" claims reworded to match
  reality rather than aspiration

Note: bread-sync/src/export.rs held pre-existing local WIP authored outside
this change set and is intentionally excluded from this commit.
This commit is contained in:
Breadway 2026-05-17 00:22:21 +08:00
parent 3be8eec065
commit cc456b78fe
14 changed files with 202 additions and 1946 deletions
Download patch file Download diff file Expand all files Collapse all files

51
bread-cli/src/modules_mgmt.rs
View file

@ -15,44 +15,31 @@ pub struct ModuleManifest {
pub installed_at: String,
}
/// Parsed install source.
pub enum InstallSource {
GitHub {
user: String,
repo: String,
git_ref: Option<String>,
},
LocalPath(PathBuf),
}
/// Parse a source string into an `InstallSource`.
pub fn parse_source(source: &str) -> Result<InstallSource> {
if let Some(rest) = source.strip_prefix("github:") {
let (repo_part, ref_part) = rest
.split_once('@')
.map(|(r, v)| (r, Some(v.to_string())))
.unwrap_or((rest, None));
let (user, repo) = repo_part.split_once('/').ok_or_else(|| {
anyhow::anyhow!(
"bread: invalid github source '{}'. Expected 'github:user/repo[@ref]'",
source
)
})?;
Ok(InstallSource::GitHub {
user: user.to_string(),
repo: repo.to_string(),
git_ref: ref_part,
})
} else if source.starts_with('/')
/// Resolve a module source string to a local directory path.
///
/// Only local paths are accepted. Remote fetching (`github:user/repo`) was
/// removed: it pulled arbitrary, unsandboxed Lua that the daemon then runs with
/// full `bread.exec()` privileges as the user. Installing a remote module now
/// requires cloning it yourself, so the review step stays in the user's hands.
pub fn parse_source(source: &str) -> Result<PathBuf> {
if source.starts_with("github:") || source.starts_with("git:") {
bail!(
"bread: remote module installation has been removed for security \
(it ran unreviewed third-party Lua with full exec privileges). \
Clone the repository yourself, review it, then run \
'bread modules install /path/to/checkout'"
);
}
if source.starts_with('/')
|| source.starts_with("./")
|| source.starts_with("../")
|| source.starts_with('~')
{
let expanded = bread_sync::config::expand_path(source);
Ok(InstallSource::LocalPath(expanded))
Ok(bread_shared::expand_path(source))
} else {
bail!(
"bread: invalid module source '{}'. Use 'github:user/repo' or an absolute/relative path",
"bread: invalid module source '{}'. Provide an absolute or relative \
path to a local module directory",
source
)
}