refactor: remove remote module install, extract bread-sync, make CI real

Security: - Remove `bread modules install github:…`. Remote fetch pulled unreviewed third-party Lua and ran it with full bread.exec() privileges in an unsandboxed runtime. Module install is now local-only; parse_source rejects github:/git: with an explicit message. bread-sync extracted from the workspace (parked for its own project): - Removed from workspace members (now excluded); see bread-sync/EXTRACTION.md - Removed the entire `bread sync` CLI surface and now-unused deps (bread-sync, reqwest, tar, flate2; tempfile demoted to dev-dependency) - Removed the sync.status IPC method from breadd plus its integration tests - Moved the generic `expand_path` helper into bread-shared (with unit tests) CI now actually runs and gates quality: - Trigger on master/dev (was `main` — CI had never run, not once) - Added `cargo fmt --check` and `clippy -D warnings`; fixed 4 clippy warnings - Dropped the macOS matrix entry (breadd is Linux-only: udev/rtnetlink); added the libudev-dev system dependency the Linux build needs Hardening / honesty: - New ipc test: daemon survives repeated reloads and the event pipeline resumes (the prior suite only had a single happy-path reload check) - Docs scrubbed of sync across README/Documentation/Overview/DAEMON - "production-ready" and "compositor-agnostic" claims reworded to match reality rather than aspiration Note: bread-sync/src/export.rs held pre-existing local WIP authored outside this change set and is intentionally excluded from this commit.
2026-05-17 00:22:21 +08:00 · 2026-05-17 00:22:21 +08:00 · cc456b78fe
commit cc456b78fe
parent 3be8eec065
14 changed files with 202 additions and 1946 deletions
--- a/breadd/src/ipc/mod.rs
+++ b/breadd/src/ipc/mod.rs
@ -267,32 +267,6 @@ impl Server {
                    "recent_errors": recent_errors,
                }))
            }
-            "sync.status" => {
-                let sync_path = bread_sync::config::bread_config_dir().join("sync.toml");
-                match std::fs::read_to_string(&sync_path)
-                    .ok()
-                    .and_then(|s| s.parse::<toml::Value>().ok())
-                {
-                    Some(toml) => {
-                        let machine = toml
-                            .get("machine")
-                            .and_then(|m| m.get("name"))
-                            .and_then(|v| v.as_str())
-                            .unwrap_or("unknown");
-                        let remote = toml
-                            .get("remote")
-                            .and_then(|r| r.get("url"))
-                            .and_then(|v| v.as_str())
-                            .unwrap_or("unknown");
-                        Ok(json!({
-                            "initialized": true,
-                            "machine": machine,
-                            "remote": remote,
-                        }))
-                    }
-                    None => Ok(json!({ "initialized": false })),
-                }
-            }
            "events.replay" => {
                let since_ms = req
                    .params
--- a/breadd/src/lua/mod.rs
+++ b/breadd/src/lua/mod.rs
@ -873,7 +873,8 @@ impl LuaEngine {
        })?;
        bread.set("module", module_fn)?;

-        // bread.machine — machine name and tags from sync.toml
+        // bread.machine — hostname/tags; reads an optional, externally-managed
+        // ~/.config/bread/sync.toml if present (bread does not create it)
        let machine_tbl = self.lua.create_table()?;

        let name_fn = self
@ -947,9 +948,9 @@ impl LuaEngine {
        })?;
        bluetooth_tbl.set("power", power_fn)?;

-        let powered_fn = self.lua.create_function(move |_lua, ()| {
-            Ok(bluetooth_query(|| bluetooth_get_powered()).ok())
-        })?;
+        let powered_fn = self
+            .lua
+            .create_function(move |_lua, ()| Ok(bluetooth_query(bluetooth_get_powered).ok()))?;
        bluetooth_tbl.set("powered", powered_fn)?;

        let connect_fn = self.lua.create_function(move |_lua, address: String| {
@ -983,7 +984,7 @@ impl LuaEngine {
        bluetooth_tbl.set("scan", scan_fn)?;

        let devices_fn = self.lua.create_function(move |lua, ()| {
-            let devs = match bluetooth_query(|| bluetooth_list_devices()) {
+            let devs = match bluetooth_query(bluetooth_list_devices) {
                Ok(d) => d,
                Err(_) => return Ok(Value::Nil),
            };
@ -2298,7 +2299,8 @@ where
            .block_on(factory());
        let _ = tx.send(result);
    });
-    rx.recv().map_err(|_| anyhow::anyhow!("bluetooth query thread failed"))?
+    rx.recv()
+        .map_err(|_| anyhow::anyhow!("bluetooth query thread failed"))?
 }

 async fn bluetooth_find_adapter(conn: &zbus::Connection) -> anyhow::Result<String> {
@ -2392,7 +2394,11 @@ async fn bluetooth_disconnect(address: String) -> anyhow::Result<()> {
 async fn bluetooth_set_scanning(enabled: bool) -> anyhow::Result<()> {
    let conn = zbus::Connection::system().await?;
    let adapter = bluetooth_find_adapter(&conn).await?;
-    let method = if enabled { "StartDiscovery" } else { "StopDiscovery" };
+    let method = if enabled {
+        "StartDiscovery"
+    } else {
+        "StopDiscovery"
+    };
    conn.call_method(
        Some("org.bluez"),
        adapter.as_str(),
@ -2429,7 +2435,7 @@ async fn bluetooth_list_devices() -> anyhow::Result<Vec<BluetoothDevice>> {
    > = msg.body()?;

    let mut devices = Vec::new();
-    for (_, interfaces) in &objects {
+    for interfaces in objects.values() {
        if let Some(props) = interfaces.get("org.bluez.Device1") {
            let json = serde_json::to_value(props).unwrap_or_else(|_| serde_json::json!({}));
            devices.push(BluetoothDevice {