refactor: remove remote module install, extract bread-sync, make CI real

Security: - Remove `bread modules install github:…`. Remote fetch pulled unreviewed third-party Lua and ran it with full bread.exec() privileges in an unsandboxed runtime. Module install is now local-only; parse_source rejects github:/git: with an explicit message. bread-sync extracted from the workspace (parked for its own project): - Removed from workspace members (now excluded); see bread-sync/EXTRACTION.md - Removed the entire `bread sync` CLI surface and now-unused deps (bread-sync, reqwest, tar, flate2; tempfile demoted to dev-dependency) - Removed the sync.status IPC method from breadd plus its integration tests - Moved the generic `expand_path` helper into bread-shared (with unit tests) CI now actually runs and gates quality: - Trigger on master/dev (was `main` — CI had never run, not once) - Added `cargo fmt --check` and `clippy -D warnings`; fixed 4 clippy warnings - Dropped the macOS matrix entry (breadd is Linux-only: udev/rtnetlink); added the libudev-dev system dependency the Linux build needs Hardening / honesty: - New ipc test: daemon survives repeated reloads and the event pipeline resumes (the prior suite only had a single happy-path reload check) - Docs scrubbed of sync across README/Documentation/Overview/DAEMON - "production-ready" and "compositor-agnostic" claims reworded to match reality rather than aspiration Note: bread-sync/src/export.rs held pre-existing local WIP authored outside this change set and is intentionally excluded from this commit.
2026-05-17 00:22:21 +08:00 · 2026-05-17 00:22:21 +08:00 · cc456b78fe
commit cc456b78fe
parent 3be8eec065
14 changed files with 202 additions and 1946 deletions
--- a/breadd/src/ipc/mod.rs
+++ b/breadd/src/ipc/mod.rs
@ -267,32 +267,6 @@ impl Server {
                    "recent_errors": recent_errors,
                }))
            }
-            "sync.status" => {
-                let sync_path = bread_sync::config::bread_config_dir().join("sync.toml");
-                match std::fs::read_to_string(&sync_path)
-                    .ok()
-                    .and_then(|s| s.parse::<toml::Value>().ok())
-                {
-                    Some(toml) => {
-                        let machine = toml
-                            .get("machine")
-                            .and_then(|m| m.get("name"))
-                            .and_then(|v| v.as_str())
-                            .unwrap_or("unknown");
-                        let remote = toml
-                            .get("remote")
-                            .and_then(|r| r.get("url"))
-                            .and_then(|v| v.as_str())
-                            .unwrap_or("unknown");
-                        Ok(json!({
-                            "initialized": true,
-                            "machine": machine,
-                            "remote": remote,
-                        }))
-                    }
-                    None => Ok(json!({ "initialized": false })),
-                }
-            }
            "events.replay" => {
                let since_ms = req
                    .params