Project improvements: security, reliability, tests, docs#115
Draft
nvdweem wants to merge 5 commits into
Draft
Conversation
…-HTTP HA The OSC input socket now binds 127.0.0.1 instead of all interfaces (it is the app's only network-facing socket) and the autocomplete address set is capped at 500 entries so a hostile sender cannot grow it unboundedly. Home Assistant servers configured with plain http to a non-local host now surface a warning (token sent unencrypted); local http installs, which are the norm, are never flagged. Also corrects a stale Id.CLASS doc comment to the actual Id.NAME allowlist mechanism. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…n, tame threads - DeviceHolder no longer persists synchronously inside the device-connected observer; the identity-backfill save is debounced off the provider thread so SaveEvent observers cannot run re-entrantly and deadlock it. - Shutdown lifecycle moves onto Quarkus @PreDestroy where a bean can observe it (CommandDispatcher); AppShutdownState and FileChecker keep documented raw JVM hooks for the flag-only / pre-CDI cases. MqttService gains a @PreDestroy that publishes the offline availability payload before disconnecting. - New AppThreads factory gives every ad-hoc thread a name, daemon flag and an uncaught-exception handler; adopted across the HID and tray threads. - CommandDispatcher's handler re-checks the queue under the lock before waiting, closing a lost-wakeup race; the rolling-average worker parks while idle instead of spinning at 10ms. MQTT message handling catches per-message so one malformed payload cannot kill delivery for every subscription. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…zation Adds unit tests for the OBS/OSC/MQTT/program/output/profile command families (JSON round-trip through the polymorphic mapper plus pure value logic), the central CommandDispatcher routing/coalescing, the Home Assistant client value mapping, and a REST DTO serialization smoke test that round-trips every DTO-returning endpoint's payload through an app-like ObjectMapper without booting the container. Broadens packaging/smoke-test.sh to exercise all list-returning endpoints. Makes Debouncer's clock injectable so the throttle-leading test is deterministic instead of sleep-based. A small CommandMapperTestFactory lets out-of-package command tests build the mapper. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…issue forms Moves the human-facing architecture/build/native-image/C++ reference out of CLAUDE.md into ARCHITECTURE.md (CLAUDE.md keeps agent workflow rules and now points at it; CONTRIBUTING links it too), fixing several stale claims along the way (Id.NAME not Id.CLASS, the native-config-gen profile, the committed-DLL/CMake SndCtrl reality, Windows CI running verify, the full TS classPattern list, the MCP /mcp transport). Adds a terse SECURITY.md describing the loopback/LocalHttpGuard threat model, a PULL_REQUEST_TEMPLATE embedding the required AI-disclosure line, and converts the issue templates to GitHub Issue Forms with a required version field. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Dependabot (maven, npm/webui, github-actions; weekly, grouped) pushes normally. The PR-CI workflow and the action SHA-pinning could not be pushed by the automation (the credential lacks the GitHub 'workflow' scope), so they are preserved as .github/pending-ci-workflows.patch with apply instructions in .github/PENDING-CI-WORKFLOWS.md. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implements a prioritized set of improvements from an in-depth project analysis (backend reliability, security hardening, test coverage, docs). All 510 JVM tests pass; the tree compiles in JVM mode.
What landed
Security
127.0.0.1instead of all interfaces (it was the app's only network-facing socket); autocomplete address set capped at 500 entries.httpto a non-local host now surface a token-exposure warning. Local http installs (the norm) are never flagged.Id.CLASSdoc comment to the actualId.NAMEallowlist mechanism.Reliability / threading
SaveEventobservers can't run re-entrantly and deadlock it.@PreDestroy(with documented raw JVM hooks kept only for the flag-only / pre-CDI cases);MqttServicenow publishes its offline availability payload before disconnecting.AppThreadsfactory (named, daemon, uncaught-exception handler) adopted across HID/tray threads.CommandDispatcher's handler; the rolling-average worker parks while idle instead of spinning at 10 ms; MQTT message handling catches per-message so one malformed payload can't kill delivery.Tests
CommandDispatcherrouting/coalescing, the Home Assistant client value mapping, and a REST DTO serialization smoke test over every DTO endpoint.Debouncerclock made injectable so the throttle test is deterministic (no sleeps);smoke-test.shbroadened to all list-returning endpoints.Docs / templates
ARCHITECTURE.mdfromCLAUDE.md(fixing several stale claims); addedSECURITY.md, a PR template with the AI-disclosure line, and modern GitHub Issue Forms.Dependencies
.github/dependabot.yml(maven, npm/webui, github-actions; weekly, grouped).Not in this branch / follow-ups
pr-ci.yml+ action SHA-pinning + appimagetool checksum) could not be pushed — the automation credential lacks the GitHubworkflowscope. They are preserved as.github/pending-ci-workflows.patch; see.github/PENDING-CI-WORKFLOWS.mdto apply them with a scoped token.npm run lint.docs/events.mddrift anddocs/README.md/integrations.mdremain as noted follow-ups.This pull request was made by an AI without any human intervention