Skip to content

Initial implementation #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Pajn merged 43 commits into from
Mar 22, 2026
Merged

Initial implementation #1

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
43 commits
Select commit Hold shift + click to select a range
4be539b
phase1: implement server core model
Pajn Mar 21, 2026
98b0006
phase2: implement socket protocol server
Pajn Mar 21, 2026
ece8372
phase3: add PTY-backed buffer runtime
Pajn Mar 21, 2026
d77f9f9
phase4: add terminal backend snapshots
Pajn Mar 21, 2026
aeead5b
phase5: add session root tab lifecycle
Pajn Mar 21, 2026
30c1c85
phase6: add split layout operations
Pajn Mar 21, 2026
a51c7a3
phase7: enable nested tab mutations
Pajn Mar 21, 2026
0bac956
phase8: add floating window lifecycle
Pajn Mar 21, 2026
5dfcd79
phase9: add buffer detach move workflows
Pajn Mar 21, 2026
94392c0
phase10: add client reducer and transport
Pajn Mar 21, 2026
62be29d
phase11: add client renderer and controller
Pajn Mar 21, 2026
4249a09
phase12: implement tmux-style CLI
Pajn Mar 21, 2026
e26e359
phase13: add end-to-end workflows
Pajn Mar 21, 2026
82fb5f2
rename workspace to embers
Pajn Mar 21, 2026
d43fded
format embers workspace\n\nCo-authored-by: Copilot <223556219+Copilot…
Pajn Mar 21, 2026
85a5d92
config: add discovery and loader skeleton
Pajn Mar 21, 2026
1fc29fa
config: add Rhai engine and keymap compiler
Pajn Mar 21, 2026
12b7942
config: add action query and tree APIs
Pajn Mar 21, 2026
43c5009
config: add live runtime integration
Pajn Mar 21, 2026
1471730
test: cover configured client runtime
Pajn Mar 21, 2026
629e6c4
cli: add interactive embers entrypoint
Pajn Mar 21, 2026
b07b8f6
test: cover interactive cli startup
Pajn Mar 21, 2026
6d951b3
format
Pajn Mar 21, 2026
e53922c
Install correct flatbuffers genrator version
Pajn Mar 21, 2026
7cd7d04
ci: reuse flatc installer action
Pajn Mar 21, 2026
dfdb0a1
cli: harden startup and socket handling
Pajn Mar 21, 2026
03cbac1
client: harden config and scripting runtime
Pajn Mar 21, 2026
dad9a19
server: tighten protocol and state invariants
Pajn Mar 21, 2026
842991d
review: finish remaining hardening fixes
Pajn Mar 21, 2026
c8e2b1a
state: generalize session root layouts
Pajn Mar 21, 2026
52076b1
client: extend config api
Pajn Mar 21, 2026
21b3003
Add visible terminal snapshot protocol
Pajn Mar 21, 2026
8ca43b5
Add per-view terminal state
Pajn Mar 21, 2026
6f80d6d
Add styled Unicode-aware render grid
Pajn Mar 21, 2026
8f15483
Add terminal input event parsing
Pajn Mar 22, 2026
85a9903
Add local terminal interaction modes
Pajn Mar 22, 2026
4892e52
Wire CLI terminal interaction
Pajn Mar 22, 2026
a3a37f3
Review comments
Pajn Mar 22, 2026
475c22f
Review comments pass 2
Pajn Mar 22, 2026
ad4ac83
Review comments
Pajn Mar 22, 2026
8dd8acd
Fix mouse position with title rows and benchmark search
Pajn Mar 22, 2026
61ec3ef
Review comments 3
Pajn Mar 22, 2026
43fb859
Review comments 4
Pajn Mar 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
46 changes: 46 additions & 0 deletions .github/actions/install-flatc/action.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,46 @@
name: Install flatc
description: Download and install a flatc binary for CI

inputs:
version:
description: FlatBuffers release version to install
required: true
sha256:
description: SHA-256 of the expected flatc archive
required: true

runs:
using: composite
steps:
- name: Download flatc
shell: bash
run: |
set -euo pipefail

mkdir -p flatbuffers-bin
asset=""
candidates=(
"Linux.flatc.binary.g++-13.zip"
"Linux.flatc.binary.clang++-18.zip"
)

for candidate in "${candidates[@]}"; do
if curl --retry 5 --retry-delay 2 --retry-connrefused --connect-timeout 10 --max-time 120 -fsSL -o flatbuffers-bin/flatc.zip "https://github.com/google/flatbuffers/releases/download/v${{ inputs.version }}/${candidate}"; then
actual_sha256="$(sha256sum flatbuffers-bin/flatc.zip | awk '{print $1}')"
if [[ "${actual_sha256}" == "${{ inputs.sha256 }}" ]]; then
asset="${candidate}"
break
fi
rm -f flatbuffers-bin/flatc.zip
fi
done

if [[ -z "${asset}" ]]; then
echo "::error::failed to download flatc v${{ inputs.version }}; attempted assets: ${candidates[*]}"
exit 1
fi

unzip -q flatbuffers-bin/flatc.zip -d flatbuffers-bin
chmod +x flatbuffers-bin/flatc
sudo install flatbuffers-bin/flatc /usr/local/bin/flatc
Comment thread
coderabbitai[bot] marked this conversation as resolved.
Comment on lines +27 to +45
Copy link
Copy Markdown

@coderabbitai coderabbitai Bot Mar 22, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
set -euo pipefail
# Verify all call sites of this action provide version + sha256 once hardening is added.
rg -n -C3 'uses:\s*\./\.github/actions/install-flatc|version:|sha256:' .github/workflows

Repository: Pajn/Embers

Length of output: 1706

🏁 Script executed:

cat -n .github/actions/install-flatc/action.yml

Repository: Pajn/Embers

Length of output: 1439

Add SHA-256 verification before installing flatc from GitHub releases.

The action downloads an executable archive (line 25) and installs it system-wide (line 38) without verifying integrity. This is a supply-chain risk in CI. Currently, no checksum or signature validation occurs before unzip and sudo install.

Add a required sha256 input parameter and verify the archive before extraction:

Proposed hardening 
 inputs:
   version:
     description: FlatBuffers release version to install
     required: true
+  sha256:
+    description: SHA-256 for the selected flatc zip asset
+    required: true
 runs:
   using: composite
   steps:
     - name: Download flatc
       shell: bash
       run: |
         set -euo pipefail

         mkdir -p flatbuffers-bin
         asset=""
         candidates=(
           "Linux.flatc.binary.g++-13.zip"
           "Linux.flatc.binary.clang++-18.zip"
         )

         for candidate in "${candidates[@]}"; do
           if curl -fsSL -o flatbuffers-bin/flatc.zip "https://github.com/google/flatbuffers/releases/download/v${{ inputs.version }}/${candidate}"; then
             asset="${candidate}"
             break
           fi
         done

         if [[ -z "${asset}" ]]; then
           echo "::error::failed to download flatc v${{ inputs.version }}; attempted assets: ${candidates[*]}"
           exit 1
         fi

+        echo "${{ inputs.sha256 }}  flatbuffers-bin/flatc.zip" | sha256sum -c -
+
         unzip -q flatbuffers-bin/flatc.zip -d flatbuffers-bin

Update all three call sites in .github/workflows/ci.yml (lines 15, 31, 43) to provide the sha256 parameter.

🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In @.github/actions/install-flatc/action.yml around lines 24 - 38, The action
currently downloads and installs flatc without integrity checks; add a required
inputs.sha256 parameter to the action and, after the download loop that sets
candidate/asset (symbols: candidates, asset, inputs.version), compute and verify
the SHA-256 of flatbuffers-bin/flatc.zip against inputs.sha256 (fail with an
error and exit if mismatched) before running unzip/chmod/sudo install; also
update all callers in the workflows that invoke this action to pass the new
sha256 input at the three call sites referenced.

rm -rf flatbuffers-bin
30 changes: 17 additions & 13 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,15 +4,19 @@ on:
push:
pull_request:

env:
FLATBUFFERS_VERSION: 25.12.19
FLATBUFFERS_SHA256: 9f87066dc5dfa7fe02090b55bab5f3e55df03e32c9b0cdf229004ade7d091039

jobs:
fmt-lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install flatbuffers compiler
run: |
sudo apt-get update
sudo apt-get install -y flatbuffers-compiler
- uses: ./.github/actions/install-flatc
with:
version: ${{ env.FLATBUFFERS_VERSION }}
sha256: ${{ env.FLATBUFFERS_SHA256 }}
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt, clippy
Expand All @@ -26,10 +30,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install flatbuffers compiler
run: |
sudo apt-get update
sudo apt-get install -y flatbuffers-compiler
- uses: ./.github/actions/install-flatc
with:
version: ${{ env.FLATBUFFERS_VERSION }}
sha256: ${{ env.FLATBUFFERS_SHA256 }}
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Run unit and integration tests
Expand All @@ -39,11 +43,11 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install flatbuffers compiler
run: |
sudo apt-get update
sudo apt-get install -y flatbuffers-compiler
- uses: ./.github/actions/install-flatc
with:
version: ${{ env.FLATBUFFERS_VERSION }}
sha256: ${{ env.FLATBUFFERS_SHA256 }}
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
- name: Run ignored PTY smoke test
run: cargo test -p mux-test-support pty_round_trips_input -- --ignored
run: cargo test -p embers-test-support pty_round_trips_input -- --ignored
Loading
Loading