terminalwire 0.1.17 → 0.2.2

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3ab3f5780e6c3f7f544936130b288676ad60b29ef05944842771bcb3ca51192a
-  data.tar.gz: 4bd9a47eb0541ca81dd53cc19f6bf5ca02e388f22048b1fceaf7ac0f910e557d
+  metadata.gz: 89f9aee85ea5da79613c84fe3c5ecabb199d973c0b313050bb4d857b1ae493e2
+  data.tar.gz: 4f7a3f2ef2454cb3a630ffbb8b1d92f7c72a17e905e3059a376e20a5e058681d
 SHA512:
-  metadata.gz: e37f803cf8777f66aa6f8f19cd72fb0ca778e06b1f39a7762b8e3ed74b494dee210f025af65063b6d60321d9d6e9c20fa00b81dcd61b1ca7efd9193a6bf5e310
-  data.tar.gz: 25b6c73db710026062340f779bee11738952bd86efb80bef53f4d92cdef9599e917e85a6d979ee559fa422c3f73b4f8ffd5d7e9d87d81f26a531bab8603c1e68
+  metadata.gz: f29cb799b97b678e163a0685e0a7be9de49fb6464eb4916b8412ed6eb30400f0ff29b9ba5bc02ab208a50bbfb7a7e027f507cd14bd827ebf1ae5b01be29d992d
+  data.tar.gz: 615e9dea3dc7fc01f04bce0f0a2c4f82c4dd7670853f43741e99f82b8159067ab92d292a0230a6ea73439ac7c023815259fe1d6d7694c8b991f7e524d0bd4ef8

data/lib/terminalwire/adapter.rb

@@ -1,7 +1,7 @@
 require 'msgpack'
 
 module Terminalwire::Adapter
-  # Works with TCP, Unix, WebSocket, and other socket-like abstractions.
+  # Works with Test, TCP, Unix, WebSocket, and other socket-like abstractions.
   class Socket
     include Terminalwire::Logging
 

data/lib/terminalwire/cache.rb

@@ -4,6 +4,7 @@ require "base64"
 require "time"
 require "fileutils"
 
+# Caches used on the client side for licesens, HTTP requests, etc.
 module Terminalwire::Cache
   module File
     # Hoist the File class to avoid conflicts with the standard library.

data/lib/terminalwire/client/entitlement/environment_variables.rb

@@ -0,0 +1,26 @@
+module Terminalwire::Client::Entitlement
+  # ENV vars that the server can access on the client.
+  class EnvironmentVariables
+    include Enumerable
+
+    def initialize
+      @permitted = Set.new
+    end
+
+    def each(&)
+      @permitted.each(&)
+    end
+
+    def permit(variable)
+      @permitted << variable.to_s
+    end
+
+    def permitted?(key)
+      include? key.to_s
+    end
+
+    def serialize
+      map { |name| { name: } }
+    end
+  end
+end

data/lib/terminalwire/client/entitlement/paths.rb

@@ -0,0 +1,97 @@
+module Terminalwire::Client::Entitlement
+  # A list of paths and permissions that server has to write on the client workstation.
+  class Paths
+    class Permit
+      attr_reader :path, :mode
+      # Ensure the default file mode is read/write for owner only. This ensures
+      # that if the server tries uploading an executable file, it won't be when it
+      # lands on the client.
+      #
+      # Eventually we'll move this into entitlements so the client can set maximum
+      # permissions for files and directories.
+      MODE = 0o600 # rw-------
+
+      # Constants for permission bit masks
+      OWNER_PERMISSIONS = 0o700 # rwx------
+      GROUP_PERMISSIONS = 0o070 # ---rwx---
+      OTHERS_PERMISSIONS = 0o007 # ------rwx
+
+      # We'll validate that modes are within this range.
+      MODE_RANGE = 0o000..0o777
+
+      def initialize(path:, mode: MODE)
+        @path = Pathname.new(path)
+        @mode = convert(mode)
+      end
+
+      def permitted_path?(path)
+        # This MUST be done via File.fnmatch because Pathname#fnmatch does not work. If you
+        # try changing this 🚨 YOU MAY CIRCUMVENT THE SECURITY MEASURES IN PLACE. 🚨
+        File.fnmatch @path.to_s, path.to_s, File::FNM_PATHNAME
+      end
+
+      def permitted_mode?(value)
+        # Ensure the mode is at least as permissive as the permitted mode.
+        mode = convert(value)
+
+        # Extract permission bits for owner, group, and others
+        owner_bits = mode & OWNER_PERMISSIONS
+        group_bits = mode & GROUP_PERMISSIONS
+        others_bits = mode & OTHERS_PERMISSIONS
+
+        # Ensure that the mode doesn't grant more permissions than @mode in any class (owner, group, others)
+        (owner_bits <= @mode & OWNER_PERMISSIONS) &&
+        (group_bits <= @mode & GROUP_PERMISSIONS) &&
+        (others_bits <= @mode & OTHERS_PERMISSIONS)
+      end
+
+      def permitted?(path:, mode: @mode)
+        permitted_path?(path) && permitted_mode?(mode)
+      end
+
+      def serialize
+        {
+          location: @path.to_s,
+          mode: @mode
+        }
+      end
+
+      protected
+      def convert(value)
+        mode = Integer(value)
+        raise ArgumentError, "The mode #{format_octet value} must be an octet value between #{format_octet MODE_RANGE.first} and #{format_octet MODE_RANGE.last}" unless MODE_RANGE.cover?(mode)
+        mode
+      end
+
+      def format_octet(value)
+        format("0o%03o", value)
+      end
+    end
+
+    include Enumerable
+
+    def initialize
+      @permitted = []
+    end
+
+    def each(&)
+      @permitted.each(&)
+    end
+
+    def permit(path, **)
+      @permitted.append Permit.new(path:, **)
+    end
+
+    def permitted?(path, mode: nil)
+      if mode
+        find { |it| it.permitted_path?(path) and it.permitted_mode?(mode) }
+      else
+        find { |it| it.permitted_path?(path) }
+      end
+    end
+
+    def serialize
+      map(&:serialize)
+    end
+  end
+end

data/lib/terminalwire/client/entitlement/policy.rb

@@ -0,0 +1,100 @@
+module Terminalwire::Client::Entitlement
+  module Policy
+    # A policy has the authority, paths, and schemes that the server is allowed to access.
+    class Base
+      attr_reader :paths, :authority, :schemes, :environment_variables
+
+      def initialize(authority:)
+        @authority = authority
+        @paths = Paths.new
+
+        # Permit the domain directory. This is necessary for basic operation of the client.
+        @paths.permit storage_path
+        @paths.permit storage_pattern
+
+        @schemes = Schemes.new
+        # Permit http & https by default.
+        @schemes.permit "http"
+        @schemes.permit "https"
+
+        @environment_variables = EnvironmentVariables.new
+        # Permit the HOME and TERMINALWIRE_HOME environment variables.
+        @environment_variables.permit "TERMINALWIRE_HOME"
+      end
+
+      def root_path
+        # TODO: This needs to be passed into the Policy so that it can be set by the client.
+        Terminalwire::Client.root_path
+      end
+
+      def authority_path
+        root_path.join("authorities/#{authority}")
+      end
+
+      def storage_path
+        authority_path.join("storage")
+      end
+
+      def storage_pattern
+        storage_path.join("**/*")
+      end
+
+      def serialize
+        {
+          authority: @authority,
+          schemes: @schemes.serialize,
+          paths: @paths.serialize,
+          environment_variables: @environment_variables.serialize
+        }
+      end
+    end
+
+    class Root < Base
+      AUTHORITY = "terminalwire.com".freeze
+
+      # Ensure the binary stubs are executable. This increases the
+      # file mode entitlement so that stubs created in ./bin are executable.
+      BINARY_PATH_FILE_MODE = 0o755
+
+      def initialize(*, **, &)
+        # Make damn sure the authority is set to Terminalwire.
+        super(*, authority: AUTHORITY, **, &)
+
+        # Now setup special permitted paths.
+        @paths.permit root_path
+        @paths.permit root_pattern
+
+        # Permit terminalwire to grant execute permissions to the binary stubs.
+        @paths.permit binary_pattern, mode: BINARY_PATH_FILE_MODE
+
+        # Used to check if terminalwire is setup in the user's PATH environment variable.
+        @environment_variables.permit "PATH"
+      end
+
+      # Grant access to the `~/.terminalwire/**/*` path so users can install
+      # terminalwire apps via `terminalwire install svbtle`, etc.
+      def root_pattern
+        root_path.join("**/*").freeze
+      end
+
+      # Path where the terminalwire binary stubs are stored.
+      def binary_path
+        root_path.join("bin").freeze
+      end
+
+      # Pattern for the binary path.
+      def binary_pattern
+        binary_path.join("*").freeze
+      end
+    end
+
+    def self.resolve(*, authority:, **, &)
+      case authority
+      when Policy::Root::AUTHORITY
+        Root.new(*, **, &)
+      else
+        Base.new *, authority:, **, &
+      end
+    end
+  end
+end

data/lib/terminalwire/client/entitlement/schemes.rb

@@ -0,0 +1,26 @@
+module Terminalwire::Client::Entitlement
+  # URLs the server can open on the client.
+  class Schemes
+    include Enumerable
+
+    def initialize
+      @permitted = Set.new
+    end
+
+    def each(&)
+      @permitted.each(&)
+    end
+
+    def permit(scheme)
+      @permitted << scheme.to_s
+    end
+
+    def permitted?(url)
+      include? URI(url).scheme
+    end
+
+    def serialize
+      map { |scheme| { scheme: } }
+    end
+  end
+end

data/lib/terminalwire/client/entitlement.rb

@@ -1,214 +1,9 @@
 require "pathname"
 
 module Terminalwire::Client
+  # Entitlements are the security boundary between the server and the client that lives on the client.
+  # The server might request a file or directory from the client, and the client will check the entitlements
+  # to see if the server is authorized to access the requested resource.
   module Entitlement
-    class Paths
-      class Permit
-        attr_reader :path, :mode
-        # Ensure the default file mode is read/write for owner only. This ensures
-        # that if the server tries uploading an executable file, it won't be when it
-        # lands on the client.
-        #
-        # Eventually we'll move this into entitlements so the client can set maximum
-        # permissions for files and directories.
-        MODE = 0o600 # rw-------
-
-        # Constants for permission bit masks
-        OWNER_PERMISSIONS = 0o700 # rwx------
-        GROUP_PERMISSIONS = 0o070 # ---rwx---
-        OTHERS_PERMISSIONS = 0o007 # ------rwx
-
-        # We'll validate that modes are within this range.
-        MODE_RANGE = 0o000..0o777
-
-        def initialize(path:, mode: MODE)
-          @path = Pathname.new(path).expand_path
-          @mode = convert(mode)
-        end
-
-        def permitted_path?(path)
-          # This MUST be done via File.fnmatch because Pathname#fnmatch does not work. If you
-          # try changing this 🚨 YOU MAY CIRCUMVENT THE SECURITY MEASURES IN PLACE. 🚨
-          File.fnmatch @path.to_s, File.expand_path(path), File::FNM_PATHNAME
-        end
-
-        def permitted_mode?(value)
-          # Ensure the mode is at least as permissive as the permitted mode.
-          mode = convert(value)
-
-          # Extract permission bits for owner, group, and others
-          owner_bits = mode & OWNER_PERMISSIONS
-          group_bits = mode & GROUP_PERMISSIONS
-          others_bits = mode & OTHERS_PERMISSIONS
-
-          # Ensure that the mode doesn't grant more permissions than @mode in any class (owner, group, others)
-          (owner_bits <= @mode & OWNER_PERMISSIONS) &&
-          (group_bits <= @mode & GROUP_PERMISSIONS) &&
-          (others_bits <= @mode & OTHERS_PERMISSIONS)
-        end
-
-        def permitted?(path:, mode: @mode)
-          permitted_path?(path) && permitted_mode?(mode)
-        end
-
-        def serialize
-          {
-            location: @path.to_s,
-            mode: @mode
-          }
-        end
-
-        protected
-        def convert(value)
-          mode = Integer(value)
-          raise ArgumentError, "The mode #{format_octet value} must be an octet value between #{format_octet MODE_RANGE.first} and #{format_octet MODE_RANGE.last}" unless MODE_RANGE.cover?(mode)
-          mode
-        end
-
-        def format_octet(value)
-          format("0o%03o", value)
-        end
-      end
-
-      include Enumerable
-
-      def initialize
-        @permitted = []
-      end
-
-      def each(&)
-        @permitted.each(&)
-      end
-
-      def permit(path, **)
-        @permitted.append Permit.new(path:, **)
-      end
-
-      def permitted?(path, mode: nil)
-        if mode
-          find { |it| it.permitted_path?(path) and it.permitted_mode?(mode) }
-        else
-          find { |it| it.permitted_path?(path) }
-        end
-      end
-
-      def serialize
-        map(&:serialize)
-      end
-    end
-
-    class Schemes
-      include Enumerable
-
-      def initialize
-        @permitted = Set.new
-      end
-
-      def each(&)
-        @permitted.each(&)
-      end
-
-      def permit(scheme)
-        @permitted << scheme.to_s
-      end
-
-      def permitted?(url)
-        include? URI(url).scheme
-      end
-
-      def serialize
-        @permitted.to_a.map(&:to_s)
-      end
-    end
-
-    class Policy
-      attr_reader :paths, :authority, :schemes
-
-      ROOT_PATH = "~/.terminalwire".freeze
-
-      def initialize(authority:)
-        @authority = authority
-        @paths = Paths.new
-
-        # Permit the domain directory. This is necessary for basic operation of the client.
-        @paths.permit storage_path
-        @paths.permit storage_pattern
-
-        @schemes = Schemes.new
-        # Permit http & https by default.
-        @schemes.permit "http"
-        @schemes.permit "https"
-      end
-
-      def root_path
-        Pathname.new(ROOT_PATH)
-      end
-
-      def authority_path
-        root_path.join("authorities/#{authority}")
-      end
-
-      def storage_path
-        authority_path.join("storage")
-      end
-
-      def storage_pattern
-        storage_path.join("**/*")
-      end
-
-      def serialize
-        {
-          authority: @authority,
-          schemes: @schemes.serialize,
-          paths: @paths.serialize,
-          storage_path: storage_path.to_s,
-        }
-      end
-    end
-
-    class RootPolicy < Policy
-      AUTHORITY = "terminalwire.com".freeze
-
-      # Ensure the binary stubs are executable. This increases the
-      # file mode entitlement so that stubs created in ./bin are executable.
-      BINARY_PATH_FILE_MODE = 0o755
-
-      def initialize(*, **, &)
-        # Make damn sure the authority is set to Terminalwire.
-        super(*, authority: AUTHORITY, **, &)
-
-        # Now setup special permitted paths.
-        @paths.permit root_path
-        @paths.permit root_pattern
-
-        # Permit terminalwire to grant execute permissions to the binary stubs.
-        @paths.permit binary_pattern, mode: BINARY_PATH_FILE_MODE
-      end
-
-      # Grant access to the `~/.terminalwire/**/*` path so users can install
-      # terminalwire apps via `terminalwire install svbtle`, etc.
-      def root_pattern
-        root_path.join("**/*")
-      end
-
-      # Path where the terminalwire binary stubs are stored.
-      def binary_path
-        root_path.join("bin")
-      end
-
-      # Pattern for the binary path.
-      def binary_pattern
-        binary_path.join("*")
-      end
-    end
-
-    def self.resolve(*, authority:, **, &)
-      case authority
-      when RootPolicy::AUTHORITY
-        RootPolicy.new(*, **, &)
-      else
-        Policy.new *, authority:, **, &
-      end
-    end
   end
 end

data/lib/terminalwire/client/exec.rb

@@ -3,6 +3,15 @@ require "yaml"
 require "uri"
 
 module Terminalwire::Client
+  # Called by the `terminalwire-exec` shebang in scripts. This makes it easy for people
+  # to create their own scripts that use Terminalwire that look like this:
+  #
+  # ```sh
+  # #!/usr/bin/env terminalwire-exec
+  # url: "https://terminalwire.com/terminal"
+  # ```
+  #
+  # These files are saved, then `chmod + x` is run on them and they become executable.
   class Exec
     attr_reader :arguments, :path, :configuration, :url
 

data/lib/terminalwire/client/handler.rb

@@ -0,0 +1,67 @@
+module Terminalwire::Client
+  # The handler is the main class that connects to the Terminalwire server and
+  # dispatches messages to the appropriate resources.
+  class Handler
+    VERSION = "0.1.0".freeze
+
+    include Terminalwire::Logging
+
+    attr_reader :adapter, :resources, :endpoint
+    attr_accessor :entitlement
+
+    def initialize(adapter, arguments: ARGV, program_name: $0, endpoint:)
+      @endpoint = endpoint
+      @adapter = adapter
+      @program_arguments = arguments
+      @program_name = program_name
+      @entitlement = Entitlement::Policy.resolve(authority: @endpoint.authority)
+
+      yield self if block_given?
+
+      @resources = Resource::Handler.new do |it|
+        it << Resource::STDOUT.new("stdout", @adapter, entitlement:)
+        it << Resource::STDIN.new("stdin", @adapter, entitlement:)
+        it << Resource::STDERR.new("stderr", @adapter, entitlement:)
+        it << Resource::Browser.new("browser", @adapter, entitlement:)
+        it << Resource::File.new("file", @adapter, entitlement:)
+        it << Resource::Directory.new("directory", @adapter, entitlement:)
+        it << Resource::EnvironmentVariable.new("environment_variable", @adapter, entitlement:)
+      end
+    end
+
+    def verify_license
+      # Connect to the Terminalwire license server to verify the URL endpoint
+      # and displays a message to the user, if any are present.
+      $stdout.print ServerLicenseVerification.new(url: @endpoint.to_url).message
+    rescue
+      $stderr.puts "Failed to verify server license."
+    end
+
+    def connect
+      verify_license
+
+      @adapter.write(
+        event: "initialization",
+        protocol: { version: VERSION },
+        entitlement: @entitlement.serialize,
+        program: {
+          name: @program_name,
+          arguments: @program_arguments
+        }
+      )
+
+      loop do
+        handle @adapter.read
+      end
+    end
+
+    def handle(message)
+      case message
+      in { event: "resource", action: "command", name:, parameters: }
+        @resources.dispatch(**message)
+      in { event: "exit", status: }
+        exit Integer(status)
+      end
+    end
+  end
+end

data/lib/terminalwire/client/resource.rb

@@ -55,11 +55,30 @@ module Terminalwire::Client::Resource
       end
     end
 
+    protected
+
     def permit(...)
       false
     end
   end
 
+  class EnvironmentVariable < Base
+    # Accepts a list of environment variables to permit.
+    def read(name:)
+      ENV[name]
+    end
+
+    # def write(name:, value:)
+    #   ENV[name] = value
+    # end
+
+    protected
+
+    def permit(command, name:, **)
+      @entitlement.environment_variables.permitted? name
+    end
+  end
+
   class STDOUT < Base
     def connect
       @io = $stdout
@@ -73,6 +92,8 @@ module Terminalwire::Client::Resource
       @io.puts(data)
     end
 
+    protected
+
     def permit(...)
       true
     end
@@ -97,6 +118,8 @@ module Terminalwire::Client::Resource
       @io.getpass
     end
 
+    protected
+
     def permit(...)
       true
     end
@@ -118,7 +141,7 @@ module Terminalwire::Client::Resource
     end
 
     def delete(path:)
-      File.delete(File.expand_path(path))
+      File.delete File.expand_path(path)
     end
 
     def exist(path:)
@@ -126,10 +149,11 @@ module Terminalwire::Client::Resource
     end
 
     def change_mode(path:, mode:)
-      File.chmod(mode, File.expand_path(path))
+      File.chmod mode, File.expand_path(path)
     end
 
     protected
+
     def permit(command, path:, mode: nil, **)
       @entitlement.paths.permitted? path, mode:
     end
@@ -139,7 +163,7 @@ module Terminalwire::Client::Resource
     File = ::File
 
     def list(path:)
-      Dir.glob File.expand_path(path)
+      Dir.glob path
     end
 
     def create(path:)
@@ -149,28 +173,32 @@ module Terminalwire::Client::Resource
     end
 
     def exist(path:)
-      Dir.exist? File.expand_path(path)
+      Dir.exist? path
     end
 
     def delete(path:)
-      Dir.delete(File.expand_path(path))
+      Dir.delete path
     end
 
+    protected
+
     def permit(command, path:, **)
       @entitlement.paths.permitted? path
     end
   end
 
   class Browser < Base
-    def permit(command, url:, **)
-      @entitlement.schemes.permitted? url
-    end
-
     def launch(url:)
       Launchy.open(URI(url))
       # TODO: This is a hack to get the `respond` method to work.
       # Maybe explicitly call a `suceed` and `fail` method?
       nil
     end
+
+    protected
+
+    def permit(command, url:, **)
+      @entitlement.schemes.permitted? url
+    end
   end
 end

data/lib/terminalwire/client/server_license_verification.rb

@@ -3,72 +3,72 @@ require "base64"
 require "uri"
 require "fileutils"
 
-module Terminalwire
-  module Client
-    class ServerLicenseVerification
-      include Logging
+module Terminalwire::Client
+  # Checkes the server for a license verification at `https://terminalwire.com/licenses/verifications/`
+  # and displays the message to the user, if necessary.
+  class ServerLicenseVerification
+    include Terminalwire::Logging
 
-      def initialize(url:)
-        @url = URI(url)
-        @internet = Async::HTTP::Internet.new
-        @cache_store = Terminalwire::Cache::File::Store.new(path: "~/.terminalwire/cache/licenses/verifications")
-      end
+    def initialize(url:)
+      @url = URI(url)
+      @internet = Async::HTTP::Internet.new
+      @cache_store = Terminalwire::Cache::File::Store.new(path: Terminalwire::Client.root_path.join("cache/licenses/verifications"))
+    end
 
-      def key
-        Base64.urlsafe_encode64 @url
-      end
+    def key
+      Base64.urlsafe_encode64 @url
+    end
 
-      def cache = @cache_store.entry key
+    def cache = @cache_store.entry key
 
-      def payload
-        if cache.miss?
-          logger.debug "Stale verification. Requesting new verification."
-          request do |response|
-            # Set the expiry on the file cache for the header.
-            if max_age = response.headers["cache-control"].max_age
-              logger.debug "Caching for #{max_age}"
-              cache.expires = Time.now + max_age
-            end
+    def payload
+      if cache.miss?
+        logger.debug "Stale verification. Requesting new verification."
+        request do |response|
+          # Set the expiry on the file cache for the header.
+          if max_age = response.headers["cache-control"].max_age
+            logger.debug "Caching for #{max_age}"
+            cache.expires = Time.now + max_age
+          end
 
-            # Process based on the response code.
-            case response.status
-            in 200
-              logger.debug "License for #{@url} found."
-              data = self.class.unpack response.read
-              cache.value = data
-              return data
-            in 404
-              logger.debug "License for #{@url} not found."
-              return self.class.unpack response.read
-            end
+          # Process based on the response code.
+          case response.status
+          in 200
+            logger.debug "License for #{@url} found."
+            data = self.class.unpack response.read
+            cache.value = data
+            return data
+          in 404
+            logger.debug "License for #{@url} not found."
+            return self.class.unpack response.read
           end
-        else
-          return cache.value
         end
+      else
+        return cache.value
       end
+    end
 
-      def message
-        payload.dig(:shell, :output)
-      end
+    def message
+      payload.dig(:shell, :output)
+    end
 
-      protected
+    protected
 
-      def verification_url
-        Terminalwire.url
-          .path("/licenses/verifications", key)
-      end
+    def verification_url
+      Terminalwire.url
+        .path("/licenses/verifications", key)
+    end
 
-      def request(&)
-        logger.debug "Requesting license verification from #{verification_url}."
-        response = @internet.get verification_url, {
-          "Accept" => "application/x-msgpack",
-          "User-Agent" => "Terminalwire/#{Terminalwire::VERSION} Ruby/#{RUBY_VERSION} (#{RUBY_PLATFORM})",
-        }, &
-      end
+    def request(&)
+      logger.debug "Requesting license verification from #{verification_url}."
+      response = @internet.get verification_url, {
+        "Accept" => "application/x-msgpack",
+        "User-Agent" => "Terminalwire/#{Terminalwire::VERSION} Ruby/#{RUBY_VERSION} (#{RUBY_PLATFORM})",
+      }, &
+    end
 
-      def self.unpack(pack)
-        MessagePack.unpack(pack, symbolize_keys: true)
-      end
+    def self.unpack(pack)
+      MessagePack.unpack(pack, symbolize_keys: true)
     end
   end
 end

data/lib/terminalwire/client.rb

@@ -1,73 +1,16 @@
 require 'fileutils'
 require 'launchy'
 require 'io/console'
+require 'pathname'
 
 module Terminalwire
   module Client
-    class Handler
-      VERSION = "0.1.0".freeze
-
-      include Logging
-
-      attr_reader :adapter, :resources, :endpoint
-      attr_accessor :entitlement
-
-      def initialize(adapter, arguments: ARGV, program_name: $0, endpoint:)
-        @endpoint = endpoint
-        @adapter = adapter
-        @program_arguments = arguments
-        @program_name = program_name
-        @entitlement = Entitlement.resolve(authority: @endpoint.authority)
-
-        yield self if block_given?
-
-        @resources = Resource::Handler.new do |it|
-          it << Resource::STDOUT.new("stdout", @adapter, entitlement:)
-          it << Resource::STDIN.new("stdin", @adapter, entitlement:)
-          it << Resource::STDERR.new("stderr", @adapter, entitlement:)
-          it << Resource::Browser.new("browser", @adapter, entitlement:)
-          it << Resource::File.new("file", @adapter, entitlement:)
-          it << Resource::Directory.new("directory", @adapter, entitlement:)
-        end
-      end
-
-      def verify_license
-        # Connect to the Terminalwire license server to verify the URL endpoint
-        # and displays a message to the user, if any are present.
-        $stdout.print Terminalwire::Client::ServerLicenseVerification.new(url: @endpoint.to_url).message
-      rescue
-        $stderr.puts "Failed to verify server license."
-      end
-
-      def connect
-        verify_license
-
-        @adapter.write(
-          event: "initialization",
-          protocol: { version: VERSION },
-          entitlement: @entitlement.serialize,
-          program: {
-            name: @program_name,
-            arguments: @program_arguments
-          }
-        )
-
-        loop do
-          handle @adapter.read
-        end
-      end
-
-      def handle(message)
-        case message
-        in { event: "resource", action: "command", name:, parameters: }
-          @resources.dispatch(**message)
-        in { event: "exit", status: }
-          exit Integer(status)
-        end
-      end
-    end
+    ROOT_PATH = "~/.terminalwire".freeze
+    def self.root_path = Pathname.new(ENV.fetch("TERMINALWIRE_HOME", ROOT_PATH))
 
     def self.websocket(url:, arguments: ARGV, &configuration)
+      ENV["TERMINALWIRE_HOME"] ||= root_path.to_s
+
       url = URI(url)
 
       Async do |task|

data/lib/terminalwire/server/context.rb

@@ -1,26 +1,48 @@
 require "fileutils"
 
 module Terminalwire::Server
+  # Contains all of the resources that are accessible to the server on the client-side.
+  # It's the primary interface for the server to interact with the client and is integrated
+  # into other libraries like Thor, etc.
   class Context
     extend Forwardable
 
-    attr_reader :stdout, :stdin, :stderr, :browser, :file, :directory, :storage_path
+    attr_reader \
+      :stdout, :stdin, :stderr,
+      :browser,
+      :file, :directory,
+      :environment_variable,
+      :authority,
+      :root_path,
+      :authority_path,
+      :storage_path
 
     def_delegators :@stdout, :puts, :print
     def_delegators :@stdin, :gets, :getpass
 
     def initialize(adapter:, entitlement:)
       @adapter = adapter
-
       @entitlement = entitlement
-      @storage_path = Pathname.new(entitlement.fetch(:storage_path))
 
+      # Initialize resources
       @stdout = Resource::STDOUT.new("stdout", @adapter)
       @stdin = Resource::STDIN.new("stdin", @adapter)
       @stderr = Resource::STDERR.new("stderr", @adapter)
       @browser = Resource::Browser.new("browser", @adapter)
       @file = Resource::File.new("file", @adapter)
       @directory = Resource::Directory.new("directory", @adapter)
+      @environment_variable = Resource::EnvironmentVariable.new("environment_variable", @adapter)
+
+      # Authority is provided by the client.
+      @authority = @entitlement.fetch(:authority)
+      # The Terminalwire home path is provided by the client and set
+      # as an environment variable.
+      @root_path = Pathname.new(
+        @environment_variable.read("TERMINALWIRE_HOME")
+      )
+      # Now derive the rest of the paths from the Terminalwire home path.
+      @authority_path = @root_path.join("authorities", @authority)
+      @storage_path = @authority_path.join("storage")
 
       if block_given?
         begin

data/lib/terminalwire/server/resource.rb

@@ -1,4 +1,6 @@
 module Terminalwire::Server
+  # Representation of the resources avilable to the server on the client-side. These
+  # classes encapsulate the API alls to the client and provide a more Ruby-like interface.
   module Resource
     class Base < Terminalwire::Resource::Base
       private
@@ -22,6 +24,17 @@ module Terminalwire::Server
       end
     end
 
+    class EnvironmentVariable < Base
+      # Accepts a list of environment variables to permit.
+      def read(name)
+        command("read", name:)
+      end
+
+      # def write(name:, value:)
+      #   command("write", name:, value:)
+      # end
+    end
+
     class STDOUT < Base
       def puts(data)
         command("print_line", data: data)

data/lib/terminalwire/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Terminalwire
-  VERSION = "0.1.17"
+  VERSION = "0.2.2"
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: terminalwire
 version: !ruby/object:Gem::Version
-  version: 0.1.17
+  version: 0.2.2
 platform: ruby
 authors:
 - Brad Gessler
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2024-11-04 00:00:00.000000000 Z
+date: 2024-11-07 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: async-websocket
@@ -178,7 +178,12 @@ files:
 - lib/terminalwire/cache.rb
 - lib/terminalwire/client.rb
 - lib/terminalwire/client/entitlement.rb
+- lib/terminalwire/client/entitlement/environment_variables.rb
+- lib/terminalwire/client/entitlement/paths.rb
+- lib/terminalwire/client/entitlement/policy.rb
+- lib/terminalwire/client/entitlement/schemes.rb
 - lib/terminalwire/client/exec.rb
+- lib/terminalwire/client/handler.rb
 - lib/terminalwire/client/resource.rb
 - lib/terminalwire/client/server_license_verification.rb
 - lib/terminalwire/logging.rb
@@ -213,7 +218,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.5.3
+rubygems_version: 3.5.16
 signing_key:
 specification_version: 4
 summary: Ship a CLI for your web app. No API required.