groove-dev 0.27.42 → 0.27.45

package/packages/gui/src/views/network.jsx

@@ -0,0 +1,227 @@
+// FSL-1.1-Apache-2.0 — see LICENSE
+import { useEffect, useState } from 'react';
+import { useGrooveStore } from '../stores/groove';
+import { ScrollArea } from '../components/ui/scroll-area';
+import { StatusDot } from '../components/ui/status-dot';
+import { Badge } from '../components/ui/badge';
+import { Button } from '../components/ui/button';
+import { Dialog, DialogContent, DialogTrigger } from '../components/ui/dialog';
+import { NodeToggle } from '../components/network/node-toggle';
+import { NodeDetails } from '../components/network/node-details';
+import { NetworkStatus } from '../components/network/network-status';
+import { Globe, Download, Check, AlertCircle, Loader2, Trash2 } from 'lucide-react';
+
+const REQUIREMENTS = [
+  'Python 3.10 or higher',
+  '~2 GB disk space for model shards',
+  '8 GB+ RAM recommended',
+];
+
+function InstallProgress({ progress }) {
+  const percent = Math.max(0, Math.min(100, Number.isFinite(progress.percent) ? progress.percent : 0));
+  return (
+    <div className="w-full flex flex-col gap-3">
+      <div className="h-2 w-full rounded-full bg-surface-3 overflow-hidden">
+        <div
+          className="h-full rounded-full bg-accent transition-all duration-500 ease-out"
+          style={{ width: `${percent}%` }}
+        />
+      </div>
+      <div className="flex items-center justify-between text-2xs font-mono text-text-3 tabular-nums">
+        <div className="flex items-center gap-2 text-text-2 font-sans">
+          <Loader2 size={12} className="animate-spin text-accent" />
+          <span className="truncate">{progress.message || 'Installing…'}</span>
+        </div>
+        <span>{percent}%</span>
+      </div>
+    </div>
+  );
+}
+
+function InstallError({ message, onRetry }) {
+  return (
+    <div className="w-full flex flex-col gap-3">
+      <div className="rounded-md border border-danger/40 bg-danger/10 px-4 py-3 flex items-start gap-2.5 text-left">
+        <AlertCircle size={14} className="text-danger flex-shrink-0 mt-0.5" />
+        <div className="flex-1 min-w-0">
+          <div className="text-xs font-semibold text-danger font-sans mb-0.5">Install failed</div>
+          <div className="text-xs text-text-1 font-sans break-words">{message}</div>
+        </div>
+      </div>
+      <Button variant="primary" size="lg" onClick={onRetry} className="w-full">
+        <Download size={14} />
+        Retry Install
+      </Button>
+    </div>
+  );
+}
+
+function InstallGate() {
+  const installNetworkPackage = useGrooveStore((s) => s.installNetworkPackage);
+  const progress = useGrooveStore((s) => s.networkInstallProgress);
+  const { installing, error } = progress;
+
+  return (
+    <div className="flex flex-col items-center justify-center min-h-full px-6 py-12">
+      <div className="w-full max-w-md flex flex-col items-center text-center">
+        <div className="mb-5 rounded-full bg-surface-2 border border-border-subtle p-5">
+          <Globe size={48} className="text-text-3" strokeWidth={1.25} />
+        </div>
+        <h3 className="text-base font-semibold text-text-0 font-sans mb-2">
+          Install Groove Network
+        </h3>
+        <p className="text-sm text-text-2 font-sans leading-relaxed mb-6">
+          The network package enables decentralized LLM inference. Contribute your compute power or run models across the Groove network.
+        </p>
+
+        <div className="w-full rounded-md border border-border-subtle bg-surface-1 px-4 py-3 mb-6">
+          <div className="text-2xs font-semibold text-text-3 font-sans uppercase tracking-wider mb-2 text-left">
+            Requirements
+          </div>
+          <ul className="flex flex-col gap-1.5">
+            {REQUIREMENTS.map((req) => (
+              <li key={req} className="flex items-center gap-2 text-xs font-sans text-text-1 text-left">
+                <Check size={12} className="text-accent flex-shrink-0" />
+                <span>{req}</span>
+              </li>
+            ))}
+          </ul>
+        </div>
+
+        {installing ? (
+          <InstallProgress progress={progress} />
+        ) : error ? (
+          <InstallError message={error} onRetry={() => installNetworkPackage()} />
+        ) : (
+          <>
+            <Button
+              variant="primary"
+              size="lg"
+              onClick={() => installNetworkPackage()}
+              className="w-full"
+            >
+              <Download size={14} />
+              Install Network Package
+            </Button>
+            <p className="text-2xs font-sans text-text-3 mt-3">
+              This will download and set up the Groove Network runtime (~500 MB)
+            </p>
+          </>
+        )}
+      </div>
+    </div>
+  );
+}
+
+function UninstallButton() {
+  const [open, setOpen] = useState(false);
+  const uninstallNetworkPackage = useGrooveStore((s) => s.uninstallNetworkPackage);
+  const [busy, setBusy] = useState(false);
+
+  const confirm = async () => {
+    setBusy(true);
+    try {
+      await uninstallNetworkPackage();
+      setOpen(false);
+    } catch { /* toast already shown */ }
+    finally { setBusy(false); }
+  };
+
+  return (
+    <Dialog open={open} onOpenChange={setOpen}>
+      <DialogTrigger asChild>
+        <button
+          type="button"
+          className="inline-flex items-center gap-1.5 text-2xs font-sans text-text-3 hover:text-danger transition-colors"
+        >
+          <Trash2 size={11} />
+          Uninstall Network Package
+        </button>
+      </DialogTrigger>
+      <DialogContent title="Uninstall Network Package" description="Confirm uninstall">
+        <div className="px-5 py-4 flex flex-col gap-3">
+          <p className="text-sm text-text-1 font-sans leading-relaxed">
+            This will stop your node and remove the network package from <span className="font-mono text-text-2">~/.groove/network</span>.
+          </p>
+          <p className="text-xs text-text-3 font-sans leading-relaxed">
+            Your identity (<span className="font-mono">~/.groove/node_key.json</span>) will be preserved — you can reinstall later without losing your wallet.
+          </p>
+        </div>
+        <div className="flex items-center justify-end gap-2 px-5 py-3 border-t border-border-subtle bg-surface-0">
+          <Button variant="ghost" size="sm" onClick={() => setOpen(false)} disabled={busy}>Cancel</Button>
+          <Button variant="danger" size="sm" onClick={confirm} disabled={busy}>
+            {busy ? <Loader2 size={12} className="animate-spin" /> : <Trash2 size={12} />}
+            Uninstall
+          </Button>
+        </div>
+      </DialogContent>
+    </Dialog>
+  );
+}
+
+export default function NetworkView() {
+  const fetchNetworkNodeStatus = useGrooveStore((s) => s.fetchNetworkNodeStatus);
+  const fetchNetworkStatus = useGrooveStore((s) => s.fetchNetworkStatus);
+  const node = useGrooveStore((s) => s.networkNode);
+  const installed = useGrooveStore((s) => s.networkInstalled);
+
+  useEffect(() => {
+    fetchNetworkNodeStatus();
+    if (installed) {
+      fetchNetworkStatus();
+      const interval = setInterval(() => { fetchNetworkStatus(); }, 10000);
+      return () => clearInterval(interval);
+    }
+  }, [fetchNetworkNodeStatus, fetchNetworkStatus, installed]);
+
+  return (
+    <div className="flex flex-col h-full">
+      {/* Header */}
+      <div className="flex items-center gap-3 px-4 py-2.5 bg-surface-1 border-b border-border flex-shrink-0">
+        <Globe size={14} className="text-accent" />
+        <h2 className="text-sm font-semibold text-text-0 font-sans">Groove Network</h2>
+        <Badge variant="purple">Early Access</Badge>
+        <div className="flex-1" />
+        {installed && (
+          <>
+            <UninstallButton />
+            <div className="flex items-center gap-1.5 text-2xs font-sans text-text-3">
+              <StatusDot status={node.active ? 'running' : 'crashed'} size="sm" />
+              {node.active ? 'Contributing' : 'Idle'}
+            </div>
+          </>
+        )}
+      </div>
+
+      {/* Body */}
+      <ScrollArea className="flex-1">
+        {!installed ? (
+          <InstallGate />
+        ) : (
+          <div className="p-4 grid grid-cols-1 xl:grid-cols-2 gap-4">
+            {/* Left column — node operator */}
+            <div className="flex flex-col gap-3 min-w-0">
+              <div>
+                <div className="flex items-center gap-2 mb-2 px-0.5">
+                  <span className="text-2xs font-semibold text-text-3 font-sans uppercase tracking-wider">Node Operator</span>
+                  <div className="flex-1 h-px bg-border-subtle" />
+                </div>
+                <NodeToggle />
+              </div>
+              <NodeDetails />
+            </div>
+
+            {/* Right column — network status */}
+            <div className="flex flex-col gap-3 min-w-0">
+              <div className="flex items-center gap-2 px-0.5">
+                <span className="text-2xs font-semibold text-text-3 font-sans uppercase tracking-wider">Network Status</span>
+                <div className="flex-1 h-px bg-border-subtle" />
+              </div>
+              <NetworkStatus />
+            </div>
+          </div>
+        )}
+      </ScrollArea>
+    </div>
+  );
+}

package/packages/gui/src/views/settings.jsx

@@ -15,7 +15,7 @@ import { fmtUptime } from '../lib/format';
 import {
   Key, Eye, EyeOff, Check, Cpu,
   FolderOpen, FolderSearch, Users, Gauge,
-  ShieldCheck, Settings,
+  ShieldCheck, Settings, Lock,
   Newspaper, Radio, Send, MessageSquare, MessageCircle,
   Plus, Trash2, Plug, PlugZap, TestTube, X, HelpCircle, ExternalLink,
 } from 'lucide-react';
@@ -940,6 +940,91 @@ function AddGatewayCard({ existingTypes, onAdd }) {
   );
 }
 
+/* ── Early Access Section ─────────────────────────────────── */
+
+function EarlyAccessSection() {
+  const networkUnlocked = useGrooveStore((s) => s.networkUnlocked);
+  const activateBeta = useGrooveStore((s) => s.activateBeta);
+  const deactivateBeta = useGrooveStore((s) => s.deactivateBeta);
+  const [code, setCode] = useState('');
+  const [submitting, setSubmitting] = useState(false);
+  const [error, setError] = useState('');
+
+  useEffect(() => {
+    if (!error) return;
+    const t = setTimeout(() => setError(''), 3000);
+    return () => clearTimeout(t);
+  }, [error]);
+
+  async function handleSubmit() {
+    const trimmed = code.trim();
+    if (!trimmed || submitting) return;
+    setSubmitting(true);
+    setError('');
+    try {
+      await activateBeta(trimmed);
+      setCode('');
+    } catch (err) {
+      setError(err.message || 'Invalid code');
+    } finally {
+      setSubmitting(false);
+    }
+  }
+
+  async function handleDeactivate() {
+    try { await deactivateBeta(); } catch { /* toast handled in store */ }
+  }
+
+  return (
+    <div>
+      <div className="flex items-center gap-2 mb-2.5 px-0.5">
+        <span className="text-2xs font-semibold text-text-3 font-sans uppercase tracking-wider">Early Access</span>
+        <div className="flex-1 h-px bg-border-subtle" />
+      </div>
+      <div className="rounded-lg border border-border-subtle bg-surface-1 px-4 py-3.5 max-w-md">
+        {networkUnlocked ? (
+          <div className="flex items-center gap-2.5">
+            <div className="w-6 h-6 rounded-full bg-success/10 flex items-center justify-center flex-shrink-0">
+              <Check size={12} className="text-success" />
+            </div>
+            <div className="flex-1 text-xs font-sans text-text-1">Early access enabled</div>
+            <button
+              onClick={handleDeactivate}
+              className="text-2xs text-text-4 hover:text-danger cursor-pointer font-sans"
+            >
+              Deactivate
+            </button>
+          </div>
+        ) : (
+          <div className="flex items-center gap-2">
+            <Lock size={12} className="text-text-4 flex-shrink-0" />
+            <input
+              value={code}
+              onChange={(e) => setCode(e.target.value)}
+              onKeyDown={(e) => e.key === 'Enter' && handleSubmit()}
+              type="text"
+              placeholder="Enter invite code"
+              className="flex-1 h-8 px-2.5 text-xs bg-surface-0 border border-border rounded-md text-text-0 font-mono placeholder:text-text-4 focus:outline-none focus:ring-1 focus:ring-accent"
+            />
+            <Button
+              variant="primary"
+              size="sm"
+              onClick={handleSubmit}
+              disabled={!code.trim() || submitting}
+              className="h-8 text-xs px-3"
+            >
+              {submitting ? '...' : 'Submit'}
+            </Button>
+          </div>
+        )}
+        {error && !networkUnlocked && (
+          <div className="mt-2 text-2xs text-danger font-sans">{error}</div>
+        )}
+      </div>
+    </div>
+  );
+}
+
 /* ── Main Settings View ────────────────────────────────────── */
 
 export default function SettingsView() {
@@ -1200,6 +1285,8 @@ export default function SettingsView() {
             </div>
           )}
 
+          {/* ═══════ EARLY ACCESS ═══════ */}
+          <EarlyAccessSection />
 
         </div>
       </ScrollArea>

package/analyist/groove-security-audit.md

@@ -1,323 +0,0 @@
-GROOVE SECURITY AUDIT & ANALYSIS
-=================================
-
-Date:     April 17, 2026
-Auditor:  GROOVE Security Agent (internal, automated)
-Version:  v0.27.41
-Scope:    Full daemon, GUI, CLI, and provider architecture review
-
-
-EXECUTIVE SUMMARY
------------------
-
-Groove is a localhost-only process manager for AI coding agents. Its security model is
-fundamentally different from tools that bind to open ports or proxy credentials through
-a server. The daemon hard-blocks network exposure, encrypts stored credentials with
-machine-bound keys, validates all inputs against strict schemas, and isolates agents
-through scope-based file locks enforced at runtime.
-
-This report covers 12 security areas across the full codebase.
-
-
-================================================================================
-1. NETWORK BINDING -- LOCALHOST ONLY (ENFORCED)
-================================================================================
-
-The daemon binds to 127.0.0.1:31415. This is not just a default -- it is a hard
-security policy. If anyone attempts to bind to 0.0.0.0 or ::, the daemon prints an
-error and exits immediately. The process refuses to start.
-
-Remote access is only available through two channels, both encrypted and authenticated:
-
-  - SSH tunnel (groove connect)
-  - Tailscale private mesh network (--host tailscale)
-
-There is no configuration path that exposes Groove to the open internet.
-
-Result: PASS
-
-
-================================================================================
-2. CORS -- RESTRICTIVE ORIGIN VALIDATION
-================================================================================
-
-Every HTTP request is checked against a strict origin whitelist. Only requests from
-localhost, 127.0.0.1, or the explicitly bound Tailscale interface are allowed. Any
-other origin is silently rejected -- the browser never receives a permissive CORS
-header, so cross-origin requests from external websites are blocked automatically.
-
-Result: PASS
-
-
-================================================================================
-3. WEBSOCKET SECURITY -- ORIGIN VERIFICATION + FEDERATION SIGNING
-================================================================================
-
-WebSocket upgrade requests go through the same origin check as HTTP. Non-whitelisted
-origins have their sockets destroyed immediately -- the connection is terminated before
-any data is exchanged.
-
-Federation connections (daemon-to-daemon) require signed headers with a daemon ID and
-cryptographic signature. Missing or invalid headers result in immediate socket
-destruction.
-
-Result: PASS
-
-
-================================================================================
-4. INPUT VALIDATION -- STRICT SCHEMA ENFORCEMENT
-================================================================================
-
-All API inputs are validated against strict patterns and size limits before processing:
-
-  Role:            Alphanumeric plus dash/underscore, max 50 characters
-  Name:            Alphanumeric plus dash/underscore, max 64 characters
-  Scope patterns:  Max 20 patterns, each max 200 characters
-  Scope paths:     No ".." (path traversal), no "/" prefix (absolute paths), no null bytes
-  Prompt:          Max 50,000 characters
-  Permission:      Must be "auto" or "full" (whitelist)
-  Unknown fields:  Silently stripped -- only safe fields are accepted
-
-Path traversal, absolute path injection, and null byte injection are all explicitly
-rejected at the validation layer.
-
-Result: PASS
-
-
-================================================================================
-5. CREDENTIAL ENCRYPTION -- AES-256-GCM WITH MACHINE-BOUND KEYS
-================================================================================
-
-Stored API keys are encrypted using AES-256-GCM, which is authenticated encryption --
-it provides both confidentiality (nobody can read the key) and integrity (nobody can
-tamper with the ciphertext without detection).
-
-The encryption key is derived via scrypt from a machine-specific seed that incorporates
-the machine's hostname, home directory path, and a 256-bit random seed. Each encryption
-operation uses a fresh random 128-bit initialization vector.
-
-Key properties:
-
-  - Credentials copied to another machine are unrecoverable
-  - The GCM authentication tag detects any tampering
-  - All credential files are set to owner-only read/write permissions (0o600)
-  - The random seed file itself is also owner-only (0o600)
-
-Result: PASS
-
-
-================================================================================
-6. PROCESS SPAWNING -- NO SHELL INJECTION
-================================================================================
-
-Agent processes are spawned using Node.js spawn() with an arguments array, never
-through a shell. This is a critical distinction -- arguments are passed as discrete
-values, not concatenated into a string that gets interpreted by bash or zsh.
-
-User-controlled values like model names, prompts, and agent roles are passed as literal
-arguments. The "shell: true" option is never set anywhere in the codebase. No string
-interpolation occurs in command construction.
-
-Result: PASS
-
-
-================================================================================
-7. SCOPE-BASED AGENT ISOLATION (KNOCK PROTOCOL)
-================================================================================
-
-Groove implements a scope-based file isolation system that operates at two stages:
-
-Spawn-Time Collision Check:
-  When an agent is spawned, its declared file scope patterns are checked against all
-  running agents. If two agents' scopes overlap, the second spawn fails. Two agents
-  cannot be assigned to the same files simultaneously.
-
-Runtime Knock Protocol:
-  Every file operation an agent attempts triggers a validation check before it executes.
-  The lock manager verifies the target file path against the agent's registered scope
-  patterns. If an agent tries to write outside its scope, the operation is denied and
-  the attempt is logged to the audit trail.
-
-Working Directory Containment:
-  Agent working directories must reside within the project directory. Paths outside the
-  project boundary are rejected at spawn time.
-
-Important caveat: This is orchestration-level isolation, not OS-level sandboxing. Agents
-run as the same Unix user as the daemon. The knock protocol prevents agents from
-conflicting with each other through the tool layer, but does not provide kernel-level
-containment like containers or seccomp. The isolation is enforced at the coordination
-layer, which is effective for its purpose but distinct from a full sandbox.
-
-Result: PASS
-
-
-================================================================================
-8. PROTOTYPE POLLUTION PROTECTION
-================================================================================
-
-The agent registry only accepts updates to a defined whitelist of safe fields. Any
-attempt to set unknown fields -- including __proto__ or constructor -- is silently
-dropped.
-
-WebSocket message parsing explicitly checks for and rejects messages containing
-__proto__ or constructor keys. This prevents attackers from manipulating the JavaScript
-prototype chain through crafted payloads.
-
-Result: PASS
-
-
-================================================================================
-9. FILE PERMISSIONS -- OWNER-ONLY ACROSS ALL SENSITIVE FILES
-================================================================================
-
-All sensitive files are created with 0o600 permissions (owner read/write only, no
-group or world access):
-
-  Agent logs
-  Credential seed file
-  Credential store
-  Audit log
-  Federation private keys
-  Integration credential files
-
-The only exception is the federation public key, which is intentionally set to 0o644
-(world-readable) since it is designed to be shared.
-
-Result: PASS
-
-
-================================================================================
-10. WHAT GROOVE DOES NOT DO
-================================================================================
-
-This is architecturally significant and differentiates Groove from tools that proxy
-credentials:
-
-  Proxy API calls to Claude/OpenAI/Gemini?       No.
-  Touch OAuth tokens?                             No.
-  Impersonate AI providers?                       No.
-  Store user subscription credentials?            No.
-  Forward agent credentials through the daemon?   No.
-
-Each agent process (Claude Code, Codex, Gemini CLI) runs as a standalone executable
-with its own authentication. The daemon never relays API calls or handles provider
-credentials on behalf of agents.
-
-The one exception: Groove's journalist feature makes direct Anthropic API calls using
-a locally-stored API key for internal project synthesis. This is the daemon's own
-feature -- it does not proxy on behalf of any agent.
-
-Result: PASS
-
-
-================================================================================
-11. AUDIT TRAIL
-================================================================================
-
-All state-changing operations are logged to an append-only audit file:
-
-  Knock protocol decisions (allowed and denied) with agent ID, tool, and targets
-  Agent lifecycle events (spawn, kill, rotate)
-  Configuration changes
-  Credential operations
-
-Audit logs use owner-only permissions and are append-only -- no API endpoint can
-truncate or delete the log.
-
-Result: PASS
-
-
-================================================================================
-12. PORT EXPOSURE
-================================================================================
-
-  Port 31415:       Bound to 127.0.0.1. Not network-accessible.
-  Ports 31416-25:   Fallback range if 31415 is in use. Also bound to 127.0.0.1.
-
-No other ports are opened by the daemon. Remote access requires explicit SSH tunnel
-or Tailscale configuration, both of which are encrypted and authenticated.
-
-Result: PASS
-
-
-================================================================================
-GROOVE vs. TOOLS THAT LEAVE PORTS OPEN
-================================================================================
-
-  Network binding:
-    Groove binds to 127.0.0.1 and enforces it -- you cannot override to 0.0.0.0.
-    Many open-source agent tools default to 0.0.0.0, making them accessible to any
-    device on the network.
-
-  Credential handling:
-    Groove uses machine-bound AES-256-GCM encryption and never proxies credentials.
-    Tools with open ports may proxy API keys through the server, exposing them to
-    network-level interception.
-
-  Agent isolation:
-    Groove enforces scope locks and a knock protocol on every file operation.
-    Most comparable tools have no agent-to-agent isolation at all.
-
-  Input validation:
-    Groove validates all inputs against strict schemas and blocks path traversal.
-    Input validation quality varies widely across open-source agent tools.
-
-  Remote access:
-    Groove requires SSH tunnel or Tailscale -- both encrypted and authenticated.
-    Tools with open ports allow direct, often unauthenticated network access.
-
-  CORS policy:
-    Groove validates origins and only allows localhost.
-    Many tools use permissive CORS (wildcard *) or skip CORS entirely.
-
-  Process spawning:
-    Groove uses argument arrays, never shell interpolation.
-    Some tools concatenate user input into shell commands.
-
-  Prototype pollution:
-    Groove explicitly whitelists fields and blocks __proto__/constructor.
-    This is rarely addressed in comparable tools.
-
-
-================================================================================
-SHOULD GROOVE BE INSTALLED ON A SEPARATE MACHINE?
-================================================================================
-
-For standard development use: No. A separate machine is not required.
-
-The daemon is not network-accessible. No provider credentials are proxied or exposed.
-Stored keys are encrypted and machine-bound. All sensitive files have restrictive
-permissions. The architecture is designed for safe use on a daily development machine.
-
-The residual risk is the AI agents themselves, not Groove's architecture. Claude Code,
-Codex, and Gemini CLI run with your filesystem permissions. If an agent were to execute
-a destructive command, that would be the agent's behavior within its own permission
-model -- not a Groove vulnerability. Groove mitigates this through scope locks and the
-knock protocol, but does not provide kernel-level containment.
-
-For high-security environments where production credentials, banking sessions, or
-sensitive SSH keys are present on the same machine, using a dedicated development
-machine or VM is a reasonable precaution. However, this applies to any tool that gives
-AI agents shell access, not to Groove specifically.
-
-
-================================================================================
-CONCLUSION
-================================================================================
-
-Groove's security architecture is defense-in-depth at the orchestration layer:
-localhost binding (enforced, not just default), no credential proxying, authenticated
-encryption, scope-based agent isolation, strict input validation, prototype pollution
-protection, and a full audit trail.
-
-It significantly reduces the attack surface compared to tools that bind to open ports
-or tunnel credentials through a server. The architecture makes network exposure,
-credential theft, command injection, and prototype pollution structurally impossible
-through the daemon's interfaces.
-
-The remaining attack surface -- AI agents acting within their own process permissions --
-is an industry-wide challenge that no orchestration tool fully solves today. Groove
-addresses it better than most through scope locks and the knock protocol, while being
-transparent about the boundary of its guarantees.
-
-All 12 areas audited: PASS.