cookiesync-cli 0.1.4__tar.gz → 0.1.5__tar.gz

{cookiesync_cli-0.1.4 → cookiesync_cli-0.1.5}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: cookiesync-cli
-Version: 0.1.4
+Version: 0.1.5
 Summary: Sync your browser cookies across machines.
 Keywords: 
 Author: Yasyf Mohamedali

{cookiesync_cli-0.1.4 → cookiesync_cli-0.1.5}/cookiesync/cli.py

@@ -206,14 +206,13 @@ async def run_reconcile() -> None:
 
 
 @main.command("sync")
-@click.option("--browser", "browser_name", required=True, help="The browser group to converge.")
-def sync_cmd(browser_name: str) -> None:
-    """Ask the daemon to converge one browser group across this host and its peers."""
-    anyio.run(run_sync, browser_name)
+def sync_cmd() -> None:
+    """Ask the daemon to converge the union of every tracked endpoint across this host and its peers."""
+    anyio.run(run_sync)
 
 
-async def run_sync(browser_name: str) -> None:
-    result = await daemon_call("sync", {"browser": browser_name})
+async def run_sync() -> None:
+    result = await daemon_call("sync", {})
     click.echo(json.dumps(result, indent=2))
 
 
@@ -293,11 +292,10 @@ def rpc_apply(browser_name: str, profile: str, origin: str | None) -> None:
 
 
 @rpc_group.command("sync")
-@click.option("--browser", "browser_name", required=True)
 @click.option("--origin", default=None)
-def rpc_sync(browser_name: str, origin: str | None) -> None:
-    """Ask the daemon to converge one browser group, tagged with the notifying peer's origin."""
-    anyio.run(run_rpc_passthrough, "sync", {"browser": browser_name, "origin": origin})
+def rpc_sync(origin: str | None) -> None:
+    """Ask the daemon to converge the union of every tracked endpoint, tagged with the notifying peer's origin."""
+    anyio.run(run_rpc_passthrough, "sync", {"origin": origin})
 
 
 @rpc_group.command("reconcile")
@@ -330,6 +328,18 @@ async def run_rpc_passthrough(method: str, params: dict) -> None:
     click.echo(json.dumps(await daemon_call(method, params)))
 
 
+@main.command("route-consent")
+@click.argument("target")
+def route_consent(target: str) -> None:
+    """Route the consent gate to TARGET first when it has a live, unlocked session."""
+    anyio.run(run_route_consent, SshTarget(target))
+
+
+async def run_route_consent(target: SshTarget) -> None:
+    await state.update(lambda s: replace(s, consent_route_to=target))
+    click.echo(f"Routing consent to {target}.")
+
+
 @main.command(name="self")
 def self_cmd() -> None:
     """Print this host's own SSH target, as reposync reports it."""

{cookiesync_cli-0.1.4 → cookiesync_cli-0.1.5}/cookiesync/daemon/server.py

@@ -46,7 +46,7 @@ from cookiesync.daemon.backend_ssh import SshBackend
 from cookiesync.daemon.engine import Engine, logical_digest
 from cookiesync.daemon.rpc import Dispatcher
 from cookiesync.daemon.session import has_active_session, probe_session, session_summary
-from cookiesync.daemon.sync import Extracted, NeedsAuth, converge, reconcile
+from cookiesync.daemon.sync import Extracted, NeedsAuth, converge, reconcile, warm_anchor
 from cookiesync.daemon.wire import cookie_from_wire, cookie_to_wire
 from cookiesync.state import BrowserId, SshTarget
 from cookiesync.transport import shell_quote, ssh
@@ -189,18 +189,16 @@ class Daemon:
             tg.start_soon(self.engine.run, local_endpoints)
 
     async def notify_peers(self, endpoint: BrowserEndpoint) -> None:
-        """A local endpoint settled: ssh every peer to converge that browser, tagged with our origin."""
+        """A local endpoint settled: converge the local union here, then ssh every other host to converge."""
+        await self.handle_sync({"origin": None})
         state = await self.load_state()
-        peers = {e.host for e in state.browsers if e.browser == endpoint.browser and e.host != state.self_target}
+        peers = {e.host for e in state.browsers if e.host != state.self_target}
         async with anyio.create_task_group() as tg:
             for peer in peers:
-                tg.start_soon(self.notify_peer, peer, endpoint.browser, state.self_target)
+                tg.start_soon(self.notify_peer, peer, state.self_target)
 
-    async def notify_peer(self, peer: SshTarget, browser: BrowserId, self_target: SshTarget) -> None:
-        await self.run_ssh(
-            peer,
-            f"cookiesync rpc sync --browser {shell_quote(browser)} --origin {shell_quote(self_target)}",
-        )
+    async def notify_peer(self, peer: SshTarget, self_target: SshTarget) -> None:
+        await self.run_ssh(peer, f"cookiesync rpc sync --origin {shell_quote(self_target)}")
 
     def dispatcher(self) -> Dispatcher:
         """Build the :class:`~cookiesync.daemon.rpc.Dispatcher` with every peer and local method bound."""
@@ -218,12 +216,11 @@ class Daemon:
 
     async def handle_sync(self, params: dict) -> dict:
         state = await self.load_state()
-        browser = BrowserId(params["browser"])
         origin = SshTarget(params["origin"]) if params.get("origin") else None
-        group = [e for e in state.browsers if e.browser == browser]
-        anchor = next((e for e in group if e.host == state.self_target), None)
+        group = [e for e in state.browsers if BrowserName(e.browser) in REGISTRY]
+        anchor = await warm_anchor(group, self_target=state.self_target, cache=self.cache)
         if anchor is None:
-            return {"converged": False, "reason": "no local endpoint for this browser"}
+            return {"converged": False, "reason": "no warm local endpoint to anchor the union"}
         merged = await converge(
             anchor,
             [e for e in group if e is not anchor],
@@ -322,12 +319,17 @@ class Daemon:
         return await self.consent.obtain_key_unprompted(browser_for(browser))
 
     async def active_peer(self, state: State) -> SshTarget:
+        if (routed := state.consent_route_to) is not None and await self.peer_is_live(routed):
+            return routed
         for peer in {e.host for e in state.browsers if e.host != state.self_target}:
-            summary = json.loads(await self.run_ssh(peer, "cookiesync rpc whoami"))
-            if summary.get("on_console") and not summary.get("locked"):
+            if await self.peer_is_live(peer):
                 return peer
         raise AuthRequired("no peer has a live session to approve consent")
 
+    async def peer_is_live(self, peer: SshTarget) -> bool:
+        summary = json.loads(await self.run_ssh(peer, "cookiesync rpc whoami"))
+        return bool(summary.get("on_console") and not summary.get("locked"))
+
     async def handle_get_cookies(self, params: dict) -> dict:
         state = await self.load_state()
         browser = BrowserId(params["browser"])

{cookiesync_cli-0.1.4 → cookiesync_cli-0.1.5}/cookiesync/daemon/sync.py

@@ -1,6 +1,6 @@
 """The sync merge pass: gather every endpoint's cookies, union newest-wins, idempotently apply.
 
-``converge`` runs one merge pass for a single tracked browser group. It decrypts this
+``converge`` runs one merge pass over the union of every tracked endpoint. It decrypts this
 host's cookies (via the cached Safe Storage key — never prompting here), pulls each peer's
 decrypted cookies over ssh, merges with the pure union newest-wins rule, then writes the
 merged set back to any endpoint whose rows differ — preserving the winning
@@ -13,7 +13,7 @@ machines without any clock-skew correction. The merge preserves each winner's or
 ``last_update_utc`` on every host, so the anti-echo digest the watch engine records matches
 the store's fingerprint after the write.
 
-``reconcile`` is the time-based backup: ``converge`` over every tracked browser group.
+``reconcile`` is the time-based backup: one ``converge`` over the union of every tracked endpoint.
 
 This host and every peer are reached through the one uniform :class:`Source` seam
 (``extract``/``apply``), so the merge logic runs in unit tests against fakes — with the
@@ -22,10 +22,11 @@ sources injected — without ssh or a real cookie store.
 
 from __future__ import annotations
 
-from collections import defaultdict
 from dataclasses import dataclass
 from typing import TYPE_CHECKING, Protocol
 
+from loguru import logger
+
 from cookiesync.cookie import merge
 from cookiesync.daemon.engine import logical_digest
 
@@ -112,6 +113,16 @@ def row_set(cookies: Iterable[Cookie]) -> frozenset[tuple]:
     return frozenset(target_row(c) for c in cookies)
 
 
+async def warm_anchor(
+    endpoints: Sequence[BrowserEndpoint], *, self_target: SshTarget, cache: KeyCache
+) -> BrowserEndpoint | None:
+    """The first local endpoint with a warm key — the anchor a union converge merges onto."""
+    for endpoint in endpoints:
+        if endpoint.host == self_target and await cache.get(endpoint.id) is not None:
+            return endpoint
+    return None
+
+
 async def gather(endpoint: BrowserEndpoint, source: Source) -> Gathered:
     extracted = await source.extract(endpoint.browser, endpoint.profile)
     return Gathered(endpoint, source, extracted.cookies)
@@ -136,22 +147,24 @@ async def converge(
     local_source: Source,
     source_for: Callable[[SshTarget], Source],
 ) -> tuple[Cookie, ...]:
-    """Merge one browser group across this host and its peers, then idempotently apply.
+    """Merge the union of every endpoint across this host and its peers, then idempotently apply.
 
     Gathers ``endpoint``'s decrypted cookies through ``local_source`` (the consent gate is
     the caller's; a cold key cache raises :class:`NeedsAuth` rather than prompting) and each
     peer's cookies through ``source_for(peer.host)``, skipping ``origin`` so a sync is never
-    echoed straight back to the host that triggered it. The union newest-wins
-    :func:`~cookiesync.cookie.merge` selects per cookie by raw ``last_update_utc`` — absolute
-    Chrome time, host-independent and convergent on NTP-synced machines — and the result is
-    written to any endpoint whose stored rows differ, preserving the winning
-    ``last_update_utc`` and recording the applied digest with ``engine`` *before* the write,
-    so the induced filesystem event is suppressed. Same-machine endpoints converge through
-    ``local_source`` in-process, with no ssh.
+    echoed straight back to the host that triggered it, and skipping a same-host peer whose
+    key is cold (logged, not silent — its consent never ran). Remote peers are always
+    included; their warmth is resolved remotely by the peer's own prime-on-cold extract. The
+    union newest-wins :func:`~cookiesync.cookie.merge` selects per cookie by raw
+    ``last_update_utc`` — absolute Chrome time, host-independent and convergent on NTP-synced
+    machines — and the result is written to any endpoint whose stored rows differ, preserving
+    the winning ``last_update_utc`` and recording the applied digest with ``engine`` *before*
+    the write, so the induced filesystem event is suppressed. Same-machine endpoints converge
+    through ``local_source`` in-process, with no ssh.
 
     Args:
-        endpoint: This host's local endpoint for the browser group.
-        peers: The other tracked endpoints for the same browser, local or remote.
+        endpoint: This host's warm-keyed local anchor endpoint.
+        peers: The other tracked endpoints across every browser and host, local or remote.
         origin: The host that triggered this sync, skipped to avoid an echo; ``None`` for a
             time-based reconcile that touches every endpoint.
         self_target: This host's own ssh target; endpoints on it converge in-process.
@@ -173,14 +186,15 @@ async def converge(
     """
     if await cache.get(endpoint.id) is None:
         raise NeedsAuth(f"no cached key for {endpoint.id}; obtain consent before converging")
-    sources = [
-        (endpoint, local_source),
-        *(
-            (peer, local_source if peer.host == self_target else source_for(peer.host))
-            for peer in peers
-            if peer.host != origin
-        ),
-    ]
+    sources: list[tuple[BrowserEndpoint, Source]] = [(endpoint, local_source)]
+    for peer in (p for p in peers if p.host != origin):
+        match peer.host == self_target:
+            case True if await cache.get(peer.id) is None:
+                logger.warning("skipping cold same-host endpoint {} from union converge", peer.id)
+            case True:
+                sources.append((peer, local_source))
+            case False:
+                sources.append((peer, source_for(peer.host)))
     gathered = [await gather(ep, src) for ep, src in sources]
     merged = merge(*(g.cookies for g in gathered))
     for g in gathered:
@@ -198,38 +212,37 @@ async def reconcile(
     local_source: Source,
     source_for: Callable[[SshTarget], Source],
 ) -> dict[str, tuple[Cookie, ...]]:
-    """The time-based backup: ``converge`` over every tracked browser group.
+    """The time-based backup: one :func:`converge` over the union of every tracked endpoint.
 
-    Groups ``endpoints`` by browser, anchors each group on this host's local endpoint, and
-    runs :func:`converge` with no ``origin`` so every endpoint is reconciled. A group with no
-    local endpoint on this host is skipped — there is nothing here to merge from.
+    Every registered endpoint — every browser, every host — converges to one union cookie
+    set. The pass is anchored on this host's first warm-keyed local endpoint and run with no
+    ``origin`` so every endpoint is reconciled. With no warm local anchor there is nothing
+    here to merge from, so the pass is skipped.
 
     Args:
         endpoints: Every tracked endpoint across all hosts and browsers.
         self_target: This host's own ssh target.
         registry: The browser registry, mapping each :class:`~cookiesync.state.BrowserId` to
-            its :class:`~cookiesync.cookie.browsers.Browser`; the anchored group is skipped
-            when its browser is not registered.
-        cache: The short-TTL key cache.
+            its :class:`~cookiesync.cookie.browsers.Browser`; endpoints whose browser is not
+            registered are excluded from the union.
+        cache: The short-TTL key cache; the anchor is the first local endpoint with a warm key.
         engine: The watch engine, told each applied digest before its write.
         local_source: This machine's cookie source.
         source_for: Builds the :class:`Source` for a peer target; injected for tests.
 
     Returns:
-        Each anchored endpoint's id mapped to the merged set reconciled for its group.
+        The anchor endpoint's id mapped to the merged union, or empty when no warm anchor.
 
     Example:
         >>> await reconcile(endpoints, self_target=self, registry=REGISTRY, cache=cache,
         ...                 engine=engine, local_source=local, source_for=make_ssh_source)
     """
-    groups: dict[BrowserId, list[BrowserEndpoint]] = defaultdict(list)
-    for endpoint in endpoints:
-        groups[endpoint.browser].append(endpoint)
-    results: dict[str, tuple[Cookie, ...]] = {}
-    for browser_id, group in groups.items():
-        if browser_id not in registry or (anchor := next((e for e in group if e.host == self_target), None)) is None:
-            continue
-        results[anchor.id] = await converge(
+    group = [e for e in endpoints if e.browser in registry]
+    anchor = await warm_anchor(group, self_target=self_target, cache=cache)
+    if anchor is None:
+        return {}
+    return {
+        anchor.id: await converge(
             anchor,
             [e for e in group if e is not anchor],
             self_target=self_target,
@@ -238,4 +251,4 @@ async def reconcile(
             local_source=local_source,
             source_for=source_for,
         )
-    return results
+    }

{cookiesync_cli-0.1.4 → cookiesync_cli-0.1.5}/cookiesync/service.py

@@ -41,11 +41,11 @@ SESSION_TYPE = "Aqua"
 
 RECONCILE_INTERVAL = 900
 
-# launchctl's tolerated-error strings vary by macOS version: pre-13 said "Could not
-# find specified service" / "service already loaded"; 13+ says "No such process" (exit 3)
-# for a not-loaded bootout. Tolerate every spelling so install/uninstall stay idempotent.
-ALREADY_LOADED = ("service already loaded", "service already bootstrapped")
-NOT_LOADED = ("Could not find specified service", "No such process")
+# launchctl bootout returns exit 3 (ESRCH) when the target agent isn't loaded — the only
+# tolerated failure, so uninstall and re-install of an absent agent are idempotent. Install
+# boots out before bootstrap (bootstrap_agent), so bootstrap never races an already-loaded
+# agent; any nonzero bootstrap exit is a real error (a malformed plist also exits nonzero).
+NOT_LOADED_EXIT = 3
 
 
 class ServiceError(Exception):
@@ -106,16 +106,17 @@ class Launcher(Protocol):
 class LaunchctlLauncher:
     """The production :class:`Launcher`: shells out to ``launchctl bootstrap``/``bootout``.
 
-    Both verbs target the caller's ``gui/<uid>`` domain. An "already loaded" bootstrap
-    and a "not loaded" bootout are tolerated so install and uninstall are idempotent;
-    any other non-zero exit raises :class:`ServiceError`.
+    Both verbs target the caller's ``gui/<uid>`` domain. ``bootout`` tolerates exit 3
+    (``ESRCH`` — the agent wasn't loaded) so uninstall and re-install stay idempotent;
+    ``bootstrap`` tolerates nothing, since install boots out first. Any other non-zero
+    exit raises :class:`ServiceError`.
     """
 
     async def bootstrap(self, plist: Path) -> None:
-        await run_launchctl("bootstrap", gui_domain(), str(plist), tolerate=ALREADY_LOADED)
+        await run_launchctl("bootstrap", gui_domain(), str(plist))
 
     async def bootout(self, label: Label) -> None:
-        await run_launchctl("bootout", f"{gui_domain()}/{label}", tolerate=NOT_LOADED)
+        await run_launchctl("bootout", f"{gui_domain()}/{label}", ok=(NOT_LOADED_EXIT,))
 
 
 def gui_domain() -> str:
@@ -168,15 +169,10 @@ def agent_for(label: Label, program_args: Sequence[str]) -> AgentSpec:
             raise ServiceError(f"{label} runs {agent.command!r}, not {list(program_args)!r}")
 
 
-async def run_launchctl(*args: str, tolerate: tuple[str, ...]) -> None:
+async def run_launchctl(*args: str, ok: tuple[int, ...] = ()) -> None:
     result = await anyio.run_process(["launchctl", *args], check=False)
-    match result.returncode:
-        case 0:
-            return
-        case _ if any(t in result.stderr.decode() for t in tolerate):
-            return
-        case code:
-            raise ServiceError(f"launchctl {args[0]}: exit {code}: {result.stderr.decode().strip()}")
+    if (code := result.returncode) and code not in ok:
+        raise ServiceError(f"launchctl {args[0]}: exit {code}: {result.stderr.decode().strip()}")
 
 
 async def install(launcher: Launcher, *, tick_only: bool = False) -> None:

{cookiesync_cli-0.1.4 → cookiesync_cli-0.1.5}/cookiesync/state.py

@@ -102,12 +102,14 @@ class State:
     self_target: SshTarget
     browsers: tuple[BrowserEndpoint, ...] = ()
     settings: Settings = field(default_factory=Settings)
+    consent_route_to: SshTarget | None = None
 
     def to_json(self) -> dict[str, object]:
         return {
             "self_target": self.self_target,
             "browsers": [endpoint.to_json() for endpoint in self.browsers],
             "settings": self.settings.to_json(),
+            "consent_route_to": self.consent_route_to,
         }
 
     @classmethod
@@ -116,6 +118,7 @@ class State:
             SshTarget(raw["self_target"]),
             tuple(BrowserEndpoint.from_json(endpoint) for endpoint in raw["browsers"]),
             Settings.from_json(raw["settings"]),
+            SshTarget(route) if (route := raw.get("consent_route_to")) is not None else None,
         )
 
     async def save(self) -> State:

{cookiesync_cli-0.1.4 → cookiesync_cli-0.1.5}/pyproject.toml

@@ -1,6 +1,7 @@
 [project]
 name = "cookiesync-cli"
-version = "0.1.4"
+# Inert sentinel: the real version is set from the release tag (uv version --frozen); never written back here.
+version = "0.1.5"
 description = "Sync your browser cookies across machines."
 readme = "README.md"
 license = "PolyForm-Noncommercial-1.0.0"