gdmcode 0.1.0__py3-none-any.whl

src/remote/command_filter.py

@@ -0,0 +1,33 @@
+"""Remote command filter — allowlist for commands accepted from remote input."""
+from __future__ import annotations
+import logging
+from src.remote.models import InputMessage
+
+__all__ = ["RemoteCommandFilter"]
+
+log = logging.getLogger(__name__)
+
+
+class RemoteCommandFilter:
+    """Blocks disallowed slash-commands from remote clients.
+
+    Non-command text (anything not starting with '/') is always allowed.
+    Only explicitly whitelisted commands pass through.
+    """
+
+    ALLOWED_COMMANDS: frozenset = frozenset(
+        {"/help", "/status", "/cost", "/cancel", "/approve", "/deny"}
+    )
+
+    def is_allowed(self, text: str) -> bool:
+        """Return True for non-command text or whitelisted commands."""
+        if not text.startswith("/"):
+            return True
+        return text.strip() in self.ALLOWED_COMMANDS
+
+    def filter(self, msg: InputMessage) -> InputMessage | None:
+        """Return the message if allowed, or None if blocked (logs a warning)."""
+        if self.is_allowed(msg.text):
+            return msg
+        log.warning("RemoteCommandFilter: blocked command %r", msg.text)
+        return None

src/remote/models.py

@@ -0,0 +1,31 @@
+"""Data models for the remote server module."""
+from __future__ import annotations
+from dataclasses import dataclass, field
+
+__all__ = ["RemoteEvent", "InputMessage", "SessionState", "PermissionRequest"]
+
+
+@dataclass
+class RemoteEvent:
+    type: str
+    payload: dict = field(default_factory=dict)
+
+
+@dataclass
+class InputMessage:
+    text: str
+    command: bool = False
+
+
+@dataclass
+class SessionState:
+    status: str
+    turn: int
+    cost_usd: float
+
+
+@dataclass
+class PermissionRequest:
+    id: str
+    description: str
+    risk_level: str

src/remote/permission_handler.py

@@ -0,0 +1,79 @@
+"""Per-connection permission prompt handler for remote WebSocket clients."""
+from __future__ import annotations
+import asyncio
+import json
+import logging
+import secrets
+
+__all__ = ["RemotePermissionPromptHandler"]
+
+log = logging.getLogger(__name__)
+
+
+class RemotePermissionPromptHandler:
+    """Sends a PermissionPrompt over WebSocket and awaits the client's response.
+
+    Usage::
+        handler = RemotePermissionPromptHandler(send_queue)
+        approved = await handler("Delete /etc/hosts?", "high")
+        # When the client responds:
+        handler.resolve(prompt_id, "approve")  # called by the WS receiver
+    """
+
+    def __init__(self, send_queue: asyncio.Queue) -> None:
+        self._send_queue = send_queue
+        self._pending: dict[str, asyncio.Future] = {}
+
+    async def __call__(self, description: str, risk_level: str) -> bool:
+        """Send a permission prompt and block until approved/denied or timeout.
+
+        Returns True if approved, False on denial, timeout, or disconnect.
+        """
+        req_id = secrets.token_hex(16)
+        loop = asyncio.get_running_loop()
+        future: asyncio.Future = loop.create_future()
+        self._pending[req_id] = future
+
+        msg = json.dumps(
+            {
+                "type": "permission",
+                "id": req_id,
+                "description": description,
+                "risk_level": risk_level,
+            }
+        )
+        await _put_send_queue(self._send_queue, msg)
+
+        try:
+            return await asyncio.wait_for(future, timeout=60.0)
+        except asyncio.TimeoutError:
+            log.warning("Permission prompt %s timed out → deny", req_id)
+            return False
+        finally:
+            self._pending.pop(req_id, None)
+
+    def resolve(self, req_id: str, decision: str) -> None:
+        """Called by the WS receiver when the client sends a permission_response."""
+        future = self._pending.get(req_id)
+        if future and not future.done():
+            future.set_result(decision == "approve")
+
+    def cancel_all(self) -> None:
+        """Deny all pending prompts (called on disconnect)."""
+        for future in list(self._pending.values()):
+            if not future.done():
+                future.set_result(False)
+        self._pending.clear()
+
+
+async def _put_send_queue(send_queue: asyncio.Queue, item: str) -> None:
+    """Put item into send queue, dropping the oldest entry if full."""
+    if send_queue.full():
+        try:
+            send_queue.get_nowait()
+        except asyncio.QueueEmpty:
+            pass
+    try:
+        send_queue.put_nowait(item)
+    except asyncio.QueueFull:
+        pass

src/remote/phone_ui.py

@@ -0,0 +1,48 @@
+"""phone_ui — HTML asset loader, ANSI stripper, audit log for RemoteServer."""
+from __future__ import annotations
+
+import datetime
+import pathlib
+import re
+from typing import Any
+
+CSP_HEADER = (
+    "default-src 'self'; "
+    "script-src 'self' 'unsafe-inline'; "
+    "style-src 'self' 'unsafe-inline'"
+)
+
+_ASSETS_DIR = pathlib.Path(__file__).parent.parent.parent / "assets" / "remote"
+
+# ANSI escape sequences: CSI (colors/cursor), OSC (window title), bare ESC
+_ANSI_RE = re.compile(
+    r"\x1b\[[0-9;]*[A-Za-z]"
+    r"|\x1b\][^\x07\x1b]*(?:\x07|\x1b\\)"
+    r"|\x1b[^[\]]"
+)
+
+
+def get_html() -> str:
+    """Return the contents of assets/remote/index.html."""
+    return (_ASSETS_DIR / "index.html").read_text(encoding="utf-8")
+
+
+def strip_ansi(text: str) -> str:
+    """Remove ANSI escape sequences from *text*."""
+    return _ANSI_RE.sub("", text)
+
+
+class AuditLog:
+    """In-memory append-only audit log for remote session events."""
+
+    def __init__(self) -> None:
+        self._entries: list[dict[str, Any]] = []
+
+    def record(self, event: str, detail: dict[str, Any] | None = None) -> None:
+        ts = datetime.datetime.now(datetime.timezone.utc).isoformat(
+            timespec="seconds"
+        ).replace("+00:00", "Z")
+        self._entries.append({"ts": ts, "event": event, **(detail or {})})
+
+    def entries(self) -> list[dict[str, Any]]:
+        return list(self._entries)

src/remote/protocol.py

@@ -0,0 +1,59 @@
+"""Canonical WebSocket message schema — all message types as TypedDicts."""
+from __future__ import annotations
+from typing import Literal
+from typing_extensions import TypedDict
+
+__all__ = [
+    "PingMessage",
+    "PongMessage",
+    "TranscriptEvent",
+    "InputCmd",
+    "PermissionPrompt",
+    "PermissionResponse",
+    "SessionStateMsg",
+    "ErrorMsg",
+]
+
+
+class PingMessage(TypedDict):
+    type: Literal["ping"]
+
+
+class PongMessage(TypedDict):
+    type: Literal["pong"]
+
+
+class TranscriptEvent(TypedDict):
+    type: Literal["transcript"]
+    text: str
+    turn: int
+
+
+class InputCmd(TypedDict):
+    type: Literal["input"]
+    text: str
+
+
+class PermissionPrompt(TypedDict):
+    type: Literal["permission"]
+    id: str
+    description: str
+    risk_level: str
+
+
+class PermissionResponse(TypedDict):
+    type: Literal["permission_response"]
+    id: str
+    decision: Literal["approve", "deny"]
+
+
+class SessionStateMsg(TypedDict):
+    type: Literal["state"]
+    status: str
+    turn: int
+    cost_usd: float
+
+
+class ErrorMsg(TypedDict):
+    type: Literal["error"]
+    message: str

src/remote/qr.py

@@ -0,0 +1,65 @@
+"""QR code rendering for gdm remote pairing URLs.
+
+Security contract
+-----------------
+The pairing *token* MUST live in the URL **fragment** (``#token=...``),
+never in the path or query string.  Fragment identifiers are never sent
+to the server in HTTP requests, so the token stays client-side only.
+"""
+
+from __future__ import annotations
+
+from urllib.parse import urlencode, urlparse, urlunparse
+
+
+def make_pairing_url(tunnel_url: str, token: str) -> str:
+    """Embed *token* in the fragment of *tunnel_url*.
+
+    >>> url = make_pairing_url("https://example.trycloudflare.com", "abc123")
+    >>> url.startswith("https://example.trycloudflare.com")
+    True
+    >>> "#token=" in url
+    True
+    >>> "?" not in url        # token is NOT in query string
+    True
+    """
+    parsed = urlparse(tunnel_url)
+    fragment = urlencode({"token": token})
+    return urlunparse(parsed._replace(fragment=fragment))
+
+
+def render_qr(url: str, border: int = 2) -> str:
+    """Render *url* as a Unicode block QR code string.
+
+    Uses ``qrcode`` (``pip install qrcode``).  Each dark module is
+    rendered as ``'\\u2588\\u2588'`` (full block × 2) for a square aspect
+    ratio in most terminal fonts.  Light modules are two spaces.
+
+    Returns the QR code as a multi-line string.
+    """
+    try:
+        import qrcode  # type: ignore[import-untyped]
+        import qrcode.constants  # type: ignore[import-untyped]
+    except ImportError as exc:
+        raise ImportError(
+            "qrcode is required for QR rendering: pip install qrcode"
+        ) from exc
+
+    qr = qrcode.QRCode(
+        error_correction=qrcode.constants.ERROR_CORRECT_M,
+        box_size=1,
+        border=border,
+    )
+    qr.add_data(url)
+    qr.make(fit=True)
+
+    lines: list[str] = []
+    for row in qr.modules:
+        line = "".join("\u2588\u2588" if cell else "  " for cell in row)
+        lines.append(line)
+    return "\n".join(lines)
+
+
+def print_qr(url: str, border: int = 2) -> None:
+    """Print a QR code for *url* to stdout."""
+    print(render_qr(url, border=border))