Highlights
Pairing is now token-enforced end to end. The single-use pairing token from the QR payload is validated by the daemon — requests with a wrong, missing, or expired token are rejected. Devices are stored under their own ID, fixing re-identify after reconnect.
QR code pairing. touchbridge-test pair now opens an actual QR code; the iOS app scans it with the camera. No more pasting JSON from the terminal (though manual entry remains as fallback).
Background auth notifications (iOS). A sudo request while the app is backgrounded now buzzes your phone with a notification; Face ID runs when you open the app.
Daemon hardening. Lock-protected session state, pending-auth cleanup, periodic pruning of expired challenges/nonces, and a PAM timeout margin so approvals landing at the deadline aren't lost.
Homebrew activation fixed. New patch-pam.sh ships in the pkg — cask users can now actually enable the sudo hook (sudo bash /usr/local/share/touchbridge/patch-pam.sh).
Install
brew tap HMAKT99/touchbridge
brew install --cask touchbridge
sudo bash /usr/local/share/touchbridge/patch-pam.shOr download TouchBridge-1.1.0.pkg below.
Testing
127 Swift tests (111 daemon + 16 protocol) plus a 38-check end-to-end validation suite covering the full sudo → PAM → daemon flow, password fallback, recovery, and audit logging. The new iPhone QR-pairing flow is verified at the protocol level and via QR round-trip tests — if you pair a real device with this release, we'd love your confirmation in #27.
Full changelog: CHANGELOG.md