Skip to content

v1.1.0 — QR pairing, token-enforced security, background notifications

Latest

Choose a tag to compare

@HMAKT99 HMAKT99 released this 04 Jul 15:25
6c2bfc2

Highlights

Pairing is now token-enforced end to end. The single-use pairing token from the QR payload is validated by the daemon — requests with a wrong, missing, or expired token are rejected. Devices are stored under their own ID, fixing re-identify after reconnect.

QR code pairing. touchbridge-test pair now opens an actual QR code; the iOS app scans it with the camera. No more pasting JSON from the terminal (though manual entry remains as fallback).

Background auth notifications (iOS). A sudo request while the app is backgrounded now buzzes your phone with a notification; Face ID runs when you open the app.

Daemon hardening. Lock-protected session state, pending-auth cleanup, periodic pruning of expired challenges/nonces, and a PAM timeout margin so approvals landing at the deadline aren't lost.

Homebrew activation fixed. New patch-pam.sh ships in the pkg — cask users can now actually enable the sudo hook (sudo bash /usr/local/share/touchbridge/patch-pam.sh).

Install

brew tap HMAKT99/touchbridge
brew install --cask touchbridge
sudo bash /usr/local/share/touchbridge/patch-pam.sh

Or download TouchBridge-1.1.0.pkg below.

Testing

127 Swift tests (111 daemon + 16 protocol) plus a 38-check end-to-end validation suite covering the full sudo → PAM → daemon flow, password fallback, recovery, and audit logging. The new iPhone QR-pairing flow is verified at the protocol level and via QR round-trip tests — if you pair a real device with this release, we'd love your confirmation in #27.

Full changelog: CHANGELOG.md