Skip to content

clipboardwire v0.1.0 — initial release

Choose a tag to compare

@davefx davefx released this 19 May 15:59

A from-scratch Rust clipboard-sync hub and client, inspired by ClipCascade but redesigned for single-user, personal-use deployment on a trusted LAN or VPN. Replaces an always-running JVM with a ~7 MiB native binary that idles under 10 MiB RSS.

What it is

One binary, clipboardwire, with three modes:

  • clipboardwire serve — relay hub only (headless / systemd / NAS).
  • clipboardwire host — hub and a local clipboard client on the same machine. Your always-on workstation bootstraps the network.
  • clipboardwire (or connect) — join an existing hub as a clipboard client. Default mode.

On Windows, add --tray for a system-tray icon with a "Quit" menu.

Highlights

  • Built-in TLS (rustls) — point at a cert + key and the hub speaks wss:// directly.
  • Windows tray UI via tray-icon.
  • Windows MSI installer (auto-PATH).
  • WebSocket transport with HTTP Basic auth (constant-time compare).
  • In-memory fan-out hub with last-clip cache and bounded per-peer buffers.
  • Reconnect with exponential backoff per the protocol spec.
  • Echo-loop suppression on the client (poll-based, arboard-backed).
  • 49 tests passing on Linux and Windows.

Install

Platform Artifact
Debian / Ubuntu clipboardwire_0.1.0_amd64.deb
Fedora / RHEL / openSUSE clipboardwire-0.1.0-1.x86_64.rpm
Arch see packaging/arch/PKGBUILD in source
Windows (installer) clipboardwire-0.1.0-x86_64.msi — adds the binary to system PATH
Windows (portable) clipboardwire-windows-x86_64.exe
Other Linux clipboardwire-linux-x86_64 raw binary

Distro packages install a hardened systemd unit (/etc/clipboardwire/clipboardwire.env for credentials and optional TLS cert/key paths).

TLS

Two ways:

  • Built-in: set CLIPBOARDWIRE_TLS_CERT_FILE and CLIPBOARDWIRE_TLS_KEY_FILE to PEM paths. Hub speaks wss://.
  • Reverse proxy: leave those env vars unset; front Caddy / nginx / Traefik.

See the README's TLS section for openssl recipes.

Threat model — read before exposing

This release is designed for a trusted LAN or VPN. Clipboard contents travel as plaintext JSON inside the TLS-protected WebSocket; the server processes them in plaintext in memory. The server is inside the trust boundary. See PROTOCOL.md §4 for the planned TOFU-pairing E2EE upgrade.

Known limitations

  • Text/UTF-8 clipboard only (images and files planned for v0.2).
  • Single-user; no per-room separation.
  • Wayland background polling depends on compositor support.
  • Tray UI is Windows-only in this release; cross-platform tray planned for v0.2.

Acknowledgements

Heavily inspired by ClipCascade by Sathvik Rao — same problem, different deployment fit (no JVM).