docs(future) + feat: 18k-line improvement protocol + P0 wave implementation#26
Merged
Conversation
19 source-grounded improvement docs covering every part of the project: overview, architecture, libs, commands, accounts module, config/paths, auto-switch + daemon, usage/API, shell hooks, multi-CLI support, security, testing, release/distribution, observability, cross-platform, performance, docs/DX, roadmap, glossary + appendices. Every major proposal follows Evidence/Diagnosis/Proposal/Migration/Rollout and carries P0-P3 + S/M/L/XL tags. No source files modified.
Implements the highest-priority concrete findings the audit in docs/future surfaced. Larger refactors (god-file split, plugin SDK, XDG migration, daemon IPC, atomic registry locking) are deferred to separate scoped PRs. Security & correctness: - New src/lib/io/secure-fs.ts: atomic temp+rename writes with 0600 file mode and 0700 dir mode helpers (no-op chmod on Windows). - registry.saveRegistry now writes atomically with secure perms. - account-service.ts: chmod 0600 after every snapshot copy/write and 0700 on accounts dir; secureWriteFile for current name, session map, and materialized auth file; ensureSecureDir as the dir helper. - registry.sanitizeUsageSnapshot was silently rewriting "proxy" to "cached" because "proxy" was missing from the source allowlist even though UsageSource includes it. Fixed and covered by tests. UX: - Init-hook update prompt flipped from [Y/n] default-yes to [y/N] default-no. Added shouldProceedWithNoDefault helper. - login command now restores auto-switch state if the login fails, instead of leaving it disabled. Bugs: - kiro switch: fs.existsSync(DATA_FILE) || lstatSync(DATA_FILE) threw ENOENT when the path was fully absent; replaced with a single unlink+ENOENT-tolerant block. CI: - New .github/workflows/ci.yml: matrix of Ubuntu/macOS/Windows × Node 18/20/22 running build + npm test, plus an Ubuntu/macOS smoke job that npm-installs the packed tarball and runs `authmux --help`. Postinstall is suppressed in CI via env. Tests: - 8 new tests (77 -> 85 passing): secure-fs perms + atomicity, shouldProceedWithNoDefault matrix, registry proxy-source round-trip, full UsageSource enum coverage.
NagyVikt
changed the title
Collaborator
Author
P0 wave implementation (commit
|
node --test does not have built-in glob expansion until Node 22, so the shell has to expand the pattern. npm runs scripts via sh (dash on Ubuntu), which does not recognise ** as a glob, and bash needs globstar enabled which it is not by default. The result was that on Node 18 and 20 the literal pattern was passed to node, which then failed to find any test files and exited non-zero. Since every test file lives directly under dist/tests/, the single star is sufficient and works on every Node version and every shell. This was masked until now because no CI job has ever run npm test; the ci.yml workflow added in this branch is the first.
Windows cmd.exe does not expand any glob (single or double star) and neither does the sh that npm uses to invoke scripts on Linux/macOS when the pattern contains **. The previous fix swapped ** for *, which fixed Linux/macOS but Windows still failed because cmd never expanded the * either. Replace shell-side glob expansion with a tiny CJS script that reads dist/tests via fs.readdirSync and spawns "node --test <files...>" with an explicit file list. Works identically on bash, dash, zsh, cmd, and pwsh, on every Node version >= 18.
7 tasks
NagyVikt
added a commit
that referenced
this pull request
May 18, 2026
Bumps package.json + package-lock.json from 0.1.24 to 0.1.25 and extends releases/v0.1.25.md to cover every theme that landed since v0.1.24: - N1 durability (#29): atomic writes, registry lock, fsync-before-rename - N2 account-service split (#30): 1675 LOC -> 164 LOC orchestrator + 12 modules - N3 error taxonomy + --json (#28): AuthmuxError base, stable codes, JSON envelope - N4 lazy path resolvers (#27): bare constants deprecated for v0.2.0 - P0 wave (#26): secure perms, [y/N] update prompt, kiro ENOENT, CI matrix, registry proxy-source round-trip, 18k-line improvement docs Notes follow the canonical 7-section shape from docs/future/17-ROADMAP.md (Added, Changed, Fixed, Deprecated, Removed, Security, Migration), with the prior Durability section folded into a "Theme deep-dives" appendix so the canonical shape is intact. No code changes. No npm publish. Verification: - npm run build: clean - npm test: 129/129 pass - node -e "require('./package.json').version" -> 0.1.25 - node -e "require('./package-lock.json').version" -> 0.1.25 Co-authored-by: NagyVikt <nagy.viktordp@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Adds 19 source-grounded improvement documents under
docs/future/(~18,016 lines total) covering every section of the project. The user asked for ~12,000 lines; the final set came in larger because each section's brief required substantive depth (per-method line citations, full TypeScript interface sketches, per-OS install matrices, conformance kits, etc.). No source files are modified.What's inside
src/lib/*.ts(excl. accounts/config subdirs)src/commands/*.tssrc/lib/accounts/deep dive incl.account-service.tsdecompositionProviderAdapterinterface, built-in + future adaptersTotal: 18,016 lines.
Notable real findings surfaced by the audit
Several proposals are anchored to genuine bugs/risks discovered during the source read — these may be worth triaging independently:
registry.json, snapshots, and accounts dir written without explicit mode → world-readable refresh tokens on default umask.src/lib/accounts/account-service.ts:986-998,src/lib/accounts/registry.ts:148-152.child_process.execof user-controlledCODEX_LB_DASHBOARD_TOTP_COMMANDenv var.src/lib/accounts/usage.ts:365-373.registry.ts:26drops"proxy"usage source during sanitization; saved snapshots withsource: "proxy"round-trip as"cached".authmuxinvocation auto-installs updates with[Y/n]defaulting to yes — effectively opt-out auto-update.src/hooks/init/update-notifier.ts:38-55.~/.codex/auth.jsonorregistry.json; race between manualuseand daemonswitch. Non-atomic registry write (no temp+rename) → silent reset to defaults on crash mid-write.npm test.src/commands/kiro.ts:81fs.existsSync(...) || fs.lstatSync(...).isSymbolicLink()throws ENOENT when the file doesn't exist.src/commands/login.ts:41-44disables auto-switch but never restores it on failure.Commanddirectly, bypassingBaseCommand.handleErrorand external-auth sync./wham/usageparsers (objectrate_limitvs arrayrate_limits) — one likely stale.src/lib/hermes-mirror.ts:6hardcodes~/Documents/hermes-agent(developer-machine assumption).com.codex.auth.autoswitch(service-manager.ts:9) — pre-rename artifact needs deprecation cycle.src/tests/test_kiro_account_switcher.py(Python) is silently skipped bynode --test.Every proposal follows the Evidence → Diagnosis → Proposal → Migration → Rollout pattern and carries
P0/P1/P2/P3+S/M/L/XLtags so the work can be triaged into a real backlog.Test plan
src/Generated by Claude Code