Implement warpctrl with set of non-authenticated, safe commands#12327
Open
zachlloyd wants to merge 14 commits into
Open
Implement warpctrl with set of non-authenticated, safe commands#12327zachlloyd wants to merge 14 commits into
zachlloyd wants to merge 14 commits into
Conversation
Rewrite PRODUCT.md, TECH.md, and SECURITY.md to the approved external-only design: - Remove verified-terminal, invocation-context, terminal-session grant, and authenticated-user concepts entirely. - Simplify Scripting setting to enabled/disabled (no three-mode invocation-context model). - Define exact 75-action catalog: 72 default-authorized, 3 requiring one-shot close confirmation (window.close, tab.close, pane.close). - Remove block.list from catalog. - Input staging commands never submit the buffer; no input.run action. - Preserve owner-only discovery, same-user Unix credential broker, short-lived instance-bound exact-action credentials, loopback HTTP, and app-side enforcement. - Document honest same-user residual risks. - Fail closed on unsupported platforms (Windows). Co-Authored-By: Oz <oz-agent@warp.dev>
…es, README - Change Scripting default from disabled to enabled across all specs. - Replace confirmation_declined with protocol-aligned error codes: user_confirmation_required, user_confirmation_denied, user_confirmation_expired. - Update README.md stale references: remove old three-mode language, align with simple enabled/disabled model, fix default-enabled wording. Co-Authored-By: Oz <oz-agent@warp.dev>
Catalog: 75 public actions (block.list removed), all Implemented, 3 confirmation-required (window.close, tab.close, pane.close), 72 default-authorized. Removed InvocationContext, ExecutionContextProof, AuthenticatedUserRequirement from catalog and protocol. Added requires_user_confirmation field. Flat param structs with deny_unknown_fields. Removed old error codes (InvalidTerminalProof, ExecutionContextNotAllowed, AuthenticatedUserRequired, AuthenticatedUserUnavailable). Added UserConfirmation* error codes. CLI: Full 75-action parser with discovery-driven instance selection (--instance/--pid flags, default Active), hierarchical target selectors (window/tab/pane/session by id/index/title), complete test coverage including every_retained_catalog_action_has_a_parseable_cli_example. Co-Authored-By: Oz <oz-agent@warp.dev>
Remove InvocationContext, ExecutionContextProof, and AuthenticatedUserGrant from the credential request/grant flow. The external-only Warp Control design treats all broker-issued credentials as external, so: - CredentialRequest carries only protocol_version, request_id, action - CredentialGrant carries only credential_id, instance_id, action, timestamps - verify_for_action checks expiry, instance, and exact action only - AuthenticatedUserGrant struct removed entirely - Broker/bridge hardcode OutsideWarp for settings check (lead to simplify) Preserved: owner-only discovery, instance-derived Unix broker path, kernel same-user peer validation, short-lived exact-action credentials, loopback/Host/Origin defenses, app-side setting/grant revalidation. Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Oz <oz-agent@warp.dev>
- Remove entire Block family (block.list/inspect/output absent). - Remove entire Auth family (auth.status/login absent). - Remove entire Drive family (all drive.* absent). - Remove entire History family (history.list absent). - Reduce Input to exactly input.insert and input.replace. - Remove file.list (only file.open remains). - Remove invented tab actions (activate_previous/next/last, close_others, close_right) not in catalog. - Add capability.list/capability.inspect. - Add keybinding.list/keybinding.get. - Add action.inspect. - Add all 11 surface actions from catalog. - Use exact dotted names (tab.color.set, theme.system.set, etc.). - Fix Scripting wording: 'when Scripting is enabled' not 'when the user explicitly enables'. Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Oz <oz-agent@warp.dev>
Port handler and resolver implementations for the complete 75-action external-security catalog from the reference implementation. This adds: - app_state.rs: Safe mutation handlers for focus, window/tab/pane/session lifecycle, input staging (insert/replace without submit), surface toggles, and file open - metadata.rs: Full introspection handlers for window/tab/pane/session list/inspect, active target chain, action/capability list/inspect; explicitly omits block_list and all block handlers - metadata_config.rs: Metadata mutation handlers for tab/pane rename/color, theme set/system/light/dark, appearance font/zoom adjustments, and allowlisted setting set/toggle - settings_surfaces.rs: Read-only settings/theme/appearance/keybinding list and get handlers - resolver.rs: Full ActionParameterSpec validation, validate_action_target for scope-based target rejection, updated window resolution (sorted IDs, no title resolution) - layout.rs: Updated create_tab with shell/tab_type params support Omitted from reference: block_list, block handlers, content/history reads, authenticated-user actions, direct Drive operations, verified-terminal proof. Co-Authored-By: Oz <oz-agent@warp.dev>
Adapt the one-shot close confirmation from the complete-control-cli reference to the external-only credential model. Close actions (window.close, tab.close, pane.close) return UserConfirmationRequired from bridge dispatch, prompting a UI dialog bound to the exact request/action/parameters, credential identity, resolved target, and expiry. On approval, the bridge revalidates live credential, setting, action, and target before executing the close. Pending confirmations are cancelled on disable/shutdown/deny/dismiss/expiry and consumed on first use (one-shot). No terminal session/proof binding or revocation. No block.list. Preserves the Unix broker and HTTP issuance architecture. Files owned by this branch: - app/src/local_control/bridge.rs - app/src/local_control/confirmation_dialog.rs - app/src/local_control/mod.rs - app/src/local_control/mod_tests.rs - app/src/workspace/view.rs Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Oz <oz-agent@warp.dev>
Contributor
|
I'm starting a first review of this pull request. You can view the conversation on Warp. I completed the review and no human review was requested for this pull request. Comment Powered by Oz |
zachlloyd
changed the title
![oz-for-oss[bot]](https://avatars.githubusercontent.com/in/3450139?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Overview
This PR expands the local-control/warpctrl surface with many newly implemented actions, an app-side close-confirmation flow, settings and metadata handlers, and updated CLI dispatch.
Concerns
- [SECURITY] Local Control now defaults to enabled. Once the feature flag is on, Warp will publish the endpoint and credential broker without an explicit user opt-in, allowing any same-user external process to run non-confirmed UI actions.
warpctrl instance listnow goes through the authenticated action path for one selected instance, so it no longer lists all discoverable instances and can fail before users know which instance to target.- This PR adds a user-facing confirmation dialog and CLI behavior changes, but the description does not include screenshots or a screen recording. For this user-facing change, please include screenshots or a screen recording demonstrating it working end to end.
Security
- Local-control publication should remain disabled by default, or be protected by a first-use consent gate, before exposing the endpoint/broker and non-confirmed actions to same-user external processes.
Verdict
Found: 0 critical, 3 important, 0 suggestions
Request changes
Comment /oz-review on this pull request to retrigger a review (up to 3 times on the same pull request).
Powered by Oz
|
|
||
| fn default_value() -> Self::Value { | ||
| LocalControlMode::Disabled | ||
| LocalControlMode::Enabled |
Contributor
There was a problem hiding this comment.
| } | ||
| } | ||
| } | ||
| InstanceCommand::List => run_action_with_params( |
Contributor
There was a problem hiding this comment.
instance list now sends an authenticated request to one selected instance, so it no longer lists all discoverable instances and can fail before users know which instance to target; keep this path using local discovery records.
Co-Authored-By: Oz <oz-agent@warp.dev>
Co-Authored-By: Oz <oz-agent@warp.dev>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR completes the transition to an external-only Warp Control CLI design. It implements the necessary security handlers for all 75 retained actions, aligns the catalog with authoritative naming, and introduces a robust confirmation flow for external-credential closures.
Key changes include: