Skip to content

feat: harden Miranda for v0.7.0 release candidate#51

Merged
frahlg merged 1 commit into
mainfrom
codex/v0.7.0-rc.1
Jul 15, 2026
Merged

feat: harden Miranda for v0.7.0 release candidate#51
frahlg merged 1 commit into
mainfrom
codex/v0.7.0-rc.1

Conversation

@frahlg

@frahlg frahlg commented Jul 15, 2026

Copy link
Copy Markdown
Member

What changed

  • reshapes Miranda around passkey-native terminal continuity
  • removes wallet/SLIP-10 identity paths and keeps the agent free of owner private material
  • adds signed agent registration, pre-authenticated attach, 96-bit SAS, signed revocation, and native keychain storage
  • adds relay rate limiting, explicit trusted-proxy handling, durable revocations, and strict production TLS guidance
  • adds mir doctor, reproducible builds, fuzz smoke tests, pinned supply-chain gates, audit scope, and operations/release documentation

Why

This turns the current prototype into a focused security release candidate for a private, P2P terminal-continuity mesh around tmux.

Impact

This is a security-driven identity migration. Existing wallet-era state must be backed up and devices paired again. The relay remains blind to terminal plaintext.

Validation

  • go test ./...
  • go test -race -count=1 ./...
  • go vet ./...
  • govulncheck@v1.6.0 ./...
  • web: 111/111 tests
  • npm audit --omit=dev: 0 vulnerabilities
  • installer test
  • GoReleaser config validation
  • deterministic double build with byte-identical binaries
  • full 12-artifact GoReleaser snapshot

@frahlg frahlg merged commit ea6b513 into main Jul 15, 2026
2 checks passed

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 1a63b21f7d

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

// so an answer can only ever reach a session the agent owns.
if bc := ac.session(m.Session); bc != nil {
bc.notify(SignalMsg{Type: TypeAnswer, SDP: m.SDP})
bc.close() // signaling is one-shot; writer flushes the queued answer

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P1 Badge Keep signaling open until web setup finishes

When a browser attaches through the relay, the SPA still treats ws.onclose as a setup failure while connected is false (web/src/app.js:141), and connected is not set until after the WebRTC data channel opens and Noise completes. Closing the browser signaling socket immediately after queuing the answer makes normal one-shot shutdown race ahead of ICE/data-channel establishment on typical web clients, causing the SPA to tear down the peer connection with “signal socket closed” instead of completing the attach.

Useful? React with 👍 / 👎.

// Verify owner control before allocating ICE, TURN, file descriptors, or a
// Pion PeerConnection. The stable binding selects the Noise key; the fresh
// signature binds this exact SDP to the relay-issued one-shot session.
if !rt.cfg.IsOwnerPinned(owner) || m.Session == "" || m.Auth == "" {

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Accept owners loaded by the hot-reload loop

When mir pair adds an owner while mir up is already running, Up only calls ReloadOwners and starts serveOwner for the new owner; it never updates rt.cfg.PairedOwners. For those hot-loaded owners this stale IsOwnerPinned guard rejects every signed offer even though the agent successfully registered for that owner, so pairing appears to work but attaches fail until the agent is restarted.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant