feat(web): in-dashboard device discovery, share-from-browser, redesign + hardening#534
Merged
Conversation
Add /api/identity, /api/devices/scan (mDNS browse with confirm code and paired status), and /api/devices/pair (approve-style pairing via linkRemote). Backs the Search local devices button so pairing can happen from the browser instead of the CLI.
Redesign the dashboard into a left sidebar (device switcher + Search local devices) and a right content panel, restyled to a warm-paper, forest-green archival theme (serif display numbers, ink text, hairline borders) in place of the dark midnight theme. The Search local devices modal discovers nearby devices over mDNS and pairs in one click (approve on the other device), backed by /api/devices/scan and /api/devices/pair.
Replace the placeholder triangle with the flame mark (the repo's codeburn-symbolic vector), tinted the theme's forest green, and set the same flame as the favicon.
…ined views In the All devices view the daily chart now stacks by device (one color per device) instead of by model, and the combined panels add a By task breakdown plus in/out token detail. Devices that cannot be reached are hidden entirely rather than shown as error rows.
Replace the inline vector flame with the brand flame PNG (public/codeburn-flame.png) in the header and as the favicon.
Crop the transparent border off the flame PNG (it was 184px of padding each side) and reduce the header gap so the mark sits close to the wordmark.
Add a Cost/Tokens unit toggle that switches the hero number and the chart between dollars and tokens. Surface cache write/read token totals as metric cards. Add per-device panels for subagents, skills, MCP servers, and a savings / retry-tax / routing-waste summary. The combined view gains cache totals and the unit toggle too.
Use the website's navbar flame (logo.png) with the Code+Burn wordmark in the header, and the three-flame app icon (icon.png) as the favicon. Add Website, Discord, and X links to the sidebar footer.
The three-flame icon was wrong for the tab; use the same single flame as the navbar everywhere and drop the unused three-flame asset.
Security: - pairing: cap PIN attempts (close window after 5 wrong guesses) so a 6-digit PIN cannot be brute-forced within the TTL on a 0.0.0.0 listener. - web dashboard: reject non-loopback Host (defeats DNS rebinding that could read unsanitized local usage) and cross-origin requests (CSRF); require application/json on the pair endpoint. - store tokens with 0600 perms (was world-readable), 0700 dir. Robustness: - client: per-request timeout so a hung/asleep peer cannot hang a pull; pullDevices fetches remotes concurrently and isolates failures. - dashboard: normalize peer payloads at the boundary and add an error boundary so a peer on a different version cannot white-screen the SPA; finite-guard fmtNum/compactUsd. Tests: PIN attempt-cap test added (1269 pass).
Add a Share this device toggle to the dashboard sidebar. It runs the secure share server in-process (mTLS + mDNS advertise) so no terminal is needed, with a Keep sharing always option (persisted; otherwise it stops after idle). Incoming approve-style pairings are queued and surfaced in the browser as an Approve/Deny prompt with the matching code, instead of a terminal prompt. The shared payload is sanitized; start degrades gracefully if the port is already held by a CLI share.
- client: 8s -> 15s timeout and a fresh socket per request (agent:false) so the pinned-fingerprint check always reads this connection's cert. - share server: wrap request handling so a getUsage error returns a fast 500 instead of hanging the caller (which times out and drops the device). - dashboard: re-pull paired devices every 20s so a brief drop self-heals instead of staying gone until you change tabs.
A peer might run an older build that does not strip its own project names/sessions. Sanitize every remote payload when we receive it too, so project names never cross into our dashboard regardless of the sender's version. Aggregate numbers (cost, tokens, models, tools, daily) are kept.
- normalize remote daily-history entries so a peer on an older build (daily rows missing topModels) can no longer crash the chart / brick the page. - ShareController: commit always/sharing state only after listen() binds, so a port-in-use start no longer reports sharing when it is not. - attach durable error/tlsClientError handlers to both HTTPS servers so a malformed peer connection cannot crash the process. - reset view/provider selection when the viewed device disappears or lacks the selected provider (no more empty/no-selection state on sleep-wake). - by-device chart: stable per-device color/key so bars do not reshuffle when a device drops or returns between polls.
- give each device a stable unique id (cert fingerprint for remotes, 'local' for this device); key the sidebar, selection, and by-device chart by id so two devices sharing a hostname no longer collide. - approval prompt: drop a request from the UI the moment it is answered so it cannot be double-clicked. - share controller: cap concurrent pending approvals and allow only one per device, so a LAN peer cannot flood the prompt. - usd(): render negatives as -$5.00, consistent with compactUsd.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Builds on the local web dashboard (#531/#533) and device sharing (#532): adds in-dashboard discovery, a share-from-the-browser flow, a visual redesign, and a security/robustness hardening pass for public use.
Dashboard
Discovery & sharing from the browser
Security and robustness (audited)
Tests: 1269 pass; tsc and dash typecheck/build clean. Data accuracy verified (combined equals the sum of devices; local matches the CLI).