Login dialog (prompt_login_qt):
Modal asking for a discord_id:password token. Echo masked. Validates
format before accepting. 'Skip cloud sync' returns None so caller can
bypass sync without blocking the launch.
Conflict dialog (prompt_conflict_qt):
Modal with three radio options — keep_local, use_remote, cancel.
Shown when local files were modified since the last pulled snapshot
AND the remote has a newer snapshot from another host (divergence
state.json detection happens in sync.pull; not wired yet).
Both reuse the Prism dark palette via _apply_prism_dark. Tk fallbacks
not implemented — Qt is the path most players will hit.
Next: state.json (last_pulled_snapshot_id), divergence detection in
sync.pull, integration with these dialogs.
cloud-sync now ships a real Qt UI alongside the tkinter fallback.
Architecture:
- HeadlessProgress: --no-gui path, plain stdout
- TkProgressWindow: stdlib fallback when Qt isn't installed
- QtProgressWindow: preferred path; supports both PySide6 and PyQt6
(interchangeable APIs for our subset)
The factory in ui.py picks Qt → tkinter → headless. Tk stays so the
zipapp still works on bare Python with no extras.
Threading: QApplication runs on the main thread (started by run_with
via QDialog.exec). The restic worker runs on a daemon threading.Thread.
Cross-thread UI updates go via a Signal on a bridge QObject so Qt
auto-marshals them onto the main thread via a queued connection.
Cancellation: WM close + Cancel button both set a flag. sync.pull/push
pass ui.is_cancelled as restic.run's cancel_check; the subprocess gets
killed and returns -1 → exit 1.
Theme: Fusion style + Prism's dark palette (RGB values copied as facts
from PrismLauncher's DarkTheme.cpp). Override with PRISM_THEME=off.
Pyz size went 20 KB → 36 KB (added ui.py + ui_qt.py).
33 tests still green.
Reasons stacked up:
- AV: unsigned JARs that auto-download binaries + upload files trigger
Windows Defender false-positives more often than Python scripts
invoked by code-signed python.exe.
- Qt UI option: PySide6 opens a path to a real Qt UI (matching Prism's
look) if needed later. JVM Qt bindings are abandoned.
- frazclient already needs Python; inlining as 'import cloud_sync' is
zero overhead vs the launcher always shelling out to java.
Implementation:
- cloud_sync package: cli.py (argparse), creds.py, scope.py,
restic.py (binary discovery + auto-download + sha256 verify),
sync.py (pull/push subprocess restic).
- pyproject.toml with hatchling backend; pip-installable.
- Makefile builds cloud-sync.pyz via python -m zipapp (~53 KB).
- 33 pytest tests, stdlib only on runtime.
- CI workflow runs pytest matrix (3.10/3.11/3.12) + builds pyz.
- DESIGN.md + README.md updated to reflect Python.
E2E verified against local restic-rest-server:
pull empty → push initial → rm -rf local → pull restores → modify+push
creates second snapshot → client forget --prune blocked by --append-only.
Throws away ~565 LOC of Kotlin (and 18 jar tests) committed earlier in
this same session. Net result is ~250 LOC Python + 33 tests = smaller
and more aligned with the rest of the stack.
- Server-side prune via per-repo operator master key (restic key add at provision time)
- Auto-download restic on first run (packwiz-installer-bootstrap pattern)
- Nightly prune at 04:00 UTC via in-process time.Ticker
- Per-caller provisioning tokens (CLOUD_PROVISIONING_TOKENS_<NAME>) for audit attribution; NOT shared
Earlier draft archived cloud-svc entirely. Better shape: keep it as a
control plane for the restic backend. Two listeners in one process:
- provisioning :9091 on automc-net (called by discord-bot)
- operator :9092 on 127.0.0.1 (called by automc-setup wizard)
Players still hit restic-rest-server (data plane) directly with their
per-user password. cloud-svc never sits in the player data path —
limits its public exposure to zero.
cloud-svc was a worse re-implementation of what restic-rest-server
already does (--private-repos + --append-only + native retention +
chunk-level dedup). Pivoting before either ships in production.
cloud-sync.jar becomes a restic CLI wrapper. ~200 LOC instead of
~2000+ in the custom-server path. Server-side prune via operator
master password (option 1 — multi-key per repo).
Open questions flagged at end of doc for confirmation.
'installer' implied one-way install (matching packwiz-installer); this
tool is bidirectional sync (pull on launch, push on exit). Aligns with
the existing automc <scope>-<role> pattern: cloud-svc ↔ cloud-sync,
matching mc-router, mc-wrapper, gate-waker.
Gitea repo renamed via API (id 2974 preserved); jar filename now
cloud-sync-<version>.jar. Build verified post-rename.
Compiles to a 3.4 MB fat jar via shadow plugin.
Entrypoint with CLI dispatch (pull/push subcommands) + FlatLaf init.
Real sync logic stubbed; lands in subsequent commits per task plan.
Build via containerized gradle (8.10.2 + jdk21) to sidestep the
Kotlin 2.1 + JDK 26 compiler crash. Documented in README.
CI workflow tags-only release artifact upload prepared (needs
RELEASE_TOKEN secret in repo settings before first tag).
claude-timemachine