3 Commits

Author	SHA1	Message	Date
claude-timemachine	fe26ed309c	feat(ui): Qt progress window with Prism-Launcher-inspired dark palette ... cloud-sync now ships a real Qt UI alongside the tkinter fallback. Architecture: - HeadlessProgress: --no-gui path, plain stdout - TkProgressWindow: stdlib fallback when Qt isn't installed - QtProgressWindow: preferred path; supports both PySide6 and PyQt6 (interchangeable APIs for our subset) The factory in ui.py picks Qt → tkinter → headless. Tk stays so the zipapp still works on bare Python with no extras. Threading: QApplication runs on the main thread (started by run_with via QDialog.exec). The restic worker runs on a daemon threading.Thread. Cross-thread UI updates go via a Signal on a bridge QObject so Qt auto-marshals them onto the main thread via a queued connection. Cancellation: WM close + Cancel button both set a flag. sync.pull/push pass ui.is_cancelled as restic.run's cancel_check; the subprocess gets killed and returns -1 → exit 1. Theme: Fusion style + Prism's dark palette (RGB values copied as facts from PrismLauncher's DarkTheme.cpp). Override with PRISM_THEME=off. Pyz size went 20 KB → 36 KB (added ui.py + ui_qt.py). 33 tests still green.	2026-06-04 23:12:58 +02:00
claude-timemachine	49d1cb3280	drop restic repo encryption; rely on TLS + append-only + LUKS ... User credentials now serve HTTP basic auth only. Repos init with --insecure-no-password. Removes: - RESTIC_PASSWORD env in client subprocess - Per-repo password coordination story - Multi-key restic setup (user key + operator-master key) - Two-password recovery edge cases Operator-side prune now runs over the filesystem path (-r /srv/.../<user>/) which bypasses rest-server's HTTP-layer append-only enforcement. No password needed at all. Protection model stays: - TLS in transit (reverse proxy) - HTTP basic per-user (htpasswd) for read/write authorization - --private-repos for per-user URL isolation - --append-only for client-side delete protection - LUKS / disk-level for at-rest encryption (operator's responsibility) Verified end-to-end on john: pull → push → restore round-trip works, DELETE on bogus snapshot still returns 403 (append-only intact), operator can read repo via filesystem path (prune-mode access works). 33 pytest still green.	2026-06-04 22:23:40 +02:00
claude-timemachine	ffdfb1f9b6	pivot to Python: replace Kotlin/JVM with stdlib zipapp ... Reasons stacked up: - AV: unsigned JARs that auto-download binaries + upload files trigger Windows Defender false-positives more often than Python scripts invoked by code-signed python.exe. - Qt UI option: PySide6 opens a path to a real Qt UI (matching Prism's look) if needed later. JVM Qt bindings are abandoned. - frazclient already needs Python; inlining as 'import cloud_sync' is zero overhead vs the launcher always shelling out to java. Implementation: - cloud_sync package: cli.py (argparse), creds.py, scope.py, restic.py (binary discovery + auto-download + sha256 verify), sync.py (pull/push subprocess restic). - pyproject.toml with hatchling backend; pip-installable. - Makefile builds cloud-sync.pyz via python -m zipapp (~53 KB). - 33 pytest tests, stdlib only on runtime. - CI workflow runs pytest matrix (3.10/3.11/3.12) + builds pyz. - DESIGN.md + README.md updated to reflect Python. E2E verified against local restic-rest-server: pull empty → push initial → rm -rf local → pull restores → modify+push creates second snapshot → client forget --prune blocked by --append-only. Throws away ~565 LOC of Kotlin (and 18 jar tests) committed earlier in this same session. Net result is ~250 LOC Python + 33 tests = smaller and more aligned with the rest of the stack.	2026-06-03 01:11:47 +02:00