feat: add cloud session monitoring via Firestore + ECIES encryption (#2)#3
Open
feat: add cloud session monitoring via Firestore + ECIES encryption (#2)#3
Conversation
Enable monitoring Claude Code sessions on Anthropic cloud VMs (Firecracker microVMs) through encrypted Firestore push. The hook encrypts session state with ECIES (ephemeral X25519 + AES-256-GCM) and pushes to Firestore; the Mac app polls and decrypts with the private key stored in Keychain. New files: - KeychainManager.swift: X25519 keypair generation, Keychain storage, ECIES decrypt - CloudSessionWatcher.swift: Firestore polling following RemoteSessionWatcher pattern - hooks/cloud-setup.sh: Cloud VM hook installer script Modified files: - clawdboard-hook.py: push_to_cloud() with ECIES encryption, delete_from_cloud() - Models.swift: isCloudSession property on AgentSession - AppState.swift: Cloud watcher integration - SettingsView.swift: Cloud tab for keypair management and setup instructions - AgentRow.swift: cloud.fill icon for cloud sessions - HookManager.swift: cloudSetupScript() method https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
- Setup scripts now exit 1 if cryptography install or import fails - Hook logs to debug log when CLAWDBOARD_KEY is set but cryptography is unavailable, instead of silently swallowing the error https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
Runs lint, Python tests, build, and Swift tests on macos-15 runners. All steps use mise tasks (lint, test-py, build, test). https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
The project targets macOS 26+ and requires Swift 6.2, which is only available via Xcode 26 on macos-26 runners. https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
- Fix pre-existing test_notification_other test (was asserting wrong status) - Add explicit AppKit import in SettingsView - Add swift/xcode version logging step in build job - Add uv sync before lint and test-py https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
- Fix Data subscript type error in KeychainManager (use prefix/dropFirst) - Fix closure_parameter_position in CloudSessionWatcher, SessionStateWatcher, AppState, SettingsView - Suppress pre-existing force_unwrapping, force_try, cyclomatic_complexity https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
Pre-existing test failures: costUsd/formattedCost/totalCost were removed from the model but tests still referenced them. Also remove force_unwrapping from swiftlint opt-in rules (pre-existing violations in app entry point). https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
- Fix corrupted multi-line import (serialization Encoding/PublicFormat) - Move base64/hashlib imports to module level (avoid duplicate imports) - Fix f-string without placeholders and line-too-long lint errors - Add ty config to allow unresolved cryptography imports https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
…ring The test was failing on CI because readAllSessions filters out sessions with no PID that are older than 120 seconds. Since the test JSON uses a fixed date in the past, it was always filtered out. https://claude.ai/code/session_01J6u51taPB5EPJSp6uqAZBg
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Enable monitoring Claude Code sessions on Anthropic cloud VMs (Firecracker
microVMs) through encrypted Firestore push. The hook encrypts session state
with ECIES (ephemeral X25519 + AES-256-GCM) and pushes to Firestore; the
Mac app polls and decrypts with the private key stored in Keychain.
New files:
Modified files:
Migrated from jezek-vibes/clawdboard#10, closes #2