Commit Graph

4 Commits

Author SHA1 Message Date
jared a06f2c662a feat(livekit-guard): enforce per-room call permissions (screenshare/camera)
Extend voice-limit-guard to enforce a per-room publish-source policy
(io.lotus.room_quality allow_screenshare/allow_camera) for ALL Matrix clients,
alongside the existing participant limit.

- At token issue, re-sign the LiveKit JWT's canPublishSources to drop forbidden
  sources (microphone always kept). Verifies our own secret signed the token
  first and fails open on mismatch, so a secret drift can never mint a token the
  SFU rejects. Limit check and source policy are independent (one's outage can't
  skip the other).
- Live (mid-call) enforcement: a background reconcile loop calls LiveKit
  UpdateParticipant to revoke a forbidden source from participants who joined
  before the policy changed -- which unpublishes their in-progress
  screenshare/camera server-side within ~3s and blocks re-publish. Only removes
  sources (never grants), preserves other permission flags, fails open, and runs
  as a daemon thread that cannot crash or block token issuance.
- Endpoint-specific room-id extraction (/get_token->room_id, /sfu/get->room) so
  a client sending both keys can't get a different room's policy applied.
- Auto-deploy the guard on LXC 151 (py_compile-gated, backup + rollback).
- Unit tests: JWT re-sign/verify + tamper, secret-mismatch, source narrowing,
  reconcile (never-grant / preserve-flags / disable-on-empty), fail-open.

Numeric bitrate/fps caps are NOT server-enforceable on an SFU (LiveKit forwards,
never transcodes) and remain a Lotus-client-cooperative setting; the
screenshare/camera permission is the hard cross-client lever.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-30 22:34:34 -04:00
jared b9a251bd7a Integrate matrixbot into existing LXC 151 deploy hook
Lint / Shell (shellcheck) (push) Successful in 11s
Lint / JS (eslint) (push) Successful in 6s
Removed standalone matrixbot/deploy.sh — deploy is handled by the existing
webhook system. Added matrixbot/ block to deploy/lxc151-hookshot.sh: on push,
if any matrixbot/ file changed, source files are synced to /opt/matrixbot and
matrixbot.service is restarted automatically.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-20 16:18:10 -04:00
jared 735c1eb30e ci: add lint workflow, shellcheck fixes, and CI failure hookshot alert
Lint / Shell (shellcheck) (push) Has been cancelled
Lint / JS (eslint) (push) Has been cancelled
- .gitea/workflows/lint.yml: new workflow running shellcheck on .sh files
  and eslint on hookshot/ JS transform scripts
- hookshot/.eslintrc.json: declare data/result as hookshot globals
- hookshot/ci-alert.js: new Matrix hookshot transform for CI failure alerts
- hookshot/deploy.sh: fix SC2155 (split local/assign), SC2034 (remove unused var)
- systemd/livekit-clear-port.sh: fix SC2148 (invalid shebang escape)
- cinny/dev-update.sh: fix SC2115 (use ${WEB_ROOT:?} to guard rm -rf)
- deploy/lxc151-hookshot.sh: add shellcheck source=/dev/null for sourced file
- .gitignore: ignore node_modules/
- package.json + package-lock.json: eslint@8 dev dependency

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-14 16:25:39 -04:00
jared 5e936b2ca1 Add auto-deployment infrastructure for all 4 LXCs
- Per-LXC deploy scripts (lxc151-hookshot, lxc106-cinny, lxc139-landing, lxc110-draupnir)
- Per-LXC webhook hook configs with unique HMAC-SHA256 secrets
- Livekit graceful restart script + systemd timer (waits for zero active calls)
- Fix hookshot/deploy.sh capitalization bug (Uptime-Kuma, Tinker-Tickets, etc.)

Each LXC independently clones repo and runs its own deploy.sh via adnanh/webhook on port 9000.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-03-18 11:41:32 -04:00