Commit Graph

4 Commits

Author SHA1 Message Date
70cf6f5425 Migrate to the shared gatelock backend
ScreenLocker now composes gatelock.GateRoot + gatelock.LockWindow for the
actual lock window instead of the inline WindowSetupMixin mechanics; the
verify/relaxed-day auxiliary windows (never the lock itself) stay as
plain Tk windows. The hand-copied _log_integrity.py is deleted in favor
of gatelock.log_integrity (the canonical, non-duplicated module). This
is the second of three migrations (diet_guard done, wake_alarm next).

Two deliberate behavior changes, both confirmed:
- dependencies = [] (pure stdlib) now includes gatelock, a documented
  departure from the prior zero-deps stance.
- production grab upgraded from single-attempt-then-local-fallback to
  diet_guard's retry-forever (robust to e.g. a fullscreen game holding
  the grab).

Net hardening as a side effect: run()/close() now go through gatelock's
signal-safe lifecycle, so SIGTERM/SIGINT restore VT switching on every
exit path -- previously only a clean close() did, leaving VT switching
disabled if the service was killed mid-lock.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01XCdT46zV8hESDvbgYMGDLt
2026-06-21 20:11:16 +02:00
4cdfce5fe3 chore: set up as standalone repo
Extracted from testsAndMisc monorepo. Changes:
- Rewrote imports from python_pkg.screen_locker.* → screen_locker.*
- Vendored python_pkg.shared.log_integrity → screen_locker._log_integrity
- Vendored wake_alarm constants (ALARM_DAYS, WAKE_AFTER_HOURS, RTCWAKE_BIN) into _constants.py
- Extracted has_workout_skip_today into new screen_locker._wake_state module
- Added tests for _wake_state.py (392 tests, 100% branch coverage)
- Moved scripts/service files to repo root
- Added standalone pyproject.toml, requirements.txt, .pre-commit-config.yaml, .gitignore
- Added GitHub Actions CI workflows

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 07:43:06 +02:00
e34b513ced Split modules, fix tests, fix pre-commit batching
- steam_backlog_enforcer: extract _hltb_search.py and _scanning_confidence.py;
  split oversized test files into *_part2/3/4.py
- screen_locker: extract _early_bird.py and _window_setup.py from screen_lock.py;
  fix patch targets in tests (screen_lock.* -> _window_setup.*)
- wake_alarm: use shutil.which('xset') to avoid S607; add TestDisplayHelpers tests
- linux_configuration/usage_report: split into _parsing.py and _types.py;
  add bin/__init__.py (INP001); fix RUF002 (× -> x)
- pre-commit: add require_serial: true to pytest-coverage hook to prevent
  file batching across 24 CPU cores (was causing 12 parallel partial-coverage runs)
2026-05-22 22:48:28 +02:00
eafe933440 security: harden digital-wellbeing bypass vectors
- Screen locker: disable VT switching (Ctrl+Alt+Fn) via setxkbmap
  srvrkeys:none on startup; restore on close (production mode only).
  Gracefully skips if setxkbmap is not installed (shutil.which).
  Tests: 7 new tests, 100% branch coverage maintained.

- Midnight shutdown: restore real schedule values (Mon-Wed 21:00,
  Thu-Sun 22:00, morning end 05:00); re-enable the three commented-out
  leniency checks in check_schedule_protection(); self-lock script with
  chattr +i at end of enable_midnight_shutdown().

- Hosts install: add UNBLOCK_STATE_FILE tracking for whitelisted domains;
  check_unblock_entries_protection() blocks installation if the unblock
  list grows; save state after install; self-lock install.sh and
  generate_hosts_file.sh with chattr +i.
2026-05-16 15:41:40 +02:00