CalvinBackup/Shadowbroker
1
0
Fork 0
mirror of https://github.com/BigBodyCobain/Shadowbroker.git synced 2026-06-06 06:13:54 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
80a01275ff40a253683ea44be4fdac445d26de85
Shadowbroker/desktop-shell/tauri-skeleton/src-tauri/src/bridge.rs
T
BigBodyCobain 28b3bd5ebf release: prepare v0.9.7
2026-05-01 22:56:50 -06:00

74 lines
2.2 KiB
Rust
Raw Blame History

use serde_json::Value;
use tauri::State;
use crate::handlers::dispatch_control_command;
use crate::policy::{self, PolicyOutcome};
use crate::{DesktopAppState, NativeGateCryptoState};
#[tauri::command]
pub async fn invoke_local_control(
command: String,
payload: Option<Value>,
meta: Option<Value>,
state: State<'_, DesktopAppState>,
gate_crypto_state: State<'_, NativeGateCryptoState>,
) -> Result<Value, String> {
// Enforce policy on the Rust side — this runs even if webview JS is
// bypassed and invoke_local_control is called directly via Tauri IPC.
match policy::enforce(&command, &payload, &meta) {
PolicyOutcome::Allowed(entry) => {
if let Ok(mut ring) = state.audit_ring.lock() {
ring.record(entry);
}
}
PolicyOutcome::ProfileWarn(entry) => {
// Profile mismatch but not enforced — log warning, allow dispatch
eprintln!(
"native_control_profile_warn: command={} profile={:?} cap={}",
entry.command, entry.session_profile, entry.expected_capability
);
if let Ok(mut ring) = state.audit_ring.lock() {
ring.record(entry);
}
}
PolicyOutcome::Denied(entry, message) => {
if let Ok(mut ring) = state.audit_ring.lock() {
ring.record(entry);
}
return Err(message);
}
}
dispatch_control_command(
&state.backend_base_url,
state.admin_key.as_deref(),
&command,
payload,
&gate_crypto_state,
)
.await
}
#[tauri::command]
pub fn get_native_audit_report(
limit: Option<usize>,
state: State<'_, DesktopAppState>,
) -> Result<Value, String> {
let ring = state
.audit_ring
.lock()
.map_err(|e| format!("audit_lock_failed:{e}"))?;
let report = ring.snapshot(limit.unwrap_or(25));
serde_json::to_value(report).map_err(|e| format!("audit_serialize_failed:{e}"))
}
#[tauri::command]
pub fn clear_native_audit_report(state: State<'_, DesktopAppState>) -> Result<(), String> {
let mut ring = state
.audit_ring
.lock()
.map_err(|e| format!("audit_lock_failed:{e}"))?;
ring.clear();
Ok(())
}
Reference in New Issue View Git Blame Copy Permalink