diff options
| author | Craig Jennings <c@cjennings.net> | 2026-07-01 10:43:48 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-07-01 10:43:48 -0400 |
| commit | d5588320f95293682ee64faa50b03d85b29e15d5 (patch) | |
| tree | 1d02497028618661f0e8828a6051cbdd4cc9f7c7 | |
| parent | 10e10a00e18dd9402e6a8bf059ccb9dbb7de744e (diff) | |
| download | archsetup-d5588320f95293682ee64faa50b03d85b29e15d5.tar.gz archsetup-d5588320f95293682ee64faa50b03d85b29e15d5.zip | |
docs: fold Craig's cj comments into the network module spec
Set the notification format (title "Networking", label then string), add VPN kill-switch detection and correction off the deferred-vpn branch, and make the no-terminal rule absolute for the module UX. Filed a VERIFY for the one tension: the dead-GUI console-recovery path versus no terminals.
| -rw-r--r-- | docs/design/2026-06-29-waybar-network-module-spec.org | 59 | ||||
| -rw-r--r-- | todo.org | 10 |
2 files changed, 65 insertions, 4 deletions
diff --git a/docs/design/2026-06-29-waybar-network-module-spec.org b/docs/design/2026-06-29-waybar-network-module-spec.org index 298ebe6..0af9342 100644 --- a/docs/design/2026-06-29-waybar-network-module-spec.org +++ b/docs/design/2026-06-29-waybar-network-module-spec.org @@ -1,5 +1,5 @@ #+TITLE: Waybar Network Module — Design Spec -#+AUTHOR: Craig Jennings & Claude +#+AUTHOR: Craig Jennings #+DATE: 2026-06-29 * Status @@ -383,7 +383,8 @@ there's one source of truth. Per-surface rendering of the canonical string: - *Indicator* — the matching glyph + CSS class; the string is the tooltip (untruncated). -- *Notification* (=notify=) — title = the failure label, body = the string. +- *Notification* (=notify=) — title = "Networking"; body = the failure label on + its own line, then the canonical string. - *CLI* — the string on stderr; =--json= puts it in =error.message= with the evidence in =error.detail= and a stable =error.code=. - *Panel* — the string as the section banner, with the diagnostic step's evidence @@ -435,6 +436,31 @@ portal tokens never). - *DNS override cleanup unverified* — "Couldn't confirm DNS was restored after the test" → evidence: iface, attempted revert → revert DNS manually (=resolvectl revert <iface>=). +- *VPN kill-switch blocking* — "A VPN kill-switch is blocking all traffic, and the + VPN itself is down" → evidence: a block artifact present with no tunnel up → bring + the VPN back, or clear the kill-switch (the exact root command surfaced, not + auto-run). + +*VPN kill-switch detection + correction.* A kill-switch blocks all non-VPN egress when +the tunnel drops, so the link looks up (wifi, IP, gateway) but nothing reaches the +internet. This extends the =deferred-vpn= branch: when a VPN is active and the probe +fails, run a rootless cascade to tell a working tunnel from a kill-switch that's +blocking because the tunnel is down — +- =ip rule= for wg-quick's =not fwmark 0xca6c= + =suppress_prefixlength 0= (and the + PostUp =REJECT ! -o %i= rule that makes it leak-proof); +- =wg show= for an up tunnel interface; +- =nmcli connection show= for Proton's =pvpn-killswitch= / =pvpn-ipv6leak-protection= + (device =pvpnksintrf0=); +- =nft list ruleset= / =iptables -S OUTPUT= for a drop/reject table (=killswitch=, + =protonvpn=, =oifname != "wg0" ... drop=); +- =nmcli -f connection.zone= for a firewalld =drop= zone. +Classify *kill-switch-blocking* only when a block artifact exists AND no tunnel +interface is up — that's what distinguishes it from a healthy VPN. Correction is tiered +by artifact and every option needs root, so surface the exact command rather than +auto-running it: =wg-quick down <iface>=, =nmcli connection delete pvpn-killswitch +pvpn-ipv6leak-protection=, =nft delete table inet killswitch=, or =nmcli connection +modify <con> connection.zone ''=. (Sits alongside the Phase 5 VPN work; detection can +land earlier since =deferred-vpn= already exists.) Each message names whether the system was left unchanged, partially changed (with what), or fully changed, so the user knows the residue. @@ -1067,8 +1093,12 @@ a *coverage-gap pass*, not just a percentage: V2 redesign decisions (Craig, 2026-06-30): 15. *No terminals anywhere in the module* — =net-popup= is removed; every action and - result renders in the panel. Reverses the part of decision 11 that ran privileged - repairs in a terminal "so sudo/polkit can prompt". + result renders in the panel. No terminal is ever used to report information to the + user or to collect input from them: every prompt, confirmation, repair stream, and + result lives in the panel UI (Craig, cj, 2026-06-30). Reverses the part of decision + 11 that ran privileged repairs in a terminal "so sudo/polkit can prompt". (Unrelated + to the doctor's "terminal states" — that word means a final outcome, not a tty. The + one open question is the dead-GUI console-recovery path; see the VERIFY in todo.org.) 16. *Passwordless privileged path* — a root-owned helper + a narrow NOPASSWD sudoers rule scoped to it, archsetup-installed, run as =sudo <helper> <verb>=. This gates decision 15 (a worker thread can't prompt). Absorbs the earlier DoT-toggle @@ -2036,3 +2066,24 @@ is already failing. - *Artifacts:* Findings 32-40 completed in place with dispositions; the modify reason on the speed-test finding. New "V2 panel UX" section under Panel. todo.org redesign task updated to point the V2 build at the dispositioned design. + +** 2026-07-01 Wed @ 10:43:18 -0400 — Claude Code (archsetup) — responder (cj comments) + +- *What changed:* Folded in Craig's three cj comments from his review. (1) Notification + rendering: title = "Networking", body = the failure label on its own line then the + canonical string. (2) VPN kill-switch: added a "kill-switch blocking" failure state + plus a detection-and-correction strategy off the =deferred-vpn= branch (rootless + cascade over =ip rule= fwmark 0xca6c / =wg show= / Proton =pvpn-*= NM connections / + =nft=/=iptables= drop tables / firewalld =drop= zone; classify blocking only when a + block artifact exists AND no tunnel is up; correction surfaces the exact root command + per artifact). (3) Terminals: strengthened decision 15 to "no terminal ever reports + to or collects input from the user", disambiguated from the doctor's "terminal + states" wording. +- *Why:* Craig's review annotations. The kill-switch closes a real gap in the + VPN-routed classification; the terminal directive makes the no-terminal rule + absolute for the module UX. +- *Artifacts:* Three cj blocks removed. VPN research subagent cited wg-quick man page, + Pro Custodibus, System76/Proton killswitch docs, and local =doctor.py:42= / + =classify.py:60= / =USNY.conf:15=. One open tension filed as a VERIFY in todo.org: + the dead-GUI console-recovery path (=make online= from a TTY) vs the no-terminal + directive. @@ -226,6 +226,16 @@ V2 sudo-helper. Bonus: wpa_supplicant debug catches wrong-password/EAP failures state-120 snapshot misses, so it also closes the auth live-detection gap. Spec: Observability → "Automatic diagnostic verbose-capture". Origin: Craig 2026-06-30. +*** VERIFY Dead-GUI console recovery vs "no terminals" — keep =make online= or replace it? :network: +The cj comment (2026-07-01) said scrub every terminal the module uses to report to or get input +from the user, and I folded that into decision 15 (all module UX is in-panel). The one place it +collides: the deliberate console-recovery path — =make online= / =net doctor --fix= run from a +bare TTY when waybar and the GUI are *down* — is the whole point of the CLI being usable with no +GUI. That's a terminal reporting to the user, but only because there's no panel to use. Keep it +as an explicit carve-out (recovery-only, not terminal-as-UI), or replace it with something else +(a TTY text UI still counts as a terminal)? Your call settles whether the Makefile/CLI recovery +targets stay in the spec. + ** TODO [#B] Waybar network module — custom/net :feature:waybar:network: :PROPERTIES: :LAST_REVIEWED: 2026-06-29 |
