From ddee2c48713c3b640b3157dea38147405a38488c Mon Sep 17 00:00:00 2001 From: Grant Gilliam Date: Sat, 13 Jun 2026 16:04:44 -0500 Subject: [PATCH] Replace real backend IPs with placeholders in docs and tests The backend host and LAN IPs are kept out of source by convention; the prior commit committed the real primary/fallback IPs into AGENTS.md and the new test. Swap them for neutral wording and the RFC 5737 documentation IP (192.0.2.1). These IPs remain in commit c44a975 (already pushed); purging them from history is a separate filter-repo + force-push decision. --- AGENTS.md | 4 ++-- .../InsecureTrustDelegateTests.swift | 12 ++++++------ 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/AGENTS.md b/AGENTS.md index ab2e397..2095053 100644 --- a/AGENTS.md +++ b/AGENTS.md @@ -85,8 +85,8 @@ open /Applications/Ten31Transcripts.app Present tense; overwritten each session. 73 tests pass; `/Applications/Ten31Transcripts.app` matches HEAD and runs; working tree clean and pushed to `origin`/`main`. A full independent evaluation ran 2026-06-13 → `EVALUATION.md` (committed at repo root; overwritten + re-committed each run for a reviewable diff); its findings are triaged into the lists below. The eval's P1 (TLS) is now **fixed** and verified against the live backend. - **Working:** call detection (Meet/Zoom/Teams/Signal), dual-track capture, dual-channel + chunked backend hand-off, speaker reconciliation, recap (`transcript.md` + recap-relay-styled `recap.html`), speaker editor, configurable chunk length, standalone Settings window. - **In progress:** the Meet visual fix (reject solid camera-off tiles) is unverified end-to-end — no clean run exists yet; the saved Meet session's `visual_timeline.json` predates the fix. -- **Done this session (was eval P1):** TLS validation is now **on by default** and the skip-TLS escape hatch is **scoped to the configured host** (`InsecureTrustDelegate.allowsTrustOverride`, covered by `InsecureTrustDelegateTests`). Supported path = the StartOS Root CA trusted in the System keychain; verified `URLSession` default validation returns 200 against both `192.168.1.72` and the `10.59.211.2` fallback. -- **Work queue (next up):** wire the backend URL + primary→fallback into config. Today it's a single `backendBaseURL` with no fallback logic, and on this Mac no value is saved (so it resolves to the `your-spark-backend.local` placeholder); the real setup is primary `https://192.168.1.72:62419` → fallback `https://10.59.211.2:62419`. +- **Done this session (was eval P1):** TLS validation is now **on by default** and the skip-TLS escape hatch is **scoped to the configured host** (`InsecureTrustDelegate.allowsTrustOverride`, covered by `InsecureTrustDelegateTests`). Supported path = the StartOS Root CA trusted in the System keychain; verified `URLSession` default validation returns 200 against both the primary backend IP and its fallback. +- **Work queue (next up):** wire the backend URL + primary→fallback into config. Today it's a single `backendBaseURL` with no fallback logic, and on this Mac no value is saved (so it resolves to the `your-spark-backend.local` placeholder); the real setup is a primary LAN IP with a fallback IP (both port 62419) — the actual addresses live in Settings/UserDefaults, never source. - **Known debt (P2 — fix before wider use):** - `RecapAnalyzer.mmss()` fatally crashes on NaN/∞ (reproduced 2×); a malformed/MITM'd backend `duration` (e.g. `1e400` → `Double.infinity`) aborts the app at recap-render time — add a finite-guard fallback (`RecapAnalyzer.swift:137`). - README is stale by six phases — still says "Phase 0 (scaffold) / no audio capture, detection, or backend hand-off yet" for a shipped Phase-6 app; same lie in source comment `AppSettings.swift:7`; and `README.md:49` still calls skip-TLS "on by default" (now off). Rewrite to match reality. diff --git a/Ten31TranscriptsTests/InsecureTrustDelegateTests.swift b/Ten31TranscriptsTests/InsecureTrustDelegateTests.swift index 1df81c2..ed258fd 100644 --- a/Ten31TranscriptsTests/InsecureTrustDelegateTests.swift +++ b/Ten31TranscriptsTests/InsecureTrustDelegateTests.swift @@ -12,24 +12,24 @@ final class InsecureTrustDelegateTests: XCTestCase { } func testFiresForMatchingHost() { - let d = InsecureTrustDelegate(allowedHost: "192.168.1.72") - XCTAssertTrue(d.allowsTrustOverride(for: space(host: "192.168.1.72"))) + let d = InsecureTrustDelegate(allowedHost: "192.0.2.1") + XCTAssertTrue(d.allowsTrustOverride(for: space(host: "192.0.2.1"))) } func testRejectsMismatchedHost() { - let d = InsecureTrustDelegate(allowedHost: "192.168.1.72") + let d = InsecureTrustDelegate(allowedHost: "192.0.2.1") XCTAssertFalse(d.allowsTrustOverride(for: space(host: "evil.example.com"))) } func testNilAllowedHostNeverFires() { let d = InsecureTrustDelegate(allowedHost: nil) - XCTAssertFalse(d.allowsTrustOverride(for: space(host: "192.168.1.72"))) + XCTAssertFalse(d.allowsTrustOverride(for: space(host: "192.0.2.1"))) } func testOnlyServerTrustMethodFires() { // Matching host but a non-server-trust challenge (e.g. HTTP Basic) must not override. - let d = InsecureTrustDelegate(allowedHost: "192.168.1.72") + let d = InsecureTrustDelegate(allowedHost: "192.0.2.1") XCTAssertFalse(d.allowsTrustOverride( - for: space(host: "192.168.1.72", method: NSURLAuthenticationMethodHTTPBasic))) + for: space(host: "192.0.2.1", method: NSURLAuthenticationMethodHTTPBasic))) } }