Tags: jetkvm/kvm
Tags
feat: Add detached window with optional toolbar and hostname display (#… …1187) * feat: Add detached window with optional toolbar and hostname display * feat: Remove padding and borders in detached window mode - Hide dotted background pattern in detached mode - Remove margins around video container - Remove min-width/height constraints and border/shadow on video * simplify: use fixed window size for detached window * refactor: reuse existing device route for detached window * refactor: replace DetachedToolbar with Close button in ActionBar * fix: preserve detached mode for modals and sidebar │ │ navigateTo() was dropping the ?detached=true query parameter during │ navigation, causing the Virtual Media modal to exit detached mode. │ The modal and sidebar containers were also hidden in detached mode │ via isDetachedWindow guards, preventing them from rendering. │ │ Fix navigateTo to preserve the detached query param across │ navigations, and remove the guards on Modal and SidebarContainer │ so both work in the detached window. * fix: enable terminal in detached mode and preserve detached param in mount route The Terminal components were guarded by !isDetachedWindow, preventing them from rendering. The mount route used raw navigate("..") which drops the ?detached=true query param, causing the navbar to reappear after closing the Virtual Media modal. Switched to navigateTo("/") which preserves search params, and use the onClose callback for the Dialog's internal navigation. * prettier formatting fixes --------- Co-authored-by: Adam Shiervani <adam.shiervani@gmail.com>
fix(make): require JETKVM_REMOTE_HOST for release targets and clean u… …p test commands (#1299) - Require JETKVM_REMOTE_HOST in release, test_production_release, and dev_release so remote-agent hardware validation runs in all lanes. - Always list --project=remote-agent explicitly (tests self-skip when env var is absent, keeping test_e2e usable without a remote host). - Remove redundant npm ci in dev_release (already run by frontend target). - Use $(BIN_DIR) consistently in _build_release_inner. Made-with: Cursor
Fix/ota signature bypass (#1254) * fix(ota): reject empty signature and require prerelease opt-in for bypass Two OTA signature verification vulnerabilities: 1. Empty signature bypass: downloadSignature accepted a 0-byte response, which caused verifyFile to skip GPG verification entirely via the len(signature) > 0 guard. An attacker serving an empty .sig file could bypass signature checks on any stable release. 2. Prerelease bypass without opt-in: shouldBypassSignatureCheck only checked whether the remote version had a prerelease suffix, not whether the device had opted into the dev channel. A compromised server could push a version like "99.0.0-dev.1" to any device and skip signature verification regardless of include_pre_release setting. Fixes: - downloadSignature now returns an error when signature bytes are empty - shouldBypassSignatureCheck takes includePreRelease param and requires it to be true before allowing prerelease bypass Unit tests added for: empty signature, hash mismatch, non-200 sig download, valid signature happy path, and prerelease opt-in table tests. Made-with: Cursor * test(e2e): add OTA signature edge case and prerelease rejection tests Add wrong-key signature, empty signature, and prerelease-without-opt-in E2E tests to catch signature bypass vulnerabilities on real devices. Made-with: Cursor * refactor(e2e): use Playwright projects and remove OTA shell scripts Organize E2E tests into named Playwright projects (core, ota-signed, ota-prerelease-unsigned, etc.) so each test suite can be run with --project=<name>. Remove 5 OTA wrapper scripts that were just boilerplate env-var setup, and inline them into the Makefile via a shared OTA_ENV macro. Rename z-ota-* specs to ota-* now that ordering is controlled by project selection, not alphabetical filename sorting. Made-with: Cursor * fix(ci): use Go 1.25 for golangci-lint to match build workflow golangci-lint v2.1.6 (built with Go 1.24) panics when type-checking code that requires Go 1.25. Align the lint workflow with build.yml by using go-version: ^1.25.1 instead of oldstable. Made-with: Cursor
Fix/ota signature bypass (#1254) * fix(ota): reject empty signature and require prerelease opt-in for bypass Two OTA signature verification vulnerabilities: 1. Empty signature bypass: downloadSignature accepted a 0-byte response, which caused verifyFile to skip GPG verification entirely via the len(signature) > 0 guard. An attacker serving an empty .sig file could bypass signature checks on any stable release. 2. Prerelease bypass without opt-in: shouldBypassSignatureCheck only checked whether the remote version had a prerelease suffix, not whether the device had opted into the dev channel. A compromised server could push a version like "99.0.0-dev.1" to any device and skip signature verification regardless of include_pre_release setting. Fixes: - downloadSignature now returns an error when signature bytes are empty - shouldBypassSignatureCheck takes includePreRelease param and requires it to be true before allowing prerelease bypass Unit tests added for: empty signature, hash mismatch, non-200 sig download, valid signature happy path, and prerelease opt-in table tests. Made-with: Cursor * test(e2e): add OTA signature edge case and prerelease rejection tests Add wrong-key signature, empty signature, and prerelease-without-opt-in E2E tests to catch signature bypass vulnerabilities on real devices. Made-with: Cursor * refactor(e2e): use Playwright projects and remove OTA shell scripts Organize E2E tests into named Playwright projects (core, ota-signed, ota-prerelease-unsigned, etc.) so each test suite can be run with --project=<name>. Remove 5 OTA wrapper scripts that were just boilerplate env-var setup, and inline them into the Makefile via a shared OTA_ENV macro. Rename z-ota-* specs to ota-* now that ordering is controlled by project selection, not alphabetical filename sorting. Made-with: Cursor * fix(ci): use Go 1.25 for golangci-lint to match build workflow golangci-lint v2.1.6 (built with Go 1.24) panics when type-checking code that requires Go 1.25. Align the lint workflow with build.yml by using go-version: ^1.25.1 instead of oldstable. Made-with: Cursor
Rate limit login access (#1185) * Set minimum chars and ratelimit on pw * Implement onboarding flow for USB device tests by adding helper functions to handle welcome state and login. Enhance test setup to ensure device is ready before running tests. * Refactor password handling by removing rate limiting checks from update and delete password functions. Update UI error handling to remove rate limit messages. Clean up related test cases for rate limiting. * Refactor welcome flow and password handling in tests. Consolidate password setup functions and enhance local authentication mode checks. Update test cases to streamline onboarding and password management processes. * Update log file paths in DEVELOPMENT.md * Add password validation messages for multiple languages - Added error message for passwords that are too short (minimum 8 characters). - Included rate limiting error message for too many failed attempts. - Updated localization files for Danish, German, Spanish, French, Italian, Japanese, Norwegian, Portuguese, Swedish, and both Simplified and Traditional Chinese. * Update noder version in DEVELOPMENT.md * Fix typo in log file path in DEVELOPMENT.md * Refactor device onboarding and authentication flow in tests - Renamed `ensureWelcomeState` to `resetDeviceToWelcome` for clarity. - Consolidated password handling in welcome flow tests, replacing deprecated functions. - Updated test setup to ensure device is in noPassword mode before running tests. - Removed unused functions and cleaned up related test cases for better maintainability. * Refactor mouse round-trip tests to streamline cursor movement verification
Add missing languages and correct translations of languages. (#1161) * Add missing languages and updated translations of languages Japanese and Portuguese were not added to the translations. Japanese locale strings need to be in Japanese. Portuguese locale strings need to be in Portuguese. Chinese (Traditional) locale strings need to be in Chinese (Traditional). Always use (bokmål) for "book language" Norwegian. Resorted using `npm run i18n:resort` * Update the documentation to guide addition. Needed to document the steps for adding the other languages. * Correct the Chinese locale options They should be in the native language of the containing file. * Correct path for settings.json Sorted language codes (leaving English at top as default) Address review comments. * Added update instructions for updating the translation menu. Japanese was never added. * Removed requirement to update utils.ts Added a generic helper function that maps localized messages to their inlang/paraglide formatting function. * Add documentation on end-to-end testing. * Slight tweak of documentation * Replace Japanese spelling out bokmål
PreviousNext