Data sovereignty
returned to you,
AI at your fingertips.

A batch of PDH analysis-pipeline + query-parsing + Douyin/Toutiao collection fixes, FAMILY-67 call/message notification UX polish, and a single global Android keyboard-overlap fix. pdh 0.4.29 + cli 0.162.82 published to npm; Android cc bundle internal-binaries-android-v20260619 (USR_VERSION 49).

Persist & view friend voice/video call history, add incoming ringtone/vibration/ringback, and add timeouts to every CLI network fetch so a dead endpoint can no longer hang forever. cli 0.162.81 published to npm.

1:1 real-time A/V + ringtone + missed-call + call history + background/lockscreen incoming + reconnect grace + connection self-heal; 44 JVM unit tests green, live two-device voice call verified.

Two days of debugging wrapped up; verified on real devices (amethyst<->chopin) with sub-second bidirectional delivery.

Analysis-quality issues surfaced after real-device collected data was fed into the personal AI knowledge base (pdh 0.4.28 + cli 0.162.78 published to npm; Android cc bundle v20260617c).

Surfaced on a real device 2026-06-17: Douyin WCDB2 decrypted-page memory has no "SQLite format 3" file header, so the old header-only scan matched 0 regions. mem-scan now decides by content and the leaf-page salvage no longer depends on a header, covering both encryption schemes. Pure-APK change (scripts in assets); cc bundle / pdh / USR_VERSION unchanged.

Real-device scan-bug fixes + multi-app direct collection: salvage now attributes records to the right target app, and the scan engine gains timeouts and orphan-process cleanup. pdh 0.4.27 + CLI 0.162.77 published to npm; Android cc bundle rolled to internal-binaries-android-v20260617b (USR_VERSION → 47).

Key-free forensic collection on a rooted device (Method B /proc/mem leaf-page salvage) goes from a manual script to a one-tap in-app button; cross-app data overview fixed (older cc bundles lacked analysis.overview, causing an "overview error"). Desktop / Android / iOS surfaces aligned to .115; Android cc bundle rolled to internal-binaries-android-v20260617 (carries pdh 0.4.26, USR_VERSION → 46); release ships 18 assets.

Ran the PDH endpoint-capture runbook's static-analysis tier (read-only APK, no login) on a rooted device and corrected i-Xiamen's fabricated placeholder host to the real gateway. Desktop / Android / iOS surfaces aligned to .114; Android cc bundle rolled to v20260615d (carries pdh 0.4.25, USR_VERSION → 45).

Fixes the hard npm install failure for users defaulting to the Taobao mirror (#33) and hardens the npm publish pipeline. Desktop / Android / iOS version surfaces aligned to .113; Android cc bundle rolled to v20260615c (carries cli 0.162.70, USR_VERSION → 44).

Six high-value mainstream platforms absent from both the roadmap and the reference device: Ele.me / Xianyu / VIP.com / Douban / Ximalaya / Keep. pdh 0.4.24 + CLI 0.162.67 published to npm; Android cc bundle rolled to v20260615b.

A second PDH long-tail round after v5.0.3.110: Xigua Video, Tianyancha, Dongchedi, WeChat Work (PC), plus gov-tax (scaffold) / CamScanner / Meiyou / i-Xiamen from parallel branches. pdh 0.4.23 + CLI 0.162.65 published to npm; Android cc bundle rolled to v20260615.

One /loop run filled the PDH collection gaps: every completed-phase 3-star+ platform plus the feasible long-tail. pdh 0.4.18 + CLI 0.162.60 published to npm; Android cc bundle rolled to v20260614b.

Real-device testing of v5.0.3.108 found the released APK did not contain cc-cli.tgz (local-terminal / cc unusable on device, PDH collection scripts not delivered). This is a pure packaging fix; bundle contents are unchanged.

Pinduoduo was the last of the shopping trio with only a user-export snapshot and no automatic collection path; this release adds cookie-api active collection, reaching parity with Taobao / JD / Meituan.

Wraps up the last 3 snapshot-only placeholder collectors in family-guard telemetry, giving them active live collection, delivered with Android in-APK cc bundle v20260612.

Driven by the PDH collection layer: fixes profile-collection failure caused by Kuaishou's new cookie format, the bug where all Amap trip events had missing titles, and completes the adapter test matrix.

Solidifies the 2026-06-10 CLI parity work into a formal release and rebuilds the Android in-app cc bundle, closing the gap where the in-APK cc had run stale code since v5.0.3.101.

(Backfilled entry) The aggregate release after the IDE bridge phases finalized: CLI 0.162.37 on npm, all-platform version alignment, VS Code extension Open VSX auto-publish CI + icon redraw.

This release gives the `cc` CLI a "run on a loop" capability and extends the IDE bridge from VS Code to JetBrains, with a full release pipeline for both extensions.

This release wires the `cc` CLI into your editor — a new `cc ide` command and VS Code extension that discover and auto-connect the editor's MCP server, letting the agent read/write files in your editor and surface changes via openDiff for accept/reject; meanwhile cc reaches near-parity with Claude-Code.

The CLI closes most of the gap with Claude-Code: headless `agent -p` now supports output format / max turns / allowed & disallowed tools / permission mode / stdin / multi-turn stream-json input / system prompt / multi-root workspace / fallback model, `@file` references work in `ask` and `chat`, plus a new `cc cost` token-spend estimator and file-level `cc checkpoint` snapshot / rewind.

This release closes the long-standing "config looks fine but nothing gets collected" gap in the Personal Data Hub: readiness is now a first-class judgment split out from the loose health-check, paired with a single "one-click collect / import guide" entry so regular users no longer face multi-step setup. Locally-readable sources expand substantially — Douyin / WeChat PC / QQ-NT / DingTalk / Feishu / WeRead / Apple Health / NetEase Cloud Music can all funnel your own data into the on-device vault.

A long-standing "tapping Social hangs" report was traced to the HubLocalViewModel init block synchronously reading EncryptedSharedPreferences (keystore-backed) plus the StrongBox decrypt inside DIDManager.initialize (a single decrypt can take seconds on some Xiaomi devices) — together they pinned the main thread for >5s and tripped an ANR. This release moves all of that init onto Dispatchers.IO, so Social / home no longer freeze.

Before this release, the Android CLOUD_ANDROID route forwarded the raw user question to the cloud model — AI was effectively "blind chat" with 768 vault contacts and thousands of events invisible. Three things landed: (1) New `cc hub retrieve-context` CLI + LocalCcRunner.retrieveContext Kotlin bridge + HubLocalViewModel integration — the cloud route now calls hub.retrieveContext(question) first, splices facts into the system message, then asks the cloud model. AI answers carry real citations back to source events. (2) PDH `getHubMinimal()` factory skips 8 heavy aichat adapter / kg / bm25 init steps that retrieve-context does not need; cold start drops 90s → <5s (verified on real device 2026-05-27: 4.2s vs old 87s), making cloud-route questions feel real-time. (3) summarizePerson now includes identifiers + notes — previously stripping phone / wechatId / email meant queries like "mom's phone number" always returned "insufficient information"; now identifiers Map is spliced into person facts and queries actually hit. Plus entity-focus routing + searchPersons LIKE name search prevent contacts from being squeezed out of the 200-row RAG ceiling by events.

User report: clicking "Check for Updates" from the tray did nothing; earlier the same button surfaced a red dialog with a full HttpError 404 stacktrace. Two independent problems were stacking: (1) right after a tag push, release.yml is still uploading assets so latest*.yml 404s briefly, and electron-updater forwarded the entire stacktrace as an error to the renderer + red card; (2) from v5.0.3.44 onward, update notifications go through the renderer AppUpdateNotifier card (painted inside BrowserWindow), so when the user triggers "Check for Updates" from the tray with the main window still hidden, the card paints into an invisible window → no response.

User report: `ChainlessChain-Setup-5.0.3-alpha.94.exe` crashes shortly after install. Diagnosis: not an installer issue — NSIS installed successfully, but the final auto-launch of ChainlessChain.exe hit Electron 39 / Chromium 130+ GPU process throwing STATUS_FAIL_FAST_EXCEPTION (0xc0000602) inside CoreMessaging.dll because the target box has an ancient GPU driver (confirmed: Intel Iris Pro 5200 + 2016-09 driver). Any ≤2018 GPU driver + older Intel HD/Iris series machine will hit this 100% of the time.

Two on-device social capture channels filled in. (1) C path (desktop PC ADB pulls platform DB) grew from 3 to 4 platforms: added Kuaishou with a KuaishouSignBridge (Electron WebContentsView driving its NS_sig3 signature) + social-kuaishou-adb Node collector + CLI / WS / desktop wiring across three entry points + web-shell UI with 9 Chinese reason banners + Win-first real-device E2E doc. Bilibili / Weibo / Xhs / Kuaishou C-path now all ship, reusing the shared chromium-cookies-reader module + SignProvider interface (NullSignProvider default + ApiClient short-circuits and refuses to send unsigned HTTP). (2) Mode B (Android in-APK root, su directly reads DB) opened 4 platforms: Toutiao Mode B v0.1 scaffold (CredentialsStore + DbExtractor with defensive PRAGMA-based column picker + DbCollector + 21 JVM tests) → wired into HubLocalViewModel + UI; Bilibili Mode B v0.1 (scaffold + wire + Win-first real-device E2E); Weibo schema probe doc + Mode B v0.1 (scaffold + wire + 21 JVM tests + real-device E2E); Xhs Mode B v0.1 (scaffold + wire + 21 JVM tests). Mode B uses root + su to read the DB directly without attaching to the process, bypassing libshield.so / libmsaoaidsec.so anti-frida detection. (3) Bridge dry-run doctor cold-starts the 3 sign bridges (Douyin / Toutiao / Kuaishou) inside the desktop app and probes candidate globals + warmUp / probe latency, surfacing SDK rotations 5-10 days early (anyCandidatePresent=false is the sentinel).

Two user-visible breakthroughs. (1) On-device LLM: MediaPipe tasks-genai pivot landed; added a prompt-length guard before the native call to fix a JNI-abort SIGABRT that took down the whole app (trap #22 — predictSync throws IllegalStateException when prompt > maxTokens, then calls NewByteArray without clearing the pending exception, triggering CheckJNI JniAbort that Kotlin try/catch cannot reach). HubAsk now exposes 4 LLM routes (LOCAL_DEVICE / CLOUD_ANDROID / PC_LOCAL / LAN_OLLAMA) mirrored across three screens (home tab 0 + local-data tab 3 + local-ask tab 4), with LAN baseUrl persisted to EncryptedSharedPreferences. (2) Vault Browser on both shells: FTS5 external-content virtual table + trigram tokenizer for CJK substring matching (10-100× faster than LIKE) + 7-bucket category taxonomy + desktop /personal-data-hub/browser Pinia store (300ms debounce + race-resolution token) + Android 6th tab "data browser" + 5 category-keyed renderers (ChatBubble / OrderTable / Timeline / EmailList / Generic) + client-side JSON / NDJSON / CSV export.

Phase 17 (five cross-platform desktop developer captures) + Phase 18 (two developer command-chain captures). Zero-config no-arg adapters — the vault scans on startup, no login / cookie / API key required. git-activity: commit / branch / merge history across every git repo on the box. shell-history: bash / zsh / pwsh command history with sensitive-token redaction. vscode: VSCode recent workspaces + integrated terminal history. win-recent: %APPDATA%/Microsoft/Windows/Recent/*.lnk — cross-app file-open history (any file any App ever opened lives here). local-files: Documents / Desktop / Downloads / Pictures / Videos / Music file-metadata walk (does NOT read contents — zero privacy risk). browser-history-chrome + browser-history-edge: direct read of Default/History SQLite, full browse history + bookmarks, Chrome / Edge auto-scanned on install.

Expanded Plan A v0.1 (Bilibili only) to v0.2 real wiring across 11 platforms: social content (Weibo / Douyin / Xiaohongshu / Toutiao / Kuaishou) + shopping (JD / Meituan / Pinduoduo / Taobao / Alipay) + travel & maps (Amap / Ctrip / Baidu Maps / Tencent Maps) + AI assistant 9-route WebView cookie scrape (DeepSeek / Kimi / Tongyi / Zhipu / Tencent Hunyuan / Wenxin / Coze / Dreamina / Doubao) + email 4 providers IMAP (QQ / Gmail / 163 / Outlook via Jakarta Mail). WeChat Phase 12.10 four sub-phases (SQLCipher real decrypt + frida-inject real injection + 16.5.9 binary vendored + APK shipped to real device) + QQ Phase 13.5 v0.2 (XOR-IMEI algorithm byte-identical to sjqz qq.py port — no SQLCipher, no frida, just root + IMEI input). Full-chain skeleton for Android on-device LLM (Ktor server + ModelManager + cc spawn + PDH "ask locally" tab).

End-to-end on Xiaomi 24115RA8EC: 1305 entities (contacts / calls / SMS / location / system) ingested into the local vault. npm @chainlesschain/personal-data-hub@0.2.1 + chainlesschain@0.162.14 with PDH-first publish ordering (release.yml publishes PDH before CLI to avoid the dep-chain 404 from before). New `cc android` 15-subcommand scaffold + `system-data-android` bridge-direct mode. Path C — phone-native snapshot writer + desktop ingest pipeline (Kotlin ContentResolver + PackageManager direct collection → WS push to desktop staging → existing adapter snapshot-mode into vault, bypassing A6 JNI entirely). Path Y — desktop returns RAG context + Android-local LLM inference (DeepSeek + Doubao + 7 more cloud LLM endpoints wired). Phase 14.1 step 5 ChatBubble landed + Phase 14.5 streaming-ask design.

Closed the WeChat 8.0+ frida-dep path end-to-end across four sub-phases in a single evening. 12.6.7 bootstrap.js stitches env-probe → KeyProvider choice → WechatAdapter ctor into a single hermetic entry point so IPC/WS/CLI no longer have to reinvent the wiring (decision matrix md5/frida/unsupported + opts.keyProviderOverride + full _probe / _md5Provider / _fridaProvider / _WechatAdapter test seams). 12.6.8 — 4 new IPC channels and 4 cc-ui WS topics (wechat-env-probe / register-wechat / unregister-wechat / list-wechat-accounts), register-wechat and unregister-wechat join the privileged ApprovalUI gate so mobile peers cannot silently wire an adapter against an attacker-controlled dbPath or trigger a Frida session. 12.6.9 — cc hub wechat env-probe / register --uin --db --wechat-data-path [--force-provider] / list / unregister CLI verbs with --json on every verb for scripting and the Plan A in-app terminal. 12.6.10 — WechatWizard.vue 295 LOC three-step drawer (env-probe checklist with dynamic per-row tag colors → uin + dbPath + wechatDataPath + forceProvider form → result with probe.reasons surface) plus PersonalDataHub.vue button. 9 hermetic integration tests cover md5 happy / frida happy / unsupported / idempotent re-register / two-uin coexistence / override semantics — no adb, no Frida, no real device. Phase 12.9 rooted-Android real-device E2E now has a dedicated §11 of the runbook with three flow scenarios (pre-8.0 md5 / 8.0+ frida / 8.0+ unrooted graceful rejection) and performance baselines.

Personal Data Hub rolled from Phase 4 (real third-party wiring) all the way to Phase 13.7 (seven social adapters all live) in one evening across 15 commits 763047a22 → b2baf4eda. Phase 4.5 Python sidecar bridge + SystemDataAdapter wiring 4 Android system sources (contacts / call log / SMS / location) reusing 17 real sjqz parsers via subprocess JSON-RPC, avoiding parser rewrite. Phase 7 Shopping three-pack (Taobao + JD + Meituan) + Phase 7.5 Mobile Extraction Layer (Android ADB + iOS iTunes encrypted backup) + Phase 9 Travel four-pack. Phase 10.1+10.2 AIChat 8/8 vendors all live: DeepSeek (official API) + Kimi (reverse h5 web API) + Tongyi Qianwen + Zhipu GLM + Doubao + Wenxin Yiyan + iFlytek Spark + Tencent Hunyuan, with HttpClient infra wiring retry-with-backoff + progress streaming. Phase 11 — 5 built-in analysis skills cross data sources. Phase 12 v0.5 — WechatAdapter frida-independent slice, T3 risk dropped from High to Medium. Phase 13.3-13.7 — 5 social adapters (Douyin + Xiaohongshu + QQ + Telegram + WhatsApp) + 13+ Bilibili + Weibo via sjqz parsers. 38 test files / 792 tests all green.

v5.0.3.66 fixes v5.0.3.65 build-ios failure: v5.0.3.65 release shipped 17 assets (full Win/macOS/Linux/Android + npm CLI chainlesschain@0.162.2) but build-ios got stuck on 9 "cannot find X in scope" errors — 13 SwiftUI views added in the Phase 6 sprint (RemoteInputView / RemoteDisplayView / SystemToolsView / RemoteMediaView / RemoteBrowserView / RemoteDesktopView / KnowledgeView / AIExtendedView etc.) lived on disk but were never added to ChainlessChain.xcodeproj's app target Sources phase. Fix: extend ios-app/scripts/wire_app_sources.rb FILES list + manually dispatch ios-wire-app-sources.yml workflow on a macOS runner to run ruby for 17s rewriting pbxproj and commit back to main. GitHub immutable-releases then blocks all asset mutations on the published v5.0.3.65, so bump v5.0.3.66 reship — build-ios passes in 5min11s producing an 8.15MB .ipa, final release v5.0.3.66 ships with 18 assets including ChainlessChain.ipa. npm skip-publish via publish-cli-precheck detecting 0.162.2 already published — avoids dist-tag mishap. v5.0.3.65 same period landed Android cc CLI bundle real wiring: Phase 2.5 Node runtime + cc CLI bundle 41MB tarball entry into android-app/feature-local-terminal/src/main/assets/local-terminal/ + wrapper shell scripts working around the unusable `#!/usr/bin/env node` shebang trap on Android + Termux libc++_shared.so → libtermux_cxx.so AGP 8 naming compat + cc CLI wrapper mksh shebang replacing /system/bin/sh — because Android W^X untrusted_app pty domain cannot execve the /system/bin/sh in shell_exec SELinux context, prefix/bin/mksh → ../lib/libmksh.so → nativeLibraryDir/libmksh.so is execve-allowed under the lib/<abi>/lib*.so whitelist.

v5.0.3.61 → .64 over one week tightened iOS: .61 signed .ipa shipped (team ad-hoc profile, 7.7MB .ipa in release assets), .62 deployment target iOS 17 → iOS 16 (covers iPhone 8+, expands test pool by +30%), .63 fixed iOS 16 PIN crash (AppState.swift MainActor.assumeIsolated replaced with Task @MainActor — back-deploys to iOS 13) + AppIcon full-bleed regenerated (1282×1282 source, 18 AppIcon assets, all RGB no alpha — App Store compliant), .64 unified the 4-segment version + cleared 3 stale AppConstants hardcodes (0.32.0 / 32 / com.chainlesschain.ios) to Bundle.main dynamic reads + Settings About row locked to v5.0.3.64 display + 18 unit + 7 integration + 2 UITest three-layer regression coverage. Same period iOS Phase 5 AI Chat static audit found 4 real bugs fixed one by one: finalizeStreamingPlaceholder empty-string nil-coalesce bypass / deleteConversation partial rollback / sendMessage missing stream-in-flight guard / selectConversation stale streamId pollution — each with a regression unit test + 4 integration tests covering events fan-out / cancel ordering / offline drain / multi-conversation stream isolation — iOS test suite ~313 → ~358. Phase 6 sprint one night 19 commits delivered Knowledge 30 method + AI Extended 25 method desktop hybrid + iOS Commands actor wrap + 15 main tab UI + Multimodal v0.3 live recording (AVAudioRecorder 16kHz mono AAC) + Agent streaming runAgentStream + iOS poll loop + Agents UI live. Green baseline 1fb947b32, iOS CI real-compile verified.

After pairing, Android FileTransferScreen exposes full remote file management: browse any PC directory (~ / C:/ / project paths, no sandbox) + upload phone files to PC Downloads (auto (1)/(2) suffix anti-collision) + download PC files to the phone public Downloads folder (MediaStore.Downloads — native Files / Gallery / readers see them directly) + 4th TopAppBar icon "Local Downloads" lists in-app, tap opens directly via Intent.ACTION_VIEW (never leaves the app). Reuses the Plan C signaling channel — zero new infra. One night cleared 6 interlocking bugs (P2PClient skip guard too wide / Plan C does not call connect / handleFileCommand opens PC folder picker + missing listDirectory case / FileTransferHandler sandboxed in userData / checksum sha256-prefix vs md5 mismatch auto-deletes / getExternalFilesDir hides files from user). 34 new unit tests all green (PC vitest 30 + Android RemoteCommandClientTest 4). Xiaomi 24115RA8EC × Win desktop real-device E2E 8 scenarios pass.

After Android v1.0 GA validation, the iOS port mirroring began. All 4 phases landed framework-complete in one day: ~313 unit tests / 4 design docs / 4 trap memories. Phase 1 desktop pairing three flows (Flow A camera scans desktop QR / Flow B desktop displays QR for phone / manual 6-digit code) + Phase 2 remote desktop terminal (WebRTC DataChannel + xterm.js WKWebView) + Phase 3 remote-operate framework (RemoteCommandClient generic RPC + OfflineQueue + 4 typed skills: Clipboard / File / Screenshot / SystemInfo) + Phase 4 Notification skill (NotificationCommands actor 11 methods + LRU dedup 256 + UN center push + optimistic update + offline gate three branches + RemoteOperateView 6th tab horizontal scroll picker + Capsule unread badge). Mirrors the Android version already validated on Xiaomi 24115RA8EC real device; UI information architecture 1:1 aligned. Remaining Phase 1.7 / 2.7 / 3.7 / 4.7 real-device E2E requires Mac + iPhone + real desktop — handed to user. Plus #21 P1 main scope 5/5 fully closed (A.1 Linux native pairing + A.2 three-platform UI consistency design doc + B.1 web-shell private-key signing UI + B.5 cross-chain bridge m-of-n multisig + C.1 wear→phone voice forward · ~270 unit tests). CLI 0.162.0 minor (cc pair preflight LAN diagnostics + cc pair token subcommand group + systemd hardening template + docs/linux/PAIRING.md 9-section user guide).

Plan A real-device validation surfaced one architectural issue: a 4-hop signaling chain (phone → router → public relay → desktop RelayClient) is fragile under NAT idle / cellular carrier-side TCP RST — any hop down kills the whole chain · Plan A.1 moves high-frequency / high-throughput terminal traffic onto a WebRTC DataChannel direct connection, bypassing every middle hop; signaling stays as fallback · Phase 1 Trap 1 fix: SignalClient.forwardedMessages migrated to multi-subscribe SharedFlow replacing the single-listener setOnForwardedMessageReceived which was the root cause of the ice:config interceptor being silently overwritten + new WebRTCClient.dataChannelReady StateFlow derived flag · Phase 2 SignalingRpcClient.invoke embeds a transport selector DC-first fallback signaling, two listeners simultaneously consume signaling + DC streams, same requestId → same CompletableDeferred (second complete is a no-op; dual delivery is safe without explicit dedup) · Phase 3 TerminalListViewModel async-triggers handshake on entry + UI chip "P2P direct" green vs "Relay path" yellow · Phase 4 Android stdout 256-LRU + exit 64-LRU dual-stream subscriber + desktop mobile-bridge 128-LRU / 30s-TTL keyed by payload.id · Phase 5 falls out of existing wiring with no new code · Perf RTT p50 200-500ms → 30-80ms LAN · p99 1.5-30s → 200-800ms · stability 20s-2min outages → hours-long sustained · Tests Android +8 / desktop +14 / all three suites green (11 + 15 + 21 Android + 14 desktop) + 12-test regression fix (mockk relaxed StateFlow generic erasure) · Real-device E2E §5.3 5-scenario matrix on the user · Design doc Android_Remote_Terminal_Plan_A1.md v1.0 · Telemetry path=dc|signaling live

Single PtyManager shared between web-shell WS gateway + cc ui WS gateway + V6 native IPC · 8 terminal.* WS topics (create/list/stdin/resize/close/history + server-push stdout/exit) · attachTopicHandlers shared helper extracted from ws-cli-loader dispatcher wrap so cc ui mirrors it · web-panel useTerminal composable + Terminal.vue route /terminal with xterm.js lazy + multi-session tabs + history backfill + dangerous-keyword toast · V6 plugin widget + TerminalPanel modal IPC bridge electronAPI.terminal.* + slash /terminal · Android TerminalRpcClient reuses SignalingRpcClient envelope pattern + WebView↔Kotlin JS bridge + xterm-shell.html + xterm.js/addon-fit vendored + Compose list/session + softkey toolbar Ctrl/Tab/Esc/arrows/Ctrl+C/D + 2 NavGraph routes + RemoteOperateScreen entry · confirmation-dialog dangerous-keyword Electron messageBox + permanent trust per-cmd cache · mobile-bridge stdout/exit per-peer fanout

Plan A: relay server forwards WebRTC offer/answer/ice-candidate (commit e9f9d6275) · Desktop RelayClient.onMessage collapses into mobileBridge.handleSignalingMessage unified dispatch fully equivalent to LAN · Plan B: coturn 4.6 docker compose host network listening 0.0.0.0:3478 UDP/TCP + 5349 TLS + 49152-65535 UDP relay range · turn.chainlesschain.com Let_s Encrypt acme.sh renewal · signIceCredentials HMAC-SHA1 24h TTL ephemeral creds, desktop CC_TURN_SECRET mandatory zero hardcoded · pushIceServersToMobile dual-send LAN signaling + public relay chainlesschain:ice:config after pair-ack matched (commit af11daa6e) · Android WebRTCClient injects PairedDesktopsStore resolveIceServersFor by pcPeerId, expiry/missing fallback Google STUN · intercepts ice:config to persist iceServers / iceExpiry · SignalingRpcClient race-tolerant backup · iceServers removed from QR payload (650 chars + 280px + error-H crashed scan recognition with 30s blocking, switched to signaling push) · backend/signaling-relay-service/ enters repo · design doc Android_Remote_Operate_Plan_AB.md

cc project CLI 4 subcommands write directly to desktop SQLite WAL · project-management-handler exposes 6 actions to L3 REMOTE · ProjectSyncWalker + CompositeSyncRepositoryWalker close the reverse-sync gap · web-shell Projects.vue project management list + 6 in-process WS topics reuse same handler for web-shell + mobile · 11 daily-life templates replace 11 IDE templates · delete UI fix · north star: phone-side AI project interaction as smooth as desktop · 80 Android + 51 Desktop tests pass

A.3 ADR Review v2.0 (8 ADRs audited: 5 keep / 2 amend / 1 revise) · B.6 LandmarkCache.strictPqMode opt-in rejects Ed25519 partial sigs · B.2 web-shell multisig.* in-process WS topics cold-start 6-10s → ~20ms 60-100x speedup · AI-3 SkillMetadata.signature forward-compat + NoOpManifestVerifier swap seam · 2 bug fixes (wear test imports + B.6 disk-load gate) · tests 11+23+10+57+379 all pass · no version bump (will release with P1 main scope after v1.2 GA)

After pairing the mobile taps Ping / System Status / System Info → desktop runs it → response comes back (commit f8ec994ef) · SignalingRpcClient with 30s withTimeout + automatic LAN→relay fallback (reset gate + switch URL + re-register + retry) · RemoteOperateScreen 3 chip buttons + JSON response display + NavGraph remote_operate/{peerId} · PairedDesktopsStore SharedPreferences persists paired desktops, upsert idempotent by pcPeerId · Desktop RelayClient outbound long-lived connection to wss://signaling.chainlesschain.com, exponential backoff capped at 60s · mobile-bridge.handlePairAckFromRelay bug fix · MobileBridgeHeaderStatus.vue header shows paired mobile count, 5s polling + parseJsonOutput skips CLI log-prefix lines · 11 i18n strings extracted into values/strings.xml + values-zh-rCN/strings.xml · 3 new unit test files / 20 tests all green (PairedDesktopsStoreTest 7 / SignalingRpcClientTest 7 / RemoteOperateViewModelTest 6) · design doc Android_Remote_Operate_Plan_C.md

@chainlesschain/core-multisig (5 libs + 75 unit tests) · cc multisig CLI (8 subcommands + 10 integration tests, Phase 1d) · cc marketplace purchase / consume mediator + multisig-runtime.js shared module (−130 lines dedup) + 8 new E2E tests (Phase 2a commit 2755093d0) · web-panel Multisig.vue view: 6-card stats + proposal list + domain policies + detail drawer + sidebar entry, WS through CLI subprocess (Phase 2b commit c758492d9) · 18 multisig integration tests total · SQLite native → sql.js WASM auto-fallback · Flow B (commit c47cbc649) verified end-to-end on Xiaomi hardware · ScanDesktopPairingViewModelTest (10) + desktop-pair-handlers.test.js (19)

Design §5.3 five capture pieces landed: VoiceMode / CameraOCR / LocationTagger / SharePayloadFlusher / PushNotifier · §6 M4 D1 method-level metadata · §5.4 ApprovalUI four-category UI + ProgressViewer task.* reverse-RPC · §8.3 alias compat window · Android versionCode 37 → 100 / versionName 0.37.0 → 1.0.0 GA (commit ffe722162) · 187 new unit tests green / Android total 196+ → 383+

release.yml run #25632845952 all 11 jobs green · build-android keystore fix confirmed · 4 Android assets in Release · keystore.properties.template / KEYSTORE_SETUP.md / orphan workflow `../` all gone

Mobile-bridge-sync M2 → v1.2 · gates 1–4 all real Ed25519 · Volcengine voice / APK auto-update / splash redesign / coral theme / i18n three regions / biometric / DID Key

QuickAsk no longer 60s timeout · project mode no longer stalls on "Understanding…" · chatStream queue+waiter · placeholder-card reactivity fix

Three-way OCR engine · 18 channels × 23 cases first coverage · slow-LLM dribble safeguard

HIGH 44→0 · MOD 4→0 · LOW 45→0 · publisher_signature strip-all-sigs symmetrized

V5 / V6 / web-shell chat strictly equivalent · neither keys nor passwords cross the wire

15 sections · 14+1 commits · neither private keys nor passwords ever traverse the wire

4 fixes · bypass asar cold-start · 12224 tests

issue #8 · 23 unit + integration tests

Phases 0–4 complete · 476 tests across six layers

~25 views internationalized · vue-i18n dictionaries

Electron embeds web-panel · WindowRegistry

13 first-party packs · 7 UI extension points

4-state maturity × 5-state lifecycle