7519df1695
Integrate VirtualBox as a local facility rather than a shared-PTY backend: a Windows guest has no shell to relay, so the honest fit is launching the VM's GUI on the caller's own machine (the "share a VM, run it locally" path) — no display is relayed to the room, so zero-knowledge is untouched. - ensure-vbox.sh: detect-first installer mirroring ensure-docker.sh; --check, --plan (real apt --simulate download plan, no changes), --yes; apt/dnf/ pacman/brew/winget; Secure Boot MOK warning. HH_VBOX_FORCE_MISSING lets a demo exercise the missing->install path without uninstalling. - sbx.rs: vbox_installed/vbox_version/list_vms/vm_running/gui_launch + ensure_vbox_install. - app.rs: /sbx vms (detect + list) and /sbx gui <vm> [--install] (detect-first then startvm --type gui); /sbx launch virtualbox steers to /sbx gui. - ui.rs help: /sbx vms and /sbx gui entries. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| direnv-autostart | ||
| downloads | ||
| src | ||
| themes | ||
| tools | ||
| .gitignore | ||
| Cargo.lock | ||
| Cargo.toml | ||
| connect.sh | ||
| demo-save-load.sh | ||
| ensure-docker.sh | ||
| ensure-vbox.sh | ||
| film-save-load.sh | ||
| join.sh | ||
| lets-hack.sh | ||
| README.md | ||
| smoke.sh | ||
| test-features.sh | ||
hack-house
encrypted collaborative sessions with a summoned sandbox
zero-knowledge server · end-to-end fernet · srp · ratatui
they want you dependent. we want you free.
hack-house is the evolution of cmd-chat: a multi-user, end-to-end-encrypted
terminal session where a small crew shares chat, files, and — when
summoned — a disposable sandboxed Linux box they drive together, with real
Linux permissions and an owner who can delegate the keys.
The server never sees plaintext. Everything — messages, files, terminal output — is relayed as opaque ciphertext. Close the window, the house empties.
status
This is the Rust client (ratatui) for the unchanged Python (Sanic) server. The
wire protocol is JSON-over-WebSocket; SRP + HKDF→Fernet are byte-for-byte
compatible with the Python srp / cryptography stack.
| phase | feature | state |
|---|---|---|
| P0 | Rust↔Python SRP / Fernet crypto parity | ✅ proven (golden vectors + live + cross-lang E2E) |
| P2 | multi-user session (cap 4, infra for more) + authoritative roster | ✅ done |
| P1 | ratatui UI (chat, roster, themes, help overlay) | ✅ done |
| P3 | sandbox box (local / docker / multipass) + shared PTY | ✅ done |
| P4 | permissions (app drive ACL + VM unix users / sudo) | ✅ done |
| P5 | file + directory transfer into the shared session | ✅ done |
crypto parity — the load-bearing proof
$ hack-house selftest # offline: Rust SRP ≡ Python srp golden vectors
$ hack-house handshake <ip> <port> <name> --password <pw> --no-tls
/srp/verify ok — server identity proven (H_AMK ✓)
round-trip ✓ decrypted: "the house is open"
tools/gen_vectors.py regenerates the golden vectors from the live Python
library (must match the server's _ctsrp backend with rfc5054_enable()).
note: the SRP identity is always the fixed room identity
b"chat"; the display name is carried only in JSON, never in the SRP proof. The Pythonsrppackage'srfc5054_enable()toggles the active backend's flag — vectors must be generated with the same backend the server actually loads (_ctsrp).
license
MIT · malware bless · hack the planet