-
Notifications
You must be signed in to change notification settings - Fork 153
Conversation
Size Report
Startup median (7 runs, lower is better):
Top changed chunks:
|
|
a382ae2 to
7faedef
Compare
7faedef to
79c8bc7
Compare
thymikee
commented
Jun 11, 2026
Code review
Verdict: significant issues — feature plumbing and tests are solid, but the vendoring approach and helper-process lifecycle need work before merge.
Findings
-
Major —
third_party/serve-sim-camera/README.md: no integrity pinning for the vendored binaries — the README records onlyserve-sim@0.1.34, with no SHA-256 ofcamera-helperorcamera-injector.dylib, no upstream commit/tarball hash, and no verification script, so nobody can confirm the ~600 KB opaque Mach-O blobs actually match upstream. -
Major (repo convention break) —
third_party/serve-sim-camera/bin/*: these are the first compiled binaries committed to the repo; every existing helper (android-snapshot-helper,android-multitouch-helper,macos-helper,ios-runner) is vendored as source and built at package time. Committing unauditable executables that get DYLD-injected into user app processes is a meaningful supply-chain escalation. -
Major —
src/platforms/ios/simulator-camera.ts:53-66+src/platforms/ios/apps.ts:322,1174: the helper is spawned detached/unref'd andstopIosSimulatorCameraVideois only called fromcloseIosAppand on launch failure. If the app crashes, the simulator is shut down (shutdownhas no camera cleanup), the daemon dies, or the user re-opens the app without--camera-video, the helper loops the video forever with no cleanup path. -
Major —
src/platforms/ios/simulator-camera.ts:53-66,110-121: only file existence is validated (no format check), and afterrunCmdDetachedthere's no check that the helper survived startup or created the shm segment. A corrupt/unsupported video makes the helper exit immediately; the app then launches "successfully" with a dead camera feed, and the only evidence is an unread log inos.tmpdir(). -
Major —
src/daemon/handlers/session-state.ts:205,243: iOScameraVideois expanded withSessionStore.expandHome(value, req.meta?.cwd), but Androidflags.cameraFront/cameraBackare passed raw toensureAndroidEmulatorBooted, whereresolveAndroidEmulatorCameraMode(src/platforms/android/devices.ts:489-520) resolves against the daemon's cwd and never expands~— yet the flag help and docs advertise./front.mp4, which will fail (or hit the wrong file) in daemon mode. -
Minor —
src/platforms/ios/simulator-camera.ts:86-101: stop SIGTERMs the pid from a tmp-dir state file without verifying the process is still the camera helper; after a host reboot or PID reuse it can kill an unrelated process. -
Minor — renaming upstream artifacts "to avoid exposing upstream internal artifact names" makes audit-by-diff against the upstream npm tarball harder, and the original filenames aren't recorded; combined with finding 1, the Apache-2.0 claim and version are effectively unverifiable from the repo (LICENSE itself does ship correctly via
files). -
Minor (tests) —
simulator-camera.test.tscovers the happy path and non-simulator rejection only — nothing for stop-on-close, stale/missing state files, or missing video file; Android tests don't cover the explicitvideofile:prefix branch or the invalid-mode error.
Verified clean
The Android running-emulator rejection (assertCameraInputsCanApplyToEmulator) is correct and tested for both paths; args pass via spawn(..., shell: false) arrays (no injection); shm names are per-launch hashed and within macOS limits, so concurrent sessions don't collide; deep-link paths correctly strip cameraVideo; docs honestly state the forced relaunch.
Overall
The TypeScript integration is well-plumbed and validated at every dispatch layer, but two structural weaknesses remain. Shipping renamed, checksum-less third-party Mach-O executables in git — in a repo where every other helper builds from source — is hard to audit and update safely; at minimum the README needs per-file SHA-256s, original artifact names, and the upstream tarball hash, and the better design is fetching the pinned serve-sim@0.1.34 artifact at install/build time with checksum verification. Separately, the detached helper needs a liveness check at startup and cleanup hooks on simulator shutdown/session close, or long-lived agent hosts will accumulate orphaned video-looping processes.
Generated by Claude Code
Uh oh!
There was an error while loading. Please reload this page.
Summary
Add sample-video camera inputs for both emulator families agents need to test:
--camera-front/--camera-backmodes or video file paths, with running-emulator rejection when camera sources cannot be changed safely.open <app> --camera-video <path>/cameraVideo, starts the vendored serve-sim helper, injects the AVFoundation dylib for that app process, and stops the helper on app close.third_party/serve-sim-camera: the helper binary, injector dylib, README, and license. The local binary filenames are neutral (camera-helper,camera-injector.dylib). Unpacked payload is ~600 KB; helper binaries are ~584 KB.Validation
pnpm formatpnpm exec vitest run src/utils/__tests__/args.test.ts src/__tests__/client.test.ts src/core/__tests__/dispatch-open.test.ts src/daemon/__tests__/context.test.ts src/platforms/ios/__tests__/simulator-camera.test.tspnpm exec vitest run src/platforms/ios/__tests__/simulator-camera.test.tsafter trimming unused vendored source files and renaming local binary artifactspnpm check:quickpnpm check:unitpnpm buildpnpm check:fallow --base origin/main-camera-back videofile:/private/tmp/agent-device-back-camera.mp4 -camera-front none -feature VideoPlayback; repeated front-camera playback.open com.agentdevice.CameraFeed --camera-video /private/tmp/agent-device-camera-proof/camera-feed.mp4; captured/private/tmp/agent-device-camera-proof/simcam-proof-final.pngshowing the MP4 test pattern in the camera preview.Touched files: 29. Scope expanded from Android boot camera files to iOS simulator app-launch video injection at reviewer request.