feat(pipes): share pipes across a team from the desktop#3738
Closed
louis030195 wants to merge 2 commits into
Closed
feat(pipes): share pipes across a team from the desktop#3738louis030195 wants to merge 2 commits into
louis030195 wants to merge 2 commits into
Conversation
Any team member can share one of their own pipes with the team (encrypted via use-team) or unshare it. Teammates see shared pipes OFF by default and opt in with the existing enable toggle; shared pipes are read-only — recipients fork to get an editable, personal copy. A shared pipe installs locally only when present in the team config, and is never overwritten once on disk, so each member's on/off choice is preserved. Gated behind team membership — no UI change for users not in a team. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Contributor
|
Closing this because there has been no activity for a while. Feel free to reopen if this is still relevant. |
4 tasks
louis030195
added a commit
that referenced
this pull request
Jun 10, 2026
…are (#3971) * feat(pipes): team pipe sharing with versioning, auto-update, and unshare Share a pipe with your team from the desktop app (E2E-encrypted team configs). Improves on the stale-closed #3738 design: - versioned shares: payload carries an integer version; re-sharing bumps it ("push update to team (vN)" appears when local content differs) - recipients' copies carry a `# team-shared:vN` marker (mirrors enterprise-managed pipes) and auto-update on version bumps while preserving each member's own on/off choice - new installs arrive OFF by default, read-only in the editor; "fork to edit" strips the marker and stops auto-updates - unshare now propagates: marked copies whose share disappeared are disabled (never deleted), gated on a successful configs fetch so a failed fetch can never mass-disable - security: only raw_content travels (the author's parsed config object can hold secrets and is no longer pushed); share keys are validated against path traversal before any filesystem write - enterprise managed pipes get the same removal fix: policy sync now always runs and disables enterprise-marked pipes dropped from the policy (pruning only when the server actually returned the field) Pure sync logic lives in lib/team-pipes.ts with unit tests. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> * feat(pipes): store team pipe shares plaintext, drop the key ceremony Product decision: nobody asked for E2E on pipe shares, and the team key management (invite-link fragments, keys that don't follow accounts, missingKey limbo, unrecoverable data) was the main UX killer. Pipes are workflow prompts, not credentials, and the enterprise managed-pipes path is already server-readable. TLS + at-rest encryption still apply. E2E stays for config types that carry real secrets (AI presets). - plaintext envelope reuses the same /api/team/configs columns with a sentinel nonce ("plaintext") — zero backend changes, the server treats value_encrypted as an opaque string either way - new pushConfigPlain in use-team (no team key required); fetchConfigs now parses plaintext rows even when the team key is missing, so members in key-limbo still receive shared pipes - share/unshare UI gated on team admin role — the backend 403s team-scope writes from members, so don't show them a dead button (member-level sharing later = one-line backend loosening) - mockup updated to match Co-Authored-By: Claude Fable 5 <noreply@anthropic.com> --------- Co-authored-by: Louis Beaumont <louis@screenpi.pe> Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Brings team pipe-sharing back into the desktop app, peer-to-peer, with the UX rules from the latest design pass.
User flow
same flow as ASCII
What
use-team), or unshares it. Asharedbadge marks pipes you've shared.team · <sharer>, and turn them on with the existing enable toggle.Scope / safety
team.team). No UI or behavior change for users not in a team — the sync effect early-returns and the menu items don't render.use-teamhook +/api/team/configsbackend and the local pipes API. No Rust/Tauri command changes (bindings unaffected).Verification
bunx tsc --noEmit— cleanbun run build(next build) — clean, all routes exportedKnown gap
syncManagedPipesgap).🤖 Generated with Claude Code