fix(mdns): make LAN device discovery opt-in (off by default)#3937
Merged
Conversation
mDNS advertise + browse opened a multicast socket at every startup, which makes macOS prompt for "Local Network" access even for users who never use multi-device sync. The advertise call was unconditional in both the engine server and the app server-core, and Settings -> Pipes auto-browses on mount. Gate mDNS behind a default-off flag in the mdns module: while disabled, advertise() and browse() are no-ops that never create the daemon, open a multicast socket, or trigger the permission prompt. Opt in via `screenpipe --enable-mdns` / `SCREENPIPE_ENABLE_MDNS=1` (engine + CLI) or the same env var in the desktop app. SSH/Tailscale discovery is unaffected; only the mDNS LAN leg is gated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
mDNS LAN peer discovery (advertise + browse) opened a multicast socket on every startup, which makes macOS prompt for "Local Network" access for every user, even those who never use multi-device sync. This makes discovery opt-in, off by default.
Why
mdns::advertise()was called unconditionally in both the engine server and the app server-core, and Settings -> Pipes auto-browses on mount. Both create theServiceDaemon(multicast socket), which is what triggers the prompt. There was no way to turn it off.Change
ENABLEDflag to themdnsmodule (set_enabled()/is_enabled()). While disabled,advertise()andbrowse()return early before creating the daemon, so there is no multicast and no permission prompt.--enable-mdnsflag (envSCREENPIPE_ENABLE_MDNS), default false, applied viaset_enabled()at startup.server_corereadsSCREENPIPE_ENABLE_MDNSand applies it before advertising.Files
crates/screenpipe-connect/src/mdns.rs(flag + gate on advertise/browse)crates/screenpipe-engine/src/cli/mod.rs(--enable-mdnsarg)crates/screenpipe-engine/src/bin/screenpipe-engine.rs(apply at startup)apps/screenpipe-app-tauri/src-tauri/src/server_core.rs(app env gate)Opt back in
screenpipe --enable-mdnsorSCREENPIPE_ENABLE_MDNS=1SCREENPIPE_ENABLE_MDNS=1Verification
cargo check -p screenpipe-connect -p screenpipe-engine --bins --libpasses clean on latest main.server_core.rsis a small env read + one call. It is not in the root cargo workspace, so it was not separately compiled here.Follow-up (optional)
A user-facing Settings toggle can layer on top: add
enableMdnstoRecordingSettings(camelCase, serde default false) and regenerate tauri bindings. Left out here to keep the change all-Rust and avoid bindings churn.🤖 Generated with Claude Code