Implement native mode IPC integrations

Author: nakorndev

README.md

@@ -79,6 +79,40 @@ Built-in sound profiles:
 
 Quiet Hours can suppress sounds, with an optional critical notification override. The Test Lab section in the app includes a rule tester for sample notification payloads.
 
+## Native Mode Integrations
+
+ToastDeck Native Mode lets local tools create first-class ToastDeck cards through the CLI and named pipe IPC.
+
+CLI examples:
+
+```powershell
+toastdeck send --title "Build failed" --body "main branch failed on tests" --source "GitHub Actions" --severity critical
+toastdeck test critical
+toastdeck pause 30m
+toastdeck rules export
+toastdeck rules import --file rules.json
+```
+
+The CLI talks to the running ToastDeck app through the local named pipe `ToastDeck.NativeMode`. If the app is not running or does not respond, the CLI returns a clear error instead of silently dropping the notification.
+
+Protocol activation design:
+
+```text
+toastdeck://send?source=Build&title=Build%20failed&body=Tests%20failed&severity=critical
+```
+
+The MSIX manifest declares the `toastdeck` protocol. Full activation routing from Windows into the running app is planned after the single-instance app model is added.
+
+Optional localhost API skeleton:
+
+```http
+POST http://127.0.0.1:17387/v1/notifications
+Content-Type: application/json
+Authorization: Bearer <token>
+```
+
+The localhost API is disabled by default. It must stay bound to localhost, require a token, and add rate limiting before it is enabled.
+
 ## Installation
 
 ToastDeck is not released yet.

SECURITY.md

@@ -15,3 +15,13 @@ Please report security issues privately through GitHub Security Advisories when
 - No arbitrary command execution from external payloads by default.
 - Optional local HTTP APIs must bind to localhost, be disabled by default, require a token, and be rate-limited.
 - Notification body text must not be logged unless diagnostic mode is explicitly enabled.
+
+## Native Mode Integrations
+
+ToastDeck Native Mode accepts local payloads through a named pipe used by the CLI. Treat external payloads as untrusted:
+
+- Do not execute command actions from payloads by default.
+- Do not trust URLs blindly.
+- Keep the optional localhost API disabled by default.
+- If the localhost API is enabled in the future, bind only to `127.0.0.1` or `localhost`, require a token, and rate limit requests.
+- Do not include notification bodies in logs.

docs/docs.html

@@ -1,5 +1,5 @@
 <!doctype html>
 <html lang="en">
   <head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>ToastDeck Docs</title><link rel="stylesheet" href="styles.css"></head>
-  <body><header class="nav"><strong>ToastDeck</strong><nav><a href="index.html">Home</a></nav></header><main><h1>Docs</h1><ul><li>Getting started</li><li>Grant notification permission</li><li>Configure persistent deck</li><li>Configure corner badge</li><li>Create rules</li><li>Sound settings</li><li>Privacy mode</li><li>CLI usage</li><li>Troubleshooting</li></ul></main></body>
+  <body><header class="nav"><strong>ToastDeck</strong><nav><a href="index.html">Home</a><a href="integrations.html">Integrations</a></nav></header><main><h1>Docs</h1><ul><li>Getting started</li><li>Grant notification permission</li><li>Configure persistent deck</li><li>Configure corner badge</li><li>Create rules</li><li>Sound settings</li><li>Privacy mode</li><li><a href="integrations.html">CLI and Native Mode usage</a></li><li>Troubleshooting</li></ul></main></body>
 </html>

docs/integrations.html

@@ -0,0 +1,31 @@
+<!doctype html>
+<html lang="en">
+  <head><meta charset="utf-8"><meta name="viewport" content="width=device-width, initial-scale=1"><title>ToastDeck Integrations</title><link rel="stylesheet" href="styles.css"></head>
+  <body>
+    <header class="nav"><strong>ToastDeck</strong><nav><a href="index.html">Home</a><a href="docs.html">Docs</a><a href="privacy.html">Privacy</a></nav></header>
+    <main>
+      <h1>Native Mode Integrations</h1>
+      <p>ToastDeck Native Mode lets local scripts, build tools, and automation send persistent ToastDeck cards.</p>
+      <h2>CLI</h2>
+      <pre><code>toastdeck send --title "Build failed" --body "Tests failed" --source "GitHub Actions" --severity critical
+toastdeck test critical
+toastdeck pause 30m
+toastdeck rules export
+toastdeck rules import --file rules.json</code></pre>
+      <h2>Named Pipe</h2>
+      <p>The CLI sends JSON commands to the running ToastDeck app through the local named pipe <code>ToastDeck.NativeMode</code>. If the app is not running, the CLI returns a clear error.</p>
+      <h2>Protocol Activation</h2>
+      <pre><code>toastdeck://send?source=Build&amp;title=Build%20failed&amp;body=Tests%20failed&amp;severity=critical</code></pre>
+      <p>The protocol is declared in the app manifest. Runtime activation routing is planned with the single-instance app model.</p>
+      <h2>Localhost API</h2>
+      <p>The localhost API skeleton is present but disabled by default. Before it can be enabled, it must bind only to localhost, require a token, and enforce rate limiting.</p>
+      <h2>Security Notes</h2>
+      <ul>
+        <li>Do not send secrets or OTPs unless you are comfortable displaying them locally.</li>
+        <li>The local API must never listen on external network interfaces by default.</li>
+        <li>Command actions from external payloads are not trusted and are not executed by default.</li>
+        <li>Notification bodies must not be written to logs by default.</li>
+      </ul>
+    </main>
+  </body>
+</html>

src/ToastDeck.App/MainWindow.xaml.cs

@@ -7,6 +7,7 @@
 using ToastDeck.App.Windowing;
 using ToastDeck.App.Windows;
 using ToastDeck.Core.Domain;
+using ToastDeck.Core.Integrations;
 using ToastDeck.Core.Interfaces;
 using ToastDeck.Core.Notifications;
 using ToastDeck.Core.Rules;
@@ -31,8 +32,11 @@ public sealed partial class MainWindow : Window
     private readonly CornerBadgeWindow badgeWindow = new();
     private readonly IRuleEngine ruleEngine = new ToastDeckRuleEngine();
     private readonly NotificationSoundService soundService = new();
-    private readonly IReadOnlyList<Rule> rules = CreateDefaultRules();
+    private readonly LocalApiService localApiService = new();
+    private readonly List<Rule> rules = [.. CreateDefaultRules()];
+    private readonly CancellationTokenSource appLifetime = new();
     private UserSettings settings = new();
+    private DateTimeOffset? pausedUntil;
     private bool settingsLoaded;
 
     public MainWindow()
@@ -50,6 +54,7 @@ public MainWindow()
     private async Task InitializeAsync()
     {
         await RefreshAccessStatusAsync();
+        _ = Task.Run(() => new ToastDeckPipeServer(HandlePipeRequestAsync).RunAsync(appLifetime.Token));
         await SyncNotificationsAsync();
         listenerService.StartForegroundListener();
     }
@@ -145,6 +150,115 @@ private void ApplySettingsFromControls()
         UpdateOverlays();
     }
 
+    private async Task<ToastDeckPipeResponse> HandlePipeRequestAsync(ToastDeckPipeRequest request, CancellationToken cancellationToken)
+    {
+        return request.Command.ToLowerInvariant() switch
+        {
+            "notification.send" => await HandleNativeNotificationAsync(request.Notification, cancellationToken),
+            "app.pause" => HandlePause(request.Duration),
+            "rules.export" => HandleRulesExport(),
+            "rules.import" => HandleRulesImport(request.RulesJson),
+            _ => ToastDeckPipeResponse.Fail($"Unknown IPC command: {request.Command}")
+        };
+    }
+
+    private async Task<ToastDeckPipeResponse> HandleNativeNotificationAsync(
+        NativeNotificationPayload? payload,
+        CancellationToken cancellationToken)
+    {
+        if (payload is null)
+        {
+            return ToastDeckPipeResponse.Fail("Notification payload is required.");
+        }
+
+        if (string.IsNullOrWhiteSpace(payload.Title))
+        {
+            return ToastDeckPipeResponse.Fail("Notification title is required.");
+        }
+
+        await dispatcherQueue.EnqueueAsync(async () =>
+        {
+            var notification = NotificationFactory.Create(new NotificationDraft(
+                payload.Source,
+                payload.Title,
+                payload.Body,
+                payload.Severity,
+                NotificationSourceType.Cli));
+
+            if (!string.IsNullOrWhiteSpace(payload.GroupKey))
+            {
+                notification = notification with { GroupKey = payload.GroupKey };
+            }
+
+            var updated = ApplyRuleResult(notification);
+            if (RuleDisplayFor(updated) == RuleDisplayBehavior.Ignore)
+            {
+                return;
+            }
+
+            await notificationRepository.SaveAsync(updated);
+            notifications.Insert(0, updated);
+            UpdateOverlays();
+        });
+
+        return ToastDeckPipeResponse.Ok("Notification sent to ToastDeck.");
+    }
+
+    private ToastDeckPipeResponse HandlePause(string? duration)
+    {
+        try
+        {
+            var pauseFor = PauseDurationParser.Parse(duration ?? "30m");
+            pausedUntil = DateTimeOffset.Now.Add(pauseFor);
+            _ = dispatcherQueue.TryEnqueue(UpdateOverlays);
+            return ToastDeckPipeResponse.Ok($"ToastDeck paused until {pausedUntil:O}.");
+        }
+        catch (ArgumentException ex)
+        {
+            return ToastDeckPipeResponse.Fail(ex.Message);
+        }
+    }
+
+    private ToastDeckPipeResponse HandleRulesExport()
+    {
+        var json = JsonSerializer.Serialize(rules, new JsonSerializerOptions(JsonSerializerDefaults.Web)
+        {
+            WriteIndented = true
+        });
+
+        return ToastDeckPipeResponse.Ok("Rules exported.", json);
+    }
+
+    private ToastDeckPipeResponse HandleRulesImport(string? rulesJson)
+    {
+        if (string.IsNullOrWhiteSpace(rulesJson))
+        {
+            return ToastDeckPipeResponse.Fail("Rules JSON is required.");
+        }
+
+        try
+        {
+            var imported = JsonSerializer.Deserialize<List<Rule>>(rulesJson, new JsonSerializerOptions(JsonSerializerDefaults.Web)
+            {
+                PropertyNameCaseInsensitive = true
+            });
+
+            if (imported is null)
+            {
+                return ToastDeckPipeResponse.Fail("Rules JSON did not contain a rule list.");
+            }
+
+            rules.Clear();
+            rules.AddRange(imported);
+            _ = dispatcherQueue.TryEnqueue(UpdateOverlays);
+            return ToastDeckPipeResponse.Ok($"Imported {rules.Count} rule(s).");
+        }
+        catch (JsonException ex)
+        {
+            return ToastDeckPipeResponse.Fail($"Rules JSON was invalid: {ex.Message}");
+        }
+    }
+
     private async Task MarkReadAsync(NotificationRecord notification)
     {
         var updated = NotificationStateMachine.MarkRead(notification, DateTimeOffset.UtcNow);
@@ -316,6 +430,19 @@ private NotificationRecord ApplyRuleResult(NotificationRecord notification)
     private void UpdateOverlays()
     {
         UpdateDeckSummary();
+        if (pausedUntil is { } pauseEnd)
+        {
+            if (pauseEnd > DateTimeOffset.Now)
+            {
+                deckWindow.HideDeck();
+                badgeWindow.SetUnreadCount(0);
+                UpdateDeckSummary($"ToastDeck is paused until {pauseEnd:t}.");
+                return;
+            }
+
+            pausedUntil = null;
+        }
+
         var unread = notifications
             .Where(notification => (notification.State == NotificationState.Unread || notification.IsPinned) &&
                 RuleDisplayFor(notification) != RuleDisplayBehavior.InboxOnly)
@@ -405,6 +532,7 @@ private void MainWindow_Closed(object sender, WindowEventArgs args)
     {
         listenerService.StopForegroundListener();
         listenerService.NotificationsChanged -= ListenerService_NotificationsChanged;
+        appLifetime.Cancel();
         foreach (var notification in notifications)
         {
             soundService.Stop(notification.Id);

src/ToastDeck.App/Package.appxmanifest

@@ -34,6 +34,11 @@
         <uap5:Extension Category="windows.startupTask">
           <uap5:StartupTask TaskId="ToastDeckStartup" Enabled="false" DisplayName="ToastDeck" />
         </uap5:Extension>
+        <uap:Extension Category="windows.protocol">
+          <uap:Protocol Name="toastdeck">
+            <uap:DisplayName>ToastDeck Native Mode</uap:DisplayName>
+          </uap:Protocol>
+        </uap:Extension>
       </Extensions>
     </Application>
   </Applications>

src/ToastDeck.App/Services/DispatcherQueueExtensions.cs

@@ -0,0 +1,29 @@
+using Microsoft.UI.Dispatching;
+
+namespace ToastDeck.App.Services;
+
+public static class DispatcherQueueExtensions
+{
+    public static Task EnqueueAsync(this DispatcherQueue dispatcherQueue, Func<Task> action)
+    {
+        var completion = new TaskCompletionSource(TaskCreationOptions.RunContinuationsAsynchronously);
+
+        if (!dispatcherQueue.TryEnqueue(async () =>
+        {
+            try
+            {
+                await action();
+                completion.SetResult();
+            }
+            catch (Exception ex)
+            {
+                completion.SetException(ex);
+            }
+        }))
+        {
+            completion.SetException(new InvalidOperationException("Failed to enqueue work on the UI dispatcher."));
+        }
+
+        return completion.Task;
+    }
+}

src/ToastDeck.App/Services/LocalApiService.cs

@@ -0,0 +1,25 @@
+using ToastDeck.Core.Integrations;
+
+namespace ToastDeck.App.Services;
+
+public sealed class LocalApiService
+{
+    public LocalApiOptions Options { get; private set; } = new();
+
+    public bool IsRunning => false;
+
+    public void Configure(LocalApiOptions options)
+    {
+        Options = options;
+    }
+
+    public Task StartAsync(CancellationToken cancellationToken = default)
+    {
+        if (!Options.IsEnabled)
+        {
+            return Task.CompletedTask;
+        }
+
+        throw new NotSupportedException("The localhost API skeleton is present but disabled until token auth and rate limiting are implemented.");
+    }
+}