refactor: reorganize varlink sockets into public and private directories for improved access control

Author: shanefagan

AGENTS.md

@@ -18,15 +18,15 @@ If you are an AI assistant working on this repository or a project that consumes
 
 ### 2. Available Interfaces
 The daemon exposes its state via **Varlink** on three separate Unix sockets:
-- `/run/contextd/contextd.socket` (Core system & game context)
-- `/run/contextd/contextd-rgb-observer.socket` (Public RGBA vibe - **0666**)
-- `/run/contextd/contextd-rgb-control.socket` (Public RGBA control - **0666**)
+- `/run/contextd/public/contextd.socket` (Core system & game context)
+- `/run/contextd/public/contextd-rgb-observer.socket` (Public RGBA vibe - **0666**)
+- `/run/contextd/private/contextd-rgb-control.socket` (Private RGBA control - **0666**)
 
 | Socket | Interface | Access | Purpose |
 | :--- | :--- | :--- | :--- |
 | `contextd.socket` | `com.performativenonsense.contextd` | Public | System and Game Discovery |
 | `contextd-rgb-observer.socket` | `com.performativenonsense.contextd.rgb.Observer` | Public | Consume/Subscribe to lighting vibe |
-| `contextd-rgb-control.socket` | `com.performativenonsense.contextd.rgb.Control` | Public | Set/Update system lighting |
+| `contextd-rgb-control.socket` | `com.performativenonsense.contextd.rgb.Control` | Private | Set/Update system lighting |
 
 Key methods to call:
 - `com.performativenonsense.contextd.Active()`: Returns the currently foregrounded game.

docs/design_goals.md

@@ -22,7 +22,7 @@ Context Daemon is a lightweight Linux utility designed to bridge the gap between
 ### 3. Security & IPC Model
 - **Principle of Least Privilege**: Although the daemon is initialized by systemd, it drops almost all root privileges via the Portable Service sandbox. It retains only `CAP_SYS_PTRACE` (for process scanning) and `CAP_DAC_READ_SEARCH` (for reading game manifests in `/home`).
 - **Strict Sandboxing**: Utilizes `ProtectSystem=strict`, `MemoryDenyWriteExecute=yes`, and other systemd hardenings to ensure the daemon cannot be easily compromised.
-- **Public Sockets**: Exposes `0666` permission sockets at `/run/contextd/contextd.socket` (Core), `/run/contextd/contextd-rgb-observer.socket` (RGB Observer), and `/run/contextd/contextd-rgb-control.socket` (RGB Control). Both daemons share the same dynamic user allowing them to coordinate in `/run/contextd`.
+- **Public Sockets**: Exposes `0666` permission sockets at `/run/contextd/public/contextd.socket` (Core), `/run/contextd/public/contextd-rgb-observer.socket` (RGB Observer), and `/run/contextd/private/contextd-rgb-control.socket` (RGB Control). Both daemons share the same dynamic user allowing them to coordinate in `/run/contextd`.
 
 ### 4. Linux-Centric Design
 - Leverage native Linux APIs (udev, procfs) to provide the most efficient implementation.

scripts/contextctl.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 # Simple CLI wrapper for contextd using varlinkctl
 
-ADDR="unix:/run/contextd/contextd.socket"
-RGB_OBS_ADDR="unix:/run/contextd/contextd-rgb-observer.socket"
-RGB_CTRL_ADDR="unix:/run/contextd/contextd-rgb-control.socket"
+ADDR="unix:/run/contextd/public/contextd.socket"
+RGB_OBS_ADDR="unix:/run/contextd/public/contextd-rgb-observer.socket"
+RGB_CTRL_ADDR="unix:/run/contextd/private/contextd-rgb-control.socket"
 
 usage() {
     echo "Usage: $0 [active|list-games|list-devices|list-rgb|diagnostics|rgb-get|rgb-set|rgb-set-matrix|rgb-subscribe]"

src/main.rs

@@ -81,8 +81,12 @@ fn main() -> anyhow::Result<()> {
         log::info!("Starting Context Daemon in RGBA Mode (Dual-Socket)...");
         let rgb_service = rgb::service::RgbService::new();
 
-        let obs_addr = "unix:/run/contextd/contextd-rgb-observer.socket";
-        let ctrl_addr = "unix:/run/contextd/contextd-rgb-control.socket";
+        // Ensure socket directories exist
+        let _ = std::fs::create_dir_all("/run/contextd/public");
+        let _ = std::fs::create_dir_all("/run/contextd/private");
+
+        let obs_addr = "unix:/run/contextd/public/contextd-rgb-observer.socket";
+        let ctrl_addr = "unix:/run/contextd/private/contextd-rgb-control.socket";
 
         // Cleanup stale sockets
         let _ = std::fs::remove_file(obs_addr.trim_start_matches("unix:"));
@@ -118,7 +122,7 @@ fn main() -> anyhow::Result<()> {
             }
         });
 
-        // 2. Start Control Server (Public - 0666)
+        // 2. Start Control Server (Private - 0666)
         let control_interface = vec![Box::new(rgb::control::new(Box::new(rgb_service)))
             as Box<dyn varlink::Interface + Send + Sync>];
         let control_service = VarlinkService::new(
@@ -146,7 +150,8 @@ fn main() -> anyhow::Result<()> {
         varlink::listen(control_service, ctrl_addr, &config)?;
     } else {
         log::info!("Starting Context Daemon in Core Mode...");
-        let address = "unix:/run/contextd/contextd.socket";
+        let _ = std::fs::create_dir_all("/run/contextd/public");
+        let address = "unix:/run/contextd/public/contextd.socket";
         let _ = std::fs::remove_file(address.trim_start_matches("unix:"));
 
         let service = ContextService {

tests/rgb_tester/animate_matrix.py

@@ -37,7 +37,7 @@ def main():
 
     try:
         sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
-        sock.connect("/run/contextd/contextd-rgb-control.socket")
+        sock.connect("/run/contextd/private/contextd-rgb-control.socket")
     except Exception as e:
         print(f"Failed to connect to control socket: {e}")
         sys.exit(1)

tests/rgb_tester/main.py

@@ -11,7 +11,7 @@ class VarlinkThread(QThread):
     def run(self):
         try:
             sock = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
-            sock.connect("/run/contextd/contextd-rgb-observer.socket")
+            sock.connect("/run/contextd/public/contextd-rgb-observer.socket")
 
             req = {
                 "method": "com.performativenonsense.contextd.rgb.Observer.SubscribeLightingContext",