Writing a Custom Clipboard Scrubber Program (DRAFT)
This document is in DRAFT stage.
The contents of this document are not yet reflected in the currently released version of Noctiluca Server.
Additionally, the contents of this document may be changed or removed at any time.
Note: For Those Using Coding Agents
You can use this document as a prompt for coding agents!
Simply drag and select from the prompt below to the end of the document, copy it, and paste it into your coding agent.
<agent-task mode="planning">
<objective>
# Write a clipboard scrubber program.
## Overview
Noctiluca Server, a remote desktop software for macOS, supports a clipboard sharing feature. This feature allows clipboard data to be shared with clients or synchronized in real time.
However, since sensitive information may be stored on the clipboard, Noctiluca Server supports running a user-defined 'clipboard scrubber' program that can filter or transform clipboard data when the clipboard sharing feature is in use.
## Steps
1. Understand the specification of the clipboard scrubber program.
2. Ask the user what kind of clipboard scrubber program they want to write.
Since every user's desired purpose for a clipboard scrubber program is different, even if you (the agent) have an 'ask tool', do not use the ask tool — instead, end your turn and receive input as text.
If possible, also request example inputs and example outputs.
3. If you have an 'ask tool', use it to ask the user which programming language they would like to use for implementation. You may present the following options:
1) Swift - Can be written immediately on most macOS systems, and since it produces an executable binary, remote users cannot easily modify or inspect it.
2) Python - Easy to write and modify, but since the scrubber program is a script file rather than an executable, remote users can easily inspect it.
3) Another language - Please specify.
4. Once the user selects a language, create a plan for writing the clipboard scrubber in that language. If you have a 'plan tool', switch to 'plan mode' to create the plan.
5. Once the plan is created and confirmed by the user, begin implementation.
- When implementing, prioritize 'security' and 'maintainability' above all else. Since the clipboard scrubber program runs on a Noctiluca Server with clipboard sharing enabled, any security-vulnerable code could put the remote user's system at risk.
- Once implementation is complete, write test cases and run the tests yourself.
- Once implementation is complete and tests pass, share the result with the user and be sure to inform them: 'You can test whether the scrubber program works in the Noctiluca Server clipboard settings menu, so please make sure to test it before actual use.'
</objective>
<context>
- Following this XML document, a document containing the Noctiluca Server clipboard scrubber program specification, I/O format, and examples will follow.
</context>
</agent-task>
What Is a Clipboard Scrubber?
A clipboard scrubber is a program that filters or transforms clipboard data when the clipboard sharing feature is in use. This allows you to prevent sensitive information from being shared, or to ensure that only data in specific formats is shared.
Clipboard Scrubber Program Specification
A clipboard scrubber program must conform to the following specification:
- Noctiluca Server expects the scrubber program to be executable (
chmod +x). It can be a Mach-O executable or a program written in a scripting language (e.g., Python, Ruby, ...). - Noctiluca Server sends clipboard data to the scrubber program via STDIN. It then expects to receive the filtered data via STDOUT.
- If the scrubber program determines that the entire clipboard content is unshareable data, it should either produce no output to STDOUT, or set the retval / exit code to a value other than
0. In this case, Noctiluca Server will not share or synchronize that clipboard content with the client. - If the scrubber program filters or transforms the clipboard data and outputs the result, Noctiluca Server will share or synchronize that result with the client.
- If the scrubber program outputs the input as-is, the clipboard data will be shared or synchronized without any filtering.
- For details on the I/O format, refer to the 'I/O Format' section below.
- If the scrubber program determines that the entire clipboard content is unshareable data, it should either produce no output to STDOUT, or set the retval / exit code to a value other than
What a Clipboard Scrubber Program Can Do
- Filter / transform clipboard data: A clipboard scrubber program can filter or transform clipboard data. For example, a scrubber program can mask sensitive information in text stored on the clipboard, or allow only specific types of data (e.g., URLs, email addresses) to be shared.
What a Clipboard Scrubber Program Cannot Do
-
Change the clipboard data format (
Content-Type): A clipboard scrubber program cannot change the format of clipboard data. For example, if the input data is intext/plainformat, the output must also be intext/plainformat. Noctiluca Server assumes that the format of the scrubber program's output is identical to the input. -
Actions that escape the sandbox: Noctiluca Server runs the clipboard scrubber program in an isolated environment using the
sandbox-execcommand. Therefore, the scrubber program is subject to the constraints of the sandbox environment. For example, the scrubber program cannot access the network, nor read or write other files. Additionally, while the scrubber program is running, Noctiluca Server may enforce resource and execution time limits on the process.
I/O Format
The I/O format consists of HTTP/1.0-style headers and a body.
I/O Examples
- In the examples below,
\r\nrepresents an actual carriage return and line feed (CRLF) newline character. The scrubber program must read headers and body separated by CRLF from the input, and write headers and body separated by CRLF to the output. - In the examples below,
[EOF]indicates the end of input. The scrubber program must read data until STDIN is closed.
Input Example #1: Plain Text
Content-Type: text/plain; charset=utf-8\r\n
Content-Length: 51\r\n
\r\n
Name: Hyunwoo Kim\n
Social Security Number: 1234-56-7890[EOF]
Output Example #1-1: Passthrough (output as-is without filtering)
Content-Type: text/plain; charset=utf-8\r\n
Content-Length: 51\r\n
\r\n
Name: Hyunwoo Kim\n
Social Security Number: 1234-56-7890[EOF]
Output Example #1-2: Sensitive PII Filtering
Content-Type: text/plain; charset=utf-8\r\n
Content-Length: 51\r\n
\r\n
Name: Hyunwoo Kim\n
Social Security Number: ****-**-****[EOF]
Input Example #2: Image (PNG)
Content-Type: image/png\r\n
Content-Length: 102400\r\n
\r\n
(binary data of the PNG image)[EOF]