fix(cli): host_id-wins fingerprint reconciliation (1.34.18)

When stored+current fingerprints both carry a matching non-empty host_id, treat a stable_mac drift (dock unplug, Wi-Fi privacy rotation, VPN adapter) as the same machine: silently rotate the stored MAC and proceed instead of flagging a clone. host_id (IOPlatformUUID / machine-id) is the load-bearing clone signal; stable_mac is best-effort and legitimately drifts. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-02 12:59:05 +01:00
parent f119226b98
commit 589d050f81
3 changed files with 76 additions and 2 deletions
--- a/apps/cli/src/daemon/identity.ts
+++ b/apps/cli/src/daemon/identity.ts
@@ -83,6 +83,19 @@ export function checkFingerprint(): FingerprintCheck {
  if (stored.schema_version === 2) {
    if (stored.fingerprint === current.fingerprint)
      return { result: "match", current, stored };
+
+    // host_id wins: when stored and current both carry a non-empty
+    // host_id and they agree, the machine is the same — only the NIC
+    // topology shifted (dock unplugged, Wi-Fi privacy rotation, VPN
+    // adapter came online). host_id is hardware-rooted (IOPlatformUUID
+    // on macOS, /etc/machine-id on Linux) and is the load-bearing
+    // clone signal; stable_mac is best-effort defense-in-depth that
+    // legitimately drifts across boots. Silently rotate the stored
+    // record to the current MAC and proceed.
+    if (stored.host_id && stored.host_id === current.host_id) {
+      writeFileSync(path(), JSON.stringify(current, null, 2), { mode: 0o600 });
+      return { result: "match", current, stored };
+    }
    return { result: "mismatch", current, stored };
  }