Remove dead code

Signed-off-by: Hadi <hadi@example.com>

.github/assets/demo.tape

@@ -0,0 +1,27 @@
+Output ./assets/demo.gif
+Require usbguard-tui
+
+Set Shell "zsh"
+Set FontSize 32
+Set Width 1500
+Set Height 1000
+
+Type "usbguard-tui"
+Sleep 500ms
+Enter
+Sleep 1s
+
+Down
+Sleep 200ms
+Down
+Sleep 200ms
+Enter
+Sleep 1s
+
+Down Sleep 200ms
+Down Sleep 200ms
+Sleep 1s
+Enter
+Sleep 1s
+
+Type "Q"

README.md

@@ -15,7 +15,18 @@ A terminal UI for managing USB devices via [usbguard](https://usbguard.github.io
 
 USBGuard is a software framework for implementing a USB device authorization policy (allowlisting/blocklisting). It protects your system against rogue USB devices by scanning them and checking their parameters against a set of rules.
 
-Built with [bubbletea](https://github.com/charmbracelet/bubbletea) & Goland!
+<img alt="USBGuard-tui demo" src="./.github/assets/demo.gif" width="600" />
+
+Built with [bubbletea](https://github.com/charmbracelet/bubbletea) & Golang!
+
+## Features
+
+- List all connected USB devices with their current status (allowed, blocked, rejected)
+- Allow, block, or reject devices: temporarily or permanently
+- Action popup with mouse support for quick device management
+- Filter devices by name with `/`
+- Auto-refresh
+- Keyboard shortcuts for all actions (`a`/`A`, `b`/`B`, `e`/`E`)
 
 ## Requirements
 

flake.nix

@@ -14,12 +14,12 @@
       (system: f system (import nixpkgs {inherit system;}));
 
     pname = "usbguard-tui";
-    version = "1.0.0";
+    version = "1.0.1";
 
     ldflags = ["-s" "-w" "-X main.version=${version}"];
   in {
-    packages = forAllSystems (system: pkgs: {
+    packages = forAllSystems (system: pkgs: let
-      "${pname}" = pkgs.buildGoModule {
+      pkg = pkgs.buildGoModule {
         inherit pname version ldflags;
 
         src = ./.;
@@ -33,9 +33,9 @@
           platforms = platforms.unix;
         };
       };
+    in {
+      "${pname}" = pkg;
+      default = pkg;
     });
-
-    defaultPackage =
-      forAllSystems (system: pkgs: self.packages.${system}.${pname});
   };
 }

internal/guard/client.go

@@ -2,6 +2,7 @@ package guard
 
 import (
 	"errors"
+	"os"
 	"os/exec"
 	"strconv"
 	"strings"
@@ -86,6 +87,42 @@ func wrapExecError(err error) error {
 	return err
 }
 
+func IsRulesManaged() bool {
+	out, err := exec.Command("systemctl", "cat", "usbguard").Output()
+	if err != nil {
+		return false
+	}
+	configPath := extractConfigPath(string(out))
+	if configPath == "" {
+		return false
+	}
+	ruleFile := parseRuleFilePath(configPath)
+	return strings.HasPrefix(ruleFile, "/nix/store/")
+}
+
+func extractConfigPath(s string) string {
+	fields := strings.Fields(s)
+	for i, f := range fields {
+		if f == "-c" && i+1 < len(fields) {
+			return fields[i+1]
+		}
+	}
+	return ""
+}
+
+func parseRuleFilePath(configPath string) string {
+	data, err := os.ReadFile(configPath)
+	if err != nil {
+		return ""
+	}
+	for _, line := range strings.Split(string(data), "\n") {
+		if after, ok := strings.CutPrefix(line, "RuleFile="); ok {
+			return strings.TrimSpace(after)
+		}
+	}
+	return ""
+}
+
 func classifyError(output string) error {
 	lower := strings.ToLower(output)
 	switch {

internal/guard/errors.go

@@ -5,5 +5,5 @@ import "errors"
 var (
 	ErrNotFound   = errors.New("usbguard not found in PATH")
 	ErrPermission = errors.New("insufficient permissions to manage devices")
-	ErrReadOnly   = errors.New("rules file is read-only")
+	ErrReadOnly   = errors.New("rules file is not writable")
 )

internal/ui/delegate.go

@@ -2,7 +2,6 @@ package ui
 
 import (
 	"fmt"
-	"image/color"
 	"io"
 
 	"charm.land/bubbles/v2/list"
@@ -11,7 +10,6 @@ import (
 	"github.com/anotherhadi/usbguard-tui/internal/guard"
 )
 
-// deviceDelegate renders device list items with status colors.
 type deviceDelegate struct{}
 
 func (d deviceDelegate) Height() int                             { return 2 }
@@ -26,20 +24,14 @@ func (d deviceDelegate) Render(w io.Writer, m list.Model, index int, item list.I
 
 	selected := index == m.Index()
 
-	var clr color.Color
+	colorMap := statusColors
 	if selected {
-		var ok bool
+		colorMap = statusColorsSelected
-		clr, ok = statusColorsSelected[dev.Status]
+	}
+	clr, ok := colorMap[dev.Status]
 	if !ok {
 		clr = colorMuted
 	}
-	} else {
-		var ok bool
-		clr, ok = statusColors[dev.Status]
-		if !ok {
-			clr = colorMuted
-		}
-	}
 
 	var nameStyle, descStyle lipgloss.Style
 	if selected {
@@ -69,7 +61,6 @@ func (d deviceDelegate) Render(w io.Writer, m list.Model, index int, item list.I
 	)
 }
 
-// actionItem represents a device policy action in the select popup.
 type actionItem struct {
 	label     string
 	fn        func(int, bool) error
@@ -81,7 +72,6 @@ func (a actionItem) Title() string       { return a.label }
 func (a actionItem) Description() string { return "" }
 func (a actionItem) FilterValue() string { return a.label }
 
-// actionDelegate renders single-line action items.
 type actionDelegate struct{}
 
 func (d actionDelegate) Height() int                             { return 1 }

internal/ui/model.go

@@ -37,6 +37,7 @@ type Model struct {
 	height       int
 	notice       string
 	selectedDev  *guard.Device
+	rulesManaged bool
 }
 
 func New() Model {
@@ -58,16 +59,35 @@ func New() Model {
 	h := help.New()
 	h.Styles = help.DefaultStyles(true)
 
+	rulesManaged := guard.IsRulesManaged()
+	notice := ""
+	if rulesManaged {
+		notice = "Rules managed by NixOS config: permanent actions not available."
+		listKeys.AllowPerm.SetEnabled(false)
+		listKeys.BlockPerm.SetEnabled(false)
+		listKeys.RejectPerm.SetEnabled(false)
+	}
+
 	return Model{
 		state:        stateList,
 		list:         l,
-		actionList: makeActionList(),
+		actionList:   makeActionList(rulesManaged),
 		help:         h,
+		rulesManaged: rulesManaged,
+		notice:       notice,
 	}
 }
 
-func makeActionList() list.Model {
+func makeActionList(rulesManaged bool) list.Model {
-	items := []list.Item{
+	var items []list.Item
+	if rulesManaged {
+		items = []list.Item{
+			actionItem{"allow", guard.AllowDevice, false, guard.Allowed},
+			actionItem{"block", guard.BlockDevice, false, guard.Blocked},
+			actionItem{"reject", guard.RejectDevice, false, guard.Rejected},
+		}
+	} else {
+		items = []list.Item{
 			actionItem{"allow", guard.AllowDevice, false, guard.Allowed},
 			actionItem{"allow (permanent)", guard.AllowDevice, true, guard.Allowed},
 			actionItem{"block", guard.BlockDevice, false, guard.Blocked},
@@ -75,7 +95,8 @@ func makeActionList() list.Model {
 			actionItem{"reject", guard.RejectDevice, false, guard.Rejected},
 			actionItem{"reject (permanent)", guard.RejectDevice, true, guard.Rejected},
 		}
-	l := list.New(items, actionDelegate{}, 24, 6)
+	}
+	l := list.New(items, actionDelegate{}, 24, len(items))
 	l.SetShowHelp(false)
 	l.SetShowTitle(false)
 	l.SetShowStatusBar(false)
@@ -120,14 +141,14 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		if msg.err != nil {
 			switch msg.err {
 			case guard.ErrReadOnly:
-				m.notice = "Read-only rules: applied temporarily. Add the rule to your config for persistence."
+				m.notice = "Rules file is not writable: permanent changes are not supported."
 			case guard.ErrPermission:
 				m.notice = "Permission denied. Run with appropriate privileges."
 			default:
 				m.notice = msg.err.Error()
 			}
 		} else {
-			m.notice = ""
+			m.notice = m.defaultNotice()
 		}
 		return m, fetchDevices
 
@@ -145,11 +166,7 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		}
 
 	case tea.MouseWheelMsg:
-		if m.state == statePopup {
+		return m.updateMouseWheel(msg)
-			var cmd tea.Cmd
-			m.actionList, cmd = m.actionList.Update(msg)
-			return m, cmd
-		}
 	}
 
 	if m.state == stateList {
@@ -171,7 +188,7 @@ func (m Model) updateList(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
 		case key.Matches(msg, listKeys.Quit):
 			return m, tea.Quit
 		case key.Matches(msg, listKeys.Refresh):
-			m.notice = ""
+			m.notice = m.defaultNotice()
 			return m, tea.Batch(fetchDevices, fetchDaemonStatus)
 		case key.Matches(msg, listKeys.Help):
 			m.help.ShowAll = !m.help.ShowAll
@@ -186,18 +203,11 @@ func (m Model) updateList(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
 				m.state = statePopup
 				return m, nil
 			}
-		case id >= 0 && key.Matches(msg, listKeys.Allow):
+		}
-			return m, doAction(id, guard.AllowDevice, false)
+		if id >= 0 {
-		case id >= 0 && key.Matches(msg, listKeys.AllowPerm):
+			if cmd := m.deviceActionCmd(msg, id); cmd != nil {
-			return m, doAction(id, guard.AllowDevice, true)
+				return m, cmd
-		case id >= 0 && key.Matches(msg, listKeys.Block):
+			}
-			return m, doAction(id, guard.BlockDevice, false)
-		case id >= 0 && key.Matches(msg, listKeys.BlockPerm):
-			return m, doAction(id, guard.BlockDevice, true)
-		case id >= 0 && key.Matches(msg, listKeys.Reject):
-			return m, doAction(id, guard.RejectDevice, false)
-		case id >= 0 && key.Matches(msg, listKeys.RejectPerm):
-			return m, doAction(id, guard.RejectDevice, true)
 		}
 	}
 	var cmd tea.Cmd
@@ -290,12 +300,26 @@ func (m Model) actionListInnerWidth() int {
 	return m.popupOuterWidth() - 8 // border(2) + padding_h(6)
 }
 
+func (m Model) defaultNotice() string {
+	if m.rulesManaged {
+		return "Rules managed by NixOS config: permanent actions not available."
+	}
+	return ""
+}
+
+func (m Model) actionItemCount() int {
+	if m.rulesManaged {
+		return 3
+	}
+	return 6
+}
+
 // updateActionListSize sizes the action list and toggles pagination based on available space.
 // When there is enough room for all items: pagination is hidden and height is set exactly,
 // avoiding the phantom line that bubbles/list reserves when showPagination=true.
 // When space is limited: pagination is shown naturally by bubbles/list.
 func (m *Model) updateActionListSize() {
-	const items = 6
+	items := m.actionItemCount()
 	innerW := m.actionListInnerWidth()
 	// popup overhead: border(2) + padding_v(2) + title(1) + blank(1) + hint(1) = 7
 	available := m.height - 7 - 2 // 2 lines margin
@@ -347,3 +371,46 @@ func doAction(id int, fn func(int, bool) error, permanent bool) tea.Cmd {
 		return actionMsg{err: fn(id, permanent)}
 	}
 }
+
+type actionBinding struct {
+	binding       key.Binding
+	fn            func(int, bool) error
+	perm          bool
+	needsWritable bool
+}
+
+var deviceActionBindings = []actionBinding{
+	{listKeys.Allow, guard.AllowDevice, false, false},
+	{listKeys.AllowPerm, guard.AllowDevice, true, true},
+	{listKeys.Block, guard.BlockDevice, false, false},
+	{listKeys.BlockPerm, guard.BlockDevice, true, true},
+	{listKeys.Reject, guard.RejectDevice, false, false},
+	{listKeys.RejectPerm, guard.RejectDevice, true, true},
+}
+
+func (m Model) deviceActionCmd(msg tea.KeyPressMsg, id int) tea.Cmd {
+	for _, b := range deviceActionBindings {
+		if (!b.needsWritable || !m.rulesManaged) && key.Matches(msg, b.binding) {
+			return doAction(id, b.fn, b.perm)
+		}
+	}
+	return nil
+}
+
+func (m Model) updateMouseWheel(msg tea.MouseWheelMsg) (tea.Model, tea.Cmd) {
+	switch msg.Button {
+	case tea.MouseWheelUp:
+		if m.state == statePopup {
+			m.actionList.CursorUp()
+		} else {
+			m.list.CursorUp()
+		}
+	case tea.MouseWheelDown:
+		if m.state == statePopup {
+			m.actionList.CursorDown()
+		} else {
+			m.list.CursorDown()
+		}
+	}
+	return m, nil
+}

internal/ui/styles.go

@@ -48,7 +48,5 @@ var (
 
 	popupTitleStyle = lipgloss.NewStyle().Bold(true).MarginBottom(1)
 
-	keyHintStyle = lipgloss.NewStyle().Foreground(colorAccent).Bold(true)
 	warnStyle = lipgloss.NewStyle().Foreground(colorRejected)
-	errStyle     = lipgloss.NewStyle().Foreground(colorBlocked).Bold(true)
 )