Skip to content

Update audio-device extension #24502

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Inovvia wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Update audio-device extension #24502

Inovvia wants to merge 6 commits into from
+1,919 −173

Conversation

@Inovvia
Copy link

@Inovvia Inovvia commented Jan 15, 2026
edited
Loading

Description

  • Added windows support

Screencast

explorer_Gyt3gzCXFJ.mp4

Checklist

@raycastbot raycastbot added extension fix / improvement Label for PRs with extension's fix improvements extension: audio-device Issues related to the audio-device extension platform: macOS platform: Windows labels Jan 15, 2026
@raycastbot
Copy link
Collaborator

raycastbot commented Jan 15, 2026
edited
Loading

Thank you for your contribution! 🎉

🔔 @benvp @mathieudutour @mike182uk @FezVrasta @rcruzper @thomaspaulmann @arthur-fontaine @pernielsentikaer @taschaub @cballenar @joshmedeski @jdh747 you might want to have a look.

You can use this guide to learn how to check out the Pull Request locally in order to test it.

📋 Quick checkout commands 
BRANCH="ext/audio-device"
FORK_URL="https://github.com/Inovvia/raycast-extensions.git"
EXTENSION_NAME="audio-device"
REPO_NAME="raycast-extensions"

git clone -n --depth=1 --filter=tree:0 -b $BRANCH $FORK_URL
cd $REPO_NAME
git sparse-checkout set --no-cone "extensions/$EXTENSION_NAME"
git checkout
cd "extensions/$EXTENSION_NAME"
npm install && npm run dev

We're currently experiencing a high volume of incoming requests. As a result, the initial review may take up to 10-15 business days.

@Inovvia Inovvia mentioned this pull request Jan 15, 2026
Closed
5 tasks
@Inovvia Inovvia marked this pull request as ready for review January 15, 2026 04:42
@greptile-apps
Copy link
Contributor

greptile-apps bot commented Jan 15, 2026

Greptile Summary

This PR adds Windows support to the audio-device extension through a platform abstraction layer, while preserving existing macOS functionality. The refactoring properly separates platform-specific implementations and correctly updates package metadata to reflect multi-platform support.

However, the PR introduces a critical security vulnerability in the Windows implementation where the deviceId parameter is directly interpolated into PowerShell commands without escaping, creating a command injection risk. Additionally, the new Windows-specific action has an incorrect macOS-only keyboard shortcut that will not work on the target platform.

Key changes:

  • Platform abstraction layer (src/platform/) cleanly separates macOS and Windows implementations
  • Windows support implemented via PowerShell AudioDeviceCmdlets module with auto-installation
  • Cross-platform device handling with transport type detection for both platforms
  • Package metadata updated to declare Windows platform support
  • CHANGELOG properly formatted with {PR_MERGE_DATE} placeholder

Critical issues found:

  • PowerShell command injection vulnerability in device ID handling (windows.ts:128)
  • Incorrect macOS keyboard shortcut on Windows-only action (helpers.tsx:221)

Confidence Score: 1/5

  • This PR should not be merged in its current state due to a critical PowerShell command injection vulnerability on Windows.
  • The score reflects a critical security vulnerability where unescaped user input (deviceId) is directly interpolated into PowerShell commands, creating a command injection risk. Additionally, a Windows-only action uses a macOS-specific keyboard shortcut that will not function. These are blocking issues that must be resolved before merging.
  • extensions/audio-device/src/platform/windows.ts (command injection vulnerability), extensions/audio-device/src/helpers.tsx (incorrect platform-specific shortcut)

Important Files Changed

Filename Overview
extensions/audio-device/CHANGELOG.md Updated with Windows support feature entry using {PR_MERGE_DATE} placeholder as per custom rules. Entry is properly placed at top with descending version order maintained.
extensions/audio-device/package.json Added Windows to platforms array alongside macOS. Dependencies and configuration properly updated for multi-platform support.
extensions/audio-device/src/audio-device.ts Clean platform abstraction wrapper that delegates to platform-specific implementations. Proper error handling for unsupported platforms.
extensions/audio-device/src/platform/windows.ts New Windows implementation with PowerShell integration. Contains security vulnerability: unescaped deviceId interpolation in PowerShell command (line 128) allows command injection attacks. Module auto-installation feature may cause unexpected interruptions.
extensions/audio-device/src/helpers.tsx Added Windows support with SetCommunicationDeviceAction. Issue: shortcut uses macOS-specific cmd key for Windows-only action (line 221) and uses bare string syntax instead of Keyboard object.

greptile-apps[bot]
greptile-apps bot reviewed Jan 15, 2026
View reviewed changes
Copy link
Contributor

@greptile-apps greptile-apps bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

8 files reviewed, 2 comments

Edit Code Review Agent Settings | Greptile

Inovvia and others added 2 commits January 15, 2026 10:23
@Inovvia @greptile-apps
Update extensions/audio-device/src/helpers.tsx
8ee129b 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@Inovvia @greptile-apps
Update extensions/audio-device/src/platform/windows.ts
3cd67ec 
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
@0xdhrv 0xdhrv mentioned this pull request Jan 15, 2026
Closed
5 tasks
@raycastbot
Copy link
Collaborator

raycastbot commented Jan 29, 2026

This pull request has been automatically marked as stale because it did not have any recent activity.

It will be closed if no further activity occurs in the next 7 days to keep our backlog clean 😊

@raycastbot raycastbot added the status: stalled Stalled due inactivity label Jan 29, 2026
@Inovvia
Copy link
Author

Inovvia commented Jan 29, 2026

Bumping so it doesn't auto close :3

@raycastbot raycastbot removed the status: stalled Stalled due inactivity label Jan 29, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mathieudutour mathieudutour Awaiting requested review from mathieudutour mathieudutour is a code owner

@thomaspaulmann thomaspaulmann Awaiting requested review from thomaspaulmann thomaspaulmann is a code owner

@pernielsentikaer pernielsentikaer Awaiting requested review from pernielsentikaer pernielsentikaer is a code owner

1 more reviewer

@greptile-apps greptile-apps[bot] greptile-apps[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@0xdhrv 0xdhrv

@pernielsentikaer pernielsentikaer

Labels

extension: audio-device Issues related to the audio-device extension extension fix / improvement Label for PRs with extension's fix improvements platform: macOS platform: Windows

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Inovvia @raycastbot @0xdhrv @pernielsentikaer @Inovvvia