Your shell history: synced, queryable, and in context
Go to file
David Dworken 8cd1bae710
Optimize imports for extremely large history sizes for #168 (#171)
* Swap to using iterators for uploading to avoid storing all chunks in memory

* Chunk uploads for reuploading

* Revert "Swap to using iterators for uploading to avoid storing all chunks in memory"

This reverts commit 632ecc5c81.

* Make hishtory install work even if there is zero shell history on the device

* Skip DD integration for m1 mac since it seems to fail for mysterious beta-related reasons

* Log OpenAI error to debug log for #167

* Release v0.269

* Add explicit handling for 429 error code from OpenAI

* Release v0.270

* Fix handling of new lines in commands for #163 (#170)

* Fix handling of new lines in commands for #163

* Move code for table from lib.go to query.go

* Update goldens

* Release v0.271

* Properly silence which output to fix #166

* Release v0.272

* Add || true to fully fix #166

* Release v0.273

* Improve install.py script to attempt to detect when /tmp/ is noexec (#172)

* Improve install.py script to attempt to detect when /tmp/ is noexec

* Add test to install from python script at HEAD

* Remove incorrect duplicated line

* Delete the tmp hishtory-client download since it may be dropped in CWD rather than /tmp/

* Add basic smoke test to provide test coverage for other distros (#174)

* Fix quotes on container names

* More tweaks for smoke testing

* Skip setting the hostname for smoke tests since we don't need it

* Dependencies for smoke testing

* Add cgo deps

* Install killall command

* Add two more distros for smoke testing

* Add smoke tests for arch

* Update distro-smoke-test.yml

* Remove sudo since the arch container runs as root

* Drop sudo for OpenSUSE

* Update install commands for OpenSUSE and Arch

* More tweaks to install commands

* Update arch install command

* Remove OpenSUSE since their package repos are currently returning 500 errors

* Add another dep for arch

* Move up os.remove so that the file is removed even if it fails to execute

* Move function to start of python file to make it more idiomatic

* Update go action to enable caching of dependencies

* Run integration tests in parallel to speed up testing (#175)

* Remove a few direct DB insertions to prepare for parallel tests

* Revert "Remove a few direct DB insertions to prepare for parallel tests"

This reverts commit f8a3552ad8.

* Add rudimentary experiment of splitting tests into two chunks to make them faster

* Add missing tag

* Remove code that enforces that all goldens are used, since it is incompatible with how tests are currently split into chunks

* Lay out the framework for checking goldens being used across all test runs

* Fix missing brace

* Revert "Remove code that enforces that all goldens are used, since it is incompatible with how tests are currently split into chunks"

This reverts commit 06cc3eedbc.

* Add initial work towards checking that all goldens are used

* Delete incorrect and unreferenced matrix

* Upgrade actions/upload-artifact to see if that makes the download in the next job work

* Alternatively, try downloading the artifact by name

* Update golden checker to read all the golden artifacts

* Swap to using glob to enumerate all golden files, rather than hardcoding them

* Remove debugging commands

* Remove goldens that are actually used

* Remove another golden that is actually used

* Add more comprehensive support for test sharding

* Fix references to test shards and increase shard count

* Shard the fuzz test

* Add debug prints

* Mark additional tests for sharding

* Fix logic error that broke test sharding

* Remove debug print

* Fix incorrect logic with skipping the fuzz test

* Move sharding functions to testutils and add some comments

* Upgrade all setup-go actions to enable caching of deps

* Remove goldens that don't exist

* Remove new line

* Reduce delay

* Correct stage name

* Remove incorrect skip code from the first version of sharding

* Remove unused import

* Reduce number of test shards to match GitHub's limit of 5 concurrent macos jobs

* Use cask for installing homebrew to speed up github actions

* More cleanup for unused goldens

* Swap away from brew cask since it appears to be slower

* Add sync server to status -v #176 so that self-hosted users can easily confirm they're using the self-hosted server (#178)

* Release v0.274

* Make bash support lenient with empty history lines, which seems to happen for the first command or two of new installs

* Remove unnecessary sub-shell, since we just need a truthy value here

* Release v0.275

* Add web UI for querying history from the browser (#180)

As requested in #176 and #147 

* Add initail version of a web UI for querying history from the browser

* Rename webui command

* Add basic test for the web UI

* Add README for the web UI

* Add basic auth for the web server

* Add status code when panic-ing

* Release v0.276

* Add ability to disable auth and force specific creds for the web UI

* Add cleaning for integration test devices to remove DB entries

* Wire through the shell name into AI suggestions so that we can get more precise AI suggestions for the current shell

* Add support for control-A and control-E shortcuts similar to GNU readline

* Allow register new device when exceed user limit when user already exist (#181)

* Add basic readline-like support for using control-left and control-right to scroll horizontally by one word at a time

* Release v0.277

* Improve word boundary algorithm to ignore previous spaces so that control+arrow-keys will skip over repeated spaces

* Update colored golden

* Update test golden

* Update golden

* Disable colored output tests

* Add updated goldens

* Delete temporarily unused goldens

* Delete an unused file

* Bump github.com/jackc/pgx/v4 from 4.14.1 to 4.18.2 (#189)

Bumps [github.com/jackc/pgx/v4](https://github.com/jackc/pgx) from 4.14.1 to 4.18.2.
- [Changelog](https://github.com/jackc/pgx/blob/v4.18.2/CHANGELOG.md)
- [Commits](https://github.com/jackc/pgx/compare/v4.14.1...v4.18.2)

---
updated-dependencies:
- dependency-name: github.com/jackc/pgx/v4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump google.golang.org/protobuf from 1.28.1 to 1.33.0 (#191)

Bumps google.golang.org/protobuf from 1.28.1 to 1.33.0.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Upgrade SLSA releaser due to github.com/slsa-framework/slsa-github-generator/issues/3350

* Release v0.278

* Update slsa-verifier to attempt to fix SLSA breakage

* Release v0.279

* Release v0.280

* Add better error message for SLSA failures

* Disable validation so we can push out a working binary even though SLSA is broken

* Release v0.281

* Fully disable validation to allow an emergency release due to SLSA breakage

* Release v0.282

* Update cosign too to fix slsa breakage from https://blog.sigstore.dev/tuf-root-update/

* Release v0.283

* Release v0.284

* Fix go.mod version after cosign upgrade

* Update go.sum after cosign update

* Release v0.285

* Re-enable SLSA verification now that we've updated the SLSA version throughout the repo

* Release v0.286

* Disable validation with local build since it seems to fail for some reason

* Add SLSA validation with current binary built by SLSA

* Set up tmate session to debug slsa releaser

* Add SLSA failure warning for versions broken by SLSA

* Remove tmate session for debugging

* Release v0.287

* Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 (#197)

Bumps gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3.

---
updated-dependencies:
- dependency-name: gopkg.in/go-jose/go-jose.v2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add support for horizontal scrolling of all columns for #188 (#195)

* Bump github.com/docker/docker (#193)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.7+incompatible to 24.0.9+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.7...v24.0.9)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/sigstore/rekor from 1.0.0 to 1.2.0 (#91)

Bumps [github.com/sigstore/rekor](https://github.com/sigstore/rekor) from 1.0.0 to 1.2.0.
- [Release notes](https://github.com/sigstore/rekor/releases)
- [Changelog](https://github.com/sigstore/rekor/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sigstore/rekor/compare/v1.0.0...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/sigstore/rekor
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add ability to configure custom OpenAI API endpoint for #186 (#194)

* Add ability to configure custom OpenAI API endpoint for #186

* Ensure the AiCompletionEndpoint field is always initialized

* Release v0.288

* Enable colored golden tests for linux (#184)

* Enable golden tests for linux and ensure all goldens get saved as outputs

* Swap in OS specific goldens

* Update colored goldens to take into account OS version, since different macos versions have different behavior here

* Update goldens

* Re-enable golden tests

* Add missing golden

* Empty commit

* Remove linux kernel version from OS name

* Remove minor version numbers from os versions for golden files for tests

* Continue-on-error for the DD setup since it will also fail if colima fails

* Add test for horizontal scrolling other columns for #188

* Add support for forcing init without prompting via --force flag for #198

* Clean up: Remove duplicated code by calling existing utility function

* Add mouse scrolling support for #200

* Revert "Add mouse scrolling support for #200" since it breaks the ability to highlight text

This reverts commit 7d9bb6654d.

* Release v0.289

* Add benchmarking for searching for #202

* Add index of start time so that queries with a LIMIT clause can avoid a full table scan (for #202)

* Release v0.290

* Add --port flag for the web UI for #203

* Add additional test for smoke tests to cover syncing

* Move extra delay to a separate job to avoid wasting GH action quota by sleeping in duplicated jobs

* Release v0.291

* Revert "Add additional test for smoke tests to cover syncing"

This reverts commit 514d95ba4e.

* Fix double-syncing error where devices receive entries from themselves #202 (#204)

* Fix double-syncing error where devices receive entries from themselves

* Fix incorrect error message

* Add TODO

* Update TestESubmitThenQuery after making query more efficient

* Update TestDeletionRequests and remove unnecessary asserts

* Swap server_test.go to using require

* Fix incorrect require due to typo

* Slow down gif per feedback in #199

* Update bubbletea to include 2b46020ca0725219da1a7d7969fa85c486181258 since it seems to help fix #185

* Fix test broken by 7ae9f15b by making sure input is sent and processed as separate events

* Fix test broken by 7ae9f15b by making sure input is sent and processed as separate events

* Fix test broken by 7ae9f15b by making sure input is sent and processed as separate events and updating the golden to reflect this

* Release v0.292

* Bump golang.org/x/net from 0.22.0 to 0.23.0 (#206)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.22.0 to 0.23.0.
- [Commits](https://github.com/golang/net/compare/v0.22.0...v0.23.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Remove darwin-21 goldens since they're no longer used now that GH upgraded their macos image (#210)

* Update backend to avoid persisting entries to be read by devices that have been uninstalled

* Add support for custom key bindings for #190 (#209)

* Add support for custom key bindings for #190

* Add tests for configuring custom key bindings

* Simplify key bindings test

* Add docs on custom key bindings + error message for unhandled actions

* Fix condition added in d6a60214a2 to also apply to rows with the go 'empty' value and not just null

* Add support for enabling/disabling syncing post-install

* Release v0.293

* fix: close file (#213)

* Release v0.294

* Move docs on custom key bindings to a more logical location

* Fix duplicate pre-saving issue reported in #215

* Revert "Fix duplicate pre-saving issue reported in #215"

This reverts commit 336b331687.

* Fix duplicate pre-saving issue reported in #215 (#217)

* Release v0.295

* Add full fix for #215 along with a test to reproduce the issue (#218)

* Release v0.296

* Add ability to skip config modifications for #212 (#216)

* Add ability to skip config modifications

* Update golden names to fork on OS

* Remove incorrect newline in golden

* Add README documentation for default-filter

* Update title for section

* Release v0.297

* Add basic fix for #225 by escaping tab characters before rendering

This is a tricky bug to fix because the width of a tab character varies depending on context. This means that when we're trying to build a table and calculating the width of columns for budgeting, we can't actually know the width of a tab without knowing exactly what characters come before it. This is in theory doable, but it leads to some really complex code that I'd rather not adopt.

* Release v0.298

* Bump github.com/hashicorp/go-retryablehttp from 0.7.2 to 0.7.7 (#223)

Bumps [github.com/hashicorp/go-retryablehttp](https://github.com/hashicorp/go-retryablehttp) from 0.7.2 to 0.7.7.
- [Changelog](https://github.com/hashicorp/go-retryablehttp/blob/main/CHANGELOG.md)
- [Commits](https://github.com/hashicorp/go-retryablehttp/compare/v0.7.2...v0.7.7)

---
updated-dependencies:
- dependency-name: github.com/hashicorp/go-retryablehttp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add additional fallback method for retrieving the CWD to further improve the situation for #226

* Explicitly install openssl to see if it fixes smoke test errors on arch

* Add integration test for #226

* Release v0.299

* Update macos version for signer since GH dropped support for macos 11

* Release v0.300

* Swap to macos-latest to see if GH has more quota for that tag

* Release v0.301

* Release v0.302

* Upgrade to setup-go@v4 for automatic caching support

* Revert "Remove OpenSUSE since their package repos are currently returning 500 errors"

This reverts commit 62700605d7.

* Install git and tar for opensuse smoke tests

* Link /bin/sh for opensuse smoke tests

* Remove opensuse smoke tests

* use http.DefaultClient (#232)

* Add new short name for "ExitCode" - "$?" (#228)

* Add more short column name alternatives similar to #228

* add forceComapctMode config entry (#237)

* Add docs in readme to call out shorter column names as added in #228

* Change compact-mode setting that was added in #237 to respect the convention of taking in an argument

* Add config-get compact-mode command (as needed by #237)

* Move checking of forced compact mode into helper functions to ensure it is checked everywhere (follow up to #237)

* Add test for forced compact mode (from #237)

* ai: add some new env variables to control OpenAI requests (#231)

Co-authored-by: David Dworken <david@daviddworken.com>

* Update incorrect docs on ClientConfig struct

* Add ability for the client to configure the model via an environment variable

* Bump github.com/docker/docker (#236)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.9+incompatible to 25.0.6+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v24.0.9...v25.0.6)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* run "make fmt" (#233)

* Add make fmt to pre-commit

* Fix import

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Nguyễn Hoàng Đức <lazyc97@tutanota.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: guangwu <guoguangwu@magic-shield.com>
Co-authored-by: Pavel Griaznov <grbitt@gmail.com>
2024-08-25 18:07:47 -07:00
.github Update test goldens + drop duplicate macos version from go tests 2024-08-25 16:04:55 -07:00
backend Fix test broken by 05c71b2f2 2024-08-25 14:44:47 -07:00
client Optimize imports for extremely large history sizes for #168 (#171) 2024-08-25 18:07:47 -07:00
scripts Add ability to configure custom OpenAI API endpoint for #186 (#194) 2024-03-26 22:13:57 -07:00
shared Add make fmt to pre-commit 2024-08-11 12:26:09 -07:00
.dockerignore Revert "Remove no longer used dot files" 2022-10-15 14:36:29 -07:00
.errcheck_excludes.txt Close dd stats 2023-10-23 19:26:25 -07:00
.gitignore Optimize imports for extremely large history sizes for #168 (#171) 2024-08-25 18:07:47 -07:00
.pre-commit-config.yaml go get -u + fix build error 2024-08-25 14:39:57 -07:00
demo.vhs Update demo gif to show the most recent TUI 2023-10-14 18:43:04 -07:00
go.mod Fix test broken by 05c71b2f2 2024-08-25 14:44:47 -07:00
go.sum Fix test broken by 05c71b2f2 2024-08-25 14:44:47 -07:00
hishtory.go Add TODO 2023-10-21 09:48:36 -07:00
LICENSE Create LICENSE 2022-09-24 01:03:16 -07:00
Makefile Add make fmt to pre-commit 2024-08-11 12:26:09 -07:00
README.md Add docs in readme to call out shorter column names as added in #228 2024-08-11 11:38:00 -07:00
VERSION Release v0.305 2024-08-25 16:47:59 -07:00

hiSHtory: Better Shell History

hishtory is a better shell history. It stores your shell history in context (what directory you ran the command in, whether it succeeded or failed, how long it took, etc). This is all stored locally and end-to-end encrypted for syncing to to all your other computers. All of this is easily queryable via the hishtory CLI. This means from your laptop, you can easily find that complex bash pipeline you wrote on your server, and see the context in which you ran it.

demo

Getting Started

To install hishtory on your first machine:

curl https://hishtory.dev/install.py | python3 -

At this point, hishtory is already managing your shell history (for bash, zsh, and fish!). Give it a try by pressing Control+R and see below for more details on the advanced search features.

Then to install hishtory on your other computers, you need your secret key. Get this by running hishtory status. Once you have it, you follow similar steps to install hiSHtory on your other computers:

curl https://hishtory.dev/install.py | python3 -
hishtory init $YOUR_HISHTORY_SECRET

Now if you press Control+R on first computer, you can automatically see the commands you've run on all your other computers!

Features

Querying

You can then query hiSHtory by pressing Control+R in your terminal. Search for a command, select it via Enter, and then have it ready to execute in your terminal's buffer. Or just hit Escape if you don't want to execute it after all.

Both support the same query format, see the below annotated queries:

Query Explanation
psql Find all commands containing psql
psql db.example.com Find all commands containing psql and db.example.com
"docker run" hostname:my-server Find all commands containing docker run that were run on the computer with hostname my-server
nano user:root Find all commands containing nano that were run as root
exit_code:127 Find all commands that exited with code 127
service before:2022-02-01 Find all commands containing service run before February 1st 2022
service after:2022-02-01 Find all commands containing service run after February 1st 2022

For true power users, you can even query directly in SQLite via sqlite3 -cmd 'PRAGMA journal_mode = WAL' ~/.hishtory/.hishtory.db.

Enable/Disable

If you want to temporarily turn on/off hiSHtory recording, you can do so via hishtory disable (to turn off recording) and hishtory enable (to turn on recording). You can check whether or not hishtory is enabled via hishtory status.

Deletion

hishtory redact can be used to delete history entries that you didn't intend to record. It accepts the same search format as hishtory query. For example, to delete all history entries containing psql, run hishtory redact psql.

Alternatively, you can delete items from within the terminal UI. Press Control+R to bring up the TUI, search for the item you want to delete, and then press Control+K to delete the currently selected entry.

Updating

To update hishtory to the latest version, just run hishtory update to securely download and apply the latest update.

Advanced Features

AI Shell Assistance

If you are ever trying to figure out a shell command and searching your history isn't working, you can query ChatGPT by prefixing your query with ?. For example, press Control+R and then type in ? list all files larger than 1MB:

demo showing ChatGPT suggesting the right command

If you would like to:

  • Disable this, you can run hishtory config-set ai-completion false
  • Run this with your own OpenAI API key (thereby ensuring that your queries do not pass through the centrally hosted hiSHtory server), you can run export OPENAI_API_KEY='...'
TUI key bindings

The TUI (opened via Control+R) supports a number of key bindings:

Key Result
Left/Right Scroll the search query left/right
Up/Down Scroll the table up/down
Page Up/Down Scroll the table up/down by one page
Shift + Left/Right Scroll the table left/right
Control+K Delete the selected command

Press Control+H to view a help page documenting these.

You can also customize hishtory's key bindings for the TUI. Run hishtory config-get key-bindings to see the current key bindings. You can then run hishtory config-set key-bindings $action $keybinding to configure custom key bindings.

Changing the displayed columns

You can customize the columns that are displayed via hishtory config-set displayed-columns. For example, to display only the cwd and command:

hishtory config-set displayed-columns CWD Command

The list of supported columns are: Hostname, CWD, Timestamp, Runtime, ExitCode, Command, and User (along with any custom columns).

Many of the column names also support custom shorter column names to save space. For example, rather than having a column named Exit Code, it can be referenced as $? to save space. See here for the full list of column names that can be used.

Custom Columns

You can create custom column definitions that are populated from arbitrary commands. For example, if you want to create a new column named git_remote that contains the git remote if the cwd is in a git directory, you can run:

hishtory config-add custom-columns git_remote '(git remote -v 2>/dev/null | grep origin 1>/dev/null ) && git remote get-url origin || true'
hishtory config-add displayed-columns git_remote
Custom Color Scheme

You can customize hishtory's color scheme for the TUI. Run hishtory config-set color-scheme to see information on what is customizable and how to do so.

Disabling Control+R integration

If you'd like to disable the Control+R integration in your shell, you can do so by running hishtory config-set enable-control-r false. If you do this, you can then manually query hiSHtory by running hishtory query <YOUR QUERY HERE>.

Default search filters

By default, hiSHtory query will show all results for your search query. But, it is possible to configure a default filter that will apply to all searches by default. For example, this can be used to configure hiSHtory to only show entries with an exit code of 0:

hishtory config-set default-filter exit_code:0
Filtering duplicate entries

By default, hishtory query will show all results even if this includes duplicate history entries. This helps you keep track of how many times you've run a command and in what contexts. If you'd rather disable this so that hiSHtory won't show duplicate entries, you can run:

hishtory config-set filter-duplicate-commands true
Offline Install Without Syncing

If you don't need the ability to sync your shell history, you can install hiSHtory in offline mode:

curl https://hishtory.dev/install.py | HISHTORY_OFFLINE=true python3 -

This disables syncing completely so that the client will not rely on the hiSHtory backend at all. You can also change the syncing status via hishtory syncing enable or hishtory syncing disable.

Self-Hosting

By default, hiSHtory relies on a backend for syncing. All data is end-to-end encrypted, so the backend can't view your history.

But if you'd like to self-host the hishtory backend, you can! The backend is a simple go binary in backend/server/server.go (with prebuilt binaries here). It can either use SQLite or Postgres for persistence.

To make hishtory use your self-hosted server, set the HISHTORY_SERVER environment variable to the origin of your self-hosted server. For example, put export HISHTORY_SERVER=http://my-hishtory-server.example.com at the end of your .bashrc.

Check out the docker-compose.yml file for an example config to start a hiSHtory server using Postgres.

A few configuration options:

  • If you want to use a SQLite backend, you can do so by setting the HISHTORY_SQLITE_DB environment variable to point to a file. It will then create a SQLite DB at the given location.
  • If you want to limit the number of users that your server allows (e.g. because you only intend to use the server for yourself), you can set the environment variable HISHTORY_MAX_NUM_USERS=1 (or to whatever value you wish for the limit to be). Leave it unset to allow registrations with no cap.
Importing existing history

hiSHtory imports your existing shell history by default. If for some reason this didn't work (e.g. you had your shell history in a non-standard file), you can import it by piping it into hishtory import (e.g. cat ~/.my_history | hishtory import).

Custom timestamp formats

You can configure a custom timestamp format for hiSHtory via hishtory config-set timestamp-format '2006/Jan/2 15:04'. The timestamp format string should be in the format used by Go's time.Format(...).

Web UI for sharing

If you'd like to temporarily allow someone else to search your shell history, you can start a web server via hishtory start-web-ui. This will expose a basic (password-protected) web UI on port 8000 where they can query your history:

demo showing the web UI searching for git

Note that this uses HTTP Basic Auth, so the credentials are sent over your local network via HTTP.

Customizing the install folder

By default, hiSHtory is installed in ~/.hishtory/. If you want to customize this, you can do so by setting the HISHTORY_PATH environment variable to a path relative to your home directory (e.g. export HISHTORY_PATH=.config/hishtory). This must be set both when you install hiSHtory and when you use hiSHtory, so it is recommend to set it in your .bashrc/.zshrc/.fishrc before installing hiSHtory.

Viewing debug logs

Debug logs are stored in ~/.hishtory/hishtory.log. If you run into any issues, these may contain useful information.

Uninstalling

If you'd like to uninstall hishtory, just run hishtory uninstall. Note that this deletes the SQLite DB storing your history, so consider running a hishtory export first.

Note that if you're experiencing any issues with hiSHtory, try running hishtory update first! Performance and reliability is always improving, and we highly value your feedback.

Design

The hishtory CLI is written in Go. It hooks into the shell in order to track information about all commands that are run. It takes this data and saves it in a local SQLite DB managed via GORM. This data is then encrypted and sent to your other devices through a backend that essentially functions as a one-to-many queue. When you press press Control+R or run hishtory query, a SQL query is run to find matching entries in the local SQLite DB.

Syncing Design

See hiSHtory: Cross-device Encrypted Syncing Design to learn how syncing works. The tl;dr is that everything magically works so that:

  • The backend can't read your history.
  • Your history is queryable from all your devices.
  • You can delete items from your history as needed.
  • If you go offline, you'll have an offline copy of your history. And once you come back online, syncing will transparently resume.

Contributing

Contributions are extremely welcome! I appreciate all contributions in terms of both issues (please let me know about any bugs you find!) and PRs.

If you're making code contributions, check out make help for some information on some useful commands. Namely, note that my general dev workflow consists of:

  • Make some local changes (e.g. to fix a bug or add a new feature)
  • Run make local-install to build and install your local version (note that this won't mess up your current hishtory DB!)
  • ... Repeat until you're happy with your change ...
  • Write some tests for your change. Unit tests are great, but we also have a large number of integration tests in client_test.go
    • Note that the hishtory tests are quite thorough, so running them locally is quite time consuming (and some of them only work on Github Actions). Instead, I recommend using make ftest (see make help for information on this) to run the specific tests that you're adding/changing.
  • Open a PR on Github! Once you open the PR, I'll take a look and will trigger Github Actions to run all the tests which will ensure that your change doesn't lead to any reggressions.
  • [Optional] If you want to switch back to the latest released version (rather than your local change), run hishtory update
  • Merge the PR! 🎉

Security

hishtory is a CLI tool written in Go and uses AES-GCM for end-to-end encrypting your history entries and syncing them. The binary is reproducibly built and SLSA Level 3 to make it easy to verify you're getting the code contained in this repository.

This all ensures that the minimalist backend cannot read your shell history, it only sees encrypted data. hiSHtory also respects shell conventions and will not record any commands prefixed with a space.

If you find any security issues in hiSHtory, please reach out to david@daviddworken.com.