Commit Graph

3 Commits

Author SHA1 Message Date
jared f883781c1f fix(security+audit): strip latent RCE grants, opener allowlist, GDI leaks, CI hardening
From the deep-audit wave (reviewer-verified: capability identifiers valid, no
removed-crate references, GDI free ordering correct):

- Removed 8 never-registered plugins (clipboard-manager, fs, shell, http,
  process, os, dialog, global-shortcut) from Cargo.toml AND their capability
  grants (shell:allow-execute, unscoped fs writes, http:default, …) — verified
  the web never invokes any of them. A latent RCE-class surface is gone.
- on_new_window: only http/https/mailto reach the OS opener (file:///custom
  schemes previously bypassed the opener capability scope entirely).
- set_badge_count: freed hdc + hdc_screen on all three GDI error paths
  (leaked per badge update in a long-running tray app).
- 8s reveal failsafe gated by an AtomicBool: no longer re-shows a window the
  user closed to tray; page-load reveal now fires once only (logout reloads
  don't re-surface a tray-hidden window); recovery for a missed page-load
  event preserved.
- toast.rs: store pruned on Activated too + capped at 20 (was unbounded).
- Startup no longer panics when the bundled icon is missing (tray skipped
  gracefully); msSmartScreenProtection no longer disabled (throttling
  disables kept); rust-version corrected to 1.77.2.
- release.yml update-manifest: fails on empty signatures (was: could publish
  a manifest that traps Windows users in a failed-update loop); partial-
  failure window documented. Deleted the stale upstream tauri.yml workflow.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-07-02 08:49:07 -04:00
jared 5da2069eba feat: Windows-native desktop polish (tray, single-instance, deep links, Mica, installer)
Build Lotus Chat Desktop / prepare (push) Successful in 3s
Build Lotus Chat Desktop / build-linux (push) Failing after 14m12s
Build Lotus Chat Desktop / build-windows (push) Failing after 22m14s
Build Lotus Chat Desktop / update-manifest (push) Has been skipped
- System tray with Open/Quit menu + left-click toggle; closing the window now
  minimizes to tray instead of quitting, so notifications keep arriving.
- Single-instance: a second launch focuses the running window (and forwards a
  matrix: link) instead of colliding on the localhost port.
- Window: 1100x720 default, 480x600 min, centered first run; starts hidden and
  shows on page-load to kill the white launch flash (8s failsafe).
- matrix: deep links via tauri-plugin-deep-link -> dispatched to the web client
  (useDeepLinkNavigate) for both cold-start and already-running cases.
- Windows 11 Mica backdrop (subtle; app paints opaque TDS bg).
- NSIS installer: per-user install (no UAC), downloadBootstrapper.
- Remove dead/broken src/menu.rs.
- Bump cinny submodule to 053b364a (deep-link web handler).

Note: Rust not compiled locally (no toolchain / Windows-only paths); verified by
careful API review against tauri 2.10 — needs a real 'tauri build' to confirm.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
2026-06-13 18:52:37 -04:00
Krishan d15e86a176 Update Tauri from v1 to v2 (#496)
* Upgrade tauri to v2

* update action and disable menu

* Add args to workflow step in test.yml

* Rename environment variables for Tauri signing

* Change mainBinaryName from 'Cinny' to 'cinny'

* Update linux file names to use 'Cinny' instead of 'cinny'

* Upgrade Tauri action to v0.6.1 and fix targets

Updated Tauri action version and corrected target specification.
2026-03-03 23:16:04 +11:00