fix(desktop): improve AppImage icons and remote environment#2538
fix(desktop): improve AppImage icons and remote environment#2538mwolson wants to merge 24 commits into
Conversation
|
Important Review skippedAuto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the ⚙️ Run configurationConfiguration used: Repository UI Review profile: CHILL Plan: Pro Run ID: You can disable this status message by setting the Use the checkbox below for a quick retry:
✨ Finishing Touches🧪 Generate unit tests (beta)
Tip 💬 Introducing Slack Agent: The best way for teams to turn conversations into code.Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.
Built for teams:
One agent for your entire SDLC. Right inside Slack. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
github-actions
Bot
added
vouch:unvouched
mwolson
changed the title
ApprovabilityVerdict: Needs human review This PR introduces substantial new capabilities including Linux secret storage handling, a new IPC method for removing saved environments, and schema changes to auth contracts. An unresolved review comment questions whether layer restructuring affects Electron initialization order, which needs verification. You can customize Macroscope's approvability policy. Learn more. |
mwolson
force-pushed
the
fix/linux-secret-store-backend
branch
from
dba46b4 to
bfc4a7c
Compare
Before (missing icon)Missing icon (works in shelly, doesn't work when appimage is launched directly, or with AppImageLauncher): 
Before (secret manager)Error when trying to add environment: 
|
After (icons fix)Launched appimage directly after chmod +x on it: 
After (secrets-manager fix)
|
![cursor[bot]](https://avatars.githubusercontent.com/in/1210556?s=60&v=4){kind=small}
|
can you resolve conflcits here? |
…ore-backend # Conflicts: # apps/desktop/src/desktopSettings.test.ts # apps/desktop/src/desktopSettings.ts # apps/desktop/src/main.ts
|
icon looks like this for me on ubuntu? |
mwolson
changed the title
mwolson
changed the title
github-actions
Bot
added
size:XL
mwolson
changed the title
| registerDesktopSchemePrivilegesSync, | ||
| ).pipe(Effect.withSpan("desktop.electron.protocol.registerSchemePrivileges")); | ||
|
|
||
| export const layerSchemePrivileges = Layer.effectDiscard(registerDesktopSchemePrivileges); |
There was a problem hiding this comment.
the way the layers were setup this ran before electron setup. not sure if you changed some layer structure so that's no longer the case?
There was a problem hiding this comment.
Yep, that ordering is still preserved. main.ts now calls configureElectronBeforeReady() synchronously at module startup, before building the Effect runtime/layers and before NodeRuntime.runMain.
I kept only the pre-ready Electron requirements there: registerSchemesAsPrivileged plus the Linux command-line switches. The file protocol handler still registers later after whenReady.
|
@juliusmarminge fixed the issues you mentioned and re-smoked it on my end. If you don't want the AGENTS.md changes around Effect (or want different content there) let me know. |
|
I can look at it in a bit, but there's nothing that says that just cause it should run before electron it must run synchronously at module scope? The layer graph before was setup so that the protocol was the first thing that executed before the main effect program? Was there an issue with that? We create the electron app inside the effect program ye? |
Good points; I moved this back into the Effect startup graph as an explicit first layer with |
There was a problem hiding this comment.
Cursor Bugbot has reviewed your changes and found 1 potential issue.
❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.
Reviewed by Cursor Bugbot for commit 8863f9e. Configure here.
|
@juliusmarminge I've addressed the earlier feedback, merged latest main, and went through several rounds of bugbot feedback, so it's ready for another look as time allows. |
2 participants
Summary
ready, including--password-store, Wayland/X11 app class, and desktop scheme privileges.DBUS_SESSION_BUS_ADDRESS, so GNOME Keyring/libsecret is reachable when launching outside GNOME.Closes #2331.
Fixes #2539.
Diagnosis
The icon issue came from Linux AppImage builds staging only a single large
icon.png. This PR stages a directory of standard icon sizes (16,22,24,32,48,64,128,256, and512) and points electron-builder at that directory. CI installs ImageMagick for Linux release builds so those sizes can be generated reliably.The credential-store failure came from Electron selecting a non-encrypting Linux
safeStoragebackend when running under desktop environments it does not recognize, such as Niri. The app was also relying on shell/session environment values that may not be present when launched from an AppImage or desktop entry.This PR moves the Linux Electron setup into the synchronous process bootstrap path so it happens before Electron emits
ready, which is required for--password-storeand privileged protocol registration to take effect. It also imports enough login/session environment to reach the user's DBus session bus and falls back to/run/user/$UID/buswhen appropriate.While testing the remote flow, two separate persistence issues showed up:
DateTime.Utcvalues.Scope
This is intentionally focused on Linux desktop/AppImage remote environment reliability. It does not change remote server behavior, and SSH process cleanup after removal remains fire-and-forget so the Settings UI does not hang if disconnect stalls.
Test plan
bun fmtbun lintbun typecheckbun run testbun run --filter @t3tools/desktop test -- DesktopEarlyElectronStartup DesktopEnvironment ElectronProtocol DesktopShellEnvironment linuxSecretStoragebun run --filter @t3tools/desktop test -- DesktopSavedEnvironmentsbun run --filter @t3tools/web test -- localApi service.addSavedEnvironment catalogbun run dist:desktop:linux16,22,24,32,48,64,128,256, and512.T3CODE_HOMEisolated.passwordStore: gnome-libsecret,backend: gnome_libsecret, andencryptionAvailable: true.remote-game, and ran a trivial task on it.remote-game, reinstalled/restarted, and confirmed the saved environment did not come back.Note
Medium Risk
Touches Electron pre-
readybootstrap behavior, secret-storage/persistence flows, and shared auth date schemas, so regressions could affect Linux startup or remote environment pairing/removal.Overview
Improves Linux desktop/AppImage packaging by generating a standard multi-size
icons/set during artifact builds (via ImageMagick) and updating release CI to install ImageMagick on Linux.Reworks Linux desktop startup to apply Electron switches before
ready(DBus session bus fallback,--password-store, WM_CLASS, and synchronous protocol privilege registration), adds a persistedlinuxPasswordStoresetting plus secret-storage backend diagnostics/remediation, and hydrates additional session env vars (notablyDBUS_SESSION_BUS_ADDRESS).Hardens saved environment and remote pairing flows: contracts now decode auth
expiresAtfrom ISO strings, desktop/web add aremoveSavedEnvironmentIPC/API for atomic registry+secret removal, and web rollback logic preserves original credential-persistence errors when registry rollback fails.Reviewed by Cursor Bugbot for commit d2d658c. Bugbot is set up for automated code reviews on this repo. Configure here.
Note
Generate multi-size AppImage icons and improve Linux remote environment handling
icons/directory (build-desktop-artifact.ts), replacing the singleicon.png; the release workflow installs ImageMagick on Linux CI runnersremoveSavedEnvironmentend-to-end: new IPC channel, desktop bridge method, persistence layer handler, and web-sideLocalApimethod with browser fallbackremoveSavedEnvironmentin service.ts now deletes the persisted record and updates in-memory state before non-blocking SSH cleanup; SSH cleanup failures are logged rather than surfacedDBUS_SESSION_BUS_ADDRESSis now hydrated from the default unix socket path when unset, and additional XDG/desktop variables are propagated from the login shellAuth*Result.expiresAtschemas changed fromDateTimeUtctoDateTimeUtcFromStringto correctly parse ISO string responsesexpiresAtschema change is a breaking behavioral change for any consumers expecting a pre-parsedDateobject rather than parsing from a stringMacroscope summarized d2d658c.