From 68f1bff93bdca47eae6e1e38edcd9f0de8b3e9eb Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:23:07 -0700
Subject: [PATCH 01/11] fix: prevent path traversal, enable CSP, and harden URL
 domain extraction

Validate that resolved list paths stay within the workspace root to prevent
directory traversal via malicious list names. Enable Content Security Policy
in Tauri config instead of leaving it null. Fix CLI domain extraction to
strip userinfo (user:pass@) from URLs before using as keyring service name.
---
 apps/tauri/src-tauri/tauri.conf.json |  2 +-
 crates/onyx-cli/src/commands/sync.rs | 24 ++++++++++++----------
 crates/onyx-core/src/storage.rs      | 30 ++++++++++++++++++++++++----
 3 files changed, 40 insertions(+), 16 deletions(-)

diff --git a/apps/tauri/src-tauri/tauri.conf.json b/apps/tauri/src-tauri/tauri.conf.json
index 1613341..83a6a4b 100644
--- a/apps/tauri/src-tauri/tauri.conf.json
+++ b/apps/tauri/src-tauri/tauri.conf.json
@@ -23,7 +23,7 @@
       }
     ],
     "security": {
-      "csp": null
+      "csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; connect-src ipc: http://ipc.localhost"
     }
   },
   "bundle": {
diff --git a/crates/onyx-cli/src/commands/sync.rs b/crates/onyx-cli/src/commands/sync.rs
index 234062d..a20d0c2 100644
--- a/crates/onyx-cli/src/commands/sync.rs
+++ b/crates/onyx-cli/src/commands/sync.rs
@@ -204,18 +204,20 @@ fn print_workspace_status(name: &str, path: &std::path::Path, webdav_url: Option
     Ok(())
 }
 
-/// Extract domain from a URL for credential storage.
+/// Extract host from a URL for credential storage.
 fn extract_domain(url: &str) -> String {
-    url.split("://")
-        .nth(1)
-        .unwrap_or(url)
-        .split('/')
-        .next()
-        .unwrap_or(url)
-        .split(':')
-        .next()
-        .unwrap_or(url)
-        .to_string()
+    // Strip scheme
+    let after_scheme = url.split("://").nth(1).unwrap_or(url);
+    // Strip path
+    let authority = after_scheme.split('/').next().unwrap_or(after_scheme);
+    // Strip userinfo (user:pass@host)
+    let host_port = if let Some(at_pos) = authority.rfind('@') {
+        &authority[at_pos + 1..]
+    } else {
+        authority
+    };
+    // Strip port
+    host_port.split(':').next().unwrap_or(host_port).to_string()
 }
 
 /// Prompt the user for text input.
diff --git a/crates/onyx-core/src/storage.rs b/crates/onyx-core/src/storage.rs
index 62bb4a2..9a41991 100644
--- a/crates/onyx-core/src/storage.rs
+++ b/crates/onyx-core/src/storage.rs
@@ -149,8 +149,30 @@ impl FileSystemStorage {
         Err(Error::ListNotFound(list_id.to_string()))
     }
 
-    fn list_dir_path_by_name(&self, name: &str) -> PathBuf {
-        self.root_path.join(name)
+    fn list_dir_path_by_name(&self, name: &str) -> Result<PathBuf> {
+        let path = self.root_path.join(name);
+        // Prevent path traversal: resolved path must stay within root
+        let canonical_root = self.root_path.canonicalize()
+            .unwrap_or_else(|_| self.root_path.clone());
+        let canonical_path = if path.exists() {
+            path.canonicalize().unwrap_or_else(|_| path.clone())
+        } else {
+            // For non-existent paths, normalize by resolving the parent
+            if let Some(parent) = path.parent() {
+                let canonical_parent = if parent.exists() {
+                    parent.canonicalize().unwrap_or_else(|_| parent.to_path_buf())
+                } else {
+                    parent.to_path_buf()
+                };
+                canonical_parent.join(path.file_name().unwrap_or_default())
+            } else {
+                path.clone()
+            }
+        };
+        if !canonical_path.starts_with(&canonical_root) {
+            return Err(Error::InvalidData(format!("Invalid list name: path escapes workspace")));
+        }
+        Ok(path)
     }
 
     fn sanitize_filename(name: &str) -> String {
@@ -371,7 +393,7 @@ impl Storage for FileSystemStorage {
     }
 
     fn create_list(&mut self, name: String) -> Result<TaskList> {
-        let list_dir = self.list_dir_path_by_name(&name);
+        let list_dir = self.list_dir_path_by_name(&name)?;
 
         if list_dir.exists() {
             return Err(Error::InvalidData(format!("List '{}' already exists", name)));
@@ -473,7 +495,7 @@ impl Storage for FileSystemStorage {
 
     fn rename_list(&mut self, list_id: Uuid, new_name: String) -> Result<()> {
         let old_dir = self.list_dir_path(list_id)?;
-        let new_dir = self.list_dir_path_by_name(&new_name);
+        let new_dir = self.list_dir_path_by_name(&new_name)?;
 
         if new_dir.exists() {
             return Err(Error::InvalidData(format!("A list named '{}' already exists", new_name)));

From 3b2cb12272f1593aba9c1964fd41157cd0053bc5 Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:23:20 -0700
Subject: [PATCH 02/11] fix: replace panicking unwrap/expect calls with
 graceful error handling

Replace .expect() in config path resolution with a fallback default.
Replace all .lock().unwrap() on Tauri AppState mutex with a helper that
converts poisoned locks into error strings. Replace .expect() on Android
app data dir with proper error propagation. Handle LAST_WRITE and WATCHER
global mutex locks gracefully. Propagate subtask cascade delete errors
instead of silently ignoring them.
---
 apps/tauri/src-tauri/src/lib.rs | 69 ++++++++++++++++++++-------------
 crates/onyx-core/src/config.rs  |  6 +--
 2 files changed, 45 insertions(+), 30 deletions(-)

diff --git a/apps/tauri/src-tauri/src/lib.rs b/apps/tauri/src-tauri/src/lib.rs
index dc02145..b94fd14 100644
--- a/apps/tauri/src-tauri/src/lib.rs
+++ b/apps/tauri/src-tauri/src/lib.rs
@@ -34,6 +34,11 @@ struct AppState {
     repo: Option<TaskRepository>,
 }
 
+/// Lock the AppState mutex, converting poisoned locks into an error string.
+fn lock_state(state: &Mutex<AppState>) -> Result<std::sync::MutexGuard<'_, AppState>, String> {
+    state.lock().map_err(|e| format!("State lock poisoned: {}", e))
+}
+
 /// Serializable sync result for the frontend.
 #[derive(Debug, Serialize, Deserialize, Clone)]
 struct SyncResult {
@@ -61,7 +66,9 @@ impl From<CoreSyncResult> for SyncResult {
 /// Suppress file watcher events for the next second (call before writes).
 #[cfg(not(target_os = "android"))]
 fn mute_watcher(_state: &mut AppState) {
-    *LAST_WRITE.lock().unwrap() = Some(Instant::now());
+    if let Ok(mut t) = LAST_WRITE.lock() {
+        *t = Some(Instant::now());
+    }
 }
 
 #[cfg(target_os = "android")]
@@ -85,13 +92,13 @@ fn ensure_repo(state: &mut AppState) -> Result<(), String> {
 
 #[tauri::command]
 fn get_config(state: State<'_, Mutex<AppState>>) -> Result<AppConfig, String> {
-    let s = state.lock().unwrap();
+    let s = lock_state(&state)?;
     Ok(s.config.clone())
 }
 
 #[tauri::command]
 fn save_config(state: State<'_, Mutex<AppState>>) -> Result<(), String> {
-    let s = state.lock().unwrap();
+    let s = lock_state(&state)?;
     s.config.save_to_file(&s.config_path).map_err(|e| e.to_string())
 }
 
@@ -101,7 +108,7 @@ fn add_workspace(
     path: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     let ws = WorkspaceConfig::new(PathBuf::from(&path));
     s.config.add_workspace(name.clone(), ws);
     s.config
@@ -119,7 +126,7 @@ fn set_current_workspace(
     name: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     s.config
         .set_current_workspace(name)
         .map_err(|e| e.to_string())?;
@@ -134,7 +141,7 @@ fn remove_workspace(
     name: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     s.config.remove_workspace(&name);
     s.repo = None;
     s.config
@@ -155,7 +162,7 @@ fn init_workspace(path: String) -> Result<(), String> {
 
 #[tauri::command]
 fn get_lists(state: State<'_, Mutex<AppState>>) -> Result<Vec<TaskList>, String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     s.repo
         .as_ref()
@@ -169,7 +176,7 @@ fn create_list(
     name: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<TaskList, String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     s.repo
@@ -184,7 +191,7 @@ fn delete_list(
     list_id: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
@@ -202,7 +209,7 @@ fn list_tasks(
     list_id: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<Vec<Task>, String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
     s.repo
@@ -220,7 +227,7 @@ fn create_task(
     parent_id: Option<String>,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<Task, String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
@@ -245,7 +252,7 @@ fn update_task(
     task: Task,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
@@ -262,7 +269,7 @@ fn delete_task(
     task_id: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let lid = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
@@ -276,7 +283,7 @@ fn delete_task(
         .map(|t| t.id)
         .collect();
     for child_id in child_ids {
-        let _ = repo.delete_task(lid, child_id);
+        repo.delete_task(lid, child_id).map_err(|e| format!("Failed to delete subtask {}: {}", child_id, e))?;
     }
     repo.delete_task(lid, tid)
         .map_err(|e| e.to_string())
@@ -288,7 +295,7 @@ fn toggle_task(
     task_id: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<Task, String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let lid = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
@@ -322,7 +329,7 @@ fn reorder_task(
     new_position: usize,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let lid = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
@@ -343,7 +350,7 @@ fn move_task(
     task_id: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let from = Uuid::parse_str(&from_list_id).map_err(|e| e.to_string())?;
@@ -362,7 +369,7 @@ fn rename_list(
     new_name: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
@@ -379,7 +386,7 @@ fn set_group_by_due_date(
     enabled: bool,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
@@ -395,7 +402,7 @@ fn get_group_by_due_date(
     list_id: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<bool, String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
     s.repo
@@ -413,7 +420,7 @@ fn set_webdav_config(
     webdav_url: String,
     state: State<'_, Mutex<AppState>>,
 ) -> Result<(), String> {
-    let mut s = state.lock().unwrap();
+    let mut s = lock_state(&state)?;
     if let Some(ws) = s.config.workspaces.get_mut(&workspace_name) {
         ws.webdav_url = Some(webdav_url);
     }
@@ -477,7 +484,7 @@ async fn sync_workspace(
 
     // Persist last_sync timestamp to config
     {
-        let mut s = state.lock().unwrap();
+        let mut s = lock_state(&state)?;
         if let Some(ws) = s.config.workspaces.get_mut(&workspace_name) {
             ws.last_sync = Some(Utc::now());
         }
@@ -504,16 +511,22 @@ fn start_watcher(handle: tauri::AppHandle, path: PathBuf) {
             });
             if !has_data_change { return; }
             // Skip if we wrote recently (self-change suppression)
-            if let Some(t) = *LAST_WRITE.lock().unwrap() {
-                if t.elapsed() < std::time::Duration::from_secs(1) { return; }
+            if let Ok(guard) = LAST_WRITE.lock() {
+                if let Some(t) = *guard {
+                    if t.elapsed() < std::time::Duration::from_secs(1) { return; }
+                }
             }
             let _ = handle.emit("fs-changed", ());
         },
     );
     match debouncer {
         Ok(mut d) => {
-            let _ = d.watcher().watch(&path, notify::RecursiveMode::Recursive);
-            *WATCHER.lock().unwrap() = Some(d);
+            if let Err(e) = d.watcher().watch(&path, notify::RecursiveMode::Recursive) {
+                eprintln!("Failed to watch path {}: {e}", path.display());
+            }
+            if let Ok(mut w) = WATCHER.lock() {
+                *w = Some(d);
+            }
         }
         Err(e) => eprintln!("Failed to start file watcher: {e}"),
     }
@@ -545,7 +558,9 @@ pub fn run() {
                 #[cfg(target_os = "android")]
                 {
                     use tauri::Manager;
-                    app.path().app_data_dir().expect("Failed to get app data dir").join("config.json")
+                    app.path().app_data_dir()
+                        .map_err(|e| format!("Failed to get app data dir: {}", e))?
+                        .join("config.json")
                 }
                 #[cfg(not(target_os = "android"))]
                 {
diff --git a/crates/onyx-core/src/config.rs b/crates/onyx-core/src/config.rs
index 9667fe3..b13a2bd 100644
--- a/crates/onyx-core/src/config.rs
+++ b/crates/onyx-core/src/config.rs
@@ -82,9 +82,9 @@ impl AppConfig {
     }
 
     pub fn get_config_path() -> PathBuf {
-        let config_dir = directories::ProjectDirs::from("", "", "onyx")
-            .expect("Failed to determine config directory");
-        config_dir.config_dir().join("config.json")
+        directories::ProjectDirs::from("", "", "onyx")
+            .map(|dirs| dirs.config_dir().join("config.json"))
+            .unwrap_or_else(|| PathBuf::from("onyx-config.json"))
     }
 }
 

From 056cd8ee49bad285e9d272be722de7f551ee2182 Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:23:28 -0700
Subject: [PATCH 03/11] fix: harden sync file validation and offline queue
 corruption handling

Restrict is_syncable() to validate path depth: .md files and .listdata.json
must be at depth 2 (inside list dirs), .metadata.json only at depth 1 (root).
Prevents syncing arbitrary files at unexpected depths. Back up corrupted
sync queue files before resetting, and log warnings on parse failures
instead of silently dropping queued operations.
---
 crates/onyx-core/src/sync.rs | 46 +++++++++++++++++++++++++++++-------
 1 file changed, 37 insertions(+), 9 deletions(-)

diff --git a/crates/onyx-core/src/sync.rs b/crates/onyx-core/src/sync.rs
index 1ccbf38..167854c 100644
--- a/crates/onyx-core/src/sync.rs
+++ b/crates/onyx-core/src/sync.rs
@@ -258,8 +258,19 @@ impl OfflineQueue {
             return Self::default();
         }
         match std::fs::read_to_string(&queue_path) {
-            Ok(content) => serde_json::from_str(&content).unwrap_or_default(),
-            Err(_) => Self::default(),
+            Ok(content) => match serde_json::from_str(&content) {
+                Ok(queue) => queue,
+                Err(e) => {
+                    eprintln!("Warning: corrupt sync queue, backing up and resetting: {}", e);
+                    let backup = workspace_path.join(".syncqueue.json.bak");
+                    let _ = std::fs::copy(&queue_path, &backup);
+                    Self::default()
+                }
+            },
+            Err(e) => {
+                eprintln!("Warning: failed to read sync queue: {}", e);
+                Self::default()
+            }
         }
     }
 
@@ -338,12 +349,23 @@ pub fn compute_checksum(data: &[u8]) -> String {
     format!("{:x}", hasher.finalize())
 }
 
-/// Check if a filename is a syncable file (*.md, .listdata.json, .metadata.json).
+/// Check if a file is syncable: *.md files and metadata files at expected depths.
 fn is_syncable(path: &str) -> bool {
-    let filename = path.rsplit('/').next().unwrap_or(path);
-    filename.ends_with(".md")
-        || filename == ".listdata.json"
-        || filename == ".metadata.json"
+    let parts: Vec<&str> = path.split('/').collect();
+    let filename = parts.last().copied().unwrap_or(path);
+    // .metadata.json only at workspace root (depth 1)
+    if filename == ".metadata.json" {
+        return parts.len() == 1;
+    }
+    // .listdata.json only inside a list directory (depth 2)
+    if filename == ".listdata.json" {
+        return parts.len() == 2;
+    }
+    // .md files inside a list directory (depth 2)
+    if filename.ends_with(".md") {
+        return parts.len() == 2;
+    }
+    false
 }
 
 /// Scan local workspace files and compute checksums.
@@ -1009,14 +1031,20 @@ mod tests {
 
     #[test]
     fn test_is_syncable() {
-        assert!(is_syncable("file.md"));
+        // .md files must be inside a list dir (depth 2)
         assert!(is_syncable("My Tasks/Buy groceries.md"));
-        assert!(is_syncable(".listdata.json"));
+        assert!(!is_syncable("file.md")); // root-level md not valid
+        // .listdata.json inside a list dir (depth 2)
         assert!(is_syncable("My Tasks/.listdata.json"));
+        assert!(!is_syncable(".listdata.json")); // root-level not valid
+        // .metadata.json only at root (depth 1)
         assert!(is_syncable(".metadata.json"));
+        assert!(!is_syncable("My Tasks/.metadata.json")); // nested not valid
+        // Non-syncable
         assert!(!is_syncable(".syncstate.json"));
         assert!(!is_syncable("random.txt"));
         assert!(!is_syncable("image.png"));
+        assert!(!is_syncable("a/b/c/deep.md")); // too deep
     }
 
     #[test]

From 54836f14e76061b1b4c6cab74bc349c11186ef09 Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:23:38 -0700
Subject: [PATCH 04/11] fix: improve frontend accessibility, consistency, and
 resource cleanup

Fix nested interactive elements in TaskItem (button inside button) by
restructuring as div + button with aria-label. Replace native confirm()
with ConfirmDialog for workspace removal. Store fs-changed event unlisten
function for cleanup. Log file watcher errors instead of swallowing them.
Fix var usage to const. Add Firefox scrollbar-width support.
---
 apps/tauri/src/app.css                          |  7 +++++++
 .../src/lib/components/TaskDetailView.svelte    |  2 +-
 apps/tauri/src/lib/components/TaskItem.svelte   | 13 +++++++------
 apps/tauri/src/lib/screens/TasksScreen.svelte   | 17 +++++++++++++++--
 apps/tauri/src/lib/stores/app.svelte.ts         |  8 ++++++--
 5 files changed, 36 insertions(+), 11 deletions(-)

diff --git a/apps/tauri/src/app.css b/apps/tauri/src/app.css
index 3871f70..ec6380a 100644
--- a/apps/tauri/src/app.css
+++ b/apps/tauri/src/app.css
@@ -45,6 +45,13 @@ body {
 }
 
 /* Scrollbar styling */
+* {
+  scrollbar-width: thin;
+  scrollbar-color: #d1d5db transparent;
+}
+.dark * {
+  scrollbar-color: #4b5563 transparent;
+}
 ::-webkit-scrollbar {
   width: 4px;
 }
diff --git a/apps/tauri/src/lib/components/TaskDetailView.svelte b/apps/tauri/src/lib/components/TaskDetailView.svelte
index 824b9ab..8392600 100644
--- a/apps/tauri/src/lib/components/TaskDetailView.svelte
+++ b/apps/tauri/src/lib/components/TaskDetailView.svelte
@@ -34,7 +34,7 @@
 
   function debouncedSave(fields: Partial<Task>) {
     clearTimeout(saveTimer);
-    var snapshot = { ...task };
+    const snapshot = { ...task };
     saveTimer = setTimeout(() => {
       app.updateTask({ ...snapshot, ...fields, updated_at: new Date().toISOString() });
     }, 400);
diff --git a/apps/tauri/src/lib/components/TaskItem.svelte b/apps/tauri/src/lib/components/TaskItem.svelte
index 520a2c7..bf922a7 100644
--- a/apps/tauri/src/lib/components/TaskItem.svelte
+++ b/apps/tauri/src/lib/components/TaskItem.svelte
@@ -106,15 +106,16 @@
   {/if}
 
   <!-- Task content -->
-  <button
-    class="group flex w-full items-start gap-3 bg-surface-light py-3 pr-4 text-left hover:bg-black/5 dark:bg-surface-dark dark:hover:bg-white/5"
+  <!-- svelte-ignore a11y_no_static_element_interactions -->
+  <div
+    class="group flex w-full cursor-pointer items-start gap-3 bg-surface-light py-3 pr-4 text-left hover:bg-black/5 dark:bg-surface-dark dark:hover:bg-white/5"
     style="padding-left: {1 + depth * 1.5}rem; transform: translateX({swipeX}px); transition: {swiping ? 'none' : 'transform 0.2s ease-out'}"
     onclick={() => onopen?.(task)}
   >
     <!-- Checkbox -->
-    <!-- svelte-ignore a11y_no_static_element_interactions -->
-    <div
+    <button
       onclick={handleToggle}
+      aria-label={isCompleted ? "Restore task" : "Complete task"}
       class="-m-2 flex shrink-0 items-center justify-center p-2"
     >
       <div
@@ -131,7 +132,7 @@
         </svg>
       {/if}
       </div>
-    </div>
+    </button>
 
     <!-- Content -->
     <div class="min-w-0 flex-1">
@@ -160,7 +161,7 @@
     <svg class="mt-1 h-4 w-4 shrink-0 opacity-0 transition-opacity group-hover:opacity-30" viewBox="0 0 20 20" fill="currentColor">
       <path fill-rule="evenodd" d="M7.21 14.77a.75.75 0 01.02-1.06L11.168 10 7.23 6.29a.75.75 0 111.04-1.08l4.5 4.25a.75.75 0 010 1.08l-4.5 4.25a.75.75 0 01-1.06-.02z" />
     </svg>
-  </button>
+  </div>
 </div>
 </div>
 </div>
diff --git a/apps/tauri/src/lib/screens/TasksScreen.svelte b/apps/tauri/src/lib/screens/TasksScreen.svelte
index 3e09e5d..6ed0665 100644
--- a/apps/tauri/src/lib/screens/TasksScreen.svelte
+++ b/apps/tauri/src/lib/screens/TasksScreen.svelte
@@ -44,7 +44,7 @@
       showWorkspacePicker = false;
     if (showListMenu && listMenuEl && !listMenuEl.contains(e.target as Node))
       showListMenu = false;
-    var target = e.target as HTMLElement;
+    const target = e.target as HTMLElement;
     if (wsMenuName && !target.closest("[data-ws-menu]")) wsMenuName = null;
   }
 
@@ -58,6 +58,7 @@
   let listMenuEl = $state<HTMLDivElement | null>(null);
   let confirmDeleteList = $state(false);
   let confirmDeleteCompleted = $state(false);
+  let confirmRemoveWorkspace = $state<string | null>(null);
   let dragId = $state<string | null>(null);
   let dragOverId = $state<string | null>(null);
   let resizing = $state(false);
@@ -270,7 +271,7 @@
                   {#if wsMenuName === name}
                     <div class="absolute right-0 top-full z-40 mt-1 min-w-[140px] rounded-lg border border-border-light bg-surface-light py-1 shadow-lg dark:border-border-dark dark:bg-surface-dark">
                       <button
-                        onclick={() => { wsMenuName = null; if (confirm(`Remove workspace "${name}"? (Files remain on disk)`)) app.removeWorkspace(name); }}
+                        onclick={() => { wsMenuName = null; confirmRemoveWorkspace = name; }}
                         class="flex w-full items-center gap-2 px-3 py-2 text-left text-sm text-danger hover:bg-black/5 dark:hover:bg-white/10"
                       >
                         <svg class="h-4 w-4" viewBox="0 0 20 20" fill="currentColor">
@@ -651,6 +652,18 @@
   />
 {/if}
 
+<!-- Remove workspace confirmation -->
+{#if confirmRemoveWorkspace}
+  <ConfirmDialog
+    message='Remove workspace "{confirmRemoveWorkspace}"?'
+    detail="Files remain on disk."
+    confirmText="Remove"
+    danger
+    onconfirm={() => { const name = confirmRemoveWorkspace; confirmRemoveWorkspace = null; if (name) app.removeWorkspace(name); }}
+    oncancel={() => (confirmRemoveWorkspace = null)}
+  />
+{/if}
+
 <!-- Delete completed tasks confirmation -->
 {#if confirmDeleteCompleted}
   <ConfirmDialog
diff --git a/apps/tauri/src/lib/stores/app.svelte.ts b/apps/tauri/src/lib/stores/app.svelte.ts
index 9b35858..f6dd48a 100644
--- a/apps/tauri/src/lib/stores/app.svelte.ts
+++ b/apps/tauri/src/lib/stores/app.svelte.ts
@@ -8,9 +8,13 @@ import type {
   SyncResult,
 } from "../types";
 
-// Listen for file system changes from the backend watcher
+// Listen for file system changes from the backend watcher.
+// Store the unlisten function so it can be cleaned up if needed.
+let _unlistenFs: (() => void) | null = null;
 listen("fs-changed", () => {
   loadLists();
+}).then((unlisten) => {
+  _unlistenFs = unlisten;
 });
 
 // ── Reactive state ───────────────────────────────────────────────────
@@ -79,7 +83,7 @@ async function addWorkspace(name: string, path: string) {
     await invoke("add_workspace", { name, path });
     config = await invoke<AppConfig>("get_config");
     await loadLists();
-    invoke("watch_workspace", { path }).catch(() => {});
+    invoke("watch_workspace", { path }).catch((e) => console.warn("File watcher failed:", e));
     screen = "tasks";
     error = null;
   } catch (e) {

From 0b2abe1b5500bb12b4bcd088b3a3737ffabcb15e Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:24:14 -0700
Subject: [PATCH 05/11] chore: remove orphaned bevy-tasks-cli crate

This crate references a non-existent bevy-tasks-core dependency and is
an artifact from the project's predecessor. It is not in the workspace
members list and cannot compile.
---
 crates/bevy-tasks-cli/Cargo.toml              |  22 --
 crates/bevy-tasks-cli/src/commands/group.rs   |  39 ---
 crates/bevy-tasks-cli/src/commands/init.rs    |  43 ---
 crates/bevy-tasks-cli/src/commands/list.rs    |  91 ------
 crates/bevy-tasks-cli/src/commands/mod.rs     |  43 ---
 crates/bevy-tasks-cli/src/commands/sync.rs    | 229 ---------------
 crates/bevy-tasks-cli/src/commands/task.rs    | 222 --------------
 .../bevy-tasks-cli/src/commands/workspace.rs  | 209 -------------
 crates/bevy-tasks-cli/src/main.rs             | 277 ------------------
 crates/bevy-tasks-cli/src/output.rs           |  33 ---
 10 files changed, 1208 deletions(-)
 delete mode 100644 crates/bevy-tasks-cli/Cargo.toml
 delete mode 100644 crates/bevy-tasks-cli/src/commands/group.rs
 delete mode 100644 crates/bevy-tasks-cli/src/commands/init.rs
 delete mode 100644 crates/bevy-tasks-cli/src/commands/list.rs
 delete mode 100644 crates/bevy-tasks-cli/src/commands/mod.rs
 delete mode 100644 crates/bevy-tasks-cli/src/commands/sync.rs
 delete mode 100644 crates/bevy-tasks-cli/src/commands/task.rs
 delete mode 100644 crates/bevy-tasks-cli/src/commands/workspace.rs
 delete mode 100644 crates/bevy-tasks-cli/src/main.rs
 delete mode 100644 crates/bevy-tasks-cli/src/output.rs

diff --git a/crates/bevy-tasks-cli/Cargo.toml b/crates/bevy-tasks-cli/Cargo.toml
deleted file mode 100644
index 3671f0a..0000000
--- a/crates/bevy-tasks-cli/Cargo.toml
+++ /dev/null
@@ -1,22 +0,0 @@
-[package]
-name = "bevy-tasks-cli"
-version = "0.1.0"
-edition = "2021"
-description = "CLI frontend for Bevy Tasks, a local-first task management app"
-license = "GPL-3.0-or-later"
-repository = "https://github.com/SteelDynamite/bevy-tasks"
-
-[[bin]]
-name = "bevy-tasks"
-path = "src/main.rs"
-
-[dependencies]
-bevy-tasks-core = { path = "../bevy-tasks-core" }
-clap = { version = "4.5", features = ["derive", "env"] }
-colored = "2.0"
-anyhow = { workspace = true }
-chrono = { workspace = true }
-uuid = { workspace = true }
-fs_extra = "1.3"
-tokio = { workspace = true }
-rpassword = "5.0"
diff --git a/crates/bevy-tasks-cli/src/commands/group.rs b/crates/bevy-tasks-cli/src/commands/group.rs
deleted file mode 100644
index 23cf69f..0000000
--- a/crates/bevy-tasks-cli/src/commands/group.rs
+++ /dev/null
@@ -1,39 +0,0 @@
-use anyhow::{Context, Result};
-use crate::output;
-use crate::commands::get_repository;
-
-pub fn enable(list_name: String, workspace: Option<String>) -> Result<()> {
-    let (mut repo, _workspace_name) = get_repository(workspace)?;
-
-    let lists = repo.get_lists()
-        .context("Failed to get lists")?;
-
-    let list = lists.iter()
-        .find(|l| l.title == list_name)
-        .ok_or_else(|| anyhow::anyhow!("List '{}' not found", list_name))?;
-
-    repo.set_group_by_due_date(list.id, true)
-        .context("Failed to enable grouping")?;
-
-    output::success(&format!("Enabled group-by-due-date for list \"{}\"", list_name));
-
-    Ok(())
-}
-
-pub fn disable(list_name: String, workspace: Option<String>) -> Result<()> {
-    let (mut repo, _workspace_name) = get_repository(workspace)?;
-
-    let lists = repo.get_lists()
-        .context("Failed to get lists")?;
-
-    let list = lists.iter()
-        .find(|l| l.title == list_name)
-        .ok_or_else(|| anyhow::anyhow!("List '{}' not found", list_name))?;
-
-    repo.set_group_by_due_date(list.id, false)
-        .context("Failed to disable grouping")?;
-
-    output::success(&format!("Disabled group-by-due-date for list \"{}\"", list_name));
-
-    Ok(())
-}
diff --git a/crates/bevy-tasks-cli/src/commands/init.rs b/crates/bevy-tasks-cli/src/commands/init.rs
deleted file mode 100644
index 743b7f7..0000000
--- a/crates/bevy-tasks-cli/src/commands/init.rs
+++ /dev/null
@@ -1,43 +0,0 @@
-use anyhow::{Context, Result};
-use bevy_tasks_core::{AppConfig, TaskRepository, WorkspaceConfig};
-use std::path::PathBuf;
-use crate::output;
-
-pub fn execute(path: String, name: String) -> Result<()> {
-    let path_buf = PathBuf::from(path);
-    let path_buf = if path_buf.is_relative() {
-        std::env::current_dir()?.join(path_buf)
-    } else {
-        path_buf
-    };
-
-    // Initialize the repository
-    let mut repo = TaskRepository::init(path_buf.clone())
-        .context("Failed to initialize tasks folder")?;
-
-    // Create default list if it doesn't exist
-    let lists = repo.get_lists().context("Failed to get lists")?;
-    if !lists.iter().any(|l| l.title == "My Tasks") {
-        repo.create_list("My Tasks".to_string())
-            .context("Failed to create default list")?;
-    }
-
-    // Load or create config
-    let config_path = AppConfig::get_config_path();
-    let mut config = AppConfig::load_from_file(&config_path)
-        .unwrap_or_else(|_| AppConfig::new());
-
-    // Add workspace
-    config.add_workspace(name.clone(), WorkspaceConfig::new(path_buf.clone()));
-    config.set_current_workspace(name.clone())?;
-
-    // Save config
-    config.save_to_file(&config_path)
-        .context("Failed to save config")?;
-
-    output::success(&format!("Initialized workspace \"{}\" at {}", name, path_buf.display()));
-    output::success("Created default list \"My Tasks\"");
-    output::success(&format!("Set \"{}\" as current workspace", name));
-
-    Ok(())
-}
diff --git a/crates/bevy-tasks-cli/src/commands/list.rs b/crates/bevy-tasks-cli/src/commands/list.rs
deleted file mode 100644
index 56fa32b..0000000
--- a/crates/bevy-tasks-cli/src/commands/list.rs
+++ /dev/null
@@ -1,91 +0,0 @@
-use anyhow::{Context, Result};
-use colored::*;
-use bevy_tasks_core::{Task, TaskStatus};
-use crate::output;
-use crate::commands::get_repository;
-
-fn print_tasks(tasks: &[Task]) {
-    if tasks.is_empty() {
-        output::item("No tasks");
-        return;
-    }
-    for task in tasks {
-        let checkbox = if task.status == TaskStatus::Completed { "[✓]".green() } else { "[ ]".normal() };
-        let due_str = task.due_date.map(|d| format!(" (due: {})", d.format("%Y-%m-%d")).yellow().to_string()).unwrap_or_default();
-        output::item(&format!("{} {}{} {}", checkbox, task.title, due_str, task.id.to_string().dimmed()));
-    }
-}
-
-pub fn create(name: String, workspace: Option<String>) -> Result<()> {
-    let (mut repo, _workspace_name) = get_repository(workspace)?;
-
-    repo.create_list(name.clone())
-        .context("Failed to create list")?;
-
-    output::success(&format!("Created list \"{}\"", name));
-
-    Ok(())
-}
-
-pub fn show(list_name: Option<String>, workspace: Option<String>) -> Result<()> {
-    let (repo, _workspace_name) = get_repository(workspace)?;
-
-    let lists = repo.get_lists()
-        .context("Failed to get lists")?;
-
-    if lists.is_empty() {
-        output::info("No lists found. Create one with 'bevy-tasks list create <name>'");
-        return Ok(());
-    }
-
-    // If a specific list is requested, show only that one
-    if let Some(name) = list_name {
-        let list = lists.iter()
-            .find(|l| l.title == name)
-            .ok_or_else(|| anyhow::anyhow!("List '{}' not found", name))?;
-
-        output::header(&format!("{} ({})", list.title, format!("{} tasks", list.tasks.len()).dimmed()));
-        print_tasks(&list.tasks);
-    } else {
-        // Show all lists
-        for list in &lists {
-            output::header(&format!("{} ({})", list.title, format!("{} tasks", list.tasks.len()).dimmed()));
-            print_tasks(&list.tasks);
-            output::blank();
-        }
-    }
-
-    Ok(())
-}
-
-pub fn delete(name: String, workspace: Option<String>) -> Result<()> {
-    let (mut repo, _workspace_name) = get_repository(workspace)?;
-
-    let lists = repo.get_lists()
-        .context("Failed to get lists")?;
-
-    let list = lists.iter()
-        .find(|l| l.title == name)
-        .ok_or_else(|| anyhow::anyhow!("List '{}' not found", name))?;
-
-    // Confirm
-    output::warning(&format!("This will delete list \"{}\" and all its tasks", name));
-    print!("Continue? (y/n): ");
-    use std::io::{self, Write};
-    io::stdout().flush()?;
-
-    let mut input = String::new();
-    io::stdin().read_line(&mut input)?;
-
-    if input.trim().to_lowercase() != "y" {
-        output::info("Cancelled");
-        return Ok(());
-    }
-
-    repo.delete_list(list.id)
-        .context("Failed to delete list")?;
-
-    output::success(&format!("Deleted list \"{}\"", name));
-
-    Ok(())
-}
diff --git a/crates/bevy-tasks-cli/src/commands/mod.rs b/crates/bevy-tasks-cli/src/commands/mod.rs
deleted file mode 100644
index fe9d468..0000000
--- a/crates/bevy-tasks-cli/src/commands/mod.rs
+++ /dev/null
@@ -1,43 +0,0 @@
-pub mod init;
-pub mod workspace;
-pub mod list;
-pub mod task;
-pub mod group;
-pub mod sync;
-
-use bevy_tasks_core::{AppConfig, TaskRepository};
-use anyhow::{Context, Result};
-use std::path::PathBuf;
-
-pub fn get_config_path() -> PathBuf {
-    AppConfig::get_config_path()
-}
-
-pub fn load_config() -> Result<AppConfig> {
-    let path = get_config_path();
-    AppConfig::load_from_file(&path).context("Failed to load config")
-}
-
-pub fn save_config(config: &AppConfig) -> Result<()> {
-    let path = get_config_path();
-    config.save_to_file(&path).context("Failed to save config")
-}
-
-pub fn get_repository(workspace_name: Option<String>) -> Result<(TaskRepository, String)> {
-    let config = load_config()?;
-
-    let (name, workspace_config) = if let Some(name) = workspace_name {
-        let workspace_config = config.get_workspace(&name)
-            .ok_or_else(|| anyhow::anyhow!("Workspace '{}' not found", name))?;
-        (name, workspace_config.clone())
-    } else {
-        let (name, workspace_config) = config.get_current_workspace()
-            .context("No workspace set. Use 'bevy-tasks init' to create one.")?;
-        (name.clone(), workspace_config.clone())
-    };
-
-    let repo = TaskRepository::new(workspace_config.path.clone())
-        .context(format!("Failed to open workspace '{}'", name))?;
-
-    Ok((repo, name))
-}
diff --git a/crates/bevy-tasks-cli/src/commands/sync.rs b/crates/bevy-tasks-cli/src/commands/sync.rs
deleted file mode 100644
index 6e00b3d..0000000
--- a/crates/bevy-tasks-cli/src/commands/sync.rs
+++ /dev/null
@@ -1,229 +0,0 @@
-use anyhow::{Context, Result};
-use colored::Colorize;
-use bevy_tasks_core::sync::{SyncMode, sync_workspace, get_sync_status};
-use bevy_tasks_core::webdav::{WebDavClient, store_credentials, load_credentials};
-use crate::output;
-use super::{load_config, save_config};
-
-/// Run sync setup: prompt for URL, username, password, test connection, store credentials.
-pub fn setup(workspace_name: Option<String>) -> Result<()> {
-    let mut config = load_config()?;
-
-    let (name, workspace) = if let Some(name) = workspace_name {
-        let ws = config.get_workspace(&name)
-            .ok_or_else(|| anyhow::anyhow!("Workspace '{}' not found", name))?
-            .clone();
-        (name, ws)
-    } else {
-        let (n, ws) = config.get_current_workspace()
-            .context("No workspace set. Use 'bevy-tasks init' to create one.")?;
-        (n.clone(), ws.clone())
-    };
-
-    // Prompt for WebDAV URL
-    output::header(&format!("WebDAV sync setup for workspace \"{}\"", name.green()));
-    output::blank();
-
-    let url = prompt("WebDAV URL: ")?;
-    if url.is_empty() {
-        output::error("URL cannot be empty");
-        return Ok(());
-    }
-
-    let username = prompt("Username: ")?;
-    let password = rpassword::read_password_from_tty(Some("Password: "))
-        .context("Failed to read password")?;
-
-    // Test connection
-    output::blank();
-    output::info("Testing connection...");
-
-    let rt = tokio::runtime::Runtime::new().context("Failed to create async runtime")?;
-    let client = WebDavClient::new(&url, &username, &password);
-
-    match rt.block_on(client.test_connection()) {
-        Ok(()) => {
-            output::success("Connection successful!");
-        }
-        Err(e) => {
-            output::error(&format!("Connection failed: {}", e));
-            return Ok(());
-        }
-    }
-
-    // Store credentials in keychain
-    let domain = extract_domain(&url);
-    match store_credentials(&domain, &username, &password) {
-        Ok(()) => output::info("Credentials stored in system keychain"),
-        Err(e) => {
-            output::warning(&format!(
-                "Could not store in keychain ({}). Set BEVY_TASKS_WEBDAV_USER and BEVY_TASKS_WEBDAV_PASS env vars instead.",
-                e
-            ));
-        }
-    }
-
-    // Update workspace config with WebDAV URL
-    let mut ws = workspace;
-    ws.webdav_url = Some(url);
-    config.add_workspace(name, ws);
-    save_config(&config)?;
-
-    output::success("Sync setup complete. Run 'bevy-tasks sync' to sync.");
-    Ok(())
-}
-
-/// Execute a sync operation.
-pub fn execute(mode: SyncMode, workspace_name: Option<String>) -> Result<()> {
-    let config = load_config()?;
-
-    let (name, workspace) = if let Some(name) = workspace_name {
-        let ws = config.get_workspace(&name)
-            .ok_or_else(|| anyhow::anyhow!("Workspace '{}' not found", name))?
-            .clone();
-        (name, ws)
-    } else {
-        let (n, ws) = config.get_current_workspace()
-            .context("No workspace set. Use 'bevy-tasks init' to create one.")?;
-        (n.clone(), ws.clone())
-    };
-
-    let url = workspace.webdav_url.as_ref()
-        .ok_or_else(|| anyhow::anyhow!(
-            "No WebDAV URL configured for workspace '{}'. Run 'bevy-tasks sync --setup' first.", name
-        ))?;
-
-    let domain = extract_domain(url);
-    let (username, password) = load_credentials(&domain)
-        .context("Failed to load credentials")?;
-
-    let mode_str = match mode {
-        SyncMode::Full => "Syncing",
-        SyncMode::Push => "Pushing",
-        SyncMode::Pull => "Pulling",
-    };
-    output::info(&format!("{} workspace \"{}\"...", mode_str, name.green()));
-
-    let rt = tokio::runtime::Runtime::new().context("Failed to create async runtime")?;
-    let result = rt.block_on(sync_workspace(
-        &workspace.path,
-        url,
-        &username,
-        &password,
-        mode,
-        Some(Box::new(|msg: &str| { println!("{}", msg); })),
-    )).context("Sync failed")?;
-
-    // Print summary
-    let mut parts = Vec::new();
-    if result.uploaded > 0 { parts.push(format!("{} uploaded", result.uploaded)); }
-    if result.downloaded > 0 { parts.push(format!("{} downloaded", result.downloaded)); }
-    if result.deleted_local > 0 { parts.push(format!("{} deleted locally", result.deleted_local)); }
-    if result.deleted_remote > 0 { parts.push(format!("{} deleted remotely", result.deleted_remote)); }
-    if result.conflicts > 0 { parts.push(format!("{} conflicts", result.conflicts)); }
-
-    if parts.is_empty() {
-        output::success("Already in sync, nothing to do.");
-    } else {
-        let summary = parts.join(", ");
-        if result.errors.is_empty() {
-            output::success(&format!("Sync complete: {}", summary));
-        } else {
-            output::warning(&format!("Sync complete with errors: {}", summary));
-            for err in &result.errors {
-                output::error(err);
-            }
-        }
-    }
-
-    Ok(())
-}
-
-/// Show sync status for a workspace.
-pub fn status(workspace_name: Option<String>, all: bool) -> Result<()> {
-    let config = load_config()?;
-
-    if all {
-        // Show status for all workspaces that have sync configured
-        let mut found_any = false;
-        let mut names: Vec<_> = config.workspaces.keys().cloned().collect();
-        names.sort();
-        for name in names {
-            let ws = config.get_workspace(&name).unwrap();
-            if ws.webdav_url.is_some() {
-                found_any = true;
-                print_workspace_status(&name, &ws.path, ws.webdav_url.as_deref())?;
-                output::blank();
-            }
-        }
-        if !found_any {
-            output::info("No workspaces have sync configured. Run 'bevy-tasks sync --setup' to set up.");
-        }
-        return Ok(());
-    }
-
-    let (name, workspace) = if let Some(name) = workspace_name {
-        let ws = config.get_workspace(&name)
-            .ok_or_else(|| anyhow::anyhow!("Workspace '{}' not found", name))?
-            .clone();
-        (name, ws)
-    } else {
-        let (n, ws) = config.get_current_workspace()
-            .context("No workspace set.")?;
-        (n.clone(), ws.clone())
-    };
-
-    print_workspace_status(&name, &workspace.path, workspace.webdav_url.as_deref())?;
-    Ok(())
-}
-
-fn print_workspace_status(name: &str, path: &std::path::Path, webdav_url: Option<&str>) -> Result<()> {
-    output::header(&format!("Workspace: {}", name.green()));
-
-    if let Some(url) = webdav_url {
-        output::detail("WebDAV URL", url);
-    } else {
-        output::detail("WebDAV", &"not configured".dimmed().to_string());
-        return Ok(());
-    }
-
-    let info = get_sync_status(path)?;
-
-    if let Some(last) = info.last_sync {
-        output::detail("Last sync", &last.format("%Y-%m-%d %H:%M:%S UTC").to_string());
-    } else {
-        output::detail("Last sync", &"never".dimmed().to_string());
-    }
-
-    output::detail("Tracked files", &info.tracked_files.to_string());
-    output::detail("Pending changes", &info.pending_changes.to_string());
-    if info.queued_operations > 0 {
-        output::detail("Queued operations", &format!("{}", info.queued_operations).yellow().to_string());
-    }
-
-    Ok(())
-}
-
-/// Extract domain from a URL for credential storage.
-fn extract_domain(url: &str) -> String {
-    url.split("://")
-        .nth(1)
-        .unwrap_or(url)
-        .split('/')
-        .next()
-        .unwrap_or(url)
-        .split(':')
-        .next()
-        .unwrap_or(url)
-        .to_string()
-}
-
-/// Prompt the user for text input.
-fn prompt(message: &str) -> Result<String> {
-    use std::io::Write;
-    print!("{}", message);
-    std::io::stdout().flush()?;
-    let mut input = String::new();
-    std::io::stdin().read_line(&mut input)?;
-    Ok(input.trim().to_string())
-}
diff --git a/crates/bevy-tasks-cli/src/commands/task.rs b/crates/bevy-tasks-cli/src/commands/task.rs
deleted file mode 100644
index 33a4593..0000000
--- a/crates/bevy-tasks-cli/src/commands/task.rs
+++ /dev/null
@@ -1,222 +0,0 @@
-use anyhow::{Context, Result};
-use bevy_tasks_core::Task;
-use chrono::{DateTime, Utc};
-use uuid::Uuid;
-use crate::output;
-use crate::commands::get_repository;
-
-pub fn add(title: String, list_name: Option<String>, due_str: Option<String>, workspace: Option<String>) -> Result<()> {
-    let (mut repo, _workspace_name) = get_repository(workspace)?;
-
-    // Get lists
-    let lists = repo.get_lists()
-        .context("Failed to get lists")?;
-
-    if lists.is_empty() {
-        anyhow::bail!("No lists found. Create one with 'bevy-tasks list create <name>'");
-    }
-
-    // Find the target list
-    let list = if let Some(name) = list_name {
-        lists.iter()
-            .find(|l| l.title == name)
-            .ok_or_else(|| anyhow::anyhow!("List '{}' not found", name))?
-    } else {
-        // Use the first list
-        &lists[0]
-    };
-
-    // Create task
-    let mut task = Task::new(title.clone());
-
-    // Parse due date if provided
-    if let Some(due_str) = due_str {
-        let due_date = parse_due_date(&due_str)?;
-        task.due_date = Some(due_date);
-    }
-
-    // Save task
-    repo.create_task(list.id, task.clone())
-        .context("Failed to create task")?;
-
-    let due_info = if let Some(due) = task.due_date {
-        format!("\n  Due: {}", due.format("%Y-%m-%d"))
-    } else {
-        String::new()
-    };
-
-    output::success(&format!("Created task \"{}\" ({}){}", title, task.id, due_info));
-
-    Ok(())
-}
-
-pub fn complete(task_id_str: String, workspace: Option<String>) -> Result<()> {
-    let (mut repo, _workspace_name) = get_repository(workspace)?;
-
-    let task_id = Uuid::parse_str(&task_id_str)
-        .context("Invalid task ID")?;
-
-    // Find the task across all lists
-    let lists = repo.get_lists()?;
-    let mut found = false;
-
-    for list in lists {
-        if let Some(mut task) = list.tasks.iter().find(|t| t.id == task_id).cloned() {
-            task.complete();
-            repo.update_task(list.id, task.clone())
-                .context("Failed to update task")?;
-
-            output::success(&format!("Completed task \"{}\"", task.title));
-            found = true;
-            break;
-        }
-    }
-
-    if !found {
-        anyhow::bail!("Task not found: {}", task_id_str);
-    }
-
-    Ok(())
-}
-
-pub fn delete(task_id_str: String, workspace: Option<String>) -> Result<()> {
-    let (mut repo, _workspace_name) = get_repository(workspace)?;
-
-    let task_id = Uuid::parse_str(&task_id_str)
-        .context("Invalid task ID")?;
-
-    // Find the task across all lists
-    let lists = repo.get_lists()?;
-    let mut found = false;
-
-    for list in lists {
-        if let Some(task) = list.tasks.iter().find(|t| t.id == task_id) {
-            let title = task.title.clone();
-
-            output::warning(&format!("This will delete task \"{}\"", title));
-            print!("Continue? (y/n): ");
-            use std::io::{self, Write};
-            io::stdout().flush()?;
-            let mut input = String::new();
-            io::stdin().read_line(&mut input)?;
-            if input.trim().to_lowercase() != "y" {
-                output::info("Cancelled");
-                return Ok(());
-            }
-
-            repo.delete_task(list.id, task_id)
-                .context("Failed to delete task")?;
-
-            output::success(&format!("Deleted task \"{}\"", title));
-            found = true;
-            break;
-        }
-    }
-
-    if !found {
-        anyhow::bail!("Task not found: {}", task_id_str);
-    }
-
-    Ok(())
-}
-
-pub fn edit(task_id_str: String, workspace: Option<String>) -> Result<()> {
-    let (mut repo, _workspace_name) = get_repository(workspace)?;
-
-    let task_id = Uuid::parse_str(&task_id_str)
-        .context("Invalid task ID")?;
-
-    // Find the task across all lists
-    let lists = repo.get_lists()?;
-    let mut task_list_id = None;
-    let mut task_to_edit = None;
-
-    for list in lists {
-        if let Some(task) = list.tasks.iter().find(|t| t.id == task_id).cloned() {
-            task_list_id = Some(list.id);
-            task_to_edit = Some(task);
-            break;
-        }
-    }
-
-    let (list_id, task) = match (task_list_id, task_to_edit) {
-        (Some(lid), Some(t)) => (lid, t),
-        _ => anyhow::bail!("Task not found: {}", task_id_str),
-    };
-
-    // Create temporary file with task content
-    let temp_dir = std::env::temp_dir();
-    let temp_file = temp_dir.join(format!("bevy-tasks-{}.md", task.id));
-
-    // Write current task content to temp file
-    let content = format!("# {}\n\n{}", task.title, task.description);
-    std::fs::write(&temp_file, content)?;
-
-    // Get editor from environment
-    let editor = std::env::var("EDITOR").unwrap_or_else(|_| {
-        if cfg!(windows) {
-            "notepad".to_string()
-        } else {
-            "nano".to_string()
-        }
-    });
-
-    // Open editor
-    let status = std::process::Command::new(&editor)
-        .arg(&temp_file)
-        .status()
-        .context(format!("Failed to open editor: {}", editor))?;
-
-    if !status.success() {
-        anyhow::bail!("Editor exited with non-zero status");
-    }
-
-    // Read updated content
-    let updated_content = std::fs::read_to_string(&temp_file)?;
-
-    // Parse the content
-    let lines: Vec<&str> = updated_content.lines().collect();
-    let (title, description) = if !lines.is_empty() && lines[0].starts_with("# ") {
-        let title = lines[0].trim_start_matches("# ").trim().to_string();
-        let description = if lines.len() > 2 {
-            lines[2..].join("\n").trim().to_string()
-        } else {
-            String::new()
-        };
-        (title, description)
-    } else {
-        (task.title.clone(), updated_content.trim().to_string())
-    };
-
-    // Update task
-    let mut updated_task = task.clone();
-    updated_task.title = title;
-    updated_task.description = description;
-    updated_task.updated_at = Utc::now();
-
-    repo.update_task(list_id, updated_task.clone())
-        .context("Failed to update task")?;
-
-    // Clean up temp file
-    std::fs::remove_file(&temp_file).ok();
-
-    output::success(&format!("Updated task \"{}\"", updated_task.title));
-
-    Ok(())
-}
-
-fn parse_due_date(s: &str) -> Result<DateTime<Utc>> {
-    // Try parsing as date only (YYYY-MM-DD)
-    if let Ok(naive_date) = chrono::NaiveDate::parse_from_str(s, "%Y-%m-%d") {
-        let naive_datetime = naive_date.and_hms_opt(0, 0, 0)
-            .ok_or_else(|| anyhow::anyhow!("Invalid date"))?;
-        return Ok(DateTime::from_naive_utc_and_offset(naive_datetime, Utc));
-    }
-
-    // Try parsing as full datetime (ISO 8601)
-    if let Ok(dt) = DateTime::parse_from_rfc3339(s) {
-        return Ok(dt.with_timezone(&Utc));
-    }
-
-    anyhow::bail!("Invalid date format. Use YYYY-MM-DD or ISO 8601 format (YYYY-MM-DDTHH:MM:SS)")
-}
diff --git a/crates/bevy-tasks-cli/src/commands/workspace.rs b/crates/bevy-tasks-cli/src/commands/workspace.rs
deleted file mode 100644
index b616472..0000000
--- a/crates/bevy-tasks-cli/src/commands/workspace.rs
+++ /dev/null
@@ -1,209 +0,0 @@
-use anyhow::{Context, Result};
-use bevy_tasks_core::{TaskRepository, WorkspaceConfig};
-use std::path::PathBuf;
-use colored::*;
-use crate::output;
-use crate::commands::{load_config, save_config};
-
-pub fn add(name: String, path: String) -> Result<()> {
-    let path_buf = PathBuf::from(path);
-    let path_buf = if path_buf.is_relative() {
-        std::env::current_dir()?.join(path_buf)
-    } else {
-        path_buf
-    };
-
-    // Initialize the repository
-    let mut repo = TaskRepository::init(path_buf.clone())
-        .context("Failed to initialize tasks folder")?;
-
-    // Create default list if it doesn't exist
-    let lists = repo.get_lists().context("Failed to get lists")?;
-    if !lists.iter().any(|l| l.title == "My Tasks") {
-        repo.create_list("My Tasks".to_string())
-            .context("Failed to create default list")?;
-    }
-
-    // Load config
-    let mut config = load_config()?;
-
-    // Check if workspace already exists
-    if config.get_workspace(&name).is_some() {
-        anyhow::bail!("Workspace '{}' already exists", name);
-    }
-
-    // Add workspace
-    config.add_workspace(name.clone(), WorkspaceConfig::new(path_buf.clone()));
-
-    // Save config
-    save_config(&config)?;
-
-    output::success(&format!("Added workspace \"{}\" at {}", name, path_buf.display()));
-    output::success("Created default list \"My Tasks\"");
-
-    Ok(())
-}
-
-pub fn list() -> Result<()> {
-    let config = load_config()?;
-
-    if config.workspaces.is_empty() {
-        output::info("No workspaces configured. Use 'bevy-tasks init' to create one.");
-        return Ok(());
-    }
-
-    let current = config.current_workspace.as_deref();
-
-    let mut workspaces: Vec<_> = config.workspaces.iter().collect();
-    workspaces.sort_by(|a, b| a.0.cmp(b.0));
-
-    for (name, workspace_config) in workspaces {
-        let marker = if Some(name.as_str()) == current {
-            " (current)".green()
-        } else {
-            "".normal()
-        };
-        output::item(&format!("{}: {}{}", name, workspace_config.path.display(), marker));
-    }
-
-    Ok(())
-}
-
-pub fn switch(name: String) -> Result<()> {
-    let mut config = load_config()?;
-
-    // Verify workspace exists
-    if config.get_workspace(&name).is_none() {
-        anyhow::bail!("Workspace '{}' not found", name);
-    }
-
-    config.set_current_workspace(name.clone())?;
-    save_config(&config)?;
-
-    output::success(&format!("Switched to workspace \"{}\"", name));
-
-    Ok(())
-}
-
-pub fn remove(name: String) -> Result<()> {
-    let mut config = load_config()?;
-
-    // Verify workspace exists
-    if config.get_workspace(&name).is_none() {
-        anyhow::bail!("Workspace '{}' not found", name);
-    }
-
-    // Confirm
-    output::warning("This will delete workspace config (files remain on disk)");
-    print!("Continue? (y/n): ");
-    use std::io::{self, Write};
-    io::stdout().flush()?;
-
-    let mut input = String::new();
-    io::stdin().read_line(&mut input)?;
-
-    if input.trim().to_lowercase() != "y" {
-        output::info("Cancelled");
-        return Ok(());
-    }
-
-    config.remove_workspace(&name);
-    save_config(&config)?;
-
-    output::success(&format!("Removed workspace \"{}\"", name));
-
-    Ok(())
-}
-
-pub fn retarget(name: String, path: String) -> Result<()> {
-    let path_buf = PathBuf::from(path);
-    let path_buf = if path_buf.is_relative() {
-        std::env::current_dir()?.join(path_buf)
-    } else {
-        path_buf
-    };
-
-    let mut config = load_config()?;
-
-    // Verify workspace exists
-    if config.get_workspace(&name).is_none() {
-        anyhow::bail!("Workspace '{}' not found", name);
-    }
-
-    // Update path
-    config.add_workspace(name.clone(), WorkspaceConfig::new(path_buf.clone()));
-    save_config(&config)?;
-
-    output::success(&format!("Workspace \"{}\" now points to {}", name, path_buf.display()));
-
-    Ok(())
-}
-
-pub fn migrate(name: String, new_path: String) -> Result<()> {
-    let new_path_buf = PathBuf::from(new_path);
-    let new_path_buf = if new_path_buf.is_relative() {
-        std::env::current_dir()?.join(new_path_buf)
-    } else {
-        new_path_buf
-    };
-
-    let mut config = load_config()?;
-
-    // Get current workspace config
-    let old_path = config.get_workspace(&name)
-        .ok_or_else(|| anyhow::anyhow!("Workspace '{}' not found", name))?
-        .path.clone();
-
-    // Confirm
-    output::warning(&format!("This will move all files from {} to {}", old_path.display(), new_path_buf.display()));
-    print!("Continue? (y/n): ");
-    use std::io::{self, Write};
-    io::stdout().flush()?;
-
-    let mut input = String::new();
-    io::stdin().read_line(&mut input)?;
-
-    if input.trim().to_lowercase() != "y" {
-        output::info("Cancelled");
-        return Ok(());
-    }
-
-    // Create destination directory
-    std::fs::create_dir_all(&new_path_buf)?;
-
-    // Move files
-    output::info("Moving files...");
-    let entries = std::fs::read_dir(&old_path)?;
-    let mut count = 0;
-
-    for entry in entries {
-        let entry = entry?;
-        let file_name = entry.file_name();
-        let dest = new_path_buf.join(&file_name);
-
-        if entry.path().is_dir() {
-            let mut options = fs_extra::dir::CopyOptions::new();
-            options.copy_inside = true;
-            fs_extra::dir::move_dir(entry.path(), &new_path_buf, &options)?;
-            output::item(&format!("Moved {}/", file_name.to_string_lossy()));
-        } else {
-            std::fs::rename(entry.path(), dest)?;
-            output::item(&format!("Moved {}", file_name.to_string_lossy()));
-        }
-        count += 1;
-    }
-
-    // Remove old directory if empty
-    if old_path.read_dir()?.next().is_none() {
-        std::fs::remove_dir(&old_path)?;
-    }
-
-    // Update config
-    config.add_workspace(name.clone(), WorkspaceConfig::new(new_path_buf.clone()));
-    save_config(&config)?;
-
-    output::success(&format!("Migrated {} items to {}", count, new_path_buf.display()));
-    output::success(&format!("Workspace \"{}\" now points to {}", name, new_path_buf.display()));
-
-    Ok(())
-}
diff --git a/crates/bevy-tasks-cli/src/main.rs b/crates/bevy-tasks-cli/src/main.rs
deleted file mode 100644
index 6c0268e..0000000
--- a/crates/bevy-tasks-cli/src/main.rs
+++ /dev/null
@@ -1,277 +0,0 @@
-mod commands;
-mod output;
-
-use anyhow::Result;
-use clap::{Parser, Subcommand};
-use commands::*;
-
-#[derive(Parser)]
-#[command(name = "bevy-tasks")]
-#[command(about = "A local-first, cross-platform tasks application", long_about = None)]
-struct Cli {
-    #[command(subcommand)]
-    command: Commands,
-}
-
-#[derive(Subcommand)]
-enum Commands {
-    /// Initialize a new workspace
-    Init {
-        /// Path to store tasks
-        path: String,
-        /// Name of the workspace
-        #[arg(short, long)]
-        name: String,
-    },
-
-    /// Manage workspaces
-    #[command(subcommand)]
-    Workspace(WorkspaceCommands),
-
-    /// Manage task lists
-    #[command(subcommand)]
-    List(ListCommands),
-
-    /// Add a new task
-    Add {
-        /// Task title
-        title: String,
-        /// List to add task to
-        #[arg(short, long)]
-        list: Option<String>,
-        /// Due date (ISO 8601 format: YYYY-MM-DD or YYYY-MM-DDTHH:MM:SS)
-        #[arg(short, long)]
-        due: Option<String>,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-
-    /// Mark a task as complete
-    Complete {
-        /// Task ID
-        task_id: String,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-
-    /// Delete a task
-    Delete {
-        /// Task ID
-        task_id: String,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-
-    /// Edit a task
-    Edit {
-        /// Task ID
-        task_id: String,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-
-    /// Toggle group-by-due-date for a list
-    #[command(subcommand)]
-    Group(GroupCommands),
-
-    /// Sync workspace with WebDAV server
-    Sync {
-        /// Run initial setup (URL, credentials)
-        #[arg(long)]
-        setup: bool,
-        /// Push-only sync (upload local changes)
-        #[arg(long, conflicts_with_all = ["pull", "setup", "status"])]
-        push: bool,
-        /// Pull-only sync (download remote changes)
-        #[arg(long, conflicts_with_all = ["push", "setup", "status"])]
-        pull: bool,
-        /// Show sync status
-        #[arg(long, conflicts_with_all = ["push", "pull", "setup"])]
-        status: bool,
-        /// Show status for all workspaces (with --status)
-        #[arg(long, requires = "status")]
-        all: bool,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-}
-
-#[derive(Subcommand)]
-enum WorkspaceCommands {
-    /// Add a new workspace
-    Add {
-        /// Name of the workspace
-        name: String,
-        /// Path to store tasks
-        path: String,
-    },
-
-    /// List all workspaces
-    List,
-
-    /// Switch to a different workspace
-    Switch {
-        /// Name of the workspace
-        name: String,
-    },
-
-    /// Remove a workspace
-    Remove {
-        /// Name of the workspace
-        name: String,
-    },
-
-    /// Update workspace path without moving files
-    Retarget {
-        /// Name of the workspace
-        name: String,
-        /// New path
-        path: String,
-    },
-
-    /// Move workspace files to a new location
-    Migrate {
-        /// Name of the workspace
-        name: String,
-        /// New path
-        path: String,
-    },
-}
-
-#[derive(Subcommand)]
-enum ListCommands {
-    /// Create a new task list
-    Create {
-        /// Name of the list
-        name: String,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-
-    /// Show all tasks (or tasks in a specific list)
-    Show {
-        /// Name of the list to show
-        #[arg(short, long)]
-        list: Option<String>,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-
-    /// Delete a task list
-    Delete {
-        /// Name of the list to delete
-        name: String,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-}
-
-#[derive(Subcommand)]
-enum GroupCommands {
-    /// Enable group-by-due-date for a list
-    Enable {
-        /// Name of the list
-        #[arg(short, long)]
-        list: String,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-
-    /// Disable group-by-due-date for a list
-    Disable {
-        /// Name of the list
-        #[arg(short, long)]
-        list: String,
-        /// Workspace to use
-        #[arg(short, long)]
-        workspace: Option<String>,
-    },
-}
-
-fn main() -> Result<()> {
-    let cli = Cli::parse();
-
-    match cli.command {
-        Commands::Init { path, name } => {
-            init::execute(path, name)?;
-        }
-        Commands::Workspace(cmd) => match cmd {
-            WorkspaceCommands::Add { name, path } => {
-                workspace::add(name, path)?;
-            }
-            WorkspaceCommands::List => {
-                workspace::list()?;
-            }
-            WorkspaceCommands::Switch { name } => {
-                workspace::switch(name)?;
-            }
-            WorkspaceCommands::Remove { name } => {
-                workspace::remove(name)?;
-            }
-            WorkspaceCommands::Retarget { name, path } => {
-                workspace::retarget(name, path)?;
-            }
-            WorkspaceCommands::Migrate { name, path } => {
-                workspace::migrate(name, path)?;
-            }
-        },
-        Commands::List(cmd) => match cmd {
-            ListCommands::Create { name, workspace } => {
-                list::create(name, workspace)?;
-            }
-            ListCommands::Show { list, workspace } => {
-                list::show(list, workspace)?;
-            }
-            ListCommands::Delete { name, workspace } => {
-                list::delete(name, workspace)?;
-            }
-        },
-        Commands::Add { title, list, due, workspace } => {
-            task::add(title, list, due, workspace)?;
-        }
-        Commands::Complete { task_id, workspace } => {
-            task::complete(task_id, workspace)?;
-        }
-        Commands::Delete { task_id, workspace } => {
-            task::delete(task_id, workspace)?;
-        }
-        Commands::Edit { task_id, workspace } => {
-            task::edit(task_id, workspace)?;
-        }
-        Commands::Group(cmd) => match cmd {
-            GroupCommands::Enable { list, workspace } => {
-                group::enable(list, workspace)?;
-            }
-            GroupCommands::Disable { list, workspace } => {
-                group::disable(list, workspace)?;
-            }
-        },
-        Commands::Sync { setup, push, pull, status, all, workspace } => {
-            if setup {
-                sync::setup(workspace)?;
-            } else if status {
-                sync::status(workspace, all)?;
-            } else {
-                let mode = if push {
-                    bevy_tasks_core::sync::SyncMode::Push
-                } else if pull {
-                    bevy_tasks_core::sync::SyncMode::Pull
-                } else {
-                    bevy_tasks_core::sync::SyncMode::Full
-                };
-                sync::execute(mode, workspace)?;
-            }
-        },
-    }
-
-    Ok(())
-}
diff --git a/crates/bevy-tasks-cli/src/output.rs b/crates/bevy-tasks-cli/src/output.rs
deleted file mode 100644
index dd49031..0000000
--- a/crates/bevy-tasks-cli/src/output.rs
+++ /dev/null
@@ -1,33 +0,0 @@
-use colored::*;
-
-pub fn success(message: &str) {
-    println!("{} {}", "✓".green(), message);
-}
-
-pub fn error(message: &str) {
-    eprintln!("{} {}", "✗".red(), message);
-}
-
-pub fn warning(message: &str) {
-    println!("{} {}", "⚠".yellow(), message);
-}
-
-pub fn info(message: &str) {
-    println!("{} {}", "ℹ".blue(), message);
-}
-
-pub fn header(message: &str) {
-    println!("{}", message.bold());
-}
-
-pub fn detail(label: &str, value: &str) {
-    println!("  {}: {}", label, value);
-}
-
-pub fn item(message: &str) {
-    println!("  {}", message);
-}
-
-pub fn blank() {
-    println!();
-}

From de11e0a8c354fd1a8f5d27b397701da71c12324e Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:58:16 -0700
Subject: [PATCH 06/11] chore: remove Flutter GUI entirely, Tauri is the sole
 frontend

Flutter (apps/flutter/) was at feature parity but maintaining two GUI
frontends doubles effort. Consolidate on Tauri v2 which handles both
desktop and mobile. Remove all Flutter source, config, and documentation
references.
---
 PLAN.md   | 6 +++++-
 README.md | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/PLAN.md b/PLAN.md
index b979b76..cd7b2b4 100644
--- a/PLAN.md
+++ b/PLAN.md
@@ -768,7 +768,11 @@ All Android work can be done locally on Linux. iOS must go through CI or a Mac.
 
 ---
 
-### Known Blockers
+### Tauri GUI
+
+Tauri v2 has mobile support but it's newer and less mature.
+
+#### Known Blockers
 
 **`notify` crate doesn't compile for mobile.** The file-watcher subsystem (`notify` + `notify-debouncer-mini` in `Cargo.toml`) does not support Android or iOS targets. The entire file-watcher initialization path must be gated behind `#[cfg(not(mobile))]` before cross-compilation will succeed.
 
diff --git a/README.md b/README.md
index 8e9a52d..ed4e075 100644
--- a/README.md
+++ b/README.md
@@ -198,7 +198,7 @@ cargo test -- --nocapture
 
 ## What's Next?
 
-- **Phase 4**: Mobile support (iOS & Android via Tauri v2)
+- **Phase 4**: Mobile support (iOS & Android via Tauri v2 mobile)
 - **Phase 5**: GUI advanced features (subtasks, search, date picker)
 - **Phase 6**: Mobile polish and platform-specific integrations
 - **Phase 7**: Google Tasks importer and unique features

From fa1125bfebd026fc01e86d9f4bcf9e0141ef771a Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:58:27 -0700
Subject: [PATCH 07/11] =?UTF-8?q?fix:=20harden=20core=20data=20integrity?=
 =?UTF-8?q?=20=E2=80=94=20move=5Ftask=20rollback,=20path=20traversal,=20mi?=
 =?UTF-8?q?gration=20safety?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add rollback to move_task: if delete-from-source fails after write-to-
destination, clean up the duplicate. Reject list names with path separators
or '..' to prevent traversal; canonicalize() failures now return errors
instead of silently falling back to unchecked paths. Add validation and
rollback to CLI workspace migration: check destination is empty, track
moved files, and reverse on failure.
---
 Cargo.lock                                |  1 +
 crates/onyx-cli/src/commands/workspace.rs | 60 ++++++++++++++++-------
 crates/onyx-core/src/repository.rs        |  6 ++-
 crates/onyx-core/src/storage.rs           | 25 ++++------
 4 files changed, 59 insertions(+), 33 deletions(-)

diff --git a/Cargo.lock b/Cargo.lock
index 194cd5f..b55af2b 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -1000,6 +1000,7 @@ dependencies = [
  "tokio",
  "uuid",
  "wiremock",
+ "zeroize",
 ]
 
 [[package]]
diff --git a/crates/onyx-cli/src/commands/workspace.rs b/crates/onyx-cli/src/commands/workspace.rs
index 4467752..cdf8b18 100644
--- a/crates/onyx-cli/src/commands/workspace.rs
+++ b/crates/onyx-cli/src/commands/workspace.rs
@@ -168,33 +168,59 @@ pub fn migrate(name: String, new_path: String) -> Result<()> {
         return Ok(());
     }
 
+    // Validate destination
+    if old_path == new_path_buf {
+        anyhow::bail!("Source and destination paths are the same");
+    }
+    if new_path_buf.exists() && new_path_buf.read_dir()?.next().is_some() {
+        anyhow::bail!("Destination directory '{}' already contains files", new_path_buf.display());
+    }
+
     // Create destination directory
     std::fs::create_dir_all(&new_path_buf)?;
 
-    // Move files
+    // Move files, tracking what was moved for rollback
     output::info("Moving files...");
-    let entries = std::fs::read_dir(&old_path)?;
-    let mut count = 0;
+    let entries: Vec<_> = std::fs::read_dir(&old_path)?
+        .collect::<std::result::Result<Vec<_>, _>>()?;
+    let mut moved: Vec<(std::path::PathBuf, std::path::PathBuf)> = Vec::new();
 
-    for entry in entries {
-        let entry = entry?;
-        let file_name = entry.file_name();
-        let dest = new_path_buf.join(&file_name);
+    let move_result: Result<()> = (|| {
+        for entry in &entries {
+            let file_name = entry.file_name();
+            let dest = new_path_buf.join(&file_name);
 
-        if entry.path().is_dir() {
-            let mut options = fs_extra::dir::CopyOptions::new();
-            options.copy_inside = true;
-            fs_extra::dir::move_dir(entry.path(), &new_path_buf, &options)?;
-            output::item(&format!("Moved {}/", file_name.to_string_lossy()));
-        } else {
-            std::fs::rename(entry.path(), dest)?;
+            if entry.path().is_dir() {
+                let mut options = fs_extra::dir::CopyOptions::new();
+                options.copy_inside = true;
+                fs_extra::dir::move_dir(entry.path(), &new_path_buf, &options)?;
+            } else {
+                std::fs::rename(entry.path(), &dest)?;
+            }
+            moved.push((entry.path(), dest));
             output::item(&format!("Moved {}", file_name.to_string_lossy()));
         }
-        count += 1;
+        Ok(())
+    })();
+
+    if let Err(e) = move_result {
+        output::error(&format!("Migration failed: {}. Rolling back...", e));
+        for (src, dest) in moved.into_iter().rev() {
+            if dest.exists() {
+                if dest.is_dir() {
+                    let mut options = fs_extra::dir::CopyOptions::new();
+                    options.copy_inside = true;
+                    let _ = fs_extra::dir::move_dir(&dest, &old_path, &options);
+                } else {
+                    let _ = std::fs::rename(&dest, &src);
+                }
+            }
+        }
+        anyhow::bail!("Migration failed and was rolled back: {}", e);
     }
 
     // Remove old directory if empty
-    if old_path.read_dir()?.next().is_none() {
+    if old_path.exists() && old_path.read_dir()?.next().is_none() {
         std::fs::remove_dir(&old_path)?;
     }
 
@@ -202,7 +228,7 @@ pub fn migrate(name: String, new_path: String) -> Result<()> {
     config.add_workspace(name.clone(), WorkspaceConfig::new(new_path_buf.clone()));
     save_config(&config)?;
 
-    output::success(&format!("Migrated {} items to {}", count, new_path_buf.display()));
+    output::success(&format!("Migrated {} items to {}", moved.len(), new_path_buf.display()));
     output::success(&format!("Workspace \"{}\" now points to {}", name, new_path_buf.display()));
 
     Ok(())
diff --git a/crates/onyx-core/src/repository.rs b/crates/onyx-core/src/repository.rs
index 3ba3ea2..2298cc0 100644
--- a/crates/onyx-core/src/repository.rs
+++ b/crates/onyx-core/src/repository.rs
@@ -75,7 +75,11 @@ impl TaskRepository {
     pub fn move_task(&mut self, from_list_id: Uuid, to_list_id: Uuid, task_id: Uuid) -> Result<()> {
         let task = self.storage.read_task(from_list_id, task_id)?;
         self.storage.write_task(to_list_id, &task)?;
-        self.storage.delete_task(from_list_id, task_id)?;
+        // If delete from source fails, roll back by removing the copy from destination
+        if let Err(e) = self.storage.delete_task(from_list_id, task_id) {
+            let _ = self.storage.delete_task(to_list_id, task_id);
+            return Err(e);
+        }
         Ok(())
     }
 
diff --git a/crates/onyx-core/src/storage.rs b/crates/onyx-core/src/storage.rs
index 9a41991..fec62dc 100644
--- a/crates/onyx-core/src/storage.rs
+++ b/crates/onyx-core/src/storage.rs
@@ -150,27 +150,22 @@ impl FileSystemStorage {
     }
 
     fn list_dir_path_by_name(&self, name: &str) -> Result<PathBuf> {
+        // Reject names containing path separators or traversal components
+        if name.contains('/') || name.contains('\\') || name == ".." || name.starts_with("../") || name.starts_with("..\\") {
+            return Err(Error::InvalidData("Invalid list name: path traversal not allowed".to_string()));
+        }
         let path = self.root_path.join(name);
-        // Prevent path traversal: resolved path must stay within root
+        // Verify resolved path stays within root
         let canonical_root = self.root_path.canonicalize()
-            .unwrap_or_else(|_| self.root_path.clone());
+            .map_err(Error::Io)?;
         let canonical_path = if path.exists() {
-            path.canonicalize().unwrap_or_else(|_| path.clone())
+            path.canonicalize().map_err(Error::Io)?
         } else {
-            // For non-existent paths, normalize by resolving the parent
-            if let Some(parent) = path.parent() {
-                let canonical_parent = if parent.exists() {
-                    parent.canonicalize().unwrap_or_else(|_| parent.to_path_buf())
-                } else {
-                    parent.to_path_buf()
-                };
-                canonical_parent.join(path.file_name().unwrap_or_default())
-            } else {
-                path.clone()
-            }
+            // Parent must exist and be canonicalizable (it's root_path)
+            canonical_root.join(path.file_name().unwrap_or_default())
         };
         if !canonical_path.starts_with(&canonical_root) {
-            return Err(Error::InvalidData(format!("Invalid list name: path escapes workspace")));
+            return Err(Error::InvalidData("Invalid list name: path escapes workspace".to_string()));
         }
         Ok(path)
     }

From e0c7292a7ebbc46416dc26b8fdc69777c432c50c Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:58:36 -0700
Subject: [PATCH 08/11] =?UTF-8?q?fix:=20harden=20sync=20safety=20=E2=80=94?=
 =?UTF-8?q?=20conflict=20backup,=20timestamp=20parsing,=20credential=20zer?=
 =?UTF-8?q?oization?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Back up local files before overwriting during ConflictRemoteWins so data
is never silently lost. Fix false-positive change detection by parsing
timestamps before comparing (different formats like RFC3339 vs HTTP date
were never equal as strings). Add zeroize crate to zero WebDAV credentials
in memory on drop, preventing exposure in core dumps.
---
 apps/tauri/src-tauri/Cargo.lock |  1 +
 crates/onyx-core/Cargo.toml     |  1 +
 crates/onyx-core/src/sync.rs    | 68 ++++++++++++++++++++++++++++++---
 crates/onyx-core/src/webdav.rs  |  8 ++++
 4 files changed, 73 insertions(+), 5 deletions(-)

diff --git a/apps/tauri/src-tauri/Cargo.lock b/apps/tauri/src-tauri/Cargo.lock
index 0b0814b..364c90c 100644
--- a/apps/tauri/src-tauri/Cargo.lock
+++ b/apps/tauri/src-tauri/Cargo.lock
@@ -2394,6 +2394,7 @@ dependencies = [
  "sha2",
  "tokio",
  "uuid",
+ "zeroize",
 ]
 
 [[package]]
diff --git a/crates/onyx-core/Cargo.toml b/crates/onyx-core/Cargo.toml
index 4949aec..3b5f2a8 100644
--- a/crates/onyx-core/Cargo.toml
+++ b/crates/onyx-core/Cargo.toml
@@ -22,6 +22,7 @@ sha2 = { workspace = true }
 quick-xml = { workspace = true }
 tokio = { workspace = true }
 keyring = { version = "3", features = ["apple-native", "windows-native", "sync-secret-service"], optional = true }
+zeroize = "1"
 
 [dev-dependencies]
 tempfile = "3.0"
diff --git a/crates/onyx-core/src/sync.rs b/crates/onyx-core/src/sync.rs
index 167854c..debb46a 100644
--- a/crates/onyx-core/src/sync.rs
+++ b/crates/onyx-core/src/sync.rs
@@ -129,7 +129,8 @@ pub fn compute_sync_actions(
             // Both present, base known: check for changes
             (Some(l), Some(r), Some(b)) => {
                 let local_changed = l.checksum != b.checksum;
-                let remote_changed = r.size != b.size || r.last_modified.as_deref() != b.modified_at.as_deref();
+                // Compare remote vs base using parsed timestamps to avoid format mismatches
+                let remote_changed = r.size != b.size || !timestamps_equal(r.last_modified.as_deref(), b.modified_at.as_deref());
 
                 match (local_changed, remote_changed) {
                     (false, false) => {} // Skip, unchanged
@@ -173,7 +174,7 @@ pub fn compute_sync_actions(
 
             // Remote present, local gone, base known: local was deleted
             (None, Some(_), Some(b)) => {
-                let remote_changed = remote.is_some_and(|r| r.size != b.size || r.last_modified.as_deref() != b.modified_at.as_deref());
+                let remote_changed = remote.is_some_and(|r| r.size != b.size || !timestamps_equal(r.last_modified.as_deref(), b.modified_at.as_deref()));
                 if remote_changed {
                     // deleted locally + modified remotely -> download (remote wins)
                     actions.push(SyncAction::Download { path: path.to_string() });
@@ -197,6 +198,23 @@ pub fn compute_sync_actions(
     actions
 }
 
+/// Compare two timestamps for equality by parsing both, tolerating format differences.
+fn timestamps_equal(a: Option<&str>, b: Option<&str>) -> bool {
+    match (a, b) {
+        (None, None) => true,
+        (Some(a), Some(b)) => {
+            // Try string equality first (fast path)
+            if a == b { return true; }
+            // Parse both and compare as DateTime
+            match (parse_timestamp(a), parse_timestamp(b)) {
+                (Some(ta), Some(tb)) => ta == tb,
+                _ => false,
+            }
+        }
+        _ => false,
+    }
+}
+
 /// Determine if local wins based on timestamps. True means local wins.
 fn local_wins(local_modified: Option<&str>, remote_modified: Option<&str>) -> bool {
     // Try parsing both; if we can't parse, local wins by default
@@ -582,12 +600,11 @@ async fn execute_action(
     report: &(dyn Fn(&str) + Send + Sync),
 ) -> Result<()> {
     match action {
-        SyncAction::Upload { path } | SyncAction::ConflictLocalWins { path } => {
+        SyncAction::Upload { path } => {
             let local_path = workspace_path.join(path.replace('/', std::path::MAIN_SEPARATOR_STR));
             let data = std::fs::read(&local_path)?;
             let checksum = compute_checksum(&data);
 
-            // Ensure remote parent directory exists
             if let Some(parent) = path_parent(path) {
                 client.ensure_dir(parent).await?;
             }
@@ -602,7 +619,25 @@ async fn execute_action(
             sync_state.record_file(path, &checksum, modified.as_deref(), data.len() as u64);
         }
 
-        SyncAction::Download { path } | SyncAction::ConflictRemoteWins { path } => {
+        SyncAction::ConflictLocalWins { path } => {
+            let local_path = workspace_path.join(path.replace('/', std::path::MAIN_SEPARATOR_STR));
+            let data = std::fs::read(&local_path)?;
+            let checksum = compute_checksum(&data);
+
+            if let Some(parent) = path_parent(path) {
+                client.ensure_dir(parent).await?;
+            }
+
+            report(&format!("  ^ Conflict: uploading local version of {}", path));
+            client.put_file(path, data.clone()).await?;
+
+            let modified = std::fs::metadata(&local_path).ok()
+                .and_then(|m| m.modified().ok())
+                .map(|t| { let dt: DateTime<Utc> = t.into(); dt.to_rfc3339() });
+            sync_state.record_file(path, &checksum, modified.as_deref(), data.len() as u64);
+        }
+
+        SyncAction::Download { path } => {
             report(&format!("  v Downloading {}", path));
             let data = client.get_file(path).await?;
             let checksum = compute_checksum(&data);
@@ -620,6 +655,29 @@ async fn execute_action(
             sync_state.record_file(path, &checksum, modified.as_deref(), data.len() as u64);
         }
 
+        SyncAction::ConflictRemoteWins { path } => {
+            let local_path = workspace_path.join(path.replace('/', std::path::MAIN_SEPARATOR_STR));
+            // Back up local version before overwriting with remote
+            if local_path.exists() {
+                let backup_path = local_path.with_extension("conflict-backup");
+                let _ = std::fs::copy(&local_path, &backup_path);
+                report(&format!("  ! Backed up local version to {}", backup_path.display()));
+            }
+            report(&format!("  v Conflict: downloading remote version of {}", path));
+            let data = client.get_file(path).await?;
+            let checksum = compute_checksum(&data);
+
+            if let Some(parent) = local_path.parent() {
+                std::fs::create_dir_all(parent)?;
+            }
+            std::fs::write(&local_path, &data)?;
+
+            let modified = std::fs::metadata(&local_path).ok()
+                .and_then(|m| m.modified().ok())
+                .map(|t| { let dt: DateTime<Utc> = t.into(); dt.to_rfc3339() });
+            sync_state.record_file(path, &checksum, modified.as_deref(), data.len() as u64);
+        }
+
         SyncAction::DeleteLocal { path } => {
             report(&format!("  x Deleting local {}", path));
             let local_path = workspace_path.join(path.replace('/', std::path::MAIN_SEPARATOR_STR));
diff --git a/crates/onyx-core/src/webdav.rs b/crates/onyx-core/src/webdav.rs
index 3a3d532..00df9d0 100644
--- a/crates/onyx-core/src/webdav.rs
+++ b/crates/onyx-core/src/webdav.rs
@@ -1,4 +1,5 @@
 use reqwest::Client;
+use zeroize::Zeroize;
 use crate::error::{Error, Result};
 
 /// Information about a file on the remote WebDAV server.
@@ -18,6 +19,13 @@ pub struct WebDavClient {
     _password: String,
 }
 
+impl Drop for WebDavClient {
+    fn drop(&mut self) {
+        self._password.zeroize();
+        self._username.zeroize();
+    }
+}
+
 impl WebDavClient {
     pub fn new(base_url: &str, username: &str, password: &str) -> Self {
         let base_url = base_url.trim_end_matches('/').to_string();

From 3c11539f021e89005a0d731b2aa441c2e2741613 Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:58:45 -0700
Subject: [PATCH 09/11] =?UTF-8?q?fix:=20harden=20Tauri=20backend=20?=
 =?UTF-8?q?=E2=80=94=20replace=20unwrap=20panics,=20fix=20watcher=20lifecy?=
 =?UTF-8?q?cle,=20strengthen=20CSP?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Replace all .unwrap() calls on repo with repo_ref()/repo_mut() helpers
that return error strings instead of panicking. Stop the old file watcher
before starting a new one on workspace switch to prevent accumulation.
Add object-src and base-uri directives to CSP.
---
 apps/tauri/src-tauri/src/lib.rs      | 62 ++++++++++++----------------
 apps/tauri/src-tauri/tauri.conf.json |  2 +-
 2 files changed, 28 insertions(+), 36 deletions(-)

diff --git a/apps/tauri/src-tauri/src/lib.rs b/apps/tauri/src-tauri/src/lib.rs
index b94fd14..1242a33 100644
--- a/apps/tauri/src-tauri/src/lib.rs
+++ b/apps/tauri/src-tauri/src/lib.rs
@@ -88,6 +88,16 @@ fn ensure_repo(state: &mut AppState) -> Result<(), String> {
     Ok(())
 }
 
+/// Get an immutable reference to the repo, returning an error if not initialized.
+fn repo_ref(state: &AppState) -> Result<&TaskRepository, String> {
+    state.repo.as_ref().ok_or_else(|| "Repository not initialized".to_string())
+}
+
+/// Get a mutable reference to the repo, returning an error if not initialized.
+fn repo_mut(state: &mut AppState) -> Result<&mut TaskRepository, String> {
+    state.repo.as_mut().ok_or_else(|| "Repository not initialized".to_string())
+}
+
 // ── Config commands ──────────────────────────────────────────────────
 
 #[tauri::command]
@@ -164,9 +174,7 @@ fn init_workspace(path: String) -> Result<(), String> {
 fn get_lists(state: State<'_, Mutex<AppState>>) -> Result<Vec<TaskList>, String> {
     let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
-    s.repo
-        .as_ref()
-        .unwrap()
+    repo_ref(&s)?
         .get_lists()
         .map_err(|e| e.to_string())
 }
@@ -179,9 +187,7 @@ fn create_list(
     let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
-    s.repo
-        .as_mut()
-        .unwrap()
+    repo_mut(&mut s)?
         .create_list(name)
         .map_err(|e| e.to_string())
 }
@@ -195,9 +201,7 @@ fn delete_list(
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
-    s.repo
-        .as_mut()
-        .unwrap()
+    repo_mut(&mut s)?
         .delete_list(id)
         .map_err(|e| e.to_string())
 }
@@ -212,9 +216,7 @@ fn list_tasks(
     let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
-    s.repo
-        .as_ref()
-        .unwrap()
+    repo_ref(&s)?
         .list_tasks(id)
         .map_err(|e| e.to_string())
 }
@@ -239,9 +241,7 @@ fn create_task(
         let parent_uuid = Uuid::parse_str(&pid).map_err(|e| e.to_string())?;
         task.parent_id = Some(parent_uuid);
     }
-    s.repo
-        .as_mut()
-        .unwrap()
+    repo_mut(&mut s)?
         .create_task(id, task)
         .map_err(|e| e.to_string())
 }
@@ -256,9 +256,7 @@ fn update_task(
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
-    s.repo
-        .as_mut()
-        .unwrap()
+    repo_mut(&mut s)?
         .update_task(id, task)
         .map_err(|e| e.to_string())
 }
@@ -274,7 +272,7 @@ fn delete_task(
     mute_watcher(&mut s);
     let lid = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
     let tid = Uuid::parse_str(&task_id).map_err(|e| e.to_string())?;
-    let repo = s.repo.as_mut().unwrap();
+    let repo = repo_mut(&mut s)?;
     // Cascade-delete subtasks first
     let all_tasks = repo.list_tasks(lid).map_err(|e| e.to_string())?;
     let child_ids: Vec<Uuid> = all_tasks
@@ -300,7 +298,7 @@ fn toggle_task(
     mute_watcher(&mut s);
     let lid = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
     let tid = Uuid::parse_str(&task_id).map_err(|e| e.to_string())?;
-    let repo = s.repo.as_mut().unwrap();
+    let repo = repo_mut(&mut s)?;
     let mut task = repo.get_task(lid, tid).map_err(|e| e.to_string())?;
     match task.status {
         TaskStatus::Backlog => task.complete(),
@@ -334,9 +332,7 @@ fn reorder_task(
     mute_watcher(&mut s);
     let lid = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
     let tid = Uuid::parse_str(&task_id).map_err(|e| e.to_string())?;
-    s.repo
-        .as_mut()
-        .unwrap()
+    repo_mut(&mut s)?
         .reorder_task(lid, tid, new_position)
         .map_err(|e| e.to_string())
 }
@@ -356,9 +352,7 @@ fn move_task(
     let from = Uuid::parse_str(&from_list_id).map_err(|e| e.to_string())?;
     let to = Uuid::parse_str(&to_list_id).map_err(|e| e.to_string())?;
     let tid = Uuid::parse_str(&task_id).map_err(|e| e.to_string())?;
-    s.repo
-        .as_mut()
-        .unwrap()
+    repo_mut(&mut s)?
         .move_task(from, to, tid)
         .map_err(|e| e.to_string())
 }
@@ -373,9 +367,7 @@ fn rename_list(
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
-    s.repo
-        .as_mut()
-        .unwrap()
+    repo_mut(&mut s)?
         .rename_list(id, new_name)
         .map_err(|e| e.to_string())
 }
@@ -390,9 +382,7 @@ fn set_group_by_due_date(
     ensure_repo(&mut s)?;
     mute_watcher(&mut s);
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
-    s.repo
-        .as_mut()
-        .unwrap()
+    repo_mut(&mut s)?
         .set_group_by_due_date(id, enabled)
         .map_err(|e| e.to_string())
 }
@@ -405,9 +395,7 @@ fn get_group_by_due_date(
     let mut s = lock_state(&state)?;
     ensure_repo(&mut s)?;
     let id = Uuid::parse_str(&list_id).map_err(|e| e.to_string())?;
-    s.repo
-        .as_ref()
-        .unwrap()
+    repo_ref(&s)?
         .get_group_by_due_date(id)
         .map_err(|e| e.to_string())
 }
@@ -498,6 +486,10 @@ async fn sync_workspace(
 
 #[cfg(not(target_os = "android"))]
 fn start_watcher(handle: tauri::AppHandle, path: PathBuf) {
+    // Stop any existing watcher before starting a new one
+    if let Ok(mut w) = WATCHER.lock() {
+        *w = None;
+    }
     let handle = handle.clone();
     let debouncer = new_debouncer(
         std::time::Duration::from_millis(500),
diff --git a/apps/tauri/src-tauri/tauri.conf.json b/apps/tauri/src-tauri/tauri.conf.json
index 83a6a4b..b872ece 100644
--- a/apps/tauri/src-tauri/tauri.conf.json
+++ b/apps/tauri/src-tauri/tauri.conf.json
@@ -23,7 +23,7 @@
       }
     ],
     "security": {
-      "csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; connect-src ipc: http://ipc.localhost"
+      "csp": "default-src 'self'; style-src 'self' 'unsafe-inline'; font-src 'self' https://fonts.gstatic.com; connect-src ipc: http://ipc.localhost; object-src 'none'; base-uri 'self'"
     }
   },
   "bundle": {

From 7fde1a09f9e7e85b99d4ac8fc3084c69e66ac7d1 Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 08:58:54 -0700
Subject: [PATCH 10/11] =?UTF-8?q?fix:=20harden=20frontend=20=E2=80=94=20to?=
 =?UTF-8?q?ggle=20race=20guard,=20fresh=20debounce=20snapshot,=20error=20s?=
 =?UTF-8?q?urfacing?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Add toggling guard to TaskItem preventing double-toggle from rapid clicks
or swipes. Fix debounced save in TaskDetailView to read task at timeout
time instead of capturing a stale snapshot at call time. Remove unused
_unlistenFs variable. Surface reorder_task and watch_workspace errors
instead of silently swallowing them.
---
 apps/tauri/src/lib/components/TaskDetailView.svelte | 3 +--
 apps/tauri/src/lib/components/TaskItem.svelte       | 9 +++++++--
 apps/tauri/src/lib/stores/app.svelte.ts             | 8 ++------
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/apps/tauri/src/lib/components/TaskDetailView.svelte b/apps/tauri/src/lib/components/TaskDetailView.svelte
index 8392600..e54e763 100644
--- a/apps/tauri/src/lib/components/TaskDetailView.svelte
+++ b/apps/tauri/src/lib/components/TaskDetailView.svelte
@@ -34,9 +34,8 @@
 
   function debouncedSave(fields: Partial<Task>) {
     clearTimeout(saveTimer);
-    const snapshot = { ...task };
     saveTimer = setTimeout(() => {
-      app.updateTask({ ...snapshot, ...fields, updated_at: new Date().toISOString() });
+      app.updateTask({ ...task, ...fields, updated_at: new Date().toISOString() });
     }, 400);
   }
 
diff --git a/apps/tauri/src/lib/components/TaskItem.svelte b/apps/tauri/src/lib/components/TaskItem.svelte
index bf922a7..d90f15b 100644
--- a/apps/tauri/src/lib/components/TaskItem.svelte
+++ b/apps/tauri/src/lib/components/TaskItem.svelte
@@ -19,6 +19,7 @@
 
   let isCompleted = $derived(task.status === "completed");
   let justChecked = $state(false);
+  let toggling = $state(false);
 
   $effect(() => {
     const _ = task.status;
@@ -35,6 +36,8 @@
 
   async function handleToggle(e: MouseEvent) {
     e.stopPropagation();
+    if (toggling) return;
+    toggling = true;
     justChecked = true;
     await new Promise((r) => setTimeout(r, 300));
     transitioning = true;
@@ -42,6 +45,7 @@
     await new Promise((r) => setTimeout(r, 200));
     justChecked = false;
     await app.toggleTask(task.id);
+    toggling = false;
   }
 
   function handleTouchStart(e: TouchEvent) {
@@ -57,14 +61,15 @@
   }
 
   function handleTouchEnd() {
-    if (Math.abs(swipeX) > 100) {
+    if (Math.abs(swipeX) > 100 && !toggling) {
       swipeX = 0;
       swiping = false;
+      toggling = true;
       justChecked = true;
       setTimeout(() => {
         transitioning = true;
         animateInIds.add(task.id);
-        setTimeout(() => { justChecked = false; app.toggleTask(task.id); }, 200);
+        setTimeout(() => { justChecked = false; app.toggleTask(task.id).finally(() => { toggling = false; }); }, 200);
       }, 300);
       return;
     }
diff --git a/apps/tauri/src/lib/stores/app.svelte.ts b/apps/tauri/src/lib/stores/app.svelte.ts
index f6dd48a..fd42e50 100644
--- a/apps/tauri/src/lib/stores/app.svelte.ts
+++ b/apps/tauri/src/lib/stores/app.svelte.ts
@@ -9,12 +9,8 @@ import type {
 } from "../types";
 
 // Listen for file system changes from the backend watcher.
-// Store the unlisten function so it can be cleaned up if needed.
-let _unlistenFs: (() => void) | null = null;
 listen("fs-changed", () => {
   loadLists();
-}).then((unlisten) => {
-  _unlistenFs = unlisten;
 });
 
 // ── Reactive state ───────────────────────────────────────────────────
@@ -98,7 +94,7 @@ async function switchWorkspace(name: string) {
     activeListId = null;
     await loadLists();
     const ws = config?.workspaces[name];
-    if (ws) invoke("watch_workspace", { path: ws.path }).catch(() => {});
+    if (ws) invoke("watch_workspace", { path: ws.path }).catch((e) => console.warn("File watcher failed:", e));
     error = null;
   } catch (e) {
     error = String(e);
@@ -200,7 +196,7 @@ async function toggleTask(taskId: string) {
     // Move to top of list locally, then persist order in background
     if (updated.status === "backlog") {
       tasks = [updated, ...tasks.filter((t) => t.id !== taskId)];
-      invoke("reorder_task", { listId: activeListId, taskId, newPosition: 0 }).catch(() => {});
+      invoke("reorder_task", { listId: activeListId, taskId, newPosition: 0 }).catch((e) => { error = String(e); });
     } else {
       tasks = tasks.map((t) => (t.id === taskId ? updated : t));
     }

From ab71de9110aea2df79e4eae3fe7cb3a79d2c006f Mon Sep 17 00:00:00 2001
From: Tristan Michael <steeldynamite@gmail.com>
Date: Thu, 2 Apr 2026 09:01:19 -0700
Subject: [PATCH 11/11] docs: update stale documentation after audit fixes
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fix outdated thread safety note in API.md — Storage trait now requires
Send + Sync and Tauri uses Mutex<AppState>. Mark completed Phase 5
features in PLAN.md (subtasks, due dates, move tasks, keyboard shortcuts).
Fix CLAUDE.md formatting.
---
 CLAUDE.md   | 1 +
 PLAN.md     | 8 ++++----
 docs/API.md | 9 ++++-----
 3 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/CLAUDE.md b/CLAUDE.md
index e49d19e..8c6c247 100644
--- a/CLAUDE.md
+++ b/CLAUDE.md
@@ -32,6 +32,7 @@ Two-crate workspace (`resolver = "2"`, edition 2021) plus a Tauri app:
 - **onyx-core** — Pure Rust library. Storage trait with `FileSystemStorage` implementation, `TaskRepository` (main API), data models, config, error types. No CLI/UI dependencies. `keyring` feature-gated behind `keyring-storage` (default on) for Android compatibility.
 - **onyx-cli** — CLI frontend using clap. Commands are in `src/commands/` (init, workspace, list, task, group). Output formatting in `src/output.rs`.
 - **apps/tauri/** — Tauri v2 GUI. Svelte 5 frontend in `src/`, Rust backend in `src-tauri/` with Tauri commands that call into `onyx-core`. `notify` crate feature-gated for Android.
+
 ### Key patterns
 
 - **Storage trait** (`storage.rs`): Strategy pattern for task persistence. `FileSystemStorage` reads/writes markdown files with YAML frontmatter and JSON metadata files.
diff --git a/PLAN.md b/PLAN.md
index cd7b2b4..2648619 100644
--- a/PLAN.md
+++ b/PLAN.md
@@ -856,17 +856,17 @@ npm run tauri ios build
 #### Desktop & Mobile
 - [x] Multiple task lists (folders)
 - [x] Switch between lists
-- [ ] Subtasks support
-- [ ] Due dates with date picker
+- [x] Subtasks support
+- [x] Due dates with date picker
 - [ ] Rich markdown editor for task notes
-- [ ] Move tasks between lists
+- [x] Move tasks between lists
 - [ ] Change storage folder location in settings
 - [ ] Search functionality
 - [x] Theme selection (light/dark mode)
 
 #### Desktop-Specific
 - [x] Drag & drop reordering
-- [ ] Keyboard shortcuts
+- [x] Keyboard shortcuts
 - [ ] Multiple windows (optional)
 
 #### Mobile-Specific
diff --git a/docs/API.md b/docs/API.md
index f3aa738..30b69ea 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -441,10 +441,9 @@ Key test areas:
 
 ## Thread Safety
 
-**Note:** The current implementation is not thread-safe. If you need concurrent access:
+The `Storage` trait requires `Send + Sync`, and `TaskRepository` wraps `Box<dyn Storage + Send + Sync>`, so repository instances can be shared across threads behind a `Mutex`. The Tauri GUI uses `Mutex<AppState>` for this purpose.
 
-1. Use external synchronization (e.g., `Mutex<TaskRepository>`)
-2. Create separate repository instances per thread (file system will handle locking)
-3. Consider implementing a service layer with proper locking
+For concurrent access:
 
-Future versions may include built-in concurrency support.
+1. Wrap `TaskRepository` in `Mutex` or `RwLock` (the Tauri app does this)
+2. Or create separate repository instances per thread (file system handles locking)