Sort workspace names alphabetically in the drawer for
better organization. Add a check to prevent switching to
the currently active workspace, avoiding unnecessary
operations and improving user experience.
Update CLAUDE.md to reflect completed WebDAV sync and expanded config/sync features. The docs now describe AppConfig fields (mode, theme, WebDAV URL), WorkspaceMode enum, WebDAV client details and credential handling (scoped keyring keys `com.onyx.webdav.<domain>::<username>` with auto-migration from legacy dot-separated format on load), three-way sync with a 60s timeout and auto-creation of the Onyx/ remote subfolder, a 10MB PROPFIND response cap, plus UI changes (setup flow, per-workspace theme options) and other sync/setup UI improvements.
- Use :: separator in scoped keyring keys to prevent ambiguity with
usernames containing dots (e.g. com.onyx.webdav.host::user)
- Auto-migrate legacy credentials to scoped format on load, removing
old unscoped entries after successful migration
- Add 10MB response size limit on PROPFIND to prevent memory exhaustion
from malicious servers (checks Content-Length header + actual body)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Handle Result from WebDavClient::new in CLI sync, core sync, and Tauri
- Unwrap Zeroizing<String> at Tauri serialization boundary
- Use .as_str() for basic_auth calls with Zeroizing<String> fields
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Enforce HTTPS for WebDAV URLs (reject http:// to prevent plaintext credentials)
- Replace String with Zeroizing<String> for credential fields and load_credentials return
- Remove manual Drop impl (Zeroizing handles zeroize-on-drop automatically)
- Scope keyring password entries by domain+username to prevent collisions
- Add migration fallback for legacy unscoped keyring entries
- Sanitize error messages to not leak keyring service patterns or env var names
- Add log warnings when falling back to env var credentials
- Add log dependency to onyx-core
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Enable rustls TLS support and disable reqwest's default features to
avoid pulling in unwanted native TLS dependencies. This ensures the
application uses rustls for TLS connections and keeps the build more
portable and consistent across platforms.
Remove the custom default-features and rustls-tls feature flags for
reqwest in Cargo.toml. This simplifies the dependency specification and
avoids potential TLS configuration or feature mismatch issues that could
make HTTP requests behave unexpectedly (e.g., reachability or URL
formatting issues). The change restores reqwest to its simpler default
feature set to resolve connectivity confusion.
Setup screen now offers Local vs WebDAV mode choice with cancel button
when workspaces exist. Settings moved from drawer bottom into workspace
kebab menu, scoped per-workspace. WebDAV section hidden for local
workspaces, theme dropdown replaces dark mode toggle.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Replaces in-memory darkMode toggle with persisted per-workspace theme
selection. Adds dark, nord, dracula, and solarized CSS theme definitions.
Theme is applied via data-theme attribute and derived isDark class.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Introduces WorkspaceMode enum with local and webdav variants, plus a
theme field on WorkspaceConfig. Adds set_workspace_theme and
add_webdav_workspace Tauri commands. WebDAV workspaces auto-manage
local files in app data dir.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Phase 2 (WebDAV sync) and Phase 3 (GUI MVP) are complete but docs still
showed them as in-progress. Phase 4 Android steps 1-4 are done. Windows
MSI packaging was added. Multiple doc inaccuracies fixed: missing Error
variants, stale struct definitions, wrong filenames in directory trees.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Add toggling guard to TaskItem preventing double-toggle from rapid clicks
or swipes. Fix debounced save in TaskDetailView to read task at timeout
time instead of capturing a stale snapshot at call time. Remove unused
_unlistenFs variable. Surface reorder_task and watch_workspace errors
instead of silently swallowing them.
Replace all .unwrap() calls on repo with repo_ref()/repo_mut() helpers
that return error strings instead of panicking. Stop the old file watcher
before starting a new one on workspace switch to prevent accumulation.
Add object-src and base-uri directives to CSP.
Back up local files before overwriting during ConflictRemoteWins so data
is never silently lost. Fix false-positive change detection by parsing
timestamps before comparing (different formats like RFC3339 vs HTTP date
were never equal as strings). Add zeroize crate to zero WebDAV credentials
in memory on drop, preventing exposure in core dumps.
Add rollback to move_task: if delete-from-source fails after write-to-
destination, clean up the duplicate. Reject list names with path separators
or '..' to prevent traversal; canonicalize() failures now return errors
instead of silently falling back to unchecked paths. Add validation and
rollback to CLI workspace migration: check destination is empty, track
moved files, and reverse on failure.
Flutter (apps/flutter/) was at feature parity but maintaining two GUI
frontends doubles effort. Consolidate on Tauri v2 which handles both
desktop and mobile. Remove all Flutter source, config, and documentation
references.
This crate references a non-existent bevy-tasks-core dependency and is
an artifact from the project's predecessor. It is not in the workspace
members list and cannot compile.
Fix nested interactive elements in TaskItem (button inside button) by
restructuring as div + button with aria-label. Replace native confirm()
with ConfirmDialog for workspace removal. Store fs-changed event unlisten
function for cleanup. Log file watcher errors instead of swallowing them.
Fix var usage to const. Add Firefox scrollbar-width support.
Restrict is_syncable() to validate path depth: .md files and .listdata.json
must be at depth 2 (inside list dirs), .metadata.json only at depth 1 (root).
Prevents syncing arbitrary files at unexpected depths. Back up corrupted
sync queue files before resetting, and log warnings on parse failures
instead of silently dropping queued operations.
Replace .expect() in config path resolution with a fallback default.
Replace all .lock().unwrap() on Tauri AppState mutex with a helper that
converts poisoned locks into error strings. Replace .expect() on Android
app data dir with proper error propagation. Handle LAST_WRITE and WATCHER
global mutex locks gracefully. Propagate subtask cascade delete errors
instead of silently ignoring them.
Validate that resolved list paths stay within the workspace root to prevent
directory traversal via malicious list names. Enable Content Security Policy
in Tauri config instead of leaving it null. Fix CLI domain extraction to
strip userinfo (user:pass@) from URLs before using as keyring service name.
- Remove subtask expand/collapse foldout from main task list
- Add three-panel slide navigation (task list → task detail → subtask detail) via taskStack
- Create ConfirmDialog component replacing native confirm() dialogs
- Cascade delete: deleting a task with subtasks warns and deletes all children
- Subtask detail view: no nested subtasks, collapsible completed section, inline add at top
- Redesign Move To as inline list in kebab menu (no overflow submenu)
- Main panel header: list name + kebab below divider (matching task detail layout)
- Move list management kebab from drawer to main panel; drawer shows chevrons
- Add Delete Completed to both main panel and subtask kebab menus
- Fix debouncedSave stale reference by snapshotting task before timer
- New subtasks prepend to top of list
Wire up the existing parent_id data model into a full subtask UI:
- Backend: create_task accepts parent_id, cascade delete/toggle for subtasks
- Store: subtask-aware derived state (root tasks only in pending/completed),
childrenMap for O(1) subtask lookup, createTask accepts parentId
- TaskItem: depth-based indentation, subtask completion counter badge
- TasksScreen: expand/collapse chevron for parent tasks, indented subtask
rendering with left border, subtasks shown under completed parents
- TaskDetailView: "Add subtask" inline input, subtask list with toggleable
checkboxes, parent task breadcrumb for subtasks
https://claude.ai/code/session_01XWcSekaCAJ7qnr4hN3tgL8
Make keyring optional behind keyring-storage feature in onyx-core.
Make notify/notify-debouncer-mini optional behind desktop feature in Tauri.
Gate all file watcher code behind #[cfg(not(target_os = "android"))].
Provide env-var-only credential fallbacks when keyring is disabled.
Mark all Phase 3 features complete: has_time, sync status indicators,
push/pull mode, desktop packaging (Linux), and Flutter GUI parity.
Update current state date and feature lists.
Remove the redundant call to _done() in the close icon's onTap handler
and simplify the callback to a single-expression setState. The change
keeps behavior focused on hiding the time view (_showTime = false) and
avoids invoking _done() on close, which aligns with the intended UI flow
signaled by the task notification that the Flutter app relaunch
completed successfully.
Previously clicking the clear-time button set includeTime to false and
also called done(), which closed the surrounding toast. This change
removes the done() call so clearing the time only clears the time input
state (includeTime = false) without dismissing the toast UI.
SteelDynamite
