feat(desktop): repository-first projects with git workflows#1471
Conversation
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
…acing Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com> # Conflicts: # desktop/src/app/AppTopChrome.tsx # desktop/src/features/projects/ui/ProjectDetailScreen.tsx # desktop/src/features/projects/ui/ProjectsView.tsx
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Make the project detail header overlay scrolling content so its backdrop blur matches channel chrome behavior.
Keep the measured channel-style project chrome from the remote branch while preserving the local file-size guard correction.
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Offset project content inside the scroll area so blurred chrome matches channel behavior without pulling content up on load.
Keep the measured overlaid project chrome while incorporating the latest remote branch history.
Shift project cards away from branch-like metadata and move branch selection into project detail.
Add repository filtering and clone-path context while tightening project detail branch and README presentation.
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Hydrate PR branches from their fetchable refs and make selected pull requests use focused conversation, commits, checks, and files tabs.
Render pull request file changes from Git diff data so local and remote project sources show the correct patch context.
Group project card metadata with the title and show pull request changed files with the same hierarchical icon treatment as the repository file browser.
Issues get a detail view with comments and deep links like PRs. Repository cards show latest commit and distinct commit counts. PR detail leads with its title above the tab row, and overview stat pills navigate to their sections with an accurate local count.
Add a Terminal action to project cards and the repository source card. Opens the OS terminal at the local checkout, or clones the selected branch into the repos dir first (authenticated via the identity key) when only a remote exists. Local checkout resolution moves to a shared project_repo_paths module to keep project_git under the size limit.
Move the Terminal action onto the project tabs row with a label, slim project cards and list rows (clone path becomes a footer icon, avatars left / activity right, middle list column removed), add a People rail box to the projects overview, drop the detail rail's descriptive text, rename Activity to Commits and All to Overview, and clean up the sort/view toggle chrome.
Extract shared git subprocess/auth logic into project_git_exec.rs so project_git, project_git_diff, and project_terminal share one implementation instead of three copies. Move the duplicated frontend open-terminal toast/invalidation flow into a useOpenProjectTerminal hook used by both the projects list and detail screens.
The card redesign moved the agent identity into the footer people stack and the delete action into the overflow menu, the detail view now lands on Overview instead of Files, and seeded issues need the comments field the issue model gained. Update the spec's seams accordingly and cover the new terminal menu action.
Co-authored-by: Thomas Petersen <thomasp@squareup.com> Signed-off-by: Thomas Petersen <thomasp@squareup.com>
|
This is NOT the design this is simply getting the elements in. The actual visual design happens in the end. |
# Conflicts: # desktop/src/features/workspaces/ui/WorkspaceSwitcher.tsx
| "**/identity-archive-hide.spec.ts", | ||
| "**/relay-connectivity.spec.ts", | ||
| "**/history-icons-screenshots.spec.ts", | ||
| "**/projects-avatar-screenshot.spec.ts", |
There was a problem hiding this comment.
Do we want to include these screenshot tests here?
There was a problem hiding this comment.
🤖 Removed in 204cd04 — both screenshot specs deleted and dropped from the smoke suite.
wpfleger96
left a comment
There was a problem hiding this comment.
Team review (4 parallel passes: Rust/security, data/protocol, UI panels, views/nav) at tip a87de0f. 22 inline comments: 2 blocking, 9 should-fix, 11 nits.
Also verified clean, for the record: the nsec-never-touches-disk claim holds (env-only via GIT_CONFIG_*/NOSTR_PRIVATE_KEY, no disk writes, credential helper disabled by default); no shell injection (proper argv throughout, terminal launchers included); path traversal handled (canonicalize + starts_with guards); no XSS in the markdown/diff rendering paths; temp-dir lifecycle and spawn_blocking usage correct; new kinds (1617-1633, 30617/30618) match the NIP-34 registry with no collisions.
Blockers:
- Resolve projects by {owner, dtag} identity (NIP-34 address) instead of
dtag alone — routing, fetch filters, and query cache keys now use the
canonical owner:dtag id
- Only accept PR update events (1619) from the PR author or repo owner
Trust:
- Restrict issue/PR status events (1630-1633) to root author/repo owner
- Validate kind-5 deletion requests against the project owner pubkey
- Tighten contributor-profile matching to exact identifiers and label
git-author-based matches as unverified in the UI
Robustness:
- Filter malformed/empty tag values in shared tag helpers
- Unify branch sanitization (clean_branch) across git commands; reject
leading dashes, traversal, and refs/heads prefixes
- Add a 60s wall-clock timeout to spawned git subprocesses
- Only set-url origin when the remote URL actually differs
- Cap per-file diff patches at 2k lines with a truncation notice
- Neutralize repo-local git hooks (core.hooksPath) so credentials never
leak into hook scripts; validate clone URLs against the Buzz git path
Also removes the unused projectEvents module, dead filter branches, the
dead-end Create Project CTA, and strips local paths from surfaced git
errors. Adds unit tests for the new trust rules and branch/URL validation.
Issue/PR comments are kind:1 text notes (the relay doesn't register NIP-22 kind 1111), so they were bleeding into Pulse social feeds as orphaned replies whose parent — a 1618/1621 git event — could never be resolved. Filter them out of the global, timeline, my-notes, and liked-notes queries by their NIP-34 repo-address `a` tag; single-note deep links still resolve. Also documents the remaining protocol deviations flagged in review: the read-only non-NIP-34 extension tags in eventToProject (whose write path was already removed) and the 1633 Draft → Triage status mapping.


















Summary
Explorations making the desktop Projects section repository-first, with GitHub-style git workflows built on the relay's git hosting.
ProjectRepositoryPanel,ProjectRepositorySource)git-credential-nostrwith env-only key handling) when only a remote existsBackend (Tauri)
New command modules under
desktop/src-tauri/src/commands/:project_git.rs— repo snapshots, sync status, pushproject_git_diff.rs— PR diff computation (remote shallow clone + local checkout paths)project_git_exec.rs— shared git subprocess plumbing with ephemeral env-only auth (nsec never touches disk or git config)project_repo_paths.rs— local checkout resolution under the configured repos rootsproject_terminal.rs— OS terminal launcher (macOS/Linux/Windows)Test plan