Skip to content

feat(desktop): repository-first projects with git workflows#1471

Merged
thomaspblock merged 56 commits into
mainfrom
gitbuzz-explorations
Jul 3, 2026
Merged

feat(desktop): repository-first projects with git workflows#1471
thomaspblock merged 56 commits into
mainfrom
gitbuzz-explorations

Conversation

@thomaspblock

Copy link
Copy Markdown
Collaborator

Summary

Explorations making the desktop Projects section repository-first, with GitHub-style git workflows built on the relay's git hosting.

  • Repository browser — file tree navigation with file previews, per-file change times, branch picker, and local/remote repo state (ProjectRepositoryPanel, ProjectRepositorySource)
  • Pull requests — PR list and detail views with real diffs (files-changed panel with patch rendering), status headers, and rich-composer comments
  • Issues — issue lists and detail pages wired to git issue events
  • Commits & activity — feed-style activity timeline scoped to the active branch, with git contributors only
  • Overview panels — GitHub-style overview for both the projects landing page and individual project detail (stats, people rail, README/languages)
  • Open in Terminal — opens the OS terminal at a project's local checkout, cloning first (authenticated via git-credential-nostr with env-only key handling) when only a remote exists
  • Projects toolbar polish — grid/list view modes, filters (Overview/Mine/Local/Repositories/PRs/Issues/Agents/Users), sorting, persisted view preferences

Backend (Tauri)

New command modules under desktop/src-tauri/src/commands/:

  • project_git.rs — repo snapshots, sync status, push
  • project_git_diff.rs — PR diff computation (remote shallow clone + local checkout paths)
  • project_git_exec.rs — shared git subprocess plumbing with ephemeral env-only auth (nsec never touches disk or git config)
  • project_repo_paths.rs — local checkout resolution under the configured repos roots
  • project_terminal.rs — OS terminal launcher (macOS/Linux/Windows)

Test plan

  • Desktop unit tests (1494 passing)
  • Tauri Rust unit tests (867 passing)
  • Biome lint, tsc, file-size and px-text guards
  • Manual pass over projects list, detail tabs, PR diffs, issue pages
  • Terminal open/clone flows on macOS (local checkout + remote-only project)

Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
…acing

Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>

# Conflicts:
#	desktop/src/app/AppTopChrome.tsx
#	desktop/src/features/projects/ui/ProjectDetailScreen.tsx
#	desktop/src/features/projects/ui/ProjectsView.tsx
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Make the project detail header overlay scrolling content so its backdrop blur matches channel chrome behavior.
Keep the measured channel-style project chrome from the remote branch while preserving the local file-size guard correction.
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Offset project content inside the scroll area so blurred chrome matches channel behavior without pulling content up on load.
Keep the measured overlaid project chrome while incorporating the latest remote branch history.
Shift project cards away from branch-like metadata and move branch selection into project detail.
Add repository filtering and clone-path context while tightening project detail branch and README presentation.
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
Hydrate PR branches from their fetchable refs and make selected pull requests use focused conversation, commits, checks, and files tabs.
Render pull request file changes from Git diff data so local and remote project sources show the correct patch context.
Group project card metadata with the title and show pull request changed files with the same hierarchical icon treatment as the repository file browser.
Issues get a detail view with comments and deep links like PRs.
Repository cards show latest commit and distinct commit counts.
PR detail leads with its title above the tab row, and overview
stat pills navigate to their sections with an accurate local count.
Add a Terminal action to project cards and the repository source card.
Opens the OS terminal at the local checkout, or clones the selected
branch into the repos dir first (authenticated via the identity key)
when only a remote exists. Local checkout resolution moves to a shared
project_repo_paths module to keep project_git under the size limit.
Move the Terminal action onto the project tabs row with a label, slim
project cards and list rows (clone path becomes a footer icon, avatars
left / activity right, middle list column removed), add a People rail
box to the projects overview, drop the detail rail's descriptive text,
rename Activity to Commits and All to Overview, and clean up the
sort/view toggle chrome.
Extract shared git subprocess/auth logic into project_git_exec.rs so
project_git, project_git_diff, and project_terminal share one
implementation instead of three copies. Move the duplicated frontend
open-terminal toast/invalidation flow into a useOpenProjectTerminal hook
used by both the projects list and detail screens.
The card redesign moved the agent identity into the footer people stack
and the delete action into the overflow menu, the detail view now lands
on Overview instead of Files, and seeded issues need the comments field
the issue model gained. Update the spec's seams accordingly and cover
the new terminal menu action.
thomaspblock added a commit that referenced this pull request Jul 2, 2026
Co-authored-by: Thomas Petersen <thomasp@squareup.com>
Signed-off-by: Thomas Petersen <thomasp@squareup.com>
@thomaspblock

Copy link
Copy Markdown
Collaborator Author

Screenshots — Projects section walkthrough

Captured on a staging instance of this branch @ 7b60f83d (BUZZ_SHARE_IDENTITY=1 just staging), using the Bee Garden Game repo as example content. Local checkout detection is active (~/.buzz/REPOS/bee-garden-game, main @ 480508e).

Projects — main tabs

Overview — workspace summary (22 repos, 4 PRs, 2 local checkouts, 1 issue), People strip, repo grid
overview

Mine — repos the current identity is a member of
mine

Local — detected local checkouts
local

Repositories — full repo grid
repositories

PRs — cross-project PR list with status + action buttons (Review PR / View merge / View draft)
prs

Issues — cross-project issue list
issues

Agents — agent-involved repos
agents

Users — user-owned repos
users

Repo detail — Bee Garden Game

Overview — README render, Local/Remote switch on Local with checkout path, languages, repository facts
repo overview

Commits
repo commits

PRs
repo prs

Issues (empty state)
repo issues

Files — per-file last commit + author
repo files

Contributors
repo contributors

PR detail — "Create bee garden game" #4396c5a7

Conversation — status header, summary body, Updates, Discussion
pr conversation

Commits
pr commits

Checks (empty state — not wired yet)
pr checks

Files changed — file tree with filter + diff pane (+7/−156)
pr files changed

@thomaspblock thomaspblock reopened this Jul 2, 2026
@thomaspblock

Copy link
Copy Markdown
Collaborator Author

This is NOT the design this is simply getting the elements in. The actual visual design happens in the end.

# Conflicts:
#	desktop/src/features/workspaces/ui/WorkspaceSwitcher.tsx
@thomaspblock thomaspblock marked this pull request as ready for review July 2, 2026 19:41
Comment thread desktop/playwright.config.ts Outdated
"**/identity-archive-hide.spec.ts",
"**/relay-connectivity.spec.ts",
"**/history-icons-screenshots.spec.ts",
"**/projects-avatar-screenshot.spec.ts",

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we want to include these screenshot tests here?

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🤖 Removed in 204cd04 — both screenshot specs deleted and dropped from the smoke suite.

Copy link
Copy Markdown
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed

@wpfleger96 wpfleger96 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Team review (4 parallel passes: Rust/security, data/protocol, UI panels, views/nav) at tip a87de0f. 22 inline comments: 2 blocking, 9 should-fix, 11 nits.

Also verified clean, for the record: the nsec-never-touches-disk claim holds (env-only via GIT_CONFIG_*/NOSTR_PRIVATE_KEY, no disk writes, credential helper disabled by default); no shell injection (proper argv throughout, terminal launchers included); path traversal handled (canonicalize + starts_with guards); no XSS in the markdown/diff rendering paths; temp-dir lifecycle and spawn_blocking usage correct; new kinds (1617-1633, 30617/30618) match the NIP-34 registry with no collisions.

Comment thread desktop/src/features/projects/hooks.ts Outdated
Comment thread desktop/src/features/projects/projectPullRequests.mjs Outdated
Comment thread desktop/src/features/projects/projectIssues.mjs Outdated
Comment thread desktop/src/features/projects/hooks.ts Outdated
Comment thread desktop/src/features/projects/projectIssues.mjs
Comment thread desktop/src/features/projects/ui/ProjectPullRequestFilesChangedPanel.tsx Outdated
Comment thread desktop/src/features/projects/ui/ProjectsView.tsx Outdated
Comment thread desktop/src/features/projects/ui/ProjectsView.tsx Outdated
Comment thread desktop/src/features/projects/ui/ProjectIssuesPanel.tsx Outdated
Comment thread desktop/src/app/AppTopChrome.tsx
Blockers:
- Resolve projects by {owner, dtag} identity (NIP-34 address) instead of
  dtag alone — routing, fetch filters, and query cache keys now use the
  canonical owner:dtag id
- Only accept PR update events (1619) from the PR author or repo owner

Trust:
- Restrict issue/PR status events (1630-1633) to root author/repo owner
- Validate kind-5 deletion requests against the project owner pubkey
- Tighten contributor-profile matching to exact identifiers and label
  git-author-based matches as unverified in the UI

Robustness:
- Filter malformed/empty tag values in shared tag helpers
- Unify branch sanitization (clean_branch) across git commands; reject
  leading dashes, traversal, and refs/heads prefixes
- Add a 60s wall-clock timeout to spawned git subprocesses
- Only set-url origin when the remote URL actually differs
- Cap per-file diff patches at 2k lines with a truncation notice
- Neutralize repo-local git hooks (core.hooksPath) so credentials never
  leak into hook scripts; validate clone URLs against the Buzz git path

Also removes the unused projectEvents module, dead filter branches, the
dead-end Create Project CTA, and strips local paths from surfaced git
errors. Adds unit tests for the new trust rules and branch/URL validation.
Issue/PR comments are kind:1 text notes (the relay doesn't register
NIP-22 kind 1111), so they were bleeding into Pulse social feeds as
orphaned replies whose parent — a 1618/1621 git event — could never be
resolved. Filter them out of the global, timeline, my-notes, and
liked-notes queries by their NIP-34 repo-address `a` tag; single-note
deep links still resolve.

Also documents the remaining protocol deviations flagged in review:
the read-only non-NIP-34 extension tags in eventToProject (whose write
path was already removed) and the 1633 Draft → Triage status mapping.
@thomaspblock thomaspblock merged commit 8e3c0ee into main Jul 3, 2026
28 checks passed
@thomaspblock thomaspblock deleted the gitbuzz-explorations branch July 3, 2026 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants