[codex] Make desktop release local-first and file-url safe#1
Draft
dailykim149656-source wants to merge 7 commits into
Draft
[codex] Make desktop release local-first and file-url safe#1dailykim149656-source wants to merge 7 commits into
dailykim149656-source wants to merge 7 commits into
Conversation
The web app is moving from hosted editing toward a desktop download surface, so this commit adds Electron packaging, a Vercel-ready web profile, and a GitHub Releases pipeline that builds OS-specific installers from tagged commits. The desktop package intentionally excludes production node_modules and removes user-facing LLM, remote share, Google Workspace, and remote TeX runtime paths from the app bundle. Constraint: Desktop releases need Windows, macOS, and Linux artifacts, which cannot be produced reliably from the local Windows session alone. Constraint: Vercel should serve the distribution page, not the full hosted editor experience. Rejected: Upload only the local win-unpacked folder | it would not provide macOS/Linux artifacts or stable installer download URLs. Rejected: Keep LLM and workspace runtimes hidden only by UI | those chunks and service clients would still be reachable in the desktop bundle. Confidence: medium Scope-risk: broad Directive: Do not re-enable remote AI, share, workspace, or TeX service calls in desktop builds without an explicit product decision and release security review. Tested: npm run typecheck; npm run build:web; npm run build; npm run electron:build; dist bundle-report banned chunk scan; app.asar package listing scan after node_modules exclusion; GitHub action tag checks via gh api Not-tested: Full OS installer release workflow has not completed yet; local electron-builder exits during Windows winCodeSign helper extraction because the current Windows session lacks symlink privilege
The Vercel CLI deploy packages the working tree, so local Electron build outputs can accidentally be uploaded alongside the web source. This commit excludes desktop artifacts, local build outputs, test output, logs, and local env files from Vercel uploads while preserving the release page build path. Constraint: Vercel preview deploy rejected a local upload because Electron release files exceeded the 100 MB file limit. Rejected: Delete local release artifacts before every deploy | it is easy to forget and does not protect future deploys. Confidence: high Scope-risk: narrow Directive: Keep desktop packaging output out of Vercel uploads; the web profile should link to GitHub Releases instead of shipping binaries through Vercel. Tested: git diff --check; prior npm run build:web success before adding ignore-only deploy config. Not-tested: Vercel deploy rerun is pending for this commit.
The production Vercel deploy was using npm run build:web, but Vercel uploads excluded .env.web, so the app could still resolve to the desktop profile when VITE_APP_PROFILE was missing. This makes Vite mode web authoritative and reuses the same profile flag for route-level lazy loading. Constraint: Vercel deploy uploads should not include local .env files. Rejected: Re-include .env.web in Vercel uploads | it would keep deploy correctness dependent on an ignored local file instead of the build mode. Confidence: high Scope-risk: narrow Directive: Treat vite --mode web as sufficient to produce the public download page. Tested: npm run typecheck; npm run build:web; dist Landing chunk contains GitHub Release download URLs; dist bundle report has no editor page runtime chunks. Not-tested: Production Vercel redeploy is pending for this commit.
Desktop builds were still tied to cloud-backed workspace and TeX paths, while packaged renderer assets used absolute URLs that fail from Electron file:// installs. This moves persistence, queues, and TeX artifacts to local file-backed behavior, normalizes deployment defaults, removes unused Google cloud dependencies, and adds focused regressions for local queues, stores, and Vite desktop asset paths. Constraint: Desktop editing must work without remote DB, Cloud Tasks, GCS, or bundled cloud service credentials Rejected: Keep Firestore, GCS, and Cloud Tasks behind environment toggles | user requested all DB/server behavior to use local storage Rejected: Only reinstall the desktop app | GitHub source and release assets would remain stale Confidence: high Scope-risk: moderate Directive: Do not reintroduce remote DB/storage/queue defaults for desktop without explicit project-owner approval Tested: npm run typecheck; npm run build:server; npm run build; npm run desktop:dist; targeted Vitest local DB suite; changed-file ESLint; git diff --check; installed Docsy visual launch Not-tested: Full npm run lint and full npm run test still fail on pre-existing unrelated repo-wide lint and feature-flag test debt
Docsy had export conversion decisions embedded in the preview panel while desktop releases only proved build/package success. This adds a render artifact pipeline, a small command boundary for export downloads, and package/first-screen checks so local-first desktop builds fail before upload when file-protocol or blank-window regressions return. Constraint: HWP/HWPX support remains intentionally out of scope. Constraint: Desktop releases must prove packaged file-protocol HTML and an initialized first editor surface, not just a Vite build. Rejected: Rewrite all editor tools into commands now | too broad for this fix and likely to disturb existing editor behavior. Rejected: Replace existing export converters | existing conversion coverage is already snapshot-tested and the safer move is to route them through a render pipeline. Confidence: high Scope-risk: moderate Directive: Keep desktop smoke checks focused on packaged app startup; broaden only with stable selectors and cross-platform CI evidence. Tested: npm run test -- src/test/documentRenderPipeline.test.ts src/test/renderCommands.test.ts src/test/exportPreviewPanel.html.test.tsx src/test/viteConfig.test.ts; npm run typecheck; changed-file ESLint; node --check for new scripts; npm run desktop:dist:dir; npm run verify:desktop-package; npm run verify:desktop-first-screen; git diff --check Not-tested: Full repository-wide npm run test and npm run lint, due known unrelated suite and lint debt recorded in prior closeouts.
The Linux package exposes the application executable under the unpacked app directory without a stable Docsy-prefixed filename, so the release smoke check must resolve the executable next to app.asar instead of assuming a product-name path. Constraint: CI must keep the first-screen smoke active on Linux because package HTML verification alone cannot catch renderer startup regressions. Rejected: Disable Linux smoke check | would let the exact blank-window regression class slip through on one release target. Confidence: high Scope-risk: narrow Tested: node --check scripts/smoke-desktop-first-screen.mjs; npm run verify:desktop-first-screen; npx eslint scripts/smoke-desktop-first-screen.mjs Not-tested: Linux runner locally; verified through the release workflow rerun after this commit.
The packaged Linux app is valid, but GitHub runner Electron startup fails before the renderer appears unless the CI smoke launches Chromium without the sandbox. The smoke remains a packaged first-screen check and now logs the resolved executable path for future CI diagnosis. Constraint: Keep Linux release smoke active; only adjust launch args needed by CI. Rejected: Skip Linux first-screen smoke | would leave Linux release assets unverified for blank-window regressions. Confidence: medium Scope-risk: narrow Tested: node --check scripts/smoke-desktop-first-screen.mjs; npm run verify:desktop-first-screen; npx eslint scripts/smoke-desktop-first-screen.mjs Not-tested: Linux runner locally; release workflow rerun verifies it.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What changed
file://using relative asset URLs.Why
The desktop app must be local-first. The installed Windows app was also loading an older package whose renderer referenced
/assets/..., causing a blank Electron window fromfile://.Validation
npm run typechecknpm run build:servernpm run buildnpm run desktop:distgit diff --checkKnown gaps
npm run lintstill fails on existing repo-wide lint debt.npm run teststill has unrelated pre-existing feature-flag/runtime test failures.