Skip to content

Windows tauri build fixes#10

Open
ManahilAlam wants to merge 5 commits into
Awaiswilll:mainfrom
ManahilAlam:windows-tauri-build-fixes
Open

Windows tauri build fixes#10
ManahilAlam wants to merge 5 commits into
Awaiswilll:mainfrom
ManahilAlam:windows-tauri-build-fixes

Conversation

@ManahilAlam

@ManahilAlam ManahilAlam commented Jul 2, 2026

Copy link
Copy Markdown

Description

Fixes the Windows build for Tauri v2 with current Rust stable — the project
did not compile at all before this PR (9 compile errors across 4 files).
Also includes two follow-up fixes found during a post-build review: the P2P
node identity was being regenerated randomly on every launch instead of
persisting, and a GitHub OAuth token was leaking into .git/config in
plaintext when importing a repo.

Full before/after breakdown of every fix, with plain-English explanations,
is in FIXES.md in this branch.

Related Issue

N/A — not tied to an existing filed issue; found by attempting a clean
Windows build from the current main.

Type of Change

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update
  • Refactor (no functional changes)
  • Performance improvement
  • Security fix

Testing

  • I have run npm run build and the build succeeds (also verified cargo check / cargo build on the Rust side, since that's where all 9 errors were)
  • I have tested my changes manually
  • I have added tests for new functionality (if applicable) — no test suite covers the Rust backend yet; see Additional Notes
  • I have run npm test and all tests pass — not re-run for this PR (frontend was untouched; changes are backend-only)

How each fix was verified:

  • All 9 compile-error fixes: cargo check and cargo build both went from failing to a clean, zero-error build; the built binary (dweb.exe) launches and the window opens and stays stable.
  • P2P identity fix: killed and relaunched the running app and confirmed identity.json was byte-for-byte identical before and after (previously it would regenerate every launch).
  • GitHub token fix: reviewed the code path directly — the token is now only ever passed through git2's in-memory credential callback, never concatenated into the remote URL that gets persisted to .git/config.

Screenshots / Videos

N/A — backend-only changes, no UI changes.

Checklist

  • My code follows the project's style guidelines (see CLAUDE.md)
  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation (FIXES.md)
  • My changes generate no new warnings or errors (same pre-existing warnings as before my changes, no new ones introduced)
  • I have not modified any files listed in "Files the Agent Must Never Modify" (see CLAUDE.md)

Security Considerations

  • My changes do not expose API keys or secrets — the GitHub-token fix specifically removes a plaintext-secret-leak path
  • My changes validate all user inputs — n/a for this PR (no new user-input handling added)
  • My changes follow the principle of least privilege — the token credential is now scoped to the single clone operation instead of being persisted to disk

Additional Notes

Two things worth flagging for maintainers, not blocking this PR:

  1. config.rs has a credential-encryption code path gated behind a Cargo
    feature (encryption) that doesn't actually exist in Cargo.toml, so it
    silently always compiles to the plaintext no-op branch — AI provider API
    keys are currently stored unencrypted in config.json. Didn't fix this
    here since it's a separate, larger change; happy to open a follow-up PR.
  2. No automated tests cover the Rust backend (src-tauri/) yet — all
    verification above was manual (cargo check/build + live app testing).

ManahilAlam and others added 5 commits July 2, 2026 13:47
Baseline commit of the project as extracted from zip, plus fixes made
this session to get it compiling on Windows with Tauri v2 / current
Rust stable, and two security fixes from a follow-up review:

- Fix 9 compile errors across p2p.rs, stack.rs, cloud.rs, config.rs
  (borrow/type errors from Tokio, tokio::process::Child::id() typing,
  a dangling-temporary borrow, missing sha2::Digest import, and a
  Borrow<str> mismatch on Map::get_mut).
- p2p.rs/sandbox.rs: derive the DHT keypair from the persisted
  per-instance identity instead of a fresh random keypair on every
  launch, so node identity (and domain ownership) survives restarts.
- git.rs/github.rs: stop embedding the GitHub token in the clone URL
  (which persisted it in plaintext into .git/config); pass it via an
  in-memory git2 credential callback instead.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
# Conflicts:
#	README.md
#	ROADMAP.md
#	packaging/wsl/Dockerfile
#	packaging/wsl/build-wsl-distro.sh
#	packaging/wsl/dweb-wsl-rootfs.tar.gz
#	packaging/wsl/import-dweb-wsl.ps1
#	packaging/wsl/install.sh
#	src-tauri/src/cloud.rs
#	src-tauri/src/config.rs
#	src-tauri/src/git.rs
#	src-tauri/src/github.rs
#	src-tauri/src/p2p.rs
#	src-tauri/src/sandbox.rs
#	src-tauri/src/stack.rs
#	start-server.sh
Documents the 9 compile errors fixed to build on Windows with Tauri v2
and current Rust stable, plus two follow-up fixes: persistent P2P node
identity (was re-randomized every launch) and a GitHub token that was
leaking into .git/config in plaintext during repo import.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Rewritten for a reader without Rust/project background — each fix now
has a plain-English "what was broken" explanation, a one-sentence
summary, and (for the two security fixes) how the fix was verified.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
.claude/settings.local.json and .claude/scheduled_tasks.lock are local
session state (file paths, session IDs) that got swept in by an
overly-broad `git add .` on the initial checkpoint commit. They aren't
part of the project and shouldn't be shared in the PR.

Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant