fix(desktop): improve AppImage icons and remote environment

.github/workflows/release.yml

@@ -232,17 +232,32 @@ jobs:
         shell: pwsh
         run: |
           $vswhere = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\vswhere.exe"
-             $installPath = & $vswhere -products * -latest -property installationPath
-             $setupExe = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\setup.exe"
-             $proc = Start-Process -FilePath $setupExe `
-              -ArgumentList "modify", "--installPath", "`"$installPath`"", "--add", `
-              "Microsoft.VisualStudio.Component.VC.Tools.x86.x64.Spectre", "--quiet", "--norestart" `
-              -Wait -PassThru -NoNewWindow
-             if ($null -eq $proc -or $proc.ExitCode -ne 0) {
-               $code = if ($null -ne $proc) { $proc.ExitCode } else { 1 }
-               Write-Error "Visual Studio Installer failed with exit code $code"
-               exit $code
-             }
+          $installPath = & $vswhere -products * -latest -property installationPath
+          $setupExe = "${env:ProgramFiles(x86)}\Microsoft Visual Studio\Installer\setup.exe"
+          $proc = Start-Process -FilePath $setupExe `
+            -ArgumentList "modify", "--installPath", "`"$installPath`"", "--add", `
+            "Microsoft.VisualStudio.Component.VC.Tools.x86.x64.Spectre", "--quiet", "--norestart" `
+            -Wait -PassThru -NoNewWindow
+          if ($null -eq $proc -or $proc.ExitCode -ne 0) {
+            $code = if ($null -ne $proc) { $proc.ExitCode } else { 1 }
+            Write-Error "Visual Studio Installer failed with exit code $code"
+            exit $code
+          }
+
+      - name: Install ImageMagick
+        if: matrix.platform == 'linux'
+        shell: bash
+        run: |
+          if ! command -v magick >/dev/null 2>&1 && ! command -v convert >/dev/null 2>&1; then
+              sudo apt-get update
+              sudo apt-get install -y imagemagick
+          fi
+
+          if command -v magick >/dev/null 2>&1; then
+              magick -version
+          else
+              convert -version
+          fi
 
       - name: Prepare Azure Trusted Signing
         if: matrix.platform == 'win'

apps/desktop/src/app/DesktopApp.ts

@@ -9,7 +9,9 @@ import * as NetService from "@t3tools/shared/Net";
 import * as ElectronApp from "../electron/ElectronApp.ts";
 import * as ElectronDialog from "../electron/ElectronDialog.ts";
 import * as ElectronProtocol from "../electron/ElectronProtocol.ts";
+import * as ElectronSafeStorage from "../electron/ElectronSafeStorage.ts";
 import { installDesktopIpcHandlers } from "../ipc/DesktopIpcHandlers.ts";
+import { resolveLinuxPasswordStoreSwitch } from "../linuxSecretStorage.ts";
 import * as DesktopAppIdentity from "./DesktopAppIdentity.ts";
 import * as DesktopApplicationMenu from "../window/DesktopApplicationMenu.ts";
 import * as DesktopBackendManager from "../backend/DesktopBackendManager.ts";
@@ -191,17 +193,26 @@ const startup = Effect.gen(function* () {
   const lifecycle = yield* DesktopLifecycle.DesktopLifecycle;
   const shellEnvironment = yield* DesktopShellEnvironment.DesktopShellEnvironment;
   const desktopSettings = yield* DesktopAppSettings.DesktopAppSettings;
+  const safeStorage = yield* ElectronSafeStorage.ElectronSafeStorage;
   const updates = yield* DesktopUpdates.DesktopUpdates;
   const environment = yield* DesktopEnvironment.DesktopEnvironment;
 
   yield* shellEnvironment.installIntoProcess;
   const userDataPath = yield* appIdentity.resolveUserDataPath;
   yield* electronApp.setPath("userData", userDataPath);
   yield* logStartupInfo("runtime logging configured", { logDir: environment.logDir });
-  yield* desktopSettings.load;
+  const settings = yield* desktopSettings.load;
 
   if (environment.platform === "linux") {
-    yield* electronApp.appendCommandLineSwitch("class", environment.linuxWmClass);
+    const passwordStore = resolveLinuxPasswordStoreSwitch({
+      preference: settings.linuxPasswordStore,
+      env: process.env,
+    });
+    yield* logStartupInfo("linux password store configured", {
+      passwordStore: passwordStore ?? "electron-default",
+      xdgCurrentDesktop: process.env.XDG_CURRENT_DESKTOP ?? null,
+      xdgSessionDesktop: process.env.XDG_SESSION_DESKTOP ?? null,
+    });
   }
 
   yield* appIdentity.configure;
@@ -212,6 +223,16 @@ const startup = Effect.gen(function* () {
     Effect.catchCause((cause) => fatalStartupCause("whenReady", cause)),
   );
   yield* logStartupInfo("app ready");
+  if (environment.platform === "linux") {
+    const selectedBackend = yield* safeStorage.selectedStorageBackend;
+    const encryptionAvailable = yield* safeStorage.isEncryptionAvailable.pipe(
+      Effect.catch(() => Effect.succeed(false)),
+    );
+    yield* logStartupInfo("safe storage ready", {
+      backend: Option.getOrElse(selectedBackend, () => "unknown"),
+      encryptionAvailable,
+    });
+  }
   yield* appIdentity.configure;
   yield* applicationMenu.configure;
   yield* electronProtocol.registerDesktopFileProtocol;

apps/desktop/src/app/DesktopEarlyElectronStartup.test.ts

@@ -0,0 +1,70 @@
+import { assert, describe, it } from "@effect/vitest";
+
+import {
+  resolveEarlyLinuxElectronOptions,
+  resolveEarlyLinuxPasswordStorePreference,
+} from "./DesktopEarlyElectronStartup.ts";
+
+describe("DesktopEarlyElectronStartup", () => {
+  it("reads the persisted linux password-store preference before Electron is ready", () => {
+    const preference = resolveEarlyLinuxPasswordStorePreference({
+      env: { T3CODE_HOME: "/home/user/.t3-test" },
+      homeDirectory: "/home/user",
+      readFileString: (path) => {
+        assert.equal(path, "/home/user/.t3-test/userdata/desktop-settings.json");
+        return JSON.stringify({ linuxPasswordStore: "kwallet6" });
+      },
+    });
+
+    assert.equal(preference, "kwallet6");
+  });
+
+  it("falls back to auto when the early settings document is missing or invalid", () => {
+    const preference = resolveEarlyLinuxPasswordStorePreference({
+      env: {},
+      homeDirectory: "/home/user",
+      readFileString: () => {
+        throw new Error("missing");
+      },
+    });
+
+    assert.equal(preference, "auto");
+  });
+
+  it("preserves absolute root paths when resolving early settings", () => {
+    const preference = resolveEarlyLinuxPasswordStorePreference({
+      env: { T3CODE_HOME: "/" },
+      homeDirectory: "/home/user",
+      readFileString: (path) => {
+        assert.equal(path, "/userdata/desktop-settings.json");
+        return JSON.stringify({ linuxPasswordStore: "kwallet6" });
+      },
+    });
+
+    assert.equal(preference, "kwallet6");
+  });
+
+  it("resolves the early linux Electron switches and DBus fallback", () => {
+    const options = resolveEarlyLinuxElectronOptions({
+      env: {
+        T3CODE_HOME: "/home/user/.t3-test",
+        XDG_CURRENT_DESKTOP: "niri",
+        XDG_RUNTIME_DIR: "/run/user/1000",
+        VITE_DEV_SERVER_URL: "http://127.0.0.1:5173",
+      },
+      exists: (path) => path === "/run/user/1000/bus",
+      homeDirectory: "/home/user",
+      readFileString: (path) => {
+        assert.equal(path, "/home/user/.t3-test/dev/desktop-settings.json");
+        return JSON.stringify({ linuxPasswordStore: "auto" });
+      },
+      uid: 1000,
+    });
+
+    assert.deepEqual(options, {
+      dbusSessionBusAddress: "unix:path=/run/user/1000/bus",
+      linuxWmClass: "t3code-dev",
+      passwordStore: "gnome-libsecret",
+    });
+  });
+});

apps/desktop/src/app/DesktopEarlyElectronStartup.ts

@@ -0,0 +1,128 @@
+// @effect-diagnostics nodeBuiltinImport:off
+import * as Fs from "node:fs";
+import * as NodeOS from "node:os";
+
+import * as Electron from "electron";
+
+import * as ElectronProtocol from "../electron/ElectronProtocol.ts";
+import {
+  DEFAULT_LINUX_PASSWORD_STORE,
+  normalizeLinuxPasswordStorePreference,
+  resolveLinuxPasswordStoreSwitch,
+  type LinuxPasswordStoreSwitch,
+  type LinuxPasswordStorePreference,
+} from "../linuxSecretStorage.ts";
+import { resolveDefaultLinuxDbusSessionBusAddress } from "../shell/DesktopShellEnvironment.ts";
+import { resolveDesktopBaseDir, resolveDesktopStateDir } from "./DesktopStatePaths.ts";
+
+interface EarlyDesktopSettingsInput {
+  readonly env: NodeJS.ProcessEnv;
+  readonly homeDirectory: string;
+  readonly readFileString: (path: string) => string;
+}
+
+interface EarlyLinuxElectronOptionsInput extends EarlyDesktopSettingsInput {
+  readonly exists: (path: string) => boolean;
+  readonly uid: number | undefined;
+}
+
+export interface EarlyLinuxElectronOptions {
+  readonly dbusSessionBusAddress: string | null;
+  readonly linuxWmClass: string;
+  readonly passwordStore: LinuxPasswordStoreSwitch | null;
+}
+
+const trimNonEmpty = (value: string | undefined): string | null => {
+  const trimmed = value?.trim();
+  return trimmed && trimmed.length > 0 ? trimmed : null;
+};
+
+const isDevelopmentEnvironment = (env: NodeJS.ProcessEnv): boolean =>
+  trimNonEmpty(env.VITE_DEV_SERVER_URL) !== null;
+
+const joinLinuxPath = (first: string, ...segments: string[]): string => {
+  const normalizedFirst = first.replace(/\/+$/u, "");
+  const normalizedSegments = segments.map((segment) => segment.replace(/^\/+|\/+$/gu, ""));
+  if (first.length > 0 && normalizedFirst.length === 0 && first.startsWith("/")) {
+    const normalizedPath = normalizedSegments.filter((segment) => segment.length > 0).join("/");
+    return normalizedPath.length > 0 ? `/${normalizedPath}` : "/";
+  }
+  return [normalizedFirst, ...normalizedSegments].filter((segment) => segment.length > 0).join("/");
+};
+
+function resolveEarlyDesktopSettingsPath(input: {
+  readonly env: NodeJS.ProcessEnv;
+  readonly homeDirectory: string;
+}): string {
+  const baseDir = resolveDesktopBaseDir({
+    homeDirectory: input.homeDirectory,
+    joinPath: joinLinuxPath,
+    t3Home: input.env.T3CODE_HOME,
+  });
+  const stateDir = resolveDesktopStateDir({
+    baseDir,
+    isDevelopment: isDevelopmentEnvironment(input.env),
+    joinPath: joinLinuxPath,
+  });
+  return joinLinuxPath(stateDir, "desktop-settings.json");
+}
+
+export function resolveEarlyLinuxPasswordStorePreference(
+  input: EarlyDesktopSettingsInput,
+): LinuxPasswordStorePreference {
+  const settingsPath = resolveEarlyDesktopSettingsPath(input);
+  try {
+    const parsed = JSON.parse(input.readFileString(settingsPath)) as unknown;
+    if (typeof parsed !== "object" || parsed === null || Array.isArray(parsed)) {
+      return DEFAULT_LINUX_PASSWORD_STORE;
+    }
+    return normalizeLinuxPasswordStorePreference(
+      (parsed as { readonly linuxPasswordStore?: unknown }).linuxPasswordStore,
+    );
+  } catch {
+    return DEFAULT_LINUX_PASSWORD_STORE;
+  }
+}
+
+export function resolveEarlyLinuxElectronOptions(
+  input: EarlyLinuxElectronOptionsInput,
+): EarlyLinuxElectronOptions {
+  const preference = resolveEarlyLinuxPasswordStorePreference(input);
+  return {
+    dbusSessionBusAddress:
+      trimNonEmpty(input.env.DBUS_SESSION_BUS_ADDRESS) === null
+        ? resolveDefaultLinuxDbusSessionBusAddress({
+            env: input.env,
+            exists: input.exists,
+            uid: input.uid,
+          })
+        : null,
+    linuxWmClass: isDevelopmentEnvironment(input.env) ? "t3code-dev" : "t3code",
+    passwordStore: resolveLinuxPasswordStoreSwitch({
+      preference,
+      env: input.env,
+    }),
+  };
+}
+
+export function configureElectronBeforeReady(): void {
+  if (process.platform === "linux") {
+    const options = resolveEarlyLinuxElectronOptions({
+      env: process.env,
+      exists: Fs.existsSync,
+      homeDirectory: NodeOS.homedir(),
+      readFileString: (path) => Fs.readFileSync(path, "utf8"),
+      uid: process.getuid?.(),
+    });
+    if (options.dbusSessionBusAddress !== null) {
+      process.env.DBUS_SESSION_BUS_ADDRESS = options.dbusSessionBusAddress;
+    }
+    if (options.passwordStore !== null) {
+      Electron.app.commandLine.appendSwitch("password-store", options.passwordStore);
+    }
+
+    Electron.app.commandLine.appendSwitch("class", options.linuxWmClass);
+  }
+
+  ElectronProtocol.registerDesktopSchemePrivilegesSync();
+}

apps/desktop/src/app/DesktopEnvironment.ts

@@ -15,6 +15,7 @@ import {
   type DesktopSettings,
   resolveDefaultDesktopSettings,
 } from "../settings/DesktopAppSettings.ts";
+import { resolveDesktopBaseDir, resolveDesktopStateDir } from "./DesktopStatePaths.ts";
 import * as DesktopConfig from "./DesktopConfig.ts";
 import { isNightlyDesktopVersion } from "../updates/updateChannels.ts";
 
@@ -151,15 +152,19 @@ const makeDesktopEnvironment = Effect.fn("desktop.environment.make")(function* (
       : input.platform === "darwin"
         ? path.join(homeDirectory, "Library", "Application Support")
         : Option.getOrElse(config.xdgConfigHome, () => path.join(homeDirectory, ".config"));
-  const baseDir = Option.getOrElse(config.t3Home, () => path.join(homeDirectory, ".t3"));
+  const baseDir = resolveDesktopBaseDir({
+    homeDirectory,
+    joinPath: path.join,
+    t3Home: Option.getOrNull(config.t3Home),
+  });
   const rootDir = path.resolve(input.dirname, "../../..");
   const appRoot = input.isPackaged ? input.appPath : rootDir;
   const branding = resolveDesktopAppBranding({
     isDevelopment,
     appVersion: input.appVersion,
   });
   const displayName = branding.displayName;
-  const stateDir = path.join(baseDir, isDevelopment ? "dev" : "userdata");
+  const stateDir = resolveDesktopStateDir({ baseDir, isDevelopment, joinPath: path.join });
   const userDataDirName = isDevelopment ? "t3code-dev" : "t3code";
   const legacyUserDataDirName = isDevelopment ? "T3 Code (Dev)" : "T3 Code (Alpha)";
   const resourcesPath = input.resourcesPath;

apps/desktop/src/app/DesktopStatePaths.ts

@@ -0,0 +1,24 @@
+export type JoinPath = (first: string, ...segments: string[]) => string;
+
+export function resolveDesktopBaseDir(input: {
+  readonly homeDirectory: string;
+  readonly joinPath: JoinPath;
+  readonly t3Home: string | null | undefined;
+}): string {
+  if (typeof input.t3Home === "string") {
+    const trimmed = input.t3Home.trim();
+    if (trimmed.length > 0) {
+      return trimmed;
+    }
+  }
+
+  return input.joinPath(input.homeDirectory, ".t3");
+}
+
+export function resolveDesktopStateDir(input: {
+  readonly baseDir: string;
+  readonly isDevelopment: boolean;
+  readonly joinPath: JoinPath;
+}): string {
+  return input.joinPath(input.baseDir, input.isDevelopment ? "dev" : "userdata");
+}

apps/desktop/src/electron/ElectronProtocol.ts

@@ -69,7 +69,10 @@ export function normalizeDesktopProtocolPathname(rawPath: string): Option.Option
   return Option.some(segments.join("/"));
 }
 
-const registerDesktopSchemePrivileges = Effect.sync(() => {
+/**
+ * Must run synchronously during process bootstrap, before Electron emits `ready`.
+ */
+export function registerDesktopSchemePrivilegesSync(): void {
   Electron.protocol.registerSchemesAsPrivileged([
     {
       scheme: DESKTOP_SCHEME,
@@ -81,7 +84,11 @@ const registerDesktopSchemePrivileges = Effect.sync(() => {
       },
     },
   ]);
-}).pipe(Effect.withSpan("desktop.electron.protocol.registerSchemePrivileges"));
+}
+
+export const registerDesktopSchemePrivileges = Effect.sync(
+  registerDesktopSchemePrivilegesSync,
+).pipe(Effect.withSpan("desktop.electron.protocol.registerSchemePrivileges"));
 
 export const layerSchemePrivileges = Layer.effectDiscard(registerDesktopSchemePrivileges);