Skip to content

Comments

feat(desktop): enhance Windows app resolution and UI loading states#13320

Merged
Brendonovich merged 10 commits intoanomalyco:devfrom
neriousy:fix/windows-open-in-no-terminal-followup
Feb 25, 2026
Merged

feat(desktop): enhance Windows app resolution and UI loading states#13320
Brendonovich merged 10 commits intoanomalyco:devfrom
neriousy:fix/windows-open-in-no-terminal-followup

Conversation

@neriousy
Copy link
Contributor

@neriousy neriousy commented Feb 12, 2026

What does this PR do?

#13084 same as here but with fixed regression. based on link

If you paste a large clearly AI generated description here your PR may be IGNORED or CLOSED!

How did you verify your code works?

@neriousy neriousy marked this pull request as draft February 12, 2026 13:27
@github-actions
Copy link
Contributor

Thanks for your contribution!

This PR doesn't have a linked issue. All PRs must reference an existing issue.

Please:

  1. Open an issue describing the bug/feature (if one doesn't exist)
  2. Add Fixes #<number> or Closes #<number> to this PR description

See CONTRIBUTING.md for details.

@github-actions
Copy link
Contributor

The following comment was made by an LLM, it may be inaccurate:

No duplicate PRs found

@neriousy neriousy marked this pull request as ready for review February 12, 2026 13:57
Comment on lines +269 to +273
createEffect(() => {
const value = prefs.app
if (options().some((o) => o.id === value)) return
setPrefs("app", options()[0]?.id ?? "finder")
})
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

gonna leave this for now but for future reference i'd handle something like this at read-time rather than writing to a signal in an effect

const [_prefs, setPrefs] = persisted(...);
const prefs = mergeProps(_prefs, {
  get app() {
    if (options().some((o) => o.id === _prefs.app)) return _prefs.app;
    return options()[0]?.id ?? "finder"
  }
});

Copilot AI review requested due to automatic review settings February 25, 2026 04:43
Copy link
Collaborator

@Brendonovich Brendonovich left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sorry for all the solid nits, wanted to use this for future reference for writing more idiomatic solid in future

Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enhances Windows app resolution and adds UI loading states for the desktop application. It addresses a regression from PR #13084 where terminal windows were appearing and causing system freezes (issue #13154) by adding the CREATE_NO_WINDOW flag to prevent console windows from flashing when running system commands.

Changes:

  • Significantly improved Windows app resolution logic with registry checking, environment variable expansion, and better path handling
  • Added CREATE_NO_WINDOW flag (0x08000000) to Command spawns to prevent terminal window flashing
  • Implemented loading state UI with spinner and disabled buttons to prevent double-clicking when opening apps

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 7 comments.

File Description
packages/desktop/src-tauri/src/lib.rs Complete rewrite of Windows app resolution with registry queries, environment variable expansion, candidate generation strategies, and CREATE_NO_WINDOW flags for spawned processes
packages/app/src/components/session/session-header.tsx Added loading state management with openRequest store, spinner UI, disabled button states, and import reorganization for better structure
Comments suppressed due to low confidence (1)

packages/desktop/src-tauri/src/lib.rs:405

  • The path resolution logic in resolve_cmd has a potential path traversal security issue. While the code handles ".." by popping from the path (line 401), it does not validate that the final resolved path stays within expected boundaries. A malicious batch file could use "../../../" sequences to escape to arbitrary directories on the system. Consider validating that the resolved path remains within safe boundaries or checking against an allowlist of acceptable base directories.
                for part in suffix.replace('/', "\\").split('\\') {
                    if part.is_empty() || part == "." {
                        continue;
                    }
                    if part == ".." {
                        let _ = resolved.pop();
                        continue;
                    }
                    resolved.push(part);
                }

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@Brendonovich Brendonovich merged commit fc6e793 into anomalyco:dev Feb 25, 2026
9 checks passed
kcelia pushed a commit to concrete-security/secure-opencode that referenced this pull request Feb 25, 2026
…nomalyco#13320)

Co-authored-by: Brendan Allan <git@brendonovich.dev>
Co-authored-by: Brendan Allan <brendonovich@outlook.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants