Sandbox vault persistence via security-scoped bookmarks (#10)#18
Merged
Conversation
Lets the App Sandbox (MAS) build re-open the user's vault across
launches, and gives the direct build "reopen last vault" for free.
- src/bookmark.rs: create/resolve security-scoped bookmarks via
objc2-foundation NSURL. resolve_and_start() re-grants folder
access process-wide (startAccessingSecurityScopedResource) so our
std::fs vault scanner works again; the resolved NSURL is leaked to
keep access alive for the session. No-op stubs off macOS.
- commands_vault: open_vault persists {path, bookmark_b64} to
app_data_dir/last-vault.json; new restore_vault command resolves it
(bookmark on sandbox, plain path on direct) and returns a path to open.
- vault.rs: VaultState gains a tokio open_lock so a launch-time
restore can't race a user-triggered open on the Tantivy writer lock
(the cause of the earlier "can't open vault" regression).
- App.tsx: on mount, restoreVault() → openRecentVault(path).
- Cargo: base64 + macOS-only objc2 / objc2-foundation (NSURL feature).
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
The compositionend handler dispatched a RECOMPUTE_META transaction synchronously, while ProseMirror was still finalizing the composed text — it re-read the DOM and double-counted, adding a spurious newline on every Chinese keystroke (regression shipped in v0.5.0). Removed the dispatch; decorations refresh on the next real edit. The store flush (read-only getMarkdown + onChange) is unchanged. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Implements cross-launch vault persistence — the last MAS technical
blocker. The App Sandbox only grants folder access for the session a
user picks it; this captures a security-scoped bookmark and resolves
it on the next launch to re-acquire access. The direct-download build
gets "reopen last vault" for free (it just stores the plain path).
src-tauri/src/bookmark.rs—create/resolve_and_startviaobjc2-foundation
NSURL(bookmarkDataWithOptions:…WithSecurityScope,URLByResolvingBookmarkData:…,startAccessingSecurityScopedResource).The resolved URL is leaked so access persists for the session. No-op
stubs off macOS.
commands_vault—open_vaultpersists{path, bookmark_b64}toapp_data_dir/last-vault.json; newrestore_vaultcommand returns thepath to open (resolving the bookmark on sandbox builds).
vault.rs—VaultStategains atokioopen-lock so a launch-timerestore can't race a user open on the Tantivy writer lock (this was the
cause of the earlier "can't open vault" regression — now guarded).
App.tsx— on mount,restoreVault()→openRecentVault(path).base64+ macOS-onlyobjc2/objc2-foundation.Test plan
pnpm tsc --noEmit,pnpm lint,cargo checkcleanentitlements verified)
without a permission prompt (the real MAS persistence check)
🤖 Generated with Claude Code