You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Component-check migrations: vendored packaging/arch/src/* excluded via packaging-dir ignore set. Active source tree is mid-migration to big_app_kit::{desktop,dialogs,files} + big_relm4_components::feedback::tooltip (Relm4 onda6).
DONE
BWA-3
Defense-in-depth: base_spec returns Option, never falls back to browser_id as program name.crates/webapps-exec/src/launch.rs:140-162 — if def has no resolved flatpak_app_id or no existing native_paths entry, the function returns None and the caller (firefox/chromium) logs + exits/returns rather than executing Command::new(browser_id). Closes the LD_PRELOAD / registry-tampering vector that REVIEW-WORKSPACE flagged.
DONE
BWA-4
158 unit tests cover sanitize.rs adversarial inputs + CRUD. No tests/ integration target (binary-only crates).
RESIDUAL (binary-only)
New
SYSTEM_PATH broken intra-doc link fixed in crates/webapps-core/src/browsers.rs:62.
DONE
New
Unused direct deps removed: gio (webapps-manager — uses gtk::gio::*), relm4 (webapps-viewer — uses only big_relm4_components).
S2 small-fix pass: save-button signal self-cycle removed, CSS loading centralized in big_relm4_components::theme, and shortcut markup escaping switched to glib::markup_escape_text. fmt, clippy, cargo test, cargo doc, cargo machete, component-check, and supply-chain strict PASS.
DONE
2026-06-13
S7 HTTP gateway migration: favicon HTML/manifest/icon fetches and browser redirect resolution now use big_os_kit::http_client; direct reqwest is removed from the lock graph. Lock allowlist refreshed for the gateway transitive crates. Focused check/clippy/tests/doc and supply-chain strict PASS.