Skip to main content

max / goingson

docs: refresh file/migration counts; track linux ACL schema Updates stale counts (model files 12->17, migrations 33->50, frontend source files) and adds the generated linux ACL schema alongside the other tracked platform schemas. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Author: Max Johnson <me@maxj.phd> · 2026-06-08 00:22 UTC
Commit: a920721e447b95ef1ffec909928504249e37fdf5
Parent: d81c65a
4 files changed, +506 insertions, -6 deletions
M docs/architecture.md +3 -3
@@ -67,7 +67,7 @@ The core crate defines domain models and repository traits, independent of persi
67 67
68 68 | Module | Purpose |
69 69 |--------|---------|
70 - | `models/` | Domain types (12 model files) |
70 + | `models/` | Domain types (17 model files) |
71 71 | `repository.rs` | Repository traits (data access contracts) |
72 72 | `urgency.rs` | TaskWarrior-inspired urgency calculation algorithm |
73 73 | `parser.rs` | Quick-add natural language parser |
@@ -114,7 +114,7 @@ UserRepository
114 114
115 115 ## Database Layer (`crates/db-sqlite/`)
116 116
117 - SQLite persistence for the desktop app. Single-user, local storage. 33 migrations in `migrations/sqlite/`.
117 + SQLite persistence for the desktop app. Single-user, local storage. 50 migrations in `migrations/sqlite/`.
118 118
119 119 ```
120 120 src/
@@ -197,7 +197,7 @@ pub async fn create_task(
197 197
198 198 ## Frontend Architecture (Tauri Desktop)
199 199
200 - The desktop frontend uses vanilla JavaScript organized under the `GoingsOn` global namespace. 42 source files + 2 test files.
200 + The desktop frontend uses vanilla JavaScript organized under the `GoingsOn` global namespace. 66 source files.
201 201
202 202 ### Namespace Organization
203 203
M docs/database_schema.md +2 -2
@@ -1,6 +1,6 @@
1 1 # GoingsOn Database Schema
2 2
3 - SQLite schema reference. 33 migrations. Migrations live in `migrations/sqlite/` and auto-run on first launch.
3 + SQLite schema reference. 50 migrations. Migrations live in `migrations/sqlite/` and auto-run on first launch.
4 4
5 5 ## Domain Map
6 6
@@ -413,7 +413,7 @@ Automated local backup configuration. Migration 019, revised migration 029.
413 413
414 414 ## Schema Evolution
415 415
416 - Major milestones across 33 migrations:
416 + Major milestones across 50 migrations:
417 417
418 418 | Migration | Change |
419 419 |-----------|--------|
M docs/styleguide.md +1 -1
@@ -435,7 +435,7 @@ src-tauri/frontend/
435 435 | +-- projects.js # Project list, detail view
436 436 | +-- events.js # Event list, CRUD
437 437 | +-- emails.js # Email list, threading
438 - | +-- settings.js # Settings, LLM config, export
438 + | +-- settings.js # Settings and export
439 439 | +-- app.js # App initialization, menu listeners
440 440 +-- index.html # Entry point (no inline styles)
441 441 ```
A src-tauri/gen/schemas/linux-schema.json +500
@@ -0,0 +1,2924 @@
1 + {
2 + "$schema": "http://json-schema.org/draft-07/schema#",
3 + "title": "CapabilityFile",
4 + "description": "Capability formats accepted in a capability file.",
5 + "anyOf": [
6 + {
7 + "description": "A single capability.",
8 + "allOf": [
9 + {
10 + "$ref": "#/definitions/Capability"
11 + }
12 + ]
13 + },
14 + {
15 + "description": "A list of capabilities.",
16 + "type": "array",
17 + "items": {
18 + "$ref": "#/definitions/Capability"
19 + }
20 + },
21 + {
22 + "description": "A list of capabilities.",
23 + "type": "object",
24 + "required": [
25 + "capabilities"
26 + ],
27 + "properties": {
28 + "capabilities": {
29 + "description": "The list of capabilities.",
30 + "type": "array",
31 + "items": {
32 + "$ref": "#/definitions/Capability"
33 + }
34 + }
35 + }
36 + }
37 + ],
38 + "definitions": {
39 + "Capability": {
40 + "description": "A grouping and boundary mechanism developers can use to isolate access to the IPC layer.\n\nIt controls application windows' and webviews' fine grained access to the Tauri core, application, or plugin commands. If a webview or its window is not matching any capability then it has no access to the IPC layer at all.\n\nThis can be done to create groups of windows, based on their required system access, which can reduce impact of frontend vulnerabilities in less privileged windows. Windows can be added to a capability by exact name (e.g. `main-window`) or glob patterns like `*` or `admin-*`. A Window can have none, one, or multiple associated capabilities.\n\n## Example\n\n```json { \"identifier\": \"main-user-files-write\", \"description\": \"This capability allows the `main` window on macOS and Windows access to `filesystem` write related commands and `dialog` commands to enable programmatic access to files selected by the user.\", \"windows\": [ \"main\" ], \"permissions\": [ \"core:default\", \"dialog:open\", { \"identifier\": \"fs:allow-write-text-file\", \"allow\": [{ \"path\": \"$HOME/test.txt\" }] }, ], \"platforms\": [\"macOS\",\"windows\"] } ```",
41 + "type": "object",
42 + "required": [
43 + "identifier",
44 + "permissions"
45 + ],
46 + "properties": {
47 + "identifier": {
48 + "description": "Identifier of the capability.\n\n## Example\n\n`main-user-files-write`",
49 + "type": "string"
50 + },
51 + "description": {
52 + "description": "Description of what the capability is intended to allow on associated windows.\n\nIt should contain a description of what the grouped permissions should allow.\n\n## Example\n\nThis capability allows the `main` window access to `filesystem` write related commands and `dialog` commands to enable programmatic access to files selected by the user.",
53 + "default": "",
54 + "type": "string"
55 + },
56 + "remote": {
57 + "description": "Configure remote URLs that can use the capability permissions.\n\nThis setting is optional and defaults to not being set, as our default use case is that the content is served from our local application.\n\n:::caution Make sure you understand the security implications of providing remote sources with local system access. :::\n\n## Example\n\n```json { \"urls\": [\"https://*.mydomain.dev\"] } ```",
58 + "anyOf": [
59 + {
60 + "$ref": "#/definitions/CapabilityRemote"
61 + },
62 + {
63 + "type": "null"
64 + }
65 + ]
66 + },
67 + "local": {
68 + "description": "Whether this capability is enabled for local app URLs or not. Defaults to `true`.",
69 + "default": true,
70 + "type": "boolean"
71 + },
72 + "windows": {
73 + "description": "List of windows that are affected by this capability. Can be a glob pattern.\n\nIf a window label matches any of the patterns in this list, the capability will be enabled on all the webviews of that window, regardless of the value of [`Self::webviews`].\n\nOn multiwebview windows, prefer specifying [`Self::webviews`] and omitting [`Self::windows`] for a fine grained access control.\n\n## Example\n\n`[\"main\"]`",
74 + "type": "array",
75 + "items": {
76 + "type": "string"
77 + }
78 + },
79 + "webviews": {
80 + "description": "List of webviews that are affected by this capability. Can be a glob pattern.\n\nThe capability will be enabled on all the webviews whose label matches any of the patterns in this list, regardless of whether the webview's window label matches a pattern in [`Self::windows`].\n\n## Example\n\n`[\"sub-webview-one\", \"sub-webview-two\"]`",
81 + "type": "array",
82 + "items": {
83 + "type": "string"
84 + }
85 + },
86 + "permissions": {
87 + "description": "List of permissions attached to this capability.\n\nMust include the plugin name as prefix in the form of `${plugin-name}:${permission-name}`. For commands directly implemented in the application itself only `${permission-name}` is required.\n\n## Example\n\n```json [ \"core:default\", \"shell:allow-open\", \"dialog:open\", { \"identifier\": \"fs:allow-write-text-file\", \"allow\": [{ \"path\": \"$HOME/test.txt\" }] } ] ```",
88 + "type": "array",
89 + "items": {
90 + "$ref": "#/definitions/PermissionEntry"
91 + },
92 + "uniqueItems": true
93 + },
94 + "platforms": {
95 + "description": "Limit which target platforms this capability applies to.\n\nBy default all platforms are targeted.\n\n## Example\n\n`[\"macOS\",\"windows\"]`",
96 + "type": [
97 + "array",
98 + "null"
99 + ],
100 + "items": {
101 + "$ref": "#/definitions/Target"
102 + }
103 + }
104 + }
105 + },
106 + "CapabilityRemote": {
107 + "description": "Configuration for remote URLs that are associated with the capability.",
108 + "type": "object",
109 + "required": [
110 + "urls"
111 + ],
112 + "properties": {
113 + "urls": {
114 + "description": "Remote domains this capability refers to using the [URLPattern standard](https://urlpattern.spec.whatwg.org/).\n\n## Examples\n\n- \"https://*.mydomain.dev\": allows subdomains of mydomain.dev - \"https://mydomain.dev/api/*\": allows any subpath of mydomain.dev/api",
115 + "type": "array",
116 + "items": {
117 + "type": "string"
118 + }
119 + }
120 + }
121 + },
122 + "PermissionEntry": {
123 + "description": "An entry for a permission value in a [`Capability`] can be either a raw permission [`Identifier`] or an object that references a permission and extends its scope.",
124 + "anyOf": [
125 + {
126 + "description": "Reference a permission or permission set by identifier.",
127 + "allOf": [
128 + {
129 + "$ref": "#/definitions/Identifier"
130 + }
131 + ]
132 + },
133 + {
134 + "description": "Reference a permission or permission set by identifier and extends its scope.",
135 + "type": "object",
136 + "allOf": [
137 + {
138 + "if": {
139 + "properties": {
140 + "identifier": {
141 + "anyOf": [
142 + {
143 + "description": "This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality with a reasonable\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n\n#### This default permission set includes:\n\n- `allow-open`",
144 + "type": "string",
145 + "const": "shell:default",
146 + "markdownDescription": "This permission set configures which\nshell functionality is exposed by default.\n\n#### Granted Permissions\n\nIt allows to use the `open` functionality with a reasonable\nscope pre-configured. It will allow opening `http(s)://`,\n`tel:` and `mailto:` links.\n\n#### This default permission set includes:\n\n- `allow-open`"
147 + },
148 + {
149 + "description": "Enables the execute command without any pre-configured scope.",
150 + "type": "string",
151 + "const": "shell:allow-execute",
152 + "markdownDescription": "Enables the execute command without any pre-configured scope."
153 + },
154 + {
155 + "description": "Enables the kill command without any pre-configured scope.",
156 + "type": "string",
157 + "const": "shell:allow-kill",
158 + "markdownDescription": "Enables the kill command without any pre-configured scope."
159 + },
160 + {
161 + "description": "Enables the open command without any pre-configured scope.",
162 + "type": "string",
163 + "const": "shell:allow-open",
164 + "markdownDescription": "Enables the open command without any pre-configured scope."
165 + },
166 + {
167 + "description": "Enables the spawn command without any pre-configured scope.",
168 + "type": "string",
169 + "const": "shell:allow-spawn",
170 + "markdownDescription": "Enables the spawn command without any pre-configured scope."
171 + },
172 + {
173 + "description": "Enables the stdin_write command without any pre-configured scope.",
174 + "type": "string",
175 + "const": "shell:allow-stdin-write",
176 + "markdownDescription": "Enables the stdin_write command without any pre-configured scope."
177 + },
178 + {
179 + "description": "Denies the execute command without any pre-configured scope.",
180 + "type": "string",
181 + "const": "shell:deny-execute",
182 + "markdownDescription": "Denies the execute command without any pre-configured scope."
183 + },
184 + {
185 + "description": "Denies the kill command without any pre-configured scope.",
186 + "type": "string",
187 + "const": "shell:deny-kill",
188 + "markdownDescription": "Denies the kill command without any pre-configured scope."
189 + },
190 + {
191 + "description": "Denies the open command without any pre-configured scope.",
192 + "type": "string",
193 + "const": "shell:deny-open",
194 + "markdownDescription": "Denies the open command without any pre-configured scope."
195 + },
196 + {
197 + "description": "Denies the spawn command without any pre-configured scope.",
198 + "type": "string",
199 + "const": "shell:deny-spawn",
200 + "markdownDescription": "Denies the spawn command without any pre-configured scope."
201 + },
202 + {
203 + "description": "Denies the stdin_write command without any pre-configured scope.",
204 + "type": "string",
205 + "const": "shell:deny-stdin-write",
206 + "markdownDescription": "Denies the stdin_write command without any pre-configured scope."
207 + }
208 + ]
209 + }
210 + }
211 + },
212 + "then": {
213 + "properties": {
214 + "allow": {
215 + "items": {
216 + "title": "ShellScopeEntry",
217 + "description": "Shell scope entry.",
218 + "anyOf": [
219 + {
220 + "type": "object",
221 + "required": [
222 + "cmd",
223 + "name"
224 + ],
225 + "properties": {
226 + "args": {
227 + "description": "The allowed arguments for the command execution.",
228 + "allOf": [
229 + {
230 + "$ref": "#/definitions/ShellScopeEntryAllowedArgs"
231 + }
232 + ]
233 + },
234 + "cmd": {
235 + "description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
236 + "type": "string"
237 + },
238 + "name": {
239 + "description": "The name for this allowed shell command configuration.\n\nThis name will be used inside of the webview API to call this command along with any specified arguments.",
240 + "type": "string"
241 + }
242 + },
243 + "additionalProperties": false
244 + },
245 + {
246 + "type": "object",
247 + "required": [
248 + "name",
249 + "sidecar"
250 + ],
251 + "properties": {
252 + "args": {
253 + "description": "The allowed arguments for the command execution.",
254 + "allOf": [
255 + {
256 + "$ref": "#/definitions/ShellScopeEntryAllowedArgs"
257 + }
258 + ]
259 + },
260 + "name": {
261 + "description": "The name for this allowed shell command configuration.\n\nThis name will be used inside of the webview API to call this command along with any specified arguments.",
262 + "type": "string"
263 + },
264 + "sidecar": {
265 + "description": "If this command is a sidecar command.",
266 + "type": "boolean"
267 + }
268 + },
269 + "additionalProperties": false
270 + }
271 + ]
272 + }
273 + },
274 + "deny": {
275 + "items": {
276 + "title": "ShellScopeEntry",
277 + "description": "Shell scope entry.",
278 + "anyOf": [
279 + {
280 + "type": "object",
281 + "required": [
282 + "cmd",
283 + "name"
284 + ],
285 + "properties": {
286 + "args": {
287 + "description": "The allowed arguments for the command execution.",
288 + "allOf": [
289 + {
290 + "$ref": "#/definitions/ShellScopeEntryAllowedArgs"
291 + }
292 + ]
293 + },
294 + "cmd": {
295 + "description": "The command name. It can start with a variable that resolves to a system base directory. The variables are: `$AUDIO`, `$CACHE`, `$CONFIG`, `$DATA`, `$LOCALDATA`, `$DESKTOP`, `$DOCUMENT`, `$DOWNLOAD`, `$EXE`, `$FONT`, `$HOME`, `$PICTURE`, `$PUBLIC`, `$RUNTIME`, `$TEMPLATE`, `$VIDEO`, `$RESOURCE`, `$LOG`, `$TEMP`, `$APPCONFIG`, `$APPDATA`, `$APPLOCALDATA`, `$APPCACHE`, `$APPLOG`.",
296 + "type": "string"
297 + },
298 + "name": {
299 + "description": "The name for this allowed shell command configuration.\n\nThis name will be used inside of the webview API to call this command along with any specified arguments.",
300 + "type": "string"
301 + }
302 + },
303 + "additionalProperties": false
304 + },
305 + {
306 + "type": "object",
307 + "required": [
308 + "name",
309 + "sidecar"
310 + ],
311 + "properties": {
312 + "args": {
313 + "description": "The allowed arguments for the command execution.",
314 + "allOf": [
315 + {
316 + "$ref": "#/definitions/ShellScopeEntryAllowedArgs"
317 + }
318 + ]
319 + },
320 + "name": {
321 + "description": "The name for this allowed shell command configuration.\n\nThis name will be used inside of the webview API to call this command along with any specified arguments.",
322 + "type": "string"
323 + },
324 + "sidecar": {
325 + "description": "If this command is a sidecar command.",
326 + "type": "boolean"
327 + }
328 + },
329 + "additionalProperties": false
330 + }
331 + ]
332 + }
333 + }
334 + }
335 + },
336 + "properties": {
337 + "identifier": {
338 + "description": "Identifier of the permission or permission set.",
339 + "allOf": [
340 + {
341 + "$ref": "#/definitions/Identifier"
342 + }
343 + ]
344 + }
345 + }
346 + },
347 + {
348 + "properties": {
349 + "identifier": {
350 + "description": "Identifier of the permission or permission set.",
351 + "allOf": [
352 + {
353 + "$ref": "#/definitions/Identifier"
354 + }
355 + ]
356 + },
357 + "allow": {
358 + "description": "Data that defines what is allowed by the scope.",
359 + "type": [
360 + "array",
361 + "null"
362 + ],
363 + "items": {
364 + "$ref": "#/definitions/Value"
365 + }
366 + },
367 + "deny": {
368 + "description": "Data that defines what is denied by the scope. This should be prioritized by validation logic.",
369 + "type": [
370 + "array",
371 + "null"
372 + ],
373 + "items": {
374 + "$ref": "#/definitions/Value"
375 + }
376 + }
377 + }
378 + }
379 + ],
380 + "required": [
381 + "identifier"
382 + ]
383 + }
384 + ]
385 + },
386 + "Identifier": {
387 + "description": "Permission identifier",
388 + "oneOf": [
389 + {
390 + "description": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`",
391 + "type": "string",
392 + "const": "core:default",
393 + "markdownDescription": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`"
394 + },
395 + {
396 + "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`",
397 + "type": "string",
398 + "const": "core:app:default",
399 + "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`"
400 + },
401 + {
402 + "description": "Enables the app_hide command without any pre-configured scope.",
403 + "type": "string",
404 + "const": "core:app:allow-app-hide",
405 + "markdownDescription": "Enables the app_hide command without any pre-configured scope."
406 + },
407 + {
408 + "description": "Enables the app_show command without any pre-configured scope.",
409 + "type": "string",
410 + "const": "core:app:allow-app-show",
411 + "markdownDescription": "Enables the app_show command without any pre-configured scope."
412 + },
413 + {
414 + "description": "Enables the bundle_type command without any pre-configured scope.",
415 + "type": "string",
416 + "const": "core:app:allow-bundle-type",
417 + "markdownDescription": "Enables the bundle_type command without any pre-configured scope."
418 + },
419 + {
420 + "description": "Enables the default_window_icon command without any pre-configured scope.",
421 + "type": "string",
422 + "const": "core:app:allow-default-window-icon",
423 + "markdownDescription": "Enables the default_window_icon command without any pre-configured scope."
424 + },
425 + {
426 + "description": "Enables the fetch_data_store_identifiers command without any pre-configured scope.",
427 + "type": "string",
428 + "const": "core:app:allow-fetch-data-store-identifiers",
429 + "markdownDescription": "Enables the fetch_data_store_identifiers command without any pre-configured scope."
430 + },
431 + {
432 + "description": "Enables the identifier command without any pre-configured scope.",
433 + "type": "string",
434 + "const": "core:app:allow-identifier",
435 + "markdownDescription": "Enables the identifier command without any pre-configured scope."
436 + },
437 + {
438 + "description": "Enables the name command without any pre-configured scope.",
439 + "type": "string",
440 + "const": "core:app:allow-name",
441 + "markdownDescription": "Enables the name command without any pre-configured scope."
442 + },
443 + {
444 + "description": "Enables the register_listener command without any pre-configured scope.",
445 + "type": "string",
446 + "const": "core:app:allow-register-listener",
447 + "markdownDescription": "Enables the register_listener command without any pre-configured scope."
448 + },
449 + {
450 + "description": "Enables the remove_data_store command without any pre-configured scope.",
451 + "type": "string",
452 + "const": "core:app:allow-remove-data-store",
453 + "markdownDescription": "Enables the remove_data_store command without any pre-configured scope."
454 + },
455 + {
456 + "description": "Enables the remove_listener command without any pre-configured scope.",
457 + "type": "string",
458 + "const": "core:app:allow-remove-listener",
459 + "markdownDescription": "Enables the remove_listener command without any pre-configured scope."
460 + },
461 + {
462 + "description": "Enables the set_app_theme command without any pre-configured scope.",
463 + "type": "string",
464 + "const": "core:app:allow-set-app-theme",
465 + "markdownDescription": "Enables the set_app_theme command without any pre-configured scope."
466 + },
467 + {
468 + "description": "Enables the set_dock_visibility command without any pre-configured scope.",
469 + "type": "string",
470 + "const": "core:app:allow-set-dock-visibility",
471 + "markdownDescription": "Enables the set_dock_visibility command without any pre-configured scope."
472 + },
473 + {
474 + "description": "Enables the tauri_version command without any pre-configured scope.",
475 + "type": "string",
476 + "const": "core:app:allow-tauri-version",
477 + "markdownDescription": "Enables the tauri_version command without any pre-configured scope."
478 + },
479 + {
480 + "description": "Enables the version command without any pre-configured scope.",
481 + "type": "string",
482 + "const": "core:app:allow-version",
483 + "markdownDescription": "Enables the version command without any pre-configured scope."
484 + },
485 + {
486 + "description": "Denies the app_hide command without any pre-configured scope.",
487 + "type": "string",
488 + "const": "core:app:deny-app-hide",
489 + "markdownDescription": "Denies the app_hide command without any pre-configured scope."
490 + },
491 + {
492 + "description": "Denies the app_show command without any pre-configured scope.",
493 + "type": "string",
494 + "const": "core:app:deny-app-show",
495 + "markdownDescription": "Denies the app_show command without any pre-configured scope."
496 + },
497 + {
498 + "description": "Denies the bundle_type command without any pre-configured scope.",
499 + "type": "string",
500 + "const": "core:app:deny-bundle-type",
Lines truncated