fix: Resolve slow UI/UX performance on Rocket.Chat Desktop App (#3117)#3248
fix: Resolve slow UI/UX performance on Rocket.Chat Desktop App (#3117)#3248Ram-sah19 wants to merge 135 commits intoRocketChat:developfrom
Conversation
|
Note Reviews pausedIt looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the Use the following commands to manage reviews:
Use the checkboxes below for quick actions:
WalkthroughAdds renderer-level external-link interception with a preload/openExternal API and IPC, main-process external URL/protocol and certificate checks, renderer crash-recovery and background-throttling disabling, unconditional notification attention calls, i18n updates, many docs/formatting fixes, and release-tooling adjustments. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant Renderer as Injected Handler (Renderer)
participant Preload as Preload API
participant IPC as IPC Bridge
participant Main as Main Process
participant OS as External Opener
User->>Renderer: Click <a> element
Renderer->>Renderer: Find nearest anchor & href
alt Same-origin
Renderer->>Renderer: Allow navigation
else Cross-origin
Renderer->>Renderer: Prevent default, parse URL
Renderer->>Preload: openExternal(url)
Preload->>IPC: invoke('open-external', url)
IPC->>Main: handle open-external(url)
Main->>Main: validate protocol (isProtocolAllowed) & certificate
alt http/https
Main->>OS: openExternal(url)
else other
Main->>OS: shell.openExternal(url)
end
OS->>User: URL opened in system browser
end
sequenceDiagram
participant App as App
participant Window as RootWindow
participant CrashHandler as Crash Handler
participant Storage as Cache/Storage
App->>Window: create/show window (backgroundThrottling:false)
Note over Window: register render-process-gone handler
alt Renderer crashes
Window->>CrashHandler: render-process-gone(reason)
CrashHandler->>CrashHandler: log & increment attempts
alt attempts < MAX
CrashHandler->>Storage: clear cookies/IndexedDB/shadercache/cacheStorage
Storage-->>CrashHandler: cleared
CrashHandler->>Window: reload renderer
else attempts >= MAX
CrashHandler->>App: quit application
end
else Stable
Window->>App: normal operation
end
Estimated code review effort🎯 4 (Complex) | ⏱️ ~50 minutes 🚥 Pre-merge checks | ✅ 4 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (4 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
Caution
Some comments are outside the diff and can’t be posted inline due to platform limitations.
⚠️ Outside diff range comments (2)
src/notifications/main.ts (1)
81-94:⚠️ Potential issue | 🟡 MinorDuplicate
drawAttentioncall for voice notifications.The code now calls
drawAttention(id)twice for voice notifications:
- Conditionally at Line 90 (inside the
if (notificationType === 'voice')block)- Unconditionally at Line 93
While
drawAttentionhas an early return guard (if (this.activeVoiceNotifications.has(notificationId)) return), this is still redundant code. If the intent is to draw attention for all notification types, the conditional block at lines 88-91 should be removed.🐛 Proposed fix to remove duplicate call
notification.addListener('show', () => { dispatchSingle({ type: NOTIFICATIONS_NOTIFICATION_SHOWN, payload: { id }, ipcMeta, }); - const notificationType = notificationTypes.get(id); - if (notificationType === 'voice') { - attentionDrawing.drawAttention(id); - } - attentionDrawing.drawAttention(id); });🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/notifications/main.ts` around lines 81 - 94, The handler for notification.addListener('show') calls attentionDrawing.drawAttention(id) twice for voice notifications; remove the conditional block that checks notificationType === 'voice' and calls attentionDrawing.drawAttention(id) so only the single unconditional attentionDrawing.drawAttention(id) remains, keeping the notificationTypes lookup and preserving the early-return behavior in attentionDrawing.activeVoiceNotifications.src/i18n/es.i18n.json (1)
361-374:⚠️ Potential issue | 🟡 MinorMissing
videoCall.error.noUrltranslation for Spanish.The
videoCall.error.noUrlkey was added to English (en.i18n.json) and Norwegian (no.i18n.json) but is missing from the Spanish translation file. Users with Spanish locale will fall back to the English default.🌐 Suggested addition in videoCall.error section (around line 373)
"crashed": "Webview se ha bloqueado", "maxRetriesReached": "Error al cargar después de múltiples intentos", - "reload": "Recargar videollamada" + "reload": "Recargar videollamada", + "noUrl": "No se proporcionó URL de videollamada" }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/i18n/es.i18n.json` around lines 361 - 374, The Spanish i18n is missing the videoCall.error.noUrl key; add "noUrl": "<Spanish translation>" to the videoCall.error object (i.e., insert videoCall.error.noUrl with an appropriate Spanish string such as "No se encontró la URL de la videollamada" or your preferred wording) so the key videoCall.error.noUrl exists alongside title, announcement, timeout, crashed, maxRetriesReached and reload.
🧹 Nitpick comments (4)
workspaces/desktop-release-action/src/types/js-yaml.d.ts (1)
1-1: LGTM! Formatting-only change.This whitespace/newline formatting change has no functional impact and appears to be part of broader formatting standardization across the repository.
Optional: Consider enhanced type declarations.
The current minimal module declaration means all
js-yamlimports will be typed asany, which bypasses TypeScript's type checking. If type safety is desired for this dependency, consider using the@types/js-yamlpackage or defining specific type signatures.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@workspaces/desktop-release-action/src/types/js-yaml.d.ts` at line 1, The file currently contains a minimal ambient declaration "declare module 'js-yaml';" which types all imports as any; to improve type safety either (A) remove this file and add the official types by installing `@types/js-yaml` (npm i -D `@types/js-yaml`) so TypeScript picks up proper typings, or (B) expand this declaration to export specific types and functions used in the repo (replace the single-line declare with an index of exported interfaces/functions matching js-yaml's API), updating references to symbols where necessary; choose one approach and ensure the project TS config noImplicitAny/typeRoots will pick up the new types.CHANGELOG.md (1)
1-6: Missing changelog entry for PR#3248.This PR introduces significant performance fixes (ready-to-show window creation, background throttling disabled, async IPC, duplicate handler removal), but no changelog entry was added. Consider adding an entry under a new version section documenting these UI/UX performance improvements.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@CHANGELOG.md` around lines 1 - 6, Add a new changelog entry for PR `#3248`: create a new version header (with the release date or "Unreleased") above the existing 3.7.3 section and add a "Performance Improvements" or "UI/UX Improvements" subsection that lists the key changes introduced by PR `#3248` (ready-to-show window creation, background throttling disabled, async IPC, duplicate handler removal) with a brief one-line bullet for each change; ensure the entry references PR `#3248` and follows the existing CHANGELOG.md formatting style.workspaces/desktop-release-action/src/windows/signing-tools.ts (1)
45-56: Consider exporting JAVA_HOME consistently.Line 53 sets
process.env.JAVA_HOMEbut doesn't callcore.exportVariable('JAVA_HOME', ...)like other paths (e.g.,SIGNTOOL_PATHinfindSigntool). If downstream steps in the GitHub Actions workflow needJAVA_HOME, consider adding:process.env.JAVA_HOME = javaHome.trim(); + core.exportVariable('JAVA_HOME', javaHome.trim());This ensures consistency with how
SIGNTOOL_PATHis handled and makesJAVA_HOMEavailable to subsequent workflow steps.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@workspaces/desktop-release-action/src/windows/signing-tools.ts` around lines 45 - 56, The block that detects Java sets process.env.JAVA_HOME but does not export it for subsequent GitHub Actions steps; after setting process.env.JAVA_HOME = javaHome.trim() add a call to core.exportVariable('JAVA_HOME', javaHome.trim()) so JAVA_HOME is exported the same way SIGNTOOL_PATH is handled (see SIGNTOOL_PATH / findSigntool usage) and downstream steps can access it.workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts (1)
100-105: Avoid hashing the primary installer twice.
yamlData.pathis usually one of thefiles[].urlentries already processed above. Recomputing it here rereads the largest artifact again viareadFileSync, which adds unnecessary I/O and memory pressure to the release action. Prefer reusing the earlier checksum when the paths match.🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts` around lines 100 - 105, The code recalculates the SHA512 for the primary installer by calling calculateSHA512(mainFilePath) even when yamlData.path matches one of the already-processed files, causing duplicate disk read and memory use; change the logic in update-yaml-checksums.ts to reuse the previously computed checksum from the matching files[] entry instead of recomputing: when iterating files[] (the loop that produced per-file checksums) detect if file.url === yamlData.path and capture/store that checksum, then in the section that sets yamlData.sha512 replace the unconditional calculateSHA512(mainFilePath) call with the cached checksum when available (fall back to calculateSHA512 only if no matching files[] checksum exists).
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@scripts/README.md`:
- Around line 112-125: Update the README to explain how the yarn CLI becomes
available when using Volta/npm by noting that Corepack is enabled via the
packageManager field in package.json (so Volta-installed Node/npm will boot
Corepack and auto-provision the bundled Yarn at .yarn/releases/yarn-4.6.0.cjs),
and optionally reference .yarnrc.yml to show any Yarn settings; add a short
sentence clarifying that users do not need to manually execute the .cjs file to
get a working yarn command.
In `@src/ui/main/rootWindow.ts`:
- Around line 539-558: Before accessing browserWindow.webContents.session in the
crash recovery try/catch, check that browserWindow and browserWindow.webContents
are not destroyed (use browserWindow.isDestroyed() or
browserWindow.webContents.isDestroyed()) and bail out or skip storage clearing
if destroyed; update the try block around session.clearCache() and
session.clearStorageData(...) (references: browserWindow, webContents, session,
clearCache, clearStorageData) to guard access and avoid exceptions, and if you
intend to avoid aggressive data loss reduce the storages array passed to
session.clearStorageData to only include cache-related entries (or make the
storages list configurable) instead of wiping cookies/indexdb/serviceworkers.
In `@workspaces/desktop-release-action/action.yml`:
- Around line 61-62: Update the GitHub Action runtime from the deprecated value
by changing the using key in the action metadata (the line currently setting
using: 'node12') to using: 'node20'; ensure the action's main entry (main:
'dist/index.js') is still compatible with Node 20 (rebuild/restore dependencies
if needed) so the action runs on the supported Node 20 runtime.
In `@workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts`:
- Around line 92-106: The loop that iterates yamlData.files should fail fast on
missing artifact files instead of only warning and leaving stale entries in
latest.yml; update the code that currently checks each file path (referencing
yamlData.files and the per-file calculateSHA512 check) to throw an Error when
fs.existsSync(filePath) is false (include the missing file path in the message)
and ensure any checksum mismatch handling mirrors the fatal behavior used for
yamlData.path (so use the same throw-on-failure pattern as the main installer
block rather than only core.warning/core.info).
---
Outside diff comments:
In `@src/i18n/es.i18n.json`:
- Around line 361-374: The Spanish i18n is missing the videoCall.error.noUrl
key; add "noUrl": "<Spanish translation>" to the videoCall.error object (i.e.,
insert videoCall.error.noUrl with an appropriate Spanish string such as "No se
encontró la URL de la videollamada" or your preferred wording) so the key
videoCall.error.noUrl exists alongside title, announcement, timeout, crashed,
maxRetriesReached and reload.
In `@src/notifications/main.ts`:
- Around line 81-94: The handler for notification.addListener('show') calls
attentionDrawing.drawAttention(id) twice for voice notifications; remove the
conditional block that checks notificationType === 'voice' and calls
attentionDrawing.drawAttention(id) so only the single unconditional
attentionDrawing.drawAttention(id) remains, keeping the notificationTypes lookup
and preserving the early-return behavior in
attentionDrawing.activeVoiceNotifications.
---
Nitpick comments:
In `@CHANGELOG.md`:
- Around line 1-6: Add a new changelog entry for PR `#3248`: create a new version
header (with the release date or "Unreleased") above the existing 3.7.3 section
and add a "Performance Improvements" or "UI/UX Improvements" subsection that
lists the key changes introduced by PR `#3248` (ready-to-show window creation,
background throttling disabled, async IPC, duplicate handler removal) with a
brief one-line bullet for each change; ensure the entry references PR `#3248` and
follows the existing CHANGELOG.md formatting style.
In `@workspaces/desktop-release-action/src/types/js-yaml.d.ts`:
- Line 1: The file currently contains a minimal ambient declaration "declare
module 'js-yaml';" which types all imports as any; to improve type safety either
(A) remove this file and add the official types by installing `@types/js-yaml`
(npm i -D `@types/js-yaml`) so TypeScript picks up proper typings, or (B) expand
this declaration to export specific types and functions used in the repo
(replace the single-line declare with an index of exported interfaces/functions
matching js-yaml's API), updating references to symbols where necessary; choose
one approach and ensure the project TS config noImplicitAny/typeRoots will pick
up the new types.
In `@workspaces/desktop-release-action/src/windows/signing-tools.ts`:
- Around line 45-56: The block that detects Java sets process.env.JAVA_HOME but
does not export it for subsequent GitHub Actions steps; after setting
process.env.JAVA_HOME = javaHome.trim() add a call to
core.exportVariable('JAVA_HOME', javaHome.trim()) so JAVA_HOME is exported the
same way SIGNTOOL_PATH is handled (see SIGNTOOL_PATH / findSigntool usage) and
downstream steps can access it.
In `@workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts`:
- Around line 100-105: The code recalculates the SHA512 for the primary
installer by calling calculateSHA512(mainFilePath) even when yamlData.path
matches one of the already-processed files, causing duplicate disk read and
memory use; change the logic in update-yaml-checksums.ts to reuse the previously
computed checksum from the matching files[] entry instead of recomputing: when
iterating files[] (the loop that produced per-file checksums) detect if file.url
=== yamlData.path and capture/store that checksum, then in the section that sets
yamlData.sha512 replace the unconditional calculateSHA512(mainFilePath) call
with the cached checksum when available (fall back to calculateSHA512 only if no
matching files[] checksum exists).
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 7114e9ae-8883-43df-b95b-4bcee3c1349c
⛔ Files ignored due to path filters (1)
workspaces/desktop-release-action/dist/index.jsis excluded by!**/dist/**
📒 Files selected for processing (70)
.cursor/worktrees.json.eslintrc.json.github/CONTRIBUTING.md.github/ISSUE_TEMPLATE.md.github/ISSUE_TEMPLATE/feature_request.md.github/PULL_REQUEST_TEMPLATE.md.github/workflows/powershell-lint.yml.prettierrc.mjsCHANGELOG.mdCODE_OF_CONDUCT.mdalpha-app-update.ymlbeta-app-update.ymldocs/alpha-release-process.mddocs/linux-display-server.mddocs/qa-alpha-update-testing.mddocs/supported-versions-flow.mddocs/video-call-screen-sharing.mddocs/video-call-window-flow.mddocs/video-call-window-management.mddocs/video-call-window-wgc-limitations.mdscripts/README.mdsrc/i18n/ar.i18n.jsonsrc/i18n/de-DE.i18n.jsonsrc/i18n/en.i18n.jsonsrc/i18n/es.i18n.jsonsrc/i18n/fi.i18n.jsonsrc/i18n/fr.i18n.jsonsrc/i18n/it-IT.i18n.jsonsrc/i18n/ja.i18n.jsonsrc/i18n/nb-NO.i18n.jsonsrc/i18n/nn.i18n.jsonsrc/i18n/no.i18n.jsonsrc/i18n/pl.i18n.jsonsrc/i18n/pt-BR.i18n.jsonsrc/i18n/ru.i18n.jsonsrc/i18n/se.i18n.jsonsrc/i18n/sv.i18n.jsonsrc/i18n/tr-TR.i18n.jsonsrc/i18n/uk-UA.i18n.jsonsrc/i18n/zh-CN.i18n.jsonsrc/i18n/zh-TW.i18n.jsonsrc/i18n/zh.i18n.jsonsrc/injected.tssrc/ipc/channels.tssrc/main.tssrc/navigation/main.tssrc/notifications/main.tssrc/outlookCalendar/AGENTS.mdsrc/public/error.csssrc/public/index.htmlsrc/public/loading.csssrc/public/main.csssrc/public/video-call-window.htmlsrc/servers/preload/api.tssrc/servers/preload/openExternal.tssrc/ui/main/rootWindow.tstsconfig.jsonworkspaces/desktop-release-action/.prettierrc.mjsworkspaces/desktop-release-action/action.ymlworkspaces/desktop-release-action/src/github.tsworkspaces/desktop-release-action/src/index.tsworkspaces/desktop-release-action/src/types/js-yaml.d.tsworkspaces/desktop-release-action/src/windows/certificates.tsworkspaces/desktop-release-action/src/windows/google-cloud.tsworkspaces/desktop-release-action/src/windows/kms-provider.tsworkspaces/desktop-release-action/src/windows/msi-service-fix.tsworkspaces/desktop-release-action/src/windows/sign-packages.tsworkspaces/desktop-release-action/src/windows/signing-tools.tsworkspaces/desktop-release-action/src/windows/update-yaml-checksums.tsworkspaces/desktop-release-action/tsconfig.json
💤 Files with no reviewable changes (3)
- src/i18n/se.i18n.json
- .github/ISSUE_TEMPLATE/feature_request.md
- src/public/error.css
📜 Review details
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx}: Use TypeScript strict mode enabled in TypeScript configuration
Use React functional components with hooks instead of class components
Follow FSA (Flux Standard Action) pattern for Redux actions
Use camelCase for file names and PascalCase for component file names
All code must pass ESLint and TypeScript checks
Write self-documenting code with clear naming; avoid unnecessary comments except for complex business logic or non-obvious decisions
Use Fuselage components from@rocket.chat/fuselagefor all UI work and only create custom components when Fuselage doesn't provide what's needed
CheckTheme.d.tsfor valid color tokens when using Fuselage components
Use defensive coding with optional chaining and fallbacks for Linux-only APIs (process.getuid(), process.getgid(), process.geteuid(), process.getegid()) to ensure cross-platform compatibility across Windows, macOS, and Linux
Files:
workspaces/desktop-release-action/src/windows/certificates.tssrc/ui/main/rootWindow.tssrc/injected.tssrc/servers/preload/api.tssrc/servers/preload/openExternal.tsworkspaces/desktop-release-action/src/types/js-yaml.d.tsworkspaces/desktop-release-action/src/github.tsworkspaces/desktop-release-action/src/windows/update-yaml-checksums.tsworkspaces/desktop-release-action/src/windows/sign-packages.tsworkspaces/desktop-release-action/src/windows/signing-tools.tsworkspaces/desktop-release-action/src/windows/msi-service-fix.tssrc/navigation/main.tssrc/notifications/main.tssrc/ipc/channels.tsworkspaces/desktop-release-action/src/windows/kms-provider.tssrc/main.tsworkspaces/desktop-release-action/src/index.tsworkspaces/desktop-release-action/src/windows/google-cloud.ts
🧠 Learnings (21)
📚 Learning: 2026-02-23T17:21:22.132Z
Learnt from: SantamRC
Repo: RocketChat/Rocket.Chat.Electron PR: 3213
File: tsconfig.json:22-22
Timestamp: 2026-02-23T17:21:22.132Z
Learning: In the RocketChat/Rocket.Chat.Electron project, configuration files like `tsconfig.json` should maintain strict JSON compliance (no trailing commas) to ensure compatibility with various tooling and parsers in the development ecosystem, even though TypeScript itself accepts JSONC format.
Applied to files:
src/i18n/pt-BR.i18n.jsonbeta-app-update.ymlalpha-app-update.ymlCHANGELOG.md.prettierrc.mjsworkspaces/desktop-release-action/.prettierrc.mjs
📚 Learning: 2026-02-04T19:29:30.127Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: CLAUDE.md:0-0
Timestamp: 2026-02-04T19:29:30.127Z
Learning: See AGENTS.md for development guidelines
Applied to files:
src/outlookCalendar/AGENTS.md
📚 Learning: 2026-03-06T19:31:11.433Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: src/outlookCalendar/AGENTS.md:0-0
Timestamp: 2026-03-06T19:31:11.433Z
Learning: Applies to src/outlookCalendar/**/*(!preload).ts?(x) : Always use the centralized logger from `logger.ts` (outlookLog, outlookDebug, outlookError, outlookWarn, outlookEventDetail) instead of console.log() for Outlook Calendar module logging
Applied to files:
src/outlookCalendar/AGENTS.md
📚 Learning: 2026-03-06T19:31:11.433Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: src/outlookCalendar/AGENTS.md:0-0
Timestamp: 2026-03-06T19:31:11.433Z
Learning: Applies to src/outlookCalendar/**/preload.ts : Keep preload.ts logging minimal since it cannot access the verbose logging toggle from Redux Store and all logs always appear
Applied to files:
src/outlookCalendar/AGENTS.md
📚 Learning: 2026-03-06T19:31:11.433Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: src/outlookCalendar/AGENTS.md:0-0
Timestamp: 2026-03-06T19:31:11.433Z
Learning: Applies to src/outlookCalendar/**/*.{ts,tsx} : Always use outlookError() for errors as it logs regardless of verbose mode settings, ensuring errors are always visible to users
Applied to files:
src/outlookCalendar/AGENTS.md
📚 Learning: 2026-03-06T19:31:11.433Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: src/outlookCalendar/AGENTS.md:0-0
Timestamp: 2026-03-06T19:31:11.433Z
Learning: Verbose logging (outlookLog, outlookWarn, outlookDebug) should only output when the verbose logging toggle is enabled in Settings > Developer > Verbose Outlook Logging
Applied to files:
src/outlookCalendar/AGENTS.md
📚 Learning: 2026-03-06T19:31:11.433Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: src/outlookCalendar/AGENTS.md:0-0
Timestamp: 2026-03-06T19:31:11.433Z
Learning: Applies to src/outlookCalendar/**/*.{ts,tsx} : Use `createClassifiedError()` from `errorClassification.ts` for user-facing errors to provide error categorization, user-friendly messages, and structured error context
Applied to files:
src/outlookCalendar/AGENTS.md
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Use root package.json commands for workspace builds with `yarn workspaces:build` instead of running `yarn build` directly in workspace directories
Applied to files:
.cursor/worktrees.json
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Applies to **/*.{ts,tsx} : Write self-documenting code with clear naming; avoid unnecessary comments except for complex business logic or non-obvious decisions
Applied to files:
workspaces/desktop-release-action/src/windows/sign-packages.ts
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Use two-phase Windows code signing: build packages without signing first (empty environment variables), then sign built packages using jsign with Google Cloud KMS to prevent MSI build failures from KMS CNG provider conflicts
Applied to files:
workspaces/desktop-release-action/src/windows/sign-packages.tsworkspaces/desktop-release-action/src/windows/signing-tools.ts
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Always verify library and framework usage by checking official documentation and TypeScript type definitions before using; for TypeScript check `.d.ts` files in `node_modules/package-name/dist/`
Applied to files:
workspaces/desktop-release-action/src/windows/sign-packages.ts
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Applies to **/*.{ts,tsx} : Use Fuselage components from `rocket.chat/fuselage` for all UI work and only create custom components when Fuselage doesn't provide what's needed
Applied to files:
src/public/main.css
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Applies to **/*.{ts,tsx} : Check `Theme.d.ts` for valid color tokens when using Fuselage components
Applied to files:
src/public/main.css
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Include all Windows build architectures (x64, ia32, arm64) when building with electron-builder using `yarn electron-builder --x64 --ia32 --arm64 --win nsis`
Applied to files:
workspaces/desktop-release-action/src/windows/signing-tools.ts
📚 Learning: 2026-02-23T17:21:16.480Z
Learnt from: SantamRC
Repo: RocketChat/Rocket.Chat.Electron PR: 3213
File: tsconfig.json:22-22
Timestamp: 2026-02-23T17:21:16.480Z
Learning: In RocketChat/Rocket.Chat.Electron, ensure tsconfig.json files use strict JSON syntax with no trailing commas. Although TypeScript parses JSONC, many tools and parsers expect valid JSON, so configurations should avoid trailing commas to maintain compatibility across tooling.
Applied to files:
workspaces/desktop-release-action/tsconfig.jsontsconfig.json
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Applies to **/*.{ts,tsx} : Use TypeScript strict mode enabled in TypeScript configuration
Applied to files:
workspaces/desktop-release-action/tsconfig.json.eslintrc.json.prettierrc.mjstsconfig.jsonworkspaces/desktop-release-action/.prettierrc.mjs
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Applies to **/*.{ts,tsx} : All code must pass ESLint and TypeScript checks
Applied to files:
.eslintrc.json
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Applies to **/*.{ts,tsx} : Use camelCase for file names and PascalCase for component file names
Applied to files:
.eslintrc.json
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Applies to **/*.{spec,main.spec}.ts : Use `*.spec.ts` file naming for renderer process tests and `*.main.spec.ts` for main process tests
Applied to files:
.eslintrc.json
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Applies to **/*.{ts,tsx} : Follow FSA (Flux Standard Action) pattern for Redux actions
Applied to files:
.eslintrc.json
📚 Learning: 2026-02-04T19:29:54.650Z
Learnt from: CR
Repo: RocketChat/Rocket.Chat.Electron PR: 0
File: AGENTS.md:0-0
Timestamp: 2026-02-04T19:29:54.650Z
Learning: Remove nested dist folder created by ncc bundler after building desktop-release-action with command `rm -rf workspaces/desktop-release-action/dist/dist`
Applied to files:
workspaces/desktop-release-action/action.yml
🪛 LanguageTool
docs/supported-versions-flow.md
[grammar] ~232-~232: Ensure spelling is correct
Context: ... (fetchState === 'error') - ✅ Generic builtin fallback (fetchState === 'error') **...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~585-~585: Ensure spelling is correct
Context: ...state, block if fallback data (cache or builtin) confirms unsupported version. 2. **Va...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
CHANGELOG.md
[uncategorized] ~25-~25: Did you mean Apple’s computer “Mac” (= trademark, capitalized)?
Context: ...5d53219e018)) - Missing entitlements on mac app ([#2191](https://github.com/RocketC...
(APPLE_PRODUCTS)
[grammar] ~49-~49: Ensure spelling is correct
Context: .....3.5.6) (2021-09-23) ### Bug Fixes - Jitisi opening on browser ([#2180](https://git...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[uncategorized] ~53-~53: Did you mean the proper noun “Apple Silicon”?
Context: ...42d02a8890308f136f6f)) ### Features - apple silicon universal support ([#2170](https://gith...
(APPLE_PRODUCTS)
[grammar] ~211-~211: Ensure spelling is correct
Context: ...5) (2020-10-28) ### Bug Fixes - Apply TouchBar formatting button in focused message bo...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[grammar] ~279-~279: Use a hyphen to join words.
Context: ...cbc4a5857dcbd4e6e79b9)) - Embedded spell checking dictionaries ([#1523](https://g...
(QB_NEW_EN_HYPHEN)
[uncategorized] ~314-~314: The operating system from Apple is written “macOS”.
Context: ...8) (2020-03-01) ### Bug Fixes - Allow MacOS users to browse for spell checking dict...
(MAC_OS)
[grammar] ~314-~314: Use a hyphen to join words.
Context: ... - Allow MacOS users to browse for spell checking dictionaries ([3c75bfe](https:/...
(QB_NEW_EN_HYPHEN)
[grammar] ~321-~321: Use a hyphen to join words.
Context: ....7) (2020-02-11) ### Bug Fixes - Spell checking dictionaries files encoded as U...
(QB_NEW_EN_HYPHEN)
[uncategorized] ~334-~334: The operating system from Apple is written “macOS”.
Context: ...e91)) - Ignore Hunspell dictionaries on MacOS ([cccca77](https://github.com/RocketCha...
(MAC_OS)
[grammar] ~340-~340: Use a hyphen to join words.
Context: ...20-02-04) ### Bug Fixes - Broken spell checking dictionary selection ([c11600c]...
(QB_NEW_EN_HYPHEN)
[grammar] ~355-~355: Ensure spelling is correct
Context: ...ketChat/Rocket.Chat.Electron/pull/1447) TouchBar buttons ## 2.17...
(QB_NEW_EN_ORTHOGRAPHY_ERROR_IDS_1)
[uncategorized] ~556-~556: The operating system from Apple is written “macOS”.
Context: ...- Main window destroyed when closing on MacOS ## 2.14.6 (2018...
(MAC_OS)
[uncategorized] ~689-~689: The operating system from Apple is written “macOS”.
Context: ...n/pull/880) Tray icon toggle crashes in MacOS - [#869](https://github.com/RocketChat/...
(MAC_OS)
[uncategorized] ~702-~702: The operating system from Apple is written “macOS”.
Context: ...visioning profiles and entitlements for MacOS builds ## 2.13....
(MAC_OS)
[uncategorized] ~708-~708: The operating system from Apple is written “macOS”.
Context: ... ## 2.13.1 (2018-08-30) Fixes for MacOS and Windows builds. <...
(MAC_OS)
[uncategorized] ~819-~819: The operating system from Apple is written “macOS”.
Context: ...Chat/Rocket.Chat.Electron/pull/597) Fix MacOS dmg build # 2.1...
(MAC_OS)
[uncategorized] ~882-~882: Did you mean Apple’s computer “Mac” (= trademark, capitalized)?
Context: ...ectron/pull/425) Make sure app quits on mac on update - [#426](https://github.com/R...
(APPLE_PRODUCTS)
docs/video-call-screen-sharing.md
[grammar] ~201-~201: Use a hyphen to join words.
Context: ...te detects your click - Calls the screen sharing API provided by the preload scri...
(QB_NEW_EN_HYPHEN)
CODE_OF_CONDUCT.md
[style] ~27-~27: Try using a synonym here to strengthen your wording.
Context: ...vances - Trolling, insulting/derogatory comments, and personal or political attacks - Pu...
(COMMENT_REMARK)
🔇 Additional comments (62)
src/outlookCalendar/AGENTS.md (1)
8-14: LGTM.This is a formatting-only update to the documented
logger.tsimport, and it stays consistent with the Outlook Calendar logging guidance. Based on learnings: Applies tosrc/outlookCalendar/**/*(!preload).ts?(x): Always use the centralized logger fromlogger.ts(outlookLog, outlookDebug, outlookError, outlookWarn, outlookEventDetail) instead of console.log() for Outlook Calendar module logging.workspaces/desktop-release-action/tsconfig.json (1)
19-19: Good JSON syntax cleanup.Removing this trailing comma keeps the file compatible with stricter JSON parsers without changing the TypeScript behavior.
Based on learnings, in RocketChat/Rocket.Chat.Electron,
tsconfig.jsonfiles should use strict JSON syntax with no trailing commas to maintain compatibility across tooling.src/i18n/zh-CN.i18n.json (1)
316-316: LGTM!Trailing newline addition for POSIX compliance. No functional changes to translations.
src/i18n/zh.i18n.json (1)
43-43: LGTM!Trailing newline addition for POSIX compliance.
src/i18n/ar.i18n.json (1)
43-43: LGTM!Trailing newline addition for POSIX compliance.
.cursor/worktrees.json (1)
2-2: LGTM!Formatting normalization of the array representation. No functional change.
src/i18n/zh-TW.i18n.json (1)
236-236: LGTM!Trailing newline addition for POSIX compliance.
beta-app-update.yml (1)
5-5: Good fix for malformed YAML key.The correction from
-channel: betatochannel: betafixes invalid YAML syntax. The previous leading dash would have been interpreted as a list item rather than a key-value pair, potentially causing the update channel configuration to be ignored. Thebetavalue correctly aligns with the valid channels defined insrc/updates/common.ts.src/i18n/nn.i18n.json (1)
43-43: LGTM!Trailing newline addition for POSIX compliance.
.github/PULL_REQUEST_TEMPLATE.md (1)
10-11: LGTM!Minor formatting improvement adding visual separation between the instruction comment and the template content.
CODE_OF_CONDUCT.md (1)
17-32: LGTM!The bullet point formatting changes improve markdown consistency. The static analysis hint about "comments" wording is a false positive—this is standard Contributor Covenant language.
alpha-app-update.yml (1)
5-5: Good fix for the YAML key syntax.The correction from
-channel: alphatochannel: alphafixes what would have been an invalid or misinterpreted YAML key. This ensureselectron-updatercorrectly reads the channel value and assigns it toautoUpdater.channelas shown insrc/updates/main.ts.src/i18n/fi.i18n.json (1)
433-433: LGTM!Trailing newline addition follows standard file formatting conventions.
docs/video-call-window-wgc-limitations.md (1)
1-83: LGTM!Well-structured documentation explaining the Windows Graphics Capture limitations and the implemented solution. The technical details, implementation locations, and external references are comprehensive and helpful for maintainability.
workspaces/desktop-release-action/src/windows/kms-provider.ts (1)
6-26: LGTM!The multi-line formatting improves readability. The function logic—checking script existence before execution and proper error handling—remains correct.
src/public/loading.css (1)
34-38: LGTM!The multi-line selector formatting improves readability without changing CSS specificity or behavior.
src/public/main.css (1)
3-5: LGTM!The CSS variable declaration is now properly formatted with the required semicolon and closing brace.
tsconfig.json (1)
22-22: LGTM!Removing the trailing comma ensures strict JSON compliance, which is important for compatibility with various tools and parsers in the development ecosystem. Based on learnings: "ensure tsconfig.json files use strict JSON syntax with no trailing commas."
docs/qa-alpha-update-testing.md (1)
56-65: LGTM!Table formatting adjustments improve readability without altering content.
src/i18n/fr.i18n.json (1)
434-434: LGTM!Trailing newline ensures consistent file formatting.
.github/ISSUE_TEMPLATE.md (1)
19-22: LGTM!Good additions to the issue template. These checklist items encourage better issue quality by prompting users to verify with the latest version and confirm reproducibility.
workspaces/desktop-release-action/src/windows/msi-service-fix.ts (1)
8-26: LGTM!Formatting changes improve readability. The error handling approach (warning without failing the build) is appropriate for this optional service fix.
.github/CONTRIBUTING.md (1)
10-10: LGTM!Standardizing on
**for bold text improves consistency..eslintrc.json (2)
18-25: LGTM!Multi-line formatting for the
react/jsx-keyrule configuration improves readability without changing behavior.
54-60: LGTM!Expanding the files array to multi-line format improves readability and makes future additions easier to review in diffs.
src/servers/preload/openExternal.ts (1)
1-4: LGTM!Clean, minimal implementation following proper Electron preload patterns. The IPC delegation to the main process is the correct approach for opening external URLs securely.
workspaces/desktop-release-action/src/windows/certificates.ts (1)
6-118: LGTM - Formatting-only changes.The changes are purely cosmetic (multi-line function signatures and whitespace adjustments) with no semantic or behavioral modifications. The certificate handling logic remains unchanged.
.prettierrc.mjs (1)
1-6: LGTM - Valid Prettier configuration.The ES module syntax is appropriate for
.mjsfiles, andtrailingComma: 'es5'is a valid Prettier option.workspaces/desktop-release-action/src/index.ts (1)
24-214: LGTM - Formatting-only changes.The modifications are purely cosmetic: consistent parentheses in arrow function parameters
(path) => basename(path), multi-line formatting for log messages, and whitespace adjustments. No functional changes.src/notifications/main.ts (1)
96-109: LGTM - UnconditionalstopAttentionon close.The change to call
stopAttention(id)unconditionally is safe because the implementation has a guard that returns early if the notification ID isn't in the active set. This correctly pairs with the intent to draw attention for all notification types.src/i18n/ja.i18n.json (1)
259-259: LGTM - End-of-file newline adjustment.Minor formatting change to ensure consistent trailing newline. No content changes.
src/i18n/sv.i18n.json (1)
294-297: LGTM - Swedish translation improvements.The updates improve translation quality: "Genomskinlig" is a more natural Swedish term for transparent window effects, and the grammatical adjustment to "tillämpa" is correct.
docs/video-call-window-flow.md (1)
1-212: LGTM - Well-structured documentation.The documentation provides clear explanations of the video call window architecture, including the vanilla JS bootstrap for performance, stale-while-revalidate caching pattern, and provider-specific considerations (Jitsi bridge requirements vs. generic support for PEXIP and others).
src/i18n/pl.i18n.json (4)
30-30: LGTM - Consistent alpha channel label.The update to "Alfa (eksperymentalna)" aligns with the translation pattern used in other locales.
101-103: LGTM - Grammatically correct lowercase for media permission strings.The lowercase forms ("mikrofonu", "kamery", "mikrofonu i kamery") are correct since these strings are interpolated into sentences via the
{{- permissionType}}placeholder at Line 97.
202-202: Good catch on the typo fix.Correcting "Hjuston" to "Houston" fixes a longstanding typo in the Polish translations.
217-218: LGTM - NewnoUrltranslation key added.The addition of
videoCall.error.noUrlwith "Nie podano adresu URL połączenia wideo" is consistent with the same key being added across other locale files in this PR.src/servers/preload/api.ts (1)
27-27: LGTM!The
openExternalintegration is well-structured with proper type definitions. The security model is sound: URL validation occurs in the main process handler (parsing + protocol allowlist check viaisProtocolAllowed) before invokingshell.openExternal, ensuring the renderer cannot bypass security controls.Also applies to: 51-51, 97-97
.github/workflows/powershell-lint.yml (1)
37-48: LGTM!The refactored PSScriptAnalyzer step improves CI feedback with clear success/failure output. Excluding
PSAvoidUsingWriteHostis appropriate for CI contexts, and the results-driven flow with proper exit codes ensures reliable pipeline status reporting.docs/linux-display-server.md (1)
1-154: LGTM!The documentation improvements are comprehensive and helpful. The PipeWire additions for Wayland screen sharing, reformatted tables, and expanded troubleshooting sections provide clear guidance for Linux users dealing with display server configuration.
workspaces/desktop-release-action/src/windows/sign-packages.ts (1)
12-117: LGTM!The formatting changes improve code readability with consistent multi-line arrays and proper line breaks. The signing logic remains unchanged and correctly implements the two-phase signing pattern.
src/navigation/main.ts (2)
45-55: LGTM - Defensive certificate hostname validation.The
isHostnameValidhelper is well-implemented with proper error handling. Using Node'sX509Certificate.checkHost()provides standards-compliant hostname verification against the certificate's Subject Alternative Names and Common Name.
97-104: Security-conscious certificate bypass implementation.The bypass is appropriately constrained:
- Only triggers for
net::ERR_CERT_COMMON_NAME_INVALID(not other cert errors like expiry or untrusted CA)- Requires the hostname to actually validate against the certificate via
X509Certificate.checkHost()This handles legitimate scenarios (e.g., certificates with SANs that don't match the CN) while maintaining security for other certificate errors.
src/public/video-call-window.html (1)
1-59: LGTM!The HTML formatting changes improve readability by breaking long attribute lists and nested elements into multiple lines. No functional changes to the DOM structure.
docs/alpha-release-process.md (1)
1-142: LGTM!Documentation formatting improvements (table alignment, consistent spacing before code blocks) enhance readability without altering the release process content.
src/ui/main/rootWindow.ts (3)
27-27: LGTM - Background throttling disabled to address UI responsiveness.This change directly addresses the PR objective of improving UI performance by preventing the renderer from being throttled when the window is not focused.
48-50: Recovery logic is correct; consider clarifying the constant naming.The logic correctly allows one recovery attempt before quitting. The name
MAX_RENDERER_RECOVERY_ATTEMPTS = 1accurately reflects allowing 1 attempt. This is a minor observation.
523-561: Crash handler registration approach is sound.Using
crashHandlerRegisteredflag prevents duplicate handler registration across multipleshowRootWindowcalls. The once-per-app-lifecycle pattern is appropriate here.src/i18n/no.i18n.json (2)
387-388: LGTM!New
videoCall.error.noUrltranslation correctly matches the English source and the usage insrc/videoCallWindow/video-call-window.ts(context snippet 1).
457-457: LGTM!
screenSharing.openSystemPreferencestranslation added for Norwegian locale.src/i18n/en.i18n.json (1)
415-416: LGTM!New
videoCall.error.noUrlkey added with appropriate message. This matches the fallback value used invideo-call-window.ts.src/public/index.html (1)
1-13: LGTM!Formatting improvements (indentation, self-closing tags) with no functional changes.
workspaces/desktop-release-action/.prettierrc.mjs (1)
1-6: LGTM!Formatting adjustment with trailing comma in ESM config file. The
trailingComma: 'es5'setting is preserved.workspaces/desktop-release-action/src/github.ts (1)
156-212: LGTM!Function signatures reformatted to multiline for improved readability. No logic changes; asset management behavior is preserved.
workspaces/desktop-release-action/src/windows/google-cloud.ts (1)
7-73: LGTM!The changes are purely formatting improvements (multi-line parameter lists and error messages). The function signatures and logic remain unchanged, and the
credentialsPathreturn value is correctly used downstream inindex.ts.docs/video-call-window-management.md (1)
1-414: LGTM!This documentation file provides comprehensive coverage of the video call window management architecture, including the vanilla JS bootstrap approach, webview lifecycle, cache pre-warming, and error recovery strategies. The formatting updates improve readability.
docs/video-call-screen-sharing.md (1)
1-485: LGTM!The documentation comprehensively covers the screen sharing flow with the stale-while-revalidate caching pattern, including cache pre-warming, validation caching, and error recovery. The technical implementation snippets are clear and helpful.
docs/supported-versions-flow.md (1)
1-592: LGTM!The documentation accurately describes the version support data loading architecture with proper timing calculations. The updated retry timing (4 seconds per source with 3 attempts and 2-second delays between them) and scenario timelines are consistent.
src/ipc/channels.ts (1)
134-134: LGTM!The new
open-externalchannel follows the established pattern for IPC channels in this file. The signature(url: string) => voidcorrectly matches the handler implementation inmain.tswhich validates and opens external URLs.src/injected.ts (1)
193-218: LGTM!The external link handler implementation is well-designed:
- Uses capture phase to intercept clicks early
- Properly traverses DOM to find anchor elements via
closest()- Same-origin check using
URL.origincomparison is correct- Defensive coding with optional chaining throughout
- Silent error handling for invalid URLs is appropriate
- Complements the existing
setWindowOpenHandlerin serverView (which handles programmaticwindow.opencalls)src/main.ts (2)
68-71: Performance optimizations align with PR objectives.These command-line switches directly address the reported slow UI/UX:
disable-renderer-backgrounding: Prevents throttling of background renderer processesdisable-background-timer-throttling: Maintains timer precision when the app is backgrounded--max-old-space-size=512: Caps V8 heap at 512MB to reduce memory pressure
131-152: LGTM!The external URL handler implementation is secure and well-structured:
- URL parsing is wrapped in try/catch to reject malformed URLs
- Protocol validation via
isProtocolAllowedblocks dangerous schemes (javascript:, file:, data:, etc.)- Proper distinction between web URLs (http/https →
openExternalbrowser launcher) and system handlers (mailto:, custom protocols →shell.openExternal)
| - Debian/Ubuntu-based Linux | ||
| - `node.js` and `npm` (or Volta - the script will install it automatically if needed) | ||
| - Yarn is provided in-repo at `.yarn/releases/yarn-4.6.0.cjs` | ||
| - `dpkg` and `apt-get` (standard on Debian/Ubuntu systems) | ||
| - `curl` (for installing Volta if needed) | ||
| - Sudo access (for installation, if not running as root) | ||
|
|
||
| #### Automatic Dependency Installation | ||
|
|
||
| The script automatically installs missing dependencies: | ||
| - **Volta** (if node.js/yarn not found) - provides node.js and npm | ||
|
|
||
| - **Volta** (if node.js/npm not found) - provides node.js and npm; Yarn is already bundled in the repository at `.yarn/releases/yarn-4.6.0.cjs` | ||
| - **binutils** (if `ar` command not found) - required for building .deb packages | ||
| - **Package dependencies** - automatically resolved during .deb installation | ||
| - **Package dependencies** - resolved during .deb installation |
There was a problem hiding this comment.
🧩 Analysis chain
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "== Yarn release files =="
fd . .yarn/releases -t f 2>/dev/null || true
echo
echo "== .yarnrc.yml (if present) =="
fd '^\.yarnrc\.yml$' -x sed -n '1,120p' {}
echo
echo "== package.json packageManager field =="
fd '^package\.json$' -x sh -c 'jq -r ".packageManager // empty" "$1" 2>/dev/null | sed "s|^|$1: |"' sh {}
echo
echo "== Relevant references in docs/scripts/config =="
rg -n -C2 'yarn-4\.6\.0\.cjs|yarnPath|packageManager|corepack|yarn build-linux|yarn install' \
scripts/README.md .yarnrc.yml package.json scripts 2>/dev/null || trueRepository: RocketChat/Rocket.Chat.Electron
Length of output: 386
🏁 Script executed:
#!/bin/bash
set -euo pipefail
echo "=== Check for .yarnrc.yml ==="
if [ -f ".yarnrc.yml" ]; then
echo "File found. Contents:"
cat .yarnrc.yml
else
echo "File not found"
fi
echo
echo "=== package.json packageManager field ==="
if [ -f "package.json" ]; then
jq -r '.packageManager // "NOT SET"' package.json
else
echo "package.json not found"
fi
echo
echo "=== Search for yarn invocations in scripts and docs ==="
rg -n 'yarn\s+(build-linux|install|workspaces:build|run)' scripts/ --type markdown --type javascript --type shell 2>/dev/null | head -20 || echo "No matches found"
echo
echo "=== Check for corepack references ==="
rg -n 'corepack' . --type markdown --type javascript --type shell 2>/dev/null || echo "No corepack references"
echo
echo "=== Check how yarn is actually invoked in key scripts ==="
fd '.*\.sh$' scripts/ -x grep -l 'yarn' {} \; 2>/dev/null | head -5Repository: RocketChat/Rocket.Chat.Electron
Length of output: 578
🏁 Script executed:
sed -n '112,125p' scripts/README.mdRepository: RocketChat/Rocket.Chat.Electron
Length of output: 794
🏁 Script executed:
# Check entire scripts/README.md for corepack, packageManager, or yarnrc mentions
rg -n 'corepack|packageManager|\.yarnrc' scripts/README.mdRepository: RocketChat/Rocket.Chat.Electron
Length of output: 57
🏁 Script executed:
# Get broader context around the problematic lines
sed -n '100,140p' scripts/README.mdRepository: RocketChat/Rocket.Chat.Electron
Length of output: 1515
🏁 Script executed:
# Check if there's a setup or quickstart section that mentions yarn or corepack
head -100 scripts/README.md | tail -50Repository: RocketChat/Rocket.Chat.Electron
Length of output: 1143
Clarify how the yarn command becomes available on a fresh Volta/npm-only setup.
The documentation mentions that Yarn is bundled at .yarn/releases/yarn-4.6.0.cjs, but it doesn't explain that developers will have a working yarn command out-of-the-box because Corepack is configured (via the packageManager field in package.json). When readers follow the setup steps with Volta/npm, they should understand that Corepack automatically handles Yarn bootstrapping—they don't need to manually invoke the bundled .cjs file. Consider adding a brief note about Corepack or referencing the .yarnrc.yml configuration so the flow is clear.
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@scripts/README.md` around lines 112 - 125, Update the README to explain how
the yarn CLI becomes available when using Volta/npm by noting that Corepack is
enabled via the packageManager field in package.json (so Volta-installed
Node/npm will boot Corepack and auto-provision the bundled Yarn at
.yarn/releases/yarn-4.6.0.cjs), and optionally reference .yarnrc.yml to show any
Yarn settings; add a short sentence clarifying that users do not need to
manually execute the .cjs file to get a working yarn command.
| try { | ||
| const { session } = browserWindow.webContents; | ||
| await session.clearCache(); | ||
| await session.clearStorageData({ | ||
| storages: [ | ||
| 'cookies', | ||
| 'indexdb', | ||
| 'filesystem', | ||
| 'shadercache', | ||
| 'websql', | ||
| 'serviceworkers', | ||
| 'cachestorage', | ||
| ], | ||
| }); | ||
| console.log('Cache cleared. Reloading window...'); | ||
| browserWindow.reload(); | ||
| } catch (error) { | ||
| console.error('Failed to recover from crash:', error); | ||
| app.quit(); | ||
| } |
There was a problem hiding this comment.
Add destroyed check before accessing window session; consider data loss implications.
-
If the renderer crashes catastrophically,
browserWindowmay be destroyed before this handler executes. AccessingbrowserWindow.webContents.sessionon a destroyed window will throw. -
Clearing
cookies,indexdb, and other storage will log users out of all servers. This is more aggressive than the "clear cache" mentioned in the PR summary. Consider whether this behavior is intended.
🛡️ Proposed fix to add destroyed check
try {
+ if (browserWindow.isDestroyed()) {
+ console.error('Window destroyed during crash recovery, quitting app');
+ app.quit();
+ return;
+ }
const { session } = browserWindow.webContents;
await session.clearCache();
await session.clearStorageData({📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| try { | |
| const { session } = browserWindow.webContents; | |
| await session.clearCache(); | |
| await session.clearStorageData({ | |
| storages: [ | |
| 'cookies', | |
| 'indexdb', | |
| 'filesystem', | |
| 'shadercache', | |
| 'websql', | |
| 'serviceworkers', | |
| 'cachestorage', | |
| ], | |
| }); | |
| console.log('Cache cleared. Reloading window...'); | |
| browserWindow.reload(); | |
| } catch (error) { | |
| console.error('Failed to recover from crash:', error); | |
| app.quit(); | |
| } | |
| try { | |
| if (browserWindow.isDestroyed()) { | |
| console.error('Window destroyed during crash recovery, quitting app'); | |
| app.quit(); | |
| return; | |
| } | |
| const { session } = browserWindow.webContents; | |
| await session.clearCache(); | |
| await session.clearStorageData({ | |
| storages: [ | |
| 'cookies', | |
| 'indexdb', | |
| 'filesystem', | |
| 'shadercache', | |
| 'websql', | |
| 'serviceworkers', | |
| 'cachestorage', | |
| ], | |
| }); | |
| console.log('Cache cleared. Reloading window...'); | |
| browserWindow.reload(); | |
| } catch (error) { | |
| console.error('Failed to recover from crash:', error); | |
| app.quit(); | |
| } |
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.
In `@src/ui/main/rootWindow.ts` around lines 539 - 558, Before accessing
browserWindow.webContents.session in the crash recovery try/catch, check that
browserWindow and browserWindow.webContents are not destroyed (use
browserWindow.isDestroyed() or browserWindow.webContents.isDestroyed()) and bail
out or skip storage clearing if destroyed; update the try block around
session.clearCache() and session.clearStorageData(...) (references:
browserWindow, webContents, session, clearCache, clearStorageData) to guard
access and avoid exceptions, and if you intend to avoid aggressive data loss
reduce the storages array passed to session.clearStorageData to only include
cache-related entries (or make the storages list configurable) instead of wiping
cookies/indexdb/serviceworkers.
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (2)
workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts (1)
65-72:⚠️ Potential issue | 🟠 MajorMake missing
files[]artifacts fatal as well.Lines 69-71 still warn and continue, so
latest.ymlcan be rewritten with stalefiles[]entries while the newyamlData.pathbranch already treats the same condition as build-stopping.Suggested change
if (!fs.existsSync(filePath)) { - core.warning(`File not found: ${fileName}, skipping...`); - continue; + throw new Error(`Artifact not found: ${filePath}`); }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts` around lines 65 - 72, The loop over yamlData.files currently logs a warning and continues when a file is missing (using file.url → filePath and core.warning), which allows latest.yml to be rewritten with stale entries; change this to fail the build consistently with the yamlData.path branch by replacing the warning+continue with a fatal stop (e.g., call core.setFailed or throw an Error) naming the missing artifact (use file.url/filePath) so processing aborts when any files[] artifact is not found.src/ui/main/rootWindow.ts (1)
544-557:⚠️ Potential issue | 🟠 MajorKeep recovery cache-focused; don't wipe persisted session state.
clearStorageData()here clearscookies,indexdb,filesystem,websql,serviceworkers, andcachestorage. That is broader than “clear cache” and removes persisted session/app storage for this Electron session, whileclearCache()already clears the HTTP cache. Limit this to cache-like stores only, or skipclearStorageData()entirely. (electronjs.org)Safer recovery scope
const { session } = browserWindow.webContents; await session.clearCache(); - await session.clearStorageData({ - storages: [ - 'cookies', - 'indexdb', - 'filesystem', - 'shadercache', - 'websql', - 'serviceworkers', - 'cachestorage', - ], - }); + await session.clearStorageData({ + storages: ['shadercache', 'cachestorage'], + });🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/ui/main/rootWindow.ts` around lines 544 - 557, The current code calls session.clearStorageData() and passes storages that remove persisted session/app data (cookies, indexdb, filesystem, websql, serviceworkers, cachestorage), which is broader than intended; change the recovery logic around browserWindow.webContents.session so you either remove the session.clearStorageData() call entirely and only call session.clearCache(), or (if you must clear storage) restrict the storages array to only true cache-like stores (e.g., 'shadercache' and 'cachestorage') to avoid wiping cookies/indexedDB/service workers; update the code paths that call session.clearStorageData() accordingly.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/ui/main/rootWindow.ts`:
- Around line 527-533: The handler registered on
browserWindow.webContents.on('render-process-gone') should ignore non-crash exit
reasons before touching recovery state: check details.reason against a
crash-like whitelist (e.g., 'crashed', 'oom', 'abnormal-exit' — optionally
'killed' if you consider it recoverable) and only then increment
rendererRecoveryAttempts and run the recovery logic that checks
MAX_RENDERER_RECOVERY_ATTEMPTS; for other reasons like 'clean-exit' simply log
and return. Update the code around the existing handler (the render-process-gone
listener that references rendererRecoveryAttempts and
MAX_RENDERER_RECOVERY_ATTEMPTS) to perform this guard as the first step.
---
Duplicate comments:
In `@src/ui/main/rootWindow.ts`:
- Around line 544-557: The current code calls session.clearStorageData() and
passes storages that remove persisted session/app data (cookies, indexdb,
filesystem, websql, serviceworkers, cachestorage), which is broader than
intended; change the recovery logic around browserWindow.webContents.session so
you either remove the session.clearStorageData() call entirely and only call
session.clearCache(), or (if you must clear storage) restrict the storages array
to only true cache-like stores (e.g., 'shadercache' and 'cachestorage') to avoid
wiping cookies/indexedDB/service workers; update the code paths that call
session.clearStorageData() accordingly.
In `@workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts`:
- Around line 65-72: The loop over yamlData.files currently logs a warning and
continues when a file is missing (using file.url → filePath and core.warning),
which allows latest.yml to be rewritten with stale entries; change this to fail
the build consistently with the yamlData.path branch by replacing the
warning+continue with a fatal stop (e.g., call core.setFailed or throw an Error)
naming the missing artifact (use file.url/filePath) so processing aborts when
any files[] artifact is not found.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: cfd00dc7-b8b9-4dd2-bcd3-47123e3f9425
📒 Files selected for processing (5)
src/i18n/es.i18n.jsonsrc/ui/main/rootWindow.tsworkspaces/desktop-release-action/action.ymlworkspaces/desktop-release-action/src/windows/signing-tools.tsworkspaces/desktop-release-action/src/windows/update-yaml-checksums.ts
🚧 Files skipped from review as they are similar to previous changes (3)
- workspaces/desktop-release-action/src/windows/signing-tools.ts
- workspaces/desktop-release-action/action.yml
- src/i18n/es.i18n.json
📜 Review details
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx}: Use TypeScript strict mode enabled in TypeScript configuration
Use React functional components with hooks instead of class components
Follow FSA (Flux Standard Action) pattern for Redux actions
Use camelCase for file names and PascalCase for component file names
All code must pass ESLint and TypeScript checks
Write self-documenting code with clear naming; avoid unnecessary comments except for complex business logic or non-obvious decisions
Use Fuselage components from@rocket.chat/fuselagefor all UI work and only create custom components when Fuselage doesn't provide what's needed
CheckTheme.d.tsfor valid color tokens when using Fuselage components
Use defensive coding with optional chaining and fallbacks for Linux-only APIs (process.getuid(), process.getgid(), process.geteuid(), process.getegid()) to ensure cross-platform compatibility across Windows, macOS, and Linux
Files:
src/ui/main/rootWindow.tsworkspaces/desktop-release-action/src/windows/update-yaml-checksums.ts
🔇 Additional comments (2)
workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts (1)
93-104: Good fail-fast handling foryamlData.path.This prevents writing a manifest whose primary download entry already points at a missing artifact.
src/ui/main/rootWindow.ts (1)
48-50: Remove this comment—GPU and renderer handlers address distinct process types.
child-process-gonefires for GPU process failures;render-process-gonefires for the renderer process. These are separate Electron events on different objects and should not be triggered by the same incident. No shared recovery state is needed because each handler responds to a distinct process failure. The renderer handler clears session state and reloads the renderer, while the GPU handler relaunches the app with GPU disabled—these do not compete because they handle fundamentally different failure modes.> Likely an incorrect or invalid review comment.
There was a problem hiding this comment.
🧹 Nitpick comments (1)
src/ui/main/rootWindow.ts (1)
530-532: Consider filtering additional non-crash exit reasons.Currently only
clean-exitis filtered. Otherrender-process-gonereasons likekilled(external SIGTERM, e.g., OS resource management) may not warrant cache-clearing recovery. However, the current conservative approach is acceptable for the PR's stability goals.If you want to be more selective, you could explicitly allow only crash-like reasons:
♻️ Optional: Explicit allow-list for crash reasons
browserWindow.webContents.on( 'render-process-gone', async (_event, details) => { - if (details.reason === 'clean-exit') { + const crashReasons = ['crashed', 'oom', 'abnormal-exit', 'launch-failed']; + if (!crashReasons.includes(details.reason)) { return; }🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/ui/main/rootWindow.ts` around lines 530 - 532, The handler in rootWindow.ts currently only ignores details.reason === 'clean-exit' for render-process-gone; change it to explicitly allow only crash-like reasons by replacing that single check with an allow-list check against details.reason (e.g., only proceed for values like 'crashed' or 'abnormal-exit'), and return early for any other reasons (including 'clean-exit', 'killed', etc.); update the render-process-gone event handler where details.reason is used to implement this allow-list logic.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Nitpick comments:
In `@src/ui/main/rootWindow.ts`:
- Around line 530-532: The handler in rootWindow.ts currently only ignores
details.reason === 'clean-exit' for render-process-gone; change it to explicitly
allow only crash-like reasons by replacing that single check with an allow-list
check against details.reason (e.g., only proceed for values like 'crashed' or
'abnormal-exit'), and return early for any other reasons (including
'clean-exit', 'killed', etc.); update the render-process-gone event handler
where details.reason is used to implement this allow-list logic.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 0d59fc8d-7f60-4b1b-b0e4-9c88f90a3f5c
📒 Files selected for processing (2)
src/ui/main/rootWindow.tsworkspaces/desktop-release-action/src/windows/update-yaml-checksums.ts
🚧 Files skipped from review as they are similar to previous changes (1)
- workspaces/desktop-release-action/src/windows/update-yaml-checksums.ts
📜 Review details
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx}: Use TypeScript strict mode enabled in TypeScript configuration
Use React functional components with hooks instead of class components
Follow FSA (Flux Standard Action) pattern for Redux actions
Use camelCase for file names and PascalCase for component file names
All code must pass ESLint and TypeScript checks
Write self-documenting code with clear naming; avoid unnecessary comments except for complex business logic or non-obvious decisions
Use Fuselage components from@rocket.chat/fuselagefor all UI work and only create custom components when Fuselage doesn't provide what's needed
CheckTheme.d.tsfor valid color tokens when using Fuselage components
Use defensive coding with optional chaining and fallbacks for Linux-only APIs (process.getuid(), process.getgid(), process.geteuid(), process.getegid()) to ensure cross-platform compatibility across Windows, macOS, and Linux
Files:
src/ui/main/rootWindow.ts
🔇 Additional comments (3)
src/ui/main/rootWindow.ts (3)
27-27: LGTM! Background throttling disabled to prevent UI lag.This change correctly addresses one of the root causes identified in the PR - UI thread being throttled in the background. Combined with the
disable-renderer-backgroundingcommand-line switch, this should prevent the renderer from being throttled when the window loses focus.
48-50: LGTM! State variables properly support crash recovery logic.The module-level state correctly tracks handler registration (preventing duplicate listeners as mentioned in PR objectives) and limits recovery attempts. Setting
MAX_RENDERER_RECOVERY_ATTEMPTSto 1 is reasonable - repeated crashes indicate a deeper issue that cache clearing won't fix.
523-562: Previous review feedback has been addressed.The implementation correctly handles the concerns from past reviews:
Non-crash exit filtering (lines 530-532): The
clean-exitcheck prevents normal exits from consuming recovery attempts.Destroyed window check (lines 543-546): Guards against accessing a destroyed window before session operations.
Data preservation (lines 551-553): Only clears
shadercacheandcachestorage, preserving user data like cookies and IndexedDB.Duplicate listener prevention (lines 524-525): The
crashHandlerRegisteredflag prevents accumulating handlers on reload, addressing one of the PR's root causes.
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In `@src/ui/main/rootWindow.ts`:
- Around line 48-50: The recovery counter rendererRecoveryAttempts is never
reset after a successful recovery; update the recovery flow (where you handle
renderer crashes and perform a reload/recreate—e.g., the function that
increments rendererRecoveryAttempts and the code path that performs the
successful reload/recovery) to reset rendererRecoveryAttempts = 0 after the
renderer has successfully recovered (for example in the reload success callback
or in the BrowserWindow 'did-finish-load' / ready/healthy check), and optionally
reset it after a stability timeout; keep MAX_RENDERER_RECOVERY_ATTEMPTS and
crashHandlerRegistered logic unchanged except use the reset to allow new
recovery attempts on future, unrelated crashes.
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 4792b86e-e6c1-4f61-b034-81d0bae181e1
📒 Files selected for processing (1)
src/ui/main/rootWindow.ts
📜 Review details
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx}: Use TypeScript strict mode enabled in TypeScript configuration
Use React functional components with hooks instead of class components
Follow FSA (Flux Standard Action) pattern for Redux actions
Use camelCase for file names and PascalCase for component file names
All code must pass ESLint and TypeScript checks
Write self-documenting code with clear naming; avoid unnecessary comments except for complex business logic or non-obvious decisions
Use Fuselage components from@rocket.chat/fuselagefor all UI work and only create custom components when Fuselage doesn't provide what's needed
CheckTheme.d.tsfor valid color tokens when using Fuselage components
Use defensive coding with optional chaining and fallbacks for Linux-only APIs (process.getuid(), process.getgid(), process.geteuid(), process.getegid()) to ensure cross-platform compatibility across Windows, macOS, and Linux
Files:
src/ui/main/rootWindow.ts
🔇 Additional comments (2)
src/ui/main/rootWindow.ts (2)
27-27: LGTM!Disabling
backgroundThrottlingaligns with the PR objective to prevent UI throttling when the app is in the background. This is a reasonable trade-off for maintaining UI responsiveness.
523-568: Previous review feedback has been addressed.The crash handler implementation now correctly:
- Filters non-crash exit reasons (lines 530-538) -
clean-exitno longer triggers recovery- Checks
browserWindow.isDestroyed()before accessing session (line 549)- Clears only cache-related storages (
shadercache,cachestorage) instead of aggressive clearing of cookies/indexdb (line 558)One minor observation: the
isDestroyed()check on line 549 validates the window, butbrowserWindow.webContentscould theoretically be in an invalid state even if the window itself isn't destroyed. Consider addingbrowserWindow.webContents.isDestroyed()as an additional guard.💡 Optional hardening
if (browserWindow.isDestroyed()) { app.quit(); return; } try { + if (browserWindow.webContents.isDestroyed()) { + console.error('WebContents destroyed during crash recovery, quitting app'); + app.quit(); + return; + } const { session } = browserWindow.webContents;
There was a problem hiding this comment.
♻️ Duplicate comments (1)
src/ui/main/rootWindow.ts (1)
563-568:⚠️ Potential issue | 🟠 MajorReset the recovery budget after a confirmed reload, not immediately after
reload().The timer starts right after Line 563, so a renderer that keeps dying every ~60s can regain its retry budget without ever proving the recovery worked. That weakens
MAX_RENDERER_RECOVERY_ATTEMPTSand can turn a persistent crash into a permanent reload loop.💡 Suggested fix
- console.log('Cache cleared. Reloading window...'); - browserWindow.reload(); - - if (recoveryResetTimer) clearTimeout(recoveryResetTimer); - recoveryResetTimer = setTimeout(() => { - rendererRecoveryAttempts = 0; - }, RECOVERY_RESET_DELAY_MS); + if (recoveryResetTimer) { + clearTimeout(recoveryResetTimer); + recoveryResetTimer = null; + } + + browserWindow.webContents.once('did-finish-load', () => { + recoveryResetTimer = setTimeout(() => { + rendererRecoveryAttempts = 0; + }, RECOVERY_RESET_DELAY_MS); + }); + + console.log('Cache cleared. Reloading window...'); + browserWindow.reload();🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In `@src/ui/main/rootWindow.ts` around lines 563 - 568, The current code resets rendererRecoveryAttempts immediately after calling browserWindow.reload(), allowing the retry budget to be restored before a successful reload; instead, clear any existing recoveryResetTimer and start the RECOVERY_RESET_DELAY_MS timer only after the renderer has actually finished loading successfully. Move the setTimeout logic into a one-time success callback on browserWindow.webContents (e.g., webContents.once('did-finish-load' or equivalent) or another confirmed-success event), ensure you still clearTimeout(recoveryResetTimer) before setting a new timer, and only reset rendererRecoveryAttempts = 0 inside that success handler; keep references to recoveryResetTimer, rendererRecoveryAttempts, RECOVERY_RESET_DELAY_MS, browserWindow.reload(), and webContents.once('did-finish-load').
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Duplicate comments:
In `@src/ui/main/rootWindow.ts`:
- Around line 563-568: The current code resets rendererRecoveryAttempts
immediately after calling browserWindow.reload(), allowing the retry budget to
be restored before a successful reload; instead, clear any existing
recoveryResetTimer and start the RECOVERY_RESET_DELAY_MS timer only after the
renderer has actually finished loading successfully. Move the setTimeout logic
into a one-time success callback on browserWindow.webContents (e.g.,
webContents.once('did-finish-load' or equivalent) or another confirmed-success
event), ensure you still clearTimeout(recoveryResetTimer) before setting a new
timer, and only reset rendererRecoveryAttempts = 0 inside that success handler;
keep references to recoveryResetTimer, rendererRecoveryAttempts,
RECOVERY_RESET_DELAY_MS, browserWindow.reload(), and
webContents.once('did-finish-load').
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: CHILL
Plan: Pro
Run ID: 31c2dd54-bdcb-4e3c-8382-01dfa0715d1e
📒 Files selected for processing (1)
src/ui/main/rootWindow.ts
📜 Review details
🧰 Additional context used
📓 Path-based instructions (1)
**/*.{ts,tsx}
📄 CodeRabbit inference engine (AGENTS.md)
**/*.{ts,tsx}: Use TypeScript strict mode enabled in TypeScript configuration
Use React functional components with hooks instead of class components
Follow FSA (Flux Standard Action) pattern for Redux actions
Use camelCase for file names and PascalCase for component file names
All code must pass ESLint and TypeScript checks
Write self-documenting code with clear naming; avoid unnecessary comments except for complex business logic or non-obvious decisions
Use Fuselage components from@rocket.chat/fuselagefor all UI work and only create custom components when Fuselage doesn't provide what's needed
CheckTheme.d.tsfor valid color tokens when using Fuselage components
Use defensive coding with optional chaining and fallbacks for Linux-only APIs (process.getuid(), process.getgid(), process.geteuid(), process.getegid()) to ensure cross-platform compatibility across Windows, macOS, and Linux
Files:
src/ui/main/rootWindow.ts
…hat#3028) * perf: Optimize server loading by deferring inactive webviews * bump version * remove duplicated code
Project Name: Rocket.Chat.Electron Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144 User: Robot Lingohub Easy language translations with Lingohub 🚀 Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
* create update channel selection * fix select * order channels name * add translations * fix lint
* updated electron-builder v26.0.3 * add flipFuses
Project Name: Rocket.Chat.Electron Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144 User: Lingohub Robot Easy language translations with Lingohub 🚀 Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
* chore: remove package-lock.json in favor of yarn.lock This project uses Yarn as its package manager. Having both package-lock.json and yarn.lock tracked causes conflicts and breaks npx/npm tooling due to devEngines format differences. * chore: anchor package-lock.json ignore to repository root
* fix: Bugsnag network connections even with errors reporting disabled (#3190)
* fix: disable Bugsnag auto session tracking to prevent unwanted network connections
Adds autoTrackSessions: false to Bugsnag.start() configuration to prevent
the SDK from automatically connecting to sessions.bugsnag.com on initialization.
This fixes issues in air-gapped networks where the connection attempt triggers
certificate error dialogs even when telemetry is disabled.
Also upgrades @bugsnag/js from v7.22.3 to v8.8.1.
* test: add integration tests for Bugsnag network behavior
- Use nock to intercept real HTTP requests from Bugsnag SDK
- Verify no network calls when reporting is disabled
- Verify sessions are sent when reporting is enabled
- Use Object.defineProperty for env var mocking
- Skip tests on Windows due to Jest module mocking issues
* Version 4.12.1-alpha.1
* feat: add admin setting to bypass SSL certificate validation for Outlook calendar
Add `allowInsecureOutlookConnections` setting for air-gapped environments
where Exchange servers use self-signed or internal CA certificates.
Configurable via overridden-settings.json:
{ "allowInsecureOutlookConnections": true }
Changes:
- Add new reducer for the setting (defaults to false)
- Apply setting to both Exchange (XhrApi) and Rocket.Chat (axios) connections
- Reuse single HTTPS agent per sync for better performance
- Fix missing await on createEventOnRocketChatServer call
* Version 4.12.1-alpha.2
* chore: patch @ewsjs/xhr to stop overwriting request errors
* lock file
* fix: make allowInsecureOutlookConnections override-only setting
The setting was being persisted to config.json, which meant once set to
true it would stay true even after removing from overridden-settings.json.
Changes:
- Remove from PersistableValues type and migrations
- Remove from selectPersistableValues selector
- Explicitly read from override files on each app start
- Accept case-insensitive "true" values for robustness
- Always defaults to false when key is missing
This ensures admins have full control over the setting in air-gapped
environments where remote debugging is not possible.
* feat: add admin setting to bypass SSL certificate validation for Outlook calendar (#3191)
* feat: add admin setting to bypass SSL certificate validation for Outlook calendar
Add `allowInsecureOutlookConnections` setting for air-gapped environments
where Exchange servers use self-signed or internal CA certificates.
Configurable via overridden-settings.json:
{ "allowInsecureOutlookConnections": true }
Changes:
- Add new reducer for the setting (defaults to false)
- Apply setting to both Exchange (XhrApi) and Rocket.Chat (axios) connections
- Reuse single HTTPS agent per sync for better performance
- Fix missing await on createEventOnRocketChatServer call
* Version 4.12.1-alpha.2
* chore: patch @ewsjs/xhr to stop overwriting request errors
* lock file
* fix: make allowInsecureOutlookConnections override-only setting
The setting was being persisted to config.json, which meant once set to
true it would stay true even after removing from overridden-settings.json.
Changes:
- Remove from PersistableValues type and migrations
- Remove from selectPersistableValues selector
- Explicitly read from override files on each app start
- Accept case-insensitive "true" values for robustness
- Always defaults to false when key is missing
This ensures admins have full control over the setting in air-gapped
environments where remote debugging is not possible.
---------
Co-authored-by: Pierre Lehnen <pierre.lehnen@rocket.chat>
* Add configurable Outlook calendar sync interval (#3198)
* feat: add configurable Outlook calendar sync interval (1-60 min)
Adds a user-editable sync interval setting to Settings > General,
with admin override support via overridden-settings.json. Uses a
nullable override pattern (number | null) to cleanly separate admin
overrides from persisted user preferences, preventing contamination.
Includes debounced runtime restart of the sync task on changes.
* chore: bump version to 4.12.1-alpha.3, improve sync interval change handling
Increases debounce to 10s, triggers an immediate sync before
rescheduling, and adds a log message when the interval changes.
* fix: clean up sync state when credentials are cleared or app shuts down
Prevents stale credentials from being used by the debounced interval
restart callback. Clears timers, nulls module-level state, and
unsubscribes the interval watcher on credential clear and shutdown.
* feat: Add outlook detailed logs toggle (#3199)
* feat: Add Exchange/EWS debugging patches and error classification (#3187)
* chore(theme): transparency mode not removing background of server view (#3156)
* Language update from Lingohub 🤖 (#3165)
Project Name: Rocket.Chat.Electron
Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144
User: Lingohub Robot
Easy language translations with Lingohub 🚀
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
* feat: Implement user theme preference settings (#3160)
* feat: Implement user theme preference settings and remove legacy theme appearance handling
- Introduced a new `ThemeAppearance` component to manage user theme preferences, allowing selection between 'auto', 'light', and 'dark' themes.
- Updated state management to include `userThemePreference`, replacing the previous `themeAppearance` handling.
- Removed deprecated theme appearance logic from various components and files, streamlining the codebase.
- Added internationalization support for theme appearance settings across multiple languages.
- Enhanced the UI to reflect user-selected theme preferences dynamically.
* fix(i18n): Correct Norwegian translation for theme appearance description
* fix(theme): Validate theme preference values before dispatching
- Updated the `handleChangeTheme` function to include validation for theme preference values, ensuring only 'auto', 'light', or 'dark' are accepted. This change prevents invalid values from being dispatched, enhancing the robustness of the theme management logic.
* refactor(DocumentViewer): Update theme management to utilize Redux state for user preferences
- Replaced the use of `useDarkMode` with Redux selectors to determine the theme based on user preferences and machine theme.
- Enhanced theme logic to support 'auto', 'light', and 'dark' settings, improving the flexibility and responsiveness of the theme management in the DocumentViewer component.
* refactor(DocumentViewer): Simplify theme management by removing Redux dependencies
- Eliminated the use of Redux selectors for theme management in the DocumentViewer component, replacing it with a static 'tint' background and default color settings.
- Streamlined the component's code by removing unnecessary theme logic, enhancing readability and maintainability.
* chore: Clean up code by removing unnecessary blank lines in ThemeAppearance, TransparentWindow, and userThemePreference files
* fix: Address PR review comments and restore API compatibility
- Remove trailing blank lines from ThemeAppearance.tsx, TransparentWindow.tsx, and userThemePreference.ts
- Restore setUserThemeAppearance as no-op function for backwards compatibility with @rocket.chat/desktop-api interface
* fix: resolve 91 security vulnerabilities in dependencies (#3173)
* fix: resolve 91 security vulnerabilities in dependencies
- Update axios 1.6.4 -> 1.13.2 (SSRF, DoS, credential leakage)
- Update electron-updater 5.3.0 -> 6.3.9 (code signing bypass)
- Update rollup 4.9.6 -> 4.32.0 (DOM clobbering XSS)
- Update glob 11.0.3 -> 11.1.0 in workspace (command injection)
- Add resolutions for transitive dependencies:
- cross-spawn, braces, ws, follow-redirects
- form-data, tar-fs, undici
- Add comprehensive security remediation documentation
* docs: fix markdown lint - add language specifier to code block
* chore: Remove security documentation from repository
Security vulnerability remediation documentation kept locally for reference.
* fix: Issues in German translation (#3155)
* chore: Upgrade Electron and Node.js versions, update README and packa… (#3179)
* chore: Upgrade Electron and Node.js versions, update README and package configurations
- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.
* chore: Bump version numbers in configuration files
- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.
* docs: Update README to reflect new platform support and installation formats
- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.
* docs: Revise README layout for download links
- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.
* chore: Update @types/node version in package.json and yarn.lock
- Upgraded @types/node from version 16.18.69 to 25.0.10 in both package.json and yarn.lock to ensure compatibility with the latest TypeScript features and improvements.
* chore: Enable alpha releases (#3180)
* chore: Upgrade Electron and Node.js versions, update README and package configurations
- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.
* chore: Bump version numbers in configuration files
- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.
* docs: Update README to reflect new platform support and installation formats
- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.
* docs: Revise README layout for download links
- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.
* docs: Add alpha release process documentation
- Introduced a new document detailing the alpha release process for the Rocket.Chat Desktop app, including channel definitions, versioning guidelines, and steps for creating and publishing alpha releases.
- Included instructions for users to opt into the alpha channel and troubleshooting tips for common issues.
* chore: Update architecture support and Node.js version requirements
- Added 'arm64' architecture support to the build targets in electron-builder.json for NSIS, MSI, and ZIP formats.
- Lowered the minimum Node.js version requirement in package.json from >=24.11.1 to >=20.0.0 for better compatibility.
* chore: Change develop branch to dev for release workflow
Update build-release workflow and desktop-release-action to use 'dev'
branch instead of 'develop' for development releases.
* chore: Update versioning and add release tag script
- Bumped version in package.json to 4.12.0.alpha.1.
- Added scripts/release-tag.ts for automated release tagging.
- Updated .eslintignore to exclude the new scripts directory.
* chore: Correct version format in package.json
- Updated version format in package.json from "4.12.0.alpha.1" to "4.12.0-alpha.1" for consistency.
* chore: Update all workflows to use dev branch instead of develop
- validate-pr.yml: Add dev to PR target branches
- powershell-lint.yml: Change develop to dev
- pull-request-build.yml: Change develop to dev
* fix: Normalize tags for consistent comparison in release-tag script
Strip leading 'v' prefix when comparing tags to handle both v-prefixed
and non-prefixed tag formats consistently.
* chore: Increment bundle version in electron-builder.json to 26012
* chore: Address nitpick comments in release-tag script
- Add comment explaining why /scripts is excluded from eslint
- Return null on exec error to distinguish from empty output
- Add warning when git tag list fails
- Use -- separator in git commands for safety
* fix: Add jsign to GITHUB_PATH in Windows CI setup
The jsign tool was being installed but not added to PATH for subsequent
steps. This caused the "Verify tools" step to fail with "jsign not found".
* chore: Bump version to 4.12.0-alpha.2
- Updated version in package.json to 4.12.0-alpha.2
- Incremented bundleVersion in electron-builder.json to 26013
* docs: Add QA testing guide for alpha channel updates
* docs: Rename alpha docs to pre-release and fix workflow concurrency
- Rename alpha-release-process.md to pre-release-process.md
- Add beta release documentation
- Add detailed channel switching instructions
- Fix concurrency group using github.ref instead of github.head_ref
(github.head_ref is empty for push events, causing tag builds to cancel)
* feat(outlook): add @ewsjs/xhr debugging patches
Add comprehensive NTLM authentication debugging to @ewsjs/xhr library:
- patches-src/ directory structure for maintainable patches
- Enhanced ntlmProvider.ts with detailed NTLM handshake logging
- Enhanced xhrApi.ts with HTTP request/response debugging
- Yarn patch resolution for @ewsjs/xhr@2.0.2
- apply-patches.sh script for regenerating patches
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* feat(outlook): add type definitions for calendar sync
Add error-related type definitions to support error classification:
- ErrorSource: exchange, rocket_chat, desktop_app, network, authentication, configuration
- ErrorSeverity: low, medium, high, critical
- OutlookCalendarError: full error object with context
- ErrorClassification: pattern matching result type
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* feat(outlook): add error classification system
Add comprehensive error classification for Outlook calendar sync:
- Pattern-based error detection for Exchange, Rocket.Chat, and desktop errors
- Automatic severity and source classification
- User-friendly error messages with suggested actions
- Structured logging format for debugging
- Support for NTLM auth, network, SSL, and credential errors
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* feat(outlook): enhance calendar sync with debugging and mutex
* test(outlook): add tests for getOutlookEvents
* feat(outlook): add logging infrastructure for calendar debugging
* chore: fix linting issues for Outlook calendar debugging
- Exclude patches-src/ from eslint (not part of main build)
- Fix has-credentials handler return type to match expected signature
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* fix: address CodeRabbit review issues for Outlook calendar
- Fix console transport recursion by using originalConsole in writeFn
- Fix infinite recursion in redactObject using destructuring
- Remove NTLM Type 3 message logging (contains credentials)
- Fix queued sync promises never resolving by tracking resolve/reject
- Fix unhandled async errors in preload using .then().catch()
- Accept HTTP 2xx status codes instead of only 200
- Fix URL validation to check pathname instead of full URL
- Update tests to match actual implementation behavior
* feat(settings): add Developer tab with verbose Outlook logging toggle
- Add Developer tab in Settings (only visible when developer mode enabled)
- Add verbose Outlook logging toggle to control [OutlookCalendar] console output
- Add colored console output for better visibility on dark themes
- Redirect to General tab when developer mode disabled while on Developer tab
- Create centralized logger (outlookLog, outlookError, etc.) in src/outlookCalendar/logger.ts
- Convert all direct console.log calls to use centralized logger
- Fix infinite recursion bug in patches (verboseLog calling itself)
- Add AGENTS.md documentation files for knowledge management
- Use theme-aware colors for Settings UI text
* fix(ci): remove conflicting patch-package patch for @ewsjs/xhr
The @ewsjs/xhr package is already patched via Yarn's patch protocol
(.yarn/patches/). The patch-package patch was accidentally added and
conflicts with the already-applied Yarn patch, causing CI failures.
* docs: add patching mechanism documentation to AGENTS.md
Clarify that @ewsjs/xhr uses Yarn patch protocol (.yarn/patches/)
while patch-package (patches/) is only for other packages.
This prevents accidental CI breakage from conflicting patches.
* fix: address CodeRabbit review comments
- logger.ts: Use shared prefix constants instead of duplicating strings
- getOutlookEvents.ts: Replace Promise.reject() with throw statements
- getOutlookEvents.ts: Route console.error through outlookError
- ipc.ts: Route all console.* through outlookLog/outlookWarn/outlookError
- ipc.ts: Replace Promise.reject(e) with throw e
- AGENTS.md: Fix markdown formatting and update versions
* fix(outlook): address CodeRabbit review issues
- Add JSDoc to syncEventsWithRocketChatServer documenting sync coalescing
- Remove isSyncInProgress check in initial sync (let queue handle it)
- Remove logging implementation details test (tested console.log colors)
* chore: remove unused patches-src directory
The debugging code in patches-src/ was never applied - only the minimal
bug fix in .yarn/patches/ is used. Removing dead code to avoid confusion.
* fix: address all code review issues from PR #3187 review
CRITICAL fixes:
- Support multi-server sync state (Map instead of globals)
- Fix Promise<Promise<boolean>> return type
- Use JSON.stringify for safe string escaping in executeJavaScript
MAJOR fixes:
- Add RocketChat calendar event types for type safety
- CRUD operations now return {success, error?} instead of swallowing errors
- Replace sync fs.appendFileSync with async fs.promises.appendFile
- Add useId() and htmlFor for accessibility in ThemeAppearance
- Apply privacy redaction to all transports (not just file)
MINOR fixes:
- Extract magic numbers to named constants
- Extract duplicate buildEwsPathname helper function
- Remove unused _context parameter from classifyError
- Remove fire-and-forget connectivity test calls
- Add originalConsole fallback in preload logging
- Optimize getComponentContext to skip stack trace for log/info/debug
- Fix email regex typo: [A-Z|a-z] -> [A-Za-z]
- Fix double timestamp in createClassifiedError
- Replace inline style with Fuselage pt prop
* fix(outlook): fix race condition in sync queue processing
Changed 'if' to 'while' loop to ensure all queued syncs are processed.
Previously, syncs queued while lastSync.run() was executing would be lost
because the queue was cleared before processing started.
* fix: address additional code review issues
- Fix pool exhaustion bug in context.ts: add overflow counter fallback
when availableServerIds is depleted, emit warning with diagnostics
- Fix PII leak in ipc.ts error logging: move sensitive fields (subject,
responseData) to verbose-only outlookLog calls at 5 locations
- Fix silent failure in performSync: throw error instead of silent
return when eventsOnRocketChatServer fetch fails
* fix(logging): add captureComponentStack parameter to getLogContext
Allows callers to opt into stack-based component detection by passing
captureComponentStack=true, while preserving default behavior.
---------
Co-authored-by: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Max Lee <max@themoep.de>
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* feat: Add scoped logging infrastructure and log viewer window (#3186)
* chore(theme): transparency mode not removing background of server view (#3156)
* Language update from Lingohub 🤖 (#3165)
Project Name: Rocket.Chat.Electron
Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144
User: Lingohub Robot
Easy language translations with Lingohub 🚀
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
* feat: Implement user theme preference settings (#3160)
* feat: Implement user theme preference settings and remove legacy theme appearance handling
- Introduced a new `ThemeAppearance` component to manage user theme preferences, allowing selection between 'auto', 'light', and 'dark' themes.
- Updated state management to include `userThemePreference`, replacing the previous `themeAppearance` handling.
- Removed deprecated theme appearance logic from various components and files, streamlining the codebase.
- Added internationalization support for theme appearance settings across multiple languages.
- Enhanced the UI to reflect user-selected theme preferences dynamically.
* fix(i18n): Correct Norwegian translation for theme appearance description
* fix(theme): Validate theme preference values before dispatching
- Updated the `handleChangeTheme` function to include validation for theme preference values, ensuring only 'auto', 'light', or 'dark' are accepted. This change prevents invalid values from being dispatched, enhancing the robustness of the theme management logic.
* refactor(DocumentViewer): Update theme management to utilize Redux state for user preferences
- Replaced the use of `useDarkMode` with Redux selectors to determine the theme based on user preferences and machine theme.
- Enhanced theme logic to support 'auto', 'light', and 'dark' settings, improving the flexibility and responsiveness of the theme management in the DocumentViewer component.
* refactor(DocumentViewer): Simplify theme management by removing Redux dependencies
- Eliminated the use of Redux selectors for theme management in the DocumentViewer component, replacing it with a static 'tint' background and default color settings.
- Streamlined the component's code by removing unnecessary theme logic, enhancing readability and maintainability.
* chore: Clean up code by removing unnecessary blank lines in ThemeAppearance, TransparentWindow, and userThemePreference files
* fix: Address PR review comments and restore API compatibility
- Remove trailing blank lines from ThemeAppearance.tsx, TransparentWindow.tsx, and userThemePreference.ts
- Restore setUserThemeAppearance as no-op function for backwards compatibility with @rocket.chat/desktop-api interface
* fix: resolve 91 security vulnerabilities in dependencies (#3173)
* fix: resolve 91 security vulnerabilities in dependencies
- Update axios 1.6.4 -> 1.13.2 (SSRF, DoS, credential leakage)
- Update electron-updater 5.3.0 -> 6.3.9 (code signing bypass)
- Update rollup 4.9.6 -> 4.32.0 (DOM clobbering XSS)
- Update glob 11.0.3 -> 11.1.0 in workspace (command injection)
- Add resolutions for transitive dependencies:
- cross-spawn, braces, ws, follow-redirects
- form-data, tar-fs, undici
- Add comprehensive security remediation documentation
* docs: fix markdown lint - add language specifier to code block
* chore: Remove security documentation from repository
Security vulnerability remediation documentation kept locally for reference.
* fix: Issues in German translation (#3155)
* chore: Upgrade Electron and Node.js versions, update README and packa… (#3179)
* chore: Upgrade Electron and Node.js versions, update README and package configurations
- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.
* chore: Bump version numbers in configuration files
- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.
* docs: Update README to reflect new platform support and installation formats
- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.
* docs: Revise README layout for download links
- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.
* chore: Update @types/node version in package.json and yarn.lock
- Upgraded @types/node from version 16.18.69 to 25.0.10 in both package.json and yarn.lock to ensure compatibility with the latest TypeScript features and improvements.
* chore: Enable alpha releases (#3180)
* chore: Upgrade Electron and Node.js versions, update README and package configurations
- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.
* chore: Bump version numbers in configuration files
- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.
* docs: Update README to reflect new platform support and installation formats
- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.
* docs: Revise README layout for download links
- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.
* docs: Add alpha release process documentation
- Introduced a new document detailing the alpha release process for the Rocket.Chat Desktop app, including channel definitions, versioning guidelines, and steps for creating and publishing alpha releases.
- Included instructions for users to opt into the alpha channel and troubleshooting tips for common issues.
* chore: Update architecture support and Node.js version requirements
- Added 'arm64' architecture support to the build targets in electron-builder.json for NSIS, MSI, and ZIP formats.
- Lowered the minimum Node.js version requirement in package.json from >=24.11.1 to >=20.0.0 for better compatibility.
* chore: Change develop branch to dev for release workflow
Update build-release workflow and desktop-release-action to use 'dev'
branch instead of 'develop' for development releases.
* chore: Update versioning and add release tag script
- Bumped version in package.json to 4.12.0.alpha.1.
- Added scripts/release-tag.ts for automated release tagging.
- Updated .eslintignore to exclude the new scripts directory.
* chore: Correct version format in package.json
- Updated version format in package.json from "4.12.0.alpha.1" to "4.12.0-alpha.1" for consistency.
* chore: Update all workflows to use dev branch instead of develop
- validate-pr.yml: Add dev to PR target branches
- powershell-lint.yml: Change develop to dev
- pull-request-build.yml: Change develop to dev
* fix: Normalize tags for consistent comparison in release-tag script
Strip leading 'v' prefix when comparing tags to handle both v-prefixed
and non-prefixed tag formats consistently.
* chore: Increment bundle version in electron-builder.json to 26012
* chore: Address nitpick comments in release-tag script
- Add comment explaining why /scripts is excluded from eslint
- Return null on exec error to distinguish from empty output
- Add warning when git tag list fails
- Use -- separator in git commands for safety
* fix: Add jsign to GITHUB_PATH in Windows CI setup
The jsign tool was being installed but not added to PATH for subsequent
steps. This caused the "Verify tools" step to fail with "jsign not found".
* chore: Bump version to 4.12.0-alpha.2
- Updated version in package.json to 4.12.0-alpha.2
- Incremented bundleVersion in electron-builder.json to 26013
* docs: Add QA testing guide for alpha channel updates
* docs: Rename alpha docs to pre-release and fix workflow concurrency
- Rename alpha-release-process.md to pre-release-process.md
- Add beta release documentation
- Add detailed channel switching instructions
- Fix concurrency group using github.ref instead of github.head_ref
(github.head_ref is empty for push events, causing tag builds to cancel)
* feat(logging): add scoped logging infrastructure
* feat(log-viewer): add log viewer window and components
* build: add log viewer window build configuration
* feat: integrate logging and log viewer into app lifecycle
* feat: add log viewer IPC channels and menu item
* feat: add i18n translations and fix UI color tokens
* chore: add logging dependencies and fix type error
* fix: address code review feedback
- Add 'silly' log level to LogLevel type for electron-log compatibility
- Fix duplicate server IDs by using overflow counter instead of MAX_SERVER_ID
- Reset startInProgress flag when retry count exceeded in preload
- Add statLog to log viewer preload API
- Use contextIsolation and preload script for log viewer window security
- Replace direct ipcRenderer usage with window.logViewerAPI in renderer
* revert: restore log viewer window settings and add architecture guidelines
- Revert nodeIntegration/contextIsolation changes that broke log viewer
- Add CLAUDE.md guidelines to prevent destructive architecture changes
- Document that existing code patterns exist for specific reasons
* fix: address code review feedback from CodeRabbit
This commit addresses three major review comments:
1. Remove unused preload script for log viewer window
- The preload.ts was built but never wired to the BrowserWindow
- Current implementation uses nodeIntegration: true and contextIsolation: false
- Removed unused build entry from rollup.config.mjs
- Deleted unused src/logViewerWindow/preload.ts file
2. Guard programmatic scrolls to prevent disabling auto-scroll
- Added isAutoScrollingRef to track programmatic vs user-initiated scrolls
- Set flag before calling scrollToIndex and reset after
- handleScroll now returns early if scroll is programmatic
- Prevents auto-scroll from being disabled when virtuosoRef.scrollToIndex triggers onScroll
3. Don't swallow startup failures - exit after logging
- Changed start().catch(console.error) to properly log error and exit
- Uses logger.error for structured logging
- Calls app.exit(1) to prevent partial initialization
- Prevents app running in broken state after critical failures
4. Add error handling to log viewer menu item
- Wrapped openLogViewer click handler in try-catch
- Matches pattern used by videoCallDevTools menu item
- Logs errors to console for debugging
* fix(log-viewer): guard against non-positive limits in getLastNEntries
Return empty content when limit <= 0 to prevent undefined behavior
from negative slice indices.
---------
Co-authored-by: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Max Lee <max@themoep.de>
* fix: call stopOutlookCalendarSync on app quit
Ensures all sync timers and debounce timers are properly cleaned up
when the application shuts down, preventing sync operations during
shutdown.
* fix: improve logging system security and log viewer context filtering
- Protect active log files from cleanup deletion
- Add IPC rate limiting to prevent renderer process flooding
- Restrict log file permissions to owner-only access
- Add context sanitization to error classification (passwords/tokens only)
- Remove ANSI color codes from OutlookCalendar logger prefixes
- Fix log viewer context filter to use structured tag matching instead of substring search
* feat: add detailed events logging toggle for Outlook calendar sync
Add a new toggle in Settings > Developer to log full event data exchanged
between Exchange and Rocket.Chat during calendar sync. When enabled, logs
raw Exchange appointments, CRUD payloads/responses, event comparisons,
and sync summaries for diagnosing sync issues.
* fix: address PR review feedback
- Fix regex precedence in error classification so 'timeout' doesn't match too broadly
- Add lang="en" to log viewer HTML for accessibility
- Add circular reference guard to redactObject to prevent stack overflow
- Update AGENTS.md with missing outlookDebug/outlookEventDetail imports
* fix: address second round of PR review feedback
- Narrow SSL/TLS regex to match specific error codes instead of broad substrings
- Make sanitizeContext recursive to redact nested sensitive keys
- Align multi-line JSON context with box-drawing prefix in error logs
- Preserve original case in custom path segments in buildEwsPathname
---------
Co-authored-by: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Max Lee <max@themoep.de>
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* Version 4.12.1-alpha.4
* fix: log viewer Windows compatibility and Outlook logging in production (#3203)
- Handle CRLF line endings from Windows log files (split on \r?\n)
- Fix regex to allow variable whitespace between bracket groups
- Change outlookLog/outlookDebug/outlookEventDetail to console.info
so they reach the file transport in production (info threshold)
instead of being silently dropped as debug level
- Fix Outlook preload console.log calls to console.info (same issue)
- Fix app startup completion log to console.info
* Version 4.12.1-alpha.5
* fix: always send endTime and busy fields in calendar sync payload (#3204)
Remove server version gate (>= 7.5.0) that conditionally included endTime and busy fields when syncing Outlook calendar events to Rocket.Chat server. The gate was failing for some customers because server.version was not populated in the Redux store, causing these fields to be silently dropped from create/update payloads regardless of actual server version.
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-opencode)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* Version 4.12.1-alpha.6
* Merge master into dev — bring bug fixes to dev branch (#3215)
* feat: Add Exchange/EWS debugging patches and error classification (#3187)
* chore(theme): transparency mode not removing background of server view (#3156)
* Language update from Lingohub 🤖 (#3165)
Project Name: Rocket.Chat.Electron
Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144
User: Lingohub Robot
Easy language translations with Lingohub 🚀
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
* feat: Implement user theme preference settings (#3160)
* feat: Implement user theme preference settings and remove legacy theme appearance handling
- Introduced a new `ThemeAppearance` component to manage user theme preferences, allowing selection between 'auto', 'light', and 'dark' themes.
- Updated state management to include `userThemePreference`, replacing the previous `themeAppearance` handling.
- Removed deprecated theme appearance logic from various components and files, streamlining the codebase.
- Added internationalization support for theme appearance settings across multiple languages.
- Enhanced the UI to reflect user-selected theme preferences dynamically.
* fix(i18n): Correct Norwegian translation for theme appearance description
* fix(theme): Validate theme preference values before dispatching
- Updated the `handleChangeTheme` function to include validation for theme preference values, ensuring only 'auto', 'light', or 'dark' are accepted. This change prevents invalid values from being dispatched, enhancing the robustness of the theme management logic.
* refactor(DocumentViewer): Update theme management to utilize Redux state for user preferences
- Replaced the use of `useDarkMode` with Redux selectors to determine the theme based on user preferences and machine theme.
- Enhanced theme logic to support 'auto', 'light', and 'dark' settings, improving the flexibility and responsiveness of the theme management in the DocumentViewer component.
* refactor(DocumentViewer): Simplify theme management by removing Redux dependencies
- Eliminated the use of Redux selectors for theme management in the DocumentViewer component, replacing it with a static 'tint' background and default color settings.
- Streamlined the component's code by removing unnecessary theme logic, enhancing readability and maintainability.
* chore: Clean up code by removing unnecessary blank lines in ThemeAppearance, TransparentWindow, and userThemePreference files
* fix: Address PR review comments and restore API compatibility
- Remove trailing blank lines from ThemeAppearance.tsx, TransparentWindow.tsx, and userThemePreference.ts
- Restore setUserThemeAppearance as no-op function for backwards compatibility with @rocket.chat/desktop-api interface
* fix: resolve 91 security vulnerabilities in dependencies (#3173)
* fix: resolve 91 security vulnerabilities in dependencies
- Update axios 1.6.4 -> 1.13.2 (SSRF, DoS, credential leakage)
- Update electron-updater 5.3.0 -> 6.3.9 (code signing bypass)
- Update rollup 4.9.6 -> 4.32.0 (DOM clobbering XSS)
- Update glob 11.0.3 -> 11.1.0 in workspace (command injection)
- Add resolutions for transitive dependencies:
- cross-spawn, braces, ws, follow-redirects
- form-data, tar-fs, undici
- Add comprehensive security remediation documentation
* docs: fix markdown lint - add language specifier to code block
* chore: Remove security documentation from repository
Security vulnerability remediation documentation kept locally for reference.
* fix: Issues in German translation (#3155)
* chore: Upgrade Electron and Node.js versions, update README and packa… (#3179)
* chore: Upgrade Electron and Node.js versions, update README and package configurations
- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.
* chore: Bump version numbers in configuration files
- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.
* docs: Update README to reflect new platform support and installation formats
- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.
* docs: Revise README layout for download links
- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.
* chore: Update @types/node version in package.json and yarn.lock
- Upgraded @types/node from version 16.18.69 to 25.0.10 in both package.json and yarn.lock to ensure compatibility with the latest TypeScript features and improvements.
* chore: Enable alpha releases (#3180)
* chore: Upgrade Electron and Node.js versions, update README and package configurations
- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.
* chore: Bump version numbers in configuration files
- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.
* docs: Update README to reflect new platform support and installation formats
- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.
* docs: Revise README layout for download links
- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.
* docs: Add alpha release process documentation
- Introduced a new document detailing the alpha release process for the Rocket.Chat Desktop app, including channel definitions, versioning guidelines, and steps for creating and publishing alpha releases.
- Included instructions for users to opt into the alpha channel and troubleshooting tips for common issues.
* chore: Update architecture support and Node.js version requirements
- Added 'arm64' architecture support to the build targets in electron-builder.json for NSIS, MSI, and ZIP formats.
- Lowered the minimum Node.js version requirement in package.json from >=24.11.1 to >=20.0.0 for better compatibility.
* chore: Change develop branch to dev for release workflow
Update build-release workflow and desktop-release-action to use 'dev'
branch instead of 'develop' for development releases.
* chore: Update versioning and add release tag script
- Bumped version in package.json to 4.12.0.alpha.1.
- Added scripts/release-tag.ts for automated release tagging.
- Updated .eslintignore to exclude the new scripts directory.
* chore: Correct version format in package.json
- Updated version format in package.json from "4.12.0.alpha.1" to "4.12.0-alpha.1" for consistency.
* chore: Update all workflows to use dev branch instead of develop
- validate-pr.yml: Add dev to PR target branches
- powershell-lint.yml: Change develop to dev
- pull-request-build.yml: Change develop to dev
* fix: Normalize tags for consistent comparison in release-tag script
Strip leading 'v' prefix when comparing tags to handle both v-prefixed
and non-prefixed tag formats consistently.
* chore: Increment bundle version in electron-builder.json to 26012
* chore: Address nitpick comments in release-tag script
- Add comment explaining why /scripts is excluded from eslint
- Return null on exec error to distinguish from empty output
- Add warning when git tag list fails
- Use -- separator in git commands for safety
* fix: Add jsign to GITHUB_PATH in Windows CI setup
The jsign tool was being installed but not added to PATH for subsequent
steps. This caused the "Verify tools" step to fail with "jsign not found".
* chore: Bump version to 4.12.0-alpha.2
- Updated version in package.json to 4.12.0-alpha.2
- Incremented bundleVersion in electron-builder.json to 26013
* docs: Add QA testing guide for alpha channel updates
* docs: Rename alpha docs to pre-release and fix workflow concurrency
- Rename alpha-release-process.md to pre-release-process.md
- Add beta release documentation
- Add detailed channel switching instructions
- Fix concurrency group using github.ref instead of github.head_ref
(github.head_ref is empty for push events, causing tag builds to cancel)
* feat(outlook): add @ewsjs/xhr debugging patches
Add comprehensive NTLM authentication debugging to @ewsjs/xhr library:
- patches-src/ directory structure for maintainable patches
- Enhanced ntlmProvider.ts with detailed NTLM handshake logging
- Enhanced xhrApi.ts with HTTP request/response debugging
- Yarn patch resolution for @ewsjs/xhr@2.0.2
- apply-patches.sh script for regenerating patches
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* feat(outlook): add type definitions for calendar sync
Add error-related type definitions to support error classification:
- ErrorSource: exchange, rocket_chat, desktop_app, network, authentication, configuration
- ErrorSeverity: low, medium, high, critical
- OutlookCalendarError: full error object with context
- ErrorClassification: pattern matching result type
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* feat(outlook): add error classification system
Add comprehensive error classification for Outlook calendar sync:
- Pattern-based error detection for Exchange, Rocket.Chat, and desktop errors
- Automatic severity and source classification
- User-friendly error messages with suggested actions
- Structured logging format for debugging
- Support for NTLM auth, network, SSL, and credential errors
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* feat(outlook): enhance calendar sync with debugging and mutex
* test(outlook): add tests for getOutlookEvents
* feat(outlook): add logging infrastructure for calendar debugging
* chore: fix linting issues for Outlook calendar debugging
- Exclude patches-src/ from eslint (not part of main build)
- Fix has-credentials handler return type to match expected signature
Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-Claude)
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* fix: address CodeRabbit review issues for Outlook calendar
- Fix console transport recursion by using originalConsole in writeFn
- Fix infinite recursion in redactObject using destructuring
- Remove NTLM Type 3 message logging (contains credentials)
- Fix queued sync promises never resolving by tracking resolve/reject
- Fix unhandled async errors in preload using .then().catch()
- Accept HTTP 2xx status codes instead of only 200
- Fix URL validation to check pathname instead of full URL
- Update tests to match actual implementation behavior
* feat(settings): add Developer tab with verbose Outlook logging toggle
- Add Developer tab in Settings (only visible when developer mode enabled)
- Add verbose Outlook logging toggle to control [OutlookCalendar] console output
- Add colored console output for better visibility on dark themes
- Redirect to General tab when developer mode disabled while on Developer tab
- Create centralized logger (outlookLog, outlookError, etc.) in src/outlookCalendar/logger.ts
- Convert all direct console.log calls to use centralized logger
- Fix infinite recursion bug in patches (verboseLog calling itself)
- Add AGENTS.md documentation files for knowledge management
- Use theme-aware colors for Settings UI text
* fix(ci): remove conflicting patch-package patch for @ewsjs/xhr
The @ewsjs/xhr package is already patched via Yarn's patch protocol
(.yarn/patches/). The patch-package patch was accidentally added and
conflicts with the already-applied Yarn patch, causing CI failures.
* docs: add patching mechanism documentation to AGENTS.md
Clarify that @ewsjs/xhr uses Yarn patch protocol (.yarn/patches/)
while patch-package (patches/) is only for other packages.
This prevents accidental CI breakage from conflicting patches.
* fix: address CodeRabbit review comments
- logger.ts: Use shared prefix constants instead of duplicating strings
- getOutlookEvents.ts: Replace Promise.reject() with throw statements
- getOutlookEvents.ts: Route console.error through outlookError
- ipc.ts: Route all console.* through outlookLog/outlookWarn/outlookError
- ipc.ts: Replace Promise.reject(e) with throw e
- AGENTS.md: Fix markdown formatting and update versions
* fix(outlook): address CodeRabbit review issues
- Add JSDoc to syncEventsWithRocketChatServer documenting sync coalescing
- Remove isSyncInProgress check in initial sync (let queue handle it)
- Remove logging implementation details test (tested console.log colors)
* chore: remove unused patches-src directory
The debugging code in patches-src/ was never applied - only the minimal
bug fix in .yarn/patches/ is used. Removing dead code to avoid confusion.
* fix: address all code review issues from PR #3187 review
CRITICAL fixes:
- Support multi-server sync state (Map instead of globals)
- Fix Promise<Promise<boolean>> return type
- Use JSON.stringify for safe string escaping in executeJavaScript
MAJOR fixes:
- Add RocketChat calendar event types for type safety
- CRUD operations now return {success, error?} instead of swallowing errors
- Replace sync fs.appendFileSync with async fs.promises.appendFile
- Add useId() and htmlFor for accessibility in ThemeAppearance
- Apply privacy redaction to all transports (not just file)
MINOR fixes:
- Extract magic numbers to named constants
- Extract duplicate buildEwsPathname helper function
- Remove unused _context parameter from classifyError
- Remove fire-and-forget connectivity test calls
- Add originalConsole fallback in preload logging
- Optimize getComponentContext to skip stack trace for log/info/debug
- Fix email regex typo: [A-Z|a-z] -> [A-Za-z]
- Fix double timestamp in createClassifiedError
- Replace inline style with Fuselage pt prop
* fix(outlook): fix race condition in sync queue processing
Changed 'if' to 'while' loop to ensure all queued syncs are processed.
Previously, syncs queued while lastSync.run() was executing would be lost
because the queue was cleared before processing started.
* fix: address additional code review issues
- Fix pool exhaustion bug in context.ts: add overflow counter fallback
when availableServerIds is depleted, emit warning with diagnostics
- Fix PII leak in ipc.ts error logging: move sensitive fields (subject,
responseData) to verbose-only outlookLog calls at 5 locations
- Fix silent failure in performSync: throw error instead of silent
return when eventsOnRocketChatServer fetch fails
* fix(logging): add captureComponentStack parameter to getLogContext
Allows callers to opt into stack-based component detection by passing
captureComponentStack=true, while preserving default behavior.
---------
Co-authored-by: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Max Lee <max@themoep.de>
Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
* feat: Add scoped logging infrastructure and log viewer window (#3186)
* chore(theme): transparency mode not removing background of server view (#3156)
* Language update from Lingohub 🤖 (#3165)
Project Name: Rocket.Chat.Electron
Project Link: https://app.lingohub.com/project/pr_1Ag2Vlx6MWNt-16038/branches/prb_16rm9BiWK53b-4144
User: Lingohub Robot
Easy language translations with Lingohub 🚀
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
* feat: Implement user theme preference settings (#3160)
* feat: Implement user theme preference settings and remove legacy theme appearance handling
- Introduced a new `ThemeAppearance` component to manage user theme preferences, allowing selection between 'auto', 'light', and 'dark' themes.
- Updated state management to include `userThemePreference`, replacing the previous `themeAppearance` handling.
- Removed deprecated theme appearance logic from various components and files, streamlining the codebase.
- Added internationalization support for theme appearance settings across multiple languages.
- Enhanced the UI to reflect user-selected theme preferences dynamically.
* fix(i18n): Correct Norwegian translation for theme appearance description
* fix(theme): Validate theme preference values before dispatching
- Updated the `handleChangeTheme` function to include validation for theme preference values, ensuring only 'auto', 'light', or 'dark' are accepted. This change prevents invalid values from being dispatched, enhancing the robustness of the theme management logic.
* refactor(DocumentViewer): Update theme management to utilize Redux state for user preferences
- Replaced the use of `useDarkMode` with Redux selectors to determine the theme based on user preferences and machine theme.
- Enhanced theme logic to support 'auto', 'light', and 'dark' settings, improving the flexibility and responsiveness of the theme management in the DocumentViewer component.
* refactor(DocumentViewer): Simplify theme management by removing Redux dependencies
- Eliminated the use of Redux selectors for theme management in the DocumentViewer component, replacing it with a static 'tint' background and default color settings.
- Streamlined the component's code by removing unnecessary theme logic, enhancing readability and maintainability.
* chore: Clean up code by removing unnecessary blank lines in ThemeAppearance, TransparentWindow, and userThemePreference files
* fix: Address PR review comments and restore API compatibility
- Remove trailing blank lines from ThemeAppearance.tsx, TransparentWindow.tsx, and userThemePreference.ts
- Restore setUserThemeAppearance as no-op function for backwards compatibility with @rocket.chat/desktop-api interface
* fix: resolve 91 security vulnerabilities in dependencies (#3173)
* fix: resolve 91 security vulnerabilities in dependencies
- Update axios 1.6.4 -> 1.13.2 (SSRF, DoS, credential leakage)
- Update electron-updater 5.3.0 -> 6.3.9 (code signing bypass)
- Update rollup 4.9.6 -> 4.32.0 (DOM clobbering XSS)
- Update glob 11.0.3 -> 11.1.0 in workspace (command injection)
- Add resolutions for transitive dependencies:
- cross-spawn, braces, ws, follow-redirects
- form-data, tar-fs, undici
- Add comprehensive security remediation documentation
* docs: fix markdown lint - add language specifier to code block
* chore: Remove security documentation from repository
Security vulnerability remediation documentation kept locally for reference.
* fix: Issues in German translation (#3155)
* chore: Upgrade Electron and Node.js versions, update README and packa… (#3179)
* chore: Upgrade Electron and Node.js versions, update README and package configurations
- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.
* chore: Bump version numbers in configuration files
- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.
* docs: Update README to reflect new platform support and installation formats
- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.
* docs: Revise README layout for download links
- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.
* chore: Update @types/node version in package.json and yarn.lock
- Upgraded @types/node from version 16.18.69 to 25.0.10 in both package.json and yarn.lock to ensure compatibility with the latest TypeScript features and improvements.
* chore: Enable alpha releases (#3180)
* chore: Upgrade Electron and Node.js versions, update README and package configurations
- Updated Electron dependency from version 39.2.5 to 40.0.0 in package.json and yarn.lock.
- Bumped Node.js version requirements in package.json and devEngines to >=24.11.1.
- Revised README.md to reflect new supported platforms and minimum version requirements.
- Removed deprecated tests related to ELECTRON_OZONE_PLATFORM_HINT in app.main.spec.ts.
- Enhanced documentation for development prerequisites and troubleshooting sections.
* chore: Bump version numbers in configuration files
- Updated the bundle version in electron-builder.json from 26010 to 26011.
- Incremented the application version in package.json from 4.11.1 to 4.12.0.
* docs: Update README to reflect new platform support and installation formats
- Revised the supported platforms section to include additional architectures and installation formats for Windows, macOS, and Linux.
- Updated download links for Microsoft Store and Mac App Store, ensuring accurate access to application sources.
* docs: Revise README layout for download links
- Updated the formatting of download links for Microsoft Store, Mac App Store, and Snap Store to improve visual presentation and accessibility.
- Changed from a div-based layout to a paragraph-based layout with adjusted image sizes for better responsiveness.
* docs: Add alpha release process documentation
- Introduced a new document detailing the alpha release process for the Rocket.Chat Desktop app, including channel definitions, versioning guidelines, and steps for creating and publishing alpha releases.
- Included instructions for users to opt into the alpha channel and troubleshooting tips for common issues.
* chore: Update architecture support and Node.js version requirements
- Added 'arm64' architecture support to the build targets in electron-builder.json for NSIS, MSI, and ZIP formats.
- Lowered the minimum Node.js version requirement in package.json from >=24.11.1 to >=20.0.0 for better compatibility.
* chore: Change develop branch to dev for release workflow
Update build-release workflow and desktop-release-action to use 'dev'
branch instead of 'develop' for development releases.
* chore: Update versioning and add release tag script
- Bumped version in package.json to 4.12.0.alpha.1.
- Added scripts/release-tag.ts for automated release tagging.
- Updated .eslintignore to exclude the new scripts directory.
* chore: Correct version format in package.json
- Updated version format in package.json from "4.12.0.alpha.1" to "4.12.0-alpha.1" for consistency.
* chore: Update all workflows to use dev branch instead of develop
- validate-pr.yml: Add dev to PR target branches
- powershell-lint.yml: Change develop to dev
- pull-request-build.yml: Change develop to dev
* fix: Normalize tags for consistent comparison in release-tag script
Strip leading 'v' prefix when comparing tags to handle both v-prefixed
and non-prefixed tag formats consistently.
* chore: Increment bundle version in electron-builder.json to 26012
* chore: Address nitpick comments in release-tag script
- Add comment explaining why /scripts is excluded from eslint
- Return null on exec error to distinguish from empty output
- Add warning when git tag list fails
- Use -- separator in git commands for safety
* fix: Add jsign to GITHUB_PATH in Windows CI setup
The jsign tool was being installed but not added to PATH for subsequent
steps. This caused the "Verify tools" step to fail with "jsign not found".
* chore: Bump version to 4.12.0-alpha.2
- Updated version in package.json to 4.12.0-alpha.2
- Incremented bundleVersion in electron-builder.json to 26013
* docs: Add QA testing guide for alpha channel updates
* docs: Rename alpha docs to pre-release and fix workflow concurrency
- Rename alpha-release-process.md to pre-release-process.md
- Add beta release documentation
- Add detailed channel switching instructions
- Fix concurrency group using github.ref instead of github.head_ref
(github.head_ref is empty for push events, causing tag builds to cancel)
* feat(logging): add scoped logging infrastructure
* feat(log-viewer): add log viewer window and components
* build: add log viewer window build configuration
* feat: integrate logging and log viewer into app lifecycle
* feat: add log viewer IPC channels and menu item
* feat: add i18n translations and fix UI color tokens
* chore: add logging dependencies and fix type error
* fix: address code review feedback
- Add 'silly' log level to LogLevel type for electron-log compatibility
- Fix duplicate server IDs by using overflow counter instead of MAX_SERVER_ID
- Reset startInProgress flag when retry count exceeded in preload
- Add statLog to log viewer preload API
- Use contextIsolation and preload script for log viewer window security
- Replace direct ipcRenderer usage with window.logViewerAPI in renderer
* revert: restore log viewer window settings and add architecture guidelines
- Revert nodeIntegration/contextIsolation changes that broke log viewer
- Add CLAUDE.md guidelines to prevent destructive architecture changes
- Document that existing code patterns exist for specific reasons
* fix: address code review feedback from CodeRabbit
This commit addresses three major review comments:
1. Remove unused preload script for log viewer window
- The preload.ts was built but never wired to the BrowserWindow
- Current implementation uses nodeIntegration: true and contextIsolation: false
- Removed unused build entry from rollup.config.mjs
- Deleted unused src/logViewerWindow/preload.ts file
2. Guard programmatic scrolls to prevent disabling auto-scroll
- Added isAutoScrollingRef to track programmatic vs user-initiated scrolls
- Set flag before calling scrollToIndex and reset after
- handleScroll now returns early if scroll is programmatic
- Prevents auto-scroll from being disabled when virtuosoRef.scrollToIndex triggers onScroll
3. Don't swallow startup failures - exit after logging
- Changed start().catch(console.error) to properly log error and exit
- Uses logger.error for structured logging
- Calls app.exit(1) to prevent partial initialization
- Prevents app running in broken state after critical failures
4. Add error handling to log viewer menu item
- Wrapped openLogViewer click handler in try-catch
- Matches pattern used by videoCallDevTools menu item
- Logs errors to console for debugging
* fix(log-viewer): guard against non-positive limits in getLastNEntries
Return empty content when limit <= 0 to prevent undefined behavior
from negative slice indices.
---------
Co-authored-by: Rodrigo Nascimento <rodrigoknascimento@gmail.com>
Co-authored-by: lingohub[bot] <69908207+lingohub[bot]@users.noreply.github.com>
Co-authored-by: Max Lee <max@themoep.de>
* fix: Add safe guards to prevent The application GUI just crashed (#3206)
* fix: guard store functions against pre-initialization calls on macOS Tahoe
On macOS 26.x (Tahoe), the IPC call to retrieve the server URL is slower
than on earlier macOS versions, causing the preload to retry with a 1-second
delay. During this window the RC webapp loads and calls
`window.RocketChatDesktop.setTitle()` and `setUserPresenceDetection()`, which
internally invoke `dispatch()` and `listen()` from the Redux store before
`createRendererReduxStore()` has completed. Since `reduxStore` is still
`undefined`, accessing `.dispatch` or `.subscribe` throws a TypeError that
propagates back through contextBridge into the React tree, crashing the app
with "The application GUI just crashed".
…
i18n: correct Polish gender, Norwegian sentence case, and translation typo
Ram-sah19
force-pushed
the
fix/slow-ui-performance-3117
branch
from
f4e1c70 to
4bd9440
Compare
14 participants
Summary
Fixes the slow and unresponsive UI/UX issue reported on the Rocket.Chat
Desktop app (v4.9.1.0) after installing, clearing cache, and reloading.
Closes #3117
Root Cause
The performance degradation was caused by:
Changes Made
show: false+ready-to-showto prevent premature window renderbackgroundThrottling: falseto prevent UI throttlingipcRenderer.sendSyncwithipcRenderer.invokefor async IPCdisable-renderer-backgroundingcommand line switchremoveHandlerbeforehandle--max-old-space-size=512JS flag to reduce memory pressureHow to Test
Screenshots
Checklist
Summary by CodeRabbit
New Features
Bug Fixes
Documentation