fix(desktop): improve AppImage icons and remote environment

[mwolson]

Summary

• Generates standard hicolor Linux icon sizes for AppImage builds so AppImageLauncher and desktop shells can resolve the installed app icon.
• Fixes Linux AppImage/Niri remote environment pairing by configuring Electron's Linux startup options before ready, including --password-store, Wayland/X11 app class, and desktop scheme privileges.
• Hydrates Linux desktop session environment values, including DBUS_SESSION_BUS_ADDRESS, so GNOME Keyring/libsecret is reachable when launching outside GNOME.
• Hardens SSH remote environment auth by accepting JSON date strings from remote auth APIs and preserving/rolling back saved environment metadata consistently when bearer-token persistence fails.
• Fixes saved SSH environment removal so deleting an environment cannot resurrect it on restart. Desktop now removes the saved environment record and embedded encrypted token in one atomic persistence operation before the UI clears local state or starts SSH cleanup.

Closes #2331.
Fixes #2539.

Diagnosis

The icon issue came from Linux AppImage builds staging only a single large icon.png. This PR stages a directory of standard icon sizes (16, 22, 24, 32, 48, 64, 128, 256, and 512) and points electron-builder at that directory. CI installs ImageMagick for Linux release builds so those sizes can be generated reliably.

The credential-store failure came from Electron selecting a non-encrypting Linux safeStorage backend when running under desktop environments it does not recognize, such as Niri. The app was also relying on shell/session environment values that may not be present when launched from an AppImage or desktop entry.

This PR moves the Linux Electron setup into the synchronous process bootstrap path so it happens before Electron emits ready, which is required for --password-store and privileged protocol registration to take effect. It also imports enough login/session environment to reach the user's DBus session bus and falls back to /run/user/$UID/bus when appropriate.

While testing the remote flow, two separate persistence issues showed up:

• Auth responses returned JSON ISO date strings over the SSH HTTP bridge, while the contract expected already-materialized DateTime.Utc values.
• Removing a saved SSH environment used two separate persistence writes: one fire-and-forget registry rewrite and one secret removal. Those writes could race, letting secret removal read the old record and write it back, so the environment reappeared after restart.

Scope

This is intentionally focused on Linux desktop/AppImage remote environment reliability. It does not change remote server behavior, and SSH process cleanup after removal remains fire-and-forget so the Settings UI does not hang if disconnect stalls.

Test plan

• bun fmt
• bun lint
• bun typecheck
• bun run test
• bun run --filter @t3tools/desktop test -- DesktopEarlyElectronStartup DesktopEnvironment ElectronProtocol DesktopShellEnvironment linuxSecretStorage
• bun run --filter @t3tools/desktop test -- DesktopSavedEnvironments
• bun run --filter @t3tools/web test -- localApi service.addSavedEnvironment catalog
• bun run dist:desktop:linux
• Extracted AppImages and confirmed hicolor icon entries for 16, 22, 24, 32, 48, 64, 128, 256, and 512.
• Built a local AppImage and launched it under Niri with T3CODE_HOME isolated.
• Confirmed packaged logs report passwordStore: gnome-libsecret, backend: gnome_libsecret, and encryptionAvailable: true.
• Installed with Shelly, added remote-game, and ran a trivial task on it.
• Deleted remote-game, reinstalled/restarted, and confirmed the saved environment did not come back.

---

Note

Medium Risk
Touches Electron/Linux startup switches and secret-storage persistence paths, which can affect app boot and credential handling on Linux. Also changes saved-environment removal semantics across desktop IPC and web runtime, so regressions could surface as missing or reappearing environments.

Overview
Improves Linux desktop/AppImage reliability by moving critical Electron configuration to a synchronous pre-ready bootstrap (configureElectronBeforeReady), including scheme privilege registration, WM class, DBus session bus fallback, and an auto/forced --password-store selection based on persisted settings and desktop-session heuristics.

Strengthens credential persistence and saved-environment lifecycle: adds a linuxPasswordStore setting, logs Electron safeStorage backend/encryption availability, returns actionable secret-store remediation errors on Linux, and adds an atomic removeSavedEnvironment API wired through contracts, desktop IPC/preload, and web persistence to prevent deleted SSH environments from resurfacing. Also hardens remote auth handling by updating contract schemas to decode expiresAt from ISO strings and adds tests around date decoding/encoding.

Build/release updates generate standard Linux icon size variants for AppImage (using ImageMagick) and point electron-builder at the icon directory.

^{Reviewed by Cursor Bugbot for commit 6fd6ad1. Bugbot is set up for automated code reviews on this repo. Configure here.}

Note

Add multi-size AppImage icons and improve Linux remote environment configuration

• Linux builds now generate a set of standard-sized icons (16–512px) from a single source PNG using ImageMagick (magick or convert), and the build config points to the icons directory instead of a single PNG. The CI workflow installs ImageMagick on Linux when missing.
• Electron is now configured before the ready event on Linux via configureElectronBeforeReady(), setting DBUS_SESSION_BUS_ADDRESS, the password-store switch, and WM class. Previously these were set later or inline in startup.
• A user-configurable linuxPasswordStore setting is added to desktop settings, read early from disk to select the correct Electron keychain backend before app ready.
• DBUS_SESSION_BUS_ADDRESS is now auto-detected from XDG_RUNTIME_DIR or /run/user/<uid> when missing from the shell environment.
• A removeSavedEnvironment method is added across the full stack: desktop settings service, IPC channel, preload bridge, and web persistence layer. The removeSavedEnvironment flow now deletes the persisted record first and handles SSH cleanup as fire-and-forget.
• Auth schemas (AuthBootstrapResult, AuthBearerBootstrapResult, etc.) now use DateTimeUtcFromString so expiresAt is parsed from ISO strings into DateTime values.
• Risk: ElectronProtocol.layerSchemePrivileges is no longer composed in desktopRuntimeLayer; scheme privileges are now registered synchronously via configureElectronBeforeReady(), changing the timing of registration.

^{Macroscope summarized 6fd6ad1.}

[coderabbitai]

Important

Review skipped

Auto reviews are disabled on this repository. Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2abf59af-c789-49fc-be89-72d1b1a0cef7

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[macroscopeapp]

Approvability

Verdict: Needs human review

Despite the 'fix' framing, this PR introduces significant new Linux-specific functionality: a secret storage system with GNOME Keyring/KWallet detection, early Electron startup configuration, DBus fallback logic, a new IPC endpoint, and schema changes. These runtime behavior changes and new abstractions warrant human review.

^{You can customize Macroscope's approvability policy. Learn more.}

[mwolson]

Before (missing icon)

Missing icon (works in shelly, doesn't work when appimage is launched directly, or with AppImageLauncher):

Before (secret manager)

Error when trying to add environment:

[mwolson]

After (icons fix)

Launched appimage directly after chmod +x on it:

After (secrets-manager fix)

[juliusmarminge]

can you resolve conflcits here?

[juliusmarminge]

icon looks like this for me on ubuntu?

[cursor]

Cursor Bugbot has reviewed your changes and found 1 potential issue.

^{❌ Bugbot Autofix is OFF. To automatically fix reported issues with cloud agents, enable autofix in the Cursor dashboard.}

^{Reviewed by Cursor Bugbot for commit 1676dd3. Configure here.}