fix(gnome): Fase 3 — GTK4 panel audit + remediation (Charter-01)#42
Merged
Conversation
…01 Fase 3) Internal audit (3 parallel Explore agents, reconciled and code-verified): 6 findings — 1 High (RISK-002 drift / GOA auth), 3 Medium, 1 Low, 1 gap — plus 4 rejected agent over-classifications. Verdict FUNCTIONAL_WITH_DRIFT. Refs: Charter-01 Fase 3 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Addresses audit findings H1, H4, H3 (partial), H5: - H1 (High) — RISK-002 drift: Fase 1 replaced Auth.CompleteAuthWithTokens with CompleteAuthViaGOA (tokens off the bus), but the panel still called the removed method and its GOA code was behind a `goa` feature that Cargo.toml never defined (compiled out). Define the `goa` feature (default on); add the complete_auth_via_goa proxy and drop complete_auth_with_tokens; rewrite on_goa_sign_in_clicked to hand the GOA account path to the daemon (tokens never cross D-Bus). Fixes a latent type error in goa_sso that had never compiled (the feature was always off). - H4 (Medium) — folder_tree load race: load_remote_tree and load_selected_folders ran as two independent tasks, so selections could apply to an empty tree. Merge into one ordered task (selections first, then populate). - H3 (partial) — folder_tree now surfaces load/parse errors inline instead of failing silently to stderr; a malformed tree is no longer shown as "empty". - H5 — cargo check is now clean: removed unused imports, migrated the deprecated ActionRow::icon_name to add_prefix. Still open (this branch): H3 error toasts in sync/account pages, H2 (consume daemon properties/signals), G1 (System group). cargo check clean; note 145 pre-existing clippy needless_borrow lints across the panel (separate debt). Refs: Charter-01 Fase 3, audit phase-3-gtk4-panel-audit.md Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
AIDEC-2026-05-31-001 records the decision: the audit's G1 (absent "System" group — auto-start, cache, dehydration) is deferred to a future v0.2 Charter rather than added to the alpha. Cache/dehydration need new daemon D-Bus API (cross-component, post-alpha); a one-toggle auto-start group would mix scopes. Fase 3 ships three wired groups + Conflicts. Audit doc and Charter updated. Refs: Charter-01 Fase 3, AIDEC-2026-05-31-001 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…3 H2/H3/H5) - H2 — complete the D-Bus client contract: add the daemon-exposed Sync properties/signals (sync_status, last_sync_time, pending_changes, sync_started/completed/progress), Status properties/signals (connection_status, dbus_health, quota_changed, connection_changed) and Settings.config_changed that the proxies previously omitted. Wire a real consumer: AccountPage now refreshes the quota live on QuotaChanged. - H3 — surface load/save failures in the UI instead of stderr: folder_tree (done earlier), sync_page (error group), and toast/banner handling in the onboarding pages, so a dead daemon no longer leaves silent default values. - H5 — clippy clean: auto-fixed 145 pre-existing needless_borrow lints and the match→matches! lint; `cargo clippy -- -D warnings` now passes for the panel. All six audit findings resolved (H1–H5 fixed; G1 deferred per AIDEC-2026-05-31-001). cargo check + clippy -D warnings clean. Refs: Charter-01 Fase 3, audit phase-3-gtk4-panel-audit.md Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
AILOG-2026-05-31-002 — audit of the GTK4 preferences panel and remediation of all six findings (H1–H5 fixed, G1 deferred). cargo check + clippy -D warnings clean for the panel. Refs: Charter-01 Fase 3 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
… recon) Filed two adopter findings to StrangeDaysTech/straymark from the Fase-3 panel audit: - #209: "declared but not wired" reaches N=3 as a cross-component regression of the shipped RISK-002 mitigation (advanced from Charter-close cadence). - #210: Charter scope declared against assumed (un-read) code; proposes a code-reconnaissance gate + path validation at charter creation. Refs: Charter-01, straymark#209, straymark#210 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
`straymark charter audit --prepare` writes to a single per-Charter path (audit-prompt.md), which collides across phase-scoped audits. Preserve the Fase-1 audit artifacts under `-fase-1` names (prompt, both reports, review, telemetry yaml) and regenerate audit-prompt.md for the Fase-3 range (origin/main..HEAD = the 6 panel-fix commits). Internal references in the Fase-1 docs updated to the renamed files. (Workflow friction worth noting upstream: multi-phase audits of one Charter share report-*/review.md/audit-prompt.md paths — a phase subdir would avoid the collision. Related to straymark#208.) Refs: Charter-01 Fase 3 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Two heterogeneous auditors over origin/main..HEAD. Calibrated review: - gpt-5.2-codex (8.4/10): found VALID Medium M1 — nested selective-sync selections not persisted/restored (folder_tree.rs); completes the H4 fix. - gemini-3-1-pro-high (3.9/10): clean verdict but missed M1 and asserted unimplemented Fases 4-7 as done. 1 finding consolidated (VALID), 0 false positives, 0 missed-by-all. Verdict PASS_WITH_ONE_MEDIUM. Telemetry → external-audit-pending.yaml. Refs: Charter-01 Fase 3 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…letes H4) The Fase-3 external audit (gpt-5.2-codex, Medium M1) found that subfolder selections were dropped: child rows inherited only the parent's selected flag, and the save path scanned only the root store, never the lazily-materialised child stores. This is the recursive half of H4 that the earlier fix left open. Make `selected_folders` the single source of truth: each checkbox toggle mutates it by path, and `create_model` reads it back when building child rows (a child is checked if explicitly selected or its parent is). Removes the root-store-only collect. clippy -D warnings clean; tree UX needs manual runtime verification. Refs: Charter-01 Fase 3, review.md (M1) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…002 drift Ran the panel end-to-end in the lnxdrive-testing QEMU/libvirt VM (GNOME Wayland), compiled from this branch over 9p. The panel launches, stays alive, loads all pages and exercises the full D-Bus contract with zero failed calls, and receives a live QuotaChanged signal (H2). Results recorded in AILOG-2026-05-31-002. The mock daemon (mock-dbus-daemon.py) carried the same RISK-002 drift as the panel did — it exposed CompleteAuthWithTokens but not CompleteAuthViaGOA (N=4 of the "declared but not wired" pattern, now in the test harness). Added CompleteAuthViaGOA to align it with the real daemon and the panel. Refs: Charter-01 Fase 3, straymark#209 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Operator captured the panel via virt-viewer in the VM (8 screenshots). All pages render correctly: Shell indicator with live state, Account, Sync (selective tree with an expanded subfolder shown checked — the M1 nested-selection display), Conflicts + resolve dialog, Advanced. Logged one non-blocking cosmetic item: the "Conflicts" view-switcher tab truncates to "Conflicts …". Refs: Charter-01 Fase 3 Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The conflicts page rewrote its title to "Conflicts (N)", which is longer than the
other tabs and made the view-switcher truncate it to "Conflicts …". Keep the tab
title fixed at "Conflicts" and surface the count in the group header
("Unresolved Conflicts (N)") instead. Rebuilt + clippy-clean in the test VM;
operator confirmed all four tabs render in full.
Also records the Fase-3 end-to-end runtime/visual verification in the Charter and
AILOG-2026-05-31-002.
Refs: Charter-01 Fase 3
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fase 3 of Charter-01. The panel already existed (~95% built); this phase audits
lnxdrive-gnome/preferences/and remediates the findings — internal audit(3 agents, calibrated) + external pre-merge audit (2 heterogeneous auditors).
Findings resolved
CompleteAuthWithTokensand its GOA code was compiled out (undefinedgoafeature). Define the feature; wireCompleteAuthViaGOA(tokens off the bus). Surfaced a latent type error that had never compiled.config_changed); AccountPage refreshes quota live onQuotaChanged.cargo check+clippy -D warningsclean (145 pre-existingneedless_borrowauto-fixed, deprecation migrated).selected_foldersis now the source of truth by path. Completes H4.Governance
.straymark/audits/CHARTER-01/phase-3-gtk4-panel-audit.mdreview.md(gpt-5.2-codex 8.4/10, gemini-3-1-pro-high 3.9/10), telemetry inexternal-audit-pending.yamlNot done (follow-up)
Runtime verification of the panel (launch against a live daemon with a display) is manual — pending; not run in CI (no display/
/dev/fuse).🤖 Generated with Claude Code