Gnomad Slate: Three Platforms in One Week
Linux beta 4, Windows alpha in slate_win64/, NIM security reviews — and why I stopped merging Windows into one App.tsx.
- tauri
- gnomad-slate
- linux
- windows
- desktop
I started Gnomad Slate as a macOS scratchpad with an encrypted vault bolted on. Six weeks later I’m shipping beta Linux RPMs, beta macOS builds, and a Windows alpha from a separate tree — all AI-assisted, human-verified, and honestly still rough around the edges.
If you’ve been following the Slate arc: 2.1 beta intro → Nobara Linux beta 3 → this post (beta 4 + Windows alpha).
Linux beta: the session that almost broke WebKit
Nobara is my daily driver. Getting Slate out of tauri dev and into a real .desktop entry exposed every cross-platform lie in the codebase. The worst bug was a Gdk Error 71 crash when launching from the app menu on Wayland — fine from a terminal, dead from the dock.
The fix was unglamorous: set GDK_BACKEND=x11 and WEBKIT_DISABLE_DMABUF_RENDERER=1 at startup when those vars aren’t already set. Not elegant. Works.
From there we shipped v2.1.0-beta.3 with Fedora/Nobara packaging (.deb, .rpm), system tray, Super+Shift+Space summon, vault-aware quit (confirm_quit so the global shortcut plugin doesn’t leave a zombie process), and line numbers that actually persist. Beta 4 fixed the menu-launch crash. Session notes live in the repo at docs/LINUX_SESSION_2026-06-23.md if you want the blow-by-blow.
Windows alpha: separate tree, same product
Windows was not a “flip a flag in CI” problem. We forked a dedicated slate_win64/ port with its own Tauri config, native menu, system tray, and Alt+Space summon.
Before calling it alpha, I ran parallel code reviews through NVIDIA NIM — GLM 5.1, Nemotron Super, Kimi K2.6, Llama 3.1 70B — and merged their P0 consensus into one plan (reviews/WINDOWS_CONSOLIDATED_PLAN.md). The security pass alone was worth the API spend:
| Fix | Why it mattered |
|---|---|
| Atomic vault writes on Windows | rename fails when dest exists — vault corruption risk |
| Clipboard clear race | Don’t wipe clipboard if user copied something else |
| DOMPurify on markdown preview | dangerouslySetInnerHTML without sanitization is XSS |
| Path traversal guards | Note filenames are attacker-controlled strings |
| CSP hardening | Desktop shell shouldn’t be permissive by default |
v1.0.0-alpha.1 ships .msi / .exe via CI. Seventeen Rust unit tests in the Windows tree; fourteen in the macOS/Linux root. Both pass.
Platform layout going forward
macOS and Linux share the repository root. Windows lives in slate_win64/ until the ports converge — if they ever fully do. Release tags are split: beta channel for unix-like, alpha for Windows. Downloads are on GitHub Releases and davidcole.cloud/apps/slate.
Same platform-split pattern as Webcanvas Windows alpha — separate CI channels so one bad installer doesn’t block the platform you daily-drive.
What I’d do differently
I should have split Windows earlier. Every week I spent patching #[cfg(windows)] spaghetti in one App.tsx was a week I wasn’t shipping. The separate tree cost duplication upfront but made the security review tractable — reviewers could scope to slate_win64/ without drowning in Linux menu code.
Next step: real Windows QA on hardware I don’t daily-drive, then promote to beta without touching the Linux/macOS version pins. If you’re on Nobara or Fedora, grab beta 4 and tell me if the dock launch still misbehaves on pure Wayland — that’s the edge case I’m watching.