Apps

Webcanvas Windows Alpha: Split Channels Before Splitting Your Brain

v0.1.0-alpha.1 for Windows only — platform config overlays, P0 security hardening, and App.tsx hook refactor while Linux/macOS stay on beta 6.

  • tauri
  • gnomad-webcanvas
  • windows
  • desktop
  • security
Gnomad Webcanvas hero image — live web editor split view in retro vaporwave style
Gnomad Webcanvas: Splitting frontend logic and releasing Windows alpha with clean, outrun visuals.

Gnomad Webcanvas (repo: gnomad-webcanvas, product name: Webcanvas) is a live HTML/CSS/JS playground I’ve been dogfooding on Linux since beta 5. We cut v0.1.0-alpha.1 for Windows only — while Linux and macOS stay pinned on beta 6. That sounds like versioning theater. It isn’t.

Part of the same desktop apps push as Gnomad Slate — Tauri tools I actually run on Nobara, now branching to Windows without breaking Linux installers.

The problem with one tag, three platforms

Tauri makes cross-platform desktop apps feel easy until you need NSIS installers, WebView2 bootstrappers, file associations, and Windows path semantics that don’t map to HOME. Linux beta 6 is my daily driver on Nobara. I wasn’t willing to risk breaking those installers because Windows CI needed different bundle targets.

So we split three ways:

  1. Config overlaystauri.linux.conf.json, tauri.macos.conf.json, tauri.windows.conf.json each own bundle targets and version pins
  2. CI routingv*-alpha* tags build Windows only; v*-beta* tags build Linux + macOS
  3. Frontend decompositionApp.tsx shed ~280 lines into hooks: useProjectHydration, useTauriDesktopEvents, useEditorKeyboardShortcuts, useDebouncedProjectSave, useDesktopWindowTitle

The hooks refactor wasn’t cosmetic. Windows exposed race conditions in project load and unsaved-changes handling that Linux had been papering over.

Security pass before alpha (not after)

I ran parallel AI code reviews — GLM 5.1, Kimi K2.6, Qwen via NVIDIA NIM — and implemented their shared P0 list before tagging alpha:

  • path_guard.rs rewritten with the dirs crate — fixes USERPROFILE vs HOME and prefix-confusion attacks (C:\Users\Alice vs AliceMalicious)
  • Guarded IPC — ripped unrestricted Tauri fs plugin writes from the frontend; all file I/O goes through validated Rust commands
  • CSP tightened — dropped unsafe-inline from script-src in the desktop shell
  • Async file I/O — reads/writes on spawn_blocking, not the main thread
  • Updater hardening — release tag validation, HTTP timeouts, user-confirmed restart via restart_app

Reports are in reviews/ and docs/CROSS_PLATFORM_CODE_REVIEW.md. AI-assisted, human-verified — I read every diff.

What ships in alpha 1

PlatformChannelGet it
WindowsAlpha 1GitHub Release v0.1.0-alpha.1
LinuxBeta 6unchanged — still daily driver
macOSBeta 6same tag family as Linux
BrowserAlways latestPlay in browser

Windows alpha is unsigned — SmartScreen will complain until we configure code signing. File associations for .html, .css, .js, .md are in; multi-file CLI open now emits webcanvas:pending-files consistently. Apps hub: davidcole.cloud/apps.

What I’d do differently

I waited too long to decompose App.tsx. The Windows port forced the issue, but those hooks help every platform. I also should have split CI channels at beta 3 instead of beta 6 — one bad Windows bundle would have blocked a Linux hotfix.

Next step: hands-on Windows QA (save/open, associations, updater, multi-monitor). Promote to beta when I’m confident — without bumping Linux/macOS until they’re ready. Bugs: david@gnomad.studio, subject “Webcanvas Windows Alpha”.