sync: update fork main with upstream

.github/actionlint.yaml

@@ -0,0 +1,8 @@
+# actionlint configuration
+# https://github.com/rhysd/actionlint/blob/main/docs/config.md
+
+paths:
+  .github/workflows/release.yml:
+    ignore:
+      # Optional signing secrets — linter cannot verify repo secrets exist
+      - "Context access might be invalid:.+"

.github/workflows/release.yml

@@ -163,19 +163,19 @@ jobs:
           [ -z "$CSC_LINK" ] && unset CSC_LINK CSC_KEY_PASSWORD
           [ -z "$APPLE_ID" ] && unset APPLE_ID APPLE_APP_SPECIFIC_PASSWORD APPLE_TEAM_ID
           [ -z "$AZURE_TENANT_ID" ] && unset AZURE_TENANT_ID AZURE_CLIENT_ID AZURE_CLIENT_SECRET
-          bunx electron-builder build ${{ matrix.platform.electron-args }} -c ./electron-builder.config.json -p never
+          npx electron-builder build ${{ matrix.platform.electron-args }} -c ./electron-builder.config.json -p never
         working-directory: apps/app/electron
         shell: bash
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          CSC_LINK: ${{ secrets.CSC_LINK }}
-          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }}
-          APPLE_ID: ${{ secrets.APPLE_ID }}
-          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }}
-          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
-          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID }}
-          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID }}
-          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET }}
+          CSC_LINK: ${{ secrets.CSC_LINK || '' }}
+          CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD || '' }}
+          APPLE_ID: ${{ secrets.APPLE_ID || '' }}
+          APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD || '' }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID || '' }}
+          AZURE_TENANT_ID: ${{ secrets.AZURE_TENANT_ID || '' }}
+          AZURE_CLIENT_ID: ${{ secrets.AZURE_CLIENT_ID || '' }}
+          AZURE_CLIENT_SECRET: ${{ secrets.AZURE_CLIENT_SECRET || '' }}
 
       # If signing failed, retry without signing so we still get an unsigned artifact
       - name: Package desktop app (unsigned fallback)
@@ -193,7 +193,7 @@ jobs:
           "
           unset CSC_LINK CSC_KEY_PASSWORD APPLE_ID APPLE_APP_SPECIFIC_PASSWORD APPLE_TEAM_ID
           unset AZURE_TENANT_ID AZURE_CLIENT_ID AZURE_CLIENT_SECRET
-          CSC_IDENTITY_AUTO_DISCOVERY=false bunx electron-builder build ${{ matrix.platform.electron-args }} -c ./eb-unsigned.json -p never
+          CSC_IDENTITY_AUTO_DISCOVERY=false npx electron-builder build ${{ matrix.platform.electron-args }} -c ./eb-unsigned.json -p never
         working-directory: apps/app/electron
         shell: bash
         env:

.gitignore

@@ -41,6 +41,9 @@ skills/
 apps/app/electron/.eliza
 apps/app/electron/skills/
 
+# Temporary capture files
+temp_capture_*.jpg
+
 # Agent learning docs & knowledge base
 knowledge/
 scripts/knowledge-loop.mjs

apps/app/electron/package.json

@@ -33,8 +33,8 @@
     "whisper-node": "^1.1.1"
   },
   "devDependencies": {
-    "electron": "^26.6.10",
-    "electron-builder": "^25.1.8",
+    "electron": "26.6.10",
+    "electron-builder": "^26.7.0",
     "electron-rebuild": "^3.2.9",
     "typescript": "^5.0.4"
   },

apps/app/electron/src/setup.ts

@@ -278,7 +278,7 @@ export function setupContentSecurityPolicy(customScheme: string): void {
       `default-src 'self' ${customScheme}://* https://*`,
       `script-src 'self' ${customScheme}://* 'unsafe-inline'${electronIsDev ? " 'unsafe-eval' devtools://*" : ''}`,
       `style-src 'self' ${customScheme}://* 'unsafe-inline'`,
-      `connect-src 'self' ${customScheme}://* http://localhost:* ws://localhost:* wss://localhost:* https://* wss://*`,
+      `connect-src 'self' ${customScheme}://* blob: http://localhost:* ws://localhost:* wss://localhost:* https://* wss://*`,
       `img-src 'self' ${customScheme}://* data: blob: https://*`,
       `media-src 'self' ${customScheme}://* blob: https://*`,
       `font-src 'self' ${customScheme}://* data:`,

apps/app/index.html

@@ -12,7 +12,7 @@
       content="default-src 'self' capacitor-electron://* https://*;
                script-src 'self' 'unsafe-inline' 'unsafe-eval';
                style-src 'self' 'unsafe-inline';
-               connect-src 'self' http://localhost:* ws://localhost:* wss://localhost:* https://* wss://*;
+               connect-src 'self' blob: http://localhost:* ws://localhost:* wss://localhost:* https://* wss://*;
                img-src 'self' data: blob: https://*;
                media-src 'self' blob: https://*;
                font-src 'self' data:;" />