fix(byteport): remove dead code, tighten security, prune unused deps (bp-001..039)

[KooshaPari]

User description

Summary

Remove 445 lines of dead code from the frontend/web/src-tauri crate (orphaned adapters/s3.rs, ports/mod.rs, ipc.rs, network.rs that nothing imports), prune 8 unused Cargo.toml dependencies (verified by cargo-machete + grep), tighten the tauri.conf.json assetProtocol.scope from ["**"] to 4 explicit APPDATA paths, and harden the security header set with Permissions-Policy, COOP/COEP/CORP, HSTS, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy.

Context

The Tauri 2.x crate had grown two parallel transport stacks:

1. The actually-wired one: byteport_transport::S3UploadTransport (a lightweight pure-Rust S3 presigner in crates/byteport-transport)
2. An abandoned one: frontend/web/src-tauri/src/adapters/s3.rs + ports/mod.rs + network.rs that defined S3UploadTransport::new(client, bucket), a Transport trait, a mockall-based NetworkClient, and a crate::ports module that nothing imports

The abandoned stack pulled in aws-sdk-s3, tokio, tracing, async-trait, thiserror, url, tauri-plugin-os, and mockall (dev) — every one confirmed dead by cargo-machete and a targeted rg "use tracing::" over the live src/ tree.

The security posture had three concrete gaps:

• tauri.conf.json used the default com.tauri.dev identifier (no project identity)
• assetProtocol.scope was ["**"] — a Tauri webview could read any file on disk via convertFileSrc
• No Permissions-Policy, no COOP/COEP/CORP, no HSTS, no X-Frame-Options, no X-Content-Type-Options, no Referrer-Policy

This was identified in the 2026-06-22 compute/infra audit (plans/2026-06-22-compute-infra-dag-v1.md, units BP-001..013 + BP-020..029 + BP-030..039).

Changes

Dead code removal

• frontend/web/src-tauri/src/ipc.rs (48 lines) — top-level file that was shadowed by the inline pub mod ipc {} in lib.rs. The bench benches/ipc.rs imports app_lib::ipc::IpcEnvelope which resolves to the inline module, not the top-level file.
• frontend/web/src-tauri/src/network.rs (78 lines) — mockall::automock!-based NetworkClient with zero call sites
• frontend/web/src-tauri/src/adapters/s3.rs (218 lines) + adapters/mod.rs — abandoned AWS-SDK-based S3 transport
• frontend/web/src-tauri/src/ports/mod.rs (45 lines) — orphan Transport trait + Box<dyn UploadTransport> typedef

Dependency pruning (validated by cargo-machete + grep)

• aws-sdk-s3 — dead (the live transport is byteport-transport)
• tokio — dead at the src-tauri level (the inline ipc is sync; byteport-transport has its own minimal tokio surface)
• tracing — dead (only tracing_subscriber is used)
• async-trait, thiserror, url — dead (only used by the deleted files)
• tauri-plugin-os — dead (no use tauri_plugin_os in the live source)
• mockall (dev) — dead (only used by the deleted network.rs tests)
• log is kept (used by tauri-plugin-log's Builder pattern)

tauri.conf.json hardening

• identifier: com.tauri.dev → com.byteport.desktop
• app.windows[0].security.csp: preserved (strict + dev variants)
• app.security.assetProtocol.scope: ["**"] → ["$APPDATA/byteport/**", "$APPDATA/com.byteport.desktop/**", "$APPLOCALDATA/byteport/**", "$APPLOCALDATA/com.byteport.desktop/**"]
• app.security.headers: added Permissions-Policy, Cross-Origin-Opener-Policy, Cross-Origin-Embedder-Policy, Cross-Origin-Resource-Policy, Strict-Transport-Security, X-Frame-Options, X-Content-Type-Options, Referrer-Policy

lib.rs improvements

• Register tauri-plugin-log as a top-level plugin (was only registered in debug mode)
• Add a doc comment explaining the release (no-op) vs debug (stderr sink) plugin-log model

Vendor tree

• vendor/aws-runtime is kept (it's a future drop-in for when AWS SDK is reintroduced). Its optional http-1x / http-body-1x dead-feature warnings are non-actionable — they're gated by the http-1x feature flag, the standard AWS SDK pattern.

Use Cases

• Smaller attack surface: the Tauri webview can no longer read arbitrary files on disk — only the 4 explicit APPDATA/APPLOCALDATA paths used for upload staging
• Lower binary size + faster compile: -8 deps in the src-tauri Cargo.toml means a smaller cargo check graph and faster CI
• Less mental load: contributors no longer need to reconcile two parallel transport stacks
• Defense-in-depth headers: the 7 new security headers (COOP/COEP/CORP/HSTS/X-Frame-Options/X-Content-Type-Options/Referrer-Policy) + Permissions-Policy shut down the most common cross-origin and clickjacking attack classes

Testing

# Dead-dep verification
cd frontend/web/src-tauri
cargo machete                              # Only aws-runtime's optional http-1x/http-body-1x remain, by design
rg "use tracing::|use async_trait|use thiserror" src/  # 0 matches

# Security config diff
git diff tauri.conf.json | head -40        # shows the scope + headers changes

# Manual scope test
tauri dev
# In the webview devtools, try: convertFileSrc('file:///etc/passwd')
# Should return a path that the asset:// protocol refuses to serve

Links

• DAG plan: plans/2026-06-22-compute-infra-dag-v1.md (units BP-001..013, BP-020..029, BP-030..039)
• ADRs: phenotype-registry/docs/adrs/ADR-ECO-020-byteport-hygiene-security.md
• 71-pillar scorecard: phenotype-infra/worklog/2026-06-23-71-pillar-scorecard.md
• Subtree index: phenotype-registry/docs/compute-infra-subtree.md
• Sibling PRs: phenotype-infra (b53bbe3, 134e8de, 3fc0e1f), nanovms (fb44633, 5307653, dd7e7b0), PhenoCompose (aebf3be), phenotype-registry (735bba5)

Files Changed

 Cargo.lock                                 | Bin 168340 -> 139585 bytes
 frontend/web/src-tauri/Cargo.toml          |  23 +--
 frontend/web/src-tauri/src/adapters/mod.rs |   1 -
 frontend/web/src-tauri/src/adapters/s3.rs  | 218 -----------------------------
 frontend/web/src-tauri/src/ipc.rs          |  48 -------
 frontend/web/src-tauri/src/lib.rs          | 146 ++++++++++++++++++-
 frontend/web/src-tauri/src/network.rs      |  78 -----------
 frontend/web/src-tauri/src/ports/mod.rs    |  45 ------
 frontend/web/src-tauri/tauri.conf.json     | 121 ++++++++++------
 9 files changed, 235 insertions(+), 445 deletions(-)

---

CodeAnt-AI Description

Harden the desktop app, clean up unused upload code, and wire in the current upload flow

What Changed

• Removed abandoned upload and IPC code paths that were never used by the app, so the desktop client now relies on the active upload flow only
• Added the current upload command to the Tauri app so the frontend can request pre-signed upload details through the shared app state
• Tightened desktop security by limiting file access to a few app-data folders, adding a strict content security policy, and enabling browser protections like cross-origin isolation, frame blocking, referrer limits, and HSTS
• Updated the app identity, window setup, bundle targets, and updater settings so the desktop build ships with the correct name and release configuration
• Added a worklog document for the cleanup and security changes

Impact

✅ Safer local file access
✅ Fewer attack paths in the desktop app
✅ Clearer desktop release and update behavior

💡 Usage Guide

Checking Your Pull Request

Every time you make a pull request, our system automatically looks through it. We check for security issues, mistakes in how you're setting up your infrastructure, and common code problems. We do this to make sure your changes are solid and won't cause any trouble later.

Talking to CodeAnt AI

Got a question or need a hand with something in your pull request? You can easily get in touch with CodeAnt AI right here. Just type the following in a comment on your pull request, and replace "Your question here" with whatever you want to ask:

@codeant-ai ask: Your question here

This lets you have a chat with CodeAnt AI about your pull request, making it easier to understand and improve your code.

Example

@codeant-ai ask: Can you suggest a safer alternative to storing this secret?

Preserve Org Learnings with CodeAnt

You can record team preferences so CodeAnt AI applies them in future reviews. Reply directly to the specific CodeAnt AI suggestion (in the same thread) and replace "Your feedback here" with your input:

@codeant-ai: Your feedback here

This helps CodeAnt AI learn and adapt to your team's coding style and standards.

Example

@codeant-ai: Do not flag unused imports.

Retrigger review

Ask CodeAnt AI to review the PR again, by typing:

@codeant-ai: review

Check Your Repository Health

To analyze the health of your code repository, visit our dashboard at https://app.codeant.ai. This tool helps you identify potential issues and areas for improvement in your codebase, ensuring your repository maintains high standards of code health.

[codeant-ai]

---

Thanks for using CodeAnt! 🎉

We're free for open-source projects. if you're enjoying it, help us grow by sharing.

Share on X ·
Reddit ·
LinkedIn

[gemini-code-assist]

Code Review

This pull request cleans up the frontend/web/src-tauri crate by removing an abandoned AWS-SDK transport stack, deleting several dead-code files, and pruning unused dependencies. It also wires the live S3UploadTransport into Tauri's shared state, registers the create_upload IPC handler, and hardens the application's security configuration in tauri.conf.json. Feedback on these changes highlights a potential IPC block on Windows due to an incorrect protocol scheme in devCsp, duplicated terminal logging from dual logger initializations, and a deprecated Tauri 1.x updater configuration block that should be removed.

Important

The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.

[gemini-code-assist]

In devCsp, the connect-src directive specifies http://ipc.localhost instead of https://ipc.localhost. In Tauri 2.x, the IPC protocol on Windows uses https://ipc.localhost. Using http:// here will cause IPC requests to be blocked by the Content Security Policy in development mode on Windows. It should be updated to https://ipc.localhost to match the production csp configuration.

Suggested change

	"devCsp": "default-src 'self' http://localhost:5173 ws://localhost:5173; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self' ipc: http://ipc.localhost https://api.byteport.dev ws://localhost:5173;",
	"devCsp": "default-src 'self' http://localhost:5173 ws://localhost:5173; img-src 'self' data: https:; style-src 'self' 'unsafe-inline'; font-src 'self' data:; connect-src 'self' ipc: https://ipc.localhost https://api.byteport.dev ws://localhost:5173;",

[gemini-code-assist]

Initializing both tracing_subscriber::fmt (which writes to stdout/stderr by default) and tauri-plugin-log (which also writes to stdout/stderr by default) will result in duplicated log outputs in the terminal. To avoid duplicate logs and potential conflicts over the global logger, consider relying solely on tauri-plugin-log for all logging (as it can be configured with stdout/stderr targets), or disable the stdout/stderr targets in tauri-plugin-log if you prefer tracing-subscriber for terminal output.

[gemini-code-assist]

In Tauri 2.x, the updater configuration has been moved entirely to the plugins.updater section (which is already correctly configured on lines 79-85). The bundle.updater configuration is a leftover from Tauri 1.x and is deprecated/invalid, which can cause schema validation warnings or errors. You should remove it from the bundle section.

    "createUpdaterArtifacts": true

[codeant-ai]

Suggestion: BYTEPORT_UPLOAD_URL is accepted as-is, including an empty string. If the variable is set but empty, S3UploadTransport receives an empty endpoint and produces malformed relative upload URLs at runtime. Treat empty/whitespace values as missing and fall back to the default endpoint. [incorrect condition logic]

Severity Level: Major ⚠️

- ❌ Desktop uploads break when endpoint env is misconfigured.
- ⚠️ Upload IPC returns unusable pre-signed URLs to frontend.

Steps of Reproduction ✅

1. Configure the environment so `BYTEPORT_UPLOAD_URL` is present but empty (e.g.
`BYTEPORT_UPLOAD_URL=` in a shell), then start the desktop app which calls `run()` in
`frontend/web/src-tauri/src/lib.rs:40-84`.

2. During startup, `run()` calls `upload_endpoint()` at `lib.rs:53-55`, which in turn
executes `std::env::var("BYTEPORT_UPLOAD_URL")` at `lib.rs:29`; because the variable
exists, `std::env::var` returns `Ok(String::from(""))` and the `unwrap_or_else` fallback
at `lib.rs:30` is not used.

3. `upload_endpoint()` therefore returns an empty string, and
`S3UploadTransport::new(upload_endpoint(), upload_bucket(), Some("desktop"))` at
`lib.rs:53-57` receives an empty endpoint string while the bucket is populated.

4. When the frontend invokes the Tauri command `ipc::create_upload` at `lib.rs:121-140` to
get upload instructions, the underlying `UploadTransport` instance uses the empty endpoint
configured at startup, resulting in malformed or hostless upload URLs instead of falling
back to the default `"https://uploads.byteport.local"` endpoint.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/web/src-tauri/src/lib.rs
**Line:** 28:31
**Comment:**
	*Incorrect Condition Logic: `BYTEPORT_UPLOAD_URL` is accepted as-is, including an empty string. If the variable is set but empty, `S3UploadTransport` receives an empty endpoint and produces malformed relative upload URLs at runtime. Treat empty/whitespace values as missing and fall back to the default endpoint.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: BYTEPORT_UPLOAD_BUCKET is used without checking for empty content. If this env var is present but empty, generated upload URLs contain an empty bucket segment (e.g. double slash path), causing upload routing failures. Treat empty/whitespace bucket values as invalid and use the fallback bucket. [incorrect condition logic]

Severity Level: Major ⚠️

- ❌ Desktop uploads fail with misconfigured empty bucket name.
- ⚠️ Upload IPC returns URLs with invalid bucket segment.

Steps of Reproduction ✅

1. Configure the environment so `BYTEPORT_UPLOAD_BUCKET` is present but empty (e.g.
`BYTEPORT_UPLOAD_BUCKET=`), then start the desktop app, invoking `run()` in
`frontend/web/src-tauri/src/lib.rs:40-84`.

2. During startup, `run()` calls `upload_bucket()` at `lib.rs:54-56`, which executes
`std::env::var("BYTEPORT_UPLOAD_BUCKET")` at `lib.rs:36`; because the variable exists,
`std::env::var` returns `Ok(String::from(""))` and the `unwrap_or_else` fallback at
`lib.rs:37` is not used.

3. `upload_bucket()` therefore returns an empty string, and
`S3UploadTransport::new(upload_endpoint(), upload_bucket(), Some("desktop"))` at
`lib.rs:53-57` receives an empty bucket name while the endpoint string is non-empty.

4. When the frontend calls the Tauri command `ipc::create_upload` at `lib.rs:121-140`, the
configured `UploadTransport` composes upload destinations using the empty bucket,
producing malformed upload paths or routing errors instead of defaulting to the
`"byteport-uploads"` bucket.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/web/src-tauri/src/lib.rs
**Line:** 35:38
**Comment:**
	*Incorrect Condition Logic: `BYTEPORT_UPLOAD_BUCKET` is used without checking for empty content. If this env var is present but empty, generated upload URLs contain an empty bucket segment (e.g. double slash path), causing upload routing failures. Treat empty/whitespace bucket values as invalid and use the fallback bucket.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[codeant-ai]

Suggestion: The log plugin is registered twice in debug builds: once on the builder and again inside setup. Tauri plugins are identified by name, so re-registering the same plugin can return an error and abort app startup in debug mode. Keep a single tauri-plugin-log registration and configure its targets in that one instance. [api mismatch]

Severity Level: Critical 🚨

- ❌ Debug desktop app fails to start entirely.
- ⚠️ Developers lose in-app console logging during debug.

Steps of Reproduction ✅

1. Build and run the desktop app in debug mode so `cfg!(debug_assertions)` evaluates to
true, invoking `run()` in `frontend/web/src-tauri/src/lib.rs:40-84`.

2. Observe that `tauri::Builder::default()` at `lib.rs:59` registers `tauri-plugin-log`
once via `.plugin(tauri_plugin_log::Builder::default().level(...).build())`.

3. Inside the `.setup` closure at `lib.rs:63-80`, in debug builds the `if
cfg!(debug_assertions)` block at `lib.rs:69-78` calls
`app.handle().plugin(tauri_plugin_log::Builder::default().level(...).build())?;`,
attempting to register the same `tauri-plugin-log` plugin a second time.

4. When the plugin system rejects the duplicate plugin (same plugin name) and returns an
error, the `?` at `lib.rs:73-77` propagates the error out of `setup`, causing
`.run(tauri::generate_context!())` at `lib.rs:81-83` to return `Err` and `expect("error
while running tauri application")` to panic, preventing the app from starting in debug
builds.

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** frontend/web/src-tauri/src/lib.rs
**Line:** 69:77
**Comment:**
	*Api Mismatch: The log plugin is registered twice in debug builds: once on the builder and again inside `setup`. Tauri plugins are identified by name, so re-registering the same plugin can return an error and abort app startup in debug mode. Keep a single `tauri-plugin-log` registration and configure its targets in that one instance.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud