Five-slice navigable map of the entire codebase under
docs/architecture-map/. Each slice is a self-contained
breadcrumbed sub-tree:
01-frontend (16) Svelte/SvelteKit UI
02-tauri-runtime (26) src-tauri commands + lifecycle
03-audio-transcription (16) audio + transcription crates
04-llm-formatting-mcp (19) llm, ai-formatting, mcp, cloud
05-core-storage-hotkey-build core, storage, hotkey, workspace,
(26) CI, dev glue
Plus master README.md and data-flow-end-to-end.md tracing
audio bytes from microphone to FTS5 search to MCP read.
Generated by 5 parallel subagents on 2026/05/09 against
HEAD 3c47000. Each page has YAML frontmatter, file:line code
refs, sibling cross-links, plain-English summaries.
Aggregated debt surfaced (full lists in master README):
RB-08 macOS power assertion, schema head drift v14 vs v15,
VAD blocked on ort version conflict, streaming primitives
not wired into live.rs, no prompt versioning, MCP has no
auth, cloud-providers in-memory keystore, SettingsPage
2 484 LOC, commands/live.rs 1 737 LOC, dual theme system,
brand rename to Lumenote pending across the codebase.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5.1 KiB
name, type, slice, last_verified
| name | type | slice | last_verified |
|---|---|---|---|
| Tests | architecture-map-page | 02-tauri-runtime | 2026/05/09 |
Tests
Where you are: Architecture map → Tauri runtime → Tests
Plain English summary. A single integration test file that protects three security-relevant config invariants: the loopback LLM CSP must stay narrow, any updater config that ships must carry a non-empty pubkey, and the secondary windows must never get high-risk plugin permissions. Unit tests live alongside the code they test (each command file has its own #[cfg(test)] module).
At a glance
- Path:
src-tauri/tests/config_hardening.rs(93 LOC). - Tauri commands exposed: none.
- Events emitted: none.
- Depends on:
serde_json(for parsing the JSON configs),std::fsandstd::path::Path(for walking the capabilities directory).
What's in here
csp_keeps_loopback_narrow (src-tauri/tests/config_hardening.rs:15)
Reads src-tauri/tauri.conf.json, finds the connect-src directive of app.security.csp, asserts:
http://127.0.0.1:*is present.ws://127.0.0.1:*is present.http://localhost:*is absent.ws://localhost:*is absent.
This is the runtime sibling of the build-time guard in src-tauri/build.rs:30. Both must agree. The build guard is the harder check (it stops compilation) and the integration test is the safety net for someone running cargo test without cargo build between edits.
updater_is_signed_or_absent (src-tauri/tests/config_hardening.rs:35)
If plugins.updater exists in tauri.conf.json, asserts the pubkey field is a non-empty string. If plugins.updater is absent (which it currently is), the test is a no-op. The intent is that you cannot accidentally ship an updater config with a placeholder / empty key.
secondary_windows_do_not_get_high_risk_plugin_permissions (src-tauri/tests/config_hardening.rs:50)
Scans src-tauri/capabilities/*.json. For each capability whose windows array references any of tasks-float, transcript-viewer, or transcription-preview, asserts no permission starts with the prefixes dialog:, autostart:, global-shortcut:, opener:, or updater:. Catches drift the moment someone adds, say, dialog:default to a secondary capability. See Capabilities and ACL.
Unit tests (other locations)
Each command module has its own #[cfg(test)] mod tests block. Notable ones:
commands/audio.rs—recording_filenames_are_unique_across_rapid_calls(RB-06 regression for filename collisions),stop_worker_awaits_full_termination_no_writes_after_join,stop_worker_is_idempotent.commands/models.rs—compose_acceleratorsmatrix (RB-07 regression for the hard-coded["cpu", "vulkan"]bug).commands/llm.rs—classify_llm_load_errorcovers VRAM / corrupt-file / permission / unknown classifications.commands/paste.rs— terminal classifier and PowerShell escape-sequence tests.commands/intentions.rs—validate_hhmmaccepts/rejects.commands/power.rs—power_assertion_is_a_no_op_drop(registry hygiene),multiple_assertions_get_unique_ids.commands/security.rs—accepts_main_window/rejects_secondary_windowsforensure_main_window_label.commands/tts.rs— rate-clamp, platform-specific rate-mapping, macOS voice parser, Windows here-string escape.commands/fs.rs—write_text_file_roundtrips_utf8,write_text_file_errors_on_bad_parent.commands/mod.rs—build_initial_promptshape across all combinations of caller/profile/term inputs.
Data flow
- The integration test file loads
tauri.conf.jsonand thecapabilities/*.jsonfiles at runtime viaenv!("CARGO_MANIFEST_DIR"). No Tauri runtime is started. - Unit tests stay in the same compilation units as their target code, so they have direct access to private functions.
Watch-outs
- The integration test crate does not build with the full Tauri runtime. If you ever need a test that exercises
tauri::Builderend-to-end, you will need to add a#[tokio::test]with atauri::test::mock_app()helper, which is not currently used anywhere. csp_keeps_loopback_narrowusesdirective.starts_with("connect-src ")(with trailing space) which would matchconnect-src-elem— BUT the build-time guard inbuild.rsdoes the stricter full-name match. If the CSP ever gains aconnect-src-elemdirective that shouldn't include the loopback entries, this integration test would still pass while the build guard correctly checks the actualconnect-src. Worth tightening for parity.- The
updater_is_signed_or_absenttest is currently a no-op because noplugins.updaterblock ships. The first time a real updater config lands, the test will run. Document that fact in the PR that adds the updater so reviewers know the previously-passing test now checks something.
See also
- Tauri config — the file the CSP test reads.
- Capabilities and ACL — the files the secondary-windows test walks.
- Cargo and features — the build-time CSP guard pair.
- Commands README — index of the command-level unit tests.