Skip to content

Commit e758e6a

Browse files
committed
feat: task bar
1 parent 1ee6e62 commit e758e6a

14 files changed

Lines changed: 2764 additions & 191 deletions

Cargo.lock

Lines changed: 1860 additions & 130 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

Cargo.toml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,7 @@ chrono = { version = "0.4", features = ["serde"] }
1616
clap = { version = "4.5", features = ["derive"] }
1717
rand = "0.8"
1818
regex = "1"
19+
opener = "0.8"
1920
reqwest = { version = "0.12", default-features = false, features = ["json", "rustls-tls"] }
2021
serde = { version = "1", features = ["derive"] }
2122
serde_json = "1"
@@ -24,3 +25,7 @@ tokio = { version = "1", features = ["fs", "io-util", "macros", "net", "process"
2425
tracing = "0.1"
2526
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
2627
which = "6"
28+
29+
[target.'cfg(target_os = "macos")'.dependencies]
30+
tao = "0.35"
31+
tray-icon = "0.22"

README.md

Lines changed: 61 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,14 @@ them, and keep unreviewed critical findings visible until someone triages them.
88

99
![Vulnerability Daemon hero](./docs/assets/vulnerability-daemon-hero.png)
1010

11+
![Dashboard with toolbar icon](./docs/assets/dashboard-screenshot.png)
12+
1113
![Dashboard with review drawer](./docs/assets/dashboard-drawer-screenshot.png)
1214

15+
The app icon is served as the favicon, the install manifest icon, the header
16+
brand mark, and the top-right review queue button:
17+
[vulnerability-daemon-icon.svg](./docs/assets/vulnerability-daemon-icon.svg).
18+
1319
## What It Does
1420

1521
- Runs recurring security audits over local folders.
@@ -24,6 +30,17 @@ them, and keep unreviewed critical findings visible until someone triages them.
2430

2531
The core promise: never let a new critical finding disappear into a terminal log.
2632

33+
## Product Shape
34+
35+
The normal user flow is app-like:
36+
37+
1. Start `vuln-daemon`.
38+
2. It lives in the menu bar on macOS.
39+
3. Reviews run on the schedule in your config.
40+
4. Critical findings stay visible in the dashboard until reviewed.
41+
42+
The CLI commands remain available for automation, CI experiments, and debugging.
43+
2744
## Install
2845

2946
From source:
@@ -34,44 +51,70 @@ cargo install --path .
3451

3552
During development, use `cargo run --` in place of `vuln-daemon`.
3653

54+
This is still a source install. Packaged `.app`, Homebrew, and signed release
55+
binaries are planned so users do not need Rust installed.
56+
3757
## Quick Start
3858

39-
Create a config interactively:
59+
Start the app:
4060

4161
```bash
42-
vuln-daemon init
62+
vuln-daemon
4363
```
4464

45-
Or write the example config directly:
65+
or:
4666

4767
```bash
48-
vuln-daemon init-config ./vuln-daemon.config.json
68+
vuln-daemon start
69+
```
70+
71+
On first run it asks for one local repo/folder to watch, writes the app config,
72+
starts the local daemon, and opens the dashboard. On macOS it also stays in the
73+
menu bar with actions for opening the dashboard, starting a review now, opening
74+
the config, and quitting.
75+
76+
Default app config locations:
77+
78+
- macOS: `~/Library/Application Support/Vulnerability Daemon/config.json`
79+
- Linux: `~/.config/vulnerability-daemon/config.json`
80+
- Windows: `%APPDATA%\Vulnerability Daemon\config.json`
81+
82+
Use a specific config when you want to keep project-local state:
83+
84+
```bash
85+
vuln-daemon start --config ./vuln-daemon.config.json
4986
```
5087

51-
Edit the `targets` entries so each `path` points at a local repo or folder.
88+
## Power User CLI
5289

53-
Run one dry run without invoking an agent:
90+
Create a config without starting the app:
5491

5592
```bash
56-
vuln-daemon run-once --config ./vuln-daemon.config.json --dry-run
93+
vuln-daemon init
5794
```
5895

59-
Run one real audit:
96+
Write the example config directly:
97+
98+
```bash
99+
vuln-daemon init-config ./vuln-daemon.config.json
100+
```
101+
102+
Run one review immediately:
60103

61104
```bash
62105
vuln-daemon run-once --config ./vuln-daemon.config.json
63106
```
64107

65-
Start the local daemon and dashboard:
108+
Run the daemon without menu-bar integration:
66109

67110
```bash
68-
vuln-daemon serve --config ./vuln-daemon.config.json
111+
vuln-daemon start --config ./vuln-daemon.config.json --no-tray
69112
```
70113

71-
Then open:
114+
Or run the raw HTTP server:
72115

73-
```text
74-
http://127.0.0.1:8831
116+
```bash
117+
vuln-daemon serve --config ./vuln-daemon.config.json
75118
```
76119

77120
Export SARIF after runs:
@@ -118,7 +161,7 @@ For a compiled binary:
118161

119162
```bash
120163
cargo build --release
121-
./target/release/vuln-daemon serve --config ./vuln-daemon.config.json
164+
./target/release/vuln-daemon start --config ./vuln-daemon.config.json
122165
```
123166

124167
## API
@@ -194,15 +237,16 @@ out/vulnerability-daemon/
194237
}
195238
```
196239

197-
## Daemon Install
240+
## Headless Daemon Install
198241

199242
Examples are included for:
200243

201244
- [systemd](./examples/systemd/vulnerability-daemon.service)
202245
- [launchd](./examples/launchd/com.vulnerability-daemon.plist)
203246

204-
Both examples assume you have installed the compiled binary somewhere stable and
205-
created a config file. The dashboard should remain bound to `127.0.0.1`.
247+
Both examples run the HTTP/scheduler daemon without menu-bar UI. They assume you
248+
have installed the compiled binary somewhere stable and created a config file.
249+
The dashboard should remain bound to `127.0.0.1`.
206250

207251
## Security Notes
208252

5.07 KB
Loading
57.6 KB
Loading
Lines changed: 22 additions & 0 deletions
Loading

0 commit comments

Comments
 (0)