fix(desktop): trust bundled ApeMind workflows by title+description fallback (#22)

* fix(desktop): trust bundled recipes by title when runtime hash mismatches

PR #20 pre-computed SHA-256 over `JSON.stringify(yaml.parse(file))` and
wrote `userData/recipe_hashes/<hash>.hash` for each bundled YAML. Field
inspection on 3F (冯诺伊曼) confirms three `.hash` files exist for the
three bundled recipes, but earayu2 still sees "⚠️ 新配方警告" when
opening any of them.

Root cause: the `recipe` object passed to the
`has-accepted-recipe-before` IPC at runtime comes from goose-server
(Rust). Its `JSON.stringify` shape (field order, `null` for absent
optional fields, extra metadata) differs from a naive
`JSON.stringify(yaml.parse(file))`, so the SHA-256 hashes do not match
and the existing pre-trusted file is never found.

Fix: add a second match path that does not depend on byte-exact JSON
serialization:

1. `seedDefaultRecipes` also writes
   `userData/bundled-recipe-titles.json` — an array of the `title`
   fields parsed from each bundled YAML.

2. `recipeHash.ts` `has-accepted-recipe-before` handler: when the hash
   lookup misses with ENOENT, fall back to checking whether
   `recipe.title` is in the bundled-titles list. If yes, return true.

Effect: bundled recipes are trusted on first open even if the runtime
recipe shape differs from yaml.parse output. Existing hash-based trust
still works for user-recorded acceptances (e.g. user clicks "Trust and
Execute" on a non-bundled recipe).

5-cat compliance: still category 3 (默认配置) + category 4 (UI
behavior). The IPC handler change is localized to one file; no change
to goose-rs / RecipeWarningModal / recipe loading logic.

Signed-off-by: earayu <earayu@163.com>

* refine: match bundled recipe by title AND description to lower collision risk

@梅西 raised that pure title match could false-positive on user-imported
recipes with the same title. Tighten by requiring both `title` and
`description` to match the bundled entry.

Both fields are stable identifiers of bundled ApeMind workflows
(authored by 梅西, unlikely to collide with random user imports). User
edits that change description still see the warning, which is the
intended security behavior for modified recipes.

Signed-off-by: earayu <earayu@163.com>

---------

Signed-off-by: earayu <earayu@163.com>

Author: earayu

ui/desktop/src/main.ts

@@ -181,12 +181,14 @@ async function seedDefaultRecipes(): Promise<void> {
     : path.join(__dirname, '..', 'default-recipes');
   const destDir = path.join(os.homedir(), '.config', 'goose', 'recipes');
   const hashesDir = path.join(app.getPath('userData'), 'recipe_hashes');
+  const bundledTitlesFile = path.join(app.getPath('userData'), 'bundled-recipe-titles.json');
 
   if (!fsSync.existsSync(sourceRoot)) return;
 
   await fs.mkdir(destDir, { recursive: true });
   await fs.mkdir(hashesDir, { recursive: true });
   const entries = await fs.readdir(sourceRoot);
+  const bundledTitles: Array<{ title: string; description: string }> = [];
   for (const entry of entries) {
     if (!entry.endsWith('.yaml') && !entry.endsWith('.yml')) continue;
     const sourcePath = path.join(sourceRoot, entry);
@@ -200,6 +202,14 @@ async function seedDefaultRecipes(): Promise<void> {
     try {
       const yamlContent = await fs.readFile(sourcePath, 'utf-8');
       const parsed = yaml.parse(yamlContent);
+      if (
+        parsed &&
+        typeof parsed === 'object' &&
+        typeof parsed.title === 'string' &&
+        typeof parsed.description === 'string'
+      ) {
+        bundledTitles.push({ title: parsed.title, description: parsed.description });
+      }
       const hash = crypto.createHash('sha256').update(JSON.stringify(parsed)).digest('hex');
       const hashFile = path.join(hashesDir, `${hash}.hash`);
       if (!fsSync.existsSync(hashFile)) {
@@ -210,6 +220,13 @@ async function seedDefaultRecipes(): Promise<void> {
       log.warn(`[seedDefaultRecipes] failed to pre-trust ${entry}:`, err);
     }
   }
+
+  try {
+    await fs.writeFile(bundledTitlesFile, JSON.stringify(bundledTitles, null, 2));
+    log.info(`[seedDefaultRecipes] wrote bundled-recipe-titles.json with ${bundledTitles.length} titles`);
+  } catch (err) {
+    log.warn(`[seedDefaultRecipes] failed to write bundled-recipe-titles.json:`, err);
+  }
 }
 
 function getSettings(): Settings {

ui/desktop/src/utils/recipeHash.ts

@@ -1,5 +1,6 @@
 import { ipcMain, app, BrowserWindow } from 'electron';
 import fs from 'node:fs/promises';
+import fsSync from 'node:fs';
 import path from 'node:path';
 import crypto from 'crypto';
 
@@ -16,6 +17,29 @@ async function getRecipeHashesDir(): Promise<string> {
   return hashesDir;
 }
 
+function isBundledRecipeByTitleAndDescription(recipe: unknown): boolean {
+  if (typeof recipe !== 'object' || recipe === null) return false;
+  const title = (recipe as { title?: unknown }).title;
+  const description = (recipe as { description?: unknown }).description;
+  if (typeof title !== 'string' || typeof description !== 'string') return false;
+  try {
+    const listFile = path.join(app.getPath('userData'), 'bundled-recipe-titles.json');
+    if (!fsSync.existsSync(listFile)) return false;
+    const raw = fsSync.readFileSync(listFile, 'utf-8');
+    const items: unknown = JSON.parse(raw);
+    if (!Array.isArray(items)) return false;
+    return items.some(
+      (it) =>
+        it != null &&
+        typeof it === 'object' &&
+        (it as { title?: unknown }).title === title &&
+        (it as { description?: unknown }).description === description
+    );
+  } catch {
+    return false;
+  }
+}
+
 ipcMain.handle('has-accepted-recipe-before', async (_event, recipe) => {
   const hash = calculateRecipeHash(recipe);
   const hashFile = path.join(await getRecipeHashesDir(), `${hash}.hash`);
@@ -24,7 +48,7 @@ ipcMain.handle('has-accepted-recipe-before', async (_event, recipe) => {
     return true;
   } catch (err) {
     if (typeof err === 'object' && err !== null && 'code' in err && err.code === 'ENOENT') {
-      return false;
+      return isBundledRecipeByTitleAndDescription(recipe);
     }
     throw err;
   }