Personal Workspace
Privacy-first desktop workspace app — notes, tasks, bookmarks, snippets, calendar, analytics, files. Built with Tauri v2 + Svelte 5 + Rust + SQLCipher.
Personal Workspace
A privacy-first, offline desktop productivity hub for Windows. Built with Tauri v2 (Rust backend) and Svelte 5 (TypeScript frontend), backed by SQLCipher-encrypted SQLite in WAL mode. Replaces 7+ separate tools with one unified app -- notes, tasks, bookmarks, snippets, calendar, analytics, and file management in a single window.
2,735 tests (2,209 Rust + 526 frontend) | 93.8% frontend line coverage | 66.5% Rust line coverage | 7-job CI pipeline | 14 E2E flows
Features
| Module | Description |
|---|---|
| Notes | Markdown editor (CodeMirror 6 + markdown-it), folders, pinning, auto-save with sequential queue, [[entity:id]] linking with inline autocomplete and backlinks |
| Tasks | Kanban board + list view, projects, subtasks, priorities (none through urgent), custom labels, batch operations, drag-and-drop reordering |
| Bookmarks | Auto metadata extraction (title, description, favicon), full-page archiving with HTML sanitization, offline reader, domain grouping sidebar |
| Snippets | Syntax-highlighted code library (10+ languages via CodeMirror), one-click copy with 60-second clipboard auto-clear |
| Calendar | Month and week views, RRULE recurrence (daily/weekly/monthly/yearly), system notification reminders, task due date integration |
| Analytics | Dashboard with Chart.js (line/doughnut charts, 52-week heatmap), habit tracker with streaks, time tracker (start/stop), standing leaderboard with tier badges |
| Files | Directory scanning (blake3 hashing), NTFS junction/symlink detection, file watcher (notify v7 + 2s debounce), drag-and-drop attachments |
| Search | FTS5 full-text search across all modules, highlight() excerpts, command palette (Ctrl+K) with debounced queries and stale-response discard |
| Trash | Unified soft-delete and restore across all entity types, permanent delete with orphan cleanup (tags, search index, entity links, physical files) |
| Settings | Exports (Markdown, CSV, HTML), encrypted backups, database health monitoring, per-table size breakdown, system health indicators, FTS5 index rebuild |
Cross-Module Capabilities
- Command Palette -- Ctrl+K opens a debounced FTS5 search with sequence-number stale-response discard, keyboard navigation, and ARIA combobox semantics.
- Entity Linking -- Type
[[in any markdown editor to get inline autocomplete. Links render as clickable references. Backlinks panel shows all incoming references. - Cross-Module Drag-and-Drop -- Custom
application/x-workspace-entityMIME type with JSON payload. Drag entities between modules; drop on calendar cells to set due dates; drop in editors to insert entity links. - Import -- Markdown files, browser bookmarks (HTML), and CSV tasks can be imported into their respective modules.
- Undo/Redo -- Application-level operation reversal architecture.
- Theming -- Dark mode (default) and light mode support.
Tech Stack
| Layer | Technology |
|---|---|
| Desktop framework | Tauri v2 |
| Backend language | Rust 2021 edition, Tokio async runtime |
| Database | SQLite via sqlx (WAL mode), SQLCipher encryption |
| Frontend framework | Svelte 5 with runes, TypeScript 5.6 strict mode |
| Build tool | Vite 6 |
| Code editor | CodeMirror 6, markdown-it |
| Charts | Chart.js 4 |
| Drag-and-drop | svelte-dnd-action |
| Encryption | AES-256-GCM-SIV, Argon2id key derivation, Windows Credential Manager (keyring) |
| HTML sanitization | ammonia, encoding_rs, scraper |
| Hashing | blake3 (file integrity), BLAKE3-based content addressing |
| HTTP | reqwest with rustls-tls, custom DNS resolver |
| File watching | notify v7 with debounced event delivery |
Architecture
Svelte 5 Frontend
Stores (.svelte.ts) --> cmd<T>() --> Tauri IPC (invoke)
| |
v v
+-----------------+ +------------------------+
| Tauri Commands | | Tauri Events |
| (120+ handlers) | | (entity-changed, etc.) |
+-----------------+ +------------------------+
| ^
v |
+-----------------+ publishes +------------------------+
| Service Layer | -------------> | EventBus (broadcast) |
| (business logic)| | FTS5 sync |
+-----------------+ | Deferred indexer |
| | Orphan cleanup |
v | Frontend notifier |
+-----------------+ | Backup monitor |
| SQLCipher/SQLite| +------------------------+
| WAL, 4 conns |
+-----------------+
Backend Layers
| Layer | Location | Responsibility |
|---|---|---|
| Commands | src-tauri/src/commands/ |
IPC boundary -- validate inputs, apply rate limits, delegate to services (16 modules) |
| Services | src-tauri/src/services/ |
Business logic, database queries, background tasks via CancellationToken |
| Models | src-tauri/src/models/ |
SQLite row structs with #[derive(FromRow, Serialize)] |
| Subscribers | src-tauri/src/services/subscribers/ |
EventBus listeners: FTS5 sync, deferred indexing, orphan cleanup, frontend notifier, backup monitor |
| Plugins | src-tauri/src/plugins/ |
EventBus (tokio broadcast, capacity 256), PluginRegistry, Plugin trait |
AppState (Tauri-managed shared state)
| Field | Type | Purpose |
|---|---|---|
db |
SqlitePool |
4-connection pool with WAL mode |
event_bus |
EventBus |
Tokio broadcast channel (typed AppEvent enum) |
plugins |
Arc<RwLock<PluginRegistry>> |
Plugin lifecycle management |
service_health |
Arc<RwLock<ServiceHealth>> |
Background service status with auto-restart-once |
cancel_token |
CancellationToken |
Graceful shutdown signal for all background tasks |
fetch_limiter |
FetchRateLimiter |
HTTP rate limiting (3 concurrent, 10/min) |
command_limiter |
CommandRateLimiter |
IPC concurrency cap (20 max) |
Frontend Architecture
| Layer | Location | Pattern |
|---|---|---|
| Stores | src/lib/stores/ |
Class-based .svelte.ts rune stores with load(), invalidate(), 5s staleness |
| API | src/lib/api/ |
Typed cmd<T>() and cmdSafe<T>() wrappers around Tauri invoke with error-to-toast mapping |
| Components | src/lib/components/ |
27 reusable UI components + 8 layout components |
| Modules | src/lib/modules/ |
9 feature modules (notes, tasks, bookmarks, snippets, calendar, analytics, files, settings, trash) |
| Router | src/lib/utils/router.svelte.ts |
Custom hash router (~60 lines, regex route matching, 11 routes, navigation guards) |
Security
| Category | Implementation |
|---|---|
| Data-at-Rest Encryption | SQLCipher full database encryption. Backup encryption via AES-256-GCM-SIV with Argon2id KDF. Keys stored in Windows Credential Manager, zeroized after use. |
| SSRF Protection | Custom SafeResolver (reqwest DNS resolver) filters private IPs including IPv6-mapped IPv4, CGNAT, and link-local. TLS 1.2+ enforced, 5-redirect limit with per-hop validation. |
| Rate Limiting | HTTP: semaphore (3 concurrent) + counter (10/min). IPC: semaphore (20 concurrent). Notifications: 5/min. |
| Input Validation | URL + private IP detection, path canonicalization, filename sanitization (strip dangerous chars), paste 2 MB limit, FTS5 query escaping, recurrence rule bounds (INTERVAL 1-365, UNTIL max 10 years). |
| HTML Sanitization | ammonia with tag/attribute/URL-scheme allowlists. Non-UTF-8 content transcoded via encoding_rs before sanitization. |
| File Safety | TOCTOU-safe attach via GetFinalPathNameByHandle (open-then-validate). 28-extension executable blocklist. 100 MB per-file limit. Directory scan depth capped at 5. NTFS junction/symlink detection. |
| Content Security Policy | default-src 'self', object-src 'none', no external scripts, devtools disabled in production builds. |
| Data Protection | ACL restricted to current user via icacls. Database excluded from Windows Search indexing. Clipboard auto-clear after 60s for snippet copies. PII redaction in all log output. |
| Shutdown Security | Graceful shutdown: cancel background services, FTS5 optimize, WAL truncate checkpoint, close pool. |
Database
SQLite in WAL mode with SQLCipher encryption and aggressive tuning:
| Setting | Value | Setting | Value | |
|---|---|---|---|---|
| Journal mode | WAL | Pool size | 4 connections | |
| Synchronous | NORMAL | Acquire timeout | 10s | |
| Foreign keys | ON | Idle timeout | 5 min | |
| Busy timeout | 5s | Max lifetime | 30 min | |
| mmap I/O | 256 MB | Auto-vacuum | INCREMENTAL | |
| Page cache | 20,000 pages | Secure delete | ON |
Schema: 16 tables, 20+ indexes, 7+ triggers, FTS5 virtual table (external content pattern), entity_links table for bidirectional cross-references.
Maintenance:
- Startup: integrity check (100 pages), WAL checkpoint if WAL > 64 MB, seed defaults, weekly ANALYZE
- Runtime: 30-minute periodic WAL passive checkpoint, deferred FTS5 indexing (5s flush, max 50/batch)
- Backups:
VACUUM INTOwith integrity validation, 7-backup retention, configurable directory, pre-empty-trash backup - Monitoring: per-table size via
dbstat, bloat ratio (threshold 1.5x), 500 MB startup toast, 2 GB persistent banner - Recovery: corruption dialog (Restore / Continue / Export), fallback dialog (Open Dir / Start Fresh), migration checksum mismatch handling
Getting Started
Prerequisites
| Requirement | Version | Notes |
|---|---|---|
| Rust | stable (2021 edition) | Install via rustup |
| Node.js | 20+ | LTS recommended |
| OpenSSL | -- | Required on Windows for SQLCipher (bundled via libsqlite3-sys) |
| Windows SDK | 10+ | For code signing and GetFinalPathNameByHandle |
Clone and Run
git clone <repository-url>
cd personal-workspace
npm install
npm run tauri dev
This starts the Vite dev server (hot reload on port 1420) and compiles the Rust backend. The first build downloads all Cargo dependencies and compiles SQLCipher, which may take several minutes.
Build for Production
npm run tauri build
Produces a Windows NSIS installer in src-tauri/target/release/bundle/nsis/. The installer is configured for per-user installation and includes an uninstall hook that offers to delete user data.
Development
Dev Server
npm run tauri dev # Full app (Vite + Rust backend)
npm run dev # Frontend only (Vite dev server on port 1420)
Linting
# Rust
cd src-tauri && cargo clippy --all-targets --all-features -- -D warnings
cd src-tauri && cargo fmt -- --check
# Frontend
npx tsc --noEmit
npx eslint . --max-warnings 0
npx svelte-check --tsconfig ./tsconfig.json
Testing
# Rust tests
cd src-tauri && cargo test
# Rust tests with coverage
cd src-tauri && cargo llvm-cov --all-features --lcov --output-path ../rust-lcov.info
# Frontend tests
npm run test
# Frontend tests with coverage
npm run test -- --coverage
# E2E tests (requires built app)
npm run test:e2e
# Full local CI pipeline
bash scripts/ci-check.sh
Useful Scripts
| Script | Purpose |
|---|---|
scripts/ci-check.sh |
Run the full CI pipeline locally (lint + test + coverage) |
scripts/collect-ci-report.sh |
Download and parse CI artifacts into reports/github/ |
scripts/check-bundle-size.sh |
Check installer size stays under 2 MB advisory threshold |
Testing
| Layer | Test Count | Coverage | Tool |
|---|---|---|---|
| Rust backend | 2,209 | 66.5% lines (threshold: 64%) | cargo-llvm-cov |
| Frontend (stores, utils, components) | 526 | 93.8% lines (threshold: 70%) | Vitest + v8 provider |
| E2E critical paths | 14 flows | -- | Playwright |
| Accessibility | per-component | aXe-core audits | vitest-axe |
Test Infrastructure
- Rust: In-memory SQLite per test with full migrations applied,
#[tokio::test]for async, factory functions with override-only-what-the-test-needs pattern - Frontend: jsdom environment,
@testing-library/sveltefor component testing, Tauri IPC mocked at the invoke boundary, explicit assertions only (no snapshots) - E2E: 13 Playwright spec files, 10 page objects, retry on flake, trace capture on failure
Test Categories
| Category | What It Covers |
|---|---|
| Unit (Rust) | URL validation, AppError serialization, path traversal, HTML sanitization, tag normalization, FTS5 query building, recurrence expansion |
| Integration (Rust) | CRUD for all 10 entity types, cascade deletes, soft-delete/restore, FTS5 sync, tag operations, constraints, concurrent access |
| Store tests | All module stores: load, invalidate, staleness, error handling |
| Component tests | Loading/empty/error states, keyboard navigation, ARIA attributes, slot content, event dispatching |
| Security tests | XSS injection, SQL injection, path traversal, private IP blocking, CSP enforcement, archived HTML sanitization, rate limit verification |
| Performance tests | Startup < 2s, note list (1000 items) < 200ms, FTS5 (10k entities) < 300ms, single write < 10ms |
Coverage Thresholds
| Metric | Rust | Frontend |
|---|---|---|
| Lines | 64% | 70% |
| Branches | -- | 65% |
| Functions | -- | 70% |
| Statements | -- | 70% |
CI/CD Pipeline
Test Pipeline (test.yml)
Runs on every push and pull request to master. Seven jobs with concurrency cancellation:
| Job | Tools | Gate |
|---|---|---|
| Lint Rust | clippy + cargo fmt --check |
Zero warnings |
| Lint Frontend | TypeScript + ESLint + svelte-check | Zero errors |
| Test Rust | cargo-llvm-cov | 64% line coverage |
| Test Frontend | Vitest + v8 coverage | 70% line coverage |
| Security Audit | cargo-audit + cargo-deny + npm-audit | No critical/high advisories |
| E2E Tests | Playwright (gated on lint + test jobs) | All flows pass |
| CI Report | Aggregates all job results | Summary table in GitHub Actions |
Every job writes structured output to $GITHUB_STEP_SUMMARY with pass/fail tables and collapsible error details. All tool output is uploaded as 30-day-retention artifacts. Coverage reports are uploaded to Codecov with separate rust and frontend flags.
Release Pipeline (release.yml)
Triggered on v* tags. Four jobs:
- Build -- Compile Tauri app for Windows, generate Rust and npm SBOMs (CycloneDX)
- Code Sign -- Sign MSI and NSIS installers with Windows certificate via signtool
- Changelog -- Generate changelog from conventional commits using git-cliff
- Release -- Create GitHub Release with signed installers, changelog body, and pre-release detection (tags containing
-)
Dependency Management
Dependabot configured for weekly updates (Monday 09:00 Asia/Jerusalem) across three ecosystems: Cargo, npm, and GitHub Actions.
Project Structure
personal-workspace/
|-- src-tauri/ Rust backend (Tauri v2)
| |-- src/
| | |-- commands/ IPC handlers (16 modules)
| | |-- services/ Business logic + background tasks
| | | +-- subscribers/ EventBus subscribers (5)
| | |-- models/ SQLite row structs
| | |-- plugins/ EventBus, PluginRegistry
| | |-- db/ Pool, WAL, ANALYZE, integrity
| | |-- error.rs AppError (14 variants)
| | |-- state.rs AppState, rate limiters
| | |-- validation.rs Input validation
| | |-- sanitizer.rs HTML sanitization (ammonia)
| | |-- logging.rs Tracing, rotation, redaction
| | |-- lib.rs Startup/shutdown sequences
| | +-- main.rs Entry point
| |-- tests/ Integration tests
| |-- migrations/ SQLite schema migrations
| +-- Cargo.toml
|-- src/ Svelte 5 frontend
| |-- lib/
| | |-- api/ Typed IPC wrappers (cmd, cmdSafe)
| | |-- components/
| | | |-- ui/ 27 reusable components
| | | |-- layout/ 8 layout components
| | | +-- dialogs/ Recovery and confirmation dialogs
| | |-- modules/ 9 feature modules
| | |-- stores/ Svelte 5 rune stores (class-based)
| | |-- utils/ Router, shortcuts, DnD, toast, focus trap
| | |-- types/ TypeScript type definitions
| | +-- __tests__/ Frontend test suites
| +-- styles/ CSS variables, global reset, themes
|-- e2e/ Playwright E2E tests (14 flows)
|-- scripts/
| |-- ci-check.sh Local CI pipeline runner
| |-- collect-ci-report.sh CI artifact report generator
| +-- check-bundle-size.sh Installer size advisory check
|-- specs/ 27 implementation specs (27,895 lines)
|-- .github/workflows/
| |-- test.yml 7-job test pipeline
| |-- release.yml Build + sign + changelog + release
| +-- dependabot.yml Dependency updates (weekly)
|-- eslint.config.js ESLint v10 flat config
|-- vitest.config.ts Vitest + coverage config
|-- cliff.toml git-cliff changelog config
|-- rustfmt.toml Rust format edition pin
+-- IMPLEMENTATION_PLAN.md 11-phase build plan (all complete)
Development Status
All 11 phases are complete. The full implementation plan covers 334 items across the following phases:
| Phase | Description | Status |
|---|---|---|
| 1 | Project Scaffolding and Foundation | Complete |
| 2 | Core Backend Infrastructure | Complete |
| 3 | Design System and App Shell | Complete |
| 4 | Backend Module Commands | Complete |
| 5 | Frontend Module UIs | Complete |
| 6 | Cross-Module Integration | Complete |
| 7 | Network and Security Hardening | Complete |
| 8 | Database Operations and Monitoring | Complete |
| 9 | Testing Infrastructure | Complete |
| 10 | CI/CD Pipeline | Complete |
| 11 | Polish and Future | Complete |
See IMPLEMENTATION_PLAN.md for the full task-by-task breakdown.
License
Copyright (c) 2026 Dor Shacham. All rights reserved.
This software is proprietary. Unauthorized copying, modification, distribution, or use of this software, via any medium, is strictly prohibited.
