v1.0.6 — Sticky navigation buttons

UniCreate - Patch Notes v1.0.6

Date: 2026-03-01
Release tag: v1.0.6
Repository: drrakendu78/UniCreate

Highlights

• Sticky navigation buttons — Back/Continue buttons now stay visible at the bottom of the screen while scrolling through long pages.

Changes

1) Sticky navigation bar (QoL)

• Navigation buttons (Back / Continue / Submit) are now sticky at the bottom of the viewport on all step pages.
• When content is longer than the screen, buttons remain always accessible without scrolling down.
• Frosted glass effect (backdrop-blur-sm) for a clean, modern look.
• Full-width bar extends edge-to-edge (-mx-6 px-6) within the content container.

Impacted files:

• src/pages/StepInstaller.tsx
• src/pages/StepMetadata.tsx
• src/pages/StepReview.tsx
• src/pages/StepSubmit.tsx

2) Version bump

• App version updated to 1.0.6.

Impacted files:

• package.json
• src-tauri/Cargo.toml
• src-tauri/Cargo.lock
• src-tauri/tauri.conf.json

Build artifacts and SHA256 checksums

Checksums below match binaries produced by npm run tauri build.

File	Size (bytes)	SHA256
UniCreate_1.0.6_x64-setup.exe	16,550,837	3f2a47f374eab53ecbedcddf9e4f9f1d0c0f20b00bc3255b77f268d48dc390b9
UniCreate_1.0.6_x64_en-US.msi	19,931,136	9eda94a33deb8379a9c916cc060aa2cf54e710fcade75448f7d0a054e06f075b
UniCreate_1.0.6_x64_portable.exe	25,069,056	203f40501b446e2ce386cb48954ad9fb27db7c9e5c986b2922224264a3bbd81f

v1.0.5 — i18n, Enterprise Security & Settings Redesign

Highlights

• Full i18n — English & French across all pages
• Enterprise security — Never-save session mode, configurable timeout, audit log, HTTP proxy, GPO policy config
• Settings redesign — 7 sections: Account, Security, Network, General, Updates, History, About

What's New

i18n (EN/FR)

• Dictionary-based translation system with useT() hook
• All pages fully translated: Home, StepInstaller, StepMetadata, StepReview, StepSubmit, Settings, ProfileButton, App
• Language selector in Settings

Enterprise Security

• Never save session — Force ephemeral-only mode, token never stored in keyring
• Configurable timeout — 5, 10, 15, or 30 min ephemeral sessions
• Auto-lock — Session cleared when app regains visibility after expiry (Win+L, sleep)
• Token scope display — public_repo badge in Settings confirms minimal permissions
• Audit log — Every submission logged to %LOCALAPPDATA%\UniCreate\audit.log
• HTTP Proxy — Configure proxy URL in Settings > Network
• GPO policy config — Place unicreate.policy.json next to exe to enforce enterprise defaults

Policy Config Example

{
  "neverSaveSession": true,
  "ephemeralTimeoutMinutes": 5,
  "proxyUrl": "http://proxy.corp:8080",
  "autoCheckUpdates": false
}

SHA256 Checksums

File	SHA256
UniCreate_1.0.5_x64-setup.exe	37744a223faef98939778d8aec1dd053436bd757bf9a98cdcd108d7607f47433
UniCreate_1.0.5_x64_en-US.msi	1bfa956e2c52971e464c28193a4b2554a4cef6b417691b4dbc52abc1a0adef4a
UniCreate_1.0.5_x64_portable.exe	d4df565dda4e72daa3f9a8378a5be0c12b26abf91d15184445e9ff2ee5f88b59

v1.0.4

UniCreate - Patch Notes v1.0.4

Date: 2026-02-22
Release tag: v1.0.4
Repository: drrakendu78/UniCreate

Security commits

• d8e4a75 — security hardening, per-user history, rate limit fixes

Highlights

• Fixed Connect button modal flashing and immediately closing.
• Major security hardening across the entire Rust backend (SSRF, path traversal, input validation, CSP, timeouts).
• Auth token now passed to all GitHub API calls (5000 req/h vs 60 unauthenticated).
• Clear rate limit error messages instead of silent "not found".
• Per-user submission history isolation (each GitHub account sees only its own data).
• Metadata auto-fill now works for drag & drop local files (GitHub URLs).
• Profile repos (username/username) excluded from New Package repo list.
• Extracted React hooks for better code organization.
• Removed dead code and unused imports.

Bug fixes

1) Connect button modal flash fix

• The auth modal was appearing and immediately closing due to a useEffect triggering on initial render.
• Added flowStarted guard state to only close the modal after the device flow has actually started.
• Cancel/X buttons properly reset the flowStarted state.

Impacted file:

• src/components/ProfileButton.tsx

Security hardening

2) SSRF protection

• All HTTP downloads now enforce HTTPS-only.
• Added is_private_host() blocklist covering:
  • IPv4: localhost, 127.0.0.1, 0.0.0.0, 10.x, 172.16-31.x, 192.168.x, 169.254.x, .local, .internal
  • IPv6: ::1, ::0, fe80::, fc00::/fd00::, IPv4-mapped (::ffff:127.*, ::ffff:10.*, etc.)
• Post-redirect URL is re-validated (scheme + host) to prevent redirect-based SSRF.
• Download file size capped at 2 GB to prevent resource exhaustion.

Impacted file:

• src-tauri/src/hash.rs

3) Path traversal protection

• hash_local_file: file path is canonicalize()d before use.
• Extension whitelist enforced (.exe, .msi, .msix, .msixbundle, .appx, .zip).
• download_and_hash: file name from Content-Disposition is stripped to basename via Path::file_name() and special characters are replaced.
• save_yaml_files in lib.rs: validates file names (no /, \, ..), enforces .yaml extension, and checks canonicalized path stays within output directory.

Impacted files:

• src-tauri/src/hash.rs
• src-tauri/src/lib.rs

4) Input validation

• Added validate_package_id(): 1-128 chars, alphanumeric + . - _, no .., at least 2 segments.
• Added validate_version(): 1-64 chars, no / \ .., alphanumeric + . - _ +.
• Added validate_github_name(): 1-100 chars, alphanumeric + - _ ..
• Applied to all Tauri commands: submit_manifest, fetch_existing_manifest, check_package_exists, fetch_repo_metadata, fetch_repo_releases, save_yaml_files.

Impacted files:

• src-tauri/src/github.rs
• src-tauri/src/lib.rs

5) HTTP client hardening

• All reqwest::Client::new() replaced with http_client() factory.
• Global timeouts: 30s request, 10s connect.
• Download client: 300s timeout, max 5 redirects.

Impacted file:

• src-tauri/src/github.rs

6) CSP restriction

• Content Security Policy changed from https://* wildcard to strict whitelist:
  • connect-src: api.github.com, github.com, avatars.githubusercontent.com
  • img-src: self, asset:, avatars.githubusercontent.com

Impacted file:

• src-tauri/tauri.conf.json

7) Release URL validation

• Download URLs from GitHub release assets are now validated to ensure they point to trusted GitHub domains (github.com, objects.githubusercontent.com) before being exposed to the frontend.
• Self-update download URLs go through the same validation.

Impacted file:

• src-tauri/src/github.rs

8) Branch name collision prevention

• submit_manifest now appends a Unix timestamp to the branch name to prevent collisions when resubmitting the same package+version.

Impacted file:

• src-tauri/src/github.rs

9) Error message sanitization

• Removed raw GitHub API response bodies from user-facing error messages to prevent information leakage.
• Applies to: start_device_flow, fetch_unicreate_recent_prs, and OAuth error catch-all in poll_device_flow.

Impacted file:

• src-tauri/src/github.rs

10) Strict GitHub URL parsing

• parse_github_url and parse_github_pr_url now use strict equality (== "github.com") instead of contains("github.com") to prevent bypass via crafted domains (e.g. evil-github.com).

Impacted file:

• src-tauri/src/github.rs

11) Tag & version validation in API URLs

• Release tags in fetch_repo_metadata are validated (no /, \, .., ?, #, %, max 128 chars) before being used in API URL construction.
• latest_version from winget-pkgs API response is validated via validate_version() before being used in URL paths.

Impacted file:

• src-tauri/src/github.rs

12) Fetched content size limits

• YAML files fetched from GitHub API (base64 decoded) are capped at 512 KB to prevent memory exhaustion.
• Locale files fetched from winget-pkgs are capped at 20 per package.

Impacted file:

• src-tauri/src/github.rs

13) Safe file name filter

• All file names from GitHub API responses are validated with a safe_name filter rejecting /, \, .., ?, #, and % characters to prevent path traversal and percent-encoding bypass.

Impacted file:

• src-tauri/src/github.rs

14) Updater file name validation

• start_silent_update: the preferred_name parameter is validated (no - prefix for arg injection, no null bytes, max 255 chars) before being passed as a CLI argument to the updater process.
• Download URL file name is sanitized via safe_file_name() which replaces dangerous characters.

Impacted file:

• src-tauri/src/github.rs

15) Username validation before search query

• fetch_unicreate_recent_prs validates user.login via validate_github_name before using it in the GitHub search query, preventing query injection.

Impacted file:

• src-tauri/src/github.rs

Bug fixes (continued)

22) GitHub API rate limit — auth token propagation

• All GitHub API calls (fetch_repo_metadata, fetch_existing_manifest, check_package_exists) now accept and forward the user's auth token.
• Authenticated requests get 5000 req/h instead of 60, preventing silent failures.
• Rust backend now uses build_headers_optional(token) for optionally authenticated requests.

Impacted files:

• src-tauri/src/github.rs
• src-tauri/src/lib.rs
• src/pages/StepInstaller.tsx
• src/pages/StepMetadata.tsx
• src/pages/Home.tsx

23) Rate limit error detection

• fetch_existing_manifest and check_package_exists now check HTTP status before parsing JSON.
• 403/429 responses return a clear "GitHub API rate limit exceeded" message instead of misleading "not found".
• 404 returns "Package not found", other errors return "GitHub API error (HTTP xxx)".

Impacted file:

• src-tauri/src/github.rs

24) Metadata auto-fill for drag & drop local files

• handleAddFromLocal now fetches GitHub repo metadata when the URL contains "github.com/".
• In update mode: fills version, release notes, release notes URL.
• In new package mode: fills publisher, package name, description, tags, etc.

Impacted file:

• src/pages/StepInstaller.tsx

25) "New Package" always resets manifest

• handleNew now always calls reset() instead of resuming drafts, preventing stale data carry-over.
• "Update Package" button also resets before switching mode.

Impacted file:

• src/pages/Home.tsx

26) Per-user submission history

• History store rewritten with users: Record<string, UserHistory> keyed by GitHub username.
• activeUser synced from auth session in App.tsx.
• When no user is connected, all history fields return empty arrays (no data leakage).
• All write operations (addSubmission, removeSubmission, mergeRecoveredSubmissions, clearHistory) are no-ops when no user is active.
• Only the users map is persisted; computed fields are refreshed on login.

Impacted files:

• src/stores/history-store.ts
• src/App.tsx

Improvements

16) Rate/size limits on IPC commands

• YAML file count capped at 10 per operation (save_yaml_files, submit_manifest).
• YAML file content capped at 512 KB per file.
• PR URL list capped at 20 in fetch_pr_statuses.
• save_yaml_files: package_id capped at 128 chars, version capped at 64 chars.

Impacted files:

• src-tauri/src/lib.rs
• src-tauri/src/github.rs

17) Temp file race condition fix

• MSIX temp files now use a unique nanosecond-based name to prevent collisions.
• Files are opened with create_new(true) to prevent symlink following.

Impacted file:

• src-tauri/src/hash.rs

18) Owner/repo validation in fetch_pr_statuses

• Added validate_github_name check on owner and repo extracted from PR URLs, consistent with all other GitHub API calls.

Impacted file:

• src-tauri/src/github.rs

19) Profile repos excluded from New Package

• Repos where name == owner.login (profile repos) are now filtered out from the user repos list, since they never have releases.

Impacted file:

• src-tauri/src/github.rs

20) Code cleanup

• Extracted useDeviceFlow and useUserRepos custom hooks from inline component logic.
• Removed dead code and unused imports across multiple files.
• Moved ProfileButton to its own component file.

Impacted files:

• src/hooks/useDeviceFlow.ts
• src/hooks/useUserRepos.ts
• src/components/ProfileButton.tsx

21) Version bump

• App version updated to 1.0.4.

Impacted files:

• package.json
• src-tauri/Cargo.toml
• src-tauri/tauri.conf.json

Checksum...

v1.0.3

UniCreate - Patch Notes v1.0.3

Date: 2026-02-21
Release tag: v1.0.3
Repository: drrakendu78/UniCreate

Highlights

• Standalone updater app with progress bar (Discord-style) replaces invisible PowerShell script.
• Update mode now auto-fills version, release notes, and release notes URL from the new release.
• Recent packages quick-select chips in Update mode.
• Multi-segment package IDs fully supported (e.g., Microsoft.VisualStudio.2022.Community).
• All InstallerSwitches fields now written to YAML output.
• App version in TitleBar auto-synced from package.json.
• Docs: PR labels collapsed into hover tooltip.

Technical changes

1) Standalone updater app

• New updater/ Tauri project — a lightweight standalone window with logo, animated progress bar, and status text.
• Replaces the old PowerShell silent update script.
• Flow: main app launches UniCreate-Updater.exe with CLI args (--url, --name, --app, --pid), then closes. The updater waits for the main app PID to exit, downloads the installer with real-time progress, runs the silent install, and relaunches the app.
• PID polling uses Windows OpenProcess API (no more tasklist subprocess).
• Bundled as a resource alongside the main executable.

Impacted/new files:

• updater/ (new Tauri project)
• src-tauri/src/github.rs (replaced PowerShell script with updater launch)
• src-tauri/tauri.conf.json (added resources for updater exe)

2) YAML field parser fix

• parse_yaml_field now matches "Field: " exactly instead of prefix-matching.
• Prevents Publisher from matching PublisherUrl.

Impacted file:

• src-tauri/src/github.rs

3) InstallerSwitches complete output

• All switch fields (Interactive, InstallLocation, Log, Upgrade, Repair) are now written to YAML when provided.
• Removed #[allow(dead_code)] on InstallerSwitches struct.

Impacted file:

• src-tauri/src/yaml_generator.rs

4) Multi-segment package ID support

• Replaced splitn(2, '.') with split('.') + join("/") for building winget-pkgs paths.
• Correctly handles IDs like Microsoft.VisualStudio.2022.Community → manifests/m/Microsoft/VisualStudio/2022/Community/.
• Applied to fetch_existing_manifest, check_package_exists, and submit_manifest.

Impacted file:

• src-tauri/src/github.rs

5) Dynamic version in TitleBar

• Added __APP_VERSION__ define in Vite config, reading from package.json.
• TitleBar now displays version dynamically instead of hardcoded string.

Impacted files:

• vite.config.ts
• src/vite-env.d.ts
• src/App.tsx

6) Update mode: auto-fill from new release

• In update mode, StepInstaller now applies version, releaseNotes, and releaseNotesUrl from the new GitHub release metadata.
• Removed stale releaseNotesUrl from applyExistingManifest to prevent old tag carry-over.

Impacted files:

• src/pages/StepInstaller.tsx
• src/stores/manifest-store.ts

7) Recent packages quick-select in Update mode

• Added clickable chips showing previously submitted package IDs in the Update search view.
• Clicking a chip auto-fills the input and triggers the search immediately.
• Chips are deduplicated from submission history.

Impacted file:

• src/pages/Home.tsx

8) Docs: PR labels as tooltip

• PR label badges on the site are now collapsed into a compact "N labels" chip.
• Hovering reveals all labels in a dropdown tooltip.

Impacted files:

• docs/app.js
• docs/styles.css

9) Version bump

• App version updated to 1.0.3.

Impacted files:

• package.json
• src-tauri/Cargo.toml
• src-tauri/tauri.conf.json

Build artifacts and SHA256 checksums

Checksums below match binaries produced by npm run tauri build.

File	Size (bytes)	SHA256
UniCreate_1.0.3_x64-setup.exe	16414018	b9994b533f2f43aa2965b0fe9a371c7e54d245e61ad30b5723475f5c72fcdba8
UniCreate_1.0.3_x64_en-US.msi	19722240	a53f07cb33c57ab9a7f0856c6faa3180a69fa4168cfaa322a42c070b9a63b631
UniCreate_1.0.3_x64_portable.exe	24460288	a120fd636caccb9a5a7051b706abb19ae7396e4323bf895a55212940f6b25ff6

UniCreate v1.0.2

🚀 UniCreate - Patch Notes v1.0.2

📅 Date: 2026-02-19
Release tag: v1.0.2
Repository: drrakendu78/UniCreate

✨ What's new

• Improved PR status clarity in Home with more precise live badges.
• Reduced false alerts: no more warning when PR is only waiting review/check computation.
• Version bump to 1.0.2.

🔍 PR status improvements

1) More precise mergeability badges

• Added dedicated badges for open PR merge state:
  • Ready
  • Pending review
  • Behind
  • Draft
  • Conflicts
  • Checks failing
  • Syncing

Impacted file:

• src/pages/Home.tsx

2) Action badge is now stricter

• Replaced generic Attention with Needs action.
• Needs action now appears only for explicit problematic states.
• blocked and behind no longer trigger an error-style badge by default.

Impacted file:

• src-tauri/src/github.rs

3) Version update

• App version updated from 1.0.1 to 1.0.2.

Impacted files:

• package.json
• src-tauri/Cargo.toml
• src-tauri/Cargo.lock
• src-tauri/tauri.conf.json
• src/App.tsx

📦 Windows artifacts and SHA256 checksums

Checksums below match binaries produced by npm run tauri build.

File	Size (bytes)	SHA256
UniCreate_1.0.2_x64-setup.exe	11254227	033c03d8a54691fccedf72d5e9c99ccb8ce6f3fa244409dd9deb896cea31b329
UniCreate_1.0.2_x64_en-US.msi	13373440	6fb1fb3b6b56e18989ee6ac19d013023661a961b7755835ef166537435912bed
UniCreate_1.0.2_x64_portable.exe	24452608	0b2cec7363b57f2d94bc7314e49a7829d8626bc2e8b037c08e724e1a3462f73d

UniCreate v1.0.1

UniCreate - Patch Notes v1.0.1

Date: 2026-02-19
Release tag: v1.0.1
Repository: drrakendu78/UniCreate

Highlights

• Added YAML edit mode in Review step (Step 3).
• Improved YAML generation to avoid forced quotes by default (winget-pkgs style).
• Kept safe quoting only when technically required.
• Added multiline YAML block output for multiline fields (for example ReleaseNotes).

Technical changes

1) Review YAML editor

• New Edit YAML toggle in Review.
• Inline textarea editor for active manifest tab.
• Edited content is used for copy/export.

Impacted file:

• src/pages/StepReview.tsx

2) YAML output formatting

• Removed global forced "..." formatting.
• Added scalar formatter with conditional quoting.
• Added block-scalar formatting (|-) for multiline text.

Impacted file:

• src-tauri/src/yaml_generator.rs

3) Version bump

• App version updated to 1.0.1.

Impacted files:

• package.json
• src-tauri/Cargo.toml
• src-tauri/Cargo.lock
• src-tauri/tauri.conf.json
• src/App.tsx

Build artifacts and SHA256 checksums

Checksums below match binaries produced by npm run tauri build.

File	Size (bytes)	SHA256
src-tauri/target/release/bundle/nsis/UniCreate_1.0.1_x64-setup.exe	11260435	915e55ce6ff3d9d5208828d77945749d9204948d02f06131ef9c8657aed045e9
src-tauri/target/release/bundle/msi/UniCreate_1.0.1_x64_en-US.msi	13373440	38e4d62808f28a6fb9f8f8f4551a66be497605455241788ee04c38330fc219e9
UniCreate_1.0.1_x64_portable.exe	24451072	c293b1545ff2d21cf80541cf5c6b481e06997b5832ae5bfd23ee061a50fbac60

UniCreate v1.0.0

🎉 UniCreate - Patch Notes v1.0.0

📅 Date: 2026-02-19
Release tag: v1.0.0
Repository: drrakendu78/UniCreate

📚 Changes documented in CONTEXT.md

1) 🛠️ WinGet generation reliability improvements

• Added automatic $schema headers in all generated YAML files:
  • version
  • installer
  • defaultLocale
  • locale
• Added automatic silent mode defaults for exe installers:
  • if InstallerSwitches.Silent is missing -> "/S"
  • if InstallerSwitches.SilentWithProgress is missing -> "/S"
  • existing switches are preserved (not overwritten)
• Centralized manifest schema version in Rust generator:
  • MANIFEST_SCHEMA_VERSION = "1.9.0"

🗂️ Impacted file:

• src-tauri/src/yaml_generator.rs

2) 🔄 Recover PRs (history recovery)

• Added Recover PRs button on Home, visible even with empty history.
• Recovery uses keychain token (get_github_token) with guided UX when missing.
• Backend fetch of UniCreate-created PRs in winget-pkgs:
  • repo:microsoft/winget-pkgs is:pr author:{username} "Created with [UniCreate]"
  • sorted by creation date descending
  • UI limit: 10 (API allows 1..30)
• Automatic PR title parsing:
  • regex: ^New version:\s+(.+?)\s+version\s+(.+)$
  • fallback: packageId = title, version = "-"
• Smart local history merge:
  • deduplicate by prUrl
  • keep most recent entry
  • sort by date descending
  • strict truncation to 10 entries
• UX states:
  • disabled button during recovery
  • Recovering... spinner
  • success/info/error toasts

🆕 New elements:

• Tauri command: fetch_unicreate_recent_prs(token, limit?)
• Rust struct: RecoveredPr { pr_url, title, created_at, user_login }
• TS type: RecoveredPr
• History store: mergeRecoveredSubmissions(entries, maxItems)

🗂️ Impacted files:

• src-tauri/src/github.rs
• src-tauri/src/lib.rs
• src/lib/types.ts
• src/stores/history-store.ts
• src/pages/Home.tsx

3) 🔐 Home auth UX + stronger session security

• Added GitHub Device Flow auth modal directly on Home for Recover PRs.
• Added Disconnect on Home:
  • clears keychain token
  • clears in-memory session
• Added global auth session store auth-session-store (non-persisted).
• Session policy:
  • Remember session defaults to false in Home modal
  • non-saved session stays in-memory only
  • ephemeral session auto-lock after 15 minutes inactivity
  • invalid token/401 triggers purge + reconnect prompt
• Rust hardening:
  • removed unwrap() on Authorization header construction
  • added empty-token validation in authenticate_github
• Home UI polish:
  • recent submissions header stays clean
  • removed (session) label
  • compact @username display
• StepInstaller update for Tauri v2 drag/drop events:
  • hover/cancel replaced by enter/over/leave
  • fixed TypeScript build error

🗂️ Impacted files:

• src/pages/Home.tsx
• src/stores/auth-session-store.ts
• src/pages/StepInstaller.tsx
• src-tauri/src/github.rs

4) 🌗 Review light mode + installer draft resume

• Review step light mode readability fix:
  • YAML viewer background is light in light mode
  • code text forced dark in light mode and light in dark mode
• Home -> New Package behavior:
  • removed forced reset when a draft already exists
  • resumes wizard with setStep("installer") when draft is detected
  • reset remains when explicitly leaving update mode to start new package

🗂️ Impacted files:

• src/pages/StepReview.tsx
• src/pages/Home.tsx

5) 🔗 Home<->Submit shared session + light logo

• Shared session between Home and Submit:
  • StepSubmit syncs auth-session-store (activeSessionToken, savedSessionUser, hasSavedSession)
  • Home login is immediately recognized in Submit
  • Device Flow login in Submit also updates shared store
  • Submit Disconnect clears keychain + shared session
  • submit 401 handling clears session + asks reconnect
  • New Manifest after success no longer clears session
• Added light logo variant:
  • src/assets/logo-text-light.png
  • Home shows light logo in light mode and dark logo in dark mode

🗂️ Impacted files:

• src/pages/StepSubmit.tsx
• src/pages/Home.tsx
• src/assets/logo-text-light.png

6) 🧩 StepSubmit import fix

• Fixed Vite runtime error:
  • StepSubmit now has a default export
  • App.tsx uses default import:
    • import StepSubmit from "@/pages/StepSubmit"

🗂️ Impacted files:

• src/pages/StepSubmit.tsx
• src/App.tsx

7) 🛰️ Live PR status on Home

• Backend:
  • new PrLiveStatus struct (prUrl, status, hasIssues, mergeableState)
  • new command fetch_pr_statuses(pr_urls, token?)
  • GitHub PR URL parsing
  • PR state fetch via GET /repos/{owner}/{repo}/pulls/{number}
  • automatic no-token fallback when token is rejected (401/403)
• Frontend Home:
  • auto polling every 30 seconds
  • badges:
    • Merged
    • Open
    • Closed
    • Unknown
  • Attention badge when issues are detected
  • live status shown/refreshed only when activeSessionToken exists
  • when disconnected, list remains visible without live status

🗂️ Impacted files:

• src-tauri/src/github.rs
• src-tauri/src/lib.rs
• src/lib/types.ts
• src/pages/Home.tsx

8) ✨ Recent Submissions header UX

• Split header into 2 lines:
  • line 1: title + action buttons
  • line 2 (when connected): @username + Live/Sync indicator
• Increased username space and full tooltip.

🗂️ Impacted file:

• src/pages/Home.tsx

🚀 Additional changes for v1 release

9) 🔄 In-app update system (GitHub API + silent updater)

• New Tauri command: check_app_update.
• Update check via GitHub API:
  • GET https://api.github.com/repos/drrakendu78/UniCreate/releases/latest
• Returned fields:
  • currentVersion
  • latestVersion
  • hasUpdate
  • releaseNotes
  • releaseUrl
  • publishedAt
  • downloadUrl (preferred .exe release asset)
  • downloadName
• Improved version comparison logic (numeric multi-segment parsing).
• In-app update popup:
  • consistent light/dark styling
  • release notes visible in popup
  • Later / Update actions
  • Later stores dismissed version in localStorage
  • Update runs a silent Windows update flow (no browser):
    • launches invisible PowerShell script (-WindowStyle Hidden)
    • downloads installer (.exe / .msi)
    • closes app
    • performs silent install (/S or msiexec /qn)
    • automatically relaunches app
• Removed fake dev update mode before production release.

🗂️ Impacted files:

• src-tauri/src/github.rs
• src-tauri/src/lib.rs
• src/lib/types.ts
• src/App.tsx

📦 Windows build artifacts and SHA256 checksums

✅ Checksums below match binaries produced by npm run tauri build.

File	Size (bytes)	SHA256
src-tauri/target/release/bundle/nsis/UniCreate_1.0.0_x64-setup.exe	11262692	59aae2788e710dff71a94d95582b7615edb1e844b3280cd94e16a390e6d1be9c
src-tauri/target/release/bundle/msi/UniCreate_1.0.0_x64_en-US.msi	13373440	ac59f4c373d1bbf660c50133b13ff87b41c8fd29cea0f057c9d484b3878f61c1
src-tauri/target/release/unicreate.exe	24467968	c3e34191fbcf3bbe61ea99d4e4da5124c4158c0fa7a1d98e92c94d0636ede2ae