implement base CLI for Linux & Windows

.github/workflows/test.yml

@@ -68,22 +68,22 @@ jobs:
       - name: Check format
         run: |
           rustup component add rustfmt
-          cargo fmt -- --check
+          cargo fmt --all -- --check
 
       - name: Run clippy linter
         run: |
           mkdir ../dist
           rustup component add clippy
-          cargo clippy --all-targets --all-features -- -D warnings
+          cargo clippy --workspace --all-targets --all-features -- -D warnings
 
       - name: Install cargo extensions
         uses: taiki-e/install-action@v2
         with:
-          tool: cargo-deny
+          tool: cargo-deny,cargo-nextest
 
       - name: Run cargo deny
         working-directory: ./src-tauri
         run: cargo deny check
 
       - name: Run tests
-        run: cargo test --locked --no-fail-fast
+        run: cargo nextest run --workspace --locked --no-fail-fast

.gitignore

@@ -36,3 +36,5 @@ src-tauri/gen/
 
 # nix stuff
 result
+
+target

flake.nix

@@ -68,6 +68,13 @@
             mkdir -p $out/bin
             cp ${defguard-client}/bin/dg $out/bin/
           '';
+        defguard-cli =
+          pkgs.runCommand "defguard-cli" {
+            nativeBuildInputs = [pkgs.makeWrapper];
+          } ''
+            mkdir -p $out/bin
+            cp ${defguard-client}/bin/defguard-cli $out/bin/
+          '';
       };
 
       checks.default = defguard-client;

new-ui/package.json

@@ -23,14 +23,19 @@
     "@tanstack/router-plugin": "^1.168.18",
     "@tauri-apps/api": "^2.11.0",
     "@tauri-apps/plugin-clipboard-manager": "^2.3.2",
+    "@tauri-apps/plugin-dialog": "^2.3.2",
+    "@tauri-apps/plugin-fs": "^2.3.2",
     "@tauri-apps/plugin-http": "^2.5.9",
     "@tauri-apps/plugin-log": "^2.8.0",
+    "@tauri-apps/plugin-opener": "^2.3.2",
     "@tauri-apps/plugin-os": "^2.3.2",
+    "@types/lodash-es": "^4.17.12",
     "@uidotdev/usehooks": "^2.4.1",
     "byte-size": "^9.0.1",
     "chart.js": "^4.5.1",
     "clsx": "^2.1.1",
     "dayjs": "^1.11.21",
+    "lodash-es": "^4.17.21",
     "motion": "^12.40.0",
     "p-timeout": "^7.0.1",
     "prettier": "^3.8.4",
@@ -39,6 +44,7 @@
     "react": "^19.2.7",
     "react-chartjs-2": "^5.3.1",
     "react-dom": "^19.2.7",
+    "react-loading-skeleton": "^3.5.0",
     "rxjs": "^7.8.2",
     "sass": "^1.100.0",
     "zod": "^4.4.3",

new-ui/vite.config.ts

@@ -8,7 +8,7 @@ import { devtools } from '@tanstack/devtools-vite';
 const host = process.env.TAURI_DEV_HOST;
 
 // https://vitejs.dev/config/
-export default defineConfig(async () => ({
+export default defineConfig(async ({ command }) => ({
   plugins: [devtools(), tanstackRouter(), react()],
   clearScreen: false,
   server: {
@@ -43,7 +43,7 @@ export default defineConfig(async () => ({
     },
   },
   envPrefix: ['VITE_', 'TAURI_'],
-  base: '/',
+  base: command === 'build' ? '/new-ui/' : '/',
   build: {
     outDir: '../dist',
     emptyOutDir: true,

nix/package.nix

@@ -90,11 +90,36 @@
     inherit pname version pnpm;
     src = ../.;
     fetcherVersion = 3;
-    hash = "sha256-7B5+C3q+jVQ2taKcfZkfTvH37OBDIPDM/4LLRqWPE+I=";
+    hash = "sha256-WjcZeKfEEjcry5dJ12yL+dz+/v5CmKSg0iHfYcoOtag=";
+  };
+
+  # Prefetch pnpm dependencies for the new UI (separate pnpm project).
+  newUiPnpmDeps = fetchPnpmDeps {
+    pname = "defguard-client-new-ui";
+    inherit version pnpm;
+    src = ../new-ui;
+    fetcherVersion = 3;
+    hash = "sha256-9PvWIkD+/1KLFqWvf5Kz6x3dABQILMooTC+MSqxDTlg=";
+  };
+
+  # Pre-build the new UI frontend so Tauri can serve it at /new-ui/.
+  newUiDist = pkgs.stdenv.mkDerivation {
+    pname = "defguard-client-new-ui";
+    inherit version;
+    src = ../new-ui;
+    nativeBuildInputs = [pkgs.nodejs_24 pnpm pnpmConfigHook];
+    pnpmDeps = newUiPnpmDeps;
+    buildPhase = ''
+      runHook preBuild
+      pnpm tsc -b
+      pnpm vite build --outDir "$out/new-ui"
+      runHook postBuild
+    '';
+    installPhase = "true";
   };
 in
   craneLib.mkCargoDerivation {
-    inherit pname version buildInputs cargoArtifacts cargoVendorDir pnpmDeps;
+    inherit pname version buildInputs cargoArtifacts cargoVendorDir pnpmDeps newUiDist;
 
     src = ../.;
 
@@ -140,9 +165,17 @@ in
     buildPhase = ''
       runHook preBuild
 
-      # Build the frontend first; tauri's beforeBuildCommand is suppressed
-      # below to avoid running pnpm build a second time.
+      # Build the old frontend and copy in the pre-built new UI.
       pnpm build
+      cp -r ${newUiDist}/new-ui dist/
+      chmod -R u+w dist/new-ui
+
+      # Tauri loads new-ui as WebviewUrl::App("new-ui/full/") and
+      # "new-ui/compact/".  Create index.html entry points for each so
+      # TanStack Router (basepath /new-ui/) can take over from there.
+      mkdir -p dist/new-ui/full dist/new-ui/compact
+      cp dist/new-ui/index.html dist/new-ui/full/
+      cp dist/new-ui/index.html dist/new-ui/compact/
 
       # --config replaces the build section from tauri.linux.conf.json.
       pnpm tauri build \
@@ -161,6 +194,7 @@ in
       mkdir -p $out/bin
       install -Dm755 "$targetDir/${pname}"         $out/bin/${pname}
       install -Dm755 "$targetDir/defguard-service" $out/bin/defguard-service
+      install -Dm755 "$targetDir/defguard-cli"     $out/bin/defguard-cli
       install -Dm755 "$targetDir/dg"               $out/bin/dg
 
       mkdir -p $out/lib/${pname}
@@ -188,10 +222,14 @@ in
     SQLX_OFFLINE = "true";
     doInstallCargoArtifacts = false;
 
-    # passthru attrs are ignored by the build but addressable by external tools:
-    # pnpmDeps — referenced by the update-pnpm-hash.yaml CI workflow
+    # passthru attrs are ignored by the build but addressable by external tools.
+    # There are TWO pnpm lockfiles, each with its own pinned hash that must be kept
+    # current when the corresponding lockfile changes:
+    #   pnpmDeps       - root pnpm project (../pnpm-lock.yaml)
+    #   newUiPnpmDeps  - new-ui pnpm project (../new-ui/pnpm-lock.yaml)
+    # Any hash-refresh automation (e.g. an update-pnpm-hash workflow) must update both.
     passthru = {
-      inherit pnpmDeps;
+      inherit pnpmDeps newUiPnpmDeps;
     };
 
     meta = with lib; {

nix/shell.nix

@@ -30,6 +30,7 @@ in
       rustToolchain
       trunk
       sqlx-cli
+      cargo-nextest
       vtsls
       trivy
     ];