Feat/web target

[cllarisy]

非常抱歉！我是 GitHub 菜鸟，不小心将自己 fork 分支的 commits 推送到了大佬的主项目中，我想挖个坑跳进去！
I'm really sorry! I'm a GitHub newbie, and I accidentally pushed commits from my fork branch to your main project. I feel so embarrassed that I just want to dig a hole and hide in it!

Summary

Feature Quality Contract

• Changed surface:
• Tests added or updated:
• Coverage evidence:
• E2E / live-model evidence:
• Known risk / rollback:

Verification

• I ran the relevant local checks, or explained why they do not apply.
• I added or updated same-area tests for every production behavior change.
• I ran bun run verify for code changes, including the coverage gate.
• New or changed executable production lines meet the changed-line coverage threshold, or the blocker/maintainer override is documented.
• I attached or summarized the quality report path, JUnit/log artifact path, and pass/fail/skip counts.
• I ran E2E/live smoke for cross-boundary, provider/runtime, desktop chat, agent-loop, native, or release changes, or documented the blocker.

Risk

• This PR does not touch CLI core paths, or it has maintainer approval for allow-cli-core-change.
• Production code changes include matching tests, or have maintainer approval for allow-missing-tests.
• Coverage baseline/threshold changes have maintainer approval for allow-coverage-baseline-change.
• Quarantined tests still have owners, exit criteria, and unexpired review windows.
• Provider/runtime changes were covered by mock contract tests, and live smoke was run or explicitly deferred.

@dosubot review this PR for changed-area risk, missing tests, docs impact, desktop startup risk, and CLI core impact.

[github-actions]

PR quality triage

Changed areas: area:desktop, area:docs, area:server

CLI core policy: No CLI-core policy block detected.

Missing-test policy: No missing-test policy block detected.

Coverage baseline policy: No coverage-baseline policy block detected.

CLI core files:

• none

Coverage policy files:

• none

Expected checks:

• change-policy
• desktop-checks
• server-checks
• desktop-native-checks
• docs-checks
• coverage-checks

Test coverage signals:

• No obvious missing-test signal from changed paths.

Risk notes:

• Desktop state/API layer changed: verify store persistence, WebSocket behavior, and startup errors.

Hard merge gates still come from GitHub Actions, not AI review.

Dosu handoff: Dosu can be used as the AI reviewer for risk explanation, missing-test prompts, and maintainer Q&A. If it does not comment automatically from the PR template, ask:

@dosubot review this PR for changed-area risk, missing tests, docs impact, desktop startup risk, and CLI core impact.

[dosubot]

Here's my review of PR #531 (Feat/web target) across the requested dimensions [1]:

---

Changed-Area Risk: 🟡 Medium

This PR touches 37 files (+1,526 / -28 lines) introducing a dual-runtime architecture (desktop + web). The highest-risk changes are:

• src/server/services/sessionService.ts — Modifies session creation logic to route web sessions to per-session workspace directories instead of homedir. Any regression here affects all sessions.
• src/server/services/repositoryLaunchService.ts — Adds hard rejection of git/branch launch in web mode. Risk of accidental rejection in desktop mode if getRuntimeMode() is misconfigured.
• desktop/src/lib/tauriBridge.ts (NEW) — All Tauri API calls now route through this dynamic import bridge. If isTauriRuntime() returns a false negative in desktop mode, Tauri features silently degrade.
• desktop/src/api/client.ts — Base URL derivation changes could break API connectivity if the environment detection fails.

---

Missing Tests: 🟢 Low Risk

Test coverage is extensive — 11 new test files across Bun test (server), Vitest (desktop), and Playwright (E2E). Coverage includes:

• Runtime mode detection with env priority
• Workspace creation + path traversal rejection
• Session creation in web mode
• Repository launch rejection in web mode
• Tauri bridge fallbacks
• Base URL derivation
• Web notification API fallbacks
• E2E web smoke test

One potential gap: no test for the tabStore.ts changes preventing terminal tab creation in web mode, and no test for ContentRouter.tsx terminal tab filtering.

---

Docs Impact: 🟢 Well-Covered

• CLAUDE.md (+164 lines) — comprehensive architecture guide
• docs/web/web-deployment-plan.md (+509 lines) — full Chinese-language design document

No existing docs were removed or contradicted.

---

Desktop Startup Risk: 🟡 Medium

• The new tauriBridge.ts module becomes the single entry point for all @tauri-apps/* imports. If this module has an initialization error, desktop startup could fail entirely.
• desktopRuntime.ts adds isWebTarget() gating — checked via import.meta.env.VITE_BUILD_TARGET. Build misconfiguration (missing define) would cause desktop to behave as web mode, silently disabling terminal, updater, and file dialogs.
• adapterStore.ts catches TauriUnavailableError — if the error class import fails, it could cause uncaught exceptions on desktop.

Mitigation: The E2E web smoke test exists (desktop/e2e/web-smoke.spec.ts), but there's no corresponding desktop E2E regression test added to verify desktop mode still starts correctly with the bridge changes.

---

CLI Core Impact: 🟠 Moderate — Requires allow-cli-core-change approval

Two CLI core service files were modified:

1. sessionService.ts — Session creation now conditionally calls ensureWebWorkspace() based on runtime mode
2. repositoryLaunchService.ts — Adds early-exit rejection when runtime mode is web

Both rely on the new runtimeMode.ts module. In desktop mode, these paths should be no-ops (runtime mode returns 'desktop'), but any bug in mode detection propagates to core session/launch behavior.

---

Summary Recommendation

Area	Risk	Verdict
Changed-area risk	🟡 Medium	Tauri bridge is a single point of failure for desktop
Missing tests	🟢 Low	11 new test files; minor gaps in UI component tests
Docs impact	🟢 Covered	673 lines of new documentation
Desktop startup	🟡 Medium	No desktop-mode regression E2E added
CLI core impact	🟠 Moderate	sessionService + repositoryLaunchService modified

Key suggestions before merge:

1. Add a desktop-mode E2E test verifying that terminal tabs, updater UI, and file dialogs still function with the bridge changes
2. Add unit tests for tabStore.ts and ContentRouter.tsx web-mode gating
3. Verify allow-cli-core-change approval is granted for the session/launch service modifications
4. Confirm the verification checklist items (all currently unchecked)

To reply, just mention @dosu.

---

Docs are dead. Just use Dosu.

[cllarisy]

非常抱歉！我是 GitHub 菜鸟，不小心将自己 fork 分支的 commits 推送到了大佬的主项目中，我想挖个坑跳进去！
I'm really sorry! I'm a GitHub newbie, and I accidentally pushed commits from my fork branch to your main project. I feel so embarrassed that I just want to dig a hole and hide in it!