809559e6dc
This rolls together desktop wallet hardening, UX polish, and operational fixes we have been carrying in the branch. The goal is safer defaults, less noisy background behaviour. Security - Tighten the Tauri CSP for production and keep connect-src aligned with real needs. - Add a safe URL opener path (allowlisted schemes / validation) so user-influenced links do not become an open redirect surface. - Replace unwrap usage in mixnet account flows with proper errors and propagation. - Add an internal threat-model note so future changes keep the same assumptions explicit. Clipboard and desktop - Add a window-level Tauri clipboard hook for normal inputs, with clear exclusions for currency fields, auth-sensitive paste, and opt-in replace-paste fields. - Wire an Edit menu (cut, copy, paste, select all) where it helps, and keep behaviour consistent with the hook. - Deduplicate clipboard field props and satisfy ESLint on optional paste handlers. Updater and vesting operations - Treat legacy static updater JSON (missing per-platform signatures) as a soft failure with a clear warning, instead of erroring the version check IPC - Cut vesting polling spam when the chain has no vesting account for the address, and map vesting "no account" to a dedicated BackendError for stable handling on the client. - Move high-frequency vesting query logs to debug and keep removed-query stubs at warn. Icons and first-run chrome - Regenerate macOS/Windows icon assets from a padded 1024 master so dock and switcher visual weight matches other apps; add a small script to regenerate from app-icon-source.png. - Default the app to dark mode, paint the HTML shell and webview background in the same dark base colour Housekeeping - Mock app context defaults to dark for consistency with the new baseline. Validation run locally where relevant: Rust check, TypeScript check, ESLint, and icon regeneration script smoke run. - Remove storybook and old webdriver tests too