Add install-runtime command to tunnel-helper for automated WireGuard installation on Windows. Download and bundle official WireGuard MSI during build process with automatic version discovery from wireguard.com.
Add ensure_windows_runtime_installed checks before connect/disconnect operations. Implement install_windows_runtime with UAC elevation prompt and install_windows_runtime_direct for MS
Add -L flag to cp commands to dereference symlinks and copy actual binaries instead of symlink references when bundling wg and wg-quick tools for aarch64-apple-darwin target.
Add wait_for_macos_tunnel_running helper with 6-second polling loop checking tunnel_service_is_active after wg-quick up command. Retry up to 12 times with 500ms intervals before returning error if interface not verified.
Add wg and wg-quick bundling to build-tunnel-helper.sh for aarch64-apple-darwin target. Check for wireguard-tools installation and copy binaries to output directory with execute permissions.
Implement find_wg_quick helper with bundled tool detection and standard path fallbacks. Add bundled_macos_tool to check for tools in current executable directory. Update connect_direct and disconnect_direct to use explicit
Add macos-desktop-client.yml workflow with manual dispatch trigger running on macos-arm64 runner. Install Node.js 22 and Rust toolchain with aarch64-apple-darwin target. Build bundled tunnel helper and Tauri application bundle, then upload .app, .dmg, and raw build artifacts.
Fix tunnel_metrics handler to clone app handle before spawn_blocking to prevent ownership issues when passing to tunnel
Add ServiceCatalogItem type and services CRUD API endpoints (list, create, update, delete). Extend Policy type to include services array with domain, upstream_ip, proxy_ip, and ports metadata.
Add ServicesPage component with table view and create/edit modals for managing service definitions. Include service name, domain, proxy, and upstream columns with port parsing logic.
Integrate service selection
Move tunnel_manager::connect and disconnect calls into spawn_blocking tasks to prevent blocking async runtime. Clone app handle and profile path before spawning. Add map_err for task join failures.
Add tunnelActionPending state to track in-progress tunnel operations. Pass busy prop to AppHeader and disable sync/logout/connect buttons during tunnel actions. Update connect button text to show "
Add SelectOwnProfile handler to allow users to choose from available access profiles. Store selected profile ID per device in settings table with device_access_profile category. Implement GetSelectedProfileID and SetSelectedProfileID repository methods using JSONB storage.
Add ListSelectableProfiles to policy repository and service to query user/group/device-specific profiles ordered by priority. Filter gateway
Extract App.tsx logic into reusable components: AppHeader, ResourcePanel, StatusCard, StatTile, and ActionButton. Replace inline markup with component composition and props-based data flow.
Redesign visual system with enhanced gradients, refined color palette, and improved spacing. Update app-shell grid layout with 18px gaps and 1140px max width. Add radial gradient overlays and linear background
Replace direct cargo xwin execution with PATH traversal to locate actual cargo-xwin binary outside script's own directory. Add error handling with installation instructions when binary not found. Skip script's own directory and empty PATH entries during search.
Add align-items: start to body-grid and align-content: start to status-grid to prevent vertical stretching and maintain top alignment. Reduce responsive breakpoint from 960px to 760px to match new default window width.
Reduce padding, gaps, and font sizes across all components. Change html/body/root from min-height to fixed height with overflow hidden. Decrease app-frame padding from 18px to 12px and add grid-template-rows with overflow handling. Reduce brand lockup logo from 54px to 44px and adjust gaps throughout. Decrease button padding, surface padding, and card padding. Reduce body-grid sidebar from 290px to 250px.
Reduce default window dimensions from 1120x760 to 940x640 pixels and disable resizing. Remove TunnelMetrics and RawTunnelMetrics types, formatDataSize and normalizeTunnelMetrics helpers, and all transfer statistics tracking from App component. Replace refreshTunnelMetrics with simpler refreshTunnelStatus that only queries tunnel active state. Remove received/sent data display cards from status panel and eliminate metrics
Add png dependency and tauri image-png feature to support custom tray icon rendering. Load base disconnected icon from bundled PNG and generate connected variant with green circular badge containing white checkmark overlay. Implement draw_check_badge, draw_line, and blend_pixel helpers using Bresenham's line algorithm for badge rendering. Store both icon variants and TrayIcon reference in TrayState and update icon
Replace tauri::async_runtime::spawn with std::thread::spawn for periodic tray menu refresh background task and change async sleep to blocking thread sleep. Prefix unused state parameter with underscore in sync_profile command to suppress compiler warnings.
Add background task to refresh tray menu every 5 seconds to keep status display current. Add RawTunnelMetrics type and normalizeTunnelMetrics helper to handle both snake_case and camelCase field names from backend responses. Update refreshTunnelMetrics to normalize metrics before setting state and explicitly cast active status to boolean.
Add read_transfer_totals_from_show function to parse transfer statistics from wg show output as fallback when wg show dump command fails. Add parse_human_wireguard_bytes helper to convert human-readable byte values (B, KiB, MiB, GiB, TiB) to u64. Update read_transfer_totals to call fallback instead of returning error when dump command fails.
Replace metrics query in is_active with direct tunnel_backend status command call to avoid unnecessary metrics overhead when only checking tunnel state. Parse status command stdout and compare against "active" string case-insensitively. Add Windows CREATE_NO_WINDOW flag to status command execution.
Add fallback to tunnel_status when metrics query fails in current_metrics function, returning zero bytes with actual tunnel state. Update waitForTunnelStatus in frontend to use tunnel_status instead of tunnel_metrics for status polling and refresh metrics separately on success. Change CloseRequested window event handler to call app_handle().exit(0) instead of no-op. Replace "sc" with "sc.exe" in all Windows service command
Remove direct_windows_metrics, read_windows_metrics_from_show, parse_human_wireguard_bytes, and find_windows_wg functions from tunnel_manager.rs to rely on bundled backend for all metrics queries. Update find_wg_cli in tunnel-helper to return "wg.exe" as fallback when WireGuard installation paths don't exist, removing "wg" from candidate list.
Add RefreshRequest struct for token refresh API calls. Update sync_current_session to detect 401 responses and automatically refresh access tokens using refresh token before retrying profile sync. Store refreshed access and refresh tokens in existing session state. Extract profile URL to variable for reuse in retry logic.
Add PredefinedMenuItem import and create separator items to visually group tray menu sections. Update menu item labels from "Open/Quit NexaVPN" to "Open/Quit NexaVPN Client" for clarity. Add separators around toggle item to separate status display from actions. Add no-op event handlers for status, received, and sent menu items to prevent unintended interactions with display-only elements.
Add applyCurrentPolicy function to resolve and apply policy destinations to enrollment responses with fallback to 172.16.10.0/24 when no destinations exist. Replace withDebugProfile calls with applyCurrentPolicy in GetLatestEnrollmentByUser and GetEnrollmentByDeviceID. Extract sync_current_session helper function to deduplicate profile sync logic between sync_profile and connect_tunnel commands. Update connect
Add TrayState struct to track menu items for status, received/sent bytes, and connection toggle. Add format_data_size helper to convert bytes to human-readable units (B, KB, MB, GB, TB). Add current_metrics, update_tray_menu, refresh_tray_menu, and toggle_tray_connection functions to manage tray state. Update tray menu to include status, received, sent, and toggle items. Call refresh_tray_menu after enroll_device
Add read_windows_metrics_from_show function that parses human-readable transfer output from wg show command when wg show dump fails. Add parse_human_wireguard_bytes helper to convert human-readable byte values (B, KiB, MiB, GiB, TiB) to u64. Update direct_windows_metrics to fall back to transfer parsing instead of returning zero metrics when dump command fails.
Add direct_windows_metrics function that queries WireGuard tunnel metrics directly using sc query and wg show dump commands instead of tunnel helper. Add find_windows_wg helper to locate wg.exe in standard installation paths. Update metrics function to attempt direct collection first on Windows before falling back to tunnel helper. Parse rx_bytes and tx_bytes from wg show dump output by sum
Add CREATE_NO_WINDOW flag to all tunnel helper Command invocations on Windows to prevent console window flashing during connect, disconnect, and metrics operations. Import CommandExt trait and define CREATE_NO_WINDOW constant for Windows builds.
Remove windows_subsystem = "windows" attribute from tunnel-helper to allow console output for debugging and logging. This enables stdout/stderr visibility when running the helper binary directly.
Add NSIS_HOOK_PREINSTALL macro that stops WireGuardTunnel$NexaVPN service, kills nexavpn-desktop.exe and nexavpn-tunnel-helper.exe processes, and stops NexaVPNTunnelService before installation. Add WireGuardTunnel$NexaVPN service stop to NSIS_HOOK_PREUNINSTALL before service uninstallation.
Add tunnel_service_is_active check before Windows tunnel installation to skip if already running. Add is_already_running_error helper to detect "already installed and running" message in WireGuard output. Add wait_for_windows_tunnel_running that polls tunnel state up to 12 times with 500ms intervals after installation. Add describe_windows_tunnel_state for detailed error messages when tunnel fails to reach RUNNING state.
Add rx_bytes and tx_bytes fields to Device type and API responses. Add formatDataSize helper for human-readable byte formatting with units from B to TB. Add Received and Sent columns to devices table in admin UI with formatted traffic totals. Add traffic metrics display to device action panel.
Add TelemetrySnapshot and PeerTelemetry types for gateway runtime stats. Add gateway telemetry endpoint at POST /gateway
Store generated private key in SessionState and persist across enrollment and profile sync operations. Add materialize_profile helper that replaces placeholder tokens (__CLIENT_GENERATED_PRIVATE_KEY__ and __CLIENT_PRIVATE_KEY_REQUIRED__) with actual private key before writing profile to disk. Update enroll_device and sync_profile to materialize profile content with private key before writing.
Change NSIS installer hooks to use bundled/ instead of resources/bundled/ path for tunnel helper executable. Add waitForTunnelStatus helper that polls tunnel status up to 8 times with 500ms intervals to verify expected state after connect/disconnect operations. Update toggle handler to use polling instead of single status check and add error message for failed disconnect operations.
Add connect_to_service helper that attempts service connection with automatic fallback to service start and installation. Add install-service-direct command for elevated service installation. Split install_windows_service into privilege-checking wrapper and install_windows_service_direct for actual installation. Add start_windows_service function using sc start command. Add is_windows_admin helper using net session to
Add single instance check using TCP listener on 127.0.0.1:53190 to prevent multiple application instances. Move AppState initialization into setup closure to include single_instance_lock field. Remove window close prevention and focus restoration handlers. Make main window non-resizable and non-maximizable.
Add tunnel_status command to desktop client for querying active tunnel state. Add is_active method to tunnel_manager that calls status command on bundled backend. Add status command to tunnel-helper that checks WireGuard service state on Windows via sc query and interface state on macOS via wg show. Add windows_client_status function for IPC-based status queries with active field in TunnelResponse. Update App.tsx to query tunnel status on
Add Windows service to handle WireGuard tunnel operations with elevated privileges. Implement IPC server on TCP port 53189 for client-service communication using JSON protocol. Add install-service and uninstall-service commands to NSIS installer hooks for automatic service installation. Replace direct WireGuard calls with IPC requests when running on Windows. Add TunnelRequest and TunnelResponse types for IPC protocol
Replace Unix timestamp with "Just now" label in now_label helper. Update profile label from "No profile provisioned" to "Not provisioned". Change brand copy subtitle based on enrollment state. Rename "Current profile" to "Overview" and "Profile" to "Access" in status panel. Remove "Stored config" surface section showing profile path and revision. Update resources sidebar instructions and rename resource-list to resource-
Add clear_session command to remove session state and profile files from disk. Add resetEnrollment handler in frontend to clear local state and invoke clear_session. Remove hero surface section with profile metadata tiles. Simplify top strip to show profile label in brand copy when enrolled. Add Logout button to top actions and resources sidebar. Redesign status panel with simplified labels and layout. Update surface
Rename restore_main_window to restore_webview_window for WebviewWindow type. Add new restore_window helper for generic Window type. Update tray menu and click handlers to use restore_webview_window. Add WindowEvent::Focused handler to restore window state when focused.
Add sync_profile command to fetch latest profile from backend without re-enrollment. Add DeviceView struct to EnrollResponse. Replace hardcoded "just now" timestamp with now_label helper using Unix epoch seconds. Add sync button to UI with loading state. Redesign client interface with top strip containing brand lockup and action buttons, hero surface with profile metadata tiles, body grid with login/status panels and resources sidebar
Add updateUser and deleteUser API client methods with PATCH and DELETE endpoints. Add updatePolicy and deletePolicy API client methods. Add email field to User type. Add Actions column to users and policies tables with Edit and Delete buttons. Implement inline edit forms for users and policies with state management for editing mode. Add update and delete mutations with query invalidation on success. Add error notices
Enable tray-icon feature in Tauri dependencies. Add system tray with Open and Quit menu items. Implement tray icon click handlers to restore main window. Add window event handlers to hide window on close/minimize instead of exiting application. Add restore_main_window and hide_main_window helper functions for window visibility management.
