New crate (kept out of the cargo workspace so the protocol-side check/test cycle stays fast):
a Tauri 2 + React 19 + TypeScript desktop app that runs in the system tray and manages
`aura client` for the user. The clash-verge replacement we settled on instead of trying to
shoehorn AuraVPN's L3 IP-tunnel into a clash-verge L4 outbound.
## What's wired
- **Profile manager** — `aura-gui/src-tauri/src/profiles.rs`. App-data layout
(`~/Library/Application Support/ru.undergr0und.aura/profiles/<id>/` on macOS, the
equivalent on Linux + Windows). `import_profile_from_tgz` accepts the same bundle shape
`aura provision-client` emits, detects flat vs single-dir layouts, and refuses overwrites
unless the operator deletes first. `delete_profile` refuses symlinks.
- **Connection control** — `cli_proc.rs`. Spawns `aura client --config <profile>/client.toml
--admin-socket /tmp/aura-admin-<uid>-<profile>.sock`, captures stderr into a bounded
in-memory ring (200 lines) for the UI to tail, kills via `Child::kill` on disconnect.
Per-profile / per-uid socket paths so two GUIs (or two profiles) don't collide.
- **Live status** — `admin.rs`. Tiny JSON-line client for the v3.3 admin socket. Polled by
the React app every 1.5 s: peer id, rx/tx packets, default action, rule count. Falls back
gracefully (admin_error in the response) when the handshake hasn't completed yet.
- **System tray** — `lib.rs` `setup` callback. Three-item menu (Open AuraVPN / Disconnect /
Quit). The window's close button hides to the tray instead of exiting — the app keeps
running so the VPN stays connected; the user explicitly chooses Quit.
- **Frontend** — `src/App.tsx`. Single-page layout: profile list (with badge for missing
files), connect/disconnect button per profile, status table, collapsible logs panel,
binary-path picker at the bottom. Dark-mode CSS by default; the same look as a typical
WireGuard / Tailscale-style tray app.
## What's deferred for v0.2
- Auto-start at login (launchd plist / systemd user unit / Windows Run key)
- Code signing + notarization
- Persisting the aura binary path between sessions
- Per-profile route overrides editor
- Live log streaming (today the frontend polls the ring buffer)
- Admin status query on Windows (today's `admin.rs` Unix-only; Windows path returns a clear
"not supported yet" error)
- Polkit / authorization-services prompt for the TUN-needs-root step (today the operator
has to launch the GUI from a privileged context, e.g. `sudo open -a aura-gui` on macOS)
## Workspace hygiene
Cargo workspace at the repo root now has `exclude = ["aura-gui"]` so the protocol crates'
`cargo check --workspace` / `cargo test --workspace` don't pull in the tauri + wry + webview
dep graph. The GUI builds standalone from `aura-gui/` via `npm run tauri build`.
## Validation
- `cd aura-gui/src-tauri && cargo check` — green
- `cd aura-gui/src-tauri && cargo clippy -- -D warnings` — clean
- `cd aura-gui/src-tauri && cargo fmt --check` — clean
- `cd aura-gui && npm run build` — frontend tsc + vite build succeeds
- Full `npm run tauri dev` not exercised in this session (would open a real window) — should
work; if it breaks the surface area is small enough that next session fixes it.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
xah30