Ship readiness PR1: correctness + security hardening on Codex's cancellation pass

README.md

@@ -100,6 +100,18 @@ For deeper diagrams, see [docs/ARCHITECTURE.md](docs/ARCHITECTURE.md).
 | `docs/THIRD_PARTY_NOTICES.md` | Third-party binary/model attribution guidance |
 | `scripts/` | *(intentionally empty—release scripts lived in the private repo)* |
 
+## Platform support
+
+| Platform | Status | Distribution |
+| -------- | ------ | ------------ |
+| macOS 10.13+ | Signed, notarized, auto-updating | DMG via GitHub Releases |
+| Windows 10+ | Builds from source, untested — contributions welcome | None yet |
+| Linux | Builds from source, untested — contributions welcome | None yet |
+
+macOS is the primary supported platform today. Windows and Linux share the same Rust/React codebase and typically compile cleanly, but we do not currently QA them per release. If you are running Cosmos on Windows or Linux and hit an issue, please open one — fixes are very welcome.
+
+On macOS, Cosmos asks for Full Disk Access when it detects that protected folders (like `~/Library`) are unreadable. Granting access is optional but recommended if you want to index content under those folders. Cosmos never prompts for Full Disk Access preemptively — it only surfaces a banner when it has reason to believe the permission is missing.
+
 ## Run Cosmos
 
 Today there are only two supported ways to use Cosmos OSS:

TODOS.md

@@ -25,6 +25,27 @@
 - **Effort:** L (human) / M (CC)
 - **Added:** 2026-04-05 via /plan-ceo-review
 
+## P2 — HN Readiness Follow-ups
+
+### Failed-state UI for jobs
+- **What:** Failed indexing/transcription jobs are invisible outside logs. Add red badge on file cards (Grid/List views), "Retry" in context menu, failed count in sidebar.
+- **Why:** Today users think the app is broken when jobs silently fail. After PR1 the backend logs and marks jobs as failed; the UI just doesn't surface it.
+- **Effort:** M (human: ~3h) / S (CC)
+- **Added:** 2026-04-21 via /plan-eng-review (HN readiness follow-up)
+
+### `main.rs` command-registration dedup
+- **What:** Two full `tauri::Builder::default().invoke_handler(...)` blocks — one for `#[cfg(debug_assertions)]`, one for release. Every new command must be added to both manually and they drift.
+- **Why:** Every recent PR has had to add the same command twice (most recently `recover_interrupted_jobs` in this plan). A small declarative macro or shared handler list closes the class of bug.
+- **Effort:** S (human: ~30min) / S (CC)
+- **Added:** 2026-04-21 via /plan-eng-review
+
+### `cluster_members` in `purge_indexed_data_for_file`
+- **What:** When Phase 2 clustering wires up (`compute_clusters` / `get_clusters` commands exist in `clustering.rs` per earlier work), `sqlite_service::purge_indexed_data_for_file` must also `DELETE FROM cluster_members WHERE file_path = ?`. Currently the purge covers images, text_chunks, vec_text_chunks, transcriptions only.
+- **Why:** Cancel-and-purge contract silently breaks when clustering ships. Cheaper to document now than to chase orphaned cluster rows later.
+- **Blocked by:** Phase 2 clustering UI wiring. Table exists, commands exist, no UI consumer yet.
+- **Effort:** XS (human: ~15min) / XS (CC)
+- **Added:** 2026-04-21 via /plan-eng-review
+
 ## P3 — Future
 
 ### Model hot-swap for custom GGUF models

docs/SECURITY.md

@@ -20,6 +20,18 @@ We will acknowledge reports within 3 business days and provide status updates at
 
 Out of scope: proprietary Cosmos services, self-hosted forks, or any infrastructure we don’t manage.
 
+## What is and isn't protected today
+
+Cosmos stores indexed metadata, text chunks, transcripts, and vector embeddings in a local SQLite database with SQLCipher encryption. Some honest notes on where that protection stops:
+
+- **Database key storage.** The per-user database key is generated on first launch with `rand::rngs::OsRng` and stored under the app's data directory with light obfuscation (base64 + a fixed XOR byte), not the system keychain. This is a first-launch ergonomics choice that avoids a keychain prompt before the user has opted in. An attacker with local read access to the app data folder can recover the key. Tracked as a v0.2 item: migration to `Keychain` on macOS, `Credential Manager` on Windows, and `secret-service` on Linux. For at-rest protection in the meantime, Cosmos relies on FileVault (macOS, enabled by default on modern hardware) or the equivalent full-disk encryption on your platform.
+- **In-memory access.** While Cosmos is running, the decrypted key lives in process memory. An attacker with code execution on your machine can read it. This is true of every local desktop application.
+- **No network egress by default.** Indexing, embeddings, transcription, and search all run locally. No telemetry, no analytics beacons, no crash reports leave the machine unless you opt into something like the Gemini/Veo integration via the in-app App Store. External API calls, when enabled, go directly from your machine to the third-party endpoint you configured.
+- **Updater trust.** Cosmos uses Tauri's updater with a signed manifest. Public signing keys are pinned at build time; the updater refuses unsigned or mis-signed artifacts.
+- **Content Security Policy.** Production builds set a restrictive CSP (`default-src 'self'`, etc.). Dev builds are permissive to accommodate the Vite HMR channel.
+
+If any of the above would change your threat model, please weigh that before adopting Cosmos for sensitive workflows.
+
 ## Disclosure process
 1. Triage and reproduce the issue.
 2. Prepare a patch + regression tests.

src-tauri/capabilities/main-capability.json

@@ -13,6 +13,14 @@
     "dialog:default",
     "opener:default",
     "opener:allow-open-path",
+    {
+      "identifier": "opener:allow-open-url",
+      "allow": [
+        { "url": "https://*" },
+        { "url": "http://*" },
+        { "url": "x-apple.systempreferences:*" }
+      ]
+    },
     "process:default",
     "updater:default"
   ]