fix: replace crypto.randomUUID with fallback for non-secure contexts

[mzazon]

Summary

• crypto.randomUUID() is only available in secure contexts (HTTPS or localhost/127.0.0.1). When the Docker container is accessed over plain HTTP from another machine (e.g. http://192.168.1.x:3456), the browser does not expose crypto.randomUUID, throwing TypeError: crypto.randomUUID is not a function on every tab/pane/session click.
• Adds a generateUUID() utility (src/renderer/utils/uuid.ts) that uses crypto.randomUUID() when available and falls back to crypto.getRandomValues() (available in all modern browsers regardless of secure context).
• Replaces all 9 crypto.randomUUID() call sites in the renderer.

Root Cause

The openTab store action (and other tab/pane actions) call crypto.randomUUID() to generate IDs. This works when accessing http://localhost:3456 (secure context) but throws when accessed via http://<lan-ip>:3456 (not a secure context).

The error from the browser console:

Uncaught TypeError: crypto.randomUUID is not a function
    at openTab (index-BtDrRUG1.js:14098:18)
    at handleClick (index-BtDrRUG1.js:51950:5)

Test plan

• Access devtools via http://localhost:3456 — should work as before
• Access devtools via http://<lan-ip>:3456 from another machine — session clicks now work
• Verify tabs, split panes, and notification trigger creation all generate valid UUIDs

Fixes #132

Summary by CodeRabbit

• Refactor
  • Standardized UUID generation across settings, workspace profiles, panes, and tabs by centralizing v4 identifier creation. Identifiers remain string-based and user-visible behavior is unchanged. This reduces internal inconsistencies while preserving all existing UI flows, persistence, and editing/deletion functionality.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves critical functionality issues that arose when the application was accessed from non-secure contexts, such as over plain HTTP on a local area network. By implementing a robust UUID generation utility with a fallback mechanism, it ensures that core features like tab and pane creation, as well as notification trigger and SSH profile ID generation, function correctly regardless of the browser's security context. This significantly improves the application's accessibility and reliability in diverse deployment environments.

Highlights

• UUID Generation Fix: Addressed an issue where crypto.randomUUID() failed in non-secure contexts (e.g., HTTP on LAN IPs), causing TypeError on tab, pane, and session clicks.
• New Utility Function: Introduced a new generateUUID() utility function that prioritizes crypto.randomUUID() when available and falls back to crypto.getRandomValues() for broader compatibility across all modern browsers, regardless of secure context.
• Widespread Adoption: Replaced all 9 existing instances of crypto.randomUUID() with the new generateUUID() utility across various renderer components and stores to ensure consistent and reliable UUID generation.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request introduces a new generateUUID utility function that provides a fallback mechanism for crypto.randomUUID() to ensure UUID generation works reliably across different environments, including non-secure contexts. All existing direct calls to crypto.randomUUID() have been replaced with this new utility. A suggestion was made to use globalThis.crypto within the generateUUID function for improved robustness and portability.

[gemini-code-assist]

For improved robustness and consistency, it's better to use globalThis.crypto. The optional chaining (?.) on randomUUID prevents a ReferenceError in environments where crypto might not be defined. Using globalThis is also more portable across different JavaScript environments (e.g. window, worker).

This also makes the usage consistent with the fallback path which will rely on globalThis.crypto.

Suggested change

	if (typeof crypto.randomUUID === 'function') {
	return crypto.randomUUID();
	}
	// Fallback: construct a v4 UUID from getRandomValues
	const bytes = crypto.getRandomValues(new Uint8Array(16));
	if (globalThis.crypto?.randomUUID) {
	return globalThis.crypto.randomUUID();
	}
	// Fallback: construct a v4 UUID from getRandomValues
	const bytes = globalThis.crypto.getRandomValues(new Uint8Array(16));

[mzazon]

I'll leave this as-is. This code only runs in browser renderers where crypto is always defined (it's been a web standard since IE 11). The typeof crypto.randomUUID === 'function' check already guards the missing method safely.

The globalThis.crypto?. suggestion is also inconsistent — it uses optional chaining on the check but not on the fallback (globalThis.crypto.getRandomValues()), so if crypto were somehow undefined, the fallback would throw instead of the feature-detect.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: 970ec637-afe2-46a9-b2d4-b20ea326d3ac

📥 Commits

Reviewing files that changed from the base of the PR and between 4f27bfd and 2c0f351.

📒 Files selected for processing (6)

• src/renderer/components/settings/NotificationTriggerSettings/utils/trigger.ts
• src/renderer/components/settings/sections/WorkspaceSection.tsx
• src/renderer/store/slices/paneSlice.ts
• src/renderer/store/slices/tabSlice.ts
• src/renderer/types/tabs.ts
• src/renderer/utils/uuid.ts

✅ Files skipped from review due to trivial changes (2)

• src/renderer/components/settings/sections/WorkspaceSection.tsx
• src/renderer/store/slices/tabSlice.ts

🚧 Files skipped from review as they are similar to previous changes (3)

• src/renderer/types/tabs.ts
• src/renderer/store/slices/paneSlice.ts
• src/renderer/components/settings/NotificationTriggerSettings/utils/trigger.ts

---

📝 Walkthrough

Walkthrough

Adds a centralized generateUUID() utility with a runtime fallback and replaces direct crypto.randomUUID() calls across renderer code to use this utility for generating IDs.

Changes

Cohort / File(s)	Summary
UUID Generation Utility src/renderer/utils/uuid.ts	Added export function generateUUID(): string producing a UUID v4; uses crypto.randomUUID() if available, otherwise a crypto.getRandomValues() byte-based fallback with RFC-4122 adjustments.
State management slices src/renderer/store/slices/paneSlice.ts, src/renderer/store/slices/tabSlice.ts	Replaced crypto.randomUUID() with generateUUID() when creating new pane and tab IDs; added generateUUID imports.
Components & Types src/renderer/components/settings/sections/WorkspaceSection.tsx, src/renderer/components/settings/NotificationTriggerSettings/utils/trigger.ts, src/renderer/types/tabs.ts	Replaced direct crypto.randomUUID() usage with generateUUID() for workspace profile IDs, notification trigger IDs, and TabNavigationRequest IDs; added imports and updated inline assignments/docs.

🚥 Pre-merge checks | ✅ 2

✅ Passed checks (2 passed)

Check name	Status	Explanation
Linked Issues check	✅ Passed	PR successfully replaces crypto.randomUUID() with a fallback-compatible generateUUID() utility across all nine renderer call sites, directly addressing the TypeError in non-secure HTTP contexts documented in issue #132.
Out of Scope Changes check	✅ Passed	All changes are strictly scoped to UUID generation replacement; no unrelated modifications, refactoring, or feature additions are present.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

src/renderer/utils/uuid.ts (1)

12-25: Add a test that explicitly exercises the fallback path.

Current coverage appears to validate only the randomUUID branch. Please add a case where randomUUID is unavailable and assert v4 format/version/variant on the returned ID.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@src/renderer/utils/uuid.ts` around lines 12 - 25, Add a unit test that forces
the fallback path in generateUUID by temporarily removing or mocking
crypto.randomUUID (set to undefined) and then calling generateUUID(); assert the
returned string matches UUID v4 format (8-4-4-4-12 hex groups), verify the
version nibble is 4 (character at position corresponding to bytes[6] -> UUID
segment 3) and the variant bits are 10xx (the high bits of the UUID segment 4),
and restore/mock back crypto.randomUUID after the test; target the generateUUID
function in src/renderer/utils/uuid.ts when writing this test.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/renderer/types/tabs.ts`:
- Around line 6-8: The imports in this file are out of order: move the relative
import "import type { Session } from './data';" after the alias imports so they
follow the project's rule (external packages, path aliases (`@main`, `@renderer`,
`@shared`, `@preload`), then relative imports); ensure "import type { TriggerColor }
from '@shared/constants/triggerColors';" and "import { generateUUID } from
'@renderer/utils/uuid';" remain before the relative "./data" import, then run
the linter to verify ordering.

---

Nitpick comments:
In `@src/renderer/utils/uuid.ts`:
- Around line 12-25: Add a unit test that forces the fallback path in
generateUUID by temporarily removing or mocking crypto.randomUUID (set to
undefined) and then calling generateUUID(); assert the returned string matches
UUID v4 format (8-4-4-4-12 hex groups), verify the version nibble is 4
(character at position corresponding to bytes[6] -> UUID segment 3) and the
variant bits are 10xx (the high bits of the UUID segment 4), and restore/mock
back crypto.randomUUID after the test; target the generateUUID function in
src/renderer/utils/uuid.ts when writing this test.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: a4a28f42-1e5f-4a0f-86b3-505f53734464

📥 Commits

Reviewing files that changed from the base of the PR and between f23e881 and 3fa0d25.

📒 Files selected for processing (6)

• src/renderer/components/settings/NotificationTriggerSettings/utils/trigger.ts
• src/renderer/components/settings/sections/WorkspaceSection.tsx
• src/renderer/store/slices/paneSlice.ts
• src/renderer/store/slices/tabSlice.ts
• src/renderer/types/tabs.ts
• src/renderer/utils/uuid.ts

[RubbaBoy]

I'm going to assume this to happens to be purely a coincidence, but I have a PR for the same exact fix that I made an hour ago in #135

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@src/renderer/types/tabs.ts`:
- Around line 6-8: Reorder the path-alias imports so `@renderer` imports come
before `@shared`: move the generateUUID import from '@renderer/utils/uuid' to
appear before the TriggerColor import from '@shared/constants/triggerColors'
(keeping the type import for Session from './data' after path aliases); ensure
import groups follow external packages, path aliases in the order `@main`,
`@renderer`, `@shared`, `@preload`, then relative imports to satisfy ESLint.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

Run ID: ef0085e8-eb3f-4e5a-a4bc-12bdf8d93b47

📥 Commits

Reviewing files that changed from the base of the PR and between 3fa0d25 and 4f27bfd.

📒 Files selected for processing (1)

• src/renderer/types/tabs.ts

[matt1398]

Thanks for the fix! Another PR (#135) addresses the same issue and includes tests, so I'll be merging that one instead. Closing as duplicate — appreciate the contribution!