Skip to content

feat: add deeplink controls and Raycast extension #1838

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
itsbryanman wants to merge 5 commits into
base: main
Choose a base branch
from

fix(raycast): pin lint script to installed @raycast/api version

ed32b6f
Select commit
Loading
Failed to load commit list.
Open

feat: add deeplink controls and Raycast extension #1838

fix(raycast): pin lint script to installed @raycast/api version
ed32b6f
Select commit
Loading
Failed to load commit list.
Superagent Security / Security scan required action May 25, 2026 in 41s

PR requires security review

1 security concern(s) detected.

Details

  1. P2: Unauthenticated custom-protocol deeplinks can trigger recording and device-control actions from outside the app (apps/desktop/src-tauri/src/deeplink_actions.rs:352)
    Require explicit in-app user confirmation or a trusted-origin/session-bound nonce before executing recording or device-switch deeplinks. At minimum, restrict external deeplinks to focusing the app and presenting a confirmation UI for recording start/stop and device changes rather than executing immediately.
View more details on Superagent Security