Haven's desktop and web clients have been rebuilt from the ground up — a Tauri shell and a Solid UI, both running on the same framework-free core that powers the iOS app. The retired Electron and React/Vite clients proved the product; 2.0 is the next generation: a lighter shell, a faster renderer, and one shared core so features land once and show up everywhere.
Infrastructure
3 changes
Infrastructure
3 changes
- New desktop & web foundationBreakingDesktop now runs on Tauri (a lightweight native shell) with a Solid UI, replacing the Electron client. Web ships as a static SPA built from the exact same UI code. Both sit on the framework-free shared core the iOS app uses, so business logic, permissions, and realtime are written once and reused everywhere.
- Built-in auto-updateThe desktop app updates itself from GitHub Releases — no store, no manual reinstalls. Update artifacts are cryptographically signed so the app only installs updates it can verify, and it works without a paid OS signing certificate.
- App-grade window behaviorCustom frameless window chrome with its own title bar and controls, single-instance handling so a second launch focuses the existing window, and haven:// deep links.
UI
6 changes
UI
6 changes
- Accounts on desktop & webYou can now create an account and reset a forgotten password directly in the desktop and web apps — no need to bounce to another device.
- Community modmail inboxModerators get a dedicated modmail inbox in the side rail — a single queue of reports across every community you can moderate, with triage (status, internal notes, escalate, acknowledge). It updates live as new reports arrive and as your access changes.
- Right-click reportingReport a message or a user account straight from a right-click (or long-press, or the hover menu). Community reports can go to the community's moderators, to Haven's platform team, or both; direct-message reports go to platform moderation.
- Invite managementCreate invite links with an expiry and a max-use limit, copy them, see active invites at a glance, and revoke any of them.
- Role editorA full community role editor — create and delete roles, set name and color, and toggle permissions grouped by area.
- Notifications inboxA notifications inbox with unread counts and mark-all-read, plus in-app toasts for things that arrive while you're using the app.
UX
2 changes
UX
2 changes
- Feature parity, carried overEverything you'd expect from the previous clients made the jump: communities and channels, full markdown rendering, media upload with inline previews, voice (join/leave, mute/deafen, presence, join/leave sounds), direct messages, friends, and profiles with themes. The message box is a plain text area for now — markdown you type renders, but the formatting toolbar from the old desktop client is still to come (see What's next).
- Onboarding & feature gatingServer-driven onboarding for new users, and feature-flag gating wired through the client so new surfaces can roll out gradually.
Security
1 change
Security
1 change
- Same database-enforced access controlThe rebuild changes the client, not the trust model. Access control still lives in Postgres row-level security and security-definer functions — the client reflects what the database allows, it never decides. Every release ships only after the SQL/RLS and backend contract suites pass green.
An honest note: these builds aren't OS-code-signed yet, so the first launch shows a SmartScreen prompt on Windows or a Gatekeeper prompt on macOS (right-click → Open). That's expected, and it's separate from update signing — the auto-update path IS cryptographically signed and verified.
Proper OS code signing (Apple notarization, Windows Authenticode) is on the list. It's a cost and a paperwork item more than an engineering one, and it'll land when it earns its place. Until then, the warning is the trade for shipping openly instead of waiting.