V2 Tauri integration (#3854)

# Description of Changes

Please provide a summary of the changes, including:

## Add PDF File Association Support for Tauri App

  ### 🎯 **Features Added**
  - PDF file association configuration in Tauri
  - Command line argument detection for opened files
  - Automatic file loading when app is launched via "Open with"
  - Cross-platform support (Windows/macOS)

  ### 🔧 **Technical Changes**
  - Added `fileAssociations` in `tauri.conf.json` for PDF files
  - New `get_opened_file` Tauri command to detect file arguments
  - `fileOpenService` with Tauri fs plugin integration
  - `useOpenedFile` hook for React integration
  - Improved backend health logging during startup (reduced noise)

  ### 🧪 **Testing**
See 
* https://v2.tauri.app/start/prerequisites/
*
[DesktopApplicationDevelopmentGuide.md](DesktopApplicationDevelopmentGuide.md)

  ```bash
  # Test file association during development:
  
  cd frontend
  npm install
  cargo tauri dev --no-watch -- -- "path/to/file.pdf"
  ```

 For production testing:
  1. Build: npm run tauri build
  2. Install the built app
  3. Right-click PDF → "Open with" → Stirling-PDF

  🚀 User Experience

- Users can now double-click PDF files to open them directly in
Stirling-PDF
- Files automatically load in the viewer when opened via file
association
  - Seamless integration with OS file handling

---

## Checklist

### General

- [ ] I have read the [Contribution
Guidelines](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/CONTRIBUTING.md)
- [ ] I have read the [Stirling-PDF Developer
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md)
(if applicable)
- [ ] I have read the [How to add new languages to
Stirling-PDF](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md)
(if applicable)
- [ ] I have performed a self-review of my own code
- [ ] My changes generate no new warnings

### Documentation

- [ ] I have updated relevant docs on [Stirling-PDF's doc
repo](https://github.com/Stirling-Tools/Stirling-Tools.github.io/blob/main/docs/)
(if functionality has heavily changed)
- [ ] I have read the section [Add New Translation
Tags](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/HowToAddNewLanguage.md#add-new-translation-tags)
(for new translation tags only)

### UI Changes (if applicable)

- [ ] Screenshots or videos demonstrating the UI changes are attached
(e.g., as comments or direct attachments in the PR)

### Testing (if applicable)

- [ ] I have tested my changes locally. Refer to the [Testing
Guide](https://github.com/Stirling-Tools/Stirling-PDF/blob/main/DeveloperGuide.md#6-testing)
for more details.

---------

Co-authored-by: Connor Yoh <connor@stirlingpdf.com>
Co-authored-by: James Brunton <james@stirlingpdf.com>
Co-authored-by: James Brunton <jbrunton96@gmail.com>

.github/config/dependency-review-config.yml

@@ -0,0 +1 @@
+allow-ghsas: GHSA-wrw7-89jp-8q8g

.github/workflows/dependency-review.yml

@@ -25,3 +25,5 @@ jobs:
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - name: "Dependency Review"
         uses: actions/dependency-review-action@56339e523c0409420f6c2c9a2f4292bbb3c07dd3 # v4.8.0
+        with:
+          config-file: './.github/config/dependency-review-config.yml'

.github/workflows/tauri-build.yml

@@ -0,0 +1,334 @@
+name: Build Tauri Applications
+
+on:
+  workflow_dispatch:
+    inputs:
+      platform:
+        description: "Platform to build (windows, macos, linux, or all)"
+        required: true
+        default: "all"
+        type: choice
+        options:
+          - all
+          - windows
+          - macos
+          - linux
+  pull_request:
+    branches: [main, V2]
+    paths:
+      - 'frontend/src-tauri/**'
+      - 'frontend/src/**'
+      - 'frontend/package.json'
+      - 'frontend/package-lock.json'
+      - '.github/workflows/tauri-build.yml'
+  push:
+    branches: [main, V2]
+    paths:
+      - 'frontend/src-tauri/**'
+      - 'frontend/src/**'
+      - 'frontend/package.json'
+      - 'frontend/package-lock.json'
+      - '.github/workflows/tauri-build.yml'
+
+permissions:
+  contents: read
+
+jobs:
+  determine-matrix:
+    runs-on: ubuntu-latest
+    outputs:
+      matrix: ${{ steps.set-matrix.outputs.matrix }}
+    steps:
+      - name: Determine build matrix
+        id: set-matrix
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            case "${{ github.event.inputs.platform }}" in
+              "windows")
+                echo 'matrix={"include":[{"platform":"windows-latest","args":"--target x86_64-pc-windows-msvc","name":"windows-x86_64"}]}' >> $GITHUB_OUTPUT
+                ;;
+              # "macos")
+              #   echo 'matrix={"include":[{"platform":"macos-latest","args":"--target aarch64-apple-darwin","name":"macos-aarch64"},{"platform":"macos-13","args":"--target x86_64-apple-darwin","name":"macos-x86_64"}]}' >> $GITHUB_OUTPUT
+              #   ;;
+              "linux")
+                echo 'matrix={"include":[{"platform":"ubuntu-22.04","args":"","name":"linux-x86_64"}]}' >> $GITHUB_OUTPUT
+                ;;
+              *)
+                echo 'matrix={"include":[{"platform":"windows-latest","args":"--target x86_64-pc-windows-msvc","name":"windows-x86_64"},{"platform":"ubuntu-22.04","args":"","name":"linux-x86_64"}]}' >> $GITHUB_OUTPUT
+                # Disabled Mac builds: {"platform":"macos-latest","args":"--target aarch64-apple-darwin","name":"macos-aarch64"},{"platform":"macos-13","args":"--target x86_64-apple-darwin","name":"macos-x86_64"}
+                ;;
+            esac
+          else
+            # For PR/push events, build all platforms
+            echo 'matrix={"include":[{"platform":"windows-latest","args":"--target x86_64-pc-windows-msvc","name":"windows-x86_64"},{"platform":"ubuntu-22.04","args":"","name":"linux-x86_64"}]}' >> $GITHUB_OUTPUT
+            # Disabled Mac builds: {"platform":"macos-latest","args":"--target aarch64-apple-darwin","name":"macos-aarch64"},{"platform":"macos-13","args":"--target x86_64-apple-darwin","name":"macos-x86_64"}
+          fi
+
+  build:
+    needs: determine-matrix
+    strategy:
+      fail-fast: false
+      matrix: ${{ fromJson(needs.determine-matrix.outputs.matrix) }}
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Harden Runner
+        uses: step-security/harden-runner@002fdce3c6a235733a90a27c80493a3241e56863 # v2.12.1
+        with:
+          egress-policy: audit
+
+      - name: Checkout repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: Install dependencies (ubuntu only)
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libgtk-3-dev libwebkit2gtk-4.0-dev libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf libjavascriptcoregtk-4.0-dev libsoup2.4-dev libjavascriptcoregtk-4.1-dev libsoup-3.0-dev
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 20
+          cache: 'npm'
+          cache-dependency-path: frontend/package-lock.json
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          toolchain: stable
+          targets: ${{ (matrix.platform == 'macos-latest' || matrix.platform == 'macos-13') && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
+
+
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
+        with:
+          java-version: "21"
+          distribution: "temurin"
+
+      - name: Build Java backend with JLink
+        working-directory: ./
+        shell: bash
+        run: |
+          chmod +x ./gradlew
+          echo "🔧 Building Stirling-PDF JAR..."
+          # STIRLING_PDF_DESKTOP_UI=false ./gradlew clean bootJar --no-daemon
+          ./gradlew clean build -x spotlessApply -x spotlessCheck -x test -x sonarqube
+
+          # Find the built JAR
+          STIRLING_JAR=$(ls app/core/build/libs/stirling-pdf-*.jar | head -n 1)
+          echo "✅ Built JAR: $STIRLING_JAR"
+          
+          # Create Tauri directories
+          mkdir -p ./frontend/src-tauri/libs
+          mkdir -p ./frontend/src-tauri/runtime
+          
+          # Copy JAR to Tauri libs
+          cp "$STIRLING_JAR" ./frontend/src-tauri/libs/
+          echo "✅ JAR copied to Tauri libs"
+          
+          # Analyze JAR dependencies for jlink modules
+          echo "🔍 Analyzing JAR dependencies..."
+          if command -v jdeps &> /dev/null; then
+            DETECTED_MODULES=$(jdeps --print-module-deps --ignore-missing-deps "$STIRLING_JAR" 2>/dev/null || echo "")
+            if [ -n "$DETECTED_MODULES" ]; then
+              echo "📋 jdeps detected modules: $DETECTED_MODULES"
+              MODULES="$DETECTED_MODULES,java.compiler,java.instrument,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.security.jgss,java.security.sasl,java.sql,java.transaction.xa,java.xml.crypto,jdk.crypto.ec,jdk.crypto.cryptoki,jdk.unsupported"
+            else
+              echo "⚠️ jdeps analysis failed, using predefined modules"
+              MODULES="java.base,java.compiler,java.desktop,java.instrument,java.logging,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.security.jgss,java.security.sasl,java.sql,java.transaction.xa,java.xml,java.xml.crypto,jdk.crypto.ec,jdk.crypto.cryptoki,jdk.unsupported"
+            fi
+          else
+            echo "⚠️ jdeps not available, using predefined modules"
+            MODULES="java.base,java.compiler,java.desktop,java.instrument,java.logging,java.management,java.naming,java.net.http,java.prefs,java.rmi,java.scripting,java.security.jgss,java.security.sasl,java.sql,java.transaction.xa,java.xml,java.xml.crypto,jdk.crypto.ec,jdk.crypto.cryptoki,jdk.unsupported"
+          fi
+          
+          # Create custom JRE with jlink (always rebuild)
+          echo "🔧 Creating custom JRE with jlink..."
+          echo "📋 Using modules: $MODULES"
+          
+          # Remove any existing JRE
+          rm -rf ./frontend/src-tauri/runtime/jre
+          
+          # Create the custom JRE
+          jlink \
+            --add-modules "$MODULES" \
+            --strip-debug \
+            --compress=2 \
+            --no-header-files \
+            --no-man-pages \
+            --output ./frontend/src-tauri/runtime/jre
+          
+          if [ ! -d "./frontend/src-tauri/runtime/jre" ]; then
+            echo "❌ Failed to create JLink runtime"
+            exit 1
+          fi
+          
+          # Test the bundled runtime
+          if [ -f "./frontend/src-tauri/runtime/jre/bin/java" ]; then
+            RUNTIME_VERSION=$(./frontend/src-tauri/runtime/jre/bin/java --version 2>&1 | head -n 1)
+            echo "✅ Custom JRE created successfully: $RUNTIME_VERSION"
+          else
+            echo "❌ Custom JRE executable not found"
+            exit 1
+          fi
+          
+          # Calculate runtime size
+          RUNTIME_SIZE=$(du -sh ./frontend/src-tauri/runtime/jre | cut -f1)
+          echo "📊 Custom JRE size: $RUNTIME_SIZE"
+        env:
+          DISABLE_ADDITIONAL_FEATURES: true
+
+      - name: Install frontend dependencies
+        working-directory: ./frontend
+        run: npm install
+
+      # Disabled Mac builds - Import Apple Developer Certificate
+      # - name: Import Apple Developer Certificate
+      #   if: matrix.platform == 'macos-latest' || matrix.platform == 'macos-13'
+      #   env:
+      #     APPLE_ID: ${{ secrets.APPLE_ID }}
+      #     APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+      #     APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+      #     APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+      #     KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+      #   run: |
+      #     echo "Importing Apple Developer Certificate..."
+      #     echo $APPLE_CERTIFICATE | base64 --decode > certificate.p12
+      #     security create-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+      #     security default-keychain -s build.keychain
+      #     security unlock-keychain -p "$KEYCHAIN_PASSWORD" build.keychain
+      #     security set-keychain-settings -t 3600 -u build.keychain
+      #     security import certificate.p12 -k build.keychain -P "$APPLE_CERTIFICATE_PASSWORD" -T /usr/bin/codesign
+      #     security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k "$KEYCHAIN_PASSWORD" build.keychain
+      #     security find-identity -v -p codesigning build.keychain
+      # - name: Verify Certificate
+      #   if: matrix.platform == 'macos-latest' || matrix.platform == 'macos-13'
+      #   run: |
+      #     echo "Verifying Apple Developer Certificate..."
+      #     CERT_INFO=$(security find-identity -v -p codesigning build.keychain | grep "Developer ID Application")
+      #     echo "Certificate Info: $CERT_INFO"
+      #     CERT_ID=$(echo "$CERT_INFO" | awk -F'"' '{print $2}')
+      #     echo "Certificate ID: $CERT_ID"
+      #     echo "CERT_ID=$CERT_ID" >> $GITHUB_ENV
+      #     echo "Certificate imported."
+
+      # - name: Check DMG creation dependencies (macOS only)
+      #   if: matrix.platform == 'macos-latest' || matrix.platform == 'macos-13'
+      #   run: |
+      #     echo "🔍 Checking DMG creation dependencies on ${{ matrix.platform }}..."
+      #     echo "hdiutil version: $(hdiutil --version || echo 'NOT FOUND')"
+      #     echo "create-dmg availability: $(which create-dmg || echo 'NOT FOUND')"
+      #     echo "Available disk space: $(df -h /tmp | tail -1)"
+      #     echo "macOS version: $(sw_vers -productVersion)"
+      #     echo "Available tools:"
+      #     ls -la /usr/bin/hd* || echo "No hd* tools found"
+
+      - name: Build Tauri app 
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          APPLE_CERTIFICATE: ${{ secrets.APPLE_CERTIFICATE }}
+          APPLE_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_CERTIFICATE_PASSWORD }}
+          APPLE_SIGNING_IDENTITY: ${{ env.CERT_ID }}
+          APPLE_ID: ${{ secrets.APPLE_ID }}
+          APPLE_ID_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APPLE_PASSWORD: ${{ secrets.APPLE_ID_PASSWORD }}
+          APPLE_TEAM_ID: ${{ secrets.APPLE_TEAM_ID }}
+          APPIMAGETOOL_SIGN_PASSPHRASE: ${{ secrets.APPIMAGETOOL_SIGN_PASSPHRASE }}
+          SIGN: 1
+          CI: true 
+        with:
+          projectPath: ./frontend
+          tauriScript: npx tauri
+          args: ${{ matrix.args }}
+          
+      - name: Rename artifacts
+        shell: bash
+        run: |
+          mkdir -p ./dist
+          cd ./frontend/src-tauri/target
+          
+          # Find and rename artifacts based on platform
+          if [ "${{ matrix.platform }}" = "windows-latest" ]; then
+            find . -name "*.exe" -exec cp {} "../../../dist/Stirling-PDF-${{ matrix.name }}.exe" \;
+            find . -name "*.msi" -exec cp {} "../../../dist/Stirling-PDF-${{ matrix.name }}.msi" \;
+          # Disabled Mac builds
+          # elif [ "${{ matrix.platform }}" = "macos-latest" ] || [ "${{ matrix.platform }}" = "macos-13" ]; then
+          #   find . -name "*.dmg" -exec cp {} "../../../dist/Stirling-PDF-${{ matrix.name }}.dmg" \;
+          #   find . -name "*.app" -exec cp -r {} "../../../dist/Stirling-PDF-${{ matrix.name }}.app" \;
+          else
+            find . -name "*.deb" -exec cp {} "../../../dist/Stirling-PDF-${{ matrix.name }}.deb" \;
+            find . -name "*.AppImage" -exec cp {} "../../../dist/Stirling-PDF-${{ matrix.name }}.AppImage" \;
+          fi
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        with:
+          name: Stirling-PDF-${{ matrix.name }}
+          path: ./dist/*
+          retention-days: 7
+ 
+      - name: Verify build artifacts
+        shell: bash
+        run: |
+          cd ./frontend/src-tauri/target
+          
+          # Check for expected artifacts based on platform
+          if [ "${{ matrix.platform }}" = "windows-latest" ]; then
+            echo "Checking for Windows artifacts..."
+            find . -name "*.exe" -o -name "*.msi" | head -5
+            if [ $(find . -name "*.exe" | wc -l) -eq 0 ]; then
+              echo "❌ No Windows executable found"
+              exit 1
+            fi
+          # Disabled Mac builds
+          # elif [ "${{ matrix.platform }}" = "macos-latest" ] || [ "${{ matrix.platform }}" = "macos-13" ]; then
+          #   echo "Checking for macOS artifacts..."
+          #   find . -name "*.dmg" -o -name "*.app" | head -5
+          #   if [ $(find . -name "*.dmg" -o -name "*.app" | wc -l) -eq 0 ]; then
+          #     echo "❌ No macOS artifacts found"
+          #     exit 1
+          #   fi
+          else
+            echo "Checking for Linux artifacts..."
+            find . -name "*.deb" -o -name "*.AppImage" | head -5
+            if [ $(find . -name "*.deb" -o -name "*.AppImage" | wc -l) -eq 0 ]; then
+              echo "❌ No Linux artifacts found"
+              exit 1
+            fi
+          fi
+          
+          echo "✅ Build artifacts found for ${{ matrix.name }}"
+
+      - name: Test artifact sizes
+        shell: bash
+        run: |
+          cd ./frontend/src-tauri/target
+          echo "Artifact sizes for ${{ matrix.name }}:"
+          find . -name "*.exe" -o -name "*.dmg" -o -name "*.deb" -o -name "*.AppImage" -o -name "*.msi" | while read file; do
+            if [ -f "$file" ]; then
+              size=$(stat -c%s "$file" 2>/dev/null || stat -f%z "$file" 2>/dev/null || echo "unknown")
+              echo "$file: $size bytes"
+              # Check if file is suspiciously small (less than 1MB)
+              if [ "$size" != "unknown" ] && [ "$size" -lt 1048576 ]; then
+                echo "⚠️  Warning: $file is smaller than 1MB"
+              fi
+            fi
+          done
+
+  report:
+    needs: build
+    runs-on: ubuntu-latest
+    if: always()
+    steps:
+      - name: Report build results
+        run: |
+          if [ "${{ needs.build.result }}" = "success" ]; then
+            echo "✅ All Tauri builds completed successfully!"
+            echo "Artifacts are ready for distribution."
+          else
+            echo "❌ Some Tauri builds failed."
+            echo "Please check the logs and fix any issues."
+            exit 1
+          fi

DeveloperGuide.md

@@ -32,6 +32,12 @@ This guide focuses on developing for Stirling 2.0, including both the React fron
 - Docker for containerization
 - Gradle for build management
 
+**Desktop Application (Tauri):**
+- Tauri for cross-platform desktop app packaging
+- Rust backend for system integration
+- PDF file association support
+- Self-contained JRE bundling with JLink
+
 **Legacy (reference only during development):**
 - Thymeleaf templates (being completely replaced in 2.0)
 
@@ -44,6 +50,8 @@ This guide focuses on developing for Stirling 2.0, including both the React fron
 - Java JDK 17 or later (JDK 21 recommended)
 - Node.js 18+ and npm (required for frontend development)
 - Gradle 7.0 or later (Included within the repo)
+- Rust and Cargo (required for Tauri desktop app development)
+- Tauri CLI (install with `cargo install tauri-cli`)
 
 ### Setup Steps
 
@@ -95,6 +103,10 @@ Stirling 2.0 uses client-side file storage:
 ### Legacy Code Reference
 The existing Thymeleaf templates remain in the codebase during development as reference material but will be completely removed for the 2.0 release.
 
+### Tauri Desktop App Development
+Stirling-PDF can be packaged as a cross-platform desktop application using Tauri with PDF file association support and bundled JRE.
+See [the frontend README](frontend/README.md#tauri) for build instructions.
+
 ## 5. Project Structure
 
 ```bash
@@ -109,6 +121,12 @@ Stirling-PDF/
 │   │   ├── services/      # API and utility services
 │   │   ├── types/         # TypeScript type definitions
 │   │   └── utils/         # Utility functions
+│   ├── src-tauri/         # Tauri desktop app configuration
+│   │   ├── src/           # Rust backend code
+│   │   ├── libs/          # JAR files (generated by build scripts)
+│   │   ├── runtime/       # Bundled JRE (generated by build scripts)
+│   │   ├── Cargo.toml     # Rust dependencies
+│   │   └── tauri.conf.json # Tauri configuration
 │   ├── public/
 │   │   └── locales/       # Internationalization files (JSON)
 │   ├── package.json       # Frontend dependencies

app/core/build.gradle

@@ -41,7 +41,6 @@ dependencies {
     if (System.getenv('STIRLING_PDF_DESKTOP_UI') != 'false'
         || (project.hasProperty('STIRLING_PDF_DESKTOP_UI')
         && project.getProperty('STIRLING_PDF_DESKTOP_UI') != 'false')) {
-        implementation 'me.friwi:jcefmaven:132.3.1'
         implementation 'org.openjfx:javafx-controls:21'
         implementation 'org.openjfx:javafx-swing:21'
     }

app/core/src/main/java/stirling/software/SPDF/SPDFApplication.java

@@ -144,6 +144,13 @@ public class SPDFApplication {
         serverPortStatic = serverPort;
         String url = baseUrl + ":" + getStaticPort() + contextPath;
 
+        // Log Tauri mode information
+        if (Boolean.parseBoolean(System.getProperty("STIRLING_PDF_TAURI_MODE", "false"))) {
+            String parentPid = System.getenv("TAURI_PARENT_PID");
+            log.info(
+                    "Running in Tauri mode. Parent process PID: {}",
+                    parentPid != null ? parentPid : "not set");
+        }
         // Desktop UI initialization removed - webBrowser dependency eliminated
         // Keep backwards compatibility for STIRLING_PDF_DESKTOP_UI system property
         if (Boolean.parseBoolean(System.getProperty("STIRLING_PDF_DESKTOP_UI", "false"))) {

app/core/src/main/java/stirling/software/SPDF/config/TauriProcessMonitor.java

@@ -0,0 +1,157 @@
+package stirling.software.SPDF.config;
+
+import java.lang.management.ManagementFactory;
+import java.util.concurrent.CompletableFuture;
+import java.util.concurrent.Executors;
+import java.util.concurrent.ScheduledExecutorService;
+import java.util.concurrent.TimeUnit;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.stereotype.Component;
+
+import jakarta.annotation.PostConstruct;
+import jakarta.annotation.PreDestroy;
+
+/**
+ * Monitor for Tauri parent process to detect orphaned Java backend processes. When running in Tauri
+ * mode, this component periodically checks if the parent Tauri process is still alive. If the
+ * parent process terminates unexpectedly, this will trigger a graceful shutdown of the Java backend
+ * to prevent orphaned processes.
+ */
+@Component
+@ConditionalOnProperty(name = "STIRLING_PDF_TAURI_MODE", havingValue = "true")
+public class TauriProcessMonitor {
+
+    private static final Logger logger = LoggerFactory.getLogger(TauriProcessMonitor.class);
+
+    private final ApplicationContext applicationContext;
+    private String parentProcessId;
+    private ScheduledExecutorService scheduler;
+    private volatile boolean monitoring = false;
+
+    public TauriProcessMonitor(ApplicationContext applicationContext) {
+        this.applicationContext = applicationContext;
+    }
+
+    @PostConstruct
+    public void init() {
+        parentProcessId = System.getenv("TAURI_PARENT_PID");
+
+        if (parentProcessId != null && !parentProcessId.trim().isEmpty()) {
+            logger.info("Tauri mode detected. Parent process ID: {}", parentProcessId);
+            startMonitoring();
+        } else {
+            logger.warn(
+                    "TAURI_PARENT_PID environment variable not found. Tauri process monitoring disabled.");
+        }
+    }
+
+    private void startMonitoring() {
+        scheduler =
+                Executors.newSingleThreadScheduledExecutor(
+                        r -> {
+                            Thread t = new Thread(r, "tauri-process-monitor");
+                            t.setDaemon(true);
+                            return t;
+                        });
+
+        monitoring = true;
+
+        // Check every 5 seconds
+        scheduler.scheduleAtFixedRate(this::checkParentProcess, 5, 5, TimeUnit.SECONDS);
+
+        logger.info("Started monitoring parent Tauri process (PID: {})", parentProcessId);
+    }
+
+    private void checkParentProcess() {
+        if (!monitoring) {
+            return;
+        }
+
+        try {
+            if (!isProcessAlive(parentProcessId)) {
+                logger.warn(
+                        "Parent Tauri process (PID: {}) is no longer alive. Initiating graceful shutdown...",
+                        parentProcessId);
+                initiateGracefulShutdown();
+            }
+        } catch (Exception e) {
+            logger.error("Error checking parent process status", e);
+        }
+    }
+
+    private boolean isProcessAlive(String pid) {
+        try {
+            long processId = Long.parseLong(pid);
+
+            // Check if process exists using ProcessHandle (Java 9+)
+            return ProcessHandle.of(processId).isPresent();
+
+        } catch (NumberFormatException e) {
+            logger.error("Invalid parent process ID format: {}", pid);
+            return false;
+        } catch (Exception e) {
+            logger.error("Error checking if process {} is alive", pid, e);
+            return false;
+        }
+    }
+
+    private void initiateGracefulShutdown() {
+        monitoring = false;
+
+        logger.info("Orphaned Java backend detected. Shutting down gracefully...");
+
+        // Shutdown asynchronously to avoid blocking the monitor thread
+        CompletableFuture.runAsync(
+                () -> {
+                    try {
+                        // Give a small delay to ensure logging completes
+                        Thread.sleep(1000);
+
+                        if (applicationContext instanceof ConfigurableApplicationContext) {
+                            ((ConfigurableApplicationContext) applicationContext).close();
+                        } else {
+                            // Fallback to system exit
+                            logger.warn(
+                                    "Unable to shutdown Spring context gracefully, using System.exit");
+                            System.exit(0);
+                        }
+                    } catch (Exception e) {
+                        logger.error("Error during graceful shutdown", e);
+                        System.exit(1);
+                    }
+                });
+    }
+
+    @PreDestroy
+    public void cleanup() {
+        monitoring = false;
+
+        if (scheduler != null && !scheduler.isShutdown()) {
+            logger.info("Shutting down Tauri process monitor");
+            scheduler.shutdown();
+
+            try {
+                if (!scheduler.awaitTermination(2, TimeUnit.SECONDS)) {
+                    scheduler.shutdownNow();
+                }
+            } catch (InterruptedException e) {
+                scheduler.shutdownNow();
+                Thread.currentThread().interrupt();
+            }
+        }
+    }
+
+    /** Get the current Java process ID for logging/debugging purposes */
+    public static String getCurrentProcessId() {
+        try {
+            return ManagementFactory.getRuntimeMXBean().getName().split("@")[0];
+        } catch (Exception e) {
+            return "unknown";
+        }
+    }
+}

app/core/src/main/java/stirling/software/SPDF/config/WebMvcConfig.java

@@ -1,5 +1,7 @@
 package stirling.software.SPDF.config;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.CorsRegistry;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -16,6 +18,8 @@ public class WebMvcConfig implements WebMvcConfigurer {
     private final EndpointInterceptor endpointInterceptor;
     private final ApplicationProperties applicationProperties;
 
+    private static final Logger logger = LoggerFactory.getLogger(WebMvcConfig.class);
+
     @Override
     public void addInterceptors(InterceptorRegistry registry) {
         registry.addInterceptor(endpointInterceptor);
@@ -23,10 +27,34 @@ public class WebMvcConfig implements WebMvcConfigurer {
 
     @Override
     public void addCorsMappings(CorsRegistry registry) {
-        // Only configure CORS if allowed origins are specified
-        if (applicationProperties.getSystem() != null
-                && applicationProperties.getSystem().getCorsAllowedOrigins() != null
-                && !applicationProperties.getSystem().getCorsAllowedOrigins().isEmpty()) {
+        // Check if running in Tauri mode
+        boolean isTauriMode =
+                Boolean.parseBoolean(System.getProperty("STIRLING_PDF_TAURI_MODE", "false"));
+
+        // Check if user has configured custom origins
+        boolean hasConfiguredOrigins =
+                applicationProperties.getSystem() != null
+                        && applicationProperties.getSystem().getCorsAllowedOrigins() != null
+                        && !applicationProperties.getSystem().getCorsAllowedOrigins().isEmpty();
+
+        if (isTauriMode) {
+            // Automatically enable CORS for Tauri desktop app
+            // Tauri v1 uses tauri://localhost, v2 uses http(s)://tauri.localhost
+            logger.info("Tauri mode detected - enabling CORS for Tauri protocols (v1 and v2)");
+            registry.addMapping("/**")
+                    .allowedOrigins(
+                            "tauri://localhost",
+                            "http://tauri.localhost",
+                            "https://tauri.localhost")
+                    .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")
+                    .allowedHeaders("*")
+                    .allowCredentials(true)
+                    .maxAge(3600);
+        } else if (hasConfiguredOrigins) {
+            // Use user-configured origins
+            logger.info(
+                    "Configuring CORS with allowed origins: {}",
+                    applicationProperties.getSystem().getCorsAllowedOrigins());
 
             String[] allowedOrigins =
                     applicationProperties
@@ -41,15 +69,7 @@ public class WebMvcConfig implements WebMvcConfigurer {
                     .allowCredentials(true)
                     .maxAge(3600);
         }
-        // If no origins are configured, CORS is not enabled (secure by default)
+        // If no origins are configured and not in Tauri mode, CORS is not enabled (secure by
+        // default)
     }
-
-    // @Override
-    // public void addResourceHandlers(ResourceHandlerRegistry registry) {
-    //     // Handler for external static resources - DISABLED in backend-only mode
-    //     registry.addResourceHandler("/**")
-    //             .addResourceLocations(
-    //                     "file:" + InstallationPathConfig.getStaticPath(), "classpath:/static/");
-    //     // .setCachePeriod(0); // Optional: disable caching
-    // }
 }

frontend/README.md

@@ -72,3 +72,59 @@ This section has moved here: [https://facebook.github.io/create-react-app/docs/d
 ### `npm run build` fails to minify
 
 This section has moved here: [https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify](https://facebook.github.io/create-react-app/docs/troubleshooting#npm-run-build-fails-to-minify)
+
+
+## Tauri
+In order to run Tauri, you first have to build the Java backend for Tauri to use.
+
+**macOS/Linux:**
+
+From the root of the repo, run:
+
+```bash
+./gradlew clean build
+./scripts/build-tauri-jlink.sh
+```
+
+**Windows**
+
+From the root of the repo, run:
+
+```batch
+gradlew clean build
+scripts\build-tauri-jlink.bat
+```
+
+### Testing the Bundled Runtime
+
+Before building the full Tauri app, you can test the bundled runtime:
+
+**macOS/Linux:**
+```bash
+./frontend/src-tauri/runtime/launch-stirling.sh
+```
+
+**Windows:**
+```cmd
+frontend\src-tauri\runtime\launch-stirling.bat
+```
+
+This will start Stirling-PDF using the bundled JRE, accessible at http://localhost:8080
+
+### Dev
+To run Tauri in development. Use the command in the `frontend` folder:
+
+```bash
+npm run tauri-dev
+```
+
+This will run the gradle runboot command and the tauri dev command concurrently, starting the app once both are stable.
+
+### Build
+To build a deployment of the Tauri app. Use this command in the `frontend` folder:
+
+```bash
+npm run tauri-build
+```
+
+This will bundle the backend and frontend into one executable for each target. Targets can be set within the `tauri.conf.json` file.

frontend/eslint.config.mjs

@@ -21,6 +21,7 @@ export default defineConfig(
       'dist',
       'node_modules',
       'public',
+      'src-tauri',
     ],
   },
   eslint.configs.recommended,

frontend/package.json

@@ -25,6 +25,8 @@
     "@embedpdf/plugin-viewport": "^1.3.14",
     "@embedpdf/plugin-zoom": "^1.3.14",
     "@emotion/react": "^11.14.0",
+    "@tauri-apps/api": "^2.5.0",
+    "@tauri-apps/plugin-fs": "^2.4.0",
     "@emotion/styled": "^11.14.1",
     "@iconify/react": "^6.0.2",
     "@mantine/core": "^8.3.1",
@@ -62,10 +64,13 @@
     "lint": "eslint --max-warnings=0",
     "build": "vite build",
     "preview": "vite preview",
-    "typecheck": "tsc --noEmit",
+    "tauri-dev": "tauri dev --no-watch",
+    "tauri-build": "tauri build",
+    "typecheck": "npm run typecheck:proprietary",
     "typecheck:core": "tsc --noEmit --project tsconfig.core.json",
     "typecheck:proprietary": "tsc --noEmit --project tsconfig.proprietary.json",
-    "typecheck:all": "npm run typecheck:core && npm run typecheck:proprietary",
+    "typecheck:desktop": "tsc --noEmit --project tsconfig.desktop.json",
+    "typecheck:all": "npm run typecheck:core && npm run typecheck:proprietary && npm run typecheck:desktop",
     "check": "npm run typecheck && npm run lint && npm run test:run",
     "generate-licenses": "node scripts/generate-licenses.js",
     "generate-icons": "node scripts/generate-icons.js",
@@ -103,6 +108,7 @@
     ]
   },
   "devDependencies": {
+    "@tauri-apps/cli": "^2.5.0",
     "@eslint/js": "^9.36.0",
     "@iconify-json/material-symbols": "^1.2.37",
     "@iconify/utils": "^3.0.2",

frontend/public/locales/en-GB/translation.json

@@ -4592,5 +4592,10 @@
     "passwordMustBeDifferent": "New password must be different from current password",
     "passwordChangedSuccess": "Password changed successfully! Please log in again.",
     "passwordChangeFailed": "Failed to change password. Please check your current password."
+  },
+  "backendHealth": {
+    "checking": "Checking backend status...",
+    "online": "Backend Online",
+    "offline": "Backend Offline"
   }
 }

frontend/src-tauri/.gitignore

@@ -0,0 +1,5 @@
+# Generated by Cargo
+# will have compiled files and executables
+/target/
+/gen/schemas
+/runtime/

frontend/src-tauri/Cargo.toml

@@ -0,0 +1,35 @@
+[package]
+name = "stirling-pdf"
+version = "0.1.0"
+description = "Stirling-PDF Desktop Application"
+authors = ["Stirling-PDF Contributors"]
+license = ""
+repository = ""
+edition = "2021"
+rust-version = "1.77.2"
+
+# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
+
+[lib]
+name = "app_lib"
+crate-type = ["staticlib", "cdylib", "rlib"]
+
+[build-dependencies]
+tauri-build = { version = "2.2.0", features = [] }
+
+[dependencies]
+serde_json = "1.0"
+serde = { version = "1.0", features = ["derive"] }
+log = "0.4"
+tauri = { version = "2.9.0", features = [ "devtools"] }
+tauri-plugin-log = "2.0.0-rc"
+tauri-plugin-shell = "2.1.0"
+tauri-plugin-fs = "2.4.4"
+tokio = { version = "1.0", features = ["time"] }
+reqwest = { version = "0.11", features = ["json"] }
+
+# macOS-specific dependencies for native file opening
+[target.'cfg(target_os = "macos")'.dependencies]
+objc = "0.2"
+cocoa = "0.24"
+once_cell = "1.19"

frontend/src-tauri/build.rs

@@ -0,0 +1,3 @@
+fn main() {
+    tauri_build::build()
+}

frontend/src-tauri/capabilities/default.json

@@ -0,0 +1,15 @@
+{
+  "$schema": "../gen/schemas/desktop-schema.json",
+  "identifier": "default",
+  "description": "enables the default permissions",
+  "windows": [
+    "main"
+  ],
+  "permissions": [
+    "core:default",
+    { 
+    "identifier": "fs:allow-read-file",
+    "allow": [{ "path": "**" }]
+   }
+  ]
+}

frontend/src-tauri/icons/rainbow.svg

@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" width="16" height="16" fill="currentColor" class="bi bi-rainbow" viewBox="0 0 16 16"><path d="M8 4.5a7 7 0 0 0-7 7 .5.5 0 0 1-1 0 8 8 0 1 1 16 0 .5.5 0 0 1-1 0 7 7 0 0 0-7-7zm0 2a5 5 0 0 0-5 5 .5.5 0 0 1-1 0 6 6 0 1 1 12 0 .5.5 0 0 1-1 0 5 5 0 0 0-5-5zm0 2a3 3 0 0 0-3 3 .5.5 0 0 1-1 0 4 4 0 1 1 8 0 .5.5 0 0 1-1 0 3 3 0 0 0-3-3zm0 2a1 1 0 0 0-1 1 .5.5 0 0 1-1 0 2 2 0 1 1 4 0 .5.5 0 0 1-1 0 1 1 0 0 0-1-1z"/></svg>

frontend/src-tauri/src/commands/backend.rs

@@ -0,0 +1,379 @@
+use tauri_plugin_shell::ShellExt;
+use tauri::Manager;
+use std::sync::Mutex;
+use std::path::PathBuf;
+use crate::utils::add_log;
+
+// Store backend process handle globally
+static BACKEND_PROCESS: Mutex<Option<tauri_plugin_shell::process::CommandChild>> = Mutex::new(None);
+static BACKEND_STARTING: Mutex<bool> = Mutex::new(false);
+
+// Helper function to reset starting flag
+fn reset_starting_flag() {
+    let mut starting_guard = BACKEND_STARTING.lock().unwrap();
+    *starting_guard = false;
+}
+
+// Check if backend is already running or starting
+fn check_backend_status() -> Result<(), String> {
+    // Check if backend is already running
+    {
+        let process_guard = BACKEND_PROCESS.lock().unwrap();
+        if process_guard.is_some() {
+            add_log("⚠️ Backend process already running, skipping start".to_string());
+            return Err("Backend already running".to_string());
+        }
+    }
+    
+    // Check and set starting flag to prevent multiple simultaneous starts
+    {
+        let mut starting_guard = BACKEND_STARTING.lock().unwrap();
+        if *starting_guard {
+            add_log("⚠️ Backend already starting, skipping duplicate start".to_string());
+            return Err("Backend startup already in progress".to_string());
+        }
+        *starting_guard = true;
+    }
+    
+    Ok(())
+}
+
+// Find the bundled JRE and return the java executable path
+fn find_bundled_jre(resource_dir: &PathBuf) -> Result<PathBuf, String> {
+    let jre_dir = resource_dir.join("runtime").join("jre");
+    let java_executable = if cfg!(windows) {
+        jre_dir.join("bin").join("java.exe")
+    } else {
+        jre_dir.join("bin").join("java")
+    };
+    
+    if !java_executable.exists() {
+        let error_msg = format!("❌ Bundled JRE not found at: {:?}", java_executable);
+        add_log(error_msg.clone());
+        return Err(error_msg);
+    }
+    
+    add_log(format!("✅ Found bundled JRE: {:?}", java_executable));
+    Ok(java_executable)
+}
+
+// Find the Stirling-PDF JAR file
+fn find_stirling_jar(resource_dir: &PathBuf) -> Result<PathBuf, String> {
+    let libs_dir = resource_dir.join("libs");
+    let mut jar_files: Vec<_> = std::fs::read_dir(&libs_dir)
+        .map_err(|e| {
+            let error_msg = format!("Failed to read libs directory: {}. Make sure the JAR is copied to libs/", e);
+            add_log(error_msg.clone());
+            error_msg
+        })?
+        .filter_map(|entry| entry.ok())
+        .filter(|entry| {
+            let path = entry.path();
+            // Match any .jar file containing "stirling-pdf" (case-insensitive)
+            path.extension().and_then(|s| s.to_str()).map(|ext| ext.eq_ignore_ascii_case("jar")).unwrap_or(false)
+                && path.file_name()
+                    .and_then(|f| f.to_str())
+                    .map(|name| name.to_ascii_lowercase().contains("stirling-pdf"))
+                    .unwrap_or(false)
+        })
+        .collect();
+    
+    if jar_files.is_empty() {
+        let error_msg = "No Stirling-PDF JAR found in libs directory.".to_string();
+        add_log(error_msg.clone());
+        return Err(error_msg);
+    }
+    
+    // Sort by filename to get the latest version (case-insensitive)
+    jar_files.sort_by(|a, b| {
+        let name_a = a.file_name().to_string_lossy().to_ascii_lowercase();
+        let name_b = b.file_name().to_string_lossy().to_ascii_lowercase();
+        name_b.cmp(&name_a) // Reverse order to get latest first
+    });
+    
+    let jar_path = jar_files[0].path();
+    add_log(format!("📋 Selected JAR: {:?}", jar_path.file_name().unwrap()));
+    Ok(jar_path)
+}
+
+// Normalize path to remove Windows UNC prefix
+fn normalize_path(path: &PathBuf) -> PathBuf {
+    if cfg!(windows) {
+        let path_str = path.to_string_lossy();
+        if path_str.starts_with(r"\\?\") {
+            PathBuf::from(&path_str[4..]) // Remove \\?\ prefix
+        } else {
+            path.clone()
+        }
+    } else {
+        path.clone()
+    }
+}
+
+// Create, configure and run the Java command to run Stirling-PDF JAR
+fn run_stirling_pdf_jar(app: &tauri::AppHandle, java_path: &PathBuf, jar_path: &PathBuf) -> Result<(), String> {
+    // Get platform-specific application data directory for Tauri mode
+    let app_data_dir = if cfg!(target_os = "macos") {
+        let home = std::env::var("HOME").unwrap_or_else(|_| "/tmp".to_string());
+        PathBuf::from(home).join("Library").join("Application Support").join("Stirling-PDF")
+    } else if cfg!(target_os = "windows") {
+        let appdata = std::env::var("APPDATA").unwrap_or_else(|_| std::env::temp_dir().to_string_lossy().to_string());
+        PathBuf::from(appdata).join("Stirling-PDF")
+    } else {
+        let home = std::env::var("HOME").unwrap_or_else(|_| "/tmp".to_string());
+        PathBuf::from(home).join(".config").join("Stirling-PDF")
+    };
+    
+    // Create subdirectories for different purposes
+    let config_dir = app_data_dir.join("configs");
+    let log_dir = app_data_dir.join("logs");
+    let work_dir = app_data_dir.join("workspace");
+    
+    // Create all necessary directories
+    std::fs::create_dir_all(&app_data_dir).ok();
+    std::fs::create_dir_all(&log_dir).ok();
+    std::fs::create_dir_all(&work_dir).ok();
+    std::fs::create_dir_all(&config_dir).ok();
+    
+    add_log(format!("📁 App data directory: {}", app_data_dir.display()));
+    add_log(format!("📁 Log directory: {}", log_dir.display()));
+    add_log(format!("📁 Working directory: {}", work_dir.display()));
+    add_log(format!("📁 Config directory: {}", config_dir.display()));
+    
+    // Define all Java options with Tauri-specific paths
+    let log_path_option = format!("-Dlogging.file.path={}", log_dir.display());
+
+    let java_options = vec![
+        "-Xmx2g",
+        "-DBROWSER_OPEN=false",
+        "-DSTIRLING_PDF_DESKTOP_UI=false",
+        "-DSTIRLING_PDF_TAURI_MODE=true",
+        &log_path_option,
+        "-Dlogging.file.name=stirling-pdf.log",
+        "-jar",
+        jar_path.to_str().unwrap()
+    ];
+    
+    // Log the equivalent command for external testing
+    let java_command = format!(
+        "TAURI_PARENT_PID={} \"{}\" {}",
+        std::process::id(),
+        java_path.display(),
+        java_options.join(" ")
+    );
+    add_log(format!("🔧 Equivalent command: {}", java_command));
+    add_log(format!("📁 Backend logs will be in: {}", log_dir.display()));
+    
+    // Additional macOS-specific checks
+    if cfg!(target_os = "macos") {
+        // Check if java executable has execute permissions
+        if let Ok(metadata) = std::fs::metadata(java_path) {
+            let permissions = metadata.permissions();
+            add_log(format!("🔍 Java executable permissions: {:?}", permissions));
+            
+            #[cfg(unix)]
+            {
+                use std::os::unix::fs::PermissionsExt;
+                let mode = permissions.mode();
+                add_log(format!("🔍 Java executable mode: 0o{:o}", mode));
+                if mode & 0o111 == 0 {
+                    add_log("⚠️ Java executable may not have execute permissions".to_string());
+                }
+            }
+        }
+        
+        // Check if we can read the JAR file
+        if let Ok(metadata) = std::fs::metadata(jar_path) {
+            add_log(format!("📦 JAR file size: {} bytes", metadata.len()));
+        } else {
+            add_log("⚠️ Cannot read JAR file metadata".to_string());
+        }
+    }
+    
+    let sidecar_command = app
+        .shell()
+        .command(java_path.to_str().unwrap())
+        .args(java_options)
+        .current_dir(&work_dir)  // Set working directory to writable location
+        .env("TAURI_PARENT_PID", std::process::id().to_string())
+        .env("STIRLING_PDF_CONFIG_DIR", config_dir.to_str().unwrap())
+        .env("STIRLING_PDF_LOG_DIR", log_dir.to_str().unwrap())
+        .env("STIRLING_PDF_WORK_DIR", work_dir.to_str().unwrap());
+    
+    add_log("⚙️ Starting backend with bundled JRE...".to_string());
+    
+    let (rx, child) = sidecar_command
+        .spawn()
+        .map_err(|e| {
+            let error_msg = format!("❌ Failed to spawn sidecar: {}", e);
+            add_log(error_msg.clone());
+            error_msg
+        })?;
+    
+    // Store the process handle
+    {
+        let mut process_guard = BACKEND_PROCESS.lock().unwrap();
+        *process_guard = Some(child);
+    }
+    
+    add_log("✅ Backend started with bundled JRE, monitoring output...".to_string());
+    
+    // Start monitoring output
+    monitor_backend_output(rx);
+    
+    Ok(())
+}
+
+// Monitor backend output in a separate task
+fn monitor_backend_output(mut rx: tauri::async_runtime::Receiver<tauri_plugin_shell::process::CommandEvent>) {
+    tokio::spawn(async move {
+        let mut _startup_detected = false;
+        let mut error_count = 0;
+        
+        while let Some(event) = rx.recv().await {
+            match event {
+                tauri_plugin_shell::process::CommandEvent::Stdout(output) => {
+                    let output_str = String::from_utf8_lossy(&output);
+                    add_log(format!("📤 Backend: {}", output_str));
+                    
+                    // Look for startup indicators
+                    if output_str.contains("Started SPDFApplication") || 
+                       output_str.contains("Navigate to "){
+                        _startup_detected = true;
+                        add_log(format!("🎉 Backend startup detected: {}", output_str));
+                    }
+                    
+                    // Look for port binding
+                    if output_str.contains("8080") {
+                        add_log(format!("🔌 Port 8080 related output: {}", output_str));
+                    }
+                }
+                tauri_plugin_shell::process::CommandEvent::Stderr(output) => {
+                    let output_str = String::from_utf8_lossy(&output);
+                    add_log(format!("📥 Backend Error: {}", output_str));
+                    
+                    // Look for error indicators
+                    if output_str.contains("ERROR") || output_str.contains("Exception") || output_str.contains("FATAL") {
+                        error_count += 1;
+                        add_log(format!("⚠️ Backend error #{}: {}", error_count, output_str));
+                    }
+                    
+                    // Look for specific common issues
+                    if output_str.contains("Address already in use") {
+                        add_log("🚨 CRITICAL: Port 8080 is already in use by another process!".to_string());
+                    }
+                    if output_str.contains("java.lang.ClassNotFoundException") {
+                        add_log("🚨 CRITICAL: Missing Java dependencies!".to_string());
+                    }
+                    if output_str.contains("java.io.FileNotFoundException") {
+                        add_log("🚨 CRITICAL: Required file not found!".to_string());
+                    }
+                }
+                tauri_plugin_shell::process::CommandEvent::Error(error) => {
+                    add_log(format!("❌ Backend process error: {}", error));
+                }
+                tauri_plugin_shell::process::CommandEvent::Terminated(payload) => {
+                    add_log(format!("💀 Backend terminated with code: {:?}", payload.code));
+                    if let Some(code) = payload.code {
+                        match code {
+                            0 => println!("✅ Process terminated normally"),
+                            1 => println!("❌ Process terminated with generic error"),
+                            2 => println!("❌ Process terminated due to misuse"),
+                            126 => println!("❌ Command invoked cannot execute"),
+                            127 => println!("❌ Command not found"),
+                            128 => println!("❌ Invalid exit argument"),
+                            130 => println!("❌ Process terminated by Ctrl+C"),
+                            _ => println!("❌ Process terminated with code: {}", code),
+                        }
+                    }
+                    // Clear the stored process handle
+                    let mut process_guard = BACKEND_PROCESS.lock().unwrap();
+                    *process_guard = None;
+                }
+                _ => {
+                    println!("🔍 Unknown command event: {:?}", event);
+                }
+            }
+        }
+        
+        if error_count > 0 {
+            println!("⚠️ Backend process ended with {} errors detected", error_count);
+        }
+    });
+}
+
+// Command to start the backend with bundled JRE
+#[tauri::command]
+pub async fn start_backend(app: tauri::AppHandle) -> Result<String, String> {
+    add_log("🚀 start_backend() called - Attempting to start backend with bundled JRE...".to_string());
+    
+    // Check if backend is already running or starting
+    if let Err(msg) = check_backend_status() {
+        return Ok(msg);
+    }
+    
+    // Use Tauri's resource API to find the bundled JRE and JAR
+    let resource_dir = app.path().resource_dir().map_err(|e| {
+        let error_msg = format!("❌ Failed to get resource directory: {}", e);
+        add_log(error_msg.clone());
+        reset_starting_flag();
+        error_msg
+    })?;
+    
+    add_log(format!("🔍 Resource directory: {:?}", resource_dir));
+    
+    // Find the bundled JRE
+    let java_executable = find_bundled_jre(&resource_dir).map_err(|e| {
+        reset_starting_flag();
+        e
+    })?;
+    
+    // Find the Stirling-PDF JAR
+    let jar_path = find_stirling_jar(&resource_dir).map_err(|e| {
+        reset_starting_flag();
+        e
+    })?;
+    
+    // Normalize the paths to remove Windows UNC prefix
+    let normalized_java_path = normalize_path(&java_executable);
+    let normalized_jar_path = normalize_path(&jar_path);
+    
+    add_log(format!("📦 Found JAR file: {:?}", jar_path));
+    add_log(format!("📦 Normalized JAR path: {:?}", normalized_jar_path));
+    add_log(format!("📦 Normalized Java path: {:?}", normalized_java_path));
+    
+    // Create and start the Java command
+    run_stirling_pdf_jar(&app, &normalized_java_path, &normalized_jar_path).map_err(|e| {
+        reset_starting_flag();
+        e
+    })?;
+    
+    // Wait for the backend to start
+    println!("⏳ Waiting for backend startup...");
+    tokio::time::sleep(std::time::Duration::from_millis(10000)).await;
+    
+    // Reset the starting flag since startup is complete
+    reset_starting_flag();
+    add_log("✅ Backend startup sequence completed, starting flag cleared".to_string());
+    
+    Ok("Backend startup initiated successfully with bundled JRE".to_string())
+}
+
+// Cleanup function to stop backend on app exit
+pub fn cleanup_backend() {
+    let mut process_guard = BACKEND_PROCESS.lock().unwrap();
+    if let Some(child) = process_guard.take() {
+        let pid = child.pid();
+        add_log(format!("🧹 App shutting down, cleaning up backend process (PID: {})", pid));
+        
+        match child.kill() {
+            Ok(_) => {
+                add_log(format!("✅ Backend process (PID: {}) terminated during cleanup", pid));
+            }
+            Err(e) => {
+                add_log(format!("❌ Failed to terminate backend process during cleanup: {}", e));
+                println!("❌ Failed to terminate backend process during cleanup: {}", e);
+            }
+        }
+    }
+}

frontend/src-tauri/src/commands/files.rs

@@ -0,0 +1,48 @@
+use crate::utils::add_log;
+use std::sync::Mutex;
+
+// Store the opened file path globally
+static OPENED_FILE: Mutex<Option<String>> = Mutex::new(None);
+
+// Set the opened file path (called by macOS file open events)
+pub fn set_opened_file(file_path: String) {
+    let mut opened_file = OPENED_FILE.lock().unwrap();
+    *opened_file = Some(file_path.clone());
+    add_log(format!("📂 File opened via file open event: {}", file_path));
+}
+
+// Command to get opened file path (if app was launched with a file)
+#[tauri::command]
+pub async fn get_opened_file() -> Result<Option<String>, String> {
+    // First check if we have a file from macOS file open events
+    {
+        let opened_file = OPENED_FILE.lock().unwrap();
+        if let Some(ref file_path) = *opened_file {
+            add_log(format!("📂 Returning stored opened file: {}", file_path));
+            return Ok(Some(file_path.clone()));
+        }
+    }
+    
+    // Fallback to command line arguments (Windows/Linux)
+    let args: Vec<String> = std::env::args().collect();
+    
+    // Look for a PDF file argument (skip the first arg which is the executable)
+    for arg in args.iter().skip(1) {
+        if arg.ends_with(".pdf") && std::path::Path::new(arg).exists() {
+            add_log(format!("📂 PDF file opened via command line: {}", arg));
+            return Ok(Some(arg.clone()));
+        }
+    }
+    
+    Ok(None)
+}
+
+// Command to clear the opened file (after processing)
+#[tauri::command]
+pub async fn clear_opened_file() -> Result<(), String> {
+    let mut opened_file = OPENED_FILE.lock().unwrap();
+    *opened_file = None;
+    add_log("📂 Cleared opened file".to_string());
+    Ok(())
+}
+

frontend/src-tauri/src/commands/health.rs

@@ -0,0 +1,36 @@
+// Command to check if backend is healthy
+#[tauri::command]
+pub async fn check_backend_health() -> Result<bool, String> {
+    let client = reqwest::Client::builder()
+        .timeout(std::time::Duration::from_secs(5))
+        .build()
+        .map_err(|e| format!("Failed to create HTTP client: {}", e))?;
+    
+    match client.get("http://localhost:8080/api/v1/info/status").send().await {
+        Ok(response) => {
+            let status = response.status();
+            if status.is_success() {
+                match response.text().await {
+                    Ok(_body) => {
+                        println!("✅ Backend health check successful");
+                        Ok(true)
+                    }
+                    Err(e) => {
+                        println!("⚠️ Failed to read health response: {}", e);
+                        Ok(false)
+                    }
+                }
+            } else {
+                println!("⚠️ Health check failed with status: {}", status);
+                Ok(false)
+            }
+        }
+        Err(e) => {
+            // Only log connection errors if they're not the common "connection refused" during startup
+            if !e.to_string().contains("connection refused") && !e.to_string().contains("No connection could be made") {
+                println!("❌ Health check error: {}", e);
+            }
+            Ok(false)
+        }
+    }
+}

frontend/src-tauri/src/commands/mod.rs

@@ -0,0 +1,7 @@
+pub mod backend;
+pub mod health;
+pub mod files;
+
+pub use backend::{start_backend, cleanup_backend};
+pub use health::check_backend_health;
+pub use files::{get_opened_file, clear_opened_file, set_opened_file};

frontend/src-tauri/src/file_handler.rs

@@ -0,0 +1,189 @@
+/// Multi-platform file opening handler
+/// 
+/// This module provides unified file opening support across platforms:
+/// - macOS: Uses native NSApplication delegate (proper Apple Events)
+/// - Windows/Linux: Uses command line arguments (fallback approach)
+/// - All platforms: Runtime event handling via Tauri events
+
+use crate::utils::add_log;
+use crate::commands::set_opened_file;
+use tauri::AppHandle;
+
+
+/// Initialize file handling for the current platform
+pub fn initialize_file_handler(app: &AppHandle<tauri::Wry>) {
+    add_log("🔧 Initializing file handler...".to_string());
+    
+    // Platform-specific initialization
+    #[cfg(target_os = "macos")]
+    {
+        add_log("🍎 Using macOS native file handler".to_string());
+        macos_native::register_open_file_handler(app);
+    }
+    
+    #[cfg(not(target_os = "macos"))]
+    {
+        add_log("🖥️ Using command line argument file handler".to_string());
+        let _ = app; // Suppress unused variable warning
+    }
+    
+    // Universal: Check command line arguments (works on all platforms)
+    check_command_line_args();
+}
+
+/// Early initialization for macOS delegate registration
+pub fn early_init() {
+    #[cfg(target_os = "macos")]
+    {
+        add_log("🔄 Early macOS initialization...".to_string());
+        macos_native::register_delegate_early();
+    }
+}
+
+/// Check command line arguments for file paths (universal fallback)
+fn check_command_line_args() {
+    let args: Vec<String> = std::env::args().collect();
+    add_log(format!("🔍 DEBUG: All command line args: {:?}", args));
+    
+    // Check command line arguments for file opening
+    for (i, arg) in args.iter().enumerate() {
+        add_log(format!("🔍 DEBUG: Arg {}: {}", i, arg));
+        if i > 0 && arg.ends_with(".pdf") && std::path::Path::new(arg).exists() {
+            add_log(format!("📂 File argument detected: {}", arg));
+            set_opened_file(arg.clone());
+            break; // Only handle the first PDF file
+        }
+    }
+}
+
+/// Handle runtime file open events (for future single-instance support)
+#[allow(dead_code)]
+pub fn handle_runtime_file_open(file_path: String) {
+    if file_path.ends_with(".pdf") && std::path::Path::new(&file_path).exists() {
+        add_log(format!("📂 Runtime file open: {}", file_path));
+        set_opened_file(file_path);
+    }
+}
+
+#[cfg(target_os = "macos")]
+mod macos_native {
+    use objc::{class, msg_send, sel, sel_impl};
+    use objc::runtime::{Class, Object, Sel};
+    use cocoa::appkit::NSApplication;
+    use cocoa::base::{id, nil};
+    use once_cell::sync::Lazy;
+    use std::sync::Mutex;
+    use tauri::{AppHandle, Emitter};
+    
+    use crate::utils::add_log;
+    use crate::commands::set_opened_file;
+    
+    // Static app handle storage
+    static APP_HANDLE: Lazy<Mutex<Option<AppHandle<tauri::Wry>>>> = Lazy::new(|| Mutex::new(None));
+    
+    // Store files opened during launch
+    static LAUNCH_FILES: Lazy<Mutex<Vec<String>>> = Lazy::new(|| Mutex::new(Vec::new()));
+    
+    
+    extern "C" fn open_files(_self: &Object, _cmd: Sel, _sender: id, filenames: id) {
+        unsafe {
+            add_log(format!("📂 macOS native openFiles event called"));
+            
+            // filenames is an NSArray of NSString objects
+            let count: usize = msg_send![filenames, count];
+            add_log(format!("📂 Number of files to open: {}", count));
+            
+            for i in 0..count {
+                let filename: id = msg_send![filenames, objectAtIndex: i];
+                let cstr = {
+                    let bytes: *const std::os::raw::c_char = msg_send![filename, UTF8String];
+                    std::ffi::CStr::from_ptr(bytes)
+                };
+                
+                if let Ok(path) = cstr.to_str() {
+                    add_log(format!("📂 macOS file open: {}", path));
+                    if path.ends_with(".pdf") {
+                        // Always set the opened file for command-line interface
+                        set_opened_file(path.to_string());
+                        
+                        if let Some(app) = APP_HANDLE.lock().unwrap().as_ref() {
+                            // App is running, emit event immediately
+                            add_log(format!("✅ App running, emitting file event: {}", path));
+                            let _ = app.emit("macos://open-file", path.to_string());
+                        } else {
+                            // App not ready yet, store for later processing
+                            add_log(format!("🚀 App not ready, storing file for later: {}", path));
+                            LAUNCH_FILES.lock().unwrap().push(path.to_string());
+                        }
+                    }
+                }
+            }
+        }
+    }
+    
+    // Register the delegate immediately when the module loads
+    pub fn register_delegate_early() {
+        add_log("🔧 Registering macOS delegate early...".to_string());
+        
+        unsafe {
+            let ns_app = NSApplication::sharedApplication(nil);
+            
+            // Check if there's already a delegate
+            let existing_delegate: id = msg_send![ns_app, delegate];
+            if existing_delegate != nil {
+                add_log("⚠️ Tauri already has an NSApplication delegate, trying to extend it...".to_string());
+                
+                // Try to add our method to the existing delegate's class
+                let delegate_class: id = msg_send![existing_delegate, class];
+                let class_name: *const std::os::raw::c_char = msg_send![delegate_class, name];
+                let class_name_str = std::ffi::CStr::from_ptr(class_name).to_string_lossy();
+                add_log(format!("🔍 Existing delegate class: {}", class_name_str));
+                
+                // This approach won't work with existing classes, so let's try a different method
+                // We'll use method swizzling or create a new delegate that forwards to the old one
+                add_log("🔄 Will try alternative approach...".to_string());
+            }
+            
+            let delegate_class = Class::get("StirlingAppDelegate").unwrap_or_else(|| {
+                let superclass = class!(NSObject);
+                let mut decl = objc::declare::ClassDecl::new("StirlingAppDelegate", superclass).unwrap();
+                
+                // Add file opening delegate method (modern plural version)
+                decl.add_method(
+                    sel!(application:openFiles:),
+                    open_files as extern "C" fn(&Object, Sel, id, id)
+                );
+                
+                decl.register()
+            });
+    
+            let delegate: id = msg_send![delegate_class, new];
+            let _: () = msg_send![ns_app, setDelegate:delegate];
+        }
+        
+        add_log("✅ macOS delegate registered early".to_string());
+    }
+    
+    pub fn register_open_file_handler(app: &AppHandle<tauri::Wry>) {
+        add_log("🔧 Connecting app handle to file handler...".to_string());
+        
+        // Store the app handle 
+        *APP_HANDLE.lock().unwrap() = Some(app.clone());
+        
+        // Process any files that were opened during launch
+        let launch_files = {
+            let mut files = LAUNCH_FILES.lock().unwrap();
+            let result = files.clone();
+            files.clear();
+            result
+        };
+        
+        for file_path in launch_files {
+            add_log(format!("📂 Processing stored launch file: {}", file_path));
+            set_opened_file(file_path.clone());
+            let _ = app.emit("macos://open-file", file_path);
+        }
+        
+        add_log("✅ macOS file handler connected successfully".to_string());
+    }
+}

frontend/src-tauri/src/lib.rs

@@ -0,0 +1,65 @@
+use tauri::{RunEvent, WindowEvent, Emitter};
+
+mod utils;
+mod commands;
+mod file_handler;
+
+use commands::{start_backend, check_backend_health, get_opened_file, clear_opened_file, cleanup_backend, set_opened_file};
+use utils::{add_log, get_tauri_logs};
+
+#[cfg_attr(mobile, tauri::mobile_entry_point)]
+pub fn run() {
+  // Initialize file handler early for macOS
+  file_handler::early_init();
+  
+  tauri::Builder::default()
+    .plugin(tauri_plugin_shell::init())
+    .plugin(tauri_plugin_fs::init())
+    .setup(|app| {
+      add_log("🚀 Tauri app setup started".to_string());
+      
+      // Initialize platform-specific file handler
+      file_handler::initialize_file_handler(&app.handle());
+      
+      add_log("🔍 DEBUG: Setup completed".to_string());
+      Ok(())
+    })
+    .invoke_handler(tauri::generate_handler![start_backend, check_backend_health, get_opened_file, clear_opened_file, get_tauri_logs])
+    .build(tauri::generate_context!())
+    .expect("error while building tauri application")
+    .run(|app_handle, event| {
+      match event {
+        RunEvent::ExitRequested { .. } => {
+          add_log("🔄 App exit requested, cleaning up...".to_string());
+          cleanup_backend();
+          // Use Tauri's built-in cleanup
+          app_handle.cleanup_before_exit();
+        }
+        RunEvent::WindowEvent { event: WindowEvent::CloseRequested {.. }, .. } => {
+          add_log("🔄 Window close requested, cleaning up...".to_string());
+          cleanup_backend();
+          // Allow the window to close
+        }
+        #[cfg(target_os = "macos")]
+        RunEvent::Opened { urls } => {
+          add_log(format!("📂 Tauri file opened event: {:?}", urls));
+          for url in urls {
+            let url_str = url.as_str();
+            if url_str.starts_with("file://") {
+              let file_path = url_str.strip_prefix("file://").unwrap_or(url_str);
+              if file_path.ends_with(".pdf") {
+                add_log(format!("📂 Processing opened PDF: {}", file_path));
+                set_opened_file(file_path.to_string());
+                let _ = app_handle.emit("macos://open-file", file_path.to_string());
+              }
+            }
+          }
+        }
+        _ => {
+          // Only log unhandled events in debug mode to reduce noise
+          // #[cfg(debug_assertions)]
+          // add_log(format!("🔍 DEBUG: Unhandled event: {:?}", event));
+        }
+      }
+    });
+}

frontend/src-tauri/src/main.rs

@@ -0,0 +1,6 @@
+// Prevents additional console window on Windows in release, DO NOT REMOVE!!
+#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
+
+fn main() {
+  app_lib::run();
+}

frontend/src-tauri/src/utils/logging.rs

@@ -0,0 +1,90 @@
+use std::sync::Mutex;
+use std::collections::VecDeque;
+use std::fs::OpenOptions;
+use std::io::Write;
+use std::path::PathBuf;
+
+// Store backend logs globally
+static BACKEND_LOGS: Mutex<VecDeque<String>> = Mutex::new(VecDeque::new());
+
+// Get platform-specific log directory
+fn get_log_directory() -> PathBuf {
+    if cfg!(target_os = "macos") {
+        // macOS: ~/Library/Logs/Stirling-PDF
+        let home = std::env::var("HOME").unwrap_or_else(|_| "/tmp".to_string());
+        PathBuf::from(home).join("Library").join("Logs").join("Stirling-PDF")
+    } else if cfg!(target_os = "windows") {
+        // Windows: %APPDATA%\Stirling-PDF\logs
+        let appdata = std::env::var("APPDATA").unwrap_or_else(|_| std::env::temp_dir().to_string_lossy().to_string());
+        PathBuf::from(appdata).join("Stirling-PDF").join("logs")
+    } else {
+        // Linux: ~/.config/Stirling-PDF/logs
+        let home = std::env::var("HOME").unwrap_or_else(|_| "/tmp".to_string());
+        PathBuf::from(home).join(".config").join("Stirling-PDF").join("logs")
+    }
+}
+
+// Helper function to add log entry
+pub fn add_log(message: String) {
+    let timestamp = std::time::SystemTime::now()
+        .duration_since(std::time::UNIX_EPOCH)
+        .unwrap()
+        .as_secs();
+    
+    let log_entry = format!("{}: {}", timestamp, message);
+    
+    // Add to memory logs
+    {
+        let mut logs = BACKEND_LOGS.lock().unwrap();
+        logs.push_back(log_entry.clone());
+        // Keep only last 100 log entries
+        if logs.len() > 100 {
+            logs.pop_front();
+        }
+    }
+    
+    // Write to file
+    write_to_log_file(&log_entry);
+    
+    // Remove trailing newline if present
+    let clean_message = message.trim_end_matches('\n').to_string();
+    println!("{}", clean_message); // Also print to console
+}
+
+// Write log entry to file
+fn write_to_log_file(log_entry: &str) {
+    let log_dir = get_log_directory();
+    if let Err(e) = std::fs::create_dir_all(&log_dir) {
+        eprintln!("Failed to create log directory: {}", e);
+        return;
+    }
+    
+    let log_file = log_dir.join("tauri-backend.log");
+    
+    match OpenOptions::new()
+        .create(true)
+        .append(true)
+        .open(&log_file)
+    {
+        Ok(mut file) => {
+            if let Err(e) = writeln!(file, "{}", log_entry) {
+                eprintln!("Failed to write to log file: {}", e);
+            }
+        }
+        Err(e) => {
+            eprintln!("Failed to open log file {:?}: {}", log_file, e);
+        }
+    }
+}
+
+// Get current logs for debugging
+pub fn get_logs() -> Vec<String> {
+    let logs = BACKEND_LOGS.lock().unwrap();
+    logs.iter().cloned().collect()
+}
+
+// Command to get logs from frontend
+#[tauri::command]
+pub async fn get_tauri_logs() -> Result<Vec<String>, String> {
+    Ok(get_logs())
+}

frontend/src-tauri/src/utils/mod.rs

@@ -0,0 +1,3 @@
+pub mod logging;
+
+pub use logging::{add_log, get_tauri_logs};

frontend/src-tauri/stirling-pdf.desktop

@@ -0,0 +1,14 @@
+[Desktop Entry]
+Version=1.0
+Type=Application
+Name=Stirling-PDF
+Comment=Locally hosted web application that allows you to perform various operations on PDF files
+Icon={{icon}}
+Terminal=false
+MimeType=application/pdf;
+Categories=Office;Graphics;Utility;
+Actions=open-file;
+
+[Desktop Action open-file]
+Name=Open PDF File
+Exec=/usr/bin/stirling-pdf %F

frontend/src-tauri/tauri.conf.json

@@ -0,0 +1,63 @@
+{
+  "$schema": "../node_modules/@tauri-apps/cli/config.schema.json",
+  "productName": "Stirling-PDF",
+  "version": "2.0.0",
+  "identifier": "stirling.pdf.dev",
+  "build": {
+    "frontendDist": "../dist",
+    "devUrl": "http://localhost:5173",
+    "beforeDevCommand": "npm run dev -- --mode desktop",
+    "beforeBuildCommand": "npm run build -- --mode desktop"
+  },
+  "app": {
+    "windows": [
+      {
+        "title": "Stirling-PDF",
+        "width": 1280,
+        "height": 800,
+        "resizable": true,
+        "fullscreen": false
+      }
+    ]
+  },
+  "bundle": {
+    "active": true,
+    "targets": ["deb", "rpm", "dmg", "msi"],
+    "icon": [
+      "icons/icon.png",
+      "icons/icon.icns",
+      "icons/icon.ico",
+      "icons/16x16.png",
+      "icons/32x32.png",
+      "icons/64x64.png",
+      "icons/128x128.png",
+      "icons/192x192.png"
+    ],
+    "resources": [
+      "libs/*.jar",
+      "runtime/jre/**/*"
+    ],
+    "fileAssociations": [
+      {
+        "ext": ["pdf"],
+        "name": "PDF Document",
+        "description": "Open PDF files with Stirling-PDF",
+        "role": "Editor",
+        "mimeType": "application/pdf"
+      }
+    ],
+    "linux": {
+      "deb": {
+        "desktopTemplate": "stirling-pdf.desktop"
+      }
+    }
+  },
+  "plugins": {
+    "shell": {
+      "open": true
+    },
+    "fs": {
+      "requireLiteralLeadingDot": false
+    }
+  }
+}

frontend/src/core/components/rightRail/RightRailFooterExtensions.tsx

@@ -0,0 +1,7 @@
+interface RightRailFooterExtensionsProps {
+  className?: string;
+}
+
+export function RightRailFooterExtensions(_props: RightRailFooterExtensionsProps) {
+  return null;
+}

frontend/src/core/components/shared/RightRail.tsx

@@ -13,6 +13,7 @@ import { Tooltip } from '@app/components/shared/Tooltip';
 import { ViewerContext } from '@app/contexts/ViewerContext';
 import { useSignature } from '@app/contexts/SignatureContext';
 import LocalIcon from '@app/components/shared/LocalIcon';
+import { RightRailFooterExtensions } from '@app/components/rightRail/RightRailFooterExtensions';
 
 import { useSidebarContext } from '@app/contexts/SidebarContext';
 import { RightRailButtonConfig, RightRailRenderContext, RightRailSection } from '@app/types/rightRail';
@@ -224,6 +225,8 @@ export default function RightRail() {
         </div>
 
         <div className="right-rail-spacer" />
+
+        <RightRailFooterExtensions className="right-rail-footer" />
       </div>
     </div>
   );

frontend/src/core/components/shared/rightRail/RightRail.css

@@ -17,6 +17,9 @@
   align-items: center;
   gap: 0.75rem;
   padding: 1rem 0.5rem;
+  width: 100%;
+  height: 100%;
+  flex: 1;
 }
 
 .right-rail-section {

frontend/src/core/pages/HomePage.tsx

@@ -20,14 +20,21 @@ import { useFilesModalContext } from "@app/contexts/FilesModalContext";
 import AppConfigModal from "@app/components/shared/AppConfigModal";
 import ToolPanelModePrompt from "@app/components/tools/ToolPanelModePrompt";
 import AdminAnalyticsChoiceModal from "@app/components/shared/AdminAnalyticsChoiceModal";
+import { useHomePageExtensions } from "@app/pages/useHomePageExtensions";
 
 import "@app/pages/HomePage.css";
 
 type MobileView = "tools" | "workbench";
 
+interface HomePageProps {
+  openedFile?: File | null;
+}
 
-export default function HomePage() {
+export default function HomePage({ openedFile }: HomePageProps = {}) {
   const { t } = useTranslation();
+
+  // Extension hook for desktop-specific behavior (e.g., file opening)
+  useHomePageExtensions(openedFile);
   const {
     sidebarRefs,
   } = useSidebarContext();

frontend/src/core/pages/useHomePageExtensions.ts

@@ -0,0 +1,10 @@
+import { useEffect } from 'react';
+
+/**
+ * Extension point for HomePage behaviour.
+ * Core version does nothing.
+ */
+export function useHomePageExtensions(_openedFile?: File | null) {
+  useEffect(() => {
+  }, [_openedFile]);
+}

frontend/src/core/services/apiClient.ts

@@ -1,10 +1,11 @@
 import axios from 'axios';
 import { handleHttpError } from '@app/services/httpErrorHandler';
 import { setupApiInterceptors } from '@app/services/apiClientSetup';
+import { getApiBaseUrl } from '@app/services/apiClientConfig';
 
 // Create axios instance with default config
 const apiClient = axios.create({
-  baseURL: import.meta.env.VITE_API_BASE_URL || '/',
+  baseURL: getApiBaseUrl(),
   responseType: 'json',
 });
 

frontend/src/core/services/apiClientConfig.ts

@@ -0,0 +1,7 @@
+/**
+ * Get the base URL for API requests.
+ * Core version uses simple environment variable.
+ */
+export function getApiBaseUrl(): string {
+  return import.meta.env.VITE_API_BASE_URL || '/';
+}

frontend/src/desktop/auth/UseSession.tsx

@@ -0,0 +1,234 @@
+import { createContext, useContext, useEffect, useState, ReactNode, useCallback } from 'react';
+import apiClient from '@app/services/apiClient';
+import { springAuth } from '@app/auth/springAuthClient';
+import type { Session, User, AuthError, AuthChangeEvent } from '@app/auth/springAuthClient';
+
+/**
+ * Auth Context Type
+ * Simplified version without SaaS-specific features (credits, subscriptions)
+ */
+interface AuthContextType {
+  session: Session | null;
+  user: User | null;
+  loading: boolean;
+  error: AuthError | null;
+  signOut: () => Promise<void>;
+  refreshSession: () => Promise<void>;
+}
+
+const AuthContext = createContext<AuthContextType>({
+  session: null,
+  user: null,
+  loading: true,
+  error: null,
+  signOut: async () => {},
+  refreshSession: async () => {},
+});
+
+/**
+ * Auth Provider Component
+ *
+ * Manages authentication state and provides it to the entire app.
+ * Integrates with Spring Security + JWT backend.
+ */
+export function AuthProvider({ children }: { children: ReactNode }) {
+  const [session, setSession] = useState<Session | null>(null);
+  const [loading, setLoading] = useState(true);
+  const [error, setError] = useState<AuthError | null>(null);
+
+  /**
+   * Refresh current session
+   */
+  const refreshSession = useCallback(async () => {
+    try {
+      setLoading(true);
+      setError(null);
+      console.debug('[Auth] Refreshing session...');
+
+      const { data, error } = await springAuth.refreshSession();
+
+      if (error) {
+        console.error('[Auth] Session refresh error:', error);
+        setError(error);
+        setSession(null);
+      } else {
+        console.debug('[Auth] Session refreshed successfully');
+        setSession(data.session);
+      }
+    } catch (err) {
+      console.error('[Auth] Unexpected error during session refresh:', err);
+      setError(err as AuthError);
+    } finally {
+      setLoading(false);
+    }
+  }, []);
+
+  /**
+   * Sign out user
+   */
+  const signOut = useCallback(async () => {
+    try {
+      setError(null);
+      console.debug('[Auth] Signing out...');
+
+      const { error } = await springAuth.signOut();
+
+      if (error) {
+        console.error('[Auth] Sign out error:', error);
+        setError(error);
+      } else {
+        console.debug('[Auth] Signed out successfully');
+        setSession(null);
+      }
+    } catch (err) {
+      console.error('[Auth] Unexpected error during sign out:', err);
+      setError(err as AuthError);
+    }
+  }, []);
+
+  /**
+   * Initialize auth on mount
+   */
+  useEffect(() => {
+    let mounted = true;
+
+    const initializeAuth = async () => {
+      try {
+        console.debug('[Auth] Initializing auth...');
+
+        // First check if login is enabled
+        const configResponse = await apiClient.get('/api/v1/config/app-config');
+        if (configResponse.status === 200) {
+          const config = configResponse.data;
+
+          // If login is disabled, skip authentication entirely
+          if (config.enableLogin === false) {
+            console.debug('[Auth] Login disabled - skipping authentication');
+            if (mounted) {
+              setSession(null);
+              setLoading(false);
+            }
+            return;
+          }
+        }
+
+        // Login is enabled, proceed with normal auth check
+        const { data, error } = await springAuth.getSession();
+
+        if (!mounted) return;
+
+        if (error) {
+          console.error('[Auth] Initial session error:', error);
+          setError(error);
+        } else {
+          console.debug('[Auth] Initial session loaded:', {
+            hasSession: !!data.session,
+            userId: data.session?.user?.id,
+            email: data.session?.user?.email,
+          });
+          setSession(data.session);
+        }
+      } catch (err) {
+        console.error('[Auth] Unexpected error during auth initialization:', err);
+        if (mounted) {
+          setError(err as AuthError);
+        }
+      } finally {
+        if (mounted) {
+          setLoading(false);
+        }
+      }
+    };
+
+    initializeAuth();
+
+    // Subscribe to auth state changes
+    const { data: { subscription } } = springAuth.onAuthStateChange(
+      async (event: AuthChangeEvent, newSession: Session | null) => {
+        if (!mounted) return;
+
+        console.debug('[Auth] Auth state change:', {
+          event,
+          hasSession: !!newSession,
+          userId: newSession?.user?.id,
+          email: newSession?.user?.email,
+          timestamp: new Date().toISOString(),
+        });
+
+        // Schedule state update
+        setTimeout(() => {
+          if (mounted) {
+            setSession(newSession);
+            setError(null);
+
+            // Handle specific events
+            if (event === 'SIGNED_OUT') {
+              console.debug('[Auth] User signed out, clearing session');
+            } else if (event === 'SIGNED_IN') {
+              console.debug('[Auth] User signed in successfully');
+            } else if (event === 'TOKEN_REFRESHED') {
+              console.debug('[Auth] Token refreshed');
+            } else if (event === 'USER_UPDATED') {
+              console.debug('[Auth] User updated');
+            }
+          }
+        }, 0);
+      }
+    );
+
+    return () => {
+      mounted = false;
+      subscription.unsubscribe();
+    };
+  }, []);
+
+  const value: AuthContextType = {
+    session,
+    user: session?.user ?? null,
+    loading,
+    error,
+    signOut,
+    refreshSession,
+  };
+
+  return (
+    <AuthContext.Provider value={value}>
+      {children}
+    </AuthContext.Provider>
+  );
+}
+
+/**
+ * Hook to access auth context
+ * Must be used within AuthProvider
+ */
+export function useAuth() {
+  const context = useContext(AuthContext);
+
+  if (context === undefined) {
+    throw new Error('useAuth must be used within an AuthProvider');
+  }
+
+  return context;
+}
+
+/**
+ * Debug hook to expose auth state for debugging
+ * Can be used in development to monitor auth state
+ */
+export function useAuthDebug() {
+  const auth = useAuth();
+
+  useEffect(() => {
+    console.debug('[Auth Debug] Current auth state:', {
+      hasSession: !!auth.session,
+      hasUser: !!auth.user,
+      loading: auth.loading,
+      hasError: !!auth.error,
+      userId: auth.user?.id,
+      email: auth.user?.email,
+    });
+  }, [auth.session, auth.user, auth.loading, auth.error]);
+
+  return auth;
+}

frontend/src/desktop/auth/springAuthClient.ts

@@ -0,0 +1,437 @@
+/**
+ * Spring Auth Client
+ *
+ * This client integrates with the Spring Security + JWT backend.
+ * - Uses localStorage for JWT storage (sent via Authorization header)
+ * - JWT validation handled server-side
+ * - No email confirmation flow (auto-confirmed on registration)
+ */
+
+import apiClient from '@app/services/apiClient';
+
+// Auth types
+export interface User {
+  id: string;
+  email: string;
+  username: string;
+  role: string;
+  enabled?: boolean;
+  is_anonymous?: boolean;
+  app_metadata?: Record<string, any>;
+}
+
+export interface Session {
+  user: User;
+  access_token: string;
+  expires_in: number;
+  expires_at?: number;
+}
+
+export interface AuthError {
+  message: string;
+  status?: number;
+}
+
+export interface AuthResponse {
+  user: User | null;
+  session: Session | null;
+  error: AuthError | null;
+}
+
+export type AuthChangeEvent =
+  | 'SIGNED_IN'
+  | 'SIGNED_OUT'
+  | 'TOKEN_REFRESHED'
+  | 'USER_UPDATED';
+
+type AuthChangeCallback = (event: AuthChangeEvent, session: Session | null) => void;
+
+class SpringAuthClient {
+  private listeners: AuthChangeCallback[] = [];
+  private sessionCheckInterval: NodeJS.Timeout | null = null;
+  private readonly SESSION_CHECK_INTERVAL = 60000; // 1 minute
+  private readonly TOKEN_REFRESH_THRESHOLD = 300000; // 5 minutes before expiry
+
+  constructor() {
+    // Start periodic session validation
+    this.startSessionMonitoring();
+  }
+
+  /**
+   * Helper to get CSRF token from cookie
+   */
+  private getCsrfToken(): string | null {
+    const cookies = document.cookie.split(';');
+    for (const cookie of cookies) {
+      const [name, value] = cookie.trim().split('=');
+      if (name === 'XSRF-TOKEN') {
+        return value;
+      }
+    }
+    return null;
+  }
+
+  /**
+   * Get current session
+   * JWT is stored in localStorage and sent via Authorization header
+   */
+  async getSession(): Promise<{ data: { session: Session | null }; error: AuthError | null }> {
+    try {
+      // Get JWT from localStorage
+      const token = localStorage.getItem('stirling_jwt');
+
+      if (!token) {
+        console.debug('[SpringAuth] getSession: No JWT in localStorage');
+        return { data: { session: null }, error: null };
+      }
+
+      // Verify with backend
+      // Note: We pass the token explicitly here, overriding the interceptor's default
+      const response = await apiClient.get('/api/v1/auth/me', {
+        headers: {
+          'Authorization': `Bearer ${token}`,
+        },
+      });
+
+      const data = response.data;
+
+      // Create session object
+      const session: Session = {
+        user: data.user,
+        access_token: token,
+        expires_in: 3600,
+        expires_at: Date.now() + 3600 * 1000,
+      };
+
+      console.debug('[SpringAuth] getSession: Session retrieved successfully');
+      return { data: { session }, error: null };
+    } catch (error: any) {
+      console.error('[SpringAuth] getSession error:', error);
+
+      // If 401/403, token is invalid - clear it
+      if (error?.response?.status === 401 || error?.response?.status === 403) {
+        localStorage.removeItem('stirling_jwt');
+        console.debug('[SpringAuth] getSession: Not authenticated');
+        return { data: { session: null }, error: null };
+      }
+
+      // Clear potentially invalid token on other errors too
+      localStorage.removeItem('stirling_jwt');
+      return {
+        data: { session: null },
+        error: { message: error?.response?.data?.message || error?.message || 'Unknown error' },
+      };
+    }
+  }
+
+  /**
+   * Sign in with email and password
+   */
+  async signInWithPassword(credentials: {
+    email: string;
+    password: string;
+  }): Promise<AuthResponse> {
+    try {
+      const response = await apiClient.post('/api/v1/auth/login', {
+        username: credentials.email,
+        password: credentials.password
+      }, {
+        withCredentials: true, // Include cookies for CSRF
+      });
+
+      const data = response.data;
+      const token = data.session.access_token;
+
+      // Store JWT in localStorage
+      localStorage.setItem('stirling_jwt', token);
+      console.log('[SpringAuth] JWT stored in localStorage');
+
+      const session: Session = {
+        user: data.user,
+        access_token: token,
+        expires_in: data.session.expires_in,
+        expires_at: Date.now() + data.session.expires_in * 1000,
+      };
+
+      // Notify listeners
+      this.notifyListeners('SIGNED_IN', session);
+
+      return { user: data.user, session, error: null };
+    } catch (error: any) {
+      console.error('[SpringAuth] signInWithPassword error:', error);
+      const errorMessage = error?.response?.data?.error || error?.message || 'Login failed';
+      return {
+        user: null,
+        session: null,
+        error: { message: errorMessage },
+      };
+    }
+  }
+
+  /**
+   * Sign up new user
+   */
+  async signUp(credentials: {
+    email: string;
+    password: string;
+    options?: { data?: { full_name?: string }; emailRedirectTo?: string };
+  }): Promise<AuthResponse> {
+    try {
+      const response = await apiClient.post('/api/v1/user/register', {
+        username: credentials.email,
+        password: credentials.password,
+      }, {
+        withCredentials: true,
+      });
+
+      const data = response.data;
+
+      // Note: Spring backend auto-confirms users (no email verification)
+      // Return user but no session (user needs to login)
+      return { user: data.user, session: null, error: null };
+    } catch (error: any) {
+      console.error('[SpringAuth] signUp error:', error);
+      const errorMessage = error?.response?.data?.error || error?.message || 'Registration failed';
+      return {
+        user: null,
+        session: null,
+        error: { message: errorMessage },
+      };
+    }
+  }
+
+  /**
+   * Sign in with OAuth provider (GitHub, Google, etc.)
+   * Redirects to Spring OAuth2 authorization endpoint
+   */
+  async signInWithOAuth(params: {
+    provider: 'github' | 'google' | 'apple' | 'azure';
+    options?: { redirectTo?: string; queryParams?: Record<string, any> };
+  }): Promise<{ error: AuthError | null }> {
+    try {
+      const redirectUrl = `/oauth2/authorization/${params.provider}`;
+      console.log('[SpringAuth] Redirecting to OAuth:', redirectUrl);
+      window.location.assign(redirectUrl);
+      return { error: null };
+    } catch (error) {
+      return {
+        error: { message: error instanceof Error ? error.message : 'OAuth redirect failed' },
+      };
+    }
+  }
+
+  /**
+   * Send password reset email
+   * Not used in OSS version, but included for completeness
+   */
+  async resetPasswordForEmail(email: string): Promise<{ data: object; error: AuthError | null }> {
+    try {
+      await apiClient.post('/api/v1/auth/reset-password', {
+        email,
+      }, {
+        withCredentials: true,
+      });
+
+      return { data: {}, error: null };
+    } catch (error: any) {
+      console.error('[SpringAuth] resetPasswordForEmail error:', error);
+      return {
+        data: {},
+        error: {
+          message: error?.response?.data?.error || error?.message || 'Password reset failed',
+        },
+      };
+    }
+  }
+
+  /**
+   * Sign out user (invalidate session)
+   */
+  async signOut(): Promise<{ error: AuthError | null }> {
+    try {
+      const response = await apiClient.post('/api/v1/auth/logout', null, {
+        headers: {
+          'X-CSRF-TOKEN': this.getCsrfToken() || '',
+        },
+        withCredentials: true,
+      });
+
+      if (response.status === 200) {
+        console.debug('[SpringAuth] signOut: Success');
+      }
+
+      // Clean up local storage
+      localStorage.removeItem('stirling_jwt');
+
+      // Notify listeners
+      this.notifyListeners('SIGNED_OUT', null);
+
+      return { error: null };
+    } catch (error: any) {
+      console.error('[SpringAuth] signOut error:', error);
+      return {
+        error: {
+          message: error?.response?.data?.error || error?.message || 'Logout failed',
+        },
+      };
+    }
+  }
+
+  /**
+   * Refresh JWT token
+   */
+  async refreshSession(): Promise<{ data: { session: Session | null }; error: AuthError | null }> {
+    try {
+      const response = await apiClient.post('/api/v1/auth/refresh', null, {
+        headers: {
+          'X-CSRF-TOKEN': this.getCsrfToken() || '',
+        },
+        withCredentials: true,
+      });
+
+      const data = response.data;
+      const token = data.session.access_token;
+
+      // Update local storage with new token
+      localStorage.setItem('stirling_jwt', token);
+
+      const session: Session = {
+        user: data.user,
+        access_token: token,
+        expires_in: data.session.expires_in,
+        expires_at: Date.now() + data.session.expires_in * 1000,
+      };
+
+      // Notify listeners
+      this.notifyListeners('TOKEN_REFRESHED', session);
+
+      return { data: { session }, error: null };
+    } catch (error: any) {
+      console.error('[SpringAuth] refreshSession error:', error);
+      localStorage.removeItem('stirling_jwt');
+
+      // Handle different error statuses
+      if (error?.response?.status === 401 || error?.response?.status === 403) {
+        return { data: { session: null }, error: { message: 'Token refresh failed - please log in again' } };
+      }
+
+      return {
+        data: { session: null },
+        error: { message: error?.response?.data?.message || error?.message || 'Token refresh failed' },
+      };
+    }
+  }
+
+  /**
+   * Listen to auth state changes
+   */
+  onAuthStateChange(callback: AuthChangeCallback): { data: { subscription: { unsubscribe: () => void } } } {
+    this.listeners.push(callback);
+
+    return {
+      data: {
+        subscription: {
+          unsubscribe: () => {
+            this.listeners = this.listeners.filter((cb) => cb !== callback);
+          },
+        },
+      },
+    };
+  }
+
+  // Private helper methods
+
+  private notifyListeners(event: AuthChangeEvent, session: Session | null) {
+    // Use setTimeout to avoid calling callbacks synchronously
+    setTimeout(() => {
+      this.listeners.forEach((callback) => {
+        try {
+          callback(event, session);
+        } catch (error) {
+          console.error('[SpringAuth] Error in auth state change listener:', error);
+        }
+      });
+    }, 0);
+  }
+
+  private startSessionMonitoring() {
+    // Periodically check session validity
+    // Since we use HttpOnly cookies, we just need to check with the server
+    this.sessionCheckInterval = setInterval(async () => {
+      try {
+        // Try to get current session
+        const { data } = await this.getSession();
+
+        // If we have a session, proactively refresh if needed
+        // (The server will handle token expiry, but we can be proactive)
+        if (data.session) {
+          const timeUntilExpiry = (data.session.expires_at || 0) - Date.now();
+
+          // Refresh if token expires soon
+          if (timeUntilExpiry > 0 && timeUntilExpiry < this.TOKEN_REFRESH_THRESHOLD) {
+            console.log('[SpringAuth] Proactively refreshing token');
+            await this.refreshSession();
+          }
+        }
+      } catch (error) {
+        console.error('[SpringAuth] Session monitoring error:', error);
+      }
+    }, this.SESSION_CHECK_INTERVAL);
+  }
+
+  public destroy() {
+    if (this.sessionCheckInterval) {
+      clearInterval(this.sessionCheckInterval);
+    }
+  }
+}
+
+export const springAuth = new SpringAuthClient();
+
+/**
+ * Get current user
+ */
+export const getCurrentUser = async () => {
+  const { data } = await springAuth.getSession();
+  return data.session?.user || null;
+};
+
+/**
+ * Check if user is anonymous
+ */
+export const isUserAnonymous = (user: User | null) => {
+  return user?.is_anonymous === true;
+};
+
+/**
+ * Create an anonymous user object for use when login is disabled
+ * This provides a consistent User interface throughout the app
+ */
+export const createAnonymousUser = (): User => {
+  return {
+    id: 'anonymous',
+    email: 'anonymous@local',
+    username: 'Anonymous User',
+    role: 'USER',
+    enabled: true,
+    is_anonymous: true,
+    app_metadata: {
+      provider: 'anonymous',
+    },
+  };
+};
+
+/**
+ * Create an anonymous session for use when login is disabled
+ */
+export const createAnonymousSession = (): Session => {
+  return {
+    user: createAnonymousUser(),
+    access_token: '',
+    expires_in: Number.MAX_SAFE_INTEGER,
+    expires_at: Number.MAX_SAFE_INTEGER,
+  };
+};
+
+// Export auth client as default for convenience
+export default springAuth;

frontend/src/desktop/components/BackendHealthIndicator.tsx

@@ -0,0 +1,80 @@
+import React, { useMemo, useCallback } from 'react';
+import { useTranslation } from 'react-i18next';
+import { Box, Tooltip, useMantineTheme, useComputedColorScheme, rem } from '@mantine/core';
+import { useBackendHealth } from '@app/hooks/useBackendHealth';
+
+interface BackendHealthIndicatorProps {
+  className?: string;
+}
+
+export const BackendHealthIndicator: React.FC<BackendHealthIndicatorProps> = ({
+  className = ''
+}) => {
+  const { t } = useTranslation();
+  const theme = useMantineTheme();
+  const colorScheme = useComputedColorScheme('light');
+  const { isHealthy, isChecking, checkHealth } = useBackendHealth();
+
+  const label = useMemo(() => {
+    if (isChecking) {
+      return t('backendHealth.checking', 'Checking backend status...');
+    }
+
+    if (isHealthy) {
+      return t('backendHealth.online', 'Backend Online');
+    }
+
+    return t('backendHealth.offline', 'Backend Offline');
+  }, [isChecking, isHealthy, t]);
+
+  const dotColor = useMemo(() => {
+    if (isChecking) {
+      return theme.colors.yellow?.[5] ?? '#fcc419';
+    }
+    if (isHealthy) {
+      return theme.colors.green?.[5] ?? '#37b24d';
+    }
+    return theme.colors.red?.[6] ?? '#e03131';
+  }, [isChecking, isHealthy, theme.colors.green, theme.colors.red, theme.colors.yellow]);
+
+  const handleKeyDown = useCallback((event: React.KeyboardEvent<HTMLSpanElement>) => {
+    if (event.key === 'Enter' || event.key === ' ') {
+      event.preventDefault();
+      checkHealth();
+    }
+  }, [checkHealth]);
+
+  return (
+    <Tooltip
+      label={label}
+      position="left"
+      offset={12}
+      withArrow
+      withinPortal
+      color={colorScheme === 'dark' ? undefined : 'dark'}
+    >
+      <Box
+        component="span"
+        className={className ? `${className}` : undefined}
+        role="status"
+        aria-live="polite"
+        aria-label={label}
+        tabIndex={0}
+        onClick={checkHealth}
+        onKeyDown={handleKeyDown}
+        style={{
+          width: rem(12),
+          height: rem(12),
+          borderRadius: '50%',
+          backgroundColor: dotColor,
+          boxShadow: colorScheme === 'dark'
+            ? '0 0 0 2px rgba(255, 255, 255, 0.18)'
+            : '0 0 0 2px rgba(0, 0, 0, 0.08)',
+          cursor: 'pointer',
+          display: 'inline-block',
+          outline: 'none',
+        }}
+      />
+    </Tooltip>
+  );
+};