Shell Surfaces Capability (Flow)¶

This document describes the end-to-end technical flow for SmrtHub’s Windows shell surfaces:

HubWindow system tray integration (left-click restore, right-click command menu)
Taskbar Jump List tasks (right-click taskbar icon → Tasks)
Single-instance routing so shell actions always target the primary HubWindow

This is intentionally a cross-component flow doc. HubWindow implementation details remain in the HubWindow component README.

Purpose and scope¶

Provide a stable contract for how tray/taskbar actions route into SmrtHub.
Document the shutdown and diagnostics command pathways (Supervisor, Support Bundle, logging export).
Describe the required single-instance and IPC behaviors.

User left-clicks tray icon (restore window).
User uses tray context menu commands (Diagnostics, Legal & Compliance, Exit).
User invokes Jump List Tasks from the taskbar.
User launches the app again via shortcuts or Jump List (secondary instance routes the command to the primary).

HubWindow (shell UI + tray + Jump List): SmrtApps/CSApps/HubWindow/README.md
Supervisor (orchestration + shutdown execution): SmrtApps/CSApps/SmrtHubSupervisor/README.md
Supervision Subsystem (contracts): README.Files/Subsystems/Supervision/README.md
Logging Subsystem (observability): README.Files/Subsystems/Logging/README.md
Logging Reference Guide (HTML export behavior and schema): README.Files/Reference-Guides/SmrtHub.Logging.README.md
Support Bundle (diagnostics packaging): SmrtApps/src/Smrt.SupportBundle/README.md

Not documented yet: any shell-surface-specific configuration inputs.
When configuration exists, it must live under canonical Operational Data Policy locations and be resolved via Smrt.Config (do not invent ad-hoc paths).

User selects a task from the taskbar Jump List.
Windows Shell launches HubWindow with an action argument (e.g., --action exit-smrthub).
Single-instance guard detects a primary instance:
Secondary instance sends the action to the primary via IPC.
Secondary instance exits promptly.
Primary HubWindow executes the action and logs:
IPC receive
action dispatch
downstream results (success/failure)

User triggers Exit in tray or Jump List.
HubWindow publishes a non-UI notification (best-effort) so UI surfaces can inform the user.
HubWindow requests Supervisor shutdown via the approved control channel.
HubWindow exits promptly (perceived responsiveness).
Supervisor continues headless:
suppresses restarts
drains/shuts down components in dependency order
enforces timeouts and teardown containment

User selects a diagnostics action (for example HTML logs export or Support Bundle).
HubWindow runs the action headless and logs progress.
Logging export produces HTML output as a convenience view; raw logs remain authoritative.
Support Bundle exports collect logs and related evidence within configured caps/redaction rules.

Only one primary HubWindow instance exists at a time.
Shell actions must never spawn duplicate visible windows.
Shutdown is coordinated through Supervisor (not by killing arbitrary processes).
Actions must emit structured logs for traceability.

Supervisor unreachable: HubWindow logs a clear warning and exits after a bounded grace period.
IPC failure: secondary instance falls back to a legacy restore/event mechanism where applicable, then exits.
Jump List mis-association: verify AppUserModelID is set early; log the AppID + command line on startup.
DPI/theme glitches: tray/menu creation must run under the correct DPI awareness scopes; theme changes are debounced.

Validate single-instance routing (secondary invocation routes action and exits).
Validate Jump List tasks dispatch to the same action handlers as tray menu.
Validate shutdown command routes through Supervisor and completes cleanly.
Validate diagnostic actions (HTML export, Support Bundle) emit expected artifacts and log outcomes.