feat: CLI for recording, uploading, and video management

[salmonumbrella]

Adds a cap CLI and supporting cap-upload crate for headless screen recording, uploading, and video management. Closes #669.

New crate: cap-upload (crates/upload/)

Standalone upload library with auth, multipart chunked uploads, and a full API client for all desktop endpoints (including feedback submission and debug log upload via multipart).

CLI commands (apps/cli/)

Command	Description
cap auth login/logout/status	Browser OAuth or --api-key auth
cap upload <file> [--password] [--org]	Multipart upload with progress bar
cap record start/stop/status	Daemon-style recording via Unix socket IPC
cap record screens/windows/cameras	List available capture targets
cap record start --auto-zoom/--no-auto-zoom	Override auto-zoom setting per recording
cap record start --capture-keys/--no-capture-keys	Override keyboard capture per recording
cap record start --exclude <window>	Exclude windows from recording
cap export <project> [output]	Export .cap project to MP4
cap config get [--json]	Show resolved settings (CLI > config file > Tauri store > defaults)
cap config set --fps/--auto-zoom/--capture-keys	Persist settings to CLI config file
cap config set --exclude-add/--exclude-remove/--exclude-reset	Manage excluded windows list
cap system-info [--json]	System diagnostics, hardware, displays, encoders
cap feedback <message>	Submit feedback to Cap
cap debug upload	Upload CLI debug logs
cap debug logs	Show log file path and size
cap list [--org] [--limit] [--offset]	Paginated video listing
cap info <id>	Video details, AI title, summary, chapters
cap transcript <id>	Fetch VTT transcript
cap password <id> --set/--remove	Password-protect videos
cap delete/open <id>	Delete or open video in browser
cap orgs list	List organizations
cap s3 config/test/get/delete	S3 bucket configuration

Settings resolution

Layered config: CLI flags > ~/.config/cap/settings.json > Tauri desktop store > built-in defaults. The cap config commands read/write the CLI config file; recording flags override everything per-invocation.

File logging

All CLI invocations append structured logs to ~/.config/cap/logs/cap-cli.log (no ANSI). Upload them with cap debug upload.

Web API additions (apps/web/)

Four new authenticated endpoints under /api/desktop/video/:

• GET /list — paginated video listing with optional org filter
• GET /info — video details including AI metadata
• GET /transcript — fetch VTT transcript from S3
• POST /password — set or remove video password

[greptile-apps]

Build-breaking: empty daemon.rs conflicts with daemon/mod.rs

In Rust 2018 and later editions (including 2024 used here), when the compiler resolves mod daemon; in main.rs, it finds BOTH src/daemon.rs AND src/daemon/mod.rs and emits a hard error:

error[E0761]: file for module `daemon` found at both "src/daemon.rs" and "src/daemon/mod.rs"

This empty file needs to be deleted. The actual module declarations live in apps/cli/src/daemon/mod.rs, which is the correct single source of truth for the daemon module.

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/cli/src/daemon.rs
Line: 1

Comment:
**Build-breaking: empty `daemon.rs` conflicts with `daemon/mod.rs`**

In Rust 2018 and later editions (including 2024 used here), when the compiler resolves `mod daemon;` in `main.rs`, it finds BOTH `src/daemon.rs` AND `src/daemon/mod.rs` and emits a hard error:

```
error[E0761]: file for module `daemon` found at both "src/daemon.rs" and "src/daemon/mod.rs"
```

This empty file needs to be deleted. The actual module declarations live in `apps/cli/src/daemon/mod.rs`, which is the correct single source of truth for the `daemon` module.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

cap transcript and cap password commands never registered

The PR description documents both cap transcript <id> and cap password <id> --set/--remove, and their full implementations (TranscriptArgs with run() and PasswordArgs with run()) exist in videos.rs. However, neither type is added to the Commands enum here, so both commands are completely unreachable from the CLI — they won't appear in --help and cannot be invoked.

The Commands enum needs Transcript(videos::TranscriptArgs) and Password(videos::PasswordArgs) variants, with corresponding Commands::Transcript(t) => t.run(json_output).await? and Commands::Password(p) => p.run(json_output).await? arms in the match below.

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/cli/src/main.rs
Line: 33-44

Comment:
**`cap transcript` and `cap password` commands never registered**

The PR description documents both `cap transcript <id>` and `cap password <id> --set/--remove`, and their full implementations (`TranscriptArgs` with `run()` and `PasswordArgs` with `run()`) exist in `videos.rs`. However, neither type is added to the `Commands` enum here, so both commands are completely unreachable from the CLI — they won't appear in `--help` and cannot be invoked.

The `Commands` enum needs `Transcript(videos::TranscriptArgs)` and `Password(videos::PasswordArgs)` variants, with corresponding `Commands::Transcript(t) => t.run(json_output).await?` and `Commands::Password(p) => p.run(json_output).await?` arms in the `match` below.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

S3 error responses silently treated as successful chunk uploads

The Ok(resp) arm never checks resp.status(). If S3 returns a 403 (expired presigned URL), 500, or any other error status, the code returns Ok("") (empty ETag string) and moves on. The multipart complete call will then fail with a confusing S3 error about malformed ETags rather than a clear "chunk upload failed" message. The retry logic is also bypassed for HTTP-level errors.

Suggested change

	{
	Ok(resp) => {
	let etag = resp
	.headers()
	.get("etag")
	.and_then(|v| v.to_str().ok())
	.unwrap_or("")
	.to_string();
	return Ok(etag);
	}
	Ok(resp) => {
	if !resp.status().is_success() {
	let status = resp.status();
	let body = resp.text().await.unwrap_or_default();
	warn!(part_number, attempt, %status, body = %body, "Chunk upload HTTP error");
	continue;
	}
	let etag = resp
	.headers()
	.get("etag")
	.and_then(|v| v.to_str().ok())
	.unwrap_or("")
	.to_string();
	return Ok(etag);
	}

Prompt To Fix With AI

This is a comment left during a code review.
Path: crates/upload/src/upload.rs
Line: 233-242

Comment:
**S3 error responses silently treated as successful chunk uploads**

The `Ok(resp)` arm never checks `resp.status()`. If S3 returns a 403 (expired presigned URL), 500, or any other error status, the code returns `Ok("")` (empty ETag string) and moves on. The multipart complete call will then fail with a confusing S3 error about malformed ETags rather than a clear "chunk upload failed" message. The retry logic is also bypassed for HTTP-level errors.

```suggestion
            Ok(resp) => {
                if !resp.status().is_success() {
                    let status = resp.status();
                    let body = resp.text().await.unwrap_or_default();
                    warn!(part_number, attempt, %status, body = %body, "Chunk upload HTTP error");
                    continue;
                }
                let etag = resp
                    .headers()
                    .get("etag")
                    .and_then(|v| v.to_str().ok())
                    .unwrap_or("")
                    .to_string();
                return Ok(etag);
            }
```

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

try_read / try_write may silently transfer partial HTTP data

try_read and try_write are non-blocking: they transfer only the bytes available at that instant. try_read can legitimately return 0 bytes on a spurious readable() wakeup, causing the API key parse to fail. try_write may write only part of the HTTP response, leaving the browser with a broken reply. Use BufReader::read_line in a loop and write_all instead.

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/cli/src/auth.rs
Line: 88-102

Comment:
**`try_read` / `try_write` may silently transfer partial HTTP data**

`try_read` and `try_write` are non-blocking: they transfer only the bytes available at that instant. `try_read` can legitimately return 0 bytes on a spurious `readable()` wakeup, causing the API key parse to fail. `try_write` may write only part of the HTTP response, leaving the browser with a broken reply. Use `BufReader::read_line` in a loop and `write_all` instead.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

No timeout on OAuth callback — CLI hangs indefinitely

listener.accept() blocks forever if the user closes the browser tab. Add a tokio::time::timeout (e.g. 5 minutes) so the user gets a clear error message rather than a hung process.

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/cli/src/auth.rs
Line: 80-82

Comment:
**No timeout on OAuth callback — CLI hangs indefinitely**

`listener.accept()` blocks forever if the user closes the browser tab. Add a `tokio::time::timeout` (e.g. 5 minutes) so the user gets a clear error message rather than a hung process.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

S3ConfigArgs and S3TestArgs are identical — and so are their builder functions

Both structs have exactly the same six fields, and build_s3_input_from_config / build_s3_input_from_test are line-for-line duplicates. A single shared S3BucketArgs struct reused in both S3Commands::Config and S3Commands::Test would eliminate the duplication.

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/cli/src/s3.rs
Line: 19-80

Comment:
**`S3ConfigArgs` and `S3TestArgs` are identical — and so are their builder functions**

Both structs have exactly the same six fields, and `build_s3_input_from_config` / `build_s3_input_from_test` are line-for-line duplicates. A single shared `S3BucketArgs` struct reused in both `S3Commands::Config` and `S3Commands::Test` would eliminate the duplication.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

Temp frame file leaked when compress_image fails

If extract_first_frame succeeds but compress_image returns an error, the ? early-returns before std::fs::remove_file(&frame_path) is reached, leaving the .png file in the temp directory.

Suggested change

	extract_first_frame(video_path, &frame_path)?;
	let jpeg_data = compress_image(&frame_path)?;
	debug!(
	video_id,
	size_bytes = jpeg_data.len(),
	"Uploading thumbnail"
	);
	client
	.upload_signed(video_id, "screenshot/screen-capture.jpg", jpeg_data)
	.await
	.map_err(|e| format!("Failed to upload thumbnail: {e}"))?;
	std::fs::remove_file(&frame_path).ok();
	Ok(())
	}
	extract_first_frame(video_path, &frame_path)?;
	let jpeg_result = compress_image(&frame_path);
	std::fs::remove_file(&frame_path).ok(); // clean up regardless
	let jpeg_data = jpeg_result?;

Prompt To Fix With AI

This is a comment left during a code review.
Path: crates/upload/src/thumbnail.rs
Line: 65-82

Comment:
**Temp frame file leaked when `compress_image` fails**

If `extract_first_frame` succeeds but `compress_image` returns an error, the `?` early-returns before `std::fs::remove_file(&frame_path)` is reached, leaving the `.png` file in the temp directory.

```suggestion
    extract_first_frame(video_path, &frame_path)?;
    let jpeg_result = compress_image(&frame_path);
    std::fs::remove_file(&frame_path).ok(); // clean up regardless
    let jpeg_data = jpeg_result?;
```

How can I resolve this? If you propose a fix, please make it concise.