Fix an overlay crash and two dead settings (pre-release audit, wave 2)

[FuJacob]

Summary

Wave 2 of the pre-release audit. Two fixes: a crash and two silently-dead settings.

1. Crash on a non-finite caret rect. Misbehaving host AX (Chromium/Electron, mid-scroll or under load) can return NaN/Inf caret bounds. The existing guards (isNull, != .zero, isEmpty) do not reject non-finite values, so they flowed into NSWindow.setFrame, which raises NSInvalidArgumentException and crashes the app on the hottest path (every suggestion shown). Now rejected at the AX ingest boundary: cocoaRect / validatedCocoaTextRect collapse a non-finite rect to .zero (which also removes a latent Int(.nan) trap in OverlayState.detail), plus a last-resort finite guard before each OverlayController.setFrame.
2. Two Settings controls were silently dead. AppDelegate built the graph as a local let environment and copied the services out, but never retained the environment. The environment owns the only subscriptions for the focus-poll-interval setting (→ updatePollInterval) and the global-toggle hotkey rebind (→ refreshToggleTap); both were cancelled when the environment deallocated as init returned, so changing the poll interval did nothing and rebinding the hotkey did nothing until the next relaunch. Now the environment is retained for the app lifetime.

Validation

xcodebuild ... test ... -only-testing:CotabbyTests/AXTextGeometryResolverTests
# ** TEST SUCCEEDED **  (new: finite-check rejects NaN/Inf; non-finite AX rect collapses to .zero)
swiftlint --strict   # exit 0

The AppDelegate retain is verified by trace (app-lifecycle code is not unit-tested); the caret guard is unit-tested.

Linked issues

None. Pre-release hardening, wave 2.

Risk / rollout notes

• The caret guard is purely defensive: a non-finite rect that previously crashed now produces no overlay for that frame (graceful). Finite rects are unaffected.
• Retaining the environment adds no retain cycle (the services were already retained directly; subscriptions use [weak self]/[weak ...]).
• Deferred, flagged: PermissionManager / PermissionGuidanceController have isolated deinits (the macOS 14 double-free class), but they are app-lifetime singletons that never dealloc, so it is latent only and the fix is non-trivial (those deinits do real cleanup, unlike the empty-nonisolated deinit precedent).

Greptile Summary

This PR fixes two independent bugs found during a pre-release audit: a crash caused by non-finite (NaN/Inf) AX caret rects flowing into NSWindow.setFrame, and two Settings controls (focus poll interval, global-toggle hotkey rebind) that were silently non-functional because the CotabbyAppEnvironment owning their Combine subscriptions was immediately deallocated.

• Crash fix: rectHasFiniteComponents is added as an ingest-boundary guard in cocoaRect and validatedCocoaTextRect, collapsing non-finite rects to .zero before they reach layout math or NSPanel.setFrame; last-resort guards are also added directly before both setFrame call sites in OverlayController.
• Settings fix: AppDelegate now holds private let environment: CotabbyAppEnvironment, keeping the environment (and its cancellables) alive for the app's full lifetime so the poll-interval and hotkey-rebind subscriptions are never prematurely cancelled.
• Tests: New unit tests cover rectHasFiniteComponents rejection and validatedCocoaTextRect/cocoaRect collapse for NaN inputs; the CGFloat.infinity and CGRect.null cases are not yet exercised in the collapse test.

Confidence Score: 4/5

Safe to merge; both fixes are narrowly scoped defensive changes with no new logic paths for the happy-path.

The crash fix and settings-lifetime fix are both correct. The subtle behavior change around CGRect.null collapsing to .zero is worth a quick caller audit but does not affect observed code paths.

Callers of cocoaRect and validatedCocoaTextRect that may check .isNull on the returned rect, given the new CGRect.null to .zero collapse behavior.

Important Files Changed

Filename	Overview
Cotabby/Support/AXHelper.swift	Adds rectHasFiniteComponents guard at the top of cocoaRect and validatedCocoaTextRect; minor side-effect: CGRect.null (origin = +∞) now collapses to .zero instead of propagating as the null rect
Cotabby/Services/UI/OverlayController.swift	Adds last-resort finite checks before NSPanel.setFrame in both inline and mirror paths; straightforward defensive guard
Cotabby/App/Core/AppDelegate.swift	Promotes environment to a private let instance property so the CotabbyAppEnvironment's Combine subscriptions are not prematurely cancelled; correct and low-risk
CotabbyTests/AXTextGeometryResolverTests.swift	Adds tests for rectHasFiniteComponents (NaN + infinity) and validatedCocoaTextRect/cocoaRect collapse; CGFloat.infinity case is not tested in the collapse test, and CGRect.null collapse to .zero is untested

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    AX[Host AX: BoundsForRange / AXFrame] --> ingest["cocoaRect / validatedCocoaTextRect\n(AX ingest boundary)"]
    ingest -->|non-finite NaN/Inf| zero[Return .zero]
    ingest -->|finite| geom[Layout geometry math]
    geom --> frame["panelFrame (inline) / panelFrame (mirror)"]
    frame -->|non-finite last-resort| skip[Log warning, skip setFrame]
    frame -->|finite| setFrame["NSPanel.setFrame → orderFrontRegardless"]
    zero --> overlaySkip[Overlay suppressed — no crash]
    skip --> overlaySkip

Loading

_{Reviews (1): Last reviewed commit: "Fix an overlay crash and two dead settin..." | Re-trigger Greptile}

Greptile also left 2 inline comments on this PR.

[greptile-apps]

CGRect.null silently collapses to .zero

CGRect.null has its origin at (+∞, +∞) in CoreGraphics, so rectHasFiniteComponents(CGRect.null) returns false and both cocoaRect and validatedCocoaTextRect now return .zero for a null rect. Previously the guard !rect.isNull branch caught it and returned the null rect itself. Any downstream caller that distinguishes null from zero (e.g. an isNull check) will now see .zero instead. Worth verifying that every caller only guards with != .zero (not .isNull) so no silent pass-through occurs after this change.

[greptile-apps]

CGFloat.infinity and CGRect.null not covered by collapse test

test_validatedCocoaTextRect_collapsesNonFiniteRectToZero only exercises a NaN input. Adding a CGFloat.infinity case and a CGRect.null case (which now also returns .zero due to the new finite guard) would round out coverage and document the newly observed behavior for CGRect.null.

Note: If this suggestion doesn't match your team's coding style, reply to this and let me know. I'll remember it for next time!