@wazir-dev/cli 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (629) hide show
  1. package/AGENTS.md +111 -0
  2. package/CHANGELOG.md +14 -0
  3. package/CONTRIBUTING.md +101 -0
  4. package/LICENSE +21 -0
  5. package/README.md +314 -0
  6. package/assets/composition-engine.mmd +34 -0
  7. package/assets/demo-script.sh +17 -0
  8. package/assets/logo-dark.svg +14 -0
  9. package/assets/logo.svg +14 -0
  10. package/assets/pipeline.mmd +39 -0
  11. package/assets/record-demo.sh +51 -0
  12. package/docs/README.md +51 -0
  13. package/docs/adapters/context-mode.md +60 -0
  14. package/docs/concepts/architecture.md +87 -0
  15. package/docs/concepts/artifact-model.md +60 -0
  16. package/docs/concepts/composition-engine.md +36 -0
  17. package/docs/concepts/indexing-and-recall.md +160 -0
  18. package/docs/concepts/observability.md +41 -0
  19. package/docs/concepts/roles-and-workflows.md +59 -0
  20. package/docs/concepts/terminology-policy.md +27 -0
  21. package/docs/getting-started/01-installation.md +78 -0
  22. package/docs/getting-started/02-first-run.md +102 -0
  23. package/docs/getting-started/03-adding-to-project.md +15 -0
  24. package/docs/getting-started/04-host-setup.md +15 -0
  25. package/docs/guides/ci-integration.md +15 -0
  26. package/docs/guides/creating-skills.md +15 -0
  27. package/docs/guides/expertise-module-authoring.md +15 -0
  28. package/docs/guides/hook-development.md +15 -0
  29. package/docs/guides/memory-and-learnings.md +34 -0
  30. package/docs/guides/multi-host-export.md +15 -0
  31. package/docs/guides/troubleshooting.md +101 -0
  32. package/docs/guides/writing-custom-roles.md +15 -0
  33. package/docs/plans/2026-03-15-cli-pipeline-integration-design.md +592 -0
  34. package/docs/plans/2026-03-15-cli-pipeline-integration-plan.md +598 -0
  35. package/docs/plans/2026-03-15-docs-enforcement-plan.md +238 -0
  36. package/docs/readmes/INDEX.md +99 -0
  37. package/docs/readmes/features/expertise/README.md +171 -0
  38. package/docs/readmes/features/exports/README.md +222 -0
  39. package/docs/readmes/features/hooks/README.md +103 -0
  40. package/docs/readmes/features/hooks/loop-cap-guard.md +133 -0
  41. package/docs/readmes/features/hooks/post-tool-capture.md +121 -0
  42. package/docs/readmes/features/hooks/post-tool-lint.md +130 -0
  43. package/docs/readmes/features/hooks/pre-compact-summary.md +122 -0
  44. package/docs/readmes/features/hooks/pre-tool-capture-route.md +100 -0
  45. package/docs/readmes/features/hooks/protected-path-write-guard.md +128 -0
  46. package/docs/readmes/features/hooks/session-start.md +119 -0
  47. package/docs/readmes/features/hooks/stop-handoff-harvest.md +125 -0
  48. package/docs/readmes/features/roles/README.md +157 -0
  49. package/docs/readmes/features/roles/clarifier.md +152 -0
  50. package/docs/readmes/features/roles/content-author.md +190 -0
  51. package/docs/readmes/features/roles/designer.md +193 -0
  52. package/docs/readmes/features/roles/executor.md +184 -0
  53. package/docs/readmes/features/roles/learner.md +210 -0
  54. package/docs/readmes/features/roles/planner.md +182 -0
  55. package/docs/readmes/features/roles/researcher.md +164 -0
  56. package/docs/readmes/features/roles/reviewer.md +184 -0
  57. package/docs/readmes/features/roles/specifier.md +162 -0
  58. package/docs/readmes/features/roles/verifier.md +215 -0
  59. package/docs/readmes/features/schemas/README.md +178 -0
  60. package/docs/readmes/features/skills/README.md +63 -0
  61. package/docs/readmes/features/skills/brainstorming.md +96 -0
  62. package/docs/readmes/features/skills/debugging.md +148 -0
  63. package/docs/readmes/features/skills/design.md +120 -0
  64. package/docs/readmes/features/skills/prepare-next.md +109 -0
  65. package/docs/readmes/features/skills/run-audit.md +159 -0
  66. package/docs/readmes/features/skills/scan-project.md +109 -0
  67. package/docs/readmes/features/skills/self-audit.md +176 -0
  68. package/docs/readmes/features/skills/tdd.md +137 -0
  69. package/docs/readmes/features/skills/using-skills.md +92 -0
  70. package/docs/readmes/features/skills/verification.md +120 -0
  71. package/docs/readmes/features/skills/writing-plans.md +104 -0
  72. package/docs/readmes/features/tooling/README.md +320 -0
  73. package/docs/readmes/features/workflows/README.md +186 -0
  74. package/docs/readmes/features/workflows/author.md +181 -0
  75. package/docs/readmes/features/workflows/clarify.md +154 -0
  76. package/docs/readmes/features/workflows/design-review.md +171 -0
  77. package/docs/readmes/features/workflows/design.md +169 -0
  78. package/docs/readmes/features/workflows/discover.md +162 -0
  79. package/docs/readmes/features/workflows/execute.md +173 -0
  80. package/docs/readmes/features/workflows/learn.md +167 -0
  81. package/docs/readmes/features/workflows/plan-review.md +165 -0
  82. package/docs/readmes/features/workflows/plan.md +170 -0
  83. package/docs/readmes/features/workflows/prepare-next.md +167 -0
  84. package/docs/readmes/features/workflows/review.md +169 -0
  85. package/docs/readmes/features/workflows/run-audit.md +191 -0
  86. package/docs/readmes/features/workflows/spec-challenge.md +159 -0
  87. package/docs/readmes/features/workflows/specify.md +160 -0
  88. package/docs/readmes/features/workflows/verify.md +177 -0
  89. package/docs/readmes/packages/README.md +50 -0
  90. package/docs/readmes/packages/ajv.md +117 -0
  91. package/docs/readmes/packages/context-mode.md +118 -0
  92. package/docs/readmes/packages/gray-matter.md +116 -0
  93. package/docs/readmes/packages/node-test.md +137 -0
  94. package/docs/readmes/packages/yaml.md +112 -0
  95. package/docs/reference/configuration-reference.md +159 -0
  96. package/docs/reference/expertise-index.md +52 -0
  97. package/docs/reference/git-flow.md +43 -0
  98. package/docs/reference/hooks.md +87 -0
  99. package/docs/reference/host-exports.md +50 -0
  100. package/docs/reference/launch-checklist.md +172 -0
  101. package/docs/reference/marketplace-listings.md +76 -0
  102. package/docs/reference/release-process.md +34 -0
  103. package/docs/reference/roles-reference.md +77 -0
  104. package/docs/reference/skills.md +33 -0
  105. package/docs/reference/templates.md +29 -0
  106. package/docs/reference/tooling-cli.md +94 -0
  107. package/docs/truth-claims.yaml +222 -0
  108. package/expertise/PROGRESS.md +63 -0
  109. package/expertise/README.md +18 -0
  110. package/expertise/antipatterns/PROGRESS.md +56 -0
  111. package/expertise/antipatterns/backend/api-design-antipatterns.md +1271 -0
  112. package/expertise/antipatterns/backend/auth-antipatterns.md +1195 -0
  113. package/expertise/antipatterns/backend/caching-antipatterns.md +622 -0
  114. package/expertise/antipatterns/backend/database-antipatterns.md +1038 -0
  115. package/expertise/antipatterns/backend/index.md +24 -0
  116. package/expertise/antipatterns/backend/microservices-antipatterns.md +850 -0
  117. package/expertise/antipatterns/code/architecture-antipatterns.md +919 -0
  118. package/expertise/antipatterns/code/async-antipatterns.md +622 -0
  119. package/expertise/antipatterns/code/code-smells.md +1186 -0
  120. package/expertise/antipatterns/code/dependency-antipatterns.md +1209 -0
  121. package/expertise/antipatterns/code/error-handling-antipatterns.md +1360 -0
  122. package/expertise/antipatterns/code/index.md +27 -0
  123. package/expertise/antipatterns/code/naming-and-abstraction.md +1118 -0
  124. package/expertise/antipatterns/code/state-management-antipatterns.md +1076 -0
  125. package/expertise/antipatterns/code/testing-antipatterns.md +1053 -0
  126. package/expertise/antipatterns/design/accessibility-antipatterns.md +1136 -0
  127. package/expertise/antipatterns/design/dark-patterns.md +1121 -0
  128. package/expertise/antipatterns/design/index.md +22 -0
  129. package/expertise/antipatterns/design/ui-antipatterns.md +1202 -0
  130. package/expertise/antipatterns/design/ux-antipatterns.md +680 -0
  131. package/expertise/antipatterns/frontend/css-layout-antipatterns.md +691 -0
  132. package/expertise/antipatterns/frontend/flutter-antipatterns.md +1827 -0
  133. package/expertise/antipatterns/frontend/index.md +23 -0
  134. package/expertise/antipatterns/frontend/mobile-antipatterns.md +573 -0
  135. package/expertise/antipatterns/frontend/react-antipatterns.md +1128 -0
  136. package/expertise/antipatterns/frontend/spa-antipatterns.md +1235 -0
  137. package/expertise/antipatterns/index.md +31 -0
  138. package/expertise/antipatterns/performance/index.md +20 -0
  139. package/expertise/antipatterns/performance/performance-antipatterns.md +1013 -0
  140. package/expertise/antipatterns/performance/premature-optimization.md +623 -0
  141. package/expertise/antipatterns/performance/scaling-antipatterns.md +785 -0
  142. package/expertise/antipatterns/process/ai-coding-antipatterns.md +853 -0
  143. package/expertise/antipatterns/process/code-review-antipatterns.md +656 -0
  144. package/expertise/antipatterns/process/deployment-antipatterns.md +920 -0
  145. package/expertise/antipatterns/process/index.md +23 -0
  146. package/expertise/antipatterns/process/technical-debt-antipatterns.md +647 -0
  147. package/expertise/antipatterns/security/index.md +20 -0
  148. package/expertise/antipatterns/security/secrets-antipatterns.md +849 -0
  149. package/expertise/antipatterns/security/security-theater.md +843 -0
  150. package/expertise/antipatterns/security/vulnerability-patterns.md +801 -0
  151. package/expertise/architecture/PROGRESS.md +70 -0
  152. package/expertise/architecture/data/caching-architecture.md +671 -0
  153. package/expertise/architecture/data/data-consistency.md +574 -0
  154. package/expertise/architecture/data/data-modeling.md +536 -0
  155. package/expertise/architecture/data/event-streams-and-queues.md +634 -0
  156. package/expertise/architecture/data/index.md +25 -0
  157. package/expertise/architecture/data/search-architecture.md +663 -0
  158. package/expertise/architecture/data/sql-vs-nosql.md +708 -0
  159. package/expertise/architecture/decisions/architecture-decision-records.md +640 -0
  160. package/expertise/architecture/decisions/build-vs-buy.md +616 -0
  161. package/expertise/architecture/decisions/index.md +23 -0
  162. package/expertise/architecture/decisions/monolith-to-microservices.md +790 -0
  163. package/expertise/architecture/decisions/technology-selection.md +616 -0
  164. package/expertise/architecture/distributed/cap-theorem-and-tradeoffs.md +800 -0
  165. package/expertise/architecture/distributed/circuit-breaker-bulkhead.md +741 -0
  166. package/expertise/architecture/distributed/consensus-and-coordination.md +796 -0
  167. package/expertise/architecture/distributed/distributed-systems-fundamentals.md +564 -0
  168. package/expertise/architecture/distributed/idempotency-and-retry.md +796 -0
  169. package/expertise/architecture/distributed/index.md +25 -0
  170. package/expertise/architecture/distributed/saga-pattern.md +797 -0
  171. package/expertise/architecture/foundations/architectural-thinking.md +460 -0
  172. package/expertise/architecture/foundations/coupling-and-cohesion.md +770 -0
  173. package/expertise/architecture/foundations/design-principles-solid.md +649 -0
  174. package/expertise/architecture/foundations/domain-driven-design.md +719 -0
  175. package/expertise/architecture/foundations/index.md +25 -0
  176. package/expertise/architecture/foundations/separation-of-concerns.md +472 -0
  177. package/expertise/architecture/foundations/twelve-factor-app.md +797 -0
  178. package/expertise/architecture/index.md +34 -0
  179. package/expertise/architecture/integration/api-design-graphql.md +638 -0
  180. package/expertise/architecture/integration/api-design-grpc.md +804 -0
  181. package/expertise/architecture/integration/api-design-rest.md +892 -0
  182. package/expertise/architecture/integration/index.md +25 -0
  183. package/expertise/architecture/integration/third-party-integration.md +795 -0
  184. package/expertise/architecture/integration/webhooks-and-callbacks.md +1152 -0
  185. package/expertise/architecture/integration/websockets-realtime.md +791 -0
  186. package/expertise/architecture/mobile-architecture/index.md +22 -0
  187. package/expertise/architecture/mobile-architecture/mobile-app-architecture.md +780 -0
  188. package/expertise/architecture/mobile-architecture/mobile-backend-for-frontend.md +670 -0
  189. package/expertise/architecture/mobile-architecture/offline-first.md +719 -0
  190. package/expertise/architecture/mobile-architecture/push-and-sync.md +782 -0
  191. package/expertise/architecture/patterns/cqrs-event-sourcing.md +717 -0
  192. package/expertise/architecture/patterns/event-driven.md +797 -0
  193. package/expertise/architecture/patterns/hexagonal-clean-architecture.md +870 -0
  194. package/expertise/architecture/patterns/index.md +27 -0
  195. package/expertise/architecture/patterns/layered-architecture.md +736 -0
  196. package/expertise/architecture/patterns/microservices.md +753 -0
  197. package/expertise/architecture/patterns/modular-monolith.md +692 -0
  198. package/expertise/architecture/patterns/monolith.md +626 -0
  199. package/expertise/architecture/patterns/plugin-architecture.md +735 -0
  200. package/expertise/architecture/patterns/serverless.md +780 -0
  201. package/expertise/architecture/scaling/database-scaling.md +615 -0
  202. package/expertise/architecture/scaling/feature-flags-and-rollouts.md +757 -0
  203. package/expertise/architecture/scaling/horizontal-vs-vertical.md +606 -0
  204. package/expertise/architecture/scaling/index.md +24 -0
  205. package/expertise/architecture/scaling/multi-tenancy.md +800 -0
  206. package/expertise/architecture/scaling/stateless-design.md +787 -0
  207. package/expertise/backend/embedded-firmware.md +625 -0
  208. package/expertise/backend/go.md +853 -0
  209. package/expertise/backend/index.md +24 -0
  210. package/expertise/backend/java-spring.md +448 -0
  211. package/expertise/backend/node-typescript.md +625 -0
  212. package/expertise/backend/python-fastapi.md +724 -0
  213. package/expertise/backend/rust.md +458 -0
  214. package/expertise/backend/solidity.md +711 -0
  215. package/expertise/composition-map.yaml +443 -0
  216. package/expertise/content/foundations/content-modeling.md +395 -0
  217. package/expertise/content/foundations/editorial-standards.md +449 -0
  218. package/expertise/content/foundations/index.md +24 -0
  219. package/expertise/content/foundations/microcopy.md +455 -0
  220. package/expertise/content/foundations/terminology-governance.md +509 -0
  221. package/expertise/content/index.md +34 -0
  222. package/expertise/content/patterns/accessibility-copy.md +518 -0
  223. package/expertise/content/patterns/index.md +24 -0
  224. package/expertise/content/patterns/notification-content.md +433 -0
  225. package/expertise/content/patterns/sample-content.md +486 -0
  226. package/expertise/content/patterns/state-copy.md +439 -0
  227. package/expertise/design/PROGRESS.md +58 -0
  228. package/expertise/design/disciplines/dark-mode-theming.md +577 -0
  229. package/expertise/design/disciplines/design-systems.md +595 -0
  230. package/expertise/design/disciplines/index.md +25 -0
  231. package/expertise/design/disciplines/information-architecture.md +800 -0
  232. package/expertise/design/disciplines/interaction-design.md +788 -0
  233. package/expertise/design/disciplines/responsive-design.md +552 -0
  234. package/expertise/design/disciplines/usability-testing.md +516 -0
  235. package/expertise/design/disciplines/user-research.md +792 -0
  236. package/expertise/design/foundations/accessibility-design.md +796 -0
  237. package/expertise/design/foundations/color-theory.md +797 -0
  238. package/expertise/design/foundations/iconography.md +795 -0
  239. package/expertise/design/foundations/index.md +26 -0
  240. package/expertise/design/foundations/motion-and-animation.md +653 -0
  241. package/expertise/design/foundations/rtl-design.md +585 -0
  242. package/expertise/design/foundations/spacing-and-layout.md +607 -0
  243. package/expertise/design/foundations/typography.md +800 -0
  244. package/expertise/design/foundations/visual-hierarchy.md +761 -0
  245. package/expertise/design/index.md +32 -0
  246. package/expertise/design/patterns/authentication-flows.md +474 -0
  247. package/expertise/design/patterns/content-consumption.md +789 -0
  248. package/expertise/design/patterns/data-display.md +618 -0
  249. package/expertise/design/patterns/e-commerce.md +1494 -0
  250. package/expertise/design/patterns/feedback-and-states.md +642 -0
  251. package/expertise/design/patterns/forms-and-input.md +819 -0
  252. package/expertise/design/patterns/gamification.md +801 -0
  253. package/expertise/design/patterns/index.md +31 -0
  254. package/expertise/design/patterns/microinteractions.md +449 -0
  255. package/expertise/design/patterns/navigation.md +800 -0
  256. package/expertise/design/patterns/notifications.md +705 -0
  257. package/expertise/design/patterns/onboarding.md +700 -0
  258. package/expertise/design/patterns/search-and-filter.md +601 -0
  259. package/expertise/design/patterns/settings-and-preferences.md +768 -0
  260. package/expertise/design/patterns/social-and-community.md +748 -0
  261. package/expertise/design/platforms/desktop-native.md +612 -0
  262. package/expertise/design/platforms/index.md +25 -0
  263. package/expertise/design/platforms/mobile-android.md +825 -0
  264. package/expertise/design/platforms/mobile-cross-platform.md +983 -0
  265. package/expertise/design/platforms/mobile-ios.md +699 -0
  266. package/expertise/design/platforms/tablet.md +794 -0
  267. package/expertise/design/platforms/web-dashboard.md +790 -0
  268. package/expertise/design/platforms/web-responsive.md +550 -0
  269. package/expertise/design/psychology/behavioral-nudges.md +449 -0
  270. package/expertise/design/psychology/cognitive-load.md +1191 -0
  271. package/expertise/design/psychology/error-psychology.md +778 -0
  272. package/expertise/design/psychology/index.md +22 -0
  273. package/expertise/design/psychology/persuasive-design.md +736 -0
  274. package/expertise/design/psychology/user-mental-models.md +623 -0
  275. package/expertise/design/tooling/open-pencil.md +266 -0
  276. package/expertise/frontend/angular.md +1073 -0
  277. package/expertise/frontend/desktop-electron.md +546 -0
  278. package/expertise/frontend/flutter.md +782 -0
  279. package/expertise/frontend/index.md +27 -0
  280. package/expertise/frontend/native-android.md +409 -0
  281. package/expertise/frontend/native-ios.md +490 -0
  282. package/expertise/frontend/react-native.md +1160 -0
  283. package/expertise/frontend/react.md +808 -0
  284. package/expertise/frontend/vue.md +1089 -0
  285. package/expertise/humanize/domain-rules-code.md +79 -0
  286. package/expertise/humanize/domain-rules-content.md +67 -0
  287. package/expertise/humanize/domain-rules-technical-docs.md +56 -0
  288. package/expertise/humanize/index.md +35 -0
  289. package/expertise/humanize/self-audit-checklist.md +87 -0
  290. package/expertise/humanize/sentence-patterns.md +218 -0
  291. package/expertise/humanize/vocabulary-blacklist.md +105 -0
  292. package/expertise/i18n/PROGRESS.md +65 -0
  293. package/expertise/i18n/advanced/accessibility-and-i18n.md +28 -0
  294. package/expertise/i18n/advanced/bidirectional-text-algorithm.md +38 -0
  295. package/expertise/i18n/advanced/complex-scripts.md +30 -0
  296. package/expertise/i18n/advanced/performance-and-i18n.md +27 -0
  297. package/expertise/i18n/advanced/testing-i18n.md +28 -0
  298. package/expertise/i18n/content/content-adaptation.md +23 -0
  299. package/expertise/i18n/content/locale-specific-formatting.md +23 -0
  300. package/expertise/i18n/content/machine-translation-integration.md +28 -0
  301. package/expertise/i18n/content/translation-management.md +29 -0
  302. package/expertise/i18n/foundations/date-time-calendars.md +67 -0
  303. package/expertise/i18n/foundations/i18n-architecture.md +272 -0
  304. package/expertise/i18n/foundations/locale-and-language-tags.md +79 -0
  305. package/expertise/i18n/foundations/numbers-currency-units.md +61 -0
  306. package/expertise/i18n/foundations/pluralization-and-gender.md +109 -0
  307. package/expertise/i18n/foundations/string-externalization.md +236 -0
  308. package/expertise/i18n/foundations/text-direction-bidi.md +241 -0
  309. package/expertise/i18n/foundations/unicode-and-encoding.md +86 -0
  310. package/expertise/i18n/index.md +38 -0
  311. package/expertise/i18n/platform/backend-i18n.md +31 -0
  312. package/expertise/i18n/platform/flutter-i18n.md +148 -0
  313. package/expertise/i18n/platform/native-android-i18n.md +36 -0
  314. package/expertise/i18n/platform/native-ios-i18n.md +36 -0
  315. package/expertise/i18n/platform/react-i18n.md +103 -0
  316. package/expertise/i18n/platform/web-css-i18n.md +81 -0
  317. package/expertise/i18n/rtl/arabic-specific.md +175 -0
  318. package/expertise/i18n/rtl/hebrew-specific.md +149 -0
  319. package/expertise/i18n/rtl/rtl-animations-and-transitions.md +111 -0
  320. package/expertise/i18n/rtl/rtl-forms-and-input.md +161 -0
  321. package/expertise/i18n/rtl/rtl-fundamentals.md +211 -0
  322. package/expertise/i18n/rtl/rtl-icons-and-images.md +181 -0
  323. package/expertise/i18n/rtl/rtl-layout-mirroring.md +252 -0
  324. package/expertise/i18n/rtl/rtl-navigation-and-gestures.md +107 -0
  325. package/expertise/i18n/rtl/rtl-testing-and-qa.md +147 -0
  326. package/expertise/i18n/rtl/rtl-typography.md +160 -0
  327. package/expertise/index.md +113 -0
  328. package/expertise/index.yaml +216 -0
  329. package/expertise/infrastructure/cloud-aws.md +597 -0
  330. package/expertise/infrastructure/cloud-gcp.md +599 -0
  331. package/expertise/infrastructure/cybersecurity.md +816 -0
  332. package/expertise/infrastructure/database-mongodb.md +447 -0
  333. package/expertise/infrastructure/database-postgres.md +400 -0
  334. package/expertise/infrastructure/devops-cicd.md +787 -0
  335. package/expertise/infrastructure/index.md +27 -0
  336. package/expertise/performance/PROGRESS.md +50 -0
  337. package/expertise/performance/backend/api-latency.md +1204 -0
  338. package/expertise/performance/backend/background-jobs.md +506 -0
  339. package/expertise/performance/backend/connection-pooling.md +1209 -0
  340. package/expertise/performance/backend/database-query-optimization.md +515 -0
  341. package/expertise/performance/backend/index.md +23 -0
  342. package/expertise/performance/backend/rate-limiting-and-throttling.md +971 -0
  343. package/expertise/performance/foundations/algorithmic-complexity.md +954 -0
  344. package/expertise/performance/foundations/caching-strategies.md +489 -0
  345. package/expertise/performance/foundations/concurrency-and-parallelism.md +847 -0
  346. package/expertise/performance/foundations/index.md +24 -0
  347. package/expertise/performance/foundations/measuring-and-profiling.md +440 -0
  348. package/expertise/performance/foundations/memory-management.md +964 -0
  349. package/expertise/performance/foundations/performance-budgets.md +1314 -0
  350. package/expertise/performance/index.md +31 -0
  351. package/expertise/performance/infrastructure/auto-scaling.md +1059 -0
  352. package/expertise/performance/infrastructure/cdn-and-edge.md +1081 -0
  353. package/expertise/performance/infrastructure/index.md +22 -0
  354. package/expertise/performance/infrastructure/load-balancing.md +1081 -0
  355. package/expertise/performance/infrastructure/observability.md +1079 -0
  356. package/expertise/performance/mobile/index.md +23 -0
  357. package/expertise/performance/mobile/mobile-animations.md +544 -0
  358. package/expertise/performance/mobile/mobile-memory-battery.md +416 -0
  359. package/expertise/performance/mobile/mobile-network.md +452 -0
  360. package/expertise/performance/mobile/mobile-rendering.md +599 -0
  361. package/expertise/performance/mobile/mobile-startup-time.md +505 -0
  362. package/expertise/performance/platform-specific/flutter-performance.md +647 -0
  363. package/expertise/performance/platform-specific/index.md +22 -0
  364. package/expertise/performance/platform-specific/node-performance.md +1307 -0
  365. package/expertise/performance/platform-specific/postgres-performance.md +1366 -0
  366. package/expertise/performance/platform-specific/react-performance.md +1403 -0
  367. package/expertise/performance/web/bundle-optimization.md +1239 -0
  368. package/expertise/performance/web/image-and-media.md +636 -0
  369. package/expertise/performance/web/index.md +24 -0
  370. package/expertise/performance/web/network-optimization.md +1133 -0
  371. package/expertise/performance/web/rendering-performance.md +1098 -0
  372. package/expertise/performance/web/ssr-and-hydration.md +918 -0
  373. package/expertise/performance/web/web-vitals.md +1374 -0
  374. package/expertise/quality/accessibility.md +985 -0
  375. package/expertise/quality/evidence-based-verification.md +499 -0
  376. package/expertise/quality/index.md +24 -0
  377. package/expertise/quality/ml-model-audit.md +614 -0
  378. package/expertise/quality/performance.md +600 -0
  379. package/expertise/quality/testing-api.md +891 -0
  380. package/expertise/quality/testing-mobile.md +496 -0
  381. package/expertise/quality/testing-web.md +849 -0
  382. package/expertise/security/PROGRESS.md +54 -0
  383. package/expertise/security/agentic-identity.md +540 -0
  384. package/expertise/security/compliance-frameworks.md +601 -0
  385. package/expertise/security/data/data-encryption.md +364 -0
  386. package/expertise/security/data/data-privacy-gdpr.md +692 -0
  387. package/expertise/security/data/database-security.md +1171 -0
  388. package/expertise/security/data/index.md +22 -0
  389. package/expertise/security/data/pii-handling.md +531 -0
  390. package/expertise/security/foundations/authentication.md +1041 -0
  391. package/expertise/security/foundations/authorization.md +603 -0
  392. package/expertise/security/foundations/cryptography.md +1001 -0
  393. package/expertise/security/foundations/index.md +25 -0
  394. package/expertise/security/foundations/owasp-top-10.md +1354 -0
  395. package/expertise/security/foundations/secrets-management.md +1217 -0
  396. package/expertise/security/foundations/secure-sdlc.md +700 -0
  397. package/expertise/security/foundations/supply-chain-security.md +698 -0
  398. package/expertise/security/index.md +31 -0
  399. package/expertise/security/infrastructure/cloud-security-aws.md +1296 -0
  400. package/expertise/security/infrastructure/cloud-security-gcp.md +1376 -0
  401. package/expertise/security/infrastructure/container-security.md +721 -0
  402. package/expertise/security/infrastructure/incident-response.md +1295 -0
  403. package/expertise/security/infrastructure/index.md +24 -0
  404. package/expertise/security/infrastructure/logging-and-monitoring.md +1618 -0
  405. package/expertise/security/infrastructure/network-security.md +1337 -0
  406. package/expertise/security/mobile/index.md +23 -0
  407. package/expertise/security/mobile/mobile-android-security.md +1218 -0
  408. package/expertise/security/mobile/mobile-binary-protection.md +1229 -0
  409. package/expertise/security/mobile/mobile-data-storage.md +1265 -0
  410. package/expertise/security/mobile/mobile-ios-security.md +1401 -0
  411. package/expertise/security/mobile/mobile-network-security.md +1520 -0
  412. package/expertise/security/smart-contract-security.md +594 -0
  413. package/expertise/security/testing/index.md +22 -0
  414. package/expertise/security/testing/penetration-testing.md +1258 -0
  415. package/expertise/security/testing/security-code-review.md +1765 -0
  416. package/expertise/security/testing/threat-modeling.md +1074 -0
  417. package/expertise/security/testing/vulnerability-scanning.md +1062 -0
  418. package/expertise/security/web/api-security.md +586 -0
  419. package/expertise/security/web/cors-and-headers.md +433 -0
  420. package/expertise/security/web/csrf.md +562 -0
  421. package/expertise/security/web/file-upload.md +1477 -0
  422. package/expertise/security/web/index.md +25 -0
  423. package/expertise/security/web/injection.md +1375 -0
  424. package/expertise/security/web/session-management.md +1101 -0
  425. package/expertise/security/web/xss.md +1158 -0
  426. package/exports/README.md +17 -0
  427. package/exports/hosts/claude/.claude/agents/clarifier.md +42 -0
  428. package/exports/hosts/claude/.claude/agents/content-author.md +63 -0
  429. package/exports/hosts/claude/.claude/agents/designer.md +55 -0
  430. package/exports/hosts/claude/.claude/agents/executor.md +55 -0
  431. package/exports/hosts/claude/.claude/agents/learner.md +51 -0
  432. package/exports/hosts/claude/.claude/agents/planner.md +53 -0
  433. package/exports/hosts/claude/.claude/agents/researcher.md +43 -0
  434. package/exports/hosts/claude/.claude/agents/reviewer.md +54 -0
  435. package/exports/hosts/claude/.claude/agents/specifier.md +47 -0
  436. package/exports/hosts/claude/.claude/agents/verifier.md +71 -0
  437. package/exports/hosts/claude/.claude/commands/author.md +42 -0
  438. package/exports/hosts/claude/.claude/commands/clarify.md +38 -0
  439. package/exports/hosts/claude/.claude/commands/design-review.md +46 -0
  440. package/exports/hosts/claude/.claude/commands/design.md +44 -0
  441. package/exports/hosts/claude/.claude/commands/discover.md +37 -0
  442. package/exports/hosts/claude/.claude/commands/execute.md +48 -0
  443. package/exports/hosts/claude/.claude/commands/learn.md +38 -0
  444. package/exports/hosts/claude/.claude/commands/plan-review.md +42 -0
  445. package/exports/hosts/claude/.claude/commands/plan.md +39 -0
  446. package/exports/hosts/claude/.claude/commands/prepare-next.md +37 -0
  447. package/exports/hosts/claude/.claude/commands/review.md +40 -0
  448. package/exports/hosts/claude/.claude/commands/run-audit.md +41 -0
  449. package/exports/hosts/claude/.claude/commands/spec-challenge.md +41 -0
  450. package/exports/hosts/claude/.claude/commands/specify.md +38 -0
  451. package/exports/hosts/claude/.claude/commands/verify.md +37 -0
  452. package/exports/hosts/claude/.claude/settings.json +34 -0
  453. package/exports/hosts/claude/CLAUDE.md +19 -0
  454. package/exports/hosts/claude/export.manifest.json +38 -0
  455. package/exports/hosts/claude/host-package.json +67 -0
  456. package/exports/hosts/codex/AGENTS.md +19 -0
  457. package/exports/hosts/codex/export.manifest.json +38 -0
  458. package/exports/hosts/codex/host-package.json +41 -0
  459. package/exports/hosts/cursor/.cursor/hooks.json +16 -0
  460. package/exports/hosts/cursor/.cursor/rules/wazir-core.mdc +19 -0
  461. package/exports/hosts/cursor/export.manifest.json +38 -0
  462. package/exports/hosts/cursor/host-package.json +42 -0
  463. package/exports/hosts/gemini/GEMINI.md +19 -0
  464. package/exports/hosts/gemini/export.manifest.json +38 -0
  465. package/exports/hosts/gemini/host-package.json +41 -0
  466. package/hooks/README.md +18 -0
  467. package/hooks/definitions/loop_cap_guard.yaml +21 -0
  468. package/hooks/definitions/post_tool_capture.yaml +24 -0
  469. package/hooks/definitions/pre_compact_summary.yaml +19 -0
  470. package/hooks/definitions/pre_tool_capture_route.yaml +19 -0
  471. package/hooks/definitions/protected_path_write_guard.yaml +19 -0
  472. package/hooks/definitions/session_start.yaml +19 -0
  473. package/hooks/definitions/stop_handoff_harvest.yaml +20 -0
  474. package/hooks/loop-cap-guard +17 -0
  475. package/hooks/post-tool-lint +36 -0
  476. package/hooks/protected-path-write-guard +17 -0
  477. package/hooks/session-start +41 -0
  478. package/llms-full.txt +2355 -0
  479. package/llms.txt +43 -0
  480. package/package.json +79 -0
  481. package/roles/README.md +20 -0
  482. package/roles/clarifier.md +42 -0
  483. package/roles/content-author.md +63 -0
  484. package/roles/designer.md +55 -0
  485. package/roles/executor.md +55 -0
  486. package/roles/learner.md +51 -0
  487. package/roles/planner.md +53 -0
  488. package/roles/researcher.md +43 -0
  489. package/roles/reviewer.md +54 -0
  490. package/roles/specifier.md +47 -0
  491. package/roles/verifier.md +71 -0
  492. package/schemas/README.md +24 -0
  493. package/schemas/accepted-learning.schema.json +20 -0
  494. package/schemas/author-artifact.schema.json +156 -0
  495. package/schemas/clarification.schema.json +19 -0
  496. package/schemas/design-artifact.schema.json +80 -0
  497. package/schemas/docs-claim.schema.json +18 -0
  498. package/schemas/export-manifest.schema.json +20 -0
  499. package/schemas/hook.schema.json +67 -0
  500. package/schemas/host-export-package.schema.json +18 -0
  501. package/schemas/implementation-plan.schema.json +19 -0
  502. package/schemas/proposed-learning.schema.json +19 -0
  503. package/schemas/research.schema.json +18 -0
  504. package/schemas/review.schema.json +29 -0
  505. package/schemas/run-manifest.schema.json +18 -0
  506. package/schemas/spec-challenge.schema.json +18 -0
  507. package/schemas/spec.schema.json +20 -0
  508. package/schemas/usage.schema.json +102 -0
  509. package/schemas/verification-proof.schema.json +29 -0
  510. package/schemas/wazir-manifest.schema.json +173 -0
  511. package/skills/README.md +40 -0
  512. package/skills/brainstorming/SKILL.md +77 -0
  513. package/skills/debugging/SKILL.md +50 -0
  514. package/skills/design/SKILL.md +61 -0
  515. package/skills/dispatching-parallel-agents/SKILL.md +128 -0
  516. package/skills/executing-plans/SKILL.md +70 -0
  517. package/skills/finishing-a-development-branch/SKILL.md +169 -0
  518. package/skills/humanize/SKILL.md +123 -0
  519. package/skills/init-pipeline/SKILL.md +124 -0
  520. package/skills/prepare-next/SKILL.md +20 -0
  521. package/skills/receiving-code-review/SKILL.md +123 -0
  522. package/skills/requesting-code-review/SKILL.md +105 -0
  523. package/skills/requesting-code-review/code-reviewer.md +108 -0
  524. package/skills/run-audit/SKILL.md +197 -0
  525. package/skills/scan-project/SKILL.md +41 -0
  526. package/skills/self-audit/SKILL.md +153 -0
  527. package/skills/subagent-driven-development/SKILL.md +154 -0
  528. package/skills/subagent-driven-development/code-quality-reviewer-prompt.md +26 -0
  529. package/skills/subagent-driven-development/implementer-prompt.md +102 -0
  530. package/skills/subagent-driven-development/spec-reviewer-prompt.md +61 -0
  531. package/skills/tdd/SKILL.md +23 -0
  532. package/skills/using-git-worktrees/SKILL.md +163 -0
  533. package/skills/using-skills/SKILL.md +95 -0
  534. package/skills/verification/SKILL.md +22 -0
  535. package/skills/wazir/SKILL.md +463 -0
  536. package/skills/writing-plans/SKILL.md +30 -0
  537. package/skills/writing-skills/SKILL.md +157 -0
  538. package/skills/writing-skills/anthropic-best-practices.md +122 -0
  539. package/skills/writing-skills/persuasion-principles.md +50 -0
  540. package/templates/README.md +20 -0
  541. package/templates/artifacts/README.md +10 -0
  542. package/templates/artifacts/accepted-learning.md +19 -0
  543. package/templates/artifacts/accepted-learning.template.json +12 -0
  544. package/templates/artifacts/author.md +74 -0
  545. package/templates/artifacts/author.template.json +19 -0
  546. package/templates/artifacts/clarification.md +21 -0
  547. package/templates/artifacts/clarification.template.json +12 -0
  548. package/templates/artifacts/execute-notes.md +19 -0
  549. package/templates/artifacts/implementation-plan.md +21 -0
  550. package/templates/artifacts/implementation-plan.template.json +11 -0
  551. package/templates/artifacts/learning-proposal.md +19 -0
  552. package/templates/artifacts/next-run-handoff.md +21 -0
  553. package/templates/artifacts/plan-review.md +19 -0
  554. package/templates/artifacts/proposed-learning.template.json +12 -0
  555. package/templates/artifacts/research.md +21 -0
  556. package/templates/artifacts/research.template.json +12 -0
  557. package/templates/artifacts/review-findings.md +19 -0
  558. package/templates/artifacts/review.template.json +11 -0
  559. package/templates/artifacts/run-manifest.template.json +8 -0
  560. package/templates/artifacts/spec-challenge.md +19 -0
  561. package/templates/artifacts/spec-challenge.template.json +11 -0
  562. package/templates/artifacts/spec.md +21 -0
  563. package/templates/artifacts/spec.template.json +12 -0
  564. package/templates/artifacts/verification-proof.md +19 -0
  565. package/templates/artifacts/verification-proof.template.json +11 -0
  566. package/templates/examples/accepted-learning.example.json +14 -0
  567. package/templates/examples/author.example.json +152 -0
  568. package/templates/examples/clarification.example.json +15 -0
  569. package/templates/examples/docs-claim.example.json +8 -0
  570. package/templates/examples/export-manifest.example.json +7 -0
  571. package/templates/examples/host-export-package.example.json +11 -0
  572. package/templates/examples/implementation-plan.example.json +17 -0
  573. package/templates/examples/proposed-learning.example.json +13 -0
  574. package/templates/examples/research.example.json +15 -0
  575. package/templates/examples/research.example.md +6 -0
  576. package/templates/examples/review.example.json +17 -0
  577. package/templates/examples/run-manifest.example.json +9 -0
  578. package/templates/examples/spec-challenge.example.json +14 -0
  579. package/templates/examples/spec.example.json +21 -0
  580. package/templates/examples/verification-proof.example.json +21 -0
  581. package/templates/examples/wazir-manifest.example.yaml +65 -0
  582. package/templates/task-definition-schema.md +99 -0
  583. package/tooling/README.md +20 -0
  584. package/tooling/src/adapters/context-mode.js +50 -0
  585. package/tooling/src/capture/command.js +376 -0
  586. package/tooling/src/capture/store.js +99 -0
  587. package/tooling/src/capture/usage.js +270 -0
  588. package/tooling/src/checks/branches.js +50 -0
  589. package/tooling/src/checks/brand-truth.js +110 -0
  590. package/tooling/src/checks/changelog.js +231 -0
  591. package/tooling/src/checks/command-registry.js +36 -0
  592. package/tooling/src/checks/commits.js +102 -0
  593. package/tooling/src/checks/docs-drift.js +103 -0
  594. package/tooling/src/checks/docs-truth.js +201 -0
  595. package/tooling/src/checks/runtime-surface.js +156 -0
  596. package/tooling/src/cli.js +116 -0
  597. package/tooling/src/command-options.js +56 -0
  598. package/tooling/src/commands/validate.js +320 -0
  599. package/tooling/src/doctor/command.js +91 -0
  600. package/tooling/src/export/command.js +77 -0
  601. package/tooling/src/export/compiler.js +498 -0
  602. package/tooling/src/guards/loop-cap-guard.js +52 -0
  603. package/tooling/src/guards/protected-path-write-guard.js +67 -0
  604. package/tooling/src/index/command.js +152 -0
  605. package/tooling/src/index/storage.js +1061 -0
  606. package/tooling/src/index/summarizers.js +261 -0
  607. package/tooling/src/loaders.js +18 -0
  608. package/tooling/src/project-root.js +22 -0
  609. package/tooling/src/recall/command.js +225 -0
  610. package/tooling/src/schema-validator.js +30 -0
  611. package/tooling/src/state-root.js +40 -0
  612. package/tooling/src/status/command.js +71 -0
  613. package/wazir.manifest.yaml +135 -0
  614. package/workflows/README.md +19 -0
  615. package/workflows/author.md +42 -0
  616. package/workflows/clarify.md +38 -0
  617. package/workflows/design-review.md +46 -0
  618. package/workflows/design.md +44 -0
  619. package/workflows/discover.md +37 -0
  620. package/workflows/execute.md +48 -0
  621. package/workflows/learn.md +38 -0
  622. package/workflows/plan-review.md +42 -0
  623. package/workflows/plan.md +39 -0
  624. package/workflows/prepare-next.md +37 -0
  625. package/workflows/review.md +40 -0
  626. package/workflows/run-audit.md +41 -0
  627. package/workflows/spec-challenge.md +41 -0
  628. package/workflows/specify.md +38 -0
  629. package/workflows/verify.md +37 -0
package/expertise/frontend/desktop-electron.md ADDED
@@ -0,0 +1,546 @@
1
+ # Desktop (Electron) — Expertise Module
2
+
3
+ > An Electron specialist builds cross-platform desktop applications using web technologies (HTML, CSS, JavaScript/TypeScript) packaged with Chromium and Node.js. The scope covers process architecture (main/renderer/preload), IPC communication, security hardening, native OS integration, auto-updates, packaging, code signing, and performance optimization across Windows, macOS, and Linux. Current stable: Electron 40.x (Chromium 144, Node 22).
4
+
5
+ ---
6
+
7
+ ## Core Patterns & Conventions
8
+
9
+ ### Project Structure
10
+
11
+ Use **electron-vite** or **electron-forge** scaffolding. Separate source into `main/`, `preload/`, and `renderer/` directories with independent entry points.
12
+
13
+ ```
14
+ src/
15
+ main/
16
+ index.ts # app entry, BrowserWindow creation
17
+ ipc/ # ipcMain handlers grouped by domain
18
+ file-handlers.ts
19
+ dialog-handlers.ts
20
+ windows/ # window factory & management
21
+ menu/ # app menu & context menus
22
+ updater/ # auto-update logic
23
+ preload/
24
+ index.ts # contextBridge.exposeInMainWorld
25
+ api.d.ts # TypeScript declarations for exposed API
26
+ renderer/
27
+ index.html
28
+ src/
29
+ App.tsx # root component (React/Vue/Svelte)
30
+ components/
31
+ pages/
32
+ store/ # renderer-side state (Zustand, Pinia)
33
+ shared/
34
+ types.ts # IPC channel names, payload types
35
+ resources/
36
+ icons/ # platform-specific icons (icns, ico, png)
37
+ electron-builder.yml # or forge.config.ts
38
+ electron.vite.config.ts
39
+ ```
40
+
41
+ ### Naming Conventions
42
+
43
+ | Element | Convention | Example |
44
+ |---|---|---|
45
+ | IPC channels | `kebab-case` with domain prefix | `file:open`, `dialog:show-save` |
46
+ | Window identifiers | `kebab-case` | `main-window`, `settings-window` |
47
+ | Preload API namespace | `camelCase` under `window.api` | `window.api.openFile()` |
48
+ | Main process handlers | `camelCase` functions | `handleFileOpen()` |
49
+ | Shared types | `PascalCase` interfaces | `IpcPayload`, `WindowConfig` |
50
+
51
+ ### Architecture: Process Model
52
+
53
+ - **Main process**: Single Node.js process. Creates windows, handles OS integration (menus, tray, notifications, file system), manages app lifecycle. Full Node.js access.
54
+ - **Renderer process**: One per BrowserWindow. Runs web content in sandboxed Chromium. No direct Node.js or Electron API access when properly configured.
55
+ - **Preload script**: Bridge between main and renderer. Exposes a controlled API surface via `contextBridge`. Runs before renderer content loads.
56
+ - **Utility process** (Electron 25+): `utilityProcess` for CPU-intensive work. Runs Node.js without Chromium overhead, replacing deprecated `child_process.fork()` patterns.
57
+
58
+ **IPC Communication Patterns:**
59
+
60
+ ```
61
+ Renderer ──ipcRenderer.invoke──> Main (request/response, async)
62
+ Renderer ──ipcRenderer.send────> Main (fire-and-forget)
63
+ Main ──webContents.send────> Renderer (push notifications)
64
+ ```
65
+
66
+ Always use typed channel names from a shared constants file. Never pass raw `ipcRenderer` to the renderer.
67
+
68
+ ### Framework Integration
69
+
70
+ **Recommended stack (2025-2026):**
71
+ - **Build tool**: electron-vite (Vite-based, fast HMR, ESM)
72
+ - **Renderer framework**: React 19+ / Vue 3.5+ / Svelte 5+
73
+ - **State**: Zustand (React), Pinia (Vue), built-in stores (Svelte)
74
+ - **Styling**: Tailwind CSS 4 or CSS Modules
75
+ - **TypeScript**: Mandatory for all three processes
76
+
77
+ ### State Management
78
+
79
+ - **Renderer-side**: Standard web framework stores (Zustand, Redux Toolkit, Pinia). Keep UI state here.
80
+ - **Persistent state**: `electron-store` or `better-sqlite3` in main process. Expose via IPC only.
81
+ - **Cross-process sync**: Renderer requests via `invoke`, main pushes changes via `webContents.send`. Never share mutable references.
82
+
83
+ ### Window Management
84
+
85
+ ```typescript
86
+ const win = new BrowserWindow({
87
+ width: 1400, height: 900, minWidth: 800, minHeight: 600,
88
+ show: false, // prevent white flash
89
+ webPreferences: {
90
+ preload: path.join(__dirname, '../preload/index.js'),
91
+ contextIsolation: true, // MANDATORY
92
+ nodeIntegration: false, // MANDATORY
93
+ sandbox: true, // recommended
94
+ },
95
+ });
96
+ win.once('ready-to-show', () => win.show());
97
+ ```
98
+
99
+ Track windows by ID via a manager singleton. Restore bounds from persistent storage. Avoid creating excessive windows (each costs 50-150 MB).
100
+
101
+ ### File System Access
102
+
103
+ Always access the file system from the main process. Expose specific operations via IPC with path validation, never general `fs` access.
104
+
105
+ ### Menu, Tray, and Auto-Update
106
+
107
+ - Build menus with `Menu.buildFromTemplate()`. Use role-based items for standard actions.
108
+ - Tray: Use template images on macOS (`iconTemplate.png`). Destroy on quit.
109
+ - Auto-update: Use `electron-updater` (electron-builder) or `update-electron-app` (Forge). Check every ~4 hours, not on every focus. Let user decide when to download/install.
110
+
111
+ ---
112
+
113
+ ## Anti-Patterns & Pitfalls
114
+
115
+ ### 1. Enabling `nodeIntegration: true` in Renderer
116
+ **Why:** Grants the renderer full Node.js access. Any XSS vulnerability can execute arbitrary system commands. Default is `false` since Electron 5.
117
+
118
+ ### 2. Disabling `contextIsolation`
119
+ **Why:** Preload and renderer share the same JS context. Malicious scripts can override prototypes to intercept data. Default is `true` since Electron 12.
120
+
121
+ ### 3. Exposing `ipcRenderer` Directly via contextBridge
122
+ **Why:** `exposeInMainWorld('ipc', ipcRenderer)` lets any code send ANY IPC message. Expose one function per channel with explicit argument shapes instead.
123
+
124
+ ### 4. Running Heavy Computation in the Main Process
125
+ **Why:** Blocks the event loop for ALL windows. Use `utilityProcess` (Electron 25+) or Web Workers.
126
+
127
+ ### 5. Using the Deprecated `remote` Module
128
+ **Why:** Removed in Electron 14. Created synchronous cross-process proxies that leaked main-process objects. Use explicit `ipcMain.handle` / `ipcRenderer.invoke`.
129
+
130
+ ### 6. Loading Remote URLs Without CSP
131
+ **Why:** Without Content Security Policy, injected `<script>` tags execute with renderer privileges.
132
+
133
+ ### 7. Not Validating IPC Arguments in Main Process
134
+ **Why:** A compromised renderer can send crafted payloads. Validate types, ranges, paths. Never pass IPC args directly to `fs` or `child_process`.
135
+
136
+ ### 8. Creating Excessive BrowserWindows
137
+ **Why:** Each spawns a full Chromium renderer (50-150 MB). Use `WebContentsView` for embedded content or swap via routing.
138
+
139
+ ### 9. Bundling Unnecessary Dependencies
140
+ **Why:** Electron already ships ~120 MB. Tree-shake, use `devDependencies` correctly, audit with `files` config.
141
+
142
+ ### 10. Ignoring `ready-to-show` (White Flash)
143
+ **Why:** Showing a window immediately displays blank white until content loads. Use `show: false` + `ready-to-show`.
144
+
145
+ ### 11. Not Handling `will-navigate` and `setWindowOpenHandler`
146
+ **Why:** Without these, clicks can navigate to phishing sites or open new windows running with elevated privileges.
147
+
148
+ ### 12. Using Synchronous IPC (`sendSync`)
149
+ **Why:** Blocks the renderer's main thread. Always use async `invoke` / `handle`.
150
+
151
+ ### 13. Forgetting to Destroy Windows on Close
152
+ **Why:** On macOS, closing hides by default. Retained references to destroyed windows cause memory leaks and crashes.
153
+
154
+ ### 14. Skipping Code Signing
155
+ **Why:** macOS Gatekeeper and Windows SmartScreen block/warn on unsigned apps. macOS 10.15+ requires signing AND notarization.
156
+
157
+ ### 15. Using `shell.openExternal` Without URL Validation
158
+ **Why:** Untrusted URLs can execute `file://` or custom protocol URIs to run arbitrary programs. Validate against an allowlist.
159
+
160
+ ---
161
+
162
+ ## Testing Strategy
163
+
164
+ ### Unit Testing (Renderer)
165
+
166
+ Use **Vitest** (preferred with electron-vite) or **Jest**. Mock `window.api` at module level.
167
+
168
+ ```typescript
169
+ vi.stubGlobal('api', {
170
+ listFiles: vi.fn().mockResolvedValue(['file1.txt', 'file2.txt']),
171
+ });
172
+ test('renders file list', async () => {
173
+ render(<FileList />);
174
+ expect(await screen.findByText('file1.txt')).toBeDefined();
175
+ });
176
+ ```
177
+
178
+ ### Main Process Testing
179
+
180
+ Mock Electron modules before importing handlers. Test IPC handlers as pure async functions with mocked `event` objects.
181
+
182
+ ### E2E Testing with Playwright
183
+
184
+ Playwright has experimental but functional Electron support via CDP. It is the recommended successor to the deprecated Spectron.
185
+
186
+ ```typescript
187
+ import { test, expect, _electron as electron } from '@playwright/test';
188
+
189
+ test('app launches and shows main window', async () => {
190
+ const app = await electron.launch({ args: ['.'] });
191
+ const window = await app.firstWindow();
192
+ expect(await window.title()).toBe('My App');
193
+
194
+ const isPackaged = await app.evaluate(({ app }) => app.isPackaged);
195
+ expect(isPackaged).toBe(false);
196
+
197
+ await window.click('button#open-file');
198
+ await expect(window.locator('.file-content')).toBeVisible();
199
+ await app.close();
200
+ });
201
+ ```
202
+
203
+ Key capabilities: `app.evaluate()` runs code in main process, standard Playwright locators and auto-waiting work, use `electron-playwright-helpers` for common patterns.
204
+
205
+ ### IPC Testing
206
+
207
+ 1. Unit-test main handlers with mocked `event` objects
208
+ 2. Unit-test preload functions with mocked `ipcRenderer`
209
+ 3. E2E tests verify full round-trip (renderer -> preload -> main -> response)
210
+
211
+ ---
212
+
213
+ ## Performance Considerations
214
+
215
+ ### Startup Time
216
+
217
+ Users notice if an app takes >2 seconds to show UI.
218
+
219
+ 1. **Bundle with Vite/esbuild**: Replace synchronous `require()` chains. Bundling alone reduces startup 50%+.
220
+ 2. **Lazy-load renderer routes**: `React.lazy`, dynamic `import()` for non-initial views.
221
+ 3. **Defer non-critical main work**: Delay auto-update checks, analytics until first window visible.
222
+ 4. **`show: false` + `ready-to-show`**: Perceived instant launch.
223
+ 5. **V8 snapshots**: Advanced (VS Code uses this) -- serialize initialized state into a snapshot.
224
+
225
+ ### Memory Management
226
+
227
+ - Each BrowserWindow: 50-150 MB. Minimize concurrent windows.
228
+ - `backgroundThrottling: true` (default) reduces background window usage.
229
+ - Destroy windows fully when not needed. Use `utilityProcess` over hidden windows.
230
+ - Profile with Chrome DevTools memory profiler for DOM node leaks.
231
+
232
+ ### Bundle Size
233
+
234
+ - Tree-shake with ESM. Audit with `webpack-bundle-analyzer` or `rollup-plugin-visualizer`.
235
+ - Use `files` config to exclude tests, docs, dev files from the packaged app.
236
+ - ASAR packaging (default with electron-builder) compresses app code.
237
+
238
+ ### GPU Acceleration
239
+
240
+ Hardware acceleration is on by default. Improves CSS animations, WebGL, canvas. Disable with `app.disableHardwareAcceleration()` only for headless/server environments or GPU driver issues.
241
+
242
+ ---
243
+
244
+ ## Security Considerations
245
+
246
+ ### Mandatory Configuration
247
+
248
+ ```typescript
249
+ new BrowserWindow({
250
+ webPreferences: {
251
+ contextIsolation: true, // isolate preload from renderer
252
+ nodeIntegration: false, // no Node.js in renderer
253
+ sandbox: true, // OS-level sandbox
254
+ webSecurity: true, // enforce same-origin policy
255
+ allowRunningInsecureContent: false,
256
+ },
257
+ });
258
+ ```
259
+
260
+ ### Context Isolation (Electron 12+ default)
261
+
262
+ Separate JavaScript worlds for preload and renderer. Prevents prototype pollution where renderer code overrides built-in methods to intercept preload data.
263
+
264
+ ### Sandbox Mode (Electron 20+ default)
265
+
266
+ Sandboxed renderers cannot access Node.js APIs even in preload. Only `contextBridge`, limited `ipcRenderer`, and `webFrame` are available.
267
+
268
+ ### Content Security Policy
269
+
270
+ ```html
271
+ <meta http-equiv="Content-Security-Policy"
272
+ content="default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline';
273
+ img-src 'self' data:; connect-src 'self' https://api.yourapp.com;">
274
+ ```
275
+
276
+ Avoid `'unsafe-eval'` in production.
277
+
278
+ ### Code Signing Requirements
279
+
280
+ | Platform | Requirement | Tool |
281
+ |---|---|---|
282
+ | macOS | Developer ID + Notarization (mandatory since Catalina) | `@electron/osx-sign`, `@electron/notarize` |
283
+ | Windows | EV or Standard Code Signing Certificate | `signtool.exe`, Azure Trusted Signing |
284
+ | Linux | GPG signing (optional, recommended for repos) | `gpg`, `dpkg-sig` |
285
+
286
+ ### Additional Hardening
287
+
288
+ - `setWindowOpenHandler()` to control/block `window.open()`
289
+ - Handle `will-navigate` to prevent navigation to untrusted URLs
290
+ - Use `safeStorage` API for encrypting sensitive data at rest
291
+ - Validate URLs before `shell.openExternal()`
292
+ - `ses.setPermissionRequestHandler` to control camera/microphone/geolocation grants
293
+ - Keep Electron updated to patch Chromium and Node.js CVEs
294
+
295
+ ---
296
+
297
+ ## Integration Patterns
298
+
299
+ ### Native Modules (N-API)
300
+
301
+ Use when JavaScript cannot meet performance or OS API requirements. Prefer **N-API** (stable ABI) via `node-addon-api`. Rebuild for Electron with `@electron/rebuild`. For calling existing shared libraries without C++, use `ffi-napi`.
302
+
303
+ ### System Tray
304
+
305
+ ```typescript
306
+ import { Tray, Menu, nativeImage } from 'electron';
307
+
308
+ const icon = nativeImage.createFromPath(iconPath).resize({ width: 16, height: 16 });
309
+ const tray = new Tray(icon);
310
+ tray.setContextMenu(Menu.buildFromTemplate([
311
+ { label: 'Show', click: () => mainWindow.show() },
312
+ { type: 'separator' },
313
+ { label: 'Quit', click: () => app.quit() },
314
+ ]));
315
+ ```
316
+
317
+ Use template images on macOS (`iconTemplate.png`, `iconTemplate@2x.png`) for dark/light mode.
318
+
319
+ ### Deep Links and Protocol Handlers
320
+
321
+ ```typescript
322
+ app.setAsDefaultProtocolClient('myapp');
323
+
324
+ app.on('open-url', (event, url) => { // macOS
325
+ event.preventDefault();
326
+ handleDeepLink(url);
327
+ });
328
+ app.on('second-instance', (_e, argv) => { // Windows/Linux
329
+ const url = argv.find(a => a.startsWith('myapp://'));
330
+ if (url) handleDeepLink(url);
331
+ mainWindow?.focus();
332
+ });
333
+ ```
334
+
335
+ ### Notifications, Clipboard, Drag-and-Drop
336
+
337
+ - **Notifications**: `new Notification({ title, body, icon }).show()` -- uses native OS notification center.
338
+ - **Clipboard**: `clipboard` module from main process for programmatic access.
339
+ - **Drag-and-drop**: Standard HTML5 DnD in renderer. File drops expose `File.path` (Electron extension). Outbound drag via `webContents.startDrag()`.
340
+
341
+ ---
342
+
343
+ ## DevOps & Deployment
344
+
345
+ ### Build Tools
346
+
347
+ **electron-builder** (community standard, ~1.1M weekly downloads):
348
+ - Cross-platform builds from one OS. NSIS, DMG, AppImage, Snap, deb, rpm.
349
+ - YAML config. Built-in auto-update with differential downloads. Extensive installer customization.
350
+
351
+ **electron-forge** (official Electron tool, ~6.9K stars):
352
+ - Plugin-based. Receives Electron features first (ASAR integrity, universal macOS).
353
+ - Only packages for current platform. JS/TS config. Simpler for beginners.
354
+
355
+ ### Auto-Updates
356
+
357
+ **electron-updater** (electron-builder): GitHub Releases, S3, generic HTTP. Differential updates, staged rollouts, code signature validation, Linux support.
358
+
359
+ **update-electron-app** (Forge): Simpler API. Uses `update.electronjs.org` (free for OSS). Squirrel-based.
360
+
361
+ ### CI/CD Cross-Platform Builds
362
+
363
+ ```yaml
364
+ # GitHub Actions
365
+ jobs:
366
+ build:
367
+ strategy:
368
+ matrix:
369
+ os: [macos-latest, windows-latest, ubuntu-latest]
370
+ runs-on: ${{ matrix.os }}
371
+ steps:
372
+ - uses: actions/checkout@v4
373
+ - uses: actions/setup-node@v4
374
+ with: { node-version: 22 }
375
+ - run: npm ci && npm run build && npm run dist
376
+ env:
377
+ GH_TOKEN: ${{ secrets.GH_TOKEN }}
378
+ CSC_LINK: ${{ secrets.MAC_CERTIFICATE }} # macOS
379
+ APPLE_ID: ${{ secrets.APPLE_ID }} # notarization
380
+ WIN_CSC_LINK: ${{ secrets.WIN_CERTIFICATE }} # Windows
381
+ ```
382
+
383
+ ### Crash Reporting
384
+
385
+ **Sentry** (`@sentry/electron`): Captures JS errors + native crashes (Crashpad minidumps). Breadcrumbs, source maps, upload on next launch. `Sentry.init({ dsn })` in main process.
386
+
387
+ ### Tauri as a Modern Alternative
388
+
389
+ | Aspect | Electron 40 | Tauri 2.x |
390
+ |---|---|---|
391
+ | Runtime | Chromium + Node (~120 MB) | System webview + Rust (~2-10 MB) |
392
+ | Memory (idle) | 200-300 MB | 30-40 MB |
393
+ | Startup | 1-2 sec | <0.5 sec |
394
+ | Security | Opt-out (disable features) | Opt-in (allowlist features) |
395
+ | Ecosystem | Massive (npm, mature) | Growing (18% share, 2026) |
396
+ | Mobile | No | iOS + Android (Tauri 2.0) |
397
+
398
+ Choose Tauri for lightweight, security-first apps. Choose Electron for complex apps needing mature Node.js ecosystem or consistent cross-platform rendering.
399
+
400
+ ---
401
+
402
+ ## Decision Trees
403
+
404
+ ### Electron vs Tauri vs Flutter Desktop
405
+
406
+ ```
407
+ Need a desktop app?
408
+ +-- Team knows Rust or willing to learn?
409
+ | +-- Yes + need consistent rendering? --> Electron (ships Chromium)
410
+ | +-- Yes + lightweight/security-first? --> Tauri 2.x (system webview)
411
+ +-- JavaScript/TypeScript-only team?
412
+ | +-- Heavy Node.js ecosystem needed? --> Electron
413
+ | +-- Minimal Node.js, small bundle? --> Tauri (little Rust needed)
414
+ +-- Dart/Flutter team?
415
+ | +-- Need mobile + desktop? --> Flutter Desktop
416
+ +-- App size/memory critical?
417
+ | +-- Yes --> Tauri (~5 MB installer)
418
+ | +-- No --> Electron (mature, proven)
419
+ ```
420
+
421
+ ### electron-builder vs electron-forge
422
+
423
+ ```
424
+ +-- Cross-platform builds from one OS? --> electron-builder
425
+ +-- Want official tooling, latest features? --> electron-forge
426
+ +-- Need differential/delta updates? --> electron-builder
427
+ +-- Complex installer (NSIS scripts)? --> electron-builder
428
+ +-- Prefer simple JS/TS config? --> electron-forge
429
+ ```
430
+
431
+ ### Native Modules vs Pure JavaScript
432
+
433
+ ```
434
+ +-- Electron API already covers it? --> Use Electron API via IPC
435
+ +-- Pure JS npm package works? --> Use it (no rebuild complexity)
436
+ +-- Calling existing C/Rust .so/.dll? --> ffi-napi (no C++ needed)
437
+ +-- Max perf (image, crypto, compress)? --> node-addon-api (N-API)
438
+ +-- Can run as WASM? --> WASM (portable, no rebuild)
439
+ ```
440
+
441
+ ---
442
+
443
+ ## Code Examples
444
+
445
+ ### Secure Preload Script with Typed API
446
+
447
+ ```typescript
448
+ // preload/index.ts
449
+ import { contextBridge, ipcRenderer } from 'electron';
450
+
451
+ contextBridge.exposeInMainWorld('api', {
452
+ readFile: (path: string) => ipcRenderer.invoke('file:read', path),
453
+ saveFile: (path: string, content: string) =>
454
+ ipcRenderer.invoke('file:save', path, content),
455
+ showOpenDialog: () => ipcRenderer.invoke('dialog:open'),
456
+ setTitle: (title: string) => ipcRenderer.send('window:set-title', title),
457
+ onUpdateAvailable: (cb: (version: string) => void) => {
458
+ const handler = (_e: unknown, version: string) => cb(version);
459
+ ipcRenderer.on('update:available', handler);
460
+ return () => ipcRenderer.removeListener('update:available', handler);
461
+ },
462
+ });
463
+ ```
464
+
465
+ ```typescript
466
+ // preload/api.d.ts -- makes window.api typed in renderer
467
+ export interface ElectronAPI {
468
+ readFile: (path: string) => Promise<string>;
469
+ saveFile: (path: string, content: string) => Promise<void>;
470
+ showOpenDialog: () => Promise<string[] | undefined>;
471
+ setTitle: (title: string) => void;
472
+ onUpdateAvailable: (cb: (version: string) => void) => () => void;
473
+ }
474
+ declare global { interface Window { api: ElectronAPI; } }
475
+ ```
476
+
477
+ ### IPC Handler with Input Validation
478
+
479
+ ```typescript
480
+ // main/ipc/file-handlers.ts
481
+ ipcMain.handle('file:read', async (_event, filePath: string) => {
482
+ if (typeof filePath !== 'string') throw new Error('Invalid path');
483
+ const resolved = path.resolve(filePath);
484
+ if (!resolved.startsWith(app.getPath('userData'))) {
485
+ throw new Error('Access denied: path outside allowed directory');
486
+ }
487
+ return fs.promises.readFile(resolved, 'utf-8');
488
+ });
489
+
490
+ ipcMain.handle('dialog:open', async (event) => {
491
+ const win = BrowserWindow.fromWebContents(event.sender);
492
+ if (!win) return undefined;
493
+ const result = await dialog.showOpenDialog(win, {
494
+ properties: ['openFile'],
495
+ filters: [{ name: 'Text', extensions: ['txt', 'md', 'json'] }],
496
+ });
497
+ return result.canceled ? undefined : result.filePaths;
498
+ });
499
+ ```
500
+
501
+ ### Auto-Updater Setup
502
+
503
+ ```typescript
504
+ import { autoUpdater } from 'electron-updater';
505
+
506
+ autoUpdater.autoDownload = false;
507
+
508
+ export function setupUpdater(mainWindow: BrowserWindow): void {
509
+ autoUpdater.checkForUpdates().catch(() => {});
510
+
511
+ autoUpdater.on('update-available', (info) =>
512
+ mainWindow.webContents.send('update:available', info.version));
513
+ autoUpdater.on('download-progress', (p) =>
514
+ mainWindow.webContents.send('update:progress', Math.round(p.percent)));
515
+ autoUpdater.on('update-downloaded', () =>
516
+ mainWindow.webContents.send('update:downloaded'));
517
+
518
+ ipcMain.handle('update:download', () => autoUpdater.downloadUpdate());
519
+ ipcMain.handle('update:install', () => autoUpdater.quitAndInstall(true, true));
520
+
521
+ setInterval(() => autoUpdater.checkForUpdates().catch(() => {}), 4 * 3600_000);
522
+ }
523
+ ```
524
+
525
+ ### Utility Process for CPU-Intensive Work
526
+
527
+ ```typescript
528
+ // main/workers/image-processor.ts (utility process entry)
529
+ process.parentPort.on('message', async ({ data }) => {
530
+ if (data.type === 'resize') {
531
+ const sharp = require('sharp');
532
+ const buf = await sharp(data.buffer).resize(data.w, data.h).toBuffer();
533
+ process.parentPort.postMessage({ type: 'result', buffer: buf });
534
+ }
535
+ });
536
+
537
+ // main/index.ts -- spawn utility process
538
+ import { utilityProcess } from 'electron';
539
+ const worker = utilityProcess.fork(path.join(__dirname, 'workers/image-processor.js'));
540
+ worker.postMessage({ type: 'resize', buffer: imgBuf, w: 800, h: 600 });
541
+ worker.on('message', (data) => { /* handle result */ });
542
+ ```
543
+
544
+ ---
545
+
546
+ *Researched: 2026-03-07 | Sources: [Electron Security Docs](https://www.electronjs.org/docs/latest/tutorial/security), [Electron Context Isolation](https://www.electronjs.org/docs/latest/tutorial/context-isolation), [Electron Process Model](https://www.electronjs.org/docs/latest/tutorial/process-model), [Electron IPC Tutorial](https://www.electronjs.org/docs/latest/tutorial/ipc), [Electron Performance Guide](https://www.electronjs.org/docs/latest/tutorial/performance), [Electron Releases](https://releases.electronjs.org/), [electron-vite](https://electron-vite.org/), [electron-builder Auto Update](https://www.electron.build/auto-update.html), [Electron Code Signing](https://www.electronjs.org/docs/latest/tutorial/code-signing), [Playwright Electron API](https://playwright.dev/docs/api/class-electron), [Sentry Electron SDK](https://docs.sentry.io/platforms/javascript/guides/electron/), [Why Electron Forge](https://www.electronforge.io/core-concepts/why-electron-forge), [Tauri vs Electron](https://www.gethopp.app/blog/tauri-vs-electron), [Electron Deep Links](https://www.electronjs.org/docs/latest/tutorial/launch-app-from-url-in-another-app), [Improving Electron Performance](https://palette.dev/blog/improving-performance-of-electron-apps), [Electron Automated Testing](https://www.electronjs.org/docs/latest/tutorial/automated-testing)*