architecture
ChatPanellegacy chat with provider controls + in-chat compileChatViewV2structured timeline backed by v2 messages + parts schemaPreviewPanelwebview on persist:uct-preview partitionTerminalTabs / TerminalPanemulti-tab xterm.jsBlocksLibrary / PromptBuildergovernance block toggling + final promptSkillsPanel / AgentsPanel / GitPanelproject-scoped discovery surfacesMarkdownView / ReasoningBlockstreamdown renderer + collapsible thinking laneCodeEditProposalper-file Apply / Reject with traversal + env-write guardscontextBridgeexposes window.uct.* to the rendereripcRenderer.invoketyped channel calls; no business logicipc/fsproject inspection, env masking, file read/write with size caps, skill / agent / external-tool / rule discoveryipc/terminalnode-pty PTY sessions, data + exit channels, multi-tabipc/processspawned dev servers, destructive-command refusal, detached process-tree kill on disposeipc/qwenlocal open-source runtime chat + NDJSON stream + abortipc/modelsmulti-provider stream — local open-source runtime, cloud provider APIs (streaming), OAuth CLI adapter for session tokensipc/secretsElectron safeStorage-encrypted provider keys (Keychain / DPAPI / libsecret)ipc/playwrightsmoke + step runner + screenshot + console-error captureipc/domAgentCDP attach to Preview webview, DOM eval, screenshotsipc/networkCDP request capture from the Preview partitionipc/codeIndexregex-based symbol extraction across 17 languages, SQLite snapshot cacheipc/agentToolsread-oriented exec allowlist, hard-deny regex (shell metacharacters, sudo, chmod 777), file-system grepipc/mcpstdio MCP client, JSON-RPC 2.0 over newline-delimited JSON, per-request 30s timeoutipc/gitstatus, branch, log, show, push, fetch, remote, rev-parse, blame, ls-filesipc/capturewindow screenshot, data-URL saveipc/authAI CLI detection, OAuth code-paste flowBoth stores live under Electron userData. SQLite is the canonical chat store. JSON KV holds app-level preferences and the legacy migration shim.
canonical chat store
WAL, foreign keys, in-process migrations on app start. Schema: v2 messages + parts (ULID-keyed), agent traces, code-index snapshots, project memory, notifications, tool / skill / MCP preferences, chat_embeddings (local open-source embedding model · 768d).
app-level KV
Settings, custom prompt blocks, prompt history, recent projects, per-project presets, and a legacy chat.sessions.v1 shim retained only for migration from earlier versions.
The renderer never imports node:*, electron, better-sqlite3, node-pty, child_process, or fs. ESLint enforces it.
Preload exposes typed contextBridge surfaces; no business logic, no state, no side effects beyond invoke.
ipcMain handlers validate renderer input. Filesystem paths resolve against the project root; symlinks canonicalize through realpath.
Read-oriented binaries (git status|diff|log|…, npm run typecheck|test|lint|build:renderer, tsc, eslint, ruff, rg, grep, find, ls, cat). Deny: shell metacharacters (; | & $( \ >), sudo, chmod 777, chown, destructive patterns (rm -rf, git reset --hard, git push --force, drop table|database, supabase db reset).
Electron safeStorage. Keychain on macOS, DPAPI on Windows, libsecret on Linux. Plaintext fallback explicitly marked in Settings when keychain is unavailable. Keys never reach the renderer.
Production CSP locks script-src; dev relaxes for Vite HMR and Monaco blob workers. connect-src allowlists localhost, 127.0.0.1, api.anthropic.com, api.openai.com.
setPermissionRequestHandler refuses all permission requests by default. The Preview partition opens browser-grade permissions only for that webview.
setWindowOpenHandler denies in-app navigation and routes through shell.openExternal. app:openExternal accepts only http(s):// URLs.
Detached spawn + negative-PID signal on SIGINT/SIGTERM/SIGHUP and app quit. Vite + esbuild + Next children clean up together.