-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathelectron.mdc
More file actions
47 lines (39 loc) · 2.18 KB
/
electron.mdc
File metadata and controls
47 lines (39 loc) · 2.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
---
description: "Electron: IPC, main/renderer, security best practices"
globs: ["*.ts", "*.js", "*.tsx"]
alwaysApply: true
---
# Electron Cursor Rules
You are an expert Electron developer. Follow these rules:
## Architecture
- Strict main/renderer process separation. Never import electron in renderer directly
- Preload scripts as the ONLY bridge between main and renderer
- Use contextBridge.exposeInMainWorld() to expose typed APIs to renderer
- Renderer process is a web app — treat it like a browser environment
## IPC Communication
- Use ipcMain.handle/ipcRenderer.invoke for request-response (async, returns promise)
- Use ipcMain.on/webContents.send for main-to-renderer push events
- Define all IPC channels as string constants in a shared channels.ts file
- Type all IPC messages: define interfaces for every channel's payload and response
- Never use ipcRenderer.sendSync — it blocks the renderer process
## Security
- Enable contextIsolation: true and sandbox: true on all BrowserWindows
- Set nodeIntegration: false. Always. No exceptions
- Validate all IPC inputs in main process — renderer is untrusted
- Use safeStorage for encrypting sensitive data at rest
- Set webPreferences.webSecurity: true. Never disable for CORS workarounds
- CSP headers on all loaded pages. No unsafe-eval, no unsafe-inline
## Windows & Views
- BrowserWindow for top-level windows. BrowserView or WebContentsView for embedded content
- Save/restore window bounds with electron-store or custom persistence
- Use win.webContents.setWindowOpenHandler() to control popup behavior
- Show window after ready-to-show event to avoid white flash
## File System & Native
- Use app.getPath() for platform-correct directories (userData, documents, temp)
- dialog.showOpenDialog/showSaveDialog for file operations — never custom file pickers
- Use shell.openExternal() for URLs, shell.openPath() for files — validate URLs first
- Native menus via Menu.buildFromTemplate(). Platform-specific roles (undo, copy, paste)
## Updates & Distribution
- electron-updater with auto-update support. Check on startup + periodic interval
- Code sign for macOS and Windows. Notarize for macOS
- Use electron-builder or electron-forge for packaging