Electron output is a separate target. It is policy-driven and hardened by default so emitters can stay deterministic and predictable.
1policies: {
2 electron: {
3 security: {
4 contextIsolation: true,
5 nodeIntegration: false,
6 sandbox: true
7 },
8 loading: { devUrl: "http://localhost:5173" },
9 packaging: { tool: "electron-builder" }
10 }
11}Target Scope
Electron has its own policy block and TargetIR. It is not a variant of frontend or backend; it is a first-class target.
Security Baseline
Default policies enforce secure browser settings, IPC allowlists, and navigation hardening. The goal is safety without hidden defaults.
Dev vs Prod Loading
Dev loads a local dev server; prod loads a file:// URL. The switch is policy-driven and does not rely on ad-hoc logic in emitters.
Packaging and Updates
Packaging settings and auto-update wiring are handled through policy. Emitters only render the resolved output.
Extensions for OS Features
OS integrations (tray, deeplink, notifications) are best provided via extensions so core stays stable.