Monet

Monet is an Electron-first desktop app scaffold for a local AI agent experience. The current repository layout follows the initial architecture in specs/2026-04-23-initial-plan/spec.md: Electron hosts a statically exported Next.js renderer and talks to a local Hono controller over authenticated localhost HTTP.

Architecture

• apps/desktop: Electron main and preload processes, single-instance startup, and local controller orchestration.
• apps/web-ui: Next.js App Router UI exported to static assets for desktop packaging.
• apps/controller: Hono-based local API server with bearer-token auth and OpenAPI output.
• packages/shared: shared IDs, record types, and common utilities.
• packages/database: Drizzle and SQLite schema plus migration commands.
• packages/agent-core, packages/tools, packages/providers, packages/ui: reserved package boundaries for the next milestones.

Workspace Layout

.
├─ apps/
│  ├─ controller/
│  ├─ desktop/
│  └─ web-ui/
├─ packages/
│  ├─ agent-core/
│  ├─ database/
│  ├─ providers/
│  ├─ shared/
│  ├─ tools/
│  └─ ui/
├─ specs/
├─ package.json
└─ pnpm-workspace.yaml

Requirements

• Node.js >= 24
• pnpm 10.8.1

Commands

From the repository root:

• pnpm install: install all workspace dependencies.
• pnpm install:check: verify the lockfile-backed install path with --frozen-lockfile.
• pnpm check:openapi: regenerate apps/controller/openapi.json and fail if the committed artifact is stale.
• pnpm build: build the controller, web UI export, and desktop bundles needed by the current scaffold.
• pnpm pack:desktop: build the workspace and assemble an unpacked Electron app under dist/desktop/ for packaging validation.
• pnpm dist:desktop: build the workspace and produce desktop artifacts with electron-builder under dist/desktop/.
• pnpm release:desktop: build the workspace and publish desktop artifacts through Electron Builder's GitHub release flow.
• pnpm typecheck: run TypeScript checks across every workspace package that currently has sources.
• pnpm dev: start the controller, Next.js dev server, and Electron desktop app using the shared local dev token monet-dev-token.
• pnpm dev:controller: run the Hono controller only on 127.0.0.1:42831.
• pnpm dev:web: run the Next.js renderer only on 127.0.0.1:42832.
• pnpm dev:desktop: build the desktop TypeScript entrypoints once and launch Electron against the local dev controller and renderer.
• pnpm db:generate: generate Drizzle migrations for @monet/database.
• pnpm db:migrate: apply Drizzle migrations for @monet/database.

Development Notes

• The current pnpm dev flow uses a fixed local bearer token for convenience while the scaffold is being assembled. Production startup still generates an ephemeral token in Electron.
• pnpm dev:desktop performs a one-time TypeScript build before launching Electron. If you change files under apps/desktop/src, rerun pnpm build:desktop or restart pnpm dev.
• apps/web-ui uses output: 'export', so production renderer assets are emitted to apps/web-ui/out during pnpm build.
• The desktop app expects the built controller entrypoint at apps/controller/dist/electron-entry.js and the exported renderer entrypoint at apps/web-ui/out/index.html.
• Desktop packaging is configured in apps/desktop/package.json: Electron Builder packages apps/desktop/dist, bundles controller, renderer, and migration assets into app.asar, runs native dependency alignment via electron-builder install-app-deps, and flips Electron fuses for packaged builds.
• Managed desktop launches pin SQLite to app.getPath('userData')/sqlite/monet.db; on POSIX hosts Monet best-effort chmods the database directory to 0700 and the database, WAL, and SHM files to 0600.

Session Workspaces and File Tools

• Each session has a dedicated workspace for files the agent creates or reads during that chat. In desktop builds the workspace base is under the app user-data directory; local controller-only development falls back to session-workspaces/ under the controller working directory unless MONET_SESSION_WORKSPACE_DIR or MONET_USER_DATA_DIR is set.
• Relative read_file and write_file paths now resolve inside the current session workspace. For example, write_file("hello.html") writes to that session's workspace, not the repository root, controller cwd, home directory, or the first authorized directory.
• Writes inside the current session workspace do not require confirmation. Reads and writes outside the workspace are denied unless the target is inside an authorized directory; authorized-directory writes still require confirmation.
• Existing sessions are migration-compatible: they do not need pre-created workspace records. Monet derives a stable workspace path from the existing session ID and creates the directory lazily the first time a file operation or “Open workspace folder” action needs it.
• Existing persisted authorized directories and MONET_TOOL_ALLOWED_DIRECTORIES remain supported for real user/project files. The unsafe historical fallback that treated process.cwd() as authorized by default has been removed, so external access must come from persisted settings or environment configuration.

Release Notes

• macOS signing/notarization settings live in apps/desktop/package.json and use entitlements from apps/desktop/resources/.
• Windows packaging targets NSIS and is ready for certificate-based signing once CI secrets are added.
• Tagged releases (v*) are built by .github/workflows/release-desktop.yml and published as draft GitHub releases.
• Packaged builds now expose the first auto-update foundation through Electron Builder + electron-updater; dev builds keep updater checks disabled.
• The rollout plan for signing, notarization, release publishing, and updater behavior lives in docs/release/signing-and-notarization.md.

Current Status

Milestone 0 scaffolding is in place for the monorepo, shared packages, local controller, web UI shell, and Electron host. The next implementation steps are focused on wiring persistence, chat execution, and tool workflows on top of this foundation.