Run any Skill in Manus with one click

desktop

Pure Electron work for Grida Desktop: BrowserWindow, preload, `window.grida`, menus, protocol/deep links, file associations, Forge, path-scoped bridge security, Electron-only UI bugs, and CDP / Playwright verification. Use for `desktop/`, `editor/app/desktop/**`, `editor/scaffolds/desktop/**`, `editor/lib/desktop/**`, `/desktop/*` CSP, and GRIDA-SEC-004. For AgentHost, sessions, tools, providers, or `packages/grida-ai-agent/**`, use `agent-system`.

Run Skill in Manus

Stars2,521

Forks136

UpdatedJune 3, 2026 at 19:28

Source

gridaco

gridaco/grida

View GitHub Repository View Creator Repositories

Install command

Download

Run Skill in Manus

Useful forSOC

Software DevelopersComputer and Mathematical Occupations15-1252L4

SKILL.md

readonly

More from this repository

same repository

ai-models

gridaco/grida

Research, compare, and update AI model configurations. Covers text model tiers, image and video generation models, image tool models, pricing data sourcing, and the budget/rate-limit system. Use when bumping model versions, adding new models, updating pricing, or auditing model specs against provider documentation.

2026-06-092.5k

agent-system

gridaco/grida

Grida AI agent system work: `@grida/agent`, AgentHost, AgentSidecar server, loopback HTTP transport, sessions, workspaces/files, secrets/BYOK, providers, runtime/tool execution, skills discovery, prompts, tiers, and sandbox policy. Use for `packages/grida-ai-agent/**`, desktop sidecar protocol changes, agent chat transport, and bugs in agent state or streams. For pure Electron window, preload, menu, deep-link, or CDP work, use `desktop`.

2026-06-032.5k

docs-canvas

gridaco/grida

Author and manage user-facing documentation for the Grida Canvas editor. Covers writing style, tone, product screenshots, demo state preparation, and content structure for pages under docs/editor/. Use when creating or editing canvas editor documentation, capturing screenshots of canvas features, or planning visual demos. Trigger phrases: "write user docs", "document this feature", "screenshot for docs", "canvas user guide", "update help page".

2026-06-022.5k

docs

gridaco/grida

Decide which family a doc belongs to before drafting — SDK/developer, user/product, or working-group (WG) — since family sets the audience, home, and tone. Use when creating, moving, or restructuring docs, when unsure which directory a doc belongs in, or when a request says "document this" / "write docs for X" without naming the kind. Routes to the specialized skill for each family.

2026-06-022.5k

docs-svg-kit

gridaco/grida

Author SVG figures for Grida docs — diff-able, version-controlled vector diagrams embedded in doc pages instead of screenshots. Provides reusable primitives (selection chrome, size badges, anchor pins, resize cursors, click ripples), color/typography tokens, a starter template, and finished examples to crib from. Canvas user docs (docs/editor/) are the first consumer; the kit is meant to generalize to any product's docs. Use when drawing diagrams that explain UI behaviour — gestures, alignment, before/after states — that a screenshot alone can't capture. Trigger phrases: "svg diagram", "draw a figure", "visual for docs", "explain this gesture visually", "before/after diagram".

2026-06-022.5k

docs-wg

gridaco/grida

Doctrine for drafting and keeping working-group docs under `docs/wg/**` — RFC/RFD specs and findings/research/glossary. A WG doc is a language-agnostic, code-agnostic study of a domain: it argues *why* and defines *what*, never *how in our code*. Use when writing or editing anything under `docs/wg/`, an RFC/RFD, a spec, a design note, a glossary, or research findings — including "write up the design", "document the spec", or "capture what we learned". Not for plans/TODOs (untracked `*.plan.md`), user docs, or SDK API refs — use `docs` to route those.

2026-06-022.5k

name

desktop

description

Grida Desktop - Electron Shell

This skill is for the Electron shell only: main process, windows, menus, preload, native protocol/file entry points, and the renderer bridge surface. The renderer is still the editor's Next.js app under editor/app/desktop/; Electron URL-loads it from http://localhost:3000/desktop/* in dev and https://grida.co/desktop/* in prod.

Use agent-system for the AgentHost core, sessions, workspaces, providers, tool execution, HTTP routes, and tests in packages/grida-ai-agent.

Adjacent: security for the GRIDA-SEC-004 trust boundary, code-react for React code under editor/app/desktop/** and editor/scaffolds/desktop/**.

When to use this skill

Editing desktop/src/**, desktop/forge.config.ts, desktop/Info.plist, or desktop packaging/dev-server wiring.
Changing desktop/src/main.ts, window.ts, menu.ts, preload, bridge contract, app branding, host-app integration, deep links, file associations, single-instance behavior, or multi-window routing.
Touching editor/app/desktop/**, editor/scaffolds/desktop/**, or editor/lib/desktop/** because the UI depends on window.grida.
Debugging "works in browser but not in desktop" or "only repros in Electron" issues.
Verifying the desktop app through CDP / Playwright.
Touching CSP or proxy behavior for /desktop/*.

Skip this skill when the change is core agent behavior that can be tested without Electron. Use agent-system for packages/grida-ai-agent/**, AgentHost HTTP routes, sessions, files/workspaces, providers, tools, runtime, skills, and BYOK/secrets.

Shape

Electron main (desktop/src/main.ts)
  - single-instance lock
  - BrowserWindow.loadURL(`${EDITOR_BASE_URL}/desktop/welcome`)
  - grida:// protocol router, open-file/argv queue
  - starts/supervises the AgentSidecar adapter
        |
        | contextBridge.exposeInMainWorld("grida", ...)
        | only for /desktop or /desktop/*
        v
Renderer (editor/app/desktop/**)
  - DesktopBridgeGate renders desktop UI only when bridge is present
  - web visitors get OpenInDesktopCta
  - CSP strict, no analytics, no third-party scripts
        |
        v
AgentSidecar loopback service
  - owned by the agent-system skill

Four invariants:

pnpm dev in desktop/ does not serve the renderer. Run the editor dev server on :3000 separately.
The preload is path-scoped. Outside /desktop/*, window.grida is intentionally undefined.
Keep contextIsolation: true, nodeIntegration: false, and sandbox: true.
Electron code adapts and supervises native shell behavior. Core behavior that can be tested without Electron belongs in agent-system.

Running Locally

Use two terminals:

# Terminal 1 - renderer
pnpm --filter editor dev

# Terminal 2 - Electron shell
cd desktop && pnpm dev
# Insiders build:
cd desktop && pnpm dev -- --insiders

EDITOR_BASE_URL lives in desktop/src/env.ts. It resolves to http://localhost:3000 in development and https://grida.co otherwise.

electron-forge start can return the shell prompt while Electron stays alive. Confirm with:

lsof -iTCP:9222 -sTCP:LISTEN
ps -A | grep grida/desktop/node_modules/electron

Kill cleanly:

pkill -f "grida/desktop/node_modules/electron"
pkill -f "grida/desktop/node_modules/.bin/electron-forge"

CDP / Playwright Verification

Launch with CDP enabled:

cd desktop && pnpm dev -- --remote-debugging-port=9222

The -- is required so Forge forwards the flag to Electron.

Probe targets:

curl -s http://127.0.0.1:9222/json/version
curl -s http://127.0.0.1:9222/json

Preferred client:

One-off probe: direct CDP with Node's built-in WebSocket and fetch.
Scripted verification: chromium.connectOverCDP("http://127.0.0.1:9222").
Owned Electron lifecycle or native menus/dialogs: Playwright _electron plus electron-playwright-helpers.

Minimal probe:

import { chromium } from "playwright-core";

const browser = await chromium.connectOverCDP("http://127.0.0.1:9222");
const page = browser.contexts()[0].pages()[0];
console.log("url:", page.url());
console.log("hasBridge:", await page.evaluate(() => typeof window.grida));
await page.screenshot({ path: "/tmp/grida-desktop.png" });
await browser.close();

If playwright-core does not resolve at repo root, run the probe from editor/, import the package from pnpm's .pnpm path, or add Playwright to desktop/package.json.

Inspect main process:

cd desktop && pnpm dev -- --inspect-electron

Then open chrome://inspect/#devices, add localhost:5858, and inspect.

Bridge

The renderer's native-capability surface is the typed client in editor/lib/desktop/bridge.ts. React code reads it via useDesktopBridge(), an SSR-safe useSyncExternalStore wrapper.

Hard gate:

const bridge = useDesktopBridge();
if (!bridge) return null;
return <Button onClick={() => bridge.dialog.open(...)} />;

Soft branch:

const bridge = useDesktopBridge();
const onSave = bridge
  ? () => bridge.files.write(docId, svg)
  : () => downloadAsBlob(svg);

DesktopBridgeGate in editor/scaffolds/desktop/ gates whole desktop pages.

Verify from CDP:

await page.evaluate(() => ({
  bridge: typeof window.grida,
  version: window.grida?.app?.version,
  caps: window.grida?.caps,
}));

The preload runs after Next.js streams the first HTML. A screenshot taken immediately after load can catch the temporary CTA before hydration observes window.grida; wait for a post-hydration element or a short timeout before judging the bridge state.

Boundaries

Concern	Lives in	Notes
Window/menu/dialog wiring	`desktop/src/main/**`	Native shell behavior
Protocol and file routing	`desktop/src/main/**`, `desktop/Info.plist`	`grida://`, open-file, argv queue
Agent sidecar supervision	`desktop/src/main/**`, `desktop/src/agent-sidecar.ts`	Adapter only; core is `agent-system`
Preload bridge	`desktop/src/preload.ts`	Path-scoped `window.grida`, auth held in closure
Renderer desktop routes	`editor/app/desktop/**`	No server actions, no `next/headers`
Renderer scaffolds	`editor/scaffolds/desktop/**`	UI using `@/lib/desktop/*`
Typed bridge client	`editor/lib/desktop/**`	Pure TS client, no server-only imports

Do not put OPFS or IndexedDB desktop storage in editor/app/desktop/**. Desktop storage goes through the bridge and agent host.

Do not add core behavior in Electron main/preload. If it is testable without Electron, move it to the agent-system package.

Security Boundary: GRIDA-SEC-004

When changing the bridge or navigation rules, review SECURITY.md and the security skill. The relevant desktop layers are:

Path-scoped preload: window.grida only on /desktop or /desktop/* at document load time.
Navigation allowlist in desktop/src/window.ts.
CSP-strict /desktop/* route group.
Per-launch bridge credentials held in the preload closure, never exposed on window.grida.
No bridge method may exfiltrate secrets or run arbitrary local code.

Verification

For non-trivial desktop changes:

Run both the editor dev server and Electron shell.
Use CDP / Playwright to touch the changed surface.
Cold reload or relaunch Electron once to exercise preload and hydration.
Run owner checks:
- Electron adapter: pnpm --dir desktop typecheck and pnpm --dir desktop test.
- Renderer desktop UI: pnpm --filter editor typecheck.
- Agent core changes: switch to agent-system.

Pointers

Electron main: desktop/src/main.ts
Window and navigation policy: desktop/src/window.ts
Preload bridge: desktop/src/preload.ts
Forge config: desktop/forge.config.ts
File associations: desktop/Info.plist
Renderer routes: editor/app/desktop/
Renderer scaffolds: editor/scaffolds/desktop/
Typed bridge client: editor/lib/desktop/bridge.ts
CSP for /desktop/*: editor/proxy.ts
Threat model: SECURITY.md (GRIDA-SEC-004)