Journal

Electron hardening day: 4-layer tenant isolation, Apple cert prep, 3-layer shutdown

voice-generatedtechelectronsecurity

Signal

160 sessions, 2,923 minutes, $1,792.92 across 6 projects: the biggest reliability push on jobs-apply to date internal attribution repair ran in parallel, 100 of the 160 sessions stayed pinned to internal audit pipeline while jobs-apply got 25

Evidence

Jobs-apply shipped 4-layer tenant isolation: UserScopedRepository base class, ScopedRepos bundle, 47 routes audited, Postgres RLS enabled on 12 tables 20 new tenant-isolation tests prove cross-tenant reads, writes, updates and deletes all fail; 762 of 762 tests pass with zero regressions 3-layer shutdown defense landed: async before-quit, parent-PID watchdog with 2-second poll, launch-time stale cleanup covering port 3847, PID files and Chrome SingletonLocks Apple notarization prep: entitlements.mac.plist with 4 entries, hardenedRuntime on, after-pack hook forcing NSAllowsArbitraryLoads=false and scrubbing dev paths from 122 Next.js standalone files electron-updater ripped out after crashing on every launch with MODULE_NOT_FOUND; replaced with a website version checker hitting /api/version DB wiped clean: 607 orphaned applications and 3,912 orphaned jobs with user_id=NULL deleted after the tenant isolation refactor internal attribution repair stage: 2,051 of 3,362 misbound events fixed, dual-zip member plus regular shipping mode proven out

So What

This is what “production-ready desktop” means when you’ve been shipping a web-first mental model. Every hardening layer that landed today existed because a user hit the failure mode first: a leak of “Private Academic Tutor” from Colin’s profile into Alejandro’s search criteria forced the tenant isolation work, a crashing electron-updater forced the version-checker rewrite, an NSAllowsArbitraryLoads default forced the after-pack scrub. Reactive hardening works; proactive hardening is cheaper

What’s Next

DMG dropped to 209MB from 259MB, 30+ validate-build checks gate every release, and Apple Developer enrollment is still pending. Which of today’s 4 security layers is the one that actually catches the next incident, and which ones are belt-and-suspenders?

Log

  • Sessions: 160 across 6 projects, 2923m total
  • Top projects: internal audit pipeline (2089m), jobs-apply (399m)
  • Commits: 0 tracked in bloomnet.db (live git work not ingested)
  • Models: opus-4 dominant (331K tokens), sonnet-4 secondary (51K tokens)
  • Cost: $1792.92