- Guard against NaN ports from non-numeric env variables in constants.ts
- Validate IPC sender before returning API key to prevent leaking to
untrusted senders (webviews, additional windows)
- Filter dialog properties to maintain file-only intent and prevent
renderer from requesting directories via OPEN_FILE
- Fix Windows VS Code URL paths by ensuring leading slash after 'file'
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Extract the monolithic main.ts (~1000 lines) into focused modules:
- electron/constants.ts - Window sizing, port defaults, filenames
- electron/state.ts - Shared state container
- electron/utils/ - Port availability and icon utilities
- electron/security/ - API key management
- electron/windows/ - Window bounds and main window creation
- electron/server/ - Backend and static server management
- electron/ipc/ - IPC handlers with shared channel constants
Benefits:
- Improved testability with isolated modules
- Better discoverability and maintainability
- Single source of truth for IPC channels (used by both main and preload)
- Clear separation of concerns
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
