feat: v0.2.0 stabilization - security, perf, UX, tests, GitPanel decomp

Security:
- sandbox: true in production, bypassCSP removed from protocols
- will-navigate blocked, terminal cwd validated, PID kill allowlisted
- All 74 IPC handlers migrated to ipcHandler factory

Performance:
- All filesystem I/O async (fs.promises), execSync replaced
- Individual Zustand selectors in TerminalPanel
- visibleTerminals memoized, editor sync filtered to non-dirty files

UX:
- GitPanel decomposed into 5 sub-components (StagingArea, CommitBar,
  BranchSelector, CommitLog) with lightweight refreshStatus
- Confirmation dialogs on destructive actions
- Separate Commit vs Push buttons, emoji replaced with SVG
- Tool Run stays on panel, double-click guard, agent launcher active state
- File click auto-switches to editor from any panel

Tests:
- 72 new tests (pathValidation, WalletService, EnvService, McpConfig, ToolService)
- 92/92 total passing

Infrastructure:
- Plugin context system (PluginContextRegistry, PluginPrompt, IPC bridge)
- Browser and Gmail plugin scaffolding
- Planning docs for v0.2.0 milestone

Author: nullxnothing

.planning/MILESTONES.md

@@ -0,0 +1,16 @@
+# Milestones
+
+## v0.1.0 -- Initial Build (Completed 2026-03-31)
+
+**Phases 1-8:** Shell, Agent Launcher, Claude Panel, Process Manager, Env Manager, Ports, Git, Wallet
+**Refactoring Phases 1-10:** IPC Factory, Types, Zustand helpers, ErrorRecovery, ResourceManager, Saga, Logging, Code Splitting, Validation, DB Migrations
+
+**Shipped:**
+- Full IDE with Monaco + terminal + file explorer + project tabs
+- Agent system with Claude Code CLI spawning
+- 10 production infrastructure services
+- Settings, Tools, Onboarding panels
+- GitHub Actions CI/CD + release workflow
+- 20/20 tests passing, 0 TypeScript errors
+
+**Last phase number:** 10 (refactoring)

.planning/PROJECT.md

@@ -0,0 +1,39 @@
+# DAEMON
+
+**Type:** Electron IDE for AI-native development
+**Owner:** nullxnothing
+**Repo:** github.com/nullxnothing/daemon
+
+## Core Value
+
+A single-window IDE where solo developers ship with AI agents. Monaco editor, PTY terminals, Claude Code agent spawning, MCP management, Solana wallet, plugin system.
+
+## Current Milestone: v0.2.0 Stabilization & Production Hardening
+
+**Goal:** Address all findings from 7-agent audit (debugger, UX, code reviewer, performance, security, React, test coverage) to make DAEMON release-ready.
+
+**Target outcomes:**
+- Zero critical/high audit findings remaining
+- Test coverage for all security-critical paths
+- Lazy-loaded panels with code splitting
+- Async I/O throughout main process
+- GitPanel decomposed into maintainable sub-components
+- File content decoupled from openFiles store array
+
+## Validated Requirements (Already Built)
+
+- Shell: Monaco editor, node-pty terminals, SQLite, file explorer, project tabs
+- Agent Launcher: CRUD, spawn Claude Code CLI, terminal tabs with agent names
+- Claude Panel: MCP management per project + global, usage stats, CLAUDE.md tools
+- Process Manager, Env Manager, Ports Panel, Git Panel, Wallet Panel
+- Settings Panel (API Keys, Integrations, Agents, Display)
+- Tools Panel (browser, create, run, import)
+- Production infrastructure (ErrorRecovery, ResourceManager, SagaOrchestrator, LogService, ValidationService)
+- CI/CD: GitHub Actions for typecheck + test + build, release workflow
+- Security: CSP headers, path validation, terminal cwd validation, PID allowlist
+
+## Tech Stack
+
+Electron 33, React 18, TypeScript, Vite, Monaco Editor, node-pty + xterm.js, Zustand, better-sqlite3, simple-git, electron-builder
+
+## Last updated: 2026-03-31

.planning/REQUIREMENTS.md

@@ -0,0 +1,70 @@
+# Requirements -- Milestone v0.2.0 Stabilization
+
+## Performance
+
+- [ ] **PERF-01**: Lazy-load all non-default panels with React.lazy + Suspense (EditorPanel and TerminalPanel stay eager)
+- [ ] **PERF-02**: Split Monaco and xterm into separate vendor chunks via Vite manualChunks
+- [ ] **PERF-03**: Replace all sync filesystem I/O in main process with async equivalents (fs.promises)
+- [ ] **PERF-04**: GitPanel uses lightweight refreshStatus() (status only) after stage/unstage instead of full 4-IPC reload
+- [ ] **PERF-05**: Decouple file content from openFiles Zustand array into a separate Map to eliminate expensive clones per keystroke
+
+## Memory
+
+- [ ] **MEM-01**: Dispose all Monaco models for a project when that project is removed or switched away
+- [ ] **MEM-02**: Cap viewStateCache at 50 entries with LRU eviction
+
+## Security
+
+- [ ] **SEC-01**: Add sandbox: true to BrowserWindow webPreferences and verify preload still works
+- [ ] **SEC-02**: Remove bypassCSP: true from monaco-editor and daemon-icon protocol registrations
+- [ ] **SEC-03**: Add will-navigate handler on webContents to block all navigation away from app origin
+
+## React Stability
+
+- [ ] **REACT-01**: Add cancellation guards to all async IPC calls in useEffect (agents list, skills section, usage section)
+- [ ] **REACT-02**: Wrap TerminalView in React.memo to prevent unnecessary re-renders in split pane layout
+- [ ] **REACT-03**: Replace ternary chain in App.tsx center-area routing with a lookup map
+
+## UX Polish
+
+- [ ] **UX-01**: Add confirmation dialogs before destructive actions (API key delete, tool delete, branch checkout with uncommitted changes)
+- [ ] **UX-02**: Add standalone "Commit" button separate from "Commit & Push" in GitPanel
+- [ ] **UX-03**: Replace emoji wand button in GitPanel with SVG icon
+- [ ] **UX-04**: Show placeholder in branch selector during initial load
+- [ ] **UX-05**: Display "No tidy changes" as neutral info message, not error
+- [ ] **UX-06**: Tool "Run" action stays on Tools panel instead of navigating to Claude
+- [ ] **UX-07**: Add startingToolIds guard to prevent double-click spawning two terminals
+- [ ] **UX-08**: Agent Launcher sidebar button shows active state when launcher is open
+
+## Code Quality
+
+- [ ] **CODE-01**: Decompose GitPanel into sub-components (StagingArea, CommitBar, BranchSelector, StashControls, CommitLog)
+- [ ] **CODE-02**: Migrate remaining IPC handlers (filesystem, wallet, recovery, claude, env, ports, processes, settings, tweets, plugins) to ipcHandler factory
+
+## Test Coverage
+
+- [ ] **TEST-01**: pathValidation.test.ts -- path traversal, prefix attacks, empty projects, Windows normalization
+- [ ] **TEST-02**: WalletService.test.ts -- address validation, default promotion on delete, project assignment
+- [ ] **TEST-03**: EnvService.test.ts -- parse/write roundtrip, quote handling, export prefix, secret detection
+- [ ] **TEST-04**: McpConfig.test.ts -- toggle/restore, corrupted JSON resilience, project vs global isolation
+- [ ] **TEST-05**: ToolService.test.ts -- scaffold, import validation, deleteTool rmSync safety, buildRunCommand per language
+
+## Traceability
+
+| Requirement | Phase |
+|-------------|-------|
+| PERF-01..05 | TBD |
+| MEM-01..02 | TBD |
+| SEC-01..03 | TBD |
+| REACT-01..03 | TBD |
+| UX-01..08 | TBD |
+| CODE-01..02 | TBD |
+| TEST-01..05 | TBD |
+
+## Future (Out of Scope for v0.2.0)
+
+- Lazy-load the MonacoEditor component itself (complex due to worker setup)
+- Batch IPC calls into single project:switch handler
+- Move file content to IndexedDB for truly large files
+- Redis-backed rate limiting for IPC
+- Full e2e test suite with Playwright against packaged app

.planning/STATE.md

@@ -0,0 +1,22 @@
+# State
+
+## Current Position
+
+Phase: Not started (defining requirements)
+Plan: --
+Status: Defining requirements from 7-agent audit
+Last activity: 2026-03-31 -- Milestone v0.2.0 started
+
+## Accumulated Context
+
+### Decisions
+- All internal planning docs removed from public repo (gitignored)
+- CI/CD set up with GitHub Actions (typecheck + test + build + release)
+- Git author set to nullxnothing for all commits
+- Conventional commits enforced
+
+### Audit Findings (Source)
+- Round 1: Debugger (7 bugs), UX Optimizer (28 issues), Code Reviewer (19 findings)
+- Round 2: Performance (13 findings), Security (17 findings), React (11 findings), Test Coverage (10 priority test files)
+- Critical/High items from rounds 1+2 already fixed in commits 3b6119f and 11292ee
+- Remaining items are medium/low priority - this milestone addresses them systematically

.planning/config.json

@@ -0,0 +1,4 @@
+{
+  "commit_docs": true,
+  "model_profile": "balanced"
+}

PLUGIN_TODOS.md

@@ -0,0 +1,139 @@
+# Plugin Implementation TODOs
+
+Each plugin has a **context** (AI persona, templates, skills) and a **service** (IPC, business logic, UI).
+Context system is complete for all 9 plugins. Service/UI work remains per plugin.
+
+---
+
+## Phase 9: Image Generator (imagegen)
+- [x] Plugin context registered (system prompt, templates: generate/refine, skills: photo-real/ui-mockup/logo-icon)
+- [x] Plugin registered in PLUGIN_REGISTRY
+- [ ] ImageGenService — call Gemini imagen-4 API for generation
+- [ ] Wire pluginPrompt('imagegen', 'generate') for prompt refinement before sending to imagen
+- [ ] IPC handlers: imagegen:generate, imagegen:list, imagegen:delete
+- [ ] Preload bridge: window.daemon.imagegen.*
+- [ ] UI: prompt input, style/ratio selectors, gallery grid, image preview
+- [ ] Save generated images to images table + ~/.daemon/images/
+- [ ] Saga orchestration: generate prompt → call imagen → save file → insert DB
+
+## Phase 10: Gmail Code Catcher (gmail)
+- [x] Plugin context registered (system prompt, templates: extract/summarize, skills: code-detect/action-items)
+- [x] Plugin registered in PLUGIN_REGISTRY
+- [x] GmailService — OAuth2 flow via Google API (tokens in oauth_tokens table via safeStorage)
+- [x] Wire pluginPrompt('gmail', 'extract') to parse email bodies
+- [x] IPC handlers: gmail:auth-status, gmail:auth, gmail:exchange-code, gmail:logout, gmail:list, gmail:read, gmail:extract, gmail:summarize
+- [x] Preload bridge: window.daemon.gmail.*
+- [x] UI: auth flow (credentials + code exchange), inbox list, email viewer, extract + summarize buttons, extraction cards with copy
+- [x] Saga orchestration: extract code via orchestratedPrompt
+- [ ] Auto-detect code in new emails, surface in morning briefing
+- [ ] Onboarding: Gmail OAuth setup during first-run
+
+## Phase 11: Tweet Generator (tweet-generator)
+- [x] Plugin context registered (system prompt, templates: original/reply/quote/thread, skills: ct-voice/solana-context/engagement-hooks/thread-craft)
+- [x] TweetService refactored to use pluginPrompt + SagaOrchestrator
+- [x] Voice profile reads from plugin context (falls back to legacy DB)
+- [x] IPC handlers complete
+- [x] Preload bridge complete
+- [x] UI: TweetGenerator, VoiceProfileEditor, TweetVariations, DraftList
+- [ ] Thread generation UI (uses 'thread' template, not yet wired)
+- [ ] Plugin context editor UI (toggle skills, edit system prompt from Settings)
+- [ ] Scheduled tweet drafts (morning batch generation)
+
+## Phase 12: Subscription Manager (subscriptions)
+- [x] Plugin context registered (system prompt, templates: analyze-usage/cost-alert/compare-plans, skills: usage-tracking/cost-optimization/overage-prediction)
+- [x] Plugin registered in PLUGIN_REGISTRY
+- [x] DB table: subscriptions (id, name, monthly_cost, renewal_day, usage_limit, usage_current, alert_at, url, api_key_hint)
+- [ ] SubscriptionService — CRUD + usage tracking + alert logic
+- [ ] Wire pluginPrompt('subscriptions', 'analyze-usage') for monthly reports
+- [ ] Wire pluginPrompt('subscriptions', 'cost-alert') for overage warnings
+- [ ] IPC handlers: subscriptions:list, subscriptions:add, subscriptions:update, subscriptions:delete, subscriptions:analyze
+- [ ] Preload bridge: window.daemon.subscriptions.*
+- [ ] UI: subscription list, add/edit modal, usage bars, cost breakdown chart
+- [ ] Alert integration with morning briefing (flag services approaching limits)
+
+## Phase 13: Remotion Panel (remotion)
+- [x] Plugin context registered (full production formula hardwired, templates: scene/composition/animate/terminal-demo/encode, 10 skills)
+- [x] Plugin registered in PLUGIN_REGISTRY
+- [ ] RemotionService — manage localhost Remotion studio, render pipeline
+- [ ] Wire pluginPrompt('remotion', 'scene') for AI scene generation
+- [ ] Wire pluginPrompt('remotion', 'composition') for full video scaffolding
+- [ ] Wire pluginPrompt('remotion', 'encode') for ffmpeg command generation
+- [ ] IPC handlers: remotion:render, remotion:preview, remotion:generate-scene, remotion:list-compositions
+- [ ] Preload bridge: window.daemon.remotion.*
+- [ ] UI: composition browser, scene editor, render queue, preview iframe
+- [ ] CompanionPanel (already in registry) — timeline, props editor
+- [ ] Saga orchestration: generate scene → write file → preview → render → encode
+
+## Phase 14: Browser + Playwright CDP (browser)
+- [x] Plugin context registered (system prompt, templates: summarize-page/extract-data/compare-pages/audit-page, skills: content-extract/page-diff/security-recon/screenshot-analysis)
+- [x] Plugin registered in PLUGIN_REGISTRY
+- [x] BrowserService — fetch-based navigation, page caching, AI analysis via pluginPrompt
+- [x] Wire pluginPrompt('browser', 'summarize-page') for page analysis
+- [x] Wire pluginPrompt('browser', 'audit-page') for security recon
+- [x] IPC handlers: browser:navigate, browser:content, browser:analyze, browser:audit, browser:history, browser:clear
+- [x] Preload bridge: window.daemon.browser.*
+- [x] UI: URL bar, page info, summarize/extract/audit buttons, content/analysis/history tabs, history list
+- [x] Saga orchestration: analysis via orchestratedPrompt
+- [ ] Playwright CDP integration (port 9222) for interactive automation
+- [ ] Embedded webview for visual browsing (currently fetch-only)
+- [ ] Screenshot capture + visual analysis
+- [ ] Page diff tracking (compare states before/after actions)
+- [ ] Onboarding: optional Playwright setup during first-run
+
+## Phase 15: Context Bridge Extension
+- [ ] VS Code extension that syncs DAEMON context to editor
+- [ ] Bi-directional: editor selections → DAEMON plugins, DAEMON outputs → editor
+- [ ] No plugin context needed (bridge, not AI consumer)
+
+---
+
+## Future Plugins
+
+### Telegram (telegram)
+- [x] Plugin context registered (system prompt, templates: compose/summarize-chat/reply/announcement, skills: ct-tone/dev-tone/chat-summary/formatting)
+- [x] Plugin registered in PLUGIN_REGISTRY
+- [ ] TelegramService — connect via telegram-user MCP or TDLib
+- [ ] Wire pluginPrompt('telegram', 'compose') for message drafting
+- [ ] Wire pluginPrompt('telegram', 'summarize-chat') for conversation digests
+- [ ] IPC handlers: telegram:dialogs, telegram:read, telegram:send, telegram:summarize
+- [ ] Preload bridge: window.daemon.telegram.*
+- [ ] UI: dialog list, chat view, compose panel, channel management
+- [ ] Integration with morning briefing (overnight message summaries)
+
+### Morning Briefing (morning-briefing)
+- [x] Plugin context registered (system prompt, templates: digest/prioritize, skills: error-triage/git-summary)
+- [x] Plugin registered in PLUGIN_REGISTRY
+- [ ] BriefingService — aggregate overnight data from all sources
+- [ ] Wire pluginPrompt('morning-briefing', 'digest') for overnight compilation
+- [ ] Wire pluginPrompt('morning-briefing', 'prioritize') for task ranking
+- [ ] IPC handlers: briefing:generate, briefing:history, briefing:dismiss
+- [ ] Preload bridge: window.daemon.briefing.*
+- [ ] UI: overlay panel (already mounted as 'overlay' position), dismiss/snooze
+- [ ] Data sources: error_logs, git activity, crash_history, overnight_runs, telegram, gmail
+- [ ] DB table: overnight_runs (exists) — link briefings to run data
+
+### Services Panel (services)
+- [x] Plugin context registered (system prompt, templates: diagnose-crash/health-report/suggest-config/log-analysis, skills: crash-analysis/auto-fix/resource-monitor/log-parsing)
+- [x] Plugin registered in PLUGIN_REGISTRY
+- [x] DB tables: services, crash_history (exist)
+- [ ] ServicesService — start/stop/restart, health checks, log capture
+- [ ] Wire pluginPrompt('services', 'diagnose-crash') for crash analysis
+- [ ] Wire pluginPrompt('services', 'log-analysis') for pattern detection
+- [ ] IPC handlers: services:list, services:start, services:stop, services:logs, services:diagnose
+- [ ] Preload bridge: window.daemon.services.*
+- [ ] UI: service list with status dots, log viewer, crash history, config editor
+- [ ] Auto-restart with crash analysis before retry
+- [ ] Saga orchestration: detect crash → analyze logs → suggest fix → optionally auto-apply → restart
+
+---
+
+## Cross-Plugin Infrastructure (Complete)
+- [x] PluginContextRegistry — register/get/update/toggle/reset per plugin
+- [x] PluginPrompt — template interpolation, skill injection, ClaudeRouter routing
+- [x] SagaOrchestrator — multi-step operations with compensation/rollback
+- [x] orchestratedPrompt() — wraps pluginPrompt in saga steps
+- [x] plugin_contexts DB table (V9 migration)
+- [x] IPC: plugin-context:get/update/toggle-skill/reset/list
+- [x] Preload: window.daemon.plugins.contextGet/Update/ToggleSkill/Reset/List
+- [x] Type declarations: PluginContextConfig, PluginSkill, PromptTemplate
+- [ ] Plugin Context Editor UI — settings panel to edit system prompts, toggle skills, switch models per plugin

electron/ipc/browser.ts

@@ -0,0 +1,44 @@
+import { ipcMain } from 'electron'
+import {
+  navigate,
+  getPage,
+  getLatestPage,
+  analyzePage,
+  auditPage,
+  getHistory,
+  clearHistory,
+} from '../services/BrowserService'
+import { ipcHandler } from '../services/IpcHandlerFactory'
+
+export function registerBrowserHandlers() {
+  ipcMain.handle('browser:navigate', ipcHandler(async (_event, url: string) => {
+    return await navigate(url)
+  }))
+
+  ipcMain.handle('browser:content', ipcHandler(async (_event, pageId: string) => {
+    const page = getPage(pageId) ?? getLatestPage()
+    if (!page) throw new Error('No page loaded')
+    return page
+  }))
+
+  ipcMain.handle('browser:analyze', ipcHandler(async (
+    _event,
+    pageId: string,
+    type: 'summarize' | 'extract' | 'audit' | 'compare',
+    target?: string,
+  ) => {
+    return await analyzePage(pageId, type, target)
+  }))
+
+  ipcMain.handle('browser:audit', ipcHandler(async (_event, pageId: string) => {
+    return await auditPage(pageId)
+  }))
+
+  ipcMain.handle('browser:history', ipcHandler(async () => {
+    return getHistory()
+  }))
+
+  ipcMain.handle('browser:clear', ipcHandler(async () => {
+    clearHistory()
+  }))
+}

electron/ipc/gmail.ts

@@ -0,0 +1,47 @@
+import { ipcMain } from 'electron'
+import {
+  getAuthStatus,
+  authenticate,
+  exchangeAuthCode,
+  logout,
+  listMessages,
+  readMessage,
+  extractCode,
+  summarizeMessage,
+} from '../services/GmailService'
+import { ipcHandler } from '../services/IpcHandlerFactory'
+
+export function registerGmailHandlers() {
+  ipcMain.handle('gmail:auth-status', ipcHandler(async () => {
+    return await getAuthStatus()
+  }))
+
+  ipcMain.handle('gmail:auth', ipcHandler(async (_event, clientId: string, clientSecret: string) => {
+    return await authenticate(clientId, clientSecret)
+  }))
+
+  ipcMain.handle('gmail:exchange-code', ipcHandler(async (_event, code: string) => {
+    return await exchangeAuthCode(code)
+  }))
+
+  ipcMain.handle('gmail:logout', ipcHandler(async () => {
+    logout()
+  }))
+
+  ipcMain.handle('gmail:list', ipcHandler(async (_event, query?: string, maxResults?: number) => {
+    return await listMessages(query, maxResults)
+  }))
+
+  ipcMain.handle('gmail:read', ipcHandler(async (_event, messageId: string) => {
+    return await readMessage(messageId)
+  }))
+
+  ipcMain.handle('gmail:extract', ipcHandler(async (_event, messageId: string) => {
+    return await extractCode(messageId)
+  }))
+
+  ipcMain.handle('gmail:summarize', ipcHandler(async (_event, messageId: string) => {
+    const summary = await summarizeMessage(messageId)
+    return { summary }
+  }))
+}