feat: add sandbox QA and desktop installers

.github/workflows/ci.yml

@@ -31,6 +31,12 @@ jobs:
       - name: Test
         run: npm test
 
+      - name: Install browser for sandbox smoke
+        run: npx playwright install --with-deps chromium
+
+      - name: Browser sandbox smoke
+        run: npm run e2e
+
       - name: Typecheck
         run: npm run typecheck
 

.github/workflows/release.yml

@@ -0,0 +1,68 @@
+name: release
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+permissions:
+  contents: write
+
+env:
+  FORCE_JAVASCRIPT_ACTIONS_TO_NODE24: true
+
+jobs:
+  desktop:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - os: ubuntu-latest
+            script: dist:linux
+          - os: windows-latest
+            script: dist:win
+          - os: macos-latest
+            script: dist:mac
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 24
+          cache: npm
+
+      - name: Install
+        run: npm ci
+
+      - name: Test
+        run: npm test
+
+      - name: Typecheck
+        run: npm run typecheck
+
+      - name: Build desktop artifacts
+        run: npm run ${{ matrix.script }}
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CSC_IDENTITY_AUTO_DISCOVERY: false
+
+      - name: Upload artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: proof-pack-${{ matrix.os }}
+          path: |
+            release/*
+            !release/*.blockmap
+
+      - name: Attach to GitHub Release
+        if: startsWith(github.ref, 'refs/tags/')
+        uses: softprops/action-gh-release@v2
+        with:
+          draft: true
+          files: |
+            release/*
+            !release/*.blockmap

.gitignore

@@ -1,6 +1,9 @@
 node_modules/
 dist/
+release/
 coverage/
+playwright-report/
+test-results/
 .vite/
 .DS_Store
 .env

CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## 0.2.0
+
+Research, sandbox hardening, and desktop distribution pass.
+
+- Added product improvement research and roadmap docs
+- Added Electron desktop shell
+- Added electron-builder installer configuration for Linux, Windows 11, and macOS
+- Added release workflow for desktop artifacts
+- Added Playwright browser sandbox tests
+- Added defensive import normalization for malformed JSON
+- Added clipboard failure handling
+- Added aria-live status feedback
+- Added visible quality severity labels
+- Added generated application icon assets
+
 ## 0.1.0
 
 Initial professional build.

README.md

@@ -23,10 +23,13 @@ This is not a generic notes app. It is a proof desk.
 - Per-packet Markdown and JSON export
 - Whole-workspace JSON export
 - JSON import with merge behavior
+- Defensive import normalization for malformed packet files
 - Versioned storage with corrupt-data quarantine
+- Browser sandbox smoke tests with Playwright
+- Desktop installer scaffold for macOS, Linux, and Windows 11 through Electron
 - Responsive dark operator UI
 - TypeScript, Vitest, Vite, React
-- GitHub Actions CI for install, test, typecheck, and production build
+- GitHub Actions CI for install, test, browser smoke, typecheck, and production build
 
 ## Use cases
 
@@ -62,10 +65,46 @@ npm run preview
 
 ```bash
 npm test
+npm run e2e
 npm run typecheck
 npm run build
 ```
 
+## Desktop app and installers
+
+Run the desktop shell in development:
+
+```bash
+npm run electron:dev
+```
+
+Build an unpacked desktop app:
+
+```bash
+npm run pack
+```
+
+Build Linux installers on Linux:
+
+```bash
+npm run dist:linux
+```
+
+Build Windows and macOS installers on native CI runners:
+
+```bash
+npm run dist:win
+npm run dist:mac
+```
+
+Release artifacts are configured in `.github/workflows/release.yml`. macOS and Windows releases should be signed before broad distribution.
+
+Research and platform details live in:
+
+- `docs/product-research.md`
+- `docs/desktop-distribution.md`
+- `docs/sandbox-qa.md`
+
 ## Data model
 
 A proof packet captures:
@@ -100,12 +139,13 @@ proof-pack:v1:corrupt
 
 The next valuable slices are:
 
-1. Project-level workspaces and client folders
-2. PDF export
-3. Evidence attachment manifest
-4. ReeseBrain export target
-5. Mission Control integration
-6. Public read-only packet links, only after auth and privacy design
+1. Professional export suite with print/PDF output
+2. Project-level workspaces and client folders
+3. Structured evidence manifest
+4. Durable storage upgrade beyond localStorage
+5. ReeseBrain export target
+6. Mission Control integration
+7. Public read-only packet links, only after auth and privacy design
 
 ## Privacy posture
 

docs/desktop-distribution.md

@@ -0,0 +1,111 @@
+# Desktop Distribution Plan
+
+Proof Pack uses Electron plus electron-builder for desktop installers.
+
+## Why Electron first
+
+Proof Pack is already a Vite React app. Electron is the fastest robust path to real installers without rewriting the product.
+
+Benefits:
+
+- macOS dmg and zip targets
+- Windows 11 NSIS setup and portable exe targets
+- Linux AppImage and deb targets
+- mature GitHub Releases support
+- simple local-first desktop shell
+- no Rust/WebKitGTK setup required
+
+## Platform support
+
+### Verified in this pass
+
+On the Linux development host, `npm run dist:linux` produced:
+
+- `release/Proof-Pack-0.2.0-linux-x86_64.AppImage`
+- `release/Proof-Pack-0.2.0-linux-amd64.deb`
+
+A local Linux-to-Windows build was attempted and failed because Wine is not installed. The Windows installer path is still configured and should run on the Windows GitHub Actions runner.
+
+### Linux
+
+Primary artifact:
+
+- AppImage
+
+Secondary artifact:
+
+- deb
+
+Linux artifacts can be built from Linux with:
+
+```bash
+npm run dist:linux
+```
+
+### Windows 11
+
+Primary artifact:
+
+- NSIS setup exe
+
+Secondary artifact:
+
+- portable exe
+
+Windows artifacts are configured with:
+
+```bash
+npm run dist:win
+```
+
+Best build host: Windows GitHub Actions runner.
+
+Linux cross-builds may work with Wine or Docker, but Windows CI is cleaner.
+
+### macOS
+
+Primary artifact:
+
+- dmg
+
+Secondary artifact:
+
+- zip
+
+macOS artifacts are configured with:
+
+```bash
+npm run dist:mac
+```
+
+Release-quality macOS builds require macOS runner, Apple Developer signing, and notarization.
+
+## Signing reality
+
+Unsigned installers are fine for internal testing, but not for broad distribution.
+
+Before public distribution:
+
+- macOS: sign and notarize with Apple Developer credentials
+- Windows: code-sign to reduce SmartScreen friction
+- Linux: publish checksums and GitHub release provenance
+
+## GitHub release workflow
+
+The release workflow runs on tags matching `v*` and produces desktop artifacts using a platform matrix:
+
+- ubuntu-latest -> Linux artifacts
+- windows-latest -> Windows artifacts
+- macos-latest -> macOS artifacts
+
+Artifacts are uploaded and attached to a draft GitHub Release.
+
+## Storage warning
+
+The Electron build currently uses the same browser localStorage model as the web app, scoped to the app origin.
+
+Future desktop data durability should move to an appData vault:
+
+- JSON workspace file first
+- IndexedDB/OPFS for browser/PWA path
+- SQLite later if audit/version history becomes central