under the hood
Local-first. Team-optional.
One codebase, three artifacts, two operational modes. Every desktop keeps its own SQLite + MCP server — works fully offline. Team mode adds a sync server that proxies AI keys, runs worker-pool scans, and enforces 3-tier privacy scopes.
Topology
The desktop is always self-sufficient. The server is something you add — not something the desktop depends on.
Desktop client
- Electron shell · React 19 + Vite UI at :5173
- Express backend at :3001 (API + MCP + WS)
- sql.js SQLite (WASM) with per-user workspace
- Local scan queue + tool runner + filter
- Works fully offline · zero telemetry
Server (team mode)
- Express + SQLite (same schema as desktop)
- JWT auth with rotating refresh + OIDC
- Worker pool for heavy scans (per-job routing)
- AI key proxy + integration token vault
- 3-tier privacy scopes: private · team · pool
topology
┌─────────────┐ WS sync ┌─────────────┐
│ Desktop │◄────────────►│ Server │
│ │ │ (optional) │
│ :5173 UI │ │ │
│ :3001 API │ │ :3001 API │
│ :3001 MCP │ │ :3001 MCP │
│ SQLite │ │ SQLite │
│ │ │ │
│ Local │ │ Worker │
│ workers │ │ pool │
└──────┬──────┘ └──────┬──────┘
│ │
│ local │ proxied
▼ ▼
AI providers AI providers
· integrations · integrationsSolo vs Team, side by side
| Feature | Solo desktop | Team server |
|---|---|---|
| Database | SQLite (sql.js WASM), fully local | SQLite on each desktop + SQLite on server; scoped sync |
| AI keys | Client-side, encrypted at rest | Server-side, proxied via capability manifest |
| MCP server | Desktop :3001/mcp | Desktop :3001/mcp + server :3001/mcp |
| Scan workers | Local only | Local + server worker pool (per-job routing) |
| Auth | None (single user) | JWT with rotating refresh + optional OIDC + RBAC |
| Privacy scopes | n/a (everything local) | private · team · pool |
| Integrations | Direct (keys on client) | Server-proxied (tokens stay central) |
Data model — 39 tables
The database schema is identical on desktop and server. Sync moves rows — not schemas. This makes adding new tables a local change that requires no server coordination.
Projects & findings
projectsvulnerabilitiesscan_findingspipeline_runspipeline_jobs
Runtime & analysis
runtime_jobsfuzz_crashesbisect_resultssandbox_snapshots
Research
noteshypothesesinvestigation_sessionsassumption_extractions
Intel & history
cve_intelpatch_analysesnvd_sync_state
Exploits
exploitsproof_ladderexploit_templates
Disclosure
vendorsdisclosuresintegrationsintegration_ticketssla_records
Auth & identity
usersrefresh_tokenspermissionsoidc_providers
Audit & system
audit_logmigrationscapability_manifestserver_config