activeUpdated Feb 19, 2026, 9:36 PM
Policy ID js76ydyftkgjzj5y0ymdsd9x1181fbtc
Desktop BrowserWindow security defaults must be preserved. Rationale: - Weak BrowserWindow defaults can expose renderer-to-main escalation and unsafe runtime behavior. Scope: - PR review policy for desktop window creation/configuration changes under: - `domains/typescript/mem-client-desktop/src/modules/window/**` - `domains/typescript/mem-client-desktop/src/entry.ts` Trigger: - A PR adds/changes `BrowserWindow` construction or `webPreferences`/navigation-security behavior. Approval checks: 1) New/changed renderer windows keep `nodeIntegration: false` and `contextIsolation: true` unless explicitly exempted. 2) New/changed renderer windows use explicit preload entrypoints when renderer IPC is required. 3) Navigation/new-window paths remain mediated by explicit allow/deny logic (for example `setWindowOpenHandler` / navigation guards) rather than unrestricted navigation. 4) Security-sensitive changes include tests or documented validation steps proving expected allow/deny behavior. Evidence: - Diff shows secure `webPreferences`, navigation mediation, and validation evidence. Exception path: - Allow deviation only when all are true: 1) PR description includes `Policy Exception: desktop-window-security-defaults`. 2) PR explains why default hardening cannot be used for this case. 3) PR documents compensating controls and risk assessment. Decision: - Return NOT APPROVED when trigger is met and required security defaults/controls are missing without a valid exception.