Initial commit

profiles/electron.md

@@ -0,0 +1,43 @@
+# Electron Profile
+
+Use when the repository builds an Electron desktop app.
+
+## Security Expectations
+
+Check for:
+
+```text
+contextIsolation: true
+nodeIntegration: false
+sandbox: true when compatible
+webSecurity: true
+allowRunningInsecureContent: false
+```
+
+Avoid:
+
+```text
+eval
+shell.openExternal without allowlist
+unsafe navigation
+unvalidated IPC writes
+```
+
+## Release Notes
+
+Document:
+
+- installer artifact,
+- portable artifact if available,
+- signing status,
+- SmartScreen/Defender limitations,
+- whether secrets or user files stay local.
+
+## Common Artifacts
+
+```text
+release/*.exe
+release/*.blockmap
+release/*.yml
+```
+