ArushBansalโ† Back to work
โ† CreatorBox AI

Technical read

For Users Who Read the Fine Print

Keychain vault, workspace boundaries, and agent gates before anything touches disk

How CreatorBox keeps your keys, files, and previews under your control โ€” desktop isolation, OS credential storage, workspace-scoped agents, and explicit approval before writes.

01

Renderer isolation + main-process gate

The UI runs with context isolation and without Node integration โ€” no raw filesystem or shell from React. Native capabilities (open workspace, read files, run FFmpeg, store secrets) flow through a typed preload bridge and tRPC handlers in the main process only. The renderer never sees API keys or arbitrary disk paths.

02

API keys in the OS keychain

Anthropic and integration keys (Fal, ElevenLabs, Gemini) live in the system credential vault via keytar โ€” not in project files, env vars, or localStorage. Keys are validated against the provider before storage, read only in the main process when a request needs them, and never logged or sent to the renderer.

03

Workspace-scoped agent filesystem

Agents operate inside the open workspace root via virtual paths (`/design.html`, not `C:\โ€ฆ`). Middleware coerces model-supplied paths, blocks `..` traversal, and rejects escapes outside the workspace. Shell and file tools use deepagents backends rooted at that folder โ€” the agent cannot wander your home directory.

04

Plan mode before destructive work

In plan mode the agent is read-only: explicit deny rules block writes, shell execution and HTTP-with-auth tools are off, and only explore/read tools run. The agent submits a plan for your approval; execution mode unlocks writes and shell only after you opt in โ€” human-in-the-loop before anything hits disk.

05

Vault-backed HTTP and sandboxed previews

Integration API calls go through a dedicated HTTP tool that injects keys from the vault โ€” agents are instructed never to put secrets in shell commands or URLs. HTML workspace previews render in a sandboxed iframe (`allow-scripts allow-same-origin` only). Media loads through a custom workspace protocol that resolves paths under the open folder and rejects escapes.

06

Explicit permission grants

Chromium permission prompts are handled conservatively: microphone and workspace screen capture are allowed when needed for voice input and recording; everything else is denied by default. Large assets stay local โ€” no sync server in v1 โ€” so your drafts and renders are not uploaded as a side effect of editing.