WZRD Studio ships as a native macOS application built on Electron 42, with a Vite 5 + React 19 + TypeScript 5.5 single-page app running in the renderer process. The shell handles deep-link routing, custom protocol registration, FFmpeg media processing, PTY session management, and a secure IPC bridge — all while keeping Node.js APIs completely out of reach of renderer JavaScript. Every privileged operation flows through a narrow, explicitly-typed IPC surface.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/gratitude5dee/wzrd-studio-desktopfinal/llms.txt
Use this file to discover all available pages before exploring further.
Process Model
WZRD Studio uses the standard Electron three-layer model: a Node.js main process, an isolated renderer process (the React SPA), and a preload script that bridges the two. Node integration is deliberately disabled in the renderer; nothing fromnode:* can be accessed directly by React components.
Main Process — electron/main.js
The entry point for the Electron shell. On startup it:
- Registers the
wzrd://scheme as privileged beforeapp.readyfires. - Applies a custom
userDatapath ifWZRD_DESKTOP_USER_DATA_DIRis set. - Creates a
MediaFileAccessinstance that gates which local paths the renderer may read via thewzrd://media/protocol. - Calls
app.whenReady()to install the application menu, protocol handler, all IPC handlers, and a permission handler (camera/microphone requests are blocked outside trusted app navigation). - Enforces single-instance via
app.requestSingleInstanceLock()— a second launch routes any deep-link argument to the existing window.
electron/main.js is an ES module (.js with "type": "module" in package.json). The preload script is CommonJS (preload.cjs) because Electron requires synchronous require() in preload context.Key helpers in main.js
| Function | Purpose |
|---|---|
createMainWindow() | Creates the BrowserWindow, wires navigation guards, loads the start URL |
installIpcHandlers() | Registers all ipcMain.handle listeners for media, clip-studio, and media file access |
installProtocolHandler() | Attaches the wzrd:// protocol handler via protocol.handle |
installPermissionHandler() | Blocks all browser permission requests except media from trusted app URLs |
routeDeepLink(rawUrl) | Translates a wzrd:// deep-link to an app URL and loads it (or queues it as pendingDeepLink) |
sendMediaProgress(operationId, progress) | Pushes wzrd:media:progress events to the renderer during long FFmpeg operations |
sendFfmpegProgress(operationId, progress) | Pushes wzrd:clip-studio:ffmpeg-progress events |
sendYoutubeDownloadProgress(operationId, progress) | Pushes wzrd:clip-studio:youtube-download-progress events |
Preload Bridge — electron/preload.cjs
The preload script uses Electron’s contextBridge to expose two globals to the renderer — no Node.js APIs are leaked. All calls are wrapped in ipcRenderer.invoke (request/response) or ipcRenderer.on (push events).
- window.wzrdDesktop
- window.wzrdQcut
Exposes the core media and Clip Studio operations used by the React app. All methods return
Promise (or, for event subscriptions, a cleanup function).Renderer — src/
The React SPA is a Vite 5 project compiled to dist/ and served via the wzrd://app/ protocol. In development mode (ELECTRON_RENDERER_URL env set) Electron loads the Vite dev server URL directly.
Desktop Bridge Detection
Renderer code detects the desktop context usinggetDesktopBridge() from src/lib/desktop.ts. In a web browser the function returns null, allowing WZRD Studio to run as a progressive web app as well.
Security Model
WZRD Studio enforces a strict security posture in the renderer:| Setting | Value | Effect |
|---|---|---|
contextIsolation | true | Renderer JS cannot access the preload script’s Node scope |
nodeIntegration | false | No require() or Node APIs in renderer |
sandbox | true | Renderer runs in Chromium sandbox |
webSecurity | true | Same-origin policy enforced |
allowRunningInsecureContent | false | Blocks mixed content |
will-navigate and setWindowOpenHandler. Only https://, http://, and mailto: URLs are allowed to open in the system browser. All other navigations are blocked.
Protocol Registration
Two custom URL schemes are registered beforeapp.ready.
wzrd:// — App and Media Protocol
wzrd:// — App and Media Protocol
Registered with
The protocol handler in
protocol.registerSchemesAsPrivileged as standard, secure, supportFetchAPI, corsEnabled, and stream.Two sub-hosts are served under this scheme:| Host | Example URL | Serves |
|---|---|---|
app | wzrd://app/editor | Compiled React SPA from dist/ (falls back to index.html for SPA routing) |
media | wzrd://media/?file=%2Fpath%2Fto%2Fvideo.mp4 | Local media files from the allow-list |
main.js routes requests via resolveAppProtocolRequest (app assets) and resolveClipperMediaProtocolRequest (local media). Path traversal is rejected at both layers.wzrd:// Deep Links
wzrd:// Deep Links
app.setAsDefaultProtocolClient("wzrd") makes the app handle wzrd:// URIs from the OS. resolveDeepLinkToAppUrlWithDiagnostics maps each route to an in-app URL:| Deep-link route | Maps to |
|---|---|
wzrd://auth/thirdweb | /login?authResult=… |
wzrd://billing/success | /settings/billing?checkout=success |
wzrd://billing/cancel | /settings/billing?checkout=cancel |
wzrd://postz/connected | /postz?connected=1&provider=… |
~/Library/Logs/WZRD Studio/desktop.log.FFmpeg Toolchain
All media processing delegates to an FFmpeg binary on the host system. The shell provides three toolchain helpers:resolveFfmpegToolchain (media-ffmpeg-runtime.js)
resolveFfmpegToolchain (media-ffmpeg-runtime.js)
Searches common macOS installation paths for Returns a
ffmpeg and a co-located ffprobe:FfmpegToolchain object:preflightFfmpegExport
preflightFfmpegExport
Called before every export job. Verifies:
- Source file is readable.
- Output directory is writable (writes a probe file).
libx264encoder is present.aacencoder is present.
normalizeFfmpegFailure
normalizeFfmpegFailure
Maps raw FFmpeg exit codes, signals, and
stderr tails to user-friendly error messages, including specific messages for:ENOENT/ binary not found- Missing
libx264oraacencoders - Permission-denied output paths
- Filter-graph failures
Media File Access Control
Only explicitly allow-listed paths can be served viawzrd://media/. The allow-list is managed by createMediaFileAccess in electron/media-file-access.js.
- The user selects a file via
showOpenDialog. - A YouTube video finishes downloading to
userData/clipper/imports/. - A remote media URL is cached to
userData/media-cache/. - An FFmpeg export writes its output file.
isPathInside(rootDir, filePath)— strict path containment check (no symlink tricks).safeFileStem(value)— strips unsafe characters from a filename stem for use in cache paths.extensionForRemoteMedia(url, contentType)— infers a file extension from a remote URL and itsContent-Typeheader.
QCut Bridge — electron/qcut-bridge.js
setupQcutBridge() registers the wzrd:qcut:* IPC namespace used by WZRD’s AI editor engine. It provides:
- FFmpeg export sessions — frame-by-frame canvas rendering →
ffmpegCLI composition. - PTY sessions — full
xterm-compatible pseudo-terminal vianode-pty(unpacked from asar to allow native bindings). - Project folder management — per-project
userData/qcut-projects/<id>/hierarchy withmedia/,skills/, andexports/sub-directories. - Skills — markdown-based instruction files bundled with the app and synced to
~/.claude/skills/for the Claude CLI. - MCP server — a local Model Context Protocol server started alongside the bridge.
- Agent command channel — bidirectional command/response channel for the agent API, protected by a permission gate.
Agent Relay — packages/wzrd-agent-relay/
A Cloudflare Worker at packages/wzrd-agent-relay/src/index.ts acts as a WebSocket relay for agent PTY sessions. It uses Cloudflare Durable Objects (WzrdAgentPtySession) to maintain session state, connects to sandboxes via @daytona/sdk, and authenticates requests via a JWT verified against DAYTONA_RELAY_JWT_SECRET.
| Binding | Type | Purpose |
|---|---|---|
WZRD_AGENT_PTY | Durable Object namespace | Stores per-session PTY state |
SUPABASE_URL | Secret | Validates user sessions |
SUPABASE_SERVICE_ROLE_KEY | Secret | Service-level Supabase access |
DAYTONA_API_KEY | Secret | Daytona SDK authentication |
DAYTONA_RELAY_JWT_SECRET | Secret | Signs and verifies relay JWTs |
Build & Packaging
WZRD Studio targets macOS Apple Silicon (arm64). The build pipeline uses electron-builder invoked via bun run desktop:dist:mac.
| Setting | Value |
|---|---|
| App ID | com.wzrd.studio |
| DMG artifact | wzrdstudiofinal555.dmg |
| Target arch | arm64 |
| asar | true |
asarUnpack | node_modules/node-pty/** |
afterPack | Custom post-packaging script |
The DMG is currently unsigned and un-notarized. On first launch, macOS Gatekeeper will block it. Users must right-click → Open, or approve it in System Settings → Privacy & Security → Open Anyway.
Development Mode
ELECTRON_RENDERER_URL is set to the Vite dev server URL. The main process loads that URL instead of the compiled dist/ bundle, and Electron DevTools are enabled.