Featured

Zero Crust POS Simulator

Reference implementation for studying distributed state management and Electron security patterns

A virtualized dual-head point-of-sale system built with Electron, demonstrating enterprise-grade architecture patterns for distributed state management, secure IPC, and offline-first retail operations.

Electron 36 React 19 TypeScript Tailwind CSS 4 Vite 6 Immer Zod
View on GitHub
Screenshot of Zero Crust POS Simulator

Architecture

flowchart TB
    subgraph Renderers["Renderer Processes (Sandboxed)"]
        C[Cashier Window]
        D[Customer Window]
        T[Transactions]
        A[Architecture Debug]
    end
    subgraph Main["Main Process (Trusted)"]
        M[MainStore]
        P[PaymentService]
        B[BroadcastService]
        V[Zod Validation]
    end
    subgraph Storage["Persistence"]
        S[(electron-store)]
    end
    C -->|"ADD_ITEM {sku}"| V
    D -->|"Commands"| V
    V -->|"Validated"| M
    M --> P
    M --> B
    B -->|"STATE_UPDATE"| C
    B -->|"STATE_UPDATE"| D
    B -->|"STATE_UPDATE"| T
    B -->|"TRACE_EVENT"| A
    M --> S

The Problem

Production POS systems require synchronized displays across isolated processes—cashier terminals and customer-facing screens must show identical cart state while maintaining strict security boundaries. Traditional approaches struggle with synchronization bugs, price tampering vulnerabilities, and the complexity of managing state across Electron's process model.

The Solution

Built a reference implementation demonstrating enterprise-grade patterns: centralized MainStore as single source of truth, Command Pattern IPC with Zod validation, full-state broadcast for bulletproof synchronization, and defense-in-depth security with context isolation, sender validation, and compile-time Electron Fuses.

The Results

  • Dual-window architecture with sub-100ms state synchronization
  • Zero synchronization bugs through full-state broadcast pattern
  • Six layers of Electron security (fuses, isolation, validation, permissions)
  • Real-time Architecture Debug Window for IPC visualization
  • Crash recovery with automatic voiding of pending transactions
<100ms
Sync Latency
6
Security Layers
Immer
State Versioning
3
Platforms

Zero Crust is a POS simulator that explores architectural patterns for quick-service restaurant operations. It features dual synchronized windows, modeling the hardware segregation found in production deployments where cashier and customer displays run on separate hardware.

Architecture Explorer

Main ProcessCashierCustomerHistoryDebugger
Main Process

Trusted process: MainStore, PaymentService, BroadcastService, IPC handlers

Pattern: Centralized State + Command Handler

Security: Zod validation, sender verification

Click nodes to explore. Watch IPC messages flow between processes.

Key Features

  • Dual-Head Display Simulation — Separate cashier and customer windows with real-time synchronization
  • Command Pattern IPC — Type-safe, auditable command system with Zod runtime validation
  • Integer-Only Currency — All monetary values stored in cents to prevent floating-point errors
  • Architecture Debug Window — Real-time visualization of IPC flow and state changes
  • Demo Loop — Auto-generates realistic order patterns for continuous operation

Security Model

Zero Crust implements six layers of Electron security:

  1. Electron Fuses — Compile-time security flags that cannot be changed at runtime
  2. Context Isolation — Renderer processes cannot access Node.js APIs directly
  3. Zod Validation — All IPC commands validated with schemas before processing
  4. Sender Verification — IPC handlers validate message origin against allowed sources
  5. Navigation Control — Blocks unauthorized navigation and window.open calls
  6. Permission Denial — Blocks all permission requests by default

The Broadcast Pattern

Instead of delta updates or complex synchronization logic, Zero Crust broadcasts the entire application state on every change:

// BroadcastService.ts - Subscribe and broadcast on change
this.mainStore.subscribe((state) => {
  this.windowManager.broadcastState(state);
});

This “full-state sync” pattern eliminates an entire category of bugs—renderers always have the complete, consistent picture. The performance cost is negligible for typical POS cart sizes.

Screenshots

Cashier window with product grid and cartCustomer display showing synchronized cartArchitecture Debug Window with event timelineTransaction history view

Was this helpful?

Want to learn more?

Ask can answer questions about this project's implementation, technologies, and more.