---
title: "Zero Crust POS Simulator"
description: "A virtualized dual-head point-of-sale system built with Electron, demonstrating enterprise-grade architecture patterns for distributed state management, secure IPC, and offline-first retail operations."
impact: "Reference implementation for studying distributed state management and Electron security patterns"
github_url: "https://github.com/cameronrye/zero-crust"
technologies: ["Electron 36", "React 19", "TypeScript", "Tailwind CSS 4", "Vite 6", "Immer", "Zod"]
featured: true
order: 3
architecture: "flowchart TB\n    subgraph Renderers[\"Renderer Processes (Sandboxed)\"]\n        C[Cashier Window]\n        D[Customer Window]\n        T[Transactions]\n        A[Architecture Debug]\n    end\n    subgraph Main[\"Main Process (Trusted)\"]\n        M[MainStore]\n        P[PaymentService]\n        B[BroadcastService]\n        V[Zod Validation]\n    end\n    subgraph Storage[\"Persistence\"]\n        S[(electron-store)]\n    end\n    C -->|\"ADD_ITEM {sku}\"| V\n    D -->|\"Commands\"| V\n    V -->|\"Validated\"| M\n    M --> P\n    M --> B\n    B -->|\"STATE_UPDATE\"| C\n    B -->|\"STATE_UPDATE\"| D\n    B -->|\"STATE_UPDATE\"| T\n    B -->|\"TRACE_EVENT\"| A\n    M --> S\n"
problem: "Production POS systems require synchronized displays across isolated processes—cashier terminals and customer-facing screens must show identical cart state while maintaining strict security boundaries. Traditional approaches struggle with synchronization bugs, price tampering vulnerabilities, and the complexity of managing state across Electron's process model."
solution: "Built a reference implementation demonstrating enterprise-grade patterns: centralized MainStore as single source of truth, Command Pattern IPC with Zod validation, full-state broadcast for bulletproof synchronization, and defense-in-depth security with context isolation, sender validation, and compile-time Electron Fuses."
results: ["Dual-window architecture with sub-100ms state synchronization", "Zero synchronization bugs through full-state broadcast pattern", "Six layers of Electron security (fuses, isolation, validation, permissions)", "Real-time Architecture Debug Window for IPC visualization", "Crash recovery with automatic voiding of pending transactions"]
metrics: [{"label":"Sync Latency","value":"<100ms"}, {"label":"Security Layers","value":"6"}, {"label":"State Versioning","value":"Immer"}, {"label":"Platforms","value":"3"}]
canonical_url: https://rye.dev/projects/zero-crust/
---

import ZeroCrustArchDemo from '../../components/demos/ZeroCrustArchDemo.tsx';

Zero Crust is a POS simulator that explores architectural patterns for quick-service restaurant operations. It features dual synchronized windows, modeling the hardware segregation found in production deployments where cashier and customer displays run on separate hardware.

<div class="my-8 p-6 bg-white/60 dark:bg-gray-800/60 backdrop-blur-sm rounded-xl border border-gray-200/50 dark:border-gray-700/50">
  <ZeroCrustArchDemo client:visible />
</div>

## Key Features

- **Dual-Head Display Simulation** — Separate cashier and customer windows with real-time synchronization
- **Command Pattern IPC** — Type-safe, auditable command system with Zod runtime validation
- **Integer-Only Currency** — All monetary values stored in cents to prevent floating-point errors
- **Architecture Debug Window** — Real-time visualization of IPC flow and state changes
- **Demo Loop** — Auto-generates realistic order patterns for continuous operation

## Security Model

Zero Crust implements six layers of Electron security:

1. **Electron Fuses** — Compile-time security flags that cannot be changed at runtime
2. **Context Isolation** — Renderer processes cannot access Node.js APIs directly
3. **Zod Validation** — All IPC commands validated with schemas before processing
4. **Sender Verification** — IPC handlers validate message origin against allowed sources
5. **Navigation Control** — Blocks unauthorized navigation and window.open calls
6. **Permission Denial** — Blocks all permission requests by default

## The Broadcast Pattern

Instead of delta updates or complex synchronization logic, Zero Crust broadcasts the entire application state on every change:

```typescript
// BroadcastService.ts - Subscribe and broadcast on change
this.mainStore.subscribe((state) => {
  this.windowManager.broadcastState(state);
});
```

This "full-state sync" pattern eliminates an entire category of bugs—renderers always have the complete, consistent picture. The performance cost is negligible for typical POS cart sizes.

## Screenshots

<div class="grid grid-cols-2 gap-4 my-8">
  <img src="/screenshots/cashier.png" alt="Cashier window with product grid and cart" class="rounded-lg shadow-lg" />
  <img src="/screenshots/customer.png" alt="Customer display showing synchronized cart" class="rounded-lg shadow-lg" />
  <img src="/screenshots/debugger.png" alt="Architecture Debug Window with event timeline" class="rounded-lg shadow-lg" />
  <img src="/screenshots/transactions.png" alt="Transaction history view" class="rounded-lg shadow-lg" />
</div>