Bulwark

Local-first Windows context capture for coding-agent handoff.

Bulwark turns pinned local Git roots, process, clipboard, and trusted project state into compact Markdown or XML payloads. The core engine stays local.

Current Release

Bulwark dev is at 0.2.0. The current branch adds governed Context Aperture payload sizing, compact footer ledger inspection, curated source/diff payload selection, process-ledger lifecycle controls, shell capture diagnostics, web reference capture, trusted-document relevance, and compact Markdown/XML payload generation on top of the pinned Git root foundation.

What It Captures

Workspace	Activity	Handoff
Pinned local Git roots, trusted docs, changed source, Git branch, staged and untracked diff stats.	Foreground agent/IDE/shell/browser activity, qualified web references, clipboard memory, local context history.	Markdown or XML payloads with section filters, direction notes, trusted-doc relevance, source/diff excerpts, and token estimates.

Core Capabilities

• Pin and switch between local Git repository roots.
• Watch only the active pinned root for Git state and context file reads.
• Track local process activity for agent, IDE, terminal, and browser context.
• Qualify and sanitize browser references before they enter payload context.
• Persist clipboard memory locally with pinned-item support.
• Select relevant trusted-doc sections from common project docs without model calls or network access.
• Build compact Markdown or XML handoff payloads for coding agents with visible aperture and ledger accountability.
• Apply deterministic local redaction to obvious secret shapes before clipboard memory is persisted and before payload text is copied.

Local-First Boundary

Bulwark is a native Windows desktop app built with Tauri v2, Rust, React, TypeScript, and Vite. State capture, clipboard memory, context history, and release workflows stay on the local machine unless a human explicitly moves data elsewhere.

Network sync, external cloud sync, telemetry, and remote storage are out of scope for the core engine.

Bulwark persists user-pinned local Git roots and the last active root in local storage. It no longer assumes D:\Bulwark; BULWARK_WORKSPACE_ROOT is only a local development and test seed when no roots have been pinned.

Quick Start

cd D:\Bulwark\bulwark
npm install
npm run tauri dev

On first launch, choose Pin Git Root and select a local Git repository folder.

Verification

cd D:\Bulwark\bulwark
npm run release:verify

The full gate runs the TypeScript/Vite build, Vitest, a debug Tauri build, real-app Playwright E2E, cargo check, cargo test, and cargo clippy -- -D warnings.

Build the local NSIS installer only after the full gate is green:

cd D:\Bulwark\bulwark
npm run release:compile

Project Map

Path	Purpose
bulwark/src-tauri/	Rust engine, Windows hooks, storage, and Tauri build config.
bulwark/src/	React UI, payload generation, and TypeScript context types.
design-blueprint/	Visual assets, Tailwind specs, and static prototypes.
docs/	Release notes, archived plans, and generated README assets.

Contribution And Security

• Read CONTRIBUTING.md before opening a pull request.
• Report vulnerabilities privately through GitHub private vulnerability reporting or a repository security advisory. See SECURITY.md.
• Keep changes surgical and preserve the local-first boundary.

Roadmap State

Pinned roots, local sensor capture, clipboard memory, web references, process activity tracking, process dismiss/ignore controls, trusted-doc relevance, Context Aperture payload governance, compact footer ledger inspection, and real-app verification coverage are in place.

The live project plan is PLAN.md. Completed implementation plans are archived under docs/archived/.