Desktop Companion
What you'll find here
The desktop companion MVP — required controls, local-vs-remote posture, menu actions, approval notification links, and the CLI surfaces that native tray/menu-bar shells can call.
Governed surface, not background automation.
A desktop companion may present status, notifications, and controlled actions — it must not become an unreviewed background automation channel.
What It Records
Surface id
Support level
supported · experimental · deferred.
Operator consent requirement
Policy context preservation
Evidence link preservation
Receipt requirement
Local storage encryption posture
Secret storage posture
Notification controls
Background action controls
Documentation reference
Decision rules
Allowed (supported)
- Explicit operator consent
- Encrypted local storage
- Notification controls
- Background action controls
- Policy context
- Evidence links
- Receipts
Blocked
- Stores secrets
- Skips operator consent
- Unencrypted local storage
- Omits notification controls
- Uncontrolled background actions
- Loses policy or evidence links
- Skips receipts
Experimental surfaces require explicit review. Deferred surfaces are not available as product surfaces.
MVP Surface
craik desktop status returns the companion snapshot:
craik desktop status
The snapshot includes the governed surface status, local dashboard URL, latest gateway runtime state, provider/auth readiness, local-vs-remote posture, warnings, and deterministic menu actions.
Menu Actions
craik desktop menu
craik desktop action open_dashboard
craik desktop action gateway_status
craik desktop action gateway_start
craik desktop action gateway_stop
craik desktop action gateway_restart
craik desktop action doctor
craik desktop action update_check
Gateway start, stop, and restart actions are marked as requiring confirmation. The MVP exposes commands and posture for a native wrapper to call; it does not silently execute background actions.
Approval Notifications
Native notification wrappers can request a redacted approval notification fixture:
craik desktop notify-approval approval_123 model.chat "provider request"
The payload includes a local dashboard deep link to /approvals and
redacts secret-like target text before it reaches notification logs or
crash reports.
Future desktop URL-scheme handlers such as craik:// must be
review-only entrypoints. They may open local dashboard or approval
detail views, but they must not approve, deny, submit credentials, or
trigger mutating runtime actions directly from a URL.
Current Posture
Supported MVP surface.
The shipped MVP supports status panels, deterministic menu actions, local dashboard launch, gateway command surfacing, provider/auth health summary, approval notification deep links, doctor, and update-check payloads. Always-on automation, secret caching, uncontrolled background actions, and private local-state synchronization remain blocked.