Status: Wave 1 Electron app is shippable. Wave 2 = engine bake-off — Chromium is one option, not destiny.
Codename: Anon Browser
Workspace: /Users/ras/.cursor/plans/anonbrowser
Related: Coinclave (appliance / bank — separate product), anoncomputer.com
Anon is a standalone privacy browser with a built-in Bitcoin Vault — shipping on Electron now; engines chosen by bake-off, with frontier agents as leverage, not as the pitch.
Users should get:
- A real app they can install and try (Wave 1 Electron)
- Shields that stop trackers / scareware redirects
- A real Bitcoin Vault (receive / send / watch-only) — amounts in Coin Standard (¢ / ₿)
- Anon brand (annona mark)
Not an “AI browser.” Not a Coin Standard marketing vehicle. LLMs/agents are build leverage. The product is: private browser + Bitcoin Vault.
Why Electron on GitHub is justified: this is the current product — Vault, shields, Tor windows, packaging — while a parallel engine portfolio finds what agents can keep green without marrying Chromium rebase risk early.
| Decision | Choice |
|---|---|
| Category | Standalone privacy browser with Bitcoin Vault (Origin-shaped UX, not Brave-locked) |
| Business model | Free to use; no BAT / Rewards / attention token (internal constraint, not the pitch) |
| Money UX | Integer coins on-chain; UI uses Coin Standard (¢ / ₿) via vault/coins.js |
| Brand | Anon / annona mark; copper #C17F59, seal green #3D8B6E — use sparingly; chrome stays utilitarian |
| Engine path | Current: Electron Wave 1 (this repo). Next: multi-engine bake-off. Chromium/Brave-core is a candidate, not the only exit. |
| Bake-off candidates | Electron deepen · CEF/embedded Chromium · system WebView · Gecko fork · Ladybird · Servo experiments · hybrid (hard pages on borrow-engine, Anon chrome + Vault owned) |
| Score bake-off on | Real-site load · Vault key isolation · agent-maintainability week-to-week · privacy controls · packaging cost |
| Vault v1 | Hot wallet / watch-receive in browser; Coinclave Vault app remains the bank for keys on appliance |
| Agent surface | Discreet toolbar stub OK; not the marketing pitch; keys never in agent context |
| Search | Silent private search backend; UI says only “Search” |
| Telemetry | Off by default; no P3A-style ping in Anon builds |
| Out of scope | Camoufox / anti-detect; BAT/Rewards clone; agent-harness as product identity; Coin Standard as product identity; declaring one engine “forever” before bake-off |
| Surface | Role |
|---|---|
| Anon Browser (laptop) | Daily privacy browser; hot/watch Vault |
| Anon Browser on Sanctum | Human web chrome + shields |
| Coinclave Vault app | Bank — keys, LN, Fedimint, spend policy |
| Hunter | Outbound agent plane — never holds keys |
Browser content process must never see seed material. Agent plane (if any) is keyless.
Working shell in this repo (npm start → pinned Electron 43.1.1 / Chromium 150):
- Multi-window: normal / private / Tor (SOCKS to external
toror Tor Browser) - Tabs, omnibox, bookmarks bar, history, settings
- Real shields: EasyList-class engine (
@ghostery/adblocker, uBO/Brave filter family) with a local cache + weekly refresh; compact host list + curated scareware/fake-AV host list as main-frame block + fallback; per-site shields popup panel - Bitcoin Vault: BIP84 (native segwit) hot wallet or watch-only xpub/zpub import; seed encrypted at rest (scrypt→AES-256-GCM, wrapped with OS keychain via
safeStorage); balance/txs/receive+QR via mempool.space Esplora; on-chain send with fee estimate + coin selection; auto-lock; amounts as ¢ / ₿ viaformatCoin/parseCoinInput - Browser basics: downloads manager (progress/cancel/open/reveal), find-in-page, zoom, built-in PDF viewer, external-protocol prompt, bookmark import (Chrome/Brave JSON + Netscape HTML)
- Packaged:
npm run pack→dist/mac-arm64/Anon.app(bakedicon.icns,computer.anon.browser);npm run dist→ arm64.dmg. Dev Dock brand script still patches unpackaged runs - Tabs use
WebContentsView; privileged internal and empty web preloads are separated by destroying/recreating the view at every trust-boundary navigation - Sensitive IPC (vault/settings/history/downloads) gated to allowlisted
file://internal pages only - Toolbar: Vault + Agent (stub) + Shields panel
Known gaps (for Wave 2+): Electron ceiling vs real Chromium; macOS release config and CI are notarization-ready, but Anon Computer still needs Apple Developer enrollment and credentials; Lightning not wired (on-chain only); send is main-process hot-key signing (fine for hot wallet, appliance routes to Vault app).
Use coding agents + frontier models to compress work that used to need specialists. Prefer local, inspectable, deterministic runtime with LLM help in the loop — not “cloud AI decides privacy.”
| Hard problem | Traditional cost | LLM leverage |
|---|---|---|
| Filter / scareware quality | EasyList maintainers + security team | Generate + triage filter rules from redirect graphs / known lander patterns; propose blocklist diffs; human/CI accept |
| Phishing / fake AV pages | Heuristic + Safe Browsing | On-device or optional local classifier: “is this a scareware interstitial?” → block / warn; never auto-download |
| Chromium / Brave rebase | Full-time browser eng | Agent-assisted patch porting, conflict resolution, GN flag audit when compiling out Rewards/Leo |
| Extension / site compat | QA farm | Agent-driven Playwright suites; failure → minimal fix PRs |
| Import (Chrome/Brave/Firefox) | Parsers + edge cases | Generate importers + golden fixtures from sample export blobs |
| Vault UX | Design + wallet eng | Coin Standard (¢ / ₿) via vault/coins.js; BIP21 wire amounts unchanged |
| Threat model / release notes | Docs burden | Keep docs/03-threat-model.md honest; agent updates when features land |
| Packaging / CI | Release eng | electron-builder → later Chromium CI matrices authored by agent from templates |
Rules for agents building this:
- Privacy defaults win over convenience features.
- Money UI is Coin Standard (¢ / ₿) via
vault/coins.js— no rewards tokens, no alternate units. - Never put keys in renderer content or agent context.
- Prefer boring Chromium/Electron APIs over novel frameworks.
- Every wave ships something a user can click (signed build, shield win, or receive coins) — not only docs.
- When using LLMs at runtime, fail closed; user can disable; no cloud exfil of page content by default.
- Keep Electron pinned exactly; merge runtime updates only after unit, Electron smoke, app, and DMG checks pass.
- Document run/packaging in README; keep
ELECTRON_RUN_AS_NODEunset in scripts - Expand scareware/redirect hosts from real incidents into
privacy/blocklist.js(BADWARE_HOSTS) - Automated Electron smoke: tabs, trust-boundary preload isolation, normal/private/Tor sessions, Vault create/lock/unlock/receive, downloads, and runtime UA
Goal: someone can download Anon and use it as a Bitcoin privacy browser preview.
-
Shields that matter ✅
- EasyList-class engine (
@ghostery/adblocker) with local cache + weekly refresh; compact list + scareware host list as fallback/main-frame block - Per-site shields panel (BrowserWindow popup, not just a counter)
- LLM-assisted rule suggestions → reviewed into repo lists (deferred to Wave 3 runtime assist)
- EasyList-class engine (
-
Bitcoin Vault ✅
- BIP84 seed wallet + import mnemonic/xpub/zpub (watch-only); receive address + BIP21
bitcoin:URI + QR - Display as Coin Standard (¢ / ₿) via
formatCoin/parseCoinInput - "Hot wallet" labeling; passphrase (scrypt→AES-GCM) + OS keychain (
safeStorage) - Send path on-chain (mempool.space); Lightning later or via Coinclave handoff
- BIP84 seed wallet + import mnemonic/xpub/zpub (watch-only); receive address + BIP21
-
Installable app ✅
- electron-builder: macOS
.app/.dmg,productName: Anon, bakedbrand/icon.icns - Hardened Runtime entitlements + GitHub signing/notarization workflow
- Apple Developer enrollment, release secrets, and first accepted notarized DMG
- Auto-update
- Dock plist hack now dev-only; packaged bundle is self-branded
- electron-builder: macOS
-
Browser basics ✅
- Downloads UI, find-in-page, zoom, PDF, external protocol prompts
- Import bookmarks (Chrome/Brave JSON + Netscape HTML)
-
Tor ✅
- Detect SOCKS; fail closed to Settings (with install hint), not a blank scare
Exit criteria Wave 1: ✅ packaged build (notarize-ready pending certs); shields use real filter lists + block known scareware landers; Vault shows a real receive address and on-chain balance; README one-command run for testers.
Goal: keep more than one engine option alive; pick a successor (or hybrid) by evidence — not by Chromium destiny.
Electron remains the public product until a candidate beats it on the scorecard below.
| Candidate | Hypothesis | Kill criteria |
|---|---|---|
| Deepen Electron | Ceiling is acceptable for Bitcoin-privacy niche | Sites/privacy users need can’t clear |
| CEF / embedded Chromium | Chromium render without full Brave fork | Rebase/CVE cost ≈ full fork |
| System WebView | Tiny shell, OS-updated engine | Privacy controls too weak |
| Gecko fork | Non-Google engine story | Fork treadmill not agent-sustainable |
| Ladybird | Independent engine; agents + tests push coverage | Can’t load target site set in N weeks |
| Servo + chrome | Experimental layout path | Never reaches browse+Vault demo |
| Hybrid | Borrow engine for hard pages; own chrome+Vault | Architecture too complex to ship |
- Define a small compat corpus (news, search, mempool, exchanges, docs) + Vault isolation checklist
- Stand up thin spikes (agent-built) for 2–3 candidates in parallel
- Weekly score: site pass rate · Vault boundary · CI green · human hours vs agent hours
- Optional Chromium/Brave-core spike only if bake-off shows embedded Chromium wins and rebase is affordable
- Do not freeze Electron until a successor ships an installable nightly with Vault entrypoint
Exit criteria Wave 2: written bake-off report + chosen path (or “stay Electron”); if leaving Electron, installable nightly on the winner with Anon Vault entrypoint.
- Extensions / password policy / sync — only after engine choice
- Fingerprint resistance defaults (honest docs — no Camoufox claims)
- Optional local “page risk” assist — user-gated, no cloud by default
- Coinclave Sanctum: watch-only browser wallet; spend via Vault app
- Keep Electron preview as legacy if the product moves to another engine
- Appliance builds disable hot seed; route to Vault app
- Hunter uses browser as web surface only; never keys
- Agent toolbar may wire to local/runtime later — still not the product name
┌─────────────────────────────────────────────────────────┐
│ Anon chrome (tabs, omnibox, shields, vault, agent) │
├─────────────────────────────────────────────────────────┤
│ Privacy session │
│ • filter engine (lists + per-site) │
│ • HTTPS upgrade, DNT/GPC │
│ • Tor partition (SOCKS) │
│ • optional local risk heuristics / LLM assist │
├─────────────────────────────────────────────────────────┤
│ Content (untrusted) │ Vault process (keys) │
│ web pages │ passphrase / seed / xpub │
│ no key access │ ¢ / ₿ display │
└─────────────────────────────────────────────────────────┘
│ │
│ ▼
│ Coinclave Vault app (bank)
▼
clearnet / .onion
This app implements that in Electron (WebContentsView + main-process vault).
Bake-off winners must map the same boundaries onto whatever engine is chosen (content untrusted; Vault privileged; no keys in agent context).
| Path | Role |
|---|---|
src/main.js |
Windows, tabs, IPC, menu, shields panel, downloads/find/zoom |
src/privacy-session.js |
Session shields / HTTPS / Tor proxy / permissions |
src/filter-engine.js |
EasyList-class engine load/cache/refresh + match |
src/wallet.js |
Real BIP84 wallet — seed/xpub, encryption, Esplora sync, send |
src/downloads.js |
Download item tracking |
src/bookmark-import.js |
Chrome/Brave JSON + Netscape HTML parser |
vault/coins.js |
Coin Standard (¢ / ₿) parse + format |
privacy/blocklist.js |
Compact host list + BADWARE_HOSTS scareware list |
renderer/* |
Chrome + internal pages (vault, downloads, shields-panel, …) |
brand/ |
annona mark, icon.png / icon.icns, fonts |
scripts/brand-electron-app.js |
Dev Dock name/icon for unpackaged runs |
docs/01-product.md |
Product brief |
docs/02-llm-leverage.md |
How LLMs are used (not the pitch) |
docs/03-threat-model.md |
Threat model (keep honest) |
A prospective user can:
- Install Anon without Node
- Browse with shields that block trackers and common scareware redirects
- Open Vault, see balance/receive in ¢ or ₿, fund a real address
- Open a Tor window when Tor is available
- Never see BAT, Rewards, or ad-network upsells
- Trust that agent features (if any) cannot spend without Vault policy
When a coding harness picks this up:
- Electron app first — polish Wave 1 gaps (DMG, destroy-wallet UI, signing when certs exist). Public GitHub is intentional.
- Wave 2 = bake-off spikes, not “bootstrap Brave-core by default.”
- Prefer vertical slices users can click; for engines, prefer scored spikes over manifesto forks.
- Keep UI deslopped: utilitarian chrome, no marketing landing pages in-app.
- Run with
env -u ELECTRON_RUN_AS_NODEon macOS under Cursor. - Do not commit secrets; do not weaken Tor/Vault isolation for demo convenience.
- Never put keys or seed material in any LLM/agent context.
| Phase | Status |
|---|---|
| 0 Spec + brand | Done |
| 0.1 Electron MVP | Done |
| 0.2 Private / bookmarks / history / Tor / deslop | Done |
| 1 Viable Electron app (shields + vault + package) | Done — public product preview |
| 2 Engine bake-off (portfolio) | Next |
| 3 Feature-rich daily driver (on winner) | After bake-off |
| 4 Coinclave Sanctum / Hunter | Later |