Forge Desktop - Architecture Overview
Executive Summary
Forge is a cross-platform desktop application built with Tauri 2.x (Rust backend) and React (TypeScript frontend). It provides idea-to-execution tracking with visual mind mapping, goal management, task boards, and real-time collaboration features.
System Architecture
High-Level Architecture Diagram
How it works:
| Layer | Description |
|---|---|
| React Frontend | The user interface built with React, managing UI state with Zustand and server state with React Query |
| Tauri Layer | The bridge between JavaScript and Rust - handles IPC (Inter-Process Communication) and provides native plugins |
| Rust Backend | Native code that handles database connections, OAuth flows, and external API calls |
| External Services | Cloud services: Turso for data storage, Azure AD for authentication, LiveKit for voice/video |
The data flows from top to bottom: User interacts with React → React calls Tauri commands → Tauri invokes Rust handlers → Rust communicates with external services.
Component Overview
1. Frontend Layer (React/TypeScript)
Technology Stack:
- React 19 with TypeScript
- Tailwind CSS for styling
- shadcn/ui component library
- React Query for server state management
- Zustand for client state management
- React Router for navigation
- Framer Motion for animations
- Lucide React for icons
Key Directories:
src/
├── components/ # Reusable UI components
│ ├── ui/ # shadcn/ui primitives
│ ├── dashboard/ # Dashboard-specific components
│ ├── shared/ # Shared components (ActivityFeed, etc.)
│ └── calling/ # LiveKit voice/video components
├── pages/ # Route pages
├── hooks/ # Custom React hooks
├── stores/ # Zustand state stores
├── lib/ # Utilities and API clients
└── types/ # TypeScript type definitions2. Tauri Layer (IPC Bridge)
Tauri Plugins Used:
| Plugin | Purpose |
|---|---|
tauri-plugin-shell | Open external URLs |
tauri-plugin-deep-link | OAuth callback handling |
tauri-plugin-store | Persistent settings storage |
tauri-plugin-log | Structured logging |
IPC Communication:
- Frontend calls Rust functions via
invoke()from@tauri-apps/api/core - Commands are defined with
#[tauri::command]attribute - Data is serialized/deserialized via Serde JSON
3. Backend Layer (Rust)
Key Modules:
src-tauri/src/
├── lib.rs # App entry point, plugin registration
├── app_commands.rs # App lifecycle commands (show window, init Turso)
├── commands.rs # Settings, OAuth, LiveKit commands
├── turso_commands.rs # CRUD operations for Ideas, Goals, Tasks
├── shared_commands.rs # User presence and calling features
├── turso.rs # Turso database connection and models
├── db.rs # Local SQLite database
└── models.rs # Local data modelsState Management:
TursoState- Lazy-initialized Turso database connectionDatabase- Local SQLite for settings (legacy)
4. Data Layer
Turso (Shared Cloud Database):
- Primary database for all user data
- libSQL (SQLite-compatible) hosted on Turso cloud
- Supports multi-tenant architecture via
tenant_id
Local SQLite:
- Used for LiveKit settings (legacy)
- Fast local storage for non-shared data
Tauri Plugin Store:
- Stores Turso and LiveKit credentials
- Persists across app reinstalls
- Located at
~/Library/Application Support/com.forge.desktop/settings.json
Data Flow Architecture
App Initialization Flow
How it works:
- Window Hidden - The app window starts hidden to avoid showing a blank screen
- Load Settings - React loads saved credentials from the Plugin Store (settings.json)
- Initialize Turso - If credentials exist, React calls the Rust backend to connect to Turso
- Connect to Database - Rust establishes connection and creates tables if needed
- Show Window - Once connected, Rust shows the main window
- Render UI - React renders the dashboard with data from Turso
CRUD Operation Flow
How it works:
- React Component calls
invoke("get_all_ideas")to request data - Tauri IPC routes the call to the corresponding Rust command
- Rust Handler executes the
#[tauri::command]function - Turso DB receives the libSQL query and returns result rows
- Serde JSON serializes the Rust structs to JSON
- Promise resolves in React with the data
OAuth Authentication Flow
How it works:
- User clicks sign in - Initiates the OAuth flow
- PKCE Generation - App generates a code_verifier for security (Proof Key for Code Exchange)
- System Browser - Opens the default browser with Azure AD login URL
- Azure Login - User enters their Microsoft credentials
- Native Redirect - Azure redirects to
forge://oauth/callbackwhich the app handles via deep-link plugin - Token Exchange - App exchanges the authorization code for access and ID tokens
- Extract Tenant - The tenant_id is extracted from the JWT to scope data to the user’s organization
- Create User - User record is created/updated in Turso
- Show Dashboard - Session is stored in Zustand and dashboard is displayed
Database Schema
Entity Relationship Diagram
How to read this diagram:
The lines show relationships between database tables. ||--o{ means “one-to-many” (one record on the left relates to many records on the right).
| Relationship | Meaning |
|---|---|
| USERS → IDEAS | One user creates many ideas |
| USERS → GOALS | One user creates many goals |
| USERS → TASKS | One user creates many tasks |
| IDEAS → GOAL_IDEAS | One idea can be linked to many goals (many-to-many via junction table) |
| GOALS → TASKS | One goal can have many tasks |
| IDEAS → TASKS | One idea can have many tasks |
| IDEAS/GOALS/TASKS → COMMENTS | Each entity can have many comments |
| USERS → AUDIT_LOGS | All user actions generate audit log entries |
Multi-Tenancy
All queries are filtered by tenant_id to ensure data isolation between organizations:
SELECT * FROM ideas
WHERE author_id IN (
SELECT id FROM users WHERE tenant_id = ?
)This ensures users from one Microsoft 365 tenant cannot see data from another tenant.
Security Architecture
Authentication
| Component | Implementation |
|---|---|
| Identity Provider | Azure AD (Microsoft OAuth 2.0) |
| Auth Flow | Authorization Code with PKCE |
| Token Storage | In-memory (session only) |
| Session Management | Zustand store with persistence |
Credential Storage
| Credential | Storage Location | Encryption |
|---|---|---|
| Turso URL/Token | Tauri Plugin Store | At rest (OS-level) |
| LiveKit API Keys | Tauri Plugin Store | At rest (OS-level) |
| OAuth Tokens | Memory only | N/A (not persisted) |
Content Security Policy
The app uses a strict CSP configured in tauri.conf.json:
default-src 'self';
connect-src 'self' ipc: http://ipc.localhost wss: https:;
img-src 'self' asset: http://asset.localhost data: blob: https:;
script-src 'self' 'unsafe-eval';
style-src 'self' 'unsafe-inline' https://fonts.googleapis.com;
font-src 'self' https://fonts.gstatic.com;Real-time Features
User Presence
How it works:
- Update Presence - The app periodically calls
update_presence()to mark the user as online - Poll Database - Every 30 seconds, the app fetches the list of online users from Turso
- Display - Online users are shown in the UI with their avatars
- Timeout - Users who haven’t updated presence recently are marked as offline
Voice/Video Calling
How it works:
- Caller initiates - Caller’s app creates a call record in Turso with
create_call() - Callee polls - Callee’s app periodically checks Turso for incoming calls
- Accept call - Callee accepts, updating the call status in Turso
- WebRTC connection - Both apps connect to LiveKit Cloud using the LiveKit SDK
- Media streaming - LiveKit handles the actual audio/video transmission via WebRTC
| Step | Who | Action |
|---|---|---|
| 1 | Caller | Creates call record in Turso |
| 2 | Callee | Sees incoming call notification |
| 3 | Callee | Clicks Accept |
| 4 | Both | Connect to LiveKit room |
| 5 | Both | Exchange audio/video via WebRTC |
Technology Summary
| Component | Technology | Purpose |
|---|---|---|
| Desktop Framework | Tauri 2.x | Native desktop app with web frontend |
| Backend Language | Rust | Performance, safety, native integrations |
| Frontend Framework | React 19 | Component-based UI |
| Type System | TypeScript | Type safety in frontend |
| Styling | Tailwind CSS | Utility-first CSS |
| UI Components | shadcn/ui | Accessible, customizable components |
| State Management | Zustand + React Query | Client and server state |
| Cloud Database | Turso (libSQL) | Shared data storage |
| Local Storage | SQLite + Plugin Store | Settings and credentials |
| Authentication | Azure AD OAuth 2.0 | Microsoft identity |
| Real-time Comms | LiveKit | Voice and video calling |
Document Information
| Property | Value |
|---|---|
| Version | 1.0 |
| Last Updated | December 2024 |
| Classification | Technical Documentation |
Last updated on