The local control plane for your AI tools' MCP servers - discover, quarantine, and encrypt, all from your menu bar.
What it does • Getting Started • Installation • Build from source • How it works • Architecture • Credits
Edison Watch Desktop is the local control plane for Edison Watch that governs the MCP servers wired into your AI tools, using a menu-bar app that watches every client on your machine. It discovers the servers your AI clients have configured, quarantines risky or unapproved ones before they can run, encrypts their credentials with zero-knowledge keys, and bridges local servers to the Edison Watch gateway through a single outbound tunnel. Built for developers who run MCP servers across many AI clients and want one place to see and control them all.
Discover → review → approve → encrypt → bridge, without secrets ever leaving your device in the clear.
Warning
Edison Watch Desktop is experimental software under active development and has not had an independent security audit. It is a client for the Edison Watch platform - it requires an Edison Watch account and connects to the Edison backend. UI, on-disk formats, and behavior may change before a 1.0 release.
Modern AI tools (Claude, Cursor, VS Code, and friends) connect to MCP servers that can read your files, hold credentials, and reach the network. They're configured in a dozen different places and are easy to lose track of. Edison Watch Desktop gives you one place to see and control them:
- Discover - every MCP server configured across the AI clients installed on your machine, with no manual inventory.
- Quarantine - newly-appeared or unapproved servers ("shadow MCPs") before they can run, with a review-and-approve flow.
- Encrypt - credentials with zero-knowledge keys (personal and organization), so secrets never leave your device in the clear.
- Bridge - local stdio MCP servers to the Edison Watch gateway through the bundled
edison-stdioddaemon: a single outbound, no-inbound-ports tunnel, so they're reachable and governed without being exposed. - Stay current - with in-app auto-updates.
Claude Code · Claude Desktop · Claude Cowork · Cursor · VS Code · Windsurf · Zed · JetBrains IDEs · Codex
- Install the app - see Installation (or build from source until signed installers ship).
- Launch it - the app lives in your menu bar / system tray. A setup wizard walks you through signing in, connecting your installed AI clients, and setting up encryption.
- Review - from then on the app watches your clients' MCP configuration, surfaces changes for approval, and keeps the tunnel to the Edison Watch backend healthy.
New to MCP? See the Model Context Protocol docs.
Note
Prebuilt, signed installers will be published on the Releases page. Until then, build from source.
| Platform | Format |
|---|---|
.dmg (universal - Apple Silicon + Intel) |
|
.exe installer (x64, arm64) |
|
.AppImage (x64, arm64) |
TLDR: git clone → npm install → npm run dev.
⚙️ Building from source
You'll need Node.js 22+ and npm. The app depends on @edison-watch/shared, published to npm, so a plain clone and install pulls everything in:
git clone https://github.com/Edison-Watch/desktop.git
cd desktop
npm installThen:
npm run dev # run the app in development with hot reload
npm run build # typecheck + build the renderer/main/preload bundles
npm run typecheck # typecheck only (node + web projects)
npm run test # unit tests (vitest)Packaging installers also bundles the edison-stdiod daemon and per-platform runtimes; see the build:mac / build:win / build:linux scripts in package.json and the helpers under scripts/.
The app runs in your menu bar / system tray and supervises the bundled edison-stdiod daemon. On first launch a setup wizard walks you through signing in, connecting your installed AI clients, and setting up encryption. From then on it watches your clients' MCP configuration, surfaces changes for review, and keeps the tunnel to the Edison Watch backend healthy.
TLDR: everything runs locally except the Edison Watch cloud; the desktop app and edison-stdiod reach it over two outbound-initiated but bidirectional links, and the backend pushes events (trifecta / pre-block approvals, quarantine) back to the app.
Expand
Same diagram as docs/architecture.svg above, rendered as ASCII so it shows up anywhere. It captures the durable component and trust/network boundaries - not the on-disk layout, which is free to change. Both links to the cloud are initiated outbound from your machine (no inbound ports), but data flows both ways: the backend pushes events back to the app.
YOUR MACHINE (everything below runs locally)
┌────────────────────────────────────────────────────────────┐
│ AI clients (Claude · Cursor · VS Code · …) │
│ │ MCP configs watched on disk │
│ ▼ │
│ Edison Watch Desktop app │
│ Renderer UI ◀─ IPC / preload bridge ─▶ Main process │
│ │ supervises │
│ ▼ │
│ edison-stdiod daemon (bridges local stdio MCP servers) │
└────────────────────────────────────────────────────────────┘
▲ ▲
│ control plane (app ⇅ backend) │ MCP bridge
│ backend PUSHES events to app: │ outbound-initiated
▼ trifecta / approvals / quarantine ▼ tunnel, no inbound ports
┌────────────────────────────────────────────────────────────┐
│ Edison Watch cloud (remote · off your machine) │
│ backend API · MCP gateway │
└────────────────────────────────────────────────────────────┘
TLDR: Code-signing secrets for release builds (see .env.example); dev toggles for local runs.
Expand
Release / code-signing (macOS):
| Variable | Description |
|---|---|
CSC_LINK |
Path or base64 of the Developer ID signing certificate |
CSC_KEY_PASSWORD |
Password for the signing certificate |
APPLE_ID |
Apple ID used for notarization |
APPLE_APP_SPECIFIC_PASSWORD |
App-specific password for notarization |
APPLE_TEAM_ID |
Apple Developer Team ID |
Development / runtime toggles:
| Variable | Description |
|---|---|
EDISON_DRY_RUN |
Set to 1 to short-circuit the edison-stdiod daemon (used by Playwright/Storybook/tests) |
EDISON_DEBUG_RENDERER |
Set to true to open the renderer DevTools on launch |
EW_UPDATE_TEST / EW_UPDATE_FEED |
Point auto-update at a local feed for testing without publishing |
- Edison-Watch/stdiod - the
edison-stdiodtunnel daemon bundled with this app. - Edison-Watch/shared - shared React components, design tokens, and client utilities, consumed here as the
@edison-watch/sharednpm package.
Please do not report security issues through public GitHub issues or pull requests. Report privately via the repository's Security tab ("Report a vulnerability") or by emailing security@edison.watch.
Issues and focused pull requests are welcome. Please keep changes small and run npm run typecheck and npm run test before opening a PR.
This software is built with:
- Electron - cross-platform desktop runtime
- electron-vite - build tooling
- React 19 - renderer UI
- Tailwind CSS - styling
- Storybook - component development
- Playwright + Vitest - end-to-end and unit testing
- prek - Rust-based pre-commit framework
Made with contrib.rocks.
Licensed under the GNU Affero General Public License v3.0.