Cinder — Local-first notes & todos for macOS

The premise

Built on the opposite premise.

Most notes apps ask you to ship your thinking to someone else's server. Cinder takes the other path entirely.

Local-first

Every note and task lives in an encrypted SQLite database on your own machine. Nothing to sign up for, nothing to phone home to.

Security as foundation

Sandboxed renderers, validated IPC, and an AES-256 database whose key never leaves the macOS Keychain. Hardening isn't a setting — it's the architecture.

Designed for sync, shipping without it

The data model is sync-ready — UUIDv7 IDs, timestamps, soft deletes. When sync arrives it'll be CRDT-based and end-to-end encrypted, not a naïve REST afterthought.

What works today

Three tools, one keystroke apart.

Notes, tasks, and prioritisation — woven together and reachable entirely from the keyboard.

Markdown notes that feel like writing

A WYSIWYG editor built on TipTap, with full-text search and frictionless capture.

WYSIWYG Markdown with full keyboard support
Autosave on a 500 ms debounce, plus explicit ⌘S flush
Full-text search across every title and body (SQLite FTS5)
Drag-and-drop import for .md and .html; export single notes or your whole library

~/notes/architecture.md

A todo system that earns its keep

Everything you'd expect from a serious task manager — priorities, projects, labels, recurrence — with a parser that reads plain English.

Natural-language quick-add: "Submit report tomorrow 5pm p1 @work"
Priorities P1–P4, projects, sections, and cross-cutting labels
Recurring tasks via RFC 5545 RRULE — completing one advances the date
Saved filters with a typed DSL: today & p1, @work & overdue

Today · 3 tasks

P1Today

@work

Tomorrow

The Eisenhower matrix, live

See every active task sorted by urgency and importance — then drag to re-prioritise in a single drop.

2×2 quadrant view with configurable urgency window and importance cutoff
Drag between quadrants to update priority and due date at once
Snapshot mode freezes a layout to compare against the live board
Scope the whole matrix to any project or label

Matrix

Urgent · Important

Important

Urgent

Later

⌘K and you're anywhere

Fuzzy-match across navigation, projects, labels, filters, and actions. Notes, tasks, the matrix, exports — all without lifting your hands off the keyboard.

Jump to any view, project, or label instantly
Create notes, open Settings or Help, trigger exports — all from the palette
Open Help with ⌘/ · Settings with ⌘, · everything documented in-app
Focus traps, ARIA landmarks, full keyboard operability throughout

⌘Ktoday & p1

Go to Today

Open Eisenhower Matrix

New note

Export all tasks → CSV

The renderer is treated as hostile

Hardened by design, not by toggle.

Every IPC channel is a public API and validated as such. These rules are enforced by Electron itself or rejected at lint time — not left to discipline.

Encrypted at rest

SQLite via SQLCipher, AES-256. The database key lives only in the macOS Keychain.

Sandboxed renderer

sandbox, contextIsolation on; nodeIntegration off. The renderer never touches Node.

Every payload validated

Zod schemas check each IPC message before it reaches business logic, plus an assertMainFrame() on every handler.

Dangerous APIs banned

eval, new Function, stray dangerouslySetInnerHTML, and renderer Node built-ins are rejected at lint time.

External links allow-listed

shell.openExternal is gated behind an https:-only allow-list. CSP set via response headers.

No raw file paths

All export, backup, and attachment I/O runs in the main process via native dialogs. The renderer never sees a path.

Cinder
your notes, kept close.