Skip to content

Desktop and web

CrossXCloud has two surfaces. You build infrastructure in the desktop app, and you manage organizations and projects in CrossXWeb, the browser companion. A secure handoff connects them.

Surface Runs where What it does What it does not do
CrossXCloud desktop app Native desktop window Build infrastructure: edit the canvas, Plan, Apply, browse history. Accepts and uses cloud credentials. Manage orgs and projects.
CrossXWeb Browser Manage orgs and projects, view a project’s infrastructure as a read-only canvas. Edit infrastructure. Hold cloud credentials. Make provider calls.

The boundary is deliberate. The desktop app is the only surface that ever touches your cloud credentials, because it is the only surface that can run on a machine you control. The browser never holds credentials and never makes a provider call.

You start in CrossXWeb. Create an organization and a project there. Then use the “Open in Desktop” action on a project. CrossXWeb issues a short-lived signed deep-link and the OS opens the CrossXCloud desktop app, navigated to that project.

The deep-link carries enough context to know which org and project you opened, plus a short-lived token that lets the desktop app authenticate. You do not need to sign in again in the desktop app. The token is short-lived, which keeps the attack surface small.

sequenceDiagram
    participant User
    participant Web as CrossXWeb (browser)
    participant OS
    participant Desktop as CrossXCloud (desktop)
    participant Cloud as Cloud Provider

    User->>Web: Create org and project
    User->>Web: Click "Open in Desktop"
    Web->>OS: Deep-link with short-lived JWT
    OS->>Desktop: Open app, navigate to project
    Desktop->>Cloud: Read live infrastructure
    User->>Desktop: Edit canvas, Plan, Apply
    Desktop->>Cloud: Apply changes
    Desktop->>Web: Write desired state to shared data
    Web->>User: Read-only canvas shows latest state

See Organizations and projects for the everyday walkthrough.

When you Plan and Apply in the desktop app, the resulting desired state is written to your project’s shared data. CrossXWeb’s read-only canvas reads that state, so anyone looking at the project in the browser sees the latest applied infrastructure.

The browser view is not a live mirror of your cloud. It is the latest committed desired state from the desktop app.

The desktop app needs to be on a machine you trust, because it holds your credentials. The browser is where you do organization and project management that should be reachable from anywhere and shareable with a team.

Keeping them separate means the credential-bearing surface never has to be a website, and the team-facing surface never has to hold credentials.