@mwguerra/hull 0.1.0

package/host/src/dispatcher.hpp

@@ -0,0 +1,81 @@
+#pragma once
+// Transport-agnostic bridge core. Bindings register handlers here; the same handlers
+// are then exposed over the webview (native build) AND over HTTP/SSE (browser dev
+// mode). Webview-free on purpose.
+//
+//   Handler: (args json) -> reply(result json)   — reply may be called sync or async.
+//   emit():  C++ -> UI push (settings:changed, etc.); also feeds the dev trace.
+#include <string>
+#include <vector>
+#include <map>
+#include <functional>
+#include <chrono>
+#include <nlohmann/json.hpp>
+
+using json = nlohmann::json;
+
+using Reply = std::function<void(const json& result)>;
+using Handler = std::function<void(const json& args, Reply reply)>;
+
+class Dispatcher {
+public:
+  void on(const std::string& name, Handler h) { handlers_[name] = std::move(h); }
+  bool has(const std::string& name) const { return handlers_.count(name) != 0; }
+
+  std::vector<std::string> names() const {
+    std::vector<std::string> out;
+    out.reserve(handlers_.size());
+    for (const auto& kv : handlers_) out.push_back(kv.first);
+    return out;
+  }
+
+  // Where C++ -> UI pushes go (webview eval, or SSE broadcast). Set by the transport.
+  void set_emit_sink(std::function<void(const std::string&, const json&)> sink) {
+    emit_sink_ = std::move(sink);
+  }
+  // Enable the dev trace (every call/reply/event mirrored on the "__trace" event).
+  void set_trace(bool on) { trace_ = on; }
+  bool tracing() const { return trace_; }
+
+  // C++ -> UI push.
+  void emit(const std::string& event, const json& payload) {
+    if (trace_ && event != "__trace") {
+      raw_emit("__trace", {{"type", "event"}, {"event", event}, {"payload", payload}, {"t", now_ms()}});
+    }
+    raw_emit(event, payload);
+  }
+
+  // Invoke a handler by name. `reply` is called exactly once (sync or async).
+  void invoke(const std::string& name, const json& args, Reply reply) {
+    auto it = handlers_.find(name);
+    if (it == handlers_.end()) {
+      reply(json{{"ok", false}, {"error", "unknown binding: " + name}});
+      return;
+    }
+    if (!trace_) { it->second(args, reply); return; }
+
+    const double t0 = now_ms();
+    static long long seq = 0;
+    const long long id = ++seq;
+    raw_emit("__trace", {{"type", "call"}, {"id", id}, {"name", name}, {"args", args}, {"t", t0}});
+    it->second(args, [this, name, id, t0, reply](const json& res) {
+      raw_emit("__trace", {{"type", "reply"}, {"id", id}, {"name", name},
+                           {"ok", res.value("ok", true)}, {"result", res},
+                           {"durMs", now_ms() - t0}});
+      reply(res);
+    });
+  }
+
+private:
+  void raw_emit(const std::string& event, const json& payload) {
+    if (emit_sink_) emit_sink_(event, payload);
+  }
+  static double now_ms() {
+    using namespace std::chrono;
+    return duration<double, std::milli>(steady_clock::now().time_since_epoch()).count();
+  }
+
+  std::map<std::string, Handler> handlers_;
+  std::function<void(const std::string&, const json&)> emit_sink_ = nullptr;
+  bool trace_ = false;
+};

package/host/src/file_store.hpp

@@ -0,0 +1,91 @@
+#pragma once
+// File storage core (webview-free, so it's unit-testable). Files live under
+// <app_data_dir>/files, named by a sanitized basename (no path traversal). Contents
+// pass through the secure layer: plaintext by default, AES-256-GCM in the secure build.
+#include <string>
+#include <fstream>
+#include <filesystem>
+#include <stdexcept>
+#include "paths.hpp"
+#include "secure.hpp"
+
+namespace fs = std::filesystem;
+
+namespace appfiles {
+
+inline fs::path dir() {
+  fs::path d = storage::app_data_dir() / "files";
+  fs::create_directories(d);
+  storage::lock_down(d);
+  return d;
+}
+
+// Reject anything that isn't a plain filename (no separators, "..", drive, etc.).
+inline std::string safe_name(const std::string& name) {
+  fs::path p(name);
+  if (name.empty() || p.filename().string() != name || name == "." || name == "..") {
+    throw std::runtime_error("invalid file name (use a plain name, no path separators)");
+  }
+  return name;
+}
+
+inline std::string b64encode(const std::string& in) {
+  static const char* T =
+      "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+  std::string out;
+  out.reserve(((in.size() + 2) / 3) * 4);
+  const auto* d = reinterpret_cast<const unsigned char*>(in.data());
+  for (size_t i = 0; i < in.size(); i += 3) {
+    int n = d[i] << 16;
+    if (i + 1 < in.size()) n |= d[i + 1] << 8;
+    if (i + 2 < in.size()) n |= d[i + 2];
+    out.push_back(T[(n >> 18) & 63]);
+    out.push_back(T[(n >> 12) & 63]);
+    out.push_back(i + 1 < in.size() ? T[(n >> 6) & 63] : '=');
+    out.push_back(i + 2 < in.size() ? T[n & 63] : '=');
+  }
+  return out;
+}
+
+inline std::string b64decode(const std::string& in) {
+  auto val = [](char c) -> int {
+    if (c >= 'A' && c <= 'Z') return c - 'A';
+    if (c >= 'a' && c <= 'z') return c - 'a' + 26;
+    if (c >= '0' && c <= '9') return c - '0' + 52;
+    if (c == '+') return 62;
+    if (c == '/') return 63;
+    return -1;
+  };
+  std::string out;
+  int buf = 0, bits = 0;
+  for (char c : in) {
+    int v = val(c);
+    if (v < 0) continue; // skip '=', whitespace, etc.
+    buf = (buf << 6) | v;
+    bits += 6;
+    if (bits >= 8) { bits -= 8; out.push_back((char)((buf >> bits) & 0xFF)); }
+  }
+  return out;
+}
+
+inline void write_file(const std::string& name, const std::string& bytes) {
+  const fs::path target = dir() / safe_name(name);
+  const std::string blob = secure::encrypt(bytes);
+  fs::path tmp = target; tmp += ".tmp";
+  { std::ofstream f(tmp, std::ios::binary | std::ios::trunc);
+    f.write(blob.data(), (std::streamsize)blob.size()); }
+  fs::rename(tmp, target);
+  storage::lock_down(target);
+}
+
+inline std::string read_file(const std::string& name) {
+  const fs::path target = dir() / safe_name(name);
+  std::ifstream f(target, std::ios::binary);
+  if (!f) throw std::runtime_error("file not found: " + name);
+  std::string blob((std::istreambuf_iterator<char>(f)), std::istreambuf_iterator<char>());
+  auto plain = secure::decrypt(blob);
+  if (!plain) throw std::runtime_error("could not read file (wrong key or corrupt): " + name);
+  return *plain;
+}
+
+} // namespace appfiles

package/host/src/keychain.hpp

@@ -0,0 +1,157 @@
+#pragma once
+// OS keychain access (Windows Credential Manager / macOS Keychain / Linux libsecret).
+// Webview-free so the crypto layer (secure.hpp) and DB (db_core.hpp) can fetch keys
+// without pulling in the web view. The UI-facing bindings live in credentials.hpp.
+#include <string>
+#include <optional>
+#include <stdexcept>
+
+namespace secrets {
+
+bool store(const std::string& service, const std::string& account, const std::string& secret);
+std::optional<std::string> load(const std::string& service, const std::string& account);
+bool erase(const std::string& service, const std::string& account);
+
+// ----------------------------- Windows -----------------------------
+#if defined(_WIN32)
+} // namespace secrets
+#include <windows.h>
+#include <wincred.h>
+namespace secrets {
+
+inline std::wstring target(const std::string& service, const std::string& account) {
+  std::string key = service + ":" + account;
+  return std::wstring(key.begin(), key.end());
+}
+
+inline bool store(const std::string& service, const std::string& account,
+                  const std::string& secret) {
+  std::wstring t = target(service, account);
+  CREDENTIALW cred{};
+  cred.Type = CRED_TYPE_GENERIC;
+  cred.TargetName = const_cast<LPWSTR>(t.c_str());
+  cred.CredentialBlobSize = static_cast<DWORD>(secret.size());
+  cred.CredentialBlob = reinterpret_cast<LPBYTE>(const_cast<char*>(secret.data()));
+  cred.Persist = CRED_PERSIST_LOCAL_MACHINE; // per-user store; survives reboot
+  return CredWriteW(&cred, 0) == TRUE;
+}
+
+inline std::optional<std::string> load(const std::string& service,
+                                       const std::string& account) {
+  std::wstring t = target(service, account);
+  PCREDENTIALW pcred = nullptr;
+  if (!CredReadW(t.c_str(), CRED_TYPE_GENERIC, 0, &pcred)) return std::nullopt;
+  std::string secret(reinterpret_cast<char*>(pcred->CredentialBlob),
+                     pcred->CredentialBlobSize);
+  CredFree(pcred);
+  return secret;
+}
+
+inline bool erase(const std::string& service, const std::string& account) {
+  std::wstring t = target(service, account);
+  return CredDeleteW(t.c_str(), CRED_TYPE_GENERIC, 0) == TRUE;
+}
+
+// ----------------------------- macOS -----------------------------
+#elif defined(__APPLE__)
+} // namespace secrets
+#include <Security/Security.h>
+namespace secrets {
+
+inline bool store(const std::string& service, const std::string& account,
+                  const std::string& secret) {
+  erase(service, account); // replace if present
+  OSStatus st = SecKeychainAddGenericPassword(
+      nullptr,
+      (UInt32)service.size(), service.c_str(),
+      (UInt32)account.size(), account.c_str(),
+      (UInt32)secret.size(),  secret.data(),
+      nullptr);
+  return st == errSecSuccess;
+}
+
+inline std::optional<std::string> load(const std::string& service,
+                                       const std::string& account) {
+  void* data = nullptr; UInt32 len = 0; SecKeychainItemRef item = nullptr;
+  OSStatus st = SecKeychainFindGenericPassword(
+      nullptr,
+      (UInt32)service.size(), service.c_str(),
+      (UInt32)account.size(), account.c_str(),
+      &len, &data, &item);
+  if (st != errSecSuccess) return std::nullopt;
+  std::string secret(static_cast<char*>(data), len);
+  SecKeychainItemFreeContent(nullptr, data);
+  if (item) CFRelease(item);
+  return secret;
+}
+
+inline bool erase(const std::string& service, const std::string& account) {
+  void* data = nullptr; UInt32 len = 0; SecKeychainItemRef item = nullptr;
+  OSStatus st = SecKeychainFindGenericPassword(
+      nullptr,
+      (UInt32)service.size(), service.c_str(),
+      (UInt32)account.size(), account.c_str(),
+      &len, &data, &item);
+  if (st != errSecSuccess) return false;
+  if (data) SecKeychainItemFreeContent(nullptr, data);
+  bool ok = item && SecKeychainItemDelete(item) == errSecSuccess;
+  if (item) CFRelease(item);
+  return ok;
+}
+
+// ----------------------------- Linux (libsecret) -----------------------------
+#else
+} // namespace secrets
+#include <libsecret/secret.h>
+namespace secrets {
+
+inline const SecretSchema* schema() {
+  static const SecretSchema s = {
+      "com.mwguerra.hull", SECRET_SCHEMA_NONE,
+      {
+          {"service", SECRET_SCHEMA_ATTRIBUTE_STRING},
+          {"account", SECRET_SCHEMA_ATTRIBUTE_STRING},
+          {nullptr, SECRET_SCHEMA_ATTRIBUTE_STRING},
+      }};
+  return &s;
+}
+
+inline bool store(const std::string& service, const std::string& account,
+                  const std::string& secret) {
+  GError* err = nullptr;
+  gboolean ok = secret_password_store_sync(
+      schema(), SECRET_COLLECTION_DEFAULT,
+      (service + ":" + account).c_str(), // label
+      secret.c_str(), nullptr, &err,
+      "service", service.c_str(),
+      "account", account.c_str(), nullptr);
+  if (err) { g_error_free(err); return false; }
+  return ok == TRUE;
+}
+
+inline std::optional<std::string> load(const std::string& service,
+                                       const std::string& account) {
+  GError* err = nullptr;
+  gchar* pw = secret_password_lookup_sync(
+      schema(), nullptr, &err,
+      "service", service.c_str(),
+      "account", account.c_str(), nullptr);
+  if (err) { g_error_free(err); return std::nullopt; }
+  if (!pw) return std::nullopt;
+  std::string secret(pw);
+  secret_password_free(pw);
+  return secret;
+}
+
+inline bool erase(const std::string& service, const std::string& account) {
+  GError* err = nullptr;
+  gboolean ok = secret_password_clear_sync(
+      schema(), nullptr, &err,
+      "service", service.c_str(),
+      "account", account.c_str(), nullptr);
+  if (err) { g_error_free(err); return false; }
+  return ok == TRUE;
+}
+#endif
+
+} // namespace secrets