@tuskydp/cli 0.2.1 → 0.4.0

package/src/mcp/tools/files.ts

@@ -1,9 +1,8 @@
 /**
  * MCP tools — File operations
  *
- * Handles upload with client-side encryption for private vaults,
- * SEAL encryption for shared vaults, download with decryption and
- * rehydration polling for cold files.
+ * Handles upload with SEAL encryption for shared vaults, download
+ * with decryption and rehydration polling for cold files.
  */
 
 import { z } from 'zod';
@@ -13,8 +12,7 @@ import { basename, resolve, join } from 'path';
 import { lookup } from 'mime-types';
 import type { McpServer } from '@modelcontextprotocol/sdk/server/mcp.js';
 import type { McpContext } from '../context.js';
-import { encryptBuffer, decryptBuffer } from '../../crypto.js';
-import { isSealConfigured, sealEncrypt, sealDecrypt } from '../../seal.js';
+import { isSealConfigured, sealEncrypt, sealDecrypt, sealEncryptMetadata, sealDecryptMetadata } from '../../seal.js';
 import { wrapToolError } from './helpers.js';
 
 // ---------------------------------------------------------------------------
@@ -79,10 +77,9 @@ async function fetchAndDecryptFile(fileId: string, ctx: McpContext) {
   const arrayBuf = await response.arrayBuffer();
   let fileBuffer: Buffer = Buffer.from(arrayBuf as ArrayBuffer);
 
-  // Decrypt if needed — dispatch on encryption type
+  // Decrypt if needed — SEAL-encrypted (shared vault)
   if (encryption?.encrypted) {
     if ('type' in encryption && encryption.type === 'seal') {
-      // SEAL-encrypted (shared vault)
       const keypair = ctx.getSuiKeypair();
       if (!keypair) {
         throw new Error(
@@ -94,23 +91,6 @@ async function fetchAndDecryptFile(fileId: string, ctx: McpContext) {
       const vault = await ctx.sdk.vaults.get(fileInfo.vaultId);
       const decrypted = await sealDecrypt(new Uint8Array(fileBuffer), vault, keypair);
       fileBuffer = Buffer.from(decrypted);
-    } else {
-      // Passphrase-encrypted (private vault)
-      const masterKey = ctx.getMasterKey();
-      if (!masterKey) {
-        throw new Error(
-          'Encryption passphrase required to decrypt this file. ' +
-          'Set the TUSKYDP_PASSWORD environment variable in your MCP server config.',
-        );
-      }
-      const enc = encryption as { type: 'passphrase'; encrypted: true; wrappedKey: string; iv: string; plaintextChecksumSha256: string | null };
-      fileBuffer = decryptBuffer(
-        fileBuffer,
-        enc.wrappedKey,
-        enc.iv,
-        masterKey,
-        enc.plaintextChecksumSha256 ?? undefined,
-      );
     }
   }
 
@@ -118,7 +98,33 @@ async function fetchAndDecryptFile(fileId: string, ctx: McpContext) {
 }
 
 /**
- * Encrypt (if private vault) and upload a buffer to Tusky.
+ * Resolve the real filename from a FileStatusResponse.
+ * Decrypts encryptedMetadata (shared vaults) when present.
+ * Falls back to the stored placeholder name on failure.
+ */
+async function resolveFilename(
+  fileInfo: { name: string; nameEncrypted?: boolean; encryptedMetadata?: string | null; fileId?: string },
+  ctx: McpContext,
+): Promise<string> {
+  if (!fileInfo.nameEncrypted) return fileInfo.name;
+  try {
+    if (fileInfo.encryptedMetadata && fileInfo.fileId) {
+      const keypair = ctx.getSuiKeypair();
+      if (keypair) {
+        const fileObj = await ctx.sdk.files.get(fileInfo.fileId);
+        const vault = await ctx.sdk.vaults.get(fileObj.vaultId);
+        const meta = await sealDecryptMetadata(fileInfo.encryptedMetadata, vault, keypair);
+        return meta.n;
+      }
+    }
+  } catch {
+    // Fall through to placeholder
+  }
+  return fileInfo.name;
+}
+
+/**
+ * Encrypt (if shared vault) and upload a buffer to Tusky.
  * Shared by tusky_file_upload (from disk) and tusky_file_create (from content).
  */
 async function encryptAndUpload(
@@ -130,37 +136,16 @@ async function encryptAndUpload(
   ctx: McpContext,
 ) {
   const vault = await ctx.sdk.vaults.get(vaultId);
-  const isPrivate = vault.visibility === 'private';
   const isShared = vault.visibility === 'shared' && isSealConfigured(vault);
 
   let uploadBody: Buffer;
   let encryptionMeta: {
-    wrappedKey?: string;
-    encryptionIv?: string;
-    plaintextSizeBytes?: number;
-    plaintextChecksumSha256?: string;
     sealIdentity?: string;
     sealEncryptedObject?: string;
+    encryptedMetadata?: string;
   } = {};
 
-  if (isPrivate) {
-    const masterKey = ctx.getMasterKey();
-    if (!masterKey) {
-      throw new Error(
-        'Encryption passphrase required for private vault uploads. ' +
-        'Set the TUSKYDP_PASSWORD environment variable in your MCP server config.',
-      );
-    }
-
-    const { ciphertext, wrappedKey, iv, plaintextChecksum } = encryptBuffer(fileBuffer, masterKey);
-    uploadBody = ciphertext;
-    encryptionMeta = {
-      wrappedKey,
-      encryptionIv: iv,
-      plaintextSizeBytes: fileBuffer.length,
-      plaintextChecksumSha256: plaintextChecksum,
-    };
-  } else if (isShared) {
+  if (isShared) {
     const keypair = ctx.getSuiKeypair();
     if (!keypair) {
       throw new Error(
@@ -175,7 +160,7 @@ async function encryptAndUpload(
     encryptionMeta = {
       sealIdentity: sealResult.sealIdentity,
       sealEncryptedObject: sealResult.sealEncryptedObject,
-      plaintextSizeBytes: fileBuffer.length,
+      encryptedMetadata: await sealEncryptMetadata(fileName, mimeType, vault, fileNonce),
     };
   } else {
     uploadBody = fileBuffer;
@@ -205,7 +190,7 @@ async function encryptAndUpload(
   // Confirm upload
   const file = await ctx.sdk.files.confirmUpload(fileId);
 
-  return { file, isPrivate, isShared, uploadedSizeBytes: uploadBody.length };
+  return { file, isShared, uploadedSizeBytes: uploadBody.length };
 }
 
 // ---------------------------------------------------------------------------
@@ -216,7 +201,7 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
   // ── Upload file from disk ──────────────────────────────────────────────
   server.tool(
     'tusky_file_upload',
-    'Upload a file from a local filesystem path to a vault. Handles encryption transparently for private vaults. Use tusky_file_create instead if you want to upload content directly without a file on disk.',
+    'Upload a file from a local filesystem path to a vault. Handles SEAL encryption transparently for shared vaults. Use tusky_file_create instead if you want to upload content directly without a file on disk.',
     {
       filePath: z.string().describe('Absolute or relative path to the local file to upload'),
       vaultId: z.string().describe('Target vault ID'),
@@ -241,7 +226,7 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
         const fileName = basename(resolvedPath);
         const mimeType = lookup(resolvedPath) || 'application/octet-stream';
 
-        const { file, isPrivate, isShared, uploadedSizeBytes } = await encryptAndUpload(
+        const { file, isShared, uploadedSizeBytes } = await encryptAndUpload(
           fileBuffer, fileName, mimeType, vaultId, folderId, ctx,
         );
 
@@ -249,8 +234,8 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
           content: [{ type: 'text' as const, text: JSON.stringify({
             ...file,
             localPath: resolvedPath,
-            encrypted: isPrivate || isShared,
-            encryptionType: isPrivate ? 'passphrase' : isShared ? 'seal' : 'none',
+            encrypted: isShared,
+            encryptionType: isShared ? 'seal' : 'none',
             uploadedSizeBytes,
           }, null, 2) }],
         };
@@ -263,7 +248,7 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
   // ── Create file from content ─────────────────────────────────────────
   server.tool(
     'tusky_file_create',
-    'Create a file in a vault from raw content (text or base64-encoded binary). Use this when you want to upload content directly without needing a file on disk. Handles encryption transparently for private vaults.',
+    'Create a file in a vault from raw content (text or base64-encoded binary). Use this when you want to upload content directly without needing a file on disk. Handles SEAL encryption transparently for shared vaults.',
     {
       name: z.string().describe('File name including extension (e.g. "report.md", "data.json", "image.png")'),
       content: z.string().describe('File content: plain text for text files, or base64-encoded string for binary files'),
@@ -282,15 +267,15 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
 
         const mimeType = lookup(name) || 'application/octet-stream';
 
-        const { file, isPrivate, isShared, uploadedSizeBytes } = await encryptAndUpload(
+        const { file, isShared, uploadedSizeBytes } = await encryptAndUpload(
           fileBuffer, name, mimeType, vaultId, folderId, ctx,
         );
 
         return {
           content: [{ type: 'text' as const, text: JSON.stringify({
             ...file,
-            encrypted: isPrivate || isShared,
-            encryptionType: isPrivate ? 'passphrase' : isShared ? 'seal' : 'none',
+            encrypted: isShared,
+            encryptionType: isShared ? 'seal' : 'none',
             uploadedSizeBytes,
           }, null, 2) }],
         };
@@ -303,7 +288,7 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
   // ── Download file (to disk) ────────────────────────────────────────────
   server.tool(
     'tusky_file_download',
-    'Download a file by ID and save it to a local path on disk. Handles decryption for private vaults and rehydration for cold files. Use tusky_file_read instead if you just want the file content returned directly.',
+    'Download a file by ID and save it to a local path on disk. Handles SEAL decryption for shared vaults and rehydration for cold files. Use tusky_file_read instead if you just want the file content returned directly.',
     {
       fileId: z.string().describe('File ID to download'),
       outputPath: z.string().describe('Local path to save the file (must be writable)'),
@@ -313,13 +298,14 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
         const { fileBuffer, encryption } = await fetchAndDecryptFile(fileId, ctx);
 
         const fileInfo = await ctx.sdk.files.getStatus(fileId);
+        const realName = await resolveFilename({ ...fileInfo, fileId }, ctx);
         const finalPath = resolve(outputPath);
 
         writeFileSync(finalPath, fileBuffer);
 
         const result = {
           fileId,
-          name: fileInfo.name,
+          name: realName,
           savedTo: finalPath,
           sizeBytes: fileBuffer.length,
           mimeType: fileInfo.mimeType,
@@ -338,7 +324,7 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
   // ── Read file content (inline) ───────────────────────────────────────
   server.tool(
     'tusky_file_read',
-    'Read a file\'s content and return it directly. For text files the content is returned as text. For binary files it is returned as base64. Handles decryption for private vaults and rehydration for cold files transparently. Prefer this over tusky_file_download when you need to inspect file content.',
+    'Read a file\'s content and return it directly. For text files the content is returned as text. For binary files it is returned as base64. Handles SEAL decryption for shared vaults and rehydration for cold files transparently. Prefer this over tusky_file_download when you need to inspect file content.',
     {
       fileId: z.string().describe('File ID to read'),
     },
@@ -346,6 +332,7 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
       try {
         const { fileBuffer, encryption } = await fetchAndDecryptFile(fileId, ctx);
         const fileInfo = await ctx.sdk.files.getStatus(fileId);
+        const realName = await resolveFilename({ ...fileInfo, fileId }, ctx);
 
         const isText = isTextMimeType(fileInfo.mimeType);
 
@@ -354,7 +341,7 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
             content: [
               {
                 type: 'text' as const,
-                text: `--- ${fileInfo.name} (${fileInfo.mimeType}, ${fileBuffer.length} bytes${encryption?.encrypted ? ', decrypted' : ''}) ---\n\n${fileBuffer.toString('utf-8')}`,
+                text: `--- ${realName} (${fileInfo.mimeType}, ${fileBuffer.length} bytes${encryption?.encrypted ? ', decrypted' : ''}) ---\n\n${fileBuffer.toString('utf-8')}`,
               },
             ],
           };
@@ -367,7 +354,7 @@ export function registerFileTools(server: McpServer, ctx: McpContext) {
               type: 'text' as const,
               text: JSON.stringify({
                 fileId,
-                name: fileInfo.name,
+                name: realName,
                 mimeType: fileInfo.mimeType,
                 sizeBytes: fileBuffer.length,
                 wasEncrypted: encryption?.encrypted ?? false,

package/src/mcp/tools/vaults.ts

@@ -15,8 +15,8 @@ export function registerVaultTools(server: McpServer, ctx: McpContext) {
     {
       name: z.string().describe('Vault name'),
       description: z.string().optional().describe('Vault description'),
-      visibility: z.enum(['public', 'private', 'shared']).optional().describe(
-        'Vault visibility. "private" uses passphrase-based E2E encryption. "shared" uses SEAL protocol for multi-party access. Defaults to "private".',
+      visibility: z.enum(['public', 'shared']).optional().describe(
+        'Vault visibility. "shared" uses SEAL protocol for multi-party access. Defaults to "public".',
       ),
     },
     async ({ name, description, visibility }) => {
@@ -24,7 +24,7 @@ export function registerVaultTools(server: McpServer, ctx: McpContext) {
         const vault = await ctx.sdk.vaults.create({
           name,
           description,
-          visibility: visibility ?? 'private',
+          visibility: visibility ?? 'public',
         });
         return {
           content: [{ type: 'text' as const, text: JSON.stringify(vault, null, 2) }],

package/src/seal.ts

@@ -18,7 +18,7 @@ import { Ed25519Keypair } from '@mysten/sui/keypairs/ed25519';
 import { SuiJsonRpcClient } from '@mysten/sui/jsonRpc';
 import { Transaction } from '@mysten/sui/transactions';
 import { fromHex } from '@mysten/sui/utils';
-import { SEAL_PACKAGE_ID, SEAL_DEFAULT_KEY_SERVER_CONFIGS } from '@tuskydp/shared/constants.js';
+import { SEAL_PACKAGE_ID, SEAL_DEFAULT_KEY_SERVER_CONFIGS, METADATA_NONCE_PREFIX } from '@tuskydp/shared/constants.js';
 import type { VaultResponse } from '@tuskydp/sdk';
 import { getSuiPrivateKey } from './config.js';
 
@@ -193,6 +193,39 @@ export async function sealEncrypt(
   };
 }
 
+/**
+ * Encrypt filename + MIME type using SEAL for a shared vault.
+ * Uses a distinct nonce (METADATA_NONCE_PREFIX + fileNonce) so the metadata
+ * identity differs from the file content identity.
+ *
+ * Returns base64-encoded full SEAL EncryptedObject (stored in encrypted_metadata column).
+ */
+export async function sealEncryptMetadata(
+  name: string,
+  mimeType: string,
+  vault: VaultResponse,
+  fileNonce: string,
+): Promise<string> {
+  const plaintext = new TextEncoder().encode(JSON.stringify({ n: name, m: mimeType }));
+  const metaNonce = METADATA_NONCE_PREFIX + fileNonce;
+  const result = await sealEncrypt(plaintext, vault, metaNonce);
+  return Buffer.from(result.encryptedData).toString('base64');
+}
+
+/**
+ * Decrypt an encryptedMetadata blob produced by sealEncryptMetadata.
+ * Returns the original { n: name, m: mimeType }.
+ */
+export async function sealDecryptMetadata(
+  encryptedBase64: string,
+  vault: VaultResponse,
+  keypair: import('@mysten/sui/keypairs/ed25519').Ed25519Keypair,
+): Promise<{ n: string; m: string }> {
+  const encryptedData = new Uint8Array(Buffer.from(encryptedBase64, 'base64'));
+  const plaintext = await sealDecrypt(encryptedData, vault, keypair);
+  return JSON.parse(new TextDecoder().decode(plaintext));
+}
+
 // ---------------------------------------------------------------------------
 // Decrypt
 // ---------------------------------------------------------------------------

package/src/tui/files-panel.ts

@@ -2,17 +2,25 @@ import blessed from 'blessed';
 import type { TuskyClient } from '@tuskydp/sdk';
 import { formatBytes, formatDate, formatRow, statusColor, statusColorClose, getCurrentTheme } from './helpers.js';
 
+export interface FolderItem {
+  id: string;
+  name: string;
+  parentId: string | null;
+}
+
 export interface FileItem {
   id: string;
   name: string;
   sizeBytes: number;
-  plaintextSizeBytes: number | null;
   mimeType: string;
   status: string;
   createdAt: string;
   walrusBlobId: string | null;
   walrusBlobObjectId: string | null;
   encrypted: boolean;
+  folderId: string | null;
+  autoRenew: boolean;
+  ppuEpochEnd: string | null;
 }
 
 export class FilesPanel {
@@ -20,9 +28,15 @@ export class FilesPanel {
   private screen: blessed.Widgets.Screen;
   private sdk: TuskyClient;
   private files: FileItem[] = [];
+  private folders: FolderItem[] = [];
+  /** Combined display items: folders first, then files */
+  private displayItems: Array<{ type: 'folder'; folder: FolderItem } | { type: 'file'; file: FileItem } | { type: 'parent' }> = [];
   private loading = false;
   private currentVaultId: string | null = null;
   private currentVaultName = '';
+  private currentFolderId: string | null = null;
+  private currentFolderName: string | null = null;
+  private folderStack: Array<{ id: string | null; name: string | null }> = [];
 
   constructor(
     screen: blessed.Widgets.Screen,
@@ -63,32 +77,77 @@ export class FilesPanel {
     });
   }
 
-  async loadForVault(vaultId: string, vaultName: string) {
+  async loadForVault(vaultId: string, vaultName: string, folderId?: string | null) {
     if (this.loading) return;
     this.loading = true;
     this.currentVaultId = vaultId;
     this.currentVaultName = vaultName;
-    this.list.setLabel(` Files — ${vaultName} `);
-    this.list.setItems(['Loading files...'] as any);
+
+    if (folderId !== undefined) {
+      this.currentFolderId = folderId;
+    }
+
+    const folderPath = this.currentFolderName
+      ? `${vaultName} / ${this.currentFolderName}`
+      : vaultName;
+    this.list.setLabel(` Files — ${folderPath} `);
+    this.list.setItems(['Loading...'] as any);
     this.screen.render();
 
     try {
-      const { files } = await this.sdk.files.list({ vaultId, limit: 100, sortBy: 'createdAt', order: 'desc' });
-      this.files = files.map((f) => ({
+      // Load folders and files for current context
+      const [foldersResult, filesResult] = await Promise.all([
+        this.sdk.folders.list({ vaultId, parentId: this.currentFolderId || undefined }).catch(() => []),
+        this.sdk.files.list({
+          vaultId,
+          folderId: this.currentFolderId || undefined,
+          limit: 100,
+          sortBy: 'createdAt',
+          order: 'desc',
+        }),
+      ]);
+
+      this.folders = (foldersResult as any[]).map((f) => ({
+        id: f.id,
+        name: f.name,
+        parentId: f.parentId || null,
+      }));
+
+      this.files = filesResult.files.map((f) => ({
         id: f.id,
         name: f.name,
         sizeBytes: f.sizeBytes || 0,
-        plaintextSizeBytes: f.plaintextSizeBytes || null,
         mimeType: f.mimeType || '',
         status: f.status || 'unknown',
         createdAt: f.createdAt || '',
         walrusBlobId: f.walrusBlobId || null,
         walrusBlobObjectId: f.walrusBlobObjectId || null,
         encrypted: f.encrypted || false,
+        folderId: f.folderId || null,
+        autoRenew: f.autoRenew || false,
+        ppuEpochEnd: f.ppuEpochEnd || null,
       }));
 
-      if (this.files.length === 0) {
-        this.list.setItems(['(no files — press u to upload)'] as any);
+      // Build combined display list
+      this.displayItems = [];
+
+      // Show ".." to go up if we're in a subfolder
+      if (this.currentFolderId) {
+        this.displayItems.push({ type: 'parent' });
+      }
+
+      // Folders first
+      for (const folder of this.folders) {
+        this.displayItems.push({ type: 'folder', folder });
+      }
+
+      // Then files
+      for (const file of this.files) {
+        this.displayItems.push({ type: 'file', file });
+      }
+
+      if (this.displayItems.length === 0) {
+        this.list.setItems(['(empty — press u to upload, f to create folder)'] as any);
       } else {
         const totalW = (this.list.width as number) - 4;
         const sizeW = 9;
@@ -97,13 +156,37 @@ export class FilesPanel {
         const encW = 3;
         const nameW = Math.max(10, totalW - sizeW - statusW - dateW - encW - 4);
 
-        const items = this.files.map((f) => {
-          const size = formatBytes(f.plaintextSizeBytes ?? f.sizeBytes);
+        const items = this.displayItems.map((item) => {
+          if (item.type === 'parent') {
+            return formatRow([
+              { text: '../', tagged: '{yellow-fg}../{/yellow-fg}', width: nameW },
+              { text: '', width: sizeW, align: 'right' },
+              { text: '', width: statusW },
+              { text: '', width: encW },
+              { text: '', width: dateW, align: 'right' },
+            ], totalW);
+          }
+          if (item.type === 'folder') {
+            const name = item.folder.name;
+            const display = name.length > nameW - 2
+              ? name.slice(0, nameW - 3) + '...'
+              : name + '/';
+            return formatRow([
+              { text: display, tagged: `{cyan-fg}${display}{/cyan-fg}`, width: nameW },
+              { text: '', width: sizeW, align: 'right' },
+              { text: 'folder', tagged: '{cyan-fg}folder{/cyan-fg}', width: statusW },
+              { text: '', width: encW },
+              { text: '', width: dateW, align: 'right' },
+            ], totalW);
+          }
+          // file
+          const f = item.file;
+          const size = formatBytes(f.sizeBytes);
           const status = f.status;
           const statusTagged = `${statusColor(f.status)}${f.status}${statusColorClose(f.status)}`;
           const date = f.createdAt ? formatDate(f.createdAt) : '';
           const enc = f.encrypted ? '🔒' : '';
-          const name = f.name.length > nameW ? f.name.slice(0, nameW - 1) + '…' : f.name;
+          const name = f.name.length > nameW ? f.name.slice(0, nameW - 1) + '...' : f.name;
           return formatRow([
             { text: name, width: nameW },
             { text: size, width: sizeW, align: 'right' },
@@ -122,18 +205,57 @@ export class FilesPanel {
     this.screen.render();
   }
 
+  /** Navigate into a folder or back to parent */
+  async navigateToFolder(folderId: string | null, folderName: string | null) {
+    if (!this.currentVaultId) return;
+
+    // Push current location onto stack before navigating
+    this.folderStack.push({ id: this.currentFolderId, name: this.currentFolderName });
+    this.currentFolderId = folderId;
+    this.currentFolderName = folderName;
+    await this.loadForVault(this.currentVaultId, this.currentVaultName);
+  }
+
+  /** Navigate back to parent folder */
+  async navigateUp() {
+    if (!this.currentVaultId || !this.currentFolderId) return;
+
+    const prev = this.folderStack.pop();
+    this.currentFolderId = prev?.id || null;
+    this.currentFolderName = prev?.name || null;
+    await this.loadForVault(this.currentVaultId, this.currentVaultName);
+  }
+
+  /** Reset folder navigation when switching vaults */
+  resetFolderNav() {
+    this.currentFolderId = null;
+    this.currentFolderName = null;
+    this.folderStack = [];
+  }
+
+  getSelectedItem(): { type: 'parent' } | { type: 'folder'; folder: FolderItem } | { type: 'file'; file: FileItem } | null {
+    const idx = (this.list as any).selected as number;
+    return this.displayItems[idx] || null;
+  }
+
   clear() {
     this.files = [];
+    this.folders = [];
+    this.displayItems = [];
     this.currentVaultId = null;
     this.currentVaultName = '';
+    this.currentFolderId = null;
+    this.currentFolderName = null;
+    this.folderStack = [];
     this.list.setLabel(' Files ');
     this.list.setItems(['Select a vault'] as any);
     this.screen.render();
   }
 
   getSelected(): FileItem | null {
-    const idx = (this.list as any).selected as number;
-    return this.files[idx] || null;
+    const item = this.getSelectedItem();
+    if (item && item.type === 'file') return item.file;
+    return null;
   }
 
   getFiles(): FileItem[] {
@@ -148,6 +270,10 @@ export class FilesPanel {
     return this.currentVaultName;
   }
 
+  getCurrentFolderId(): string | null {
+    return this.currentFolderId;
+  }
+
   focus() {
     this.list.focus();
     this.list.style.border = { fg: getCurrentTheme().borderFocus } as any;