npm - create-ekka-desktop-app - Versions diffs - 0.2.2 - Mend

create-ekka-desktop-app 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/README.md +137 -0
package/bin/cli.js +72 -0
package/package.json +23 -0
package/template/branding/app.json +6 -0
package/template/branding/icon.icns +0 -0
package/template/eslint.config.js +98 -0
package/template/index.html +29 -0
package/template/package.json +40 -0
package/template/src/app/App.tsx +24 -0
package/template/src/demo/DemoApp.tsx +260 -0
package/template/src/demo/components/Banner.tsx +82 -0
package/template/src/demo/components/EmptyState.tsx +61 -0
package/template/src/demo/components/InfoPopover.tsx +171 -0
package/template/src/demo/components/InfoTooltip.tsx +76 -0
package/template/src/demo/components/LearnMore.tsx +98 -0
package/template/src/demo/components/NodeCredentialsOnboarding.tsx +219 -0
package/template/src/demo/components/SetupWizard.tsx +48 -0
package/template/src/demo/components/StatusBadge.tsx +83 -0
package/template/src/demo/components/index.ts +10 -0
package/template/src/demo/hooks/index.ts +6 -0
package/template/src/demo/hooks/useAuditEvents.ts +30 -0
package/template/src/demo/layout/Shell.tsx +110 -0
package/template/src/demo/layout/Sidebar.tsx +192 -0
package/template/src/demo/pages/AuditLogPage.tsx +235 -0
package/template/src/demo/pages/DocGenPage.tsx +874 -0
package/template/src/demo/pages/HomeSetupPage.tsx +182 -0
package/template/src/demo/pages/LoginPage.tsx +192 -0
package/template/src/demo/pages/PathPermissionsPage.tsx +873 -0
package/template/src/demo/pages/RunnerPage.tsx +445 -0
package/template/src/demo/pages/SystemPage.tsx +557 -0
package/template/src/demo/pages/VaultPage.tsx +805 -0
package/template/src/ekka/__tests__/demo-backend.test.ts +187 -0
package/template/src/ekka/audit/index.ts +7 -0
package/template/src/ekka/audit/store.ts +68 -0
package/template/src/ekka/audit/types.ts +22 -0
package/template/src/ekka/auth/client.ts +212 -0
package/template/src/ekka/auth/index.ts +30 -0
package/template/src/ekka/auth/storage.ts +114 -0
package/template/src/ekka/auth/types.ts +67 -0
package/template/src/ekka/backend/demo.ts +151 -0
package/template/src/ekka/backend/interface.ts +36 -0
package/template/src/ekka/config.ts +48 -0
package/template/src/ekka/constants.ts +143 -0
package/template/src/ekka/errors.ts +54 -0
package/template/src/ekka/index.ts +516 -0
package/template/src/ekka/internal/backend.ts +156 -0
package/template/src/ekka/internal/index.ts +7 -0
package/template/src/ekka/ops/auth.ts +29 -0
package/template/src/ekka/ops/debug.ts +68 -0
package/template/src/ekka/ops/home.ts +101 -0
package/template/src/ekka/ops/index.ts +16 -0
package/template/src/ekka/ops/nodeCredentials.ts +131 -0
package/template/src/ekka/ops/nodeSession.ts +145 -0
package/template/src/ekka/ops/paths.ts +183 -0
package/template/src/ekka/ops/runner.ts +86 -0
package/template/src/ekka/ops/runtime.ts +31 -0
package/template/src/ekka/ops/setup.ts +47 -0
package/template/src/ekka/ops/vault.ts +459 -0
package/template/src/ekka/ops/workflowRuns.ts +116 -0
package/template/src/ekka/types.ts +82 -0
package/template/src/ekka/utils/idempotency.ts +14 -0
package/template/src/ekka/utils/index.ts +7 -0
package/template/src/ekka/utils/time.ts +77 -0
package/template/src/main.tsx +12 -0
package/template/src/vite-env.d.ts +12 -0
package/template/src-tauri/Cargo.toml +41 -0
package/template/src-tauri/build.rs +3 -0
package/template/src-tauri/capabilities/default.json +11 -0
package/template/src-tauri/icons/icon.icns +0 -0
package/template/src-tauri/icons/icon.png +0 -0
package/template/src-tauri/resources/ekka-engine-bootstrap +0 -0
package/template/src-tauri/src/bootstrap.rs +37 -0
package/template/src-tauri/src/commands.rs +1215 -0
package/template/src-tauri/src/device_secret.rs +111 -0
package/template/src-tauri/src/engine_process.rs +538 -0
package/template/src-tauri/src/grants.rs +129 -0
package/template/src-tauri/src/handlers/home.rs +65 -0
package/template/src-tauri/src/handlers/mod.rs +7 -0
package/template/src-tauri/src/handlers/paths.rs +128 -0
package/template/src-tauri/src/handlers/vault.rs +680 -0
package/template/src-tauri/src/main.rs +243 -0
package/template/src-tauri/src/node_auth.rs +858 -0
package/template/src-tauri/src/node_credentials.rs +541 -0
package/template/src-tauri/src/node_runner.rs +882 -0
package/template/src-tauri/src/node_vault_crypto.rs +113 -0
package/template/src-tauri/src/node_vault_store.rs +267 -0
package/template/src-tauri/src/ops/auth.rs +50 -0
package/template/src-tauri/src/ops/home.rs +251 -0
package/template/src-tauri/src/ops/mod.rs +7 -0
package/template/src-tauri/src/ops/runtime.rs +21 -0
package/template/src-tauri/src/state.rs +639 -0
package/template/src-tauri/src/types.rs +84 -0
package/template/src-tauri/tauri.conf.json +41 -0
package/template/tsconfig.json +26 -0
package/template/tsconfig.tsbuildinfo +1 -0
package/template/vite.config.ts +34 -0

package/template/src-tauri/src/handlers/vault.rs ADDED Viewed

@@ -0,0 +1,680 @@
+//! Vault operation handlers
+//!
+//! Thin wrappers that call SDK vault operations.
+//! Each handler is 5-15 lines max per architecture rules.
+use crate::state::EngineState;
+use crate::types::EngineResponse;
+use ekka_sdk_core::ekka_ops::vault;
+use serde_json::{json, Value};
+// =============================================================================
+// Status Handlers
+// =============================================================================
+/// Handle vault.status
+pub fn handle_status(state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    match vault::status(&ctx) {
+        Ok(status) => EngineResponse::ok(json!(status)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.capabilities
+pub fn handle_capabilities(state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    match vault::capabilities(&ctx) {
+        Ok(caps) => EngineResponse::ok(json!(caps)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+// =============================================================================
+// Secrets Handlers
+// =============================================================================
+/// Handle vault.secrets.list
+pub fn handle_secrets_list(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let opts: Option<vault::SecretListOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::secrets::list(&ctx, state.vault_cache(), opts) {
+        Ok(secrets) => EngineResponse::ok(json!({ "secrets": secrets })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.secrets.get
+pub fn handle_secrets_get(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let id = match payload.get("id").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'id'"),
+    };
+    match vault::secrets::get(&ctx, state.vault_cache(), id) {
+        Ok(secret) => EngineResponse::ok(json!(secret)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.secrets.create
+pub fn handle_secrets_create(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let input: vault::SecretCreateInput = match serde_json::from_value(payload.clone()) {
+        Ok(i) => i,
+        Err(e) => return EngineResponse::err("INVALID_PAYLOAD", &e.to_string()),
+    };
+    match vault::secrets::create(&ctx, state.vault_cache(), input) {
+        Ok(secret) => EngineResponse::ok(json!(secret)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.secrets.update
+pub fn handle_secrets_update(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let id = match payload.get("id").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'id'"),
+    };
+    let input: vault::SecretUpdateInput = match payload.get("input")
+        .and_then(|v| serde_json::from_value(v.clone()).ok())
+    {
+        Some(i) => i,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing or invalid 'input'"),
+    };
+    match vault::secrets::update(&ctx, state.vault_cache(), id, input) {
+        Ok(secret) => EngineResponse::ok(json!(secret)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.secrets.delete
+pub fn handle_secrets_delete(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let id = match payload.get("id").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'id'"),
+    };
+    match vault::secrets::delete(&ctx, state.vault_cache(), id) {
+        Ok(deleted) => EngineResponse::ok(json!({ "deleted": deleted })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.secrets.upsert
+pub fn handle_secrets_upsert(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let input: vault::SecretCreateInput = match serde_json::from_value(payload.clone()) {
+        Ok(i) => i,
+        Err(e) => return EngineResponse::err("INVALID_PAYLOAD", &e.to_string()),
+    };
+    match vault::secrets::upsert(&ctx, state.vault_cache(), input) {
+        Ok(secret) => EngineResponse::ok(json!(secret)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+// =============================================================================
+// Bundles Handlers
+// =============================================================================
+/// Handle vault.bundles.list
+pub fn handle_bundles_list(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let opts: Option<vault::BundleListOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::bundles::list(&ctx, state.vault_cache(), opts) {
+        Ok(bundles) => EngineResponse::ok(json!({ "bundles": bundles })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.bundles.get
+pub fn handle_bundles_get(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let id = match payload.get("id").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'id'"),
+    };
+    match vault::bundles::get(&ctx, state.vault_cache(), id) {
+        Ok(bundle) => EngineResponse::ok(json!(bundle)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.bundles.create
+pub fn handle_bundles_create(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let input: vault::BundleCreateInput = match serde_json::from_value(payload.clone()) {
+        Ok(i) => i,
+        Err(e) => return EngineResponse::err("INVALID_PAYLOAD", &e.to_string()),
+    };
+    match vault::bundles::create(&ctx, state.vault_cache(), input) {
+        Ok(bundle) => EngineResponse::ok(json!(bundle)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.bundles.rename
+pub fn handle_bundles_rename(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let id = match payload.get("id").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'id'"),
+    };
+    let name = match payload.get("name").and_then(|v| v.as_str()) {
+        Some(n) => n,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'name'"),
+    };
+    match vault::bundles::rename(&ctx, state.vault_cache(), id, name) {
+        Ok(bundle) => EngineResponse::ok(json!(bundle)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.bundles.delete
+pub fn handle_bundles_delete(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let id = match payload.get("id").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'id'"),
+    };
+    match vault::bundles::delete(&ctx, state.vault_cache(), id) {
+        Ok(deleted) => EngineResponse::ok(json!({ "deleted": deleted })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.bundles.listSecrets
+pub fn handle_bundles_list_secrets(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let bundle_id = match payload.get("bundleId").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'bundleId'"),
+    };
+    let opts: Option<vault::SecretListOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::bundles::list_secrets(&ctx, state.vault_cache(), bundle_id, opts) {
+        Ok(secrets) => EngineResponse::ok(json!({ "secrets": secrets })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.bundles.addSecret
+pub fn handle_bundles_add_secret(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let bundle_id = match payload.get("bundleId").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'bundleId'"),
+    };
+    let secret_id = match payload.get("secretId").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'secretId'"),
+    };
+    match vault::bundles::add_secret(&ctx, state.vault_cache(), bundle_id, secret_id) {
+        Ok(bundle) => EngineResponse::ok(json!(bundle)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.bundles.removeSecret
+pub fn handle_bundles_remove_secret(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let bundle_id = match payload.get("bundleId").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'bundleId'"),
+    };
+    let secret_id = match payload.get("secretId").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'secretId'"),
+    };
+    match vault::bundles::remove_secret(&ctx, state.vault_cache(), bundle_id, secret_id) {
+        Ok(bundle) => EngineResponse::ok(json!(bundle)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+// =============================================================================
+// Files Handlers
+// =============================================================================
+/// Handle vault.files.writeText
+pub fn handle_files_write_text(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let path = match payload.get("path").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'path'"),
+    };
+    let content = match payload.get("content").and_then(|v| v.as_str()) {
+        Some(c) => c,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'content'"),
+    };
+    let opts: Option<vault::FileOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::write_text(&ctx, state.vault_cache(), path, content, opts) {
+        Ok(()) => EngineResponse::ok(json!({ "written": true })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.files.writeBytes
+pub fn handle_files_write_bytes(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let path = match payload.get("path").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'path'"),
+    };
+    // contentBytes is expected as base64 encoded string
+    let content_b64 = match payload.get("contentBytes").and_then(|v| v.as_str()) {
+        Some(c) => c,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'contentBytes'"),
+    };
+    let content = match base64_decode(content_b64) {
+        Ok(c) => c,
+        Err(e) => return EngineResponse::err("INVALID_PAYLOAD", &format!("Invalid base64: {}", e)),
+    };
+    let opts: Option<vault::FileOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::write_bytes(&ctx, state.vault_cache(), path, &content, opts) {
+        Ok(()) => EngineResponse::ok(json!({ "written": true })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.files.readText
+pub fn handle_files_read_text(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let path = match payload.get("path").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'path'"),
+    };
+    let opts: Option<vault::FileOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::read_text(&ctx, state.vault_cache(), path, opts) {
+        Ok(content) => EngineResponse::ok(json!({ "content": content })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.files.readBytes
+pub fn handle_files_read_bytes(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let path = match payload.get("path").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'path'"),
+    };
+    let opts: Option<vault::FileOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::read_bytes(&ctx, state.vault_cache(), path, opts) {
+        Ok(content) => {
+            let content_b64 = base64_encode(&content);
+            EngineResponse::ok(json!({ "contentBytes": content_b64 }))
+        }
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.files.list
+pub fn handle_files_list(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let dir_path = payload.get("dir").and_then(|v| v.as_str()).unwrap_or("");
+    let opts: Option<vault::FileListOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::list(&ctx, state.vault_cache(), dir_path, opts) {
+        Ok(entries) => EngineResponse::ok(json!({ "entries": entries })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.files.exists
+pub fn handle_files_exists(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let path = match payload.get("path").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'path'"),
+    };
+    let opts: Option<vault::FileOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::exists(&ctx, state.vault_cache(), path, opts) {
+        Ok(exists) => EngineResponse::ok(json!({ "exists": exists })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.files.delete
+pub fn handle_files_delete(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let path = match payload.get("path").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'path'"),
+    };
+    let opts: Option<vault::FileDeleteOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::delete(&ctx, state.vault_cache(), path, opts) {
+        Ok(deleted) => EngineResponse::ok(json!({ "deleted": deleted })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.files.mkdir
+pub fn handle_files_mkdir(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let path = match payload.get("path").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'path'"),
+    };
+    let opts: Option<vault::FileOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::mkdir(&ctx, state.vault_cache(), path, opts) {
+        Ok(()) => EngineResponse::ok(json!({ "created": true })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.files.move
+pub fn handle_files_move(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let from = match payload.get("from").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'from'"),
+    };
+    let to = match payload.get("to").and_then(|v| v.as_str()) {
+        Some(p) => p,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'to'"),
+    };
+    let opts: Option<vault::FileOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::files::move_file(&ctx, state.vault_cache(), from, to, opts) {
+        Ok(()) => EngineResponse::ok(json!({ "moved": true })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+// =============================================================================
+// Injection Handlers (DEFERRED - return NOT_IMPLEMENTED)
+// =============================================================================
+/// Handle vault.attachSecretsToConnector (DEFERRED)
+pub fn handle_attach_secrets_to_connector(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let connector_id = match payload.get("connectorId").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'connectorId'"),
+    };
+    let mappings: Vec<vault::SecretRef> = match payload.get("mappings")
+        .and_then(|v| serde_json::from_value(v.clone()).ok())
+    {
+        Some(m) => m,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing or invalid 'mappings'"),
+    };
+    match vault::attach_secrets_to_connector(&ctx, connector_id, mappings) {
+        Ok(()) => EngineResponse::ok(json!({ "attached": true })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+/// Handle vault.injectSecretsIntoRun (DEFERRED)
+/// Note: This returns success/failure only, NOT the injected values
+pub fn handle_inject_secrets_into_run(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let run_id = match payload.get("runId").and_then(|v| v.as_str()) {
+        Some(id) => id,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing 'runId'"),
+    };
+    let mappings: Vec<vault::SecretRef> = match payload.get("mappings")
+        .and_then(|v| serde_json::from_value(v.clone()).ok())
+    {
+        Some(m) => m,
+        None => return EngineResponse::err("INVALID_PAYLOAD", "Missing or invalid 'mappings'"),
+    };
+    match vault::inject_secrets_into_run(&ctx, run_id, mappings) {
+        Ok(_env_map) => EngineResponse::ok(json!({ "injected": true })),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+// =============================================================================
+// Audit Handler
+// =============================================================================
+/// Handle vault.audit.list
+pub fn handle_audit_list(payload: &Value, state: &EngineState) -> EngineResponse {
+    let ctx = match state.to_runtime_context() {
+        Some(c) => c,
+        None => return EngineResponse::err("NOT_CONNECTED", "Engine not initialized"),
+    };
+    let opts: Option<vault::AuditListOptions> = payload
+        .get("opts")
+        .and_then(|v| serde_json::from_value(v.clone()).ok());
+    match vault::audit::list(&ctx, state.vault_cache(), opts) {
+        Ok(result) => EngineResponse::ok(json!(result)),
+        Err(e) => EngineResponse::err(e.code, &e.message),
+    }
+}
+// =============================================================================
+// Helper Functions
+// =============================================================================
+/// Simple base64 encoding
+fn base64_encode(data: &[u8]) -> String {
+    let mut encoded = String::new();
+    const ALPHABET: &[u8] = b"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+    for chunk in data.chunks(3) {
+        let mut n: u32 = 0;
+        for (i, &byte) in chunk.iter().enumerate() {
+            n |= (byte as u32) << (16 - i * 8);
+        }
+        let padding = 3 - chunk.len();
+        for i in 0..4 - padding {
+            let idx = ((n >> (18 - i * 6)) & 0x3f) as usize;
+            encoded.push(ALPHABET[idx] as char);
+        }
+        for _ in 0..padding {
+            encoded.push('=');
+        }
+    }
+    encoded
+}
+/// Simple base64 decoding
+fn base64_decode(encoded: &str) -> Result<Vec<u8>, &'static str> {
+    fn decode_char(c: u8) -> Result<u8, &'static str> {
+        match c {
+            b'A'..=b'Z' => Ok(c - b'A'),
+            b'a'..=b'z' => Ok(c - b'a' + 26),
+            b'0'..=b'9' => Ok(c - b'0' + 52),
+            b'+' => Ok(62),
+            b'/' => Ok(63),
+            _ => Err("invalid base64 character"),
+        }
+    }
+    let input = encoded.trim_end_matches('=');
+    let mut output = Vec::new();
+    let mut buffer: u32 = 0;
+    let mut bits: u32 = 0;
+    for &byte in input.as_bytes() {
+        buffer = (buffer << 6) | decode_char(byte)? as u32;
+        bits += 6;
+        if bits >= 8 {
+            bits -= 8;
+            output.push((buffer >> bits) as u8);
+        }
+    }
+    Ok(output)
+}