npm - create-ekka-desktop-app - Versions diffs - 0.2.2 - Mend

create-ekka-desktop-app 0.2.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (96) hide show

package/README.md +137 -0
package/bin/cli.js +72 -0
package/package.json +23 -0
package/template/branding/app.json +6 -0
package/template/branding/icon.icns +0 -0
package/template/eslint.config.js +98 -0
package/template/index.html +29 -0
package/template/package.json +40 -0
package/template/src/app/App.tsx +24 -0
package/template/src/demo/DemoApp.tsx +260 -0
package/template/src/demo/components/Banner.tsx +82 -0
package/template/src/demo/components/EmptyState.tsx +61 -0
package/template/src/demo/components/InfoPopover.tsx +171 -0
package/template/src/demo/components/InfoTooltip.tsx +76 -0
package/template/src/demo/components/LearnMore.tsx +98 -0
package/template/src/demo/components/NodeCredentialsOnboarding.tsx +219 -0
package/template/src/demo/components/SetupWizard.tsx +48 -0
package/template/src/demo/components/StatusBadge.tsx +83 -0
package/template/src/demo/components/index.ts +10 -0
package/template/src/demo/hooks/index.ts +6 -0
package/template/src/demo/hooks/useAuditEvents.ts +30 -0
package/template/src/demo/layout/Shell.tsx +110 -0
package/template/src/demo/layout/Sidebar.tsx +192 -0
package/template/src/demo/pages/AuditLogPage.tsx +235 -0
package/template/src/demo/pages/DocGenPage.tsx +874 -0
package/template/src/demo/pages/HomeSetupPage.tsx +182 -0
package/template/src/demo/pages/LoginPage.tsx +192 -0
package/template/src/demo/pages/PathPermissionsPage.tsx +873 -0
package/template/src/demo/pages/RunnerPage.tsx +445 -0
package/template/src/demo/pages/SystemPage.tsx +557 -0
package/template/src/demo/pages/VaultPage.tsx +805 -0
package/template/src/ekka/__tests__/demo-backend.test.ts +187 -0
package/template/src/ekka/audit/index.ts +7 -0
package/template/src/ekka/audit/store.ts +68 -0
package/template/src/ekka/audit/types.ts +22 -0
package/template/src/ekka/auth/client.ts +212 -0
package/template/src/ekka/auth/index.ts +30 -0
package/template/src/ekka/auth/storage.ts +114 -0
package/template/src/ekka/auth/types.ts +67 -0
package/template/src/ekka/backend/demo.ts +151 -0
package/template/src/ekka/backend/interface.ts +36 -0
package/template/src/ekka/config.ts +48 -0
package/template/src/ekka/constants.ts +143 -0
package/template/src/ekka/errors.ts +54 -0
package/template/src/ekka/index.ts +516 -0
package/template/src/ekka/internal/backend.ts +156 -0
package/template/src/ekka/internal/index.ts +7 -0
package/template/src/ekka/ops/auth.ts +29 -0
package/template/src/ekka/ops/debug.ts +68 -0
package/template/src/ekka/ops/home.ts +101 -0
package/template/src/ekka/ops/index.ts +16 -0
package/template/src/ekka/ops/nodeCredentials.ts +131 -0
package/template/src/ekka/ops/nodeSession.ts +145 -0
package/template/src/ekka/ops/paths.ts +183 -0
package/template/src/ekka/ops/runner.ts +86 -0
package/template/src/ekka/ops/runtime.ts +31 -0
package/template/src/ekka/ops/setup.ts +47 -0
package/template/src/ekka/ops/vault.ts +459 -0
package/template/src/ekka/ops/workflowRuns.ts +116 -0
package/template/src/ekka/types.ts +82 -0
package/template/src/ekka/utils/idempotency.ts +14 -0
package/template/src/ekka/utils/index.ts +7 -0
package/template/src/ekka/utils/time.ts +77 -0
package/template/src/main.tsx +12 -0
package/template/src/vite-env.d.ts +12 -0
package/template/src-tauri/Cargo.toml +41 -0
package/template/src-tauri/build.rs +3 -0
package/template/src-tauri/capabilities/default.json +11 -0
package/template/src-tauri/icons/icon.icns +0 -0
package/template/src-tauri/icons/icon.png +0 -0
package/template/src-tauri/resources/ekka-engine-bootstrap +0 -0
package/template/src-tauri/src/bootstrap.rs +37 -0
package/template/src-tauri/src/commands.rs +1215 -0
package/template/src-tauri/src/device_secret.rs +111 -0
package/template/src-tauri/src/engine_process.rs +538 -0
package/template/src-tauri/src/grants.rs +129 -0
package/template/src-tauri/src/handlers/home.rs +65 -0
package/template/src-tauri/src/handlers/mod.rs +7 -0
package/template/src-tauri/src/handlers/paths.rs +128 -0
package/template/src-tauri/src/handlers/vault.rs +680 -0
package/template/src-tauri/src/main.rs +243 -0
package/template/src-tauri/src/node_auth.rs +858 -0
package/template/src-tauri/src/node_credentials.rs +541 -0
package/template/src-tauri/src/node_runner.rs +882 -0
package/template/src-tauri/src/node_vault_crypto.rs +113 -0
package/template/src-tauri/src/node_vault_store.rs +267 -0
package/template/src-tauri/src/ops/auth.rs +50 -0
package/template/src-tauri/src/ops/home.rs +251 -0
package/template/src-tauri/src/ops/mod.rs +7 -0
package/template/src-tauri/src/ops/runtime.rs +21 -0
package/template/src-tauri/src/state.rs +639 -0
package/template/src-tauri/src/types.rs +84 -0
package/template/src-tauri/tauri.conf.json +41 -0
package/template/tsconfig.json +26 -0
package/template/tsconfig.tsbuildinfo +1 -0
package/template/vite.config.ts +34 -0

package/template/src-tauri/src/main.rs ADDED Viewed

@@ -0,0 +1,243 @@
+//! EKKA Desktop - Entry Point
+//!
+//! Minimal main.rs that sets up Tauri with the engine commands.
+//! Starts embedded runner loop on app startup.
+#![cfg_attr(not(debug_assertions), windows_subsystem = "windows")]
+mod bootstrap;
+mod commands;
+mod device_secret;
+mod engine_process;
+mod grants;
+mod handlers;
+mod node_auth;
+mod node_credentials;
+mod node_runner;
+mod node_vault_crypto;
+mod node_vault_store;
+mod ops;
+mod state;
+mod types;
+use commands::{engine_connect, engine_disconnect, engine_request};
+use engine_process::EngineProcess;
+use state::EngineState;
+use std::path::PathBuf;
+use std::sync::Arc;
+use tauri::Manager;
+fn main() {
+    // Load .env.local for development (before anything else)
+    // This provides ENGINE_GRANT_VERIFY_KEY_B64, EKKA_SECURITY_EPOCH, etc.
+    if let Err(e) = dotenvy::from_filename(".env.local") {
+        // Also try parent directory (when running from src-tauri)
+        let _ = dotenvy::from_filename("../.env.local");
+        // Silence error in production where .env.local may not exist
+        if std::env::var("ENGINE_GRANT_VERIFY_KEY_B64").is_err() {
+            eprintln!("Warning: .env.local not loaded and ENGINE_GRANT_VERIFY_KEY_B64 not set: {}", e);
+        }
+    }
+    // Initialize tracing for runner logs
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            tracing_subscriber::EnvFilter::from_default_env()
+                .add_directive("ekka_runner_core=info".parse().unwrap())
+                .add_directive("ekka_runner_local=info".parse().unwrap())
+                .add_directive("ekka_desktop_app=info".parse().unwrap())
+                .add_directive("ekka_node_auth=info".parse().unwrap()),
+        )
+        .with_target(true)
+        .init();
+    // Create engine process holder
+    let engine_process = Arc::new(EngineProcess::new());
+    let engine_for_state = engine_process.clone();
+    let engine_for_setup = engine_process.clone();
+    let engine_for_shutdown = engine_process;
+    tauri::Builder::default()
+        .plugin(tauri_plugin_dialog::init())
+        .manage(EngineState::with_engine(engine_for_state))
+        .setup(move |app| {
+            // Attempt to spawn engine process
+            tracing::info!(op = "desktop.startup", "EKKA Desktop starting");
+            // Log required env vars status
+            let grant_key_set = std::env::var("ENGINE_GRANT_VERIFY_KEY_B64").is_ok();
+            let security_epoch_set = std::env::var("EKKA_SECURITY_EPOCH").is_ok();
+            tracing::info!(
+                op = "desktop.required_env.loaded",
+                ENGINE_GRANT_VERIFY_KEY_B64 = grant_key_set,
+                EKKA_SECURITY_EPOCH = security_epoch_set,
+                "Required security env vars"
+            );
+            // Check for stored node credentials (vault-backed)
+            let has_creds = node_credentials::has_credentials();
+            if !has_creds {
+                tracing::warn!(
+                    op = "desktop.node.credentials.missing",
+                    "Node credentials not configured - onboarding required, engine start blocked"
+                );
+                // Engine will not be spawned - available will remain false
+                // UI should show onboarding flow
+            }
+            // Resolve resource path for bootstrap binary
+            let resource_path: Option<PathBuf> = app
+                .path()
+                .resource_dir()
+                .ok()
+                .map(|dir: PathBuf| dir.join("resources").join("ekka-engine-bootstrap"));
+            // Get node auth token holder and auth state to pass to spawn thread
+            let state_handle = app.state::<EngineState>();
+            let node_auth_holder = state_handle.node_auth_token.clone();
+            let node_auth_state = state_handle.node_auth_state.clone();
+            // Spawn engine in background thread to not block UI
+            let engine = engine_for_setup.clone();
+            std::thread::spawn(move || {
+                // Gate: Skip engine spawn if no credentials
+                if !has_creds {
+                    tracing::info!(
+                        op = "desktop.engine.start.blocked",
+                        reason = "missing_credentials",
+                        "Engine start blocked - node credentials required"
+                    );
+                    return;
+                }
+                // Authenticate node with server before spawning engine
+                let engine_url = match std::env::var("EKKA_ENGINE_URL") {
+                    Ok(url) => url,
+                    Err(_) => {
+                        tracing::warn!(
+                            op = "desktop.engine.start.blocked",
+                            reason = "missing_engine_url",
+                            "Engine start blocked - EKKA_ENGINE_URL not set"
+                        );
+                        return;
+                    }
+                };
+                // Single-flight: try to acquire auth lock
+                if !node_auth_state.try_start() {
+                    tracing::info!(
+                        op = "desktop.node.auth.skipped",
+                        reason = "already_in_progress_or_completed",
+                        "Skipping auth - already attempted"
+                    );
+                    return;
+                }
+                tracing::info!(
+                    op = "desktop.node.auth.attempt",
+                    reason = "startup",
+                    "Authenticating node from vault"
+                );
+                match node_credentials::authenticate_node(&engine_url) {
+                    Ok(token) => {
+                        // Store token in state (in-memory only)
+                        node_auth_holder.set(token);
+                        node_auth_state.set_authenticated();
+                        tracing::info!(
+                            op = "desktop.node.auth.complete",
+                            "Node authenticated, proceeding to engine spawn"
+                        );
+                    }
+                    Err(node_credentials::CredentialsError::AuthFailed(status, ref body)) => {
+                        let error_msg = format!("Auth failed: HTTP {}", status);
+                        node_auth_state.set_failed(error_msg);
+                        // Check if this is a secret error (invalid or revoked)
+                        if node_credentials::is_secret_error(status, body) {
+                            tracing::warn!(
+                                op = "desktop.node.auth.failed",
+                                status = status,
+                                "Node secret is invalid or revoked - clearing credentials"
+                            );
+                            // Clear invalid credentials from keychain
+                            let _ = node_credentials::clear_credentials();
+                        } else {
+                            tracing::warn!(
+                                op = "desktop.node.auth.failed",
+                                status = status,
+                                "Node authentication failed - will not retry"
+                            );
+                        }
+                        return;
+                    }
+                    Err(e) => {
+                        let error_msg = format!("Auth failed: {}", e);
+                        node_auth_state.set_failed(error_msg);
+                        tracing::warn!(
+                            op = "desktop.node.auth.failed",
+                            error = %e,
+                            "Node authentication failed - will not retry"
+                        );
+                        return;
+                    }
+                }
+                // Install bootstrap binary from resources if not present
+                if let Err(e) = engine_process::ensure_bootstrap_installed_from_resources(resource_path) {
+                    tracing::debug!(op = "engine.bootstrap.skip", error = %e, "Bootstrap install skipped");
+                }
+                // Log setup complete
+                tracing::info!(
+                    op = "desktop.setup.complete",
+                    "Device setup complete - credentials valid, proceeding to engine"
+                );
+                engine_process::spawn_and_wait(&engine);
+                let status = engine.get_status();
+                tracing::info!(
+                    op = "desktop.engine_status",
+                    installed = status.installed,
+                    running = status.running,
+                    available = status.available,
+                    pid = ?status.pid,
+                    version = ?status.version,
+                    build = ?status.build,
+                    "Engine status"
+                );
+                if status.available {
+                    tracing::info!(
+                        op = "desktop.engine.ready",
+                        "Engine is ready"
+                    );
+                }
+            });
+            // Node runner is started via nodeSession.bootstrap operation.
+            // Node auth happens at app startup (above) using node_id + node_secret.
+            // This ensures:
+            // 1. Node credentials loaded from vault (encrypted at rest)
+            // 2. Node authenticated via POST /engine/nodes/auth
+            // 3. Node JWT (role=node) stored in memory
+            // 4. Runner uses node JWT (NOT user JWT or internal service key)
+            Ok(())
+        })
+        .invoke_handler(tauri::generate_handler![
+            engine_connect,
+            engine_disconnect,
+            engine_request,
+        ])
+        .build(tauri::generate_context!())
+        .expect("error while building tauri application")
+        .run(move |_app, event| {
+            if let tauri::RunEvent::Exit = event {
+                // Shutdown engine process on app exit
+                tracing::debug!(op = "desktop.shutdown", "Shutting down engine process");
+                engine_process::shutdown(&engine_for_shutdown);
+            }
+        });
+}