create-ekka-desktop-app 0.4.1 → 0.4.3

package/README.md

@@ -8,7 +8,7 @@ Scaffold a new EKKA desktop app with one command. Zero config, batteries include
 npx create-ekka-desktop-app my-app
 cd my-app
 npm install
-npm run tauri:dev
+npm run ekka:dev
 ```
 
 That's it. You now have a native desktop app running.
@@ -34,14 +34,14 @@ my-app/
 npm start
 
 # Desktop window (native)
-npm run tauri:dev
+npm run ekka:dev
 ```
 
 ## Build
 
 ```bash
 # Create distributable .app
-npm run tauri:build
+npm run ekka:build
 ```
 
 Output: `src-tauri/target/release/bundle/macos/<AppName>.app`
@@ -110,8 +110,8 @@ When you're ready for production:
 | Command | Description |
 |---------|-------------|
 | `npm start` | Start dev server (web) |
-| `npm run tauri:dev` | Start dev server (desktop) |
-| `npm run tauri:build` | Build distributable app |
+| `npm run ekka:dev` | Start dev server (desktop) |
+| `npm run ekka:build` | Build distributable app |
 | `npm run lint` | Run ESLint |
 | `npm run build` | Build frontend only |
 

package/bin/cli.js

@@ -240,13 +240,13 @@ To get started:
 
   cd ${projectName}
   npm install
-  npm run tauri:dev
+  npm run ekka:dev
 
 Configuration:
   Edit app.config.json to change app identity or engine URL.
 
 Build:
-  npm run tauri:build
+  npm run ekka:build
 `);
 }
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "create-ekka-desktop-app",
-  "version": "0.4.1",
+  "version": "0.4.3",
   "description": "Create an EKKA desktop app with built-in demo backend. No setup required.",
   "type": "module",
   "bin": {

package/template/package.json

@@ -13,9 +13,9 @@
     "test:watch": "vitest",
     "preview": "vite preview",
     "tauri": "tauri",
-    "tauri:dev": "tauri dev",
+    "ekka:dev": "tauri dev",
     "prebuild:check": "node -e \"const fs=require('fs');const p=s=>{try{return fs.readFileSync(s,'utf8')}catch{return''}};const e=['.env.local','.env','src-tauri/.env.local','src-tauri/.env'].map(p).join('\\n');if(!/^EKKA_ENGINE_URL=.+/m.test(e)&&!process.env.EKKA_ENGINE_URL){console.error('\\n❌ EKKA_ENGINE_URL not set. Add to .env.local before building:\\n\\n   echo \\'EKKA_ENGINE_URL=https://api.ekka.ai\\' >> .env.local\\n');process.exit(1)}console.log('✓ EKKA_ENGINE_URL configured')\"",
-    "tauri:build": "npm run prebuild:check && tauri build"
+    "ekka:build": "npm run prebuild:check && tauri build"
   },
   "dependencies": {
     "@tauri-apps/api": "^2.0.0",

package/template/src-tauri/Cargo.toml

@@ -5,8 +5,59 @@ description = "EKKA Desktop Application"
 authors = ["EKKA"]
 edition = "2021"
 
-# Prevent inheriting parent workspace
 [workspace]
+members = [
+    "crates/ekka-desktop-core",
+    "crates/vendor/core/*",
+    "crates/vendor/security/*",
+    "crates/vendor/framework/*",
+    "crates/vendor/modules/*",
+    "crates/vendor/apps/*",
+]
+resolver = "2"
+
+[workspace.package]
+version = "0.1.0"
+edition = "2021"
+authors = ["EKKA"]
+license = "LicenseRef-Proprietary"
+repository = "https://github.com/ekka-ai/ekka-execution-node-sdk-rust"
+description = "EKKA Execution Node SDK"
+
+[workspace.dependencies]
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+thiserror = "1.0"
+anyhow = "1.0"
+zeroize = { version = "1.7", features = ["derive"] }
+sha2 = "0.10"
+hex = "0.4"
+base64 = "0.22"
+aes-gcm = "0.10"
+pbkdf2 = "0.12"
+hmac = "0.12"
+rand = "0.8"
+keyring = "3.6"
+rusqlite = { version = "0.31", features = ["bundled-sqlcipher"] }
+dirs = "5.0"
+uuid = { version = "1.0", features = ["v4", "serde"] }
+chrono = { version = "0.4", features = ["serde"] }
+tracing = "0.1"
+tokio = { version = "1", features = ["full"] }
+async-trait = "0.1"
+hostname = "0.4"
+
+[workspace.lints.rust]
+warnings = "deny"
+unused = "deny"
+dead_code = "deny"
+unused_variables = "deny"
+unused_imports = "deny"
+unused_mut = "deny"
+
+[workspace.lints.clippy]
+all = "deny"
+pedantic = "warn"
 
 [build-dependencies]
 tauri-build = { version = "2", features = [] }
@@ -19,9 +70,9 @@ tauri-plugin-updater = "2"
 serde = { version = "1", features = ["derive"] }
 serde_json = "1"
 chrono = { version = "0.4", features = ["serde"] }
-ekka-sdk-core = { path = "../../ekka-execution-node-sdk-rust/crates/framework/ekka-sdk-core" }
-ekka-runner-core = { path = "../../ekka-execution-node-sdk-rust/crates/framework/ekka-runner-core" }
-ekka-runner-local = { path = "../../ekka-execution-node-sdk-rust/crates/apps/ekka-runner-local" }
+ekka-sdk-core = { path = "./crates/vendor/framework/ekka-sdk-core" }
+ekka-runner-core = { path = "./crates/vendor/framework/ekka-runner-core" }
+ekka-runner-local = { path = "./crates/vendor/apps/ekka-runner-local" }
 reqwest = { version = "0.11", features = ["blocking", "json"] }
 http = "1"
 uuid = { version = "1.0", features = ["v4"] }

package/template/src-tauri/crates/ekka-desktop-core/Cargo.toml

@@ -4,9 +4,6 @@ version = "0.1.0"
 edition = "2021"
 description = "EKKA Desktop Core - Security-critical logic process (JSON-RPC over stdio)"
 
-# Prevent inheriting parent workspace
-[workspace]
-
 [build-dependencies]
 serde_json = "1"
 
@@ -24,7 +21,7 @@ hex = "0.4"
 anyhow = "1.0"
 
 # SDK dependencies (only the primitives we need)
-ekka-sdk-core = { path = "../../../../ekka-execution-node-sdk-rust/crates/framework/ekka-sdk-core" }
+ekka-sdk-core = { path = "../vendor/framework/ekka-sdk-core" }
 
 [dev-dependencies]
 tempfile = "3"

package/template/src-tauri/crates/vendor/apps/ekka-runner-local/Cargo.toml

@@ -0,0 +1,67 @@
+[package]
+name = "ekka-runner-local"
+version = "0.1.0"
+edition = "2021"
+description = "Local runner for EKKA jobs - thin wrapper around ekka-runner-core"
+
+[[bin]]
+name = "ekka-runner-local"
+path = "src/main.rs"
+
+[lib]
+name = "ekka_runner_local"
+path = "src/lib.rs"
+
+[dependencies]
+# Runner core library
+ekka-runner-core = { path = "../../framework/ekka-runner-core" }
+
+# Async runtime
+tokio = { version = "1", features = ["full"] }
+
+# Logging
+tracing = "0.1"
+tracing-subscriber = { version = "0.3", features = ["env-filter", "json"] }
+
+# Re-use job types from jobs module (for node mode - DEPRECATED)
+ekka-node-module-jobs = { path = "../../modules/ekka-node-module-jobs" }
+
+# JSON
+serde = { version = "1.0", features = ["derive"] }
+serde_json = "1.0"
+
+# HTTP (for node mode - DEPRECATED)
+reqwest = { version = "0.11", features = ["json", "blocking"] }
+
+# UUID
+uuid = { version = "1.0", features = ["v4"] }
+
+# Crypto
+sha2 = "0.10"
+hex = "0.4"
+
+# Time
+chrono = "0.4"
+
+# Regex (for node mode executors)
+regex = "1.10"
+
+# Path authorization (for node mode executors)
+ekka-path-guard = { path = "../../security/ekka-path-guard" }
+
+# Vault sealing (staging -> encrypted vault)
+ekka-vault-seal = { path = "../../core/ekka-vault-seal" }
+
+# Crypto (for key derivation)
+ekka-crypto = { path = "../../core/ekka-crypto" }
+
+# LLM result types (for ArtifactRef)
+ekka-ops = { path = "../../core/ekka-ops" }
+
+# Home directory fallback
+dirs = "5.0"
+
+[dev-dependencies]
+
+[lints]
+workspace = true

package/template/src-tauri/crates/vendor/apps/ekka-runner-local/TECH_DEBT.md

@@ -0,0 +1,111 @@
+# Technical Debt - ekka-runner-local
+
+## TD-TIMEOUT-001: Make LLM timeout configurable per prompt/workflow
+
+**Status:** Open
+**Created:** 2026-01-30
+**Priority:** Medium
+
+### Current State
+
+LLM execution timeout is a single global default (`LLM_TIMEOUT_SECS_DEFAULT = 1200`, i.e., 20 minutes).
+Can be overridden via `EKKA_LLM_TIMEOUT_SECS` environment variable for testing.
+
+### Problem
+
+Different prompts/workflows have vastly different execution times:
+- Simple classification: 5-30 seconds
+- Document generation (docgen): 2-15 minutes
+- Complex analysis: 10-30+ minutes
+
+A single global timeout either:
+- Times out legitimate long-running tasks (too short)
+- Delays failure detection for stuck tasks (too long)
+
+### Proposed Solution
+
+1. Add `timeout_secs` field to `PromptRunTaskPayloadV1`:
+   ```rust
+   #[serde(default)]
+   pub timeout_secs: Option<u64>,
+   ```
+
+2. Engine workflow definition specifies expected timeout per prompt/step.
+
+3. Runner uses `payload.timeout_secs.unwrap_or(LLM_TIMEOUT_SECS_DEFAULT)`.
+
+4. Enforce safe maximum cap (e.g., 3600 seconds / 1 hour) to prevent runaway tasks.
+
+5. Log both configured and effective timeout in `prompt_run.llm.started` for observability.
+
+### Considerations
+
+- Backward compatibility: absent field uses default
+- Security: cap maximum to prevent DoS
+- Observability: log configured vs effective timeout
+- Engine schema: add `timeout_secs` to prompt_run task input schema
+
+---
+
+## TD-TOOLS-001: Make tool allowlist/disallowlist prompt/workflow-driven
+
+**Status:** Open
+**Created:** 2026-01-30
+**Priority:** High
+
+### Current State
+
+Claude CLI tool configuration uses a global default:
+- `--allowedTools default` (broad toolset for many prompt types)
+- `--disallowedTools Bash,WebFetch,WebSearch` (blocks risky tools)
+
+This one-size-fits-all approach is applied to all prompts regardless of their needs.
+
+### Problem
+
+Different prompts/workflows need different tool profiles:
+- **docgen**: needs Write, Read, Glob, Grep (file operations only)
+- **compare**: needs Read, Glob, Grep (read-only analysis)
+- **plan**: needs Read, Glob, Grep, EnterPlanMode (planning only)
+- **execute**: may need broader tool access with approval
+
+A single global toolset either:
+- Over-permits tools for simple tasks (security risk)
+- Under-permits tools for complex tasks (functionality blocked)
+
+### Proposed Solution
+
+1. Add `tool_profile` or `allowed_tools`/`disallowed_tools` fields to `PromptRunTaskPayloadV1`:
+   ```rust
+   #[serde(default)]
+   pub tool_profile: Option<String>, // e.g., "docgen", "readonly", "full"
+
+   #[serde(default)]
+   pub allowed_tools: Option<Vec<String>>,
+
+   #[serde(default)]
+   pub disallowed_tools: Option<Vec<String>>,
+   ```
+
+2. Define tool profiles in engine/prompt registry:
+   - `readonly`: Read, Glob, Grep only
+   - `docgen`: Read, Write, Edit, Glob, Grep
+   - `planning`: Read, Glob, Grep, EnterPlanMode, ExitPlanMode
+   - `full`: default toolset (current behavior)
+
+3. Runner applies profile or explicit lists, with safe defaults.
+
+4. Enforce a "never allowed" blocklist regardless of profile:
+   - Bash (arbitrary command execution)
+   - WebFetch/WebSearch (network access without approval)
+
+5. Log effective tool configuration in `prompt_run.llm.started`.
+
+### Considerations
+
+- Backward compatibility: absent fields use current global defaults
+- Security: always enforce blocklist even if profile says "full"
+- AskUserQuestion behavior: revisit whether to enable when `--permission-mode dontAsk` is set
+  (currently allowed but user cannot respond, may cause hangs or confusing behavior)
+- Engine schema: add tool configuration to prompt_run task input schema
+- Capability integration: consider tying tool profiles to capability grants

package/template/src-tauri/crates/vendor/apps/ekka-runner-local/src/dispatch.rs

@@ -0,0 +1,87 @@
+//! Task dispatch for ekka-runner-local
+//!
+//! Routes tasks to the appropriate executor based on task_subtype.
+//! This is the single point where new executors should be added.
+
+use reqwest::Client;
+use std::sync::Arc;
+use tracing::warn;
+
+use crate::executors;
+use crate::types::{EngineContext, TaskExecutionContext};
+
+/// Dispatch a task to the appropriate executor based on task_subtype.
+///
+/// # Arguments
+/// * `task_subtype` - The task subtype (e.g., "node_exec", "prompt_run")
+/// * `client` - HTTP client for making requests
+/// * `node_url` - Base URL of the local node (for node_exec)
+/// * `session_id` - Session ID for node authentication (for node_exec)
+/// * `engine_ctx` - Engine context for prompt_run (URL, internal key, tenant/workspace)
+/// * `ctx` - Task execution context with input_json
+/// * `heartbeat_fn` - Optional heartbeat callback for long-running tasks
+///
+/// # Returns
+/// * `Ok(serde_json::Value)` - The output from task execution
+/// * `Err(String)` - Error message if execution failed
+pub async fn dispatch_task(
+    task_subtype: Option<&str>,
+    client: &Client,
+    node_url: &str,
+    session_id: &str,
+    engine_ctx: Option<&EngineContext>,
+    ctx: &TaskExecutionContext,
+    heartbeat_fn: Option<Arc<dyn Fn() -> std::pin::Pin<Box<dyn std::future::Future<Output = Result<(), String>> + Send>> + Send + Sync>>,
+) -> Result<serde_json::Value, String> {
+    match task_subtype {
+        Some("node_exec") => {
+            executors::node_exec::execute(client, node_url, session_id, ctx).await
+        }
+        Some("prompt_run") => {
+            // prompt_run requires engine context
+            let engine_ctx = engine_ctx.ok_or_else(|| {
+                "Engine context required for prompt_run executor".to_string()
+            })?;
+            executors::prompt_run::execute(client, engine_ctx, ctx, heartbeat_fn).await
+        }
+        _ => {
+            // Unknown subtype
+            warn!(
+                op = "engine_runner.task.unsupported",
+                task_id = %ctx.task_id_short,
+                task_subtype = ?task_subtype,
+                "Unsupported task subtype for engine runner"
+            );
+            Err("Unsupported task subtype".to_string())
+        }
+    }
+}
+
+/// Determine error code and retryability from an execution error.
+///
+/// This centralizes error classification for all executors.
+pub fn classify_error(error: &str) -> (&'static str, bool) {
+    if error.contains("CAPABILITY_DENIED") {
+        ("CAPABILITY_DENIED", false)
+    } else if error.contains("Unknown capability_code") {
+        ("INVALID_CAPABILITY", false)
+    } else if error.contains("Unsupported task subtype") {
+        ("UNSUPPORTED_TASK", false)
+    // prompt_run specific errors (non-retryable)
+    } else if error.contains("INVALID_SCHEMA_VERSION")
+        || error.contains("INVALID_PROMPT_IDENTITY")
+        || error.contains("SECRETS_IN_PAYLOAD")
+        || error.contains("PROMPT_HASH_MISMATCH")
+        || error.contains("MISSING_VARIABLE")
+        || error.contains("INVALID_VARIABLE_TYPE")
+        || error.contains("PROMPT_NOT_FOUND")
+        || error.contains("PROMPT_NOT_AUTHORIZED")
+    {
+        ("PROMPT_RUN_ERROR", false)
+    // prompt_run retryable errors
+    } else if error.contains("LLM_TIMEOUT") || error.contains("PROMPT_FETCH_FAILED") {
+        ("PROMPT_RUN_ERROR", true)
+    } else {
+        ("RUNNER_ERROR", true)
+    }
+}