Bump version to 0.1.6

- Update window components to use fullscreen layout on small screens
- Adjust UI components styling for better mobile display
- Update desktop store for small screen handling

.github/workflows/build.yml

@@ -0,0 +1,228 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags-ignore:
+      - '**'
+  pull_request:
+    branches:
+      - main
+      - develop
+  workflow_dispatch:
+
+jobs:
+  build-desktop:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: 'macos-latest'
+            args: '--target aarch64-apple-darwin'
+          - platform: 'macos-latest'
+            args: '--target x86_64-apple-darwin'
+          - platform: 'ubuntu-22.04'
+            args: ''
+          - platform: 'windows-latest'
+            args: ''
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
+
+      - name: Install dependencies (Ubuntu)
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf libssl-dev
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install frontend dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build Tauri app
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          args: ${{ matrix.args }}
+
+      - name: Upload artifacts (macOS)
+        if: matrix.platform == 'macos-latest'
+        uses: actions/upload-artifact@v4
+        with:
+          name: macos-${{ contains(matrix.args, 'aarch64') && 'aarch64' || 'x86_64' }}
+          path: |
+            src-tauri/target/*/release/bundle/dmg/*.dmg
+            src-tauri/target/*/release/bundle/macos/*.app
+
+      - name: Upload artifacts (Ubuntu)
+        if: matrix.platform == 'ubuntu-22.04'
+        uses: actions/upload-artifact@v4
+        with:
+          name: linux
+          path: |
+            src-tauri/target/release/bundle/deb/*.deb
+            src-tauri/target/release/bundle/appimage/*.AppImage
+            src-tauri/target/release/bundle/rpm/*.rpm
+
+      - name: Upload artifacts (Windows)
+        if: matrix.platform == 'windows-latest'
+        uses: actions/upload-artifact@v4
+        with:
+          name: windows
+          path: |
+            src-tauri/target/release/bundle/msi/*.msi
+            src-tauri/target/release/bundle/nsis/*.exe
+
+  build-android:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@v3
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install Rust Android targets
+        run: |
+          rustup target add aarch64-linux-android
+          rustup target add armv7-linux-androideabi
+          rustup target add i686-linux-android
+          rustup target add x86_64-linux-android
+
+      - name: Setup NDK
+        uses: nttld/setup-ndk@v1
+        with:
+          ndk-version: r26d
+        id: setup-ndk
+
+      - name: Setup Android NDK environment for OpenSSL
+        run: |
+          echo "ANDROID_NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV
+          echo "NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV
+
+          # Add all Android toolchains to PATH for OpenSSL cross-compilation
+          echo "${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin" >> $GITHUB_PATH
+
+          # Set CC, AR, RANLIB for each target
+          echo "CC_aarch64_linux_android=aarch64-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_aarch64_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_aarch64_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_armv7_linux_androideabi=armv7a-linux-androideabi24-clang" >> $GITHUB_ENV
+          echo "AR_armv7_linux_androideabi=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_armv7_linux_androideabi=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_i686_linux_android=i686-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_i686_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_i686_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_x86_64_linux_android=x86_64-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_x86_64_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_x86_64_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+      - name: Install build dependencies for OpenSSL
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y perl make
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install frontend dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Setup Keystore (if secrets available)
+        env:
+          ANDROID_KEYSTORE: ${{ secrets.ANDROID_KEYSTORE }}
+          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
+          ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
+          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
+        run: |
+          if [ -n "$ANDROID_KEYSTORE" ]; then
+            echo "$ANDROID_KEYSTORE" | base64 -d > $HOME/keystore.jks
+            echo "ANDROID_KEYSTORE_PATH=$HOME/keystore.jks" >> $GITHUB_ENV
+            echo "ANDROID_KEYSTORE_PASSWORD=$ANDROID_KEYSTORE_PASSWORD" >> $GITHUB_ENV
+            echo "ANDROID_KEY_ALIAS=$ANDROID_KEY_ALIAS" >> $GITHUB_ENV
+            echo "ANDROID_KEY_PASSWORD=$ANDROID_KEY_PASSWORD" >> $GITHUB_ENV
+            echo "Keystore configured for signing"
+          else
+            echo "No keystore configured, building unsigned APK"
+          fi
+
+      - name: Build Android APK and AAB (unsigned if no keystore)
+        run: pnpm tauri android build
+
+      - name: Upload Android artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: android
+          path: |
+            src-tauri/gen/android/app/build/outputs/apk/**/*.apk
+            src-tauri/gen/android/app/build/outputs/bundle/**/*.aab

.github/workflows/release.yml

@@ -0,0 +1,251 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+jobs:
+  create-release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-22.04
+    outputs:
+      release_id: ${{ steps.create-release.outputs.release_id }}
+      upload_url: ${{ steps.create-release.outputs.upload_url }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Get version
+        run: echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV
+
+      - name: Create release
+        id: create-release
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { data } = await github.rest.repos.createRelease({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              tag_name: `v${process.env.PACKAGE_VERSION}`,
+              name: `haex-hub v${process.env.PACKAGE_VERSION}`,
+              body: 'Take a look at the assets to download and install this app.',
+              draft: true,
+              prerelease: false
+            })
+            core.setOutput('release_id', data.id)
+            core.setOutput('upload_url', data.upload_url)
+            return data.id
+
+  build-desktop:
+    needs: create-release
+    permissions:
+      contents: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: 'macos-latest'
+            args: '--target aarch64-apple-darwin'
+          - platform: 'macos-latest'
+            args: '--target x86_64-apple-darwin'
+          - platform: 'ubuntu-22.04'
+            args: ''
+          - platform: 'windows-latest'
+            args: ''
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
+
+      - name: Install dependencies (Ubuntu)
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf libssl-dev
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install frontend dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build and release Tauri app
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          releaseId: ${{ needs.create-release.outputs.release_id }}
+          args: ${{ matrix.args }}
+
+  build-android:
+    needs: create-release
+    permissions:
+      contents: write
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@v3
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install Rust Android targets
+        run: |
+          rustup target add aarch64-linux-android
+          rustup target add armv7-linux-androideabi
+          rustup target add i686-linux-android
+          rustup target add x86_64-linux-android
+
+      - name: Setup NDK
+        uses: nttld/setup-ndk@v1
+        with:
+          ndk-version: r26d
+        id: setup-ndk
+
+      - name: Setup Android NDK environment for OpenSSL
+        run: |
+          echo "ANDROID_NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV
+          echo "NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV
+
+          # Add all Android toolchains to PATH for OpenSSL cross-compilation
+          echo "${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin" >> $GITHUB_PATH
+
+          # Set CC, AR, RANLIB for each target
+          echo "CC_aarch64_linux_android=aarch64-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_aarch64_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_aarch64_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_armv7_linux_androideabi=armv7a-linux-androideabi24-clang" >> $GITHUB_ENV
+          echo "AR_armv7_linux_androideabi=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_armv7_linux_androideabi=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_i686_linux_android=i686-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_i686_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_i686_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_x86_64_linux_android=x86_64-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_x86_64_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_x86_64_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+      - name: Install build dependencies for OpenSSL
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y perl make
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install frontend dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Setup Keystore (required for release)
+        run: |
+          echo "${{ secrets.ANDROID_KEYSTORE }}" | base64 -d > $HOME/keystore.jks
+          echo "ANDROID_KEYSTORE_PATH=$HOME/keystore.jks" >> $GITHUB_ENV
+          echo "ANDROID_KEYSTORE_PASSWORD=${{ secrets.ANDROID_KEYSTORE_PASSWORD }}" >> $GITHUB_ENV
+          echo "ANDROID_KEY_ALIAS=${{ secrets.ANDROID_KEY_ALIAS }}" >> $GITHUB_ENV
+          echo "ANDROID_KEY_PASSWORD=${{ secrets.ANDROID_KEY_PASSWORD }}" >> $GITHUB_ENV
+
+      - name: Build Android APK and AAB (signed)
+        run: pnpm tauri android build
+
+      - name: Upload Android artifacts to Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release upload ${{ github.ref_name }} \
+            src-tauri/gen/android/app/build/outputs/apk/universal/release/app-universal-release.apk \
+            src-tauri/gen/android/app/build/outputs/bundle/universalRelease/app-universal-release.aab \
+            --clobber
+
+  publish-release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-22.04
+    needs: [create-release, build-desktop, build-android]
+
+    steps:
+      - name: Publish release
+        id: publish-release
+        uses: actions/github-script@v7
+        env:
+          release_id: ${{ needs.create-release.outputs.release_id }}
+        with:
+          script: |
+            github.rest.repos.updateRelease({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              release_id: process.env.release_id,
+              draft: false,
+              prerelease: false
+            })

.gitignore

@@ -23,4 +23,9 @@ dist-ssr
 *.sln
 *.sw?
 .nuxt
-src-tauri/target
+src-tauri/target
+nogit*
+.claude
+.output
+target
+CLAUDE.md

.npmrc

@@ -0,0 +1 @@
+shamefully-hoist=true

README.md

@@ -1,82 +1,180 @@
-# HaexHub - The European "Everything App"
+# 🧩 HaexHub – The European “Everything App”
 
-## Vision
+## 🌍 Vision
 
-Today, we undoubtedly find ourselves in the computer age. Almost everyone owns at least one computer, often even more. Most probably have at least a smartphone and a standard PC. On each of these devices (Desktop PC, Laptop, Tablet, Smartphone) and systems (Windows, macOS, Linux (all flavors), Android, iOS), there are various programs and data, which can be highly individual and sensitive. Unfortunately, interoperability between these devices and systems often proves difficult, sometimes even impossible, for a multitude of reasons. On one hand, there are the system providers themselves (like Microsoft, Apple, Google), who often design their systems to make it as easy as possible for users to enter their ecosystems, but place many hurdles in the way when users wish to leave again. The golden cage, as we say in Germany, or walled garden. However, it's not just the system providers per se who make cross-device and cross-system work difficult. Another problem lies with the software manufacturers/providers. Since it is already challenging and above all resource-intensive (time, money, and technical know-how) to provide a good and "secure" product for one device class and/or system, it's not uncommon for a program to be developed (initially) for only one platform. So, there might be a program for Windows or Apple, but not for Linux, or only in one distribution/package format. Or there might be an app for iOS and/or Android, but not for the PC. This is partly due to the fact that it would simply be too complex to develop and, especially, maintain a product for multiple systems and devices (simultaneously). This effort is almost insurmountable, particularly for startups, small businesses, and individual open-source developers working on their passion projects in their spare time.
+We are living in the **computer age** — nearly everyone owns multiple devices: a smartphone, a laptop, perhaps even a desktop PC or tablet.  
-Let's not even start talking about application distribution. For each platform, you end up with a separate build pipeline that builds, tests, signs, packages the application into the appropriate format (msi, exe, deb, flatpak, snap, AppImage, Apk, etc.), and delivers it to the corresponding store (AppStore, PlayStore, Windows Store, and the various repositories of Linux distributions). This is a huge cascade of tasks that especially causes problems for small companies (at least if you want to serve ALL platforms simultaneously).
+Each of these runs its own **operating system** — Windows, macOS, Linux, Android, iOS — and hosts a unique mix of **apps and data**.
-Wouldn't it be nice if there were a simple(r) way for developers to develop and build their application just once and then be able to serve ALL\* devices and systems? PWAs were already on the right track, but there is often a lack of more in-depth access to system resources, such as file or console access.
-HaexHub gives any web application/PWA superpowers.
-Extensions can be used to add any functions to HaexHub, whereby almost any access to the underlying system is possible, provided that the necessary authorizations have been granted by the user beforehand.
 
-\*In principle, the approach presented here allows an application to run on all devices and systems. However, some applications might still only be usable on certain devices or systems. For example, if an application absolutely requires an NFC device, which is typically not found on a desktop PC, then this application will probably only work on mobile devices. Or if an application requires system-specific interfaces or programs, such as the Registry on Windows or systemd on Linux, then this application will naturally only work where these dependencies are found. However, developers who create their applications without such dependencies can immediately serve all devices and systems.
+Unfortunately, **interoperability** between these devices is often poor or even impossible.  
+The reasons are many:
 
-## Enter HaexHub
+- **Platform lock-in**: Vendors like Microsoft, Apple, or Google design systems that make it easy to _enter_ their ecosystem but difficult to _leave_.
+- **Fragmented software development**: Developers face high technical and financial hurdles to support multiple platforms at once.
 
-HaexHub provides a framework that makes it incredibly easy for the community and any developer to build extensions (web applications), which can then be easily integrated into HaexHub by users. Each extension is essentially a web application that can be loaded, executed, customized, and deleted at runtime. Each extension is confined within an IFrame, communicating with HaexHub via APIs using postMessage. HaexHub, in turn, checks these requests for the necessary permissions, executes or rejects the command, and returns a possible response to the caller – ideally, the correct result.
+Creating and maintaining one secure, high-quality app for _all_ systems can be almost impossible — especially for small teams, startups, and indie developers.
-Since these are purely web applications, they are initially subject to the same limitations as any other web application in any "normal" browser worldwide. Fun Fact: Extensions in HaexHub are even more restricted than that. While a "normal" web application can, for example, load additional resources (JavaScript, CSS, images, ads) (assuming CORS allows it), this is initially not possible with a HaexHub extension. Everything the extension needs to be able to do must be specified as a permission in a manifest and approved by the user before (potentially) dangerous actions are executed on the host. And loading external resources is already considered such a risk from Tauri's (and my) perspective, as it can severely compromise the user's privacy.
-With the appropriate permissions, however, an extension can do almost anything possible on a computer. Thus, unlike a "normal" web application, an extension can directly access the host's file system, execute other applications and commands, make/manipulate/block web requests, or access the SQLite database. To use these interfaces, each extension must declare the corresponding permissions in a manifest, which must then be approved by the user. Otherwise, no access to the host system is possible. Extensions can be added and removed at runtime. Since the extension runs in an IFrame, it cannot cause much damage without the appropriate permissions. It would be a pure web application where routing within the application is possible (WebHistoryHash). However, as soon as it tries to load external resources, regardless of whether they are local from the host or from any server on the World Wide Web, the extension is on its own without permission.
-Technically, for example, it would pose no problem to make the host system's shell available to extensions. This could give Visual Studio Code in the browser superpowers. While a web version of Visual Studio Code already exists, its usability is limited. For instance, it's not possible to directly access the shell or the file system, which significantly hinders file management. And since no commands or applications can be executed on the host, it's (unfortunately) practically useless for developers. Visual Studio Code as a HaexHub extension could be used like a native application. And thanks to HaexHub's permission concept, it can be controlled with fine granularity which extension is allowed to execute what and how, and what is not. An extension with such power over the host, which can be both advantageous and disadvantageous for the user, should naturally be handled with particular care. It would probably not be a good idea to grant this permission to any advertising and data tracking services.
 
-The framework itself provides a platform that will be available on all common devices (Desktop PC, Laptop, Tablet, Smartphone) and systems (Windows, macOS, Linux (all flavors), Android, iOS). All extensions can then be used on all supported devices and systems (provided there are no dependencies in the extension that are only available on specific devices or systems, like NFC, Google Pay, etc.).
+And then there’s **distribution**: each platform requires its own build, packaging, signing, and publishing process.  
-All user and extension data can be securely stored and used in the locally encrypted SQLite database. To enable comfortable use of the database across multiple devices and systems, there will be a synchronization server that allows the database to be synchronized conflict-free across devices and systems. This server can, of course, also be self-hosted, ensuring the user is never dependent on a single provider.
+What if you could build your app **once** and deploy it **everywhere**?
-Furthermore, the data can be encrypted beforehand, making it unreadable by third parties.
 
-HaexHub is a cross-platform, local-first, open-source application that prioritizes user privacy, security, and digital sovereignty. The goal is for the user to have control over their data at all times and be able to independently decide what they want to disclose to whom. Additionally, they should be able to adjust this decision at any time.
+> **HaexHub** makes that possible — giving every web app or PWA **superpowers**.
-Through the possibility of extensions, HaexHub is also almost infinitely expandable. What Visual Studio Code is for text editors/IDEs, HaexHub will be for (web) applications and even has the potential to become the European counterpart to WeChat (the "everything app"). However, without a central authority controlling everything.
 
-But first things first.
+With HaexHub, developers can extend functionality via **extensions** that run securely inside the app, with carefully controlled permissions for accessing system features (files, shell, database, etc.).
 
-## Technical Foundations
+---
 
-The technical foundation of the project is Tauri. This framework makes it possible to provide native applications for all common devices (Desktops, Laptops, Tablets, Smartphones) and systems (Windows, Linux, macOS, Android, iOS) with the same codebase. Tauri is comparable to Electron (the technical basis for Visual Studio Code, for example), but the applications created with it are significantly smaller because Tauri uses the native rendering engine of the respective platform (WebView2 (Windows), WKWebView (macOS), WebKitGTK (Linux)) and does not bundle a (customized Chromium) browser, as is the case with Electron. Furthermore, Tauri offers significant advantages over Electron in terms of security and resource efficiency. There is also a sophisticated permission system, which effectively shields the frontend from the host. All access to the host system is only possible with the appropriate permission. This permission concept is also used for the (HaexHub) extensions, thereby ensuring the security of third-party extensions as well.
+## 🚀 Enter HaexHub
 
-The project follows a strict local-first approach. This means that HaexHub can fundamentally be used without any form of online account or internet access. The extensions are also stored locally and can be used offline, provided, of course, that the extension itself can function without the internet. A messenger extension will likely make limited sense without internet access. An image viewer or text editor, however, should work fine without the internet.
+HaexHub provides a **framework** for building and running modular, sandboxed **web extensions** — web apps that run in an isolated environment but can communicate securely with the host.
-All user data can be persistently stored and used in a locally encrypted SQLite database, even across extensions, with the appropriate permissions, of course. Unlike many other applications that call themselves local-first, this project implements this approach more consistently. Most applications claiming to be local-first often aren't truly so. The data usually resides (unencrypted) on a backend server and is merely "cached" to varying degrees in the frontend. While this allows these applications to be used offline for a while, the usage is either restricted (read-only in Bitwarden, for example) or the persistence is temporary at best. Most approaches, like this project, use an SQLite (or similar) database in the frontend to achieve offline capability, but this is usually implemented in a browser via IndexedDB or OPFS. Examples include [powersync](https://www.powersync.com/) , [evolu](https://www.evolu.dev/), or [electricSql](https://electric-sql.com/). The problem here is that such persistence is never truly permanent, as the operating system and/or browser can decide when to free up storage. For instance, it's common for Apple to clear the storage of web applications that haven't been used for over a week. As long as the user's data is still present in the backend, this is only moderately tragic, as the "source of truth" residing there can be synchronized back to the frontend at any time. However, this always requires an online account and internet access. Furthermore, with these approaches, the user cannot simply copy their data onto a USB stick and take it with them to use on a completely different computer (perhaps where only intranet is available).
-Moreover, all these approaches are subject to the limitations of the respective browser. The limitation on persistent storage is particularly noteworthy here. All browsers have strict limits, which is why this approach is not suitable for all requirements. Since HaexHub stores data not in the browser, but in a real SQLite database on the hard drive, it is only subject to the hardware limitations of the host system (or USB stick/storage medium).
 
-With HaexHub, all user and extension data can be permanently stored in the local and encrypted database without requiring an online account. However, to make the user's data conveniently and securely available on multiple devices, there will be a synchronization service to synchronize the database state across the user's various devices and systems. The user can, of course, also host this service themselves on their (local) systems or servers. The database state is thus temporarily stored on a (third-party) server and can be synchronized from there with other instances of the local SQLite database. To further enhance data security, the user can also encrypt the data before sending it to the backend, making it unreadable by third parties. This will likely be enabled by default, but it can also be turned off, as there are legitimate use cases where it might be disadvantageous or undesirable. Particularly in corporate or government environments, it could be problematic if all user (employee) data were stored encrypted on the company servers. If the employee becomes unavailable (resignation, accident, death) and their database password (or the encryption key stored in the database) is unknown, there would be no way to access this data.
+Each extension:
-Since this use case should also be considered, backend encryption will be optional.
 
-As HaexHub is ultimately a kind of distributed and federated system, there is no (single) authority that could control everything. Unless the user truly has only one instance of their database (perhaps on a USB stick) and always carries it with them. Part of HaexHub's charm, however, is that the user can have multiple instances of their SQLite database on multiple devices and systems without having to worry about how the correct data (source of truth) gets from A to B and B to A.
+- Runs inside an **IFrame**.
-To make this possible and to synchronize even conflicting data states of the SQLite database, HaexHub uses Conflict-free Replicated Data Types (CRDTs). This will make it possible to merge multiple conflicting data states, even if they are encrypted.
+- Uses **postMessage APIs** to communicate with HaexHub.
+- Declares required **permissions** in a manifest file.
+- Can be added or removed at runtime.
 
-## Extensions
+Without explicit permission, extensions cannot access the file system, network, or external resources — ensuring **privacy and security** by default.  
+Once granted, however, extensions can unlock full desktop-like capabilities:  
+access files, execute commands, or interact with SQLite databases.
 
-The real highlight of HaexHub, however, lies in its extensions. All end-user functionality will ultimately be provided through extensions. There will be (official/core) extensions and third-party extensions. One of the first (official) extensions will be a password manager, for example, but a file synchronization service is also planned.
+Imagine a **web-based VS Code** that can directly access your local shell and file system — something that current web IDEs can’t do.  
-Each extension is essentially just a web application\* loaded into an IFrame. This keeps all extensions well isolated (sandboxed) from the main application (HaexHub) and the user's host system, ensuring the user's security and privacy. Of course, as with any application, a degree of trust must be placed in the extension developer that they are genuinely only doing what they claim to do. HaexHub is ingenious, but it can't perform magic.
+With HaexHub’s permission model, such power is possible, but **always under user control**.
-Each extension must declare the permissions it requires in a manifest, which must then be accepted by the user. This ensures that each extension can only access the resources (file system, web requests, database access, etc.) for which it has the appropriate permissions.
 
-In principle, any (existing) web application could be integrated and run within HaexHub. Technically, each extension is just a web application, but with significantly more capabilities. Traditional web applications are restricted by the (justified) limitations of a browser. For example, a web application cannot simply access the host system's file system or manipulate network traffic. And for good reasons. With HaexHub, however, these limitations do not exist. A (HaexHub) extension can indeed access the file system if it has the corresponding permission. This opens up almost unlimited application possibilities, making the term "everything app" seem not so far-fetched. In a future iteration, a browser and later a payment option (GNU Taler?!) are planned to be added, so it could truly become a fully-fledged counterpart to WeChat. However, these aspects are not considered in the first iteration of the application.
+HaexHub itself is **cross-platform** and runs on:
-By providing extensions, HaexHub can truly be enhanced arbitrarily. Extension developers could use simple tools (Vite application) to immediately provide their functionality for all devices and systems and utilize the provided ecosystem, without the developer having to deal with the peculiarities of each system for development and distribution. (Provided, of course, they don't rely on dependencies that only exist on specific systems or devices).
-Extensions can also access the data of other extensions (e.g., via the SQLite database) and build upon it (with appropriate permission, naturally).
-I want to outline this with a concrete example. The first official extension will be a password manager.
-This will be a Nuxt/Vue application. The password manager's manifest will request permission to create a few tables and to read from and write to them. The extension then provides a nice UI for creating and managing login credentials, similar to existing password managers. Each entry can also be tagged, which could later be used by other extensions.
-For example, entries tagged "E-Mail" could be created, which could then be used by an email client extension to automatically connect to mail servers.
-Any other extension could access specific entries in the password database (or other extensions' data) to easily provide its service.
-But of course, each extension can also create its own tables as needed for its specific use case.
-HaexHub takes care of secure storage and, if configured, conflict-free synchronization.
-Each user can expand their HaexHub with the individual functionality they need. And since all settings for these extensions can be stored in the SQLite database, they can be easily and seamlessly synchronized and used across multiple devices. The user only needs to set up their extensions once on one device and can then use them on all other devices and systems without further action.
 
-Another example of an extension would be file synchronization, which will also be a core extension.
+- 💻 Windows, macOS, Linux
-This extension allows users to easily synchronize their files across different devices and systems. It can be configured on each device which files and folders should be synchronized and how. For instance, one might want to upload pictures and videos from their smartphone to an S3 bucket/Google Drive/Dropbox and their desktop PC. However, one probably doesn't want all pictures from the S3 bucket/Google Drive/Dropbox/Desktop to be synchronized back to the smartphone. All these configurations will again be stored in the SQLite database and, where possible, synchronized across all devices and systems.
+- 📱 Android, iOS
+- 🧠 Desktops, laptops, tablets, smartphones
 
-Further examples of extensions include calendars, (collaborative) document management, contacts, messengers, and in the distant future, a browser and payment service (GNU Taler perhaps?!).
+All user and extension data is stored in a **locally encrypted SQLite database**.  
+To sync across devices, HaexHub can connect to a **synchronization server** — which you can even **self-host** for maximum independence.
 
-\*Fundamentally, any bundler (Vite, Webpack, Rollup, etc.) and any frontend framework (Vue, React, Angular, Svelte, plain HTML) should be usable. The crucial part is that it's a JS bundle. However, initially, the focus will primarily be on Vite and Vue to demonstrate the general feasibility first.
+> 🛡️ HaexHub is built on the principles of **privacy, security, and digital sovereignty**.
 
-## Preperation
+The user is always in control of their data — deciding what to share, and with whom.
 
-install:
+---
 
-- [nodejs](https://nodejs.org/en/download)
+## 🧠 Technical Foundations
-- [tauri](https://v2.tauri.app/start/prerequisites/)
-- [rust](https://v2.tauri.app/start/prerequisites/#rust)
 
-- port 3003 needs to be open/free or you need to adjust it in `nuxt.config.ts` AND `src-tauri/tauri.conf.json`
+HaexHub is powered by **[Tauri](https://v2.tauri.app/)** — a secure, efficient framework for building native apps from web technologies.
 
+Unlike Electron (used by apps like VS Code), Tauri:
+
+- Uses **native rendering engines** (WebView2, WKWebView, WebKitGTK)
+- Produces **smaller, faster apps**
+- Enforces **strong sandboxing and permission models**
+
+HaexHub builds upon Tauri’s security features, extending them to third-party extensions.
+
+### 🏡 Local-first by Design
+
+HaexHub follows a **strict local-first architecture**:
+
+- Works **offline** without accounts or internet.
+- Stores data locally in **encrypted SQLite**.
+- Uses **CRDTs (Conflict-free Replicated Data Types)** for safe synchronization across devices — even with encrypted data.
+
+Unlike many “local-first” apps, HaexHub doesn’t just cache data in the browser.  
+Your data truly resides **on your disk**, not under a browser’s limited storage policy.
+
+Optionally, HaexHub can sync databases via a backend service — self-hosted or external — with optional **end-to-end encryption**.
+
+---
+
+## 🧩 Extensions
+
+Extensions are the heart of HaexHub.
+
+Everything the user interacts with — from password management to file syncing — will be implemented as **extensions**.
+
+There are two types:
+
+- **Official/Core Extensions**
+- **Third-Party Extensions**
+
+Each extension is a **web app** bundled via your preferred frontend stack:
+
+> Vue, React, Svelte, Angular, Vite, Webpack, Rollup — you name it.
+
+### 🔐 Example: Password Manager
+
+A first official extension will be a **Password Manager**, built with **Vue/Nuxt**:
+
+- Declares database permissions via its manifest.
+- Manages login credentials locally in encrypted SQLite.
+- Can tag entries (e.g. “Email”) for use by other extensions — such as an email client.
+
+### 🗂 Example: File Synchronization
+
+Another planned core extension will handle **file synchronization**:
+
+- Syncs files/folders between devices and cloud providers (e.g. S3, Google Drive, Dropbox).
+- Lets users define sync rules per device.
+- Stores configuration securely in the local database.
+
+### 💬 Future Extensions
+
+- Calendar & Contacts
+- Collaborative document management
+- Messenger
+- Browser & Payment Services (e.g., GNU Taler integration)
+
+With this modular design, HaexHub can evolve into a true **European alternative to WeChat** — but open, federated, and privacy-first.
+
+---
+
+## 🧰 Installation & Setup
+
+### 📦 Prerequisites
+
+Install the following dependencies:
+
+- [Node.js / nvm](https://nodejs.org/en/download)
+- [Tauri](https://v2.tauri.app/start/prerequisites/)
+- [Rust](https://v2.tauri.app/start/prerequisites/#rust)
+- [Android Studio](https://developer.android.com/studio?hl=de)
+- WebKit2GTK + GTK3
+
+#### 🐧 Debian / Ubuntu
+
+```bash
+sudo apt update
+sudo apt install \
+  libwebkit2gtk-4.1-dev \
+  libgtk-3-dev \
+  libayatana-appindicator3-dev \
+  librsvg2-dev
 ```
+
+#### 🦊 Fedora
+
+```bash
+sudo dnf install \
+  webkit2gtk4.1-devel \
+  gtk3-devel \
+  libappindicator-gtk3 \
+  librsvg2-devel
+```
+
+#### ⚙️ Development
+
+Make sure port 3003 is available (or adjust it in `nuxt.config.ts` and `src-tauri/tauri.conf.json`).
+
+```bash
 git clone https://github.com/haexhub/haex-vault.git
 cd haex-vault
-pnpm i
+pnpm install
 pnpm tauri dev
 ```
+
+#### 🧭 Summary
+
+HaexHub aims to:
+
+- Simplify cross-platform app development
+- Empower users with local-first privacy
+- Enable developers to create modular, permissioned extensions
+- Bridge the gap between web and native worlds
+
+HaexHub is the foundation for a decentralized, privacy-friendly, European “everything app.”

drizzle.config.ts

@@ -1,7 +1,7 @@
 import { defineConfig } from 'drizzle-kit'
 
 export default defineConfig({
-  schema: './src-tauri/database/schemas/**.ts',
+  schema: './src/database/schemas/**.ts',
   out: './src-tauri/database/migrations',
   dialect: 'sqlite',
   dbCredentials: {

nuxt.config.ts

@@ -1,4 +1,4 @@
-import tailwindcss from '@tailwindcss/vite'
+import { fileURLToPath } from 'node:url'
 
 // https://nuxt.com/docs/api/configuration/nuxt-config
 export default defineNuxtConfig({
@@ -7,7 +7,16 @@ export default defineNuxtConfig({
 
   srcDir: './src',
 
+  alias: {
+    '@bindings': fileURLToPath(
+      new URL('./src-tauri/bindings', import.meta.url),
+    ),
+  },
+
   app: {
+    head: {
+      viewport: 'width=device-width, initial-scale=1.0, viewport-fit=cover',
+    },
     pageTransition: {
       name: 'fade',
     },
@@ -20,7 +29,6 @@ export default defineNuxtConfig({
     '@vueuse/nuxt',
     '@nuxt/icon',
     '@nuxt/eslint',
-    //"@nuxt/image",
     '@nuxt/fonts',
     '@nuxt/ui',
   ],
@@ -33,6 +41,20 @@ export default defineNuxtConfig({
       'pages/**',
       'types/**',
     ],
+    presets: [
+      {
+        from: '@vueuse/gesture',
+        imports: [
+          'useDrag',
+          'useGesture',
+          'useHover',
+          'useMove',
+          'usePinch',
+          'useScroll',
+          'useWheel',
+        ],
+      },
+    ],
   },
 
   css: ['./assets/css/main.css'],
@@ -46,7 +68,7 @@ export default defineNuxtConfig({
       includeCustomCollections: true,
     },
     serverBundle: {
-      collections: ['mdi', 'line-md', 'solar', 'gg', 'emojione'],
+      collections: ['mdi', 'line-md', 'solar', 'gg', 'emojione', 'lucide', 'hugeicons'],
     },
 
     customCollections: [
@@ -72,6 +94,8 @@ export default defineNuxtConfig({
       redirectOn: 'root', // recommended
     },
     types: 'composition',
+
+    vueI18n: './i18n.config.ts',
   },
 
   zodI18n: {
@@ -84,8 +108,7 @@ export default defineNuxtConfig({
   runtimeConfig: {
     public: {
       haexVault: {
-        lastVaultFileName: 'lastVaults.json',
+        deviceFileName: 'device.json',
-        instanceFileName: 'instance.json',
         defaultVaultName: 'HaexHub',
       },
     },
@@ -99,7 +122,6 @@ export default defineNuxtConfig({
   },
 
   vite: {
-    plugins: [tailwindcss()],
     // Better support for Tauri CLI output
     clearScreen: false,
     // Enable environment variables

package.json

@@ -1,62 +1,68 @@
 {
-  "name": "tauri-app",
+  "name": "haex-hub",
   "private": true,
-  "version": "0.1.0",
+  "version": "0.1.6",
   "type": "module",
   "scripts": {
     "build": "nuxt build",
     "dev": "nuxt dev",
-    "generate": "nuxt generate",
-    "preview": "nuxt preview",
-    "postinstall": "nuxt prepare",
-    "tauri": "tauri",
-    "tauri:build:debug": "tauri build --debug",
     "drizzle:generate": "drizzle-kit generate",
     "drizzle:migrate": "drizzle-kit migrate",
-    "eslint:fix": "eslint --fix"
+    "eslint:fix": "eslint --fix",
+    "generate:rust-types": "tsx ./src-tauri/database/generate-rust-types.ts",
+    "generate:ts-types": "cd src-tauri && cargo test",
+    "generate": "nuxt generate",
+    "postinstall": "nuxt prepare",
+    "preview": "nuxt preview",
+    "tauri:build:debug": "tauri build --debug",
+    "tauri": "tauri"
   },
   "dependencies": {
     "@nuxt/eslint": "1.9.0",
     "@nuxt/fonts": "0.11.4",
     "@nuxt/icon": "2.0.0",
-    "@nuxt/ui": "^3.3.2",
+    "@nuxt/ui": "4.1.0",
     "@nuxtjs/i18n": "10.0.6",
-    "@pinia/nuxt": "^0.11.1",
+    "@pinia/nuxt": "^0.11.2",
-    "@tailwindcss/vite": "^4.1.10",
+    "@tailwindcss/vite": "^4.1.16",
-    "@tauri-apps/api": "^2.5.0",
+    "@tauri-apps/api": "^2.9.0",
-    "@tauri-apps/plugin-dialog": "^2.2.2",
+    "@tauri-apps/plugin-dialog": "^2.4.2",
-    "@tauri-apps/plugin-fs": "^2.3.0",
+    "@tauri-apps/plugin-fs": "^2.4.4",
-    "@tauri-apps/plugin-http": "2.5.2",
     "@tauri-apps/plugin-notification": "2.3.1",
-    "@tauri-apps/plugin-opener": "^2.3.0",
+    "@tauri-apps/plugin-opener": "^2.5.2",
-    "@tauri-apps/plugin-os": "^2.2.2",
+    "@tauri-apps/plugin-os": "^2.3.2",
-    "@tauri-apps/plugin-sql": "2.3.0",
+    "@tauri-apps/plugin-store": "^2.4.1",
-    "@tauri-apps/plugin-store": "^2.2.1",
     "@vueuse/components": "^13.9.0",
-    "@vueuse/core": "^13.4.0",
+    "@vueuse/core": "^13.9.0",
-    "@vueuse/nuxt": "^13.4.0",
+    "@vueuse/gesture": "^2.0.0",
-    "drizzle-orm": "^0.44.2",
+    "@vueuse/nuxt": "^13.9.0",
-    "eslint": "^9.34.0",
+    "drizzle-orm": "^0.44.7",
-    "fuse.js": "^7.1.0",
+    "eslint": "^9.38.0",
-    "nuxt": "^4.0.3",
+    "nuxt-zod-i18n": "^1.12.1",
-    "nuxt-zod-i18n": "^1.12.0",
+    "swiper": "^12.0.3",
-    "tailwindcss": "^4.1.10",
+    "tailwindcss": "^4.1.16",
-    "vue": "^3.5.20",
+    "vue": "^3.5.22",
-    "vue-router": "^4.5.1",
+    "vue-router": "^4.6.3",
-    "zod": "4.1.5"
+    "zod": "^3.25.76"
   },
   "devDependencies": {
-    "@iconify/json": "^2.2.351",
+    "@iconify-json/hugeicons": "^1.2.17",
+    "@iconify-json/lucide": "^1.2.71",
+    "@iconify/json": "^2.2.401",
     "@iconify/tailwind4": "^1.0.6",
-    "@tauri-apps/cli": "^2.5.0",
+    "@libsql/client": "^0.15.15",
+    "@tauri-apps/cli": "^2.9.1",
+    "@types/node": "^24.9.1",
     "@vitejs/plugin-vue": "6.0.1",
-    "@vue/compiler-sfc": "^3.5.17",
+    "@vue/compiler-sfc": "^3.5.22",
-    "drizzle-kit": "^0.31.2",
+    "drizzle-kit": "^0.31.5",
-    "globals": "^16.2.0",
+    "globals": "^16.4.0",
+    "nuxt": "^4.2.0",
     "prettier": "3.6.2",
-    "tw-animate-css": "^1.3.8",
+    "tsx": "^4.20.6",
-    "typescript": "^5.8.3",
+    "tw-animate-css": "^1.4.0",
-    "vite": "7.1.3",
+    "typescript": "^5.9.3",
+    "vite": "^7.1.3",
     "vue-tsc": "3.0.6"
   },
   "prettier": {

src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "haex-hub"
-version = "0.1.0"
+version = "0.1.4"
 description = "A Tauri App"
 authors = ["you"]
 edition = "2021"
@@ -15,38 +15,43 @@ name = "haex_hub_lib"
 crate-type = ["staticlib", "cdylib", "rlib"]
 
 [build-dependencies]
+serde_json = "1.0.145"
 tauri-build = { version = "2.2", features = [] }
+serde = { version = "1.0.228", features = ["derive"] }
 
 [dependencies]
-rusqlite = { version = "0.37.0", features = [
-    "load_extension",
-    "bundled-sqlcipher-vendored-openssl",
-    "functions",
-] }
-#libsqlite3-sys = { version = "0.31", features = ["bundled-sqlcipher"] }
-#sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "sqlite"] }
 tokio = { version = "1.47.1", features = ["macros", "rt-multi-thread"] }
-serde = { version = "1", features = ["derive"] }
-hex = "0.4"
-serde_json = "1.0.143"
 base64 = "0.22"
-mime_guess = "2.0"
+ed25519-dalek = "2.1"
-mime = "0.3"
 fs_extra = "1.3.0"
-sqlparser = { version = "0.58.0", features = ["visitor"] }
+hex = "0.4"
-uhlc = "0.8"
+lazy_static = "1.5"
-tauri = { version = "2.8.5", features = ["protocol-asset", "devtools"] }
+mime = "0.3"
-tauri-plugin-dialog = "2.4.0"
+mime_guess = "2.0"
+serde = { version = "1", features = ["derive"] }
+serde_json = "1.0.143"
+sha2 = "0.10.9"
+sqlparser = { version = "0.59.0", features = ["visitor"] }
+tauri = { version = "2.9.1", features = ["protocol-asset", "devtools"] }
+tauri-plugin-dialog = "2.4.2"
 tauri-plugin-fs = "2.4.0"
-tauri-plugin-opener = "2.5.0"
+tauri-plugin-http = "2.5.4"
-tauri-plugin-os = "2.3"
+tauri-plugin-notification = "2.3.3"
-tauri-plugin-store = "2.4.0"
+tauri-plugin-opener = "2.5.2"
-tauri-plugin-http = "2.5.2"
+tauri-plugin-os = "2.3.2"
-tauri-plugin-notification = "2.3.1"
+tauri-plugin-persisted-scope = "2.3.4"
-tauri-plugin-persisted-scope = "2.3.2"
+tauri-plugin-store = "2.4.1"
-tauri-plugin-android-fs = "12.0.1"
+thiserror = "2.0.17"
+ts-rs = { version = "11.1.0", features = ["serde-compat"] }
+uhlc = "0.8.2"
+url = "2.5.7"
 uuid = { version = "1.18.1", features = ["v4"] }
-ts-rs = "11.0.1"
+zip = "6.0.0"
-thiserror = "2.0.16"
+rusqlite = { version = "0.37.0", features = [
+  "load_extension",
+  "bundled-sqlcipher-vendored-openssl",
+  "functions",
+] }
 
-#tauri-plugin-sql = { version = "2", features = ["sqlite"] }
+[target.'cfg(not(target_os = "android"))'.dependencies]
+trash = "5.2.5"

src-tauri/bindings/Action.ts

@@ -0,0 +1,10 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { DbAction } from "./DbAction";
+import type { FsAction } from "./FsAction";
+import type { HttpAction } from "./HttpAction";
+import type { ShellAction } from "./ShellAction";
+
+/**
+ * Ein typsicherer Container, der die spezifische Aktion für einen Ressourcentyp enthält.
+ */
+export type Action = { "Database": DbAction } | { "Filesystem": FsAction } | { "Http": HttpAction } | { "Shell": ShellAction };

src-tauri/bindings/DatabaseError.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type DatabaseError = { "type": "ParseError", "details": { reason: string, sql: string, } } | { "type": "ParameterMismatchError", "details": { expected: number, provided: number, sql: string, } } | { "type": "NoTableError", "details": { sql: string, } } | { "type": "StatementError", "details": { reason: string, } } | { "type": "PrepareError", "details": { reason: string, } } | { "type": "DatabaseError", "details": { reason: string, } } | { "type": "ExecutionError", "details": { sql: string, reason: string, table: string | null, } } | { "type": "TransactionError", "details": { reason: string, } } | { "type": "UnsupportedStatement", "details": { reason: string, sql: string, } } | { "type": "HlcError", "details": { reason: string, } } | { "type": "LockError", "details": { reason: string, } } | { "type": "ConnectionError", "details": { reason: string, } } | { "type": "SerializationError", "details": { reason: string, } } | { "type": "PermissionError", "details": { extension_id: string, operation: string | null, resource: string | null, reason: string, } } | { "type": "QueryError", "details": { reason: string, } } | { "type": "RowProcessingError", "details": { reason: string, } } | { "type": "MutexPoisoned", "details": { reason: string, } } | { "type": "ConnectionFailed", "details": { path: string, reason: string, } } | { "type": "PragmaError", "details": { pragma: string, reason: string, } } | { "type": "PathResolutionError", "details": { reason: string, } } | { "type": "IoError", "details": { path: string, reason: string, } } | { "type": "CrdtSetup", "details": string };

src-tauri/bindings/DbAction.ts

@@ -0,0 +1,6 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Definiert Aktionen, die auf eine Datenbank angewendet werden können.
+ */
+export type DbAction = "read" | "readWrite" | "create" | "delete" | "alterDrop";

src-tauri/bindings/DbConstraints.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type DbConstraints = { where_clause: string | null, columns: Array<string> | null, limit: number | null, };

src-tauri/bindings/ExtensionInfoResponse.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type ExtensionInfoResponse = { id: string, publicKey: string, name: string, version: string, author: string | null, enabled: boolean, description: string | null, homepage: string | null, icon: string | null, entry: string | null, singleInstance: boolean | null, devServerUrl: string | null, };

src-tauri/bindings/ExtensionManifest.ts

@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { ExtensionPermissions } from "./ExtensionPermissions";
+
+export type ExtensionManifest = { name: string, version: string, author: string | null, entry: string | null, icon: string | null, public_key: string, signature: string, permissions: ExtensionPermissions, homepage: string | null, description: string | null, single_instance: boolean | null, };

src-tauri/bindings/ExtensionPermissions.ts

@@ -0,0 +1,7 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PermissionEntry } from "./PermissionEntry";
+
+/**
+ * Definiert die einheitliche Struktur für alle Berechtigungsarten im Manifest und UI.
+ */
+export type ExtensionPermissions = { database: Array<PermissionEntry> | null, filesystem: Array<PermissionEntry> | null, http: Array<PermissionEntry> | null, shell: Array<PermissionEntry> | null, };

src-tauri/bindings/ExtensionPreview.ts

@@ -0,0 +1,5 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { ExtensionManifest } from "./ExtensionManifest";
+import type { ExtensionPermissions } from "./ExtensionPermissions";
+
+export type ExtensionPreview = { manifest: ExtensionManifest, is_valid_signature: boolean, editable_permissions: ExtensionPermissions, };

src-tauri/bindings/FsAction.ts

@@ -0,0 +1,6 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Definiert Aktionen, die auf das Dateisystem angewendet werden können.
+ */
+export type FsAction = "read" | "readWrite";

src-tauri/bindings/FsConstraints.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type FsConstraints = { max_file_size: bigint | null, allowed_extensions: Array<string> | null, recursive: boolean | null, };

src-tauri/bindings/HttpAction.ts

@@ -0,0 +1,6 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Definiert Aktionen (HTTP-Methoden), die auf HTTP-Anfragen angewendet werden können.
+ */
+export type HttpAction = "GET" | "POST" | "PUT" | "PATCH" | "DELETE" | "*";

src-tauri/bindings/HttpConstraints.ts

@@ -0,0 +1,4 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { RateLimit } from "./RateLimit";
+
+export type HttpConstraints = { methods: Array<string> | null, rate_limit: RateLimit | null, };

src-tauri/bindings/PermissionConstraints.ts

@@ -0,0 +1,7 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { DbConstraints } from "./DbConstraints";
+import type { FsConstraints } from "./FsConstraints";
+import type { HttpConstraints } from "./HttpConstraints";
+import type { ShellConstraints } from "./ShellConstraints";
+
+export type PermissionConstraints = DbConstraints | FsConstraints | HttpConstraints | ShellConstraints;

src-tauri/bindings/PermissionEntry.ts

@@ -0,0 +1,19 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+import type { PermissionStatus } from "./PermissionStatus";
+
+/**
+ * Repräsentiert einen einzelnen Berechtigungseintrag im Manifest und im UI-Modell.
+ */
+export type PermissionEntry = { target: string, 
+/**
+ * Die auszuführende Aktion (z.B. "read", "read_write", "GET", "execute").
+ */
+operation?: string | null, 
+/**
+ * Optionale, spezifische Einschränkungen für diese Berechtigung.
+ */
+constraints?: Record<string, unknown>, 
+/**
+ * Der Status der Berechtigung (wird nur im UI-Modell verwendet).
+ */
+status?: PermissionStatus | null, };

src-tauri/bindings/PermissionStatus.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type PermissionStatus = "ask" | "granted" | "denied";

src-tauri/bindings/RateLimit.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type RateLimit = { requests: number, per_minutes: number, };

src-tauri/bindings/ResourceType.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type ResourceType = "fs" | "http" | "db" | "shell";

src-tauri/bindings/ShellAction.ts

@@ -0,0 +1,6 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+/**
+ * Definiert Aktionen, die auf Shell-Befehle angewendet werden können.
+ */
+export type ShellAction = "execute";

src-tauri/bindings/ShellConstraints.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type ShellConstraints = { allowed_subcommands: Array<string> | null, allowed_flags: Array<string> | null, forbidden_args: Array<string> | null, };

src-tauri/bindings/TriggerSetupResult.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type TriggerSetupResult = "Success" | "TableNotFound";

src-tauri/bindings/VaultInfo.ts

@@ -0,0 +1,3 @@
+// This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
+
+export type VaultInfo = { name: string, lastAccess: bigint, path: string, };

src-tauri/build.rs

@@ -1,3 +1,7 @@
+mod generator;
+
 fn main() {
-    tauri_build::build()
+    generator::table_names::generate_table_names();
+    generator::rust_types::generate_rust_types();
+    tauri_build::build();
 }

src-tauri/capabilities/default.json

@@ -18,14 +18,19 @@
     "fs:allow-appconfig-write-recursive",
     "fs:allow-appdata-read-recursive",
     "fs:allow-appdata-write-recursive",
+    "fs:allow-applocaldata-read-recursive",
+    "fs:allow-applocaldata-write-recursive",
     "fs:allow-read-file",
+    "fs:allow-write-file",
     "fs:allow-read-dir",
+    "fs:allow-mkdir",
+    "fs:allow-exists",
+    "fs:allow-remove",
     "fs:allow-resource-read-recursive",
     "fs:allow-resource-write-recursive",
     "fs:allow-download-read-recursive",
     "fs:allow-download-write-recursive",
     "fs:default",
-    "android-fs:default",
     {
       "identifier": "fs:scope",
       "allow": [{ "path": "**" }]
@@ -36,6 +41,7 @@
     "notification:allow-create-channel",
     "notification:allow-list-channels",
     "notification:allow-notify",
+    "notification:allow-is-permission-granted",
     "notification:default",
     "opener:allow-open-url",
     "opener:default",

src-tauri/database/generate-rust-types.ts

@@ -0,0 +1,200 @@
+import { writeFileSync, mkdirSync } from 'node:fs'
+import { join, dirname } from 'node:path'
+import { fileURLToPath } from 'node:url'
+import tablesNames from '../../src/database/tableNames.json'
+import { schema } from '../../src/database/index'
+import { getTableColumns } from 'drizzle-orm'
+import type { AnySQLiteColumn, SQLiteTable } from 'drizzle-orm/sqlite-core'
+
+const __filename = fileURLToPath(import.meta.url)
+const __dirname = dirname(__filename)
+
+interface Column {
+  name: string
+  rustType: string
+  isOptional: boolean
+}
+
+function drizzleToRustType(colDef: AnySQLiteColumn): {
+  rustType: string
+  isOptional: boolean
+} {
+  let baseType = 'String'
+  let isOptional = !colDef.notNull
+
+  if (colDef.columnType === 'SQLiteText') {
+    if ('mode' in colDef && colDef.mode === 'json') {
+      baseType = 'serde_json::Value'
+    } else {
+      baseType = 'String'
+    }
+  } else if (colDef.columnType === 'SQLiteInteger') {
+    baseType = 'i64'
+  } else if (colDef.columnType === 'SQLiteBoolean') {
+    baseType = 'bool'
+  } else if (colDef.columnType === 'SQLiteReal') {
+    baseType = 'f64'
+  } else if (colDef.columnType === 'SQLiteBlob') {
+    baseType = 'Vec<u8>'
+  }
+
+  // Drizzle verwendet 'primary' für den Primärschlüssel-Status
+  if (colDef.primary) {
+    isOptional = false
+  }
+
+  return { rustType: baseType, isOptional }
+}
+
+function extractColumns(table: SQLiteTable): Column[] {
+  const columns: Column[] = []
+
+  // getTableColumns gibt ein Record<string, AnySQLiteColumn> zurück
+  const tableColumns = getTableColumns(table)
+
+  // Object.values gibt uns ein Array vom Typ AnySQLiteColumn[]
+  for (const colDef of Object.values(tableColumns)) {
+    // Die relevanten Infos stehen im 'config' Property der Spalte.
+    // TypeScript kennt den Typ von 'config' bereits!
+    const { rustType, isOptional } = drizzleToRustType(colDef)
+
+    columns.push({
+      name: colDef.name,
+      rustType: isOptional ? `Option<${rustType}>` : rustType,
+      isOptional,
+    })
+  }
+  return columns
+}
+
+function toSnakeCase(str: string): string {
+  return str.replace(/[A-Z]/g, (letter, index) =>
+    index === 0 ? letter.toLowerCase() : `_${letter.toLowerCase()}`,
+  )
+}
+
+function toPascalCase(str: string): string {
+  console.log('toPascalCase:', str)
+  return str
+    .split('_')
+    .map((word) => word.charAt(0).toUpperCase() + word.slice(1).toLowerCase())
+    .join('')
+}
+
+const RUST_KEYWORDS = new Set([
+  'type',
+  'struct',
+  'enum',
+  'pub',
+  'use',
+  'as',
+  'crate',
+  'super',
+  'self',
+  'let',
+  'mut',
+])
+
+function generateStruct(name: string, columns: Column[]): string {
+  let structName = toPascalCase(name)
+
+  if (RUST_KEYWORDS.has(structName.toLowerCase())) {
+    structName = `r#${structName}`
+  }
+
+  // --- Teil 1: Struct-Definition ---
+  let code = `#[derive(Debug, Clone, Serialize, Deserialize)]\n`
+  code += `#[serde(rename_all = "camelCase")]\n`
+  code += `pub struct ${structName} {\n`
+
+  for (const col of columns) {
+    let fieldName = toSnakeCase(col.name)
+
+    // Prüfen, ob der Name ein Keyword ist
+    if (RUST_KEYWORDS.has(fieldName)) {
+      fieldName = `r#${fieldName}`
+    }
+
+    if (col.isOptional) {
+      code += `    #[serde(skip_serializing_if = "Option::is_none")]\n`
+    }
+    // Wichtig: #[serde(rename = "...")] hinzufügen, falls der Feldname geändert wurde!
+    if (fieldName.startsWith('r#')) {
+      const originalName = fieldName.substring(2)
+      code += `    #[serde(rename = "${originalName}")]\n`
+    }
+    code += `    pub ${fieldName}: ${col.rustType},\n`
+  }
+
+  code += `}\n\n`
+
+  // --- Teil 2: Impl-Block ---
+  code += `impl ${structName} {\n`
+  code += `    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {\n`
+  code += `        Ok(Self {\n`
+
+  columns.forEach((col, idx) => {
+    let fieldName = toSnakeCase(col.name)
+    if (RUST_KEYWORDS.has(fieldName)) {
+      fieldName = `r#${fieldName}`
+    }
+    code += `            ${fieldName}: row.get(${idx})?,\n`
+  })
+
+  code += `        })\n`
+  code += `    }\n`
+  code += `}\n\n`
+
+  return code
+}
+
+function main() {
+  let output = `// Auto-generated from Drizzle schema
+// DO NOT EDIT MANUALLY
+// Run 'pnpm generate:rust-types' to regenerate
+
+use serde::{Deserialize, Serialize};
+
+`
+
+  const schemas = [
+    { name: tablesNames.haex.settings.name, table: schema.haexSettings },
+    { name: tablesNames.haex.extensions.name, table: schema.haexExtensions },
+    {
+      name: tablesNames.haex.extension_permissions.name,
+      table: schema.haexExtensionPermissions,
+    },
+    { name: tablesNames.haex.crdt.logs.name, table: schema.haexCrdtLogs },
+    {
+      name: tablesNames.haex.crdt.snapshots.name,
+      table: schema.haexCrdtSnapshots,
+    },
+    { name: tablesNames.haex.crdt.configs.name, table: schema.haexCrdtConfigs },
+    {
+      name: tablesNames.haex.desktop_items.name,
+      table: schema.haexDesktopItems,
+    },
+    {
+      name: tablesNames.haex.workspaces.name,
+      table: schema.haexWorkspaces,
+    },
+  ]
+
+  for (const { name, table } of schemas) {
+    console.log(`\n=== Processing table: ${name} ===`)
+    const columns = extractColumns(table)
+    console.log(`Found ${columns.length} columns`)
+
+    if (columns.length > 0) {
+      output += generateStruct(name, columns)
+    }
+  }
+
+  const outputPath = join(__dirname, '../src/database/generated.rs')
+  mkdirSync(dirname(outputPath), { recursive: true })
+  writeFileSync(outputPath, output, 'utf-8')
+
+  console.log('\n✅ Rust types generated:', outputPath)
+}
+
+main()

src-tauri/database/index.ts

@@ -1,23 +0,0 @@
-import { drizzle } from 'drizzle-orm/sqlite-proxy' // Adapter für Query Building ohne direkte Verbindung
-import * as schema from './schemas/vault' // Importiere alles aus deiner Schema-Datei
-
-// sqlite-proxy benötigt eine (dummy) Ausführungsfunktion als Argument.
-// Diese wird in unserem Tauri-Workflow nie aufgerufen, da wir nur .toSQL() verwenden.
-// Sie muss aber vorhanden sein, um drizzle() aufrufen zu können.
-const dummyExecutor = async (
-  sql: string,
-  params: unknown[],
-  method: 'all' | 'run' | 'get' | 'values',
-) => {
-  console.warn(
-    `Frontend Drizzle Executor wurde aufgerufen (Methode: ${method}). Das sollte im Tauri-Invoke-Workflow nicht passieren!`,
-  )
-  // Wir geben leere Ergebnisse zurück, um die Typen zufriedenzustellen, falls es doch aufgerufen wird.
-  return { rows: [] } // Für 'run' (z.B. bei INSERT/UPDATE)
-}
-
-// Erstelle die Drizzle-Instanz für den SQLite-Dialekt
-// Übergib den dummyExecutor und das importierte Schema
-export const db = drizzle(dummyExecutor, { schema })
-
-// Exportiere auch alle Schema-Definitionen weiter, damit man alles aus einer Datei importieren kann

src-tauri/database/migrations/0000_cynical_nicolaos.sql

@@ -0,0 +1,105 @@
+CREATE TABLE `haex_crdt_configs` (
+	`key` text PRIMARY KEY NOT NULL,
+	`value` text
+);
+--> statement-breakpoint
+CREATE TABLE `haex_crdt_logs` (
+	`id` text PRIMARY KEY NOT NULL,
+	`haex_timestamp` text,
+	`table_name` text,
+	`row_pks` text,
+	`op_type` text,
+	`column_name` text,
+	`new_value` text,
+	`old_value` text
+);
+--> statement-breakpoint
+CREATE INDEX `idx_haex_timestamp` ON `haex_crdt_logs` (`haex_timestamp`);--> statement-breakpoint
+CREATE INDEX `idx_table_row` ON `haex_crdt_logs` (`table_name`,`row_pks`);--> statement-breakpoint
+CREATE TABLE `haex_crdt_snapshots` (
+	`snapshot_id` text PRIMARY KEY NOT NULL,
+	`created` text,
+	`epoch_hlc` text,
+	`location_url` text,
+	`file_size_bytes` integer
+);
+--> statement-breakpoint
+CREATE TABLE `haex_desktop_items` (
+	`id` text PRIMARY KEY NOT NULL,
+	`workspace_id` text NOT NULL,
+	`item_type` text NOT NULL,
+	`extension_id` text,
+	`system_window_id` text,
+	`position_x` integer DEFAULT 0 NOT NULL,
+	`position_y` integer DEFAULT 0 NOT NULL,
+	`haex_timestamp` text,
+	FOREIGN KEY (`workspace_id`) REFERENCES `haex_workspaces`(`id`) ON UPDATE no action ON DELETE cascade,
+	FOREIGN KEY (`extension_id`) REFERENCES `haex_extensions`(`id`) ON UPDATE no action ON DELETE cascade,
+	CONSTRAINT "item_reference" CHECK(("haex_desktop_items"."item_type" = 'extension' AND "haex_desktop_items"."extension_id" IS NOT NULL AND "haex_desktop_items"."system_window_id" IS NULL) OR ("haex_desktop_items"."item_type" = 'system' AND "haex_desktop_items"."system_window_id" IS NOT NULL AND "haex_desktop_items"."extension_id" IS NULL) OR ("haex_desktop_items"."item_type" = 'file' AND "haex_desktop_items"."system_window_id" IS NOT NULL AND "haex_desktop_items"."extension_id" IS NULL) OR ("haex_desktop_items"."item_type" = 'folder' AND "haex_desktop_items"."system_window_id" IS NOT NULL AND "haex_desktop_items"."extension_id" IS NULL))
+);
+--> statement-breakpoint
+CREATE TABLE `haex_extension_permissions` (
+	`id` text PRIMARY KEY NOT NULL,
+	`extension_id` text NOT NULL,
+	`resource_type` text,
+	`action` text,
+	`target` text,
+	`constraints` text,
+	`status` text DEFAULT 'denied' NOT NULL,
+	`created_at` text DEFAULT (CURRENT_TIMESTAMP),
+	`updated_at` integer,
+	`haex_timestamp` text,
+	FOREIGN KEY (`extension_id`) REFERENCES `haex_extensions`(`id`) ON UPDATE no action ON DELETE cascade
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `haex_extension_permissions_extension_id_resource_type_action_target_unique` ON `haex_extension_permissions` (`extension_id`,`resource_type`,`action`,`target`);--> statement-breakpoint
+CREATE TABLE `haex_extensions` (
+	`id` text PRIMARY KEY NOT NULL,
+	`public_key` text NOT NULL,
+	`name` text NOT NULL,
+	`version` text NOT NULL,
+	`author` text,
+	`description` text,
+	`entry` text DEFAULT 'index.html',
+	`homepage` text,
+	`enabled` integer DEFAULT true,
+	`icon` text,
+	`signature` text NOT NULL,
+	`single_instance` integer DEFAULT false,
+	`haex_timestamp` text
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `haex_extensions_public_key_name_unique` ON `haex_extensions` (`public_key`,`name`);--> statement-breakpoint
+CREATE TABLE `haex_notifications` (
+	`id` text PRIMARY KEY NOT NULL,
+	`alt` text,
+	`date` text,
+	`icon` text,
+	`image` text,
+	`read` integer,
+	`source` text,
+	`text` text,
+	`title` text,
+	`type` text NOT NULL,
+	`haex_timestamp` text
+);
+--> statement-breakpoint
+CREATE TABLE `haex_settings` (
+	`id` text PRIMARY KEY NOT NULL,
+	`key` text,
+	`type` text,
+	`value` text,
+	`haex_timestamp` text
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `haex_settings_key_type_value_unique` ON `haex_settings` (`key`,`type`,`value`);--> statement-breakpoint
+CREATE TABLE `haex_workspaces` (
+	`id` text PRIMARY KEY NOT NULL,
+	`device_id` text NOT NULL,
+	`name` text NOT NULL,
+	`position` integer DEFAULT 0 NOT NULL,
+	`background` blob,
+	`haex_timestamp` text
+);
+--> statement-breakpoint
+CREATE UNIQUE INDEX `haex_workspaces_position_unique` ON `haex_workspaces` (`position`);

src-tauri/database/migrations/0000_zippy_scourge.sql

@@ -1,26 +0,0 @@
-CREATE TABLE `haex_extensions` (
-	`id` text PRIMARY KEY NOT NULL,
-	`author` text,
-	`enabled` integer,
-	`name` text,
-	`url` text,
-	`version` text
-);
---> statement-breakpoint
-CREATE TABLE `haex_extensions_permissions` (
-	`id` text PRIMARY KEY NOT NULL,
-	`extension_id` text,
-	`resource` text,
-	`operation` text,
-	`path` text,
-	FOREIGN KEY (`extension_id`) REFERENCES `haex_extensions`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE UNIQUE INDEX `haex_extensions_permissions_extension_id_resource_operation_path_unique` ON `haex_extensions_permissions` (`extension_id`,`resource`,`operation`,`path`);--> statement-breakpoint
-CREATE TABLE `haex_settings` (
-	`id` text PRIMARY KEY NOT NULL,
-	`key` text,
-	`value_text` text,
-	`value_json` text,
-	`value_number` numeric
-);

src-tauri/database/migrations/0001_furry_brother_voodoo.sql

@@ -0,0 +1,15 @@
+PRAGMA foreign_keys=OFF;--> statement-breakpoint
+CREATE TABLE `__new_haex_workspaces` (
+	`id` text PRIMARY KEY NOT NULL,
+	`device_id` text NOT NULL,
+	`name` text NOT NULL,
+	`position` integer DEFAULT 0 NOT NULL,
+	`background` text,
+	`haex_timestamp` text
+);
+--> statement-breakpoint
+INSERT INTO `__new_haex_workspaces`("id", "device_id", "name", "position", "background", "haex_timestamp") SELECT "id", "device_id", "name", "position", "background", "haex_timestamp" FROM `haex_workspaces`;--> statement-breakpoint
+DROP TABLE `haex_workspaces`;--> statement-breakpoint
+ALTER TABLE `__new_haex_workspaces` RENAME TO `haex_workspaces`;--> statement-breakpoint
+PRAGMA foreign_keys=ON;--> statement-breakpoint
+CREATE UNIQUE INDEX `haex_workspaces_position_unique` ON `haex_workspaces` (`position`);

src-tauri/database/migrations/0001_wealthy_thaddeus_ross.sql

@@ -1,7 +0,0 @@
-CREATE TABLE `testTable` (
-	`id` text PRIMARY KEY NOT NULL,
-	`author` text,
-	`test` text
-);
---> statement-breakpoint
-ALTER TABLE `haex_extensions` ADD `icon` text;

src-tauri/database/migrations/0002_married_bushwacker.sql

@@ -1,4 +0,0 @@
-ALTER TABLE `haex_settings` RENAME COLUMN "value_text" TO "value";--> statement-breakpoint
-DROP TABLE `testTable`;--> statement-breakpoint
-ALTER TABLE `haex_settings` DROP COLUMN `value_json`;--> statement-breakpoint
-ALTER TABLE `haex_settings` DROP COLUMN `value_number`;

src-tauri/database/migrations/0003_familiar_doctor_faustus.sql

@@ -1,11 +0,0 @@
-CREATE TABLE `haex_notofications` (
-	`id` text PRIMARY KEY NOT NULL,
-	`title` text,
-	`text` text,
-	`type` text NOT NULL,
-	`read` integer,
-	`date` text,
-	`image` text,
-	`alt` text,
-	`icon` text
-);

src-tauri/database/migrations/0004_wooden_lockheed.sql

@@ -1 +0,0 @@
-ALTER TABLE `haex_notofications` RENAME TO `haex_notifications`;

src-tauri/database/migrations/0005_wooden_nuke.sql

@@ -1,50 +0,0 @@
-CREATE TABLE `haex_passwords_group_items` (
-	`group_id` text,
-	`item_id` text,
-	PRIMARY KEY(`item_id`, `group_id`),
-	FOREIGN KEY (`group_id`) REFERENCES `haex_passwords_groups`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`item_id`) REFERENCES `haex_passwords_items`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `haex_passwords_groups` (
-	`id` text PRIMARY KEY NOT NULL,
-	`name` text,
-	`icon` text,
-	`order` integer,
-	`color` text,
-	`parent_id` text,
-	FOREIGN KEY (`parent_id`) REFERENCES `haex_passwords_groups`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `haex_passwords_item_history` (
-	`id` text PRIMARY KEY NOT NULL,
-	`item_id` text,
-	`changed_property` text,
-	`old_value` text,
-	`new_value` text,
-	`created_at` text DEFAULT (CURRENT_TIMESTAMP),
-	FOREIGN KEY (`item_id`) REFERENCES `haex_passwords_items`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-CREATE TABLE `haex_passwords_items` (
-	`id` text PRIMARY KEY NOT NULL,
-	`title` text,
-	`username` text,
-	`password` text,
-	`note` text,
-	`icon` text,
-	`tags` text,
-	`url` text,
-	`created_at` text DEFAULT (CURRENT_TIMESTAMP),
-	`updated_at` integer
-);
---> statement-breakpoint
-CREATE TABLE `haex_passwords_items_key_values` (
-	`id` text PRIMARY KEY NOT NULL,
-	`item_id` text,
-	`key` text,
-	`value` text,
-	FOREIGN KEY (`item_id`) REFERENCES `haex_passwords_items`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-ALTER TABLE `haex_notifications` ADD `source` text;

src-tauri/database/migrations/0006_complete_martin_li.sql

@@ -1,5 +0,0 @@
-ALTER TABLE `haex_extensions_permissions` ADD `created_at` text DEFAULT (CURRENT_TIMESTAMP);--> statement-breakpoint
-ALTER TABLE `haex_extensions_permissions` ADD `updated_at` integer;--> statement-breakpoint
-ALTER TABLE `haex_passwords_groups` ADD `created_at` text DEFAULT (CURRENT_TIMESTAMP);--> statement-breakpoint
-ALTER TABLE `haex_passwords_groups` ADD `updated_at` integer;--> statement-breakpoint
-ALTER TABLE `haex_passwords_items_key_values` ADD `updated_at` integer;

src-tauri/database/migrations/0007_daffy_tusk.sql

@@ -1 +0,0 @@
-ALTER TABLE `haex_passwords_groups` ADD `description` text;

src-tauri/database/migrations/0008_faulty_mercury.sql

@@ -1,40 +0,0 @@
-ALTER TABLE `haex_passwords_items` RENAME TO `haex_passwords_item_details`;--> statement-breakpoint
-ALTER TABLE `haex_passwords_items_key_values` RENAME TO `haex_passwords_item_key_values`;--> statement-breakpoint
-PRAGMA foreign_keys=OFF;--> statement-breakpoint
-CREATE TABLE `__new_haex_passwords_item_key_values` (
-	`id` text PRIMARY KEY NOT NULL,
-	`item_id` text,
-	`key` text,
-	`value` text,
-	`updated_at` integer,
-	FOREIGN KEY (`item_id`) REFERENCES `haex_passwords_item_details`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-INSERT INTO `__new_haex_passwords_item_key_values`("id", "item_id", "key", "value", "updated_at") SELECT "id", "item_id", "key", "value", "updated_at" FROM `haex_passwords_item_key_values`;--> statement-breakpoint
-DROP TABLE `haex_passwords_item_key_values`;--> statement-breakpoint
-ALTER TABLE `__new_haex_passwords_item_key_values` RENAME TO `haex_passwords_item_key_values`;--> statement-breakpoint
-PRAGMA foreign_keys=ON;--> statement-breakpoint
-CREATE TABLE `__new_haex_passwords_group_items` (
-	`group_id` text,
-	`item_id` text,
-	PRIMARY KEY(`item_id`, `group_id`),
-	FOREIGN KEY (`group_id`) REFERENCES `haex_passwords_groups`(`id`) ON UPDATE no action ON DELETE no action,
-	FOREIGN KEY (`item_id`) REFERENCES `haex_passwords_item_details`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-INSERT INTO `__new_haex_passwords_group_items`("group_id", "item_id") SELECT "group_id", "item_id" FROM `haex_passwords_group_items`;--> statement-breakpoint
-DROP TABLE `haex_passwords_group_items`;--> statement-breakpoint
-ALTER TABLE `__new_haex_passwords_group_items` RENAME TO `haex_passwords_group_items`;--> statement-breakpoint
-CREATE TABLE `__new_haex_passwords_item_history` (
-	`id` text PRIMARY KEY NOT NULL,
-	`item_id` text,
-	`changed_property` text,
-	`old_value` text,
-	`new_value` text,
-	`created_at` text DEFAULT (CURRENT_TIMESTAMP),
-	FOREIGN KEY (`item_id`) REFERENCES `haex_passwords_item_details`(`id`) ON UPDATE no action ON DELETE no action
-);
---> statement-breakpoint
-INSERT INTO `__new_haex_passwords_item_history`("id", "item_id", "changed_property", "old_value", "new_value", "created_at") SELECT "id", "item_id", "changed_property", "old_value", "new_value", "created_at" FROM `haex_passwords_item_history`;--> statement-breakpoint
-DROP TABLE `haex_passwords_item_history`;--> statement-breakpoint
-ALTER TABLE `__new_haex_passwords_item_history` RENAME TO `haex_passwords_item_history`;

src-tauri/database/migrations/0009_curved_selene.sql

@@ -1 +0,0 @@
-ALTER TABLE `haex_settings` ADD `type` text;

src-tauri/database/migrations/0010_deep_war_machine.sql

@@ -1,32 +0,0 @@
-CREATE TABLE `haex_crdt_logs` (
-	`hlc_timestamp` text PRIMARY KEY NOT NULL,
-	`table_name` text,
-	`row_pks` text,
-	`op_type` text,
-	`column_name` text,
-	`new_value` text,
-	`old_value` text
-);
---> statement-breakpoint
-CREATE TABLE `haex_crdt_settings` (
-	`type` text PRIMARY KEY NOT NULL,
-	`value` text
-);
---> statement-breakpoint
-CREATE TABLE `haex_crdt_snapshots` (
-	`snapshot_id` text PRIMARY KEY NOT NULL,
-	`created` text,
-	`epoch_hlc` text,
-	`location_url` text,
-	`file_size_bytes` integer
-);
---> statement-breakpoint
-ALTER TABLE `haex_extensions` ADD `haex_tombstone` integer;--> statement-breakpoint
-ALTER TABLE `haex_extensions_permissions` ADD `haex_tombstone` integer;--> statement-breakpoint
-ALTER TABLE `haex_notifications` ADD `haex_tombstone` integer;--> statement-breakpoint
-ALTER TABLE `haex_passwords_group_items` ADD `haex_tombstone` integer;--> statement-breakpoint
-ALTER TABLE `haex_passwords_groups` ADD `haex_tombstone` integer;--> statement-breakpoint
-ALTER TABLE `haex_passwords_item_details` ADD `haex_tombstone` integer;--> statement-breakpoint
-ALTER TABLE `haex_passwords_item_history` ADD `haex_tombstone` integer;--> statement-breakpoint
-ALTER TABLE `haex_passwords_item_key_values` ADD `haex_tombstone` integer;--> statement-breakpoint
-ALTER TABLE `haex_settings` ADD `haex_tombstone` integer;

src-tauri/database/migrations/meta/0000_snapshot.json

@@ -1,49 +1,21 @@
 {
   "version": "6",
   "dialect": "sqlite",
-  "id": "fc5a7c9d-4846-4120-a762-cc2ea00504b9",
+  "id": "e3d61ad1-63be-41be-9243-41144e215f98",
   "prevId": "00000000-0000-0000-0000-000000000000",
   "tables": {
-    "haex_extensions": {
+    "haex_crdt_configs": {
-      "name": "haex_extensions",
+      "name": "haex_crdt_configs",
       "columns": {
-        "id": {
+        "key": {
-          "name": "id",
+          "name": "key",
           "type": "text",
           "primaryKey": true,
           "notNull": true,
           "autoincrement": false
         },
-        "author": {
+        "value": {
-          "name": "author",
+          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
@@ -56,8 +28,235 @@
       "uniqueConstraints": {},
       "checkConstraints": {}
     },
-    "haex_extensions_permissions": {
+    "haex_crdt_logs": {
-      "name": "haex_extensions_permissions",
+      "name": "haex_crdt_logs",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "table_name": {
+          "name": "table_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "row_pks": {
+          "name": "row_pks",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "op_type": {
+          "name": "op_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "column_name": {
+          "name": "column_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "new_value": {
+          "name": "new_value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "old_value": {
+          "name": "old_value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "idx_haex_timestamp": {
+          "name": "idx_haex_timestamp",
+          "columns": [
+            "haex_timestamp"
+          ],
+          "isUnique": false
+        },
+        "idx_table_row": {
+          "name": "idx_table_row",
+          "columns": [
+            "table_name",
+            "row_pks"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "haex_crdt_snapshots": {
+      "name": "haex_crdt_snapshots",
+      "columns": {
+        "snapshot_id": {
+          "name": "snapshot_id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created": {
+          "name": "created",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "epoch_hlc": {
+          "name": "epoch_hlc",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "location_url": {
+          "name": "location_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "file_size_bytes": {
+          "name": "file_size_bytes",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "haex_desktop_items": {
+      "name": "haex_desktop_items",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "item_type": {
+          "name": "item_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "extension_id": {
+          "name": "extension_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "system_window_id": {
+          "name": "system_window_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "position_x": {
+          "name": "position_x",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "position_y": {
+          "name": "position_y",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "haex_desktop_items_workspace_id_haex_workspaces_id_fk": {
+          "name": "haex_desktop_items_workspace_id_haex_workspaces_id_fk",
+          "tableFrom": "haex_desktop_items",
+          "tableTo": "haex_workspaces",
+          "columnsFrom": [
+            "workspace_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "haex_desktop_items_extension_id_haex_extensions_id_fk": {
+          "name": "haex_desktop_items_extension_id_haex_extensions_id_fk",
+          "tableFrom": "haex_desktop_items",
+          "tableTo": "haex_extensions",
+          "columnsFrom": [
+            "extension_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "item_reference": {
+          "name": "item_reference",
+          "value": "(\"haex_desktop_items\".\"item_type\" = 'extension' AND \"haex_desktop_items\".\"extension_id\" IS NOT NULL AND \"haex_desktop_items\".\"system_window_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'system' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'file' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'folder' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL)"
+        }
+      }
+    },
+    "haex_extension_permissions": {
+      "name": "haex_extension_permissions",
       "columns": {
         "id": {
           "name": "id",
@@ -70,25 +269,62 @@
           "name": "extension_id",
           "type": "text",
           "primaryKey": false,
-          "notNull": false,
+          "notNull": true,
           "autoincrement": false
         },
-        "resource": {
+        "resource_type": {
-          "name": "resource",
+          "name": "resource_type",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "operation": {
+        "action": {
-          "name": "operation",
+          "name": "action",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "path": {
+        "target": {
-          "name": "path",
+          "name": "target",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "constraints": {
+          "name": "constraints",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'denied'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(CURRENT_TIMESTAMP)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
@@ -96,21 +332,21 @@
         }
       },
       "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
+        "haex_extension_permissions_extension_id_resource_type_action_target_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
+          "name": "haex_extension_permissions_extension_id_resource_type_action_target_unique",
           "columns": [
             "extension_id",
-            "resource",
+            "resource_type",
-            "operation",
+            "action",
-            "path"
+            "target"
           ],
           "isUnique": true
         }
       },
       "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
+        "haex_extension_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
+          "name": "haex_extension_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
+          "tableFrom": "haex_extension_permissions",
           "tableTo": "haex_extensions",
           "columnsFrom": [
             "extension_id"
@@ -118,7 +354,7 @@
           "columnsTo": [
             "id"
           ],
-          "onDelete": "no action",
+          "onDelete": "cascade",
           "onUpdate": "no action"
         }
       },
@@ -126,6 +362,206 @@
       "uniqueConstraints": {},
       "checkConstraints": {}
     },
+    "haex_extensions": {
+      "name": "haex_extensions",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "version": {
+          "name": "version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "author": {
+          "name": "author",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "entry": {
+          "name": "entry",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'index.html'"
+        },
+        "homepage": {
+          "name": "homepage",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": true
+        },
+        "icon": {
+          "name": "icon",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "signature": {
+          "name": "signature",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "single_instance": {
+          "name": "single_instance",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "haex_extensions_public_key_name_unique": {
+          "name": "haex_extensions_public_key_name_unique",
+          "columns": [
+            "public_key",
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "haex_notifications": {
+      "name": "haex_notifications",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "alt": {
+          "name": "alt",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "date": {
+          "name": "date",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "icon": {
+          "name": "icon",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "read": {
+          "name": "read",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "source": {
+          "name": "source",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "text": {
+          "name": "text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
     "haex_settings": {
       "name": "haex_settings",
       "columns": {
@@ -143,29 +579,100 @@
           "notNull": false,
           "autoincrement": false
         },
-        "value_text": {
+        "type": {
-          "name": "value_text",
+          "name": "type",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "value_json": {
+        "value": {
-          "name": "value_json",
+          "name": "value",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "value_number": {
+        "haex_timestamp": {
-          "name": "value_number",
+          "name": "haex_timestamp",
-          "type": "numeric",
+          "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         }
       },
-      "indexes": {},
+      "indexes": {
+        "haex_settings_key_type_value_unique": {
+          "name": "haex_settings_key_type_value_unique",
+          "columns": [
+            "key",
+            "type",
+            "value"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "haex_workspaces": {
+      "name": "haex_workspaces",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "device_id": {
+          "name": "device_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "position": {
+          "name": "position",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "background": {
+          "name": "background",
+          "type": "blob",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "haex_workspaces_position_unique": {
+          "name": "haex_workspaces_position_unique",
+          "columns": [
+            "position"
+          ],
+          "isUnique": true
+        }
+      },
       "foreignKeys": {},
       "compositePrimaryKeys": {},
       "uniqueConstraints": {},

src-tauri/database/migrations/meta/0001_snapshot.json

@@ -1,56 +1,21 @@
 {
   "version": "6",
   "dialect": "sqlite",
-  "id": "6fb5396b-9f87-4fb5-87a2-22d4eecaa11e",
+  "id": "10bec43a-4227-483e-b1c1-fd50ae32bb96",
-  "prevId": "fc5a7c9d-4846-4120-a762-cc2ea00504b9",
+  "prevId": "e3d61ad1-63be-41be-9243-41144e215f98",
   "tables": {
-    "haex_extensions": {
+    "haex_crdt_configs": {
-      "name": "haex_extensions",
+      "name": "haex_crdt_configs",
       "columns": {
-        "id": {
+        "key": {
-          "name": "id",
+          "name": "key",
           "type": "text",
           "primaryKey": true,
           "notNull": true,
           "autoincrement": false
         },
-        "author": {
+        "value": {
-          "name": "author",
+          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
@@ -63,8 +28,235 @@
       "uniqueConstraints": {},
       "checkConstraints": {}
     },
-    "haex_extensions_permissions": {
+    "haex_crdt_logs": {
-      "name": "haex_extensions_permissions",
+      "name": "haex_crdt_logs",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "table_name": {
+          "name": "table_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "row_pks": {
+          "name": "row_pks",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "op_type": {
+          "name": "op_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "column_name": {
+          "name": "column_name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "new_value": {
+          "name": "new_value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "old_value": {
+          "name": "old_value",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "idx_haex_timestamp": {
+          "name": "idx_haex_timestamp",
+          "columns": [
+            "haex_timestamp"
+          ],
+          "isUnique": false
+        },
+        "idx_table_row": {
+          "name": "idx_table_row",
+          "columns": [
+            "table_name",
+            "row_pks"
+          ],
+          "isUnique": false
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "haex_crdt_snapshots": {
+      "name": "haex_crdt_snapshots",
+      "columns": {
+        "snapshot_id": {
+          "name": "snapshot_id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "created": {
+          "name": "created",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "epoch_hlc": {
+          "name": "epoch_hlc",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "location_url": {
+          "name": "location_url",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "file_size_bytes": {
+          "name": "file_size_bytes",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "haex_desktop_items": {
+      "name": "haex_desktop_items",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "workspace_id": {
+          "name": "workspace_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "item_type": {
+          "name": "item_type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "extension_id": {
+          "name": "extension_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "system_window_id": {
+          "name": "system_window_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "position_x": {
+          "name": "position_x",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "position_y": {
+          "name": "position_y",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {
+        "haex_desktop_items_workspace_id_haex_workspaces_id_fk": {
+          "name": "haex_desktop_items_workspace_id_haex_workspaces_id_fk",
+          "tableFrom": "haex_desktop_items",
+          "tableTo": "haex_workspaces",
+          "columnsFrom": [
+            "workspace_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        },
+        "haex_desktop_items_extension_id_haex_extensions_id_fk": {
+          "name": "haex_desktop_items_extension_id_haex_extensions_id_fk",
+          "tableFrom": "haex_desktop_items",
+          "tableTo": "haex_extensions",
+          "columnsFrom": [
+            "extension_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
+        }
+      },
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {
+        "item_reference": {
+          "name": "item_reference",
+          "value": "(\"haex_desktop_items\".\"item_type\" = 'extension' AND \"haex_desktop_items\".\"extension_id\" IS NOT NULL AND \"haex_desktop_items\".\"system_window_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'system' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'file' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'folder' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL)"
+        }
+      }
+    },
+    "haex_extension_permissions": {
+      "name": "haex_extension_permissions",
       "columns": {
         "id": {
           "name": "id",
@@ -77,25 +269,62 @@
           "name": "extension_id",
           "type": "text",
           "primaryKey": false,
-          "notNull": false,
+          "notNull": true,
           "autoincrement": false
         },
-        "resource": {
+        "resource_type": {
-          "name": "resource",
+          "name": "resource_type",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "operation": {
+        "action": {
-          "name": "operation",
+          "name": "action",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "path": {
+        "target": {
-          "name": "path",
+          "name": "target",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "constraints": {
+          "name": "constraints",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "status": {
+          "name": "status",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": "'denied'"
+        },
+        "created_at": {
+          "name": "created_at",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "(CURRENT_TIMESTAMP)"
+        },
+        "updated_at": {
+          "name": "updated_at",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
@@ -103,21 +332,21 @@
         }
       },
       "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
+        "haex_extension_permissions_extension_id_resource_type_action_target_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
+          "name": "haex_extension_permissions_extension_id_resource_type_action_target_unique",
           "columns": [
             "extension_id",
-            "resource",
+            "resource_type",
-            "operation",
+            "action",
-            "path"
+            "target"
           ],
           "isUnique": true
         }
       },
       "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
+        "haex_extension_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
+          "name": "haex_extension_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
+          "tableFrom": "haex_extension_permissions",
           "tableTo": "haex_extensions",
           "columnsFrom": [
             "extension_id"
@@ -125,7 +354,7 @@
           "columnsTo": [
             "id"
           ],
-          "onDelete": "no action",
+          "onDelete": "cascade",
           "onUpdate": "no action"
         }
       },
@@ -133,6 +362,206 @@
       "uniqueConstraints": {},
       "checkConstraints": {}
     },
+    "haex_extensions": {
+      "name": "haex_extensions",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "public_key": {
+          "name": "public_key",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "version": {
+          "name": "version",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "author": {
+          "name": "author",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "description": {
+          "name": "description",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "entry": {
+          "name": "entry",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": "'index.html'"
+        },
+        "homepage": {
+          "name": "homepage",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "enabled": {
+          "name": "enabled",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": true
+        },
+        "icon": {
+          "name": "icon",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "signature": {
+          "name": "signature",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "single_instance": {
+          "name": "single_instance",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {
+        "haex_extensions_public_key_name_unique": {
+          "name": "haex_extensions_public_key_name_unique",
+          "columns": [
+            "public_key",
+            "name"
+          ],
+          "isUnique": true
+        }
+      },
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
+    "haex_notifications": {
+      "name": "haex_notifications",
+      "columns": {
+        "id": {
+          "name": "id",
+          "type": "text",
+          "primaryKey": true,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "alt": {
+          "name": "alt",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "date": {
+          "name": "date",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "icon": {
+          "name": "icon",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "image": {
+          "name": "image",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "read": {
+          "name": "read",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "source": {
+          "name": "source",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "text": {
+          "name": "text",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "title": {
+          "name": "title",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "type": {
+          "name": "type",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "haex_timestamp": {
+          "name": "haex_timestamp",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false
+        }
+      },
+      "indexes": {},
+      "foreignKeys": {},
+      "compositePrimaryKeys": {},
+      "uniqueConstraints": {},
+      "checkConstraints": {}
+    },
     "haex_settings": {
       "name": "haex_settings",
       "columns": {
@@ -150,36 +579,46 @@
           "notNull": false,
           "autoincrement": false
         },
-        "value_text": {
+        "type": {
-          "name": "value_text",
+          "name": "type",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "value_json": {
+        "value": {
-          "name": "value_json",
+          "name": "value",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "value_number": {
+        "haex_timestamp": {
-          "name": "value_number",
+          "name": "haex_timestamp",
-          "type": "numeric",
+          "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         }
       },
-      "indexes": {},
+      "indexes": {
+        "haex_settings_key_type_value_unique": {
+          "name": "haex_settings_key_type_value_unique",
+          "columns": [
+            "key",
+            "type",
+            "value"
+          ],
+          "isUnique": true
+        }
+      },
       "foreignKeys": {},
       "compositePrimaryKeys": {},
       "uniqueConstraints": {},
       "checkConstraints": {}
     },
-    "testTable": {
+    "haex_workspaces": {
-      "name": "testTable",
+      "name": "haex_workspaces",
       "columns": {
         "id": {
           "name": "id",
@@ -188,22 +627,52 @@
           "notNull": true,
           "autoincrement": false
         },
-        "author": {
+        "device_id": {
-          "name": "author",
+          "name": "device_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "name": {
+          "name": "name",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
+        "position": {
+          "name": "position",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false,
+          "default": 0
+        },
+        "background": {
+          "name": "background",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         },
-        "test": {
+        "haex_timestamp": {
-          "name": "test",
+          "name": "haex_timestamp",
           "type": "text",
           "primaryKey": false,
           "notNull": false,
           "autoincrement": false
         }
       },
-      "indexes": {},
+      "indexes": {
+        "haex_workspaces_position_unique": {
+          "name": "haex_workspaces_position_unique",
+          "columns": [
+            "position"
+          ],
+          "isUnique": true
+        }
+      },
       "foreignKeys": {},
       "compositePrimaryKeys": {},
       "uniqueConstraints": {},

src-tauri/database/migrations/meta/0002_snapshot.json

@@ -1,180 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "ea3507ca-77bc-4f3c-a605-8426614f5803",
-  "prevId": "6fb5396b-9f87-4fb5-87a2-22d4eecaa11e",
-  "tables": {
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {},
-    "columns": {
-      "\"haex_settings\".\"value_text\"": "\"haex_settings\".\"value\""
-    }
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/0003_snapshot.json

@@ -1,251 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "5f413421-18a5-4c1b-9c5b-99f574b10126",
-  "prevId": "ea3507ca-77bc-4f3c-a605-8426614f5803",
-  "tables": {
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_notofications": {
-      "name": "haex_notofications",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "text": {
-          "name": "text",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "read": {
-          "name": "read",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "date": {
-          "name": "date",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "image": {
-          "name": "image",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "alt": {
-          "name": "alt",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {},
-    "columns": {}
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/0004_snapshot.json

@@ -1,253 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "7aaac460-00b5-4387-bef9-b189297cefb3",
-  "prevId": "5f413421-18a5-4c1b-9c5b-99f574b10126",
-  "tables": {
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_notifications": {
-      "name": "haex_notifications",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "alt": {
-          "name": "alt",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "date": {
-          "name": "date",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "image": {
-          "name": "image",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "read": {
-          "name": "read",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "text": {
-          "name": "text",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {
-      "\"haex_notofications\"": "\"haex_notifications\""
-    },
-    "columns": {}
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/0005_snapshot.json

@@ -1,583 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "fd079acd-3b5f-4fb7-97e2-d6641620f393",
-  "prevId": "7aaac460-00b5-4387-bef9-b189297cefb3",
-  "tables": {
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_notifications": {
-      "name": "haex_notifications",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "alt": {
-          "name": "alt",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "date": {
-          "name": "date",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "image": {
-          "name": "image",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "read": {
-          "name": "read",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "source": {
-          "name": "source",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "text": {
-          "name": "text",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_group_items": {
-      "name": "haex_passwords_group_items",
-      "columns": {
-        "group_id": {
-          "name": "group_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "group_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        },
-        "haex_passwords_group_items_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_group_items_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {
-        "haex_passwords_group_items_item_id_group_id_pk": {
-          "columns": [
-            "item_id",
-            "group_id"
-          ],
-          "name": "haex_passwords_group_items_item_id_group_id_pk"
-        }
-      },
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_groups": {
-      "name": "haex_passwords_groups",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "order": {
-          "name": "order",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "color": {
-          "name": "color",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "parent_id": {
-          "name": "parent_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_groups",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "parent_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_history": {
-      "name": "haex_passwords_item_history",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "changed_property": {
-          "name": "changed_property",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "old_value": {
-          "name": "old_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "new_value": {
-          "name": "new_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_history_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_item_history_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_item_history",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_items": {
-      "name": "haex_passwords_items",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "username": {
-          "name": "username",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "password": {
-          "name": "password",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "note": {
-          "name": "note",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "tags": {
-          "name": "tags",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_items_key_values": {
-      "name": "haex_passwords_items_key_values",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_items_key_values_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_items_key_values_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_items_key_values",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {},
-    "columns": {}
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/0006_snapshot.json

@@ -1,620 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "76878f8b-9a30-4fd2-9a7b-d1a85874b1ab",
-  "prevId": "fd079acd-3b5f-4fb7-97e2-d6641620f393",
-  "tables": {
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_notifications": {
-      "name": "haex_notifications",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "alt": {
-          "name": "alt",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "date": {
-          "name": "date",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "image": {
-          "name": "image",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "read": {
-          "name": "read",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "source": {
-          "name": "source",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "text": {
-          "name": "text",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_group_items": {
-      "name": "haex_passwords_group_items",
-      "columns": {
-        "group_id": {
-          "name": "group_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "group_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        },
-        "haex_passwords_group_items_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_group_items_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {
-        "haex_passwords_group_items_item_id_group_id_pk": {
-          "columns": [
-            "item_id",
-            "group_id"
-          ],
-          "name": "haex_passwords_group_items_item_id_group_id_pk"
-        }
-      },
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_groups": {
-      "name": "haex_passwords_groups",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "order": {
-          "name": "order",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "color": {
-          "name": "color",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "parent_id": {
-          "name": "parent_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_groups",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "parent_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_history": {
-      "name": "haex_passwords_item_history",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "changed_property": {
-          "name": "changed_property",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "old_value": {
-          "name": "old_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "new_value": {
-          "name": "new_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_history_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_item_history_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_item_history",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_items": {
-      "name": "haex_passwords_items",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "username": {
-          "name": "username",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "password": {
-          "name": "password",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "note": {
-          "name": "note",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "tags": {
-          "name": "tags",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_items_key_values": {
-      "name": "haex_passwords_items_key_values",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_items_key_values_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_items_key_values_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_items_key_values",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {},
-    "columns": {}
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/0007_snapshot.json

@@ -1,627 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "47f309cf-dabd-4f19-b87a-ed73d0e97781",
-  "prevId": "76878f8b-9a30-4fd2-9a7b-d1a85874b1ab",
-  "tables": {
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_notifications": {
-      "name": "haex_notifications",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "alt": {
-          "name": "alt",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "date": {
-          "name": "date",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "image": {
-          "name": "image",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "read": {
-          "name": "read",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "source": {
-          "name": "source",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "text": {
-          "name": "text",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_group_items": {
-      "name": "haex_passwords_group_items",
-      "columns": {
-        "group_id": {
-          "name": "group_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "group_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        },
-        "haex_passwords_group_items_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_group_items_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {
-        "haex_passwords_group_items_item_id_group_id_pk": {
-          "columns": [
-            "item_id",
-            "group_id"
-          ],
-          "name": "haex_passwords_group_items_item_id_group_id_pk"
-        }
-      },
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_groups": {
-      "name": "haex_passwords_groups",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "description": {
-          "name": "description",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "order": {
-          "name": "order",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "color": {
-          "name": "color",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "parent_id": {
-          "name": "parent_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_groups",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "parent_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_history": {
-      "name": "haex_passwords_item_history",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "changed_property": {
-          "name": "changed_property",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "old_value": {
-          "name": "old_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "new_value": {
-          "name": "new_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_history_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_item_history_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_item_history",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_items": {
-      "name": "haex_passwords_items",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "username": {
-          "name": "username",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "password": {
-          "name": "password",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "note": {
-          "name": "note",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "tags": {
-          "name": "tags",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_items_key_values": {
-      "name": "haex_passwords_items_key_values",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_items_key_values_item_id_haex_passwords_items_id_fk": {
-          "name": "haex_passwords_items_key_values_item_id_haex_passwords_items_id_fk",
-          "tableFrom": "haex_passwords_items_key_values",
-          "tableTo": "haex_passwords_items",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {},
-    "columns": {}
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/0008_snapshot.json

@@ -1,630 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "c4edecb8-6aef-49e2-8498-0c4b74653c75",
-  "prevId": "47f309cf-dabd-4f19-b87a-ed73d0e97781",
-  "tables": {
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_notifications": {
-      "name": "haex_notifications",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "alt": {
-          "name": "alt",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "date": {
-          "name": "date",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "image": {
-          "name": "image",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "read": {
-          "name": "read",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "source": {
-          "name": "source",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "text": {
-          "name": "text",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_group_items": {
-      "name": "haex_passwords_group_items",
-      "columns": {
-        "group_id": {
-          "name": "group_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "group_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        },
-        "haex_passwords_group_items_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_group_items_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {
-        "haex_passwords_group_items_item_id_group_id_pk": {
-          "columns": [
-            "item_id",
-            "group_id"
-          ],
-          "name": "haex_passwords_group_items_item_id_group_id_pk"
-        }
-      },
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_groups": {
-      "name": "haex_passwords_groups",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "description": {
-          "name": "description",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "order": {
-          "name": "order",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "color": {
-          "name": "color",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "parent_id": {
-          "name": "parent_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_groups",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "parent_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_details": {
-      "name": "haex_passwords_item_details",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "username": {
-          "name": "username",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "password": {
-          "name": "password",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "note": {
-          "name": "note",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "tags": {
-          "name": "tags",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_history": {
-      "name": "haex_passwords_item_history",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "changed_property": {
-          "name": "changed_property",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "old_value": {
-          "name": "old_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "new_value": {
-          "name": "new_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_history_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_item_history_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_item_history",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_key_values": {
-      "name": "haex_passwords_item_key_values",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_key_values_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_item_key_values_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_item_key_values",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {
-      "\"haex_passwords_items\"": "\"haex_passwords_item_details\"",
-      "\"haex_passwords_items_key_values\"": "\"haex_passwords_item_key_values\""
-    },
-    "columns": {}
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/0009_snapshot.json

@@ -1,634 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "c3a688c3-9537-4aa8-be95-a8f55546caf1",
-  "prevId": "c4edecb8-6aef-49e2-8498-0c4b74653c75",
-  "tables": {
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_notifications": {
-      "name": "haex_notifications",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "alt": {
-          "name": "alt",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "date": {
-          "name": "date",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "image": {
-          "name": "image",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "read": {
-          "name": "read",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "source": {
-          "name": "source",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "text": {
-          "name": "text",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_group_items": {
-      "name": "haex_passwords_group_items",
-      "columns": {
-        "group_id": {
-          "name": "group_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "group_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        },
-        "haex_passwords_group_items_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_group_items_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {
-        "haex_passwords_group_items_item_id_group_id_pk": {
-          "columns": [
-            "item_id",
-            "group_id"
-          ],
-          "name": "haex_passwords_group_items_item_id_group_id_pk"
-        }
-      },
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_groups": {
-      "name": "haex_passwords_groups",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "description": {
-          "name": "description",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "order": {
-          "name": "order",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "color": {
-          "name": "color",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "parent_id": {
-          "name": "parent_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_groups",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "parent_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_details": {
-      "name": "haex_passwords_item_details",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "username": {
-          "name": "username",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "password": {
-          "name": "password",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "note": {
-          "name": "note",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "tags": {
-          "name": "tags",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_history": {
-      "name": "haex_passwords_item_history",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "changed_property": {
-          "name": "changed_property",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "old_value": {
-          "name": "old_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "new_value": {
-          "name": "new_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_history_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_item_history_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_item_history",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_key_values": {
-      "name": "haex_passwords_item_key_values",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_key_values_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_item_key_values_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_item_key_values",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {},
-    "columns": {}
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/0010_snapshot.json

@@ -1,825 +0,0 @@
-{
-  "version": "6",
-  "dialect": "sqlite",
-  "id": "288d577f-f9c8-44e8-964e-da1fa062aff9",
-  "prevId": "c3a688c3-9537-4aa8-be95-a8f55546caf1",
-  "tables": {
-    "haex_crdt_logs": {
-      "name": "haex_crdt_logs",
-      "columns": {
-        "hlc_timestamp": {
-          "name": "hlc_timestamp",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "table_name": {
-          "name": "table_name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "row_pks": {
-          "name": "row_pks",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "op_type": {
-          "name": "op_type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "column_name": {
-          "name": "column_name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "new_value": {
-          "name": "new_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "old_value": {
-          "name": "old_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_crdt_settings": {
-      "name": "haex_crdt_settings",
-      "columns": {
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_crdt_snapshots": {
-      "name": "haex_crdt_snapshots",
-      "columns": {
-        "snapshot_id": {
-          "name": "snapshot_id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "created": {
-          "name": "created",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "epoch_hlc": {
-          "name": "epoch_hlc",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "location_url": {
-          "name": "location_url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "file_size_bytes": {
-          "name": "file_size_bytes",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions": {
-      "name": "haex_extensions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "author": {
-          "name": "author",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "enabled": {
-          "name": "enabled",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "version": {
-          "name": "version",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_extensions_permissions": {
-      "name": "haex_extensions_permissions",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "extension_id": {
-          "name": "extension_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "resource": {
-          "name": "resource",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "operation": {
-          "name": "operation",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "path": {
-          "name": "path",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {
-        "haex_extensions_permissions_extension_id_resource_operation_path_unique": {
-          "name": "haex_extensions_permissions_extension_id_resource_operation_path_unique",
-          "columns": [
-            "extension_id",
-            "resource",
-            "operation",
-            "path"
-          ],
-          "isUnique": true
-        }
-      },
-      "foreignKeys": {
-        "haex_extensions_permissions_extension_id_haex_extensions_id_fk": {
-          "name": "haex_extensions_permissions_extension_id_haex_extensions_id_fk",
-          "tableFrom": "haex_extensions_permissions",
-          "tableTo": "haex_extensions",
-          "columnsFrom": [
-            "extension_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_notifications": {
-      "name": "haex_notifications",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "alt": {
-          "name": "alt",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "date": {
-          "name": "date",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "image": {
-          "name": "image",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "read": {
-          "name": "read",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "source": {
-          "name": "source",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "text": {
-          "name": "text",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_group_items": {
-      "name": "haex_passwords_group_items",
-      "columns": {
-        "group_id": {
-          "name": "group_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_group_items_group_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "group_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        },
-        "haex_passwords_group_items_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_group_items_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_group_items",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {
-        "haex_passwords_group_items_item_id_group_id_pk": {
-          "columns": [
-            "item_id",
-            "group_id"
-          ],
-          "name": "haex_passwords_group_items_item_id_group_id_pk"
-        }
-      },
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_groups": {
-      "name": "haex_passwords_groups",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "name": {
-          "name": "name",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "description": {
-          "name": "description",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "order": {
-          "name": "order",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "color": {
-          "name": "color",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "parent_id": {
-          "name": "parent_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk": {
-          "name": "haex_passwords_groups_parent_id_haex_passwords_groups_id_fk",
-          "tableFrom": "haex_passwords_groups",
-          "tableTo": "haex_passwords_groups",
-          "columnsFrom": [
-            "parent_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_details": {
-      "name": "haex_passwords_item_details",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "title": {
-          "name": "title",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "username": {
-          "name": "username",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "password": {
-          "name": "password",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "note": {
-          "name": "note",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "icon": {
-          "name": "icon",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "tags": {
-          "name": "tags",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "url": {
-          "name": "url",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_history": {
-      "name": "haex_passwords_item_history",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "changed_property": {
-          "name": "changed_property",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "old_value": {
-          "name": "old_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "new_value": {
-          "name": "new_value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "created_at": {
-          "name": "created_at",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false,
-          "default": "(CURRENT_TIMESTAMP)"
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_history_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_item_history_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_item_history",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_passwords_item_key_values": {
-      "name": "haex_passwords_item_key_values",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "item_id": {
-          "name": "item_id",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "updated_at": {
-          "name": "updated_at",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {
-        "haex_passwords_item_key_values_item_id_haex_passwords_item_details_id_fk": {
-          "name": "haex_passwords_item_key_values_item_id_haex_passwords_item_details_id_fk",
-          "tableFrom": "haex_passwords_item_key_values",
-          "tableTo": "haex_passwords_item_details",
-          "columnsFrom": [
-            "item_id"
-          ],
-          "columnsTo": [
-            "id"
-          ],
-          "onDelete": "no action",
-          "onUpdate": "no action"
-        }
-      },
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    },
-    "haex_settings": {
-      "name": "haex_settings",
-      "columns": {
-        "id": {
-          "name": "id",
-          "type": "text",
-          "primaryKey": true,
-          "notNull": true,
-          "autoincrement": false
-        },
-        "key": {
-          "name": "key",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "type": {
-          "name": "type",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "value": {
-          "name": "value",
-          "type": "text",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        },
-        "haex_tombstone": {
-          "name": "haex_tombstone",
-          "type": "integer",
-          "primaryKey": false,
-          "notNull": false,
-          "autoincrement": false
-        }
-      },
-      "indexes": {},
-      "foreignKeys": {},
-      "compositePrimaryKeys": {},
-      "uniqueConstraints": {},
-      "checkConstraints": {}
-    }
-  },
-  "views": {},
-  "enums": {},
-  "_meta": {
-    "schemas": {},
-    "tables": {},
-    "columns": {}
-  },
-  "internal": {
-    "indexes": {}
-  }
-}

src-tauri/database/migrations/meta/_journal.json

@@ -5,78 +5,15 @@
     {
       "idx": 0,
       "version": "6",
-      "when": 1742903332283,
+      "when": 1762119713008,
-      "tag": "0000_zippy_scourge",
+      "tag": "0000_cynical_nicolaos",
       "breakpoints": true
     },
     {
       "idx": 1,
       "version": "6",
-      "when": 1746281577722,
+      "when": 1762122405562,
-      "tag": "0001_wealthy_thaddeus_ross",
+      "tag": "0001_furry_brother_voodoo",
-      "breakpoints": true
-    },
-    {
-      "idx": 2,
-      "version": "6",
-      "when": 1747583956679,
-      "tag": "0002_married_bushwacker",
-      "breakpoints": true
-    },
-    {
-      "idx": 3,
-      "version": "6",
-      "when": 1748873820060,
-      "tag": "0003_familiar_doctor_faustus",
-      "breakpoints": true
-    },
-    {
-      "idx": 4,
-      "version": "6",
-      "when": 1748982377354,
-      "tag": "0004_wooden_lockheed",
-      "breakpoints": true
-    },
-    {
-      "idx": 5,
-      "version": "6",
-      "when": 1749073296353,
-      "tag": "0005_wooden_nuke",
-      "breakpoints": true
-    },
-    {
-      "idx": 6,
-      "version": "6",
-      "when": 1749128243104,
-      "tag": "0006_complete_martin_li",
-      "breakpoints": true
-    },
-    {
-      "idx": 7,
-      "version": "6",
-      "when": 1749244165094,
-      "tag": "0007_daffy_tusk",
-      "breakpoints": true
-    },
-    {
-      "idx": 8,
-      "version": "6",
-      "when": 1749727958231,
-      "tag": "0008_faulty_mercury",
-      "breakpoints": true
-    },
-    {
-      "idx": 9,
-      "version": "6",
-      "when": 1750158916787,
-      "tag": "0009_curved_selene",
-      "breakpoints": true
-    },
-    {
-      "idx": 10,
-      "version": "6",
-      "when": 1756377828646,
-      "tag": "0010_deep_war_machine",
       "breakpoints": true
     }
   ]

src-tauri/database/schemas/crdt.ts

@@ -1,26 +0,0 @@
-import { integer, sqliteTable, text } from 'drizzle-orm/sqlite-core'
-
-export const haexCrdtLogs = sqliteTable('haex_crdt_logs', {
-  hlc_timestamp: text().primaryKey(),
-  table_name: text(),
-  row_pks: text({ mode: 'json' }),
-  op_type: text({ enum: ['INSERT', 'UPDATE', 'DELETE'] }),
-  column_name: text(),
-  new_value: text({ mode: 'json' }),
-  old_value: text({ mode: 'json' }),
-})
-export type InsertHaexCrdtLogs = typeof haexCrdtLogs.$inferInsert
-export type SelectHaexCrdtLogs = typeof haexCrdtLogs.$inferSelect
-
-export const haexCrdtSnapshots = sqliteTable('haex_crdt_snapshots', {
-  snapshot_id: text().primaryKey(),
-  created: text(),
-  epoch_hlc: text(),
-  location_url: text(),
-  file_size_bytes: integer(),
-})
-
-export const haexCrdtSettings = sqliteTable('haex_crdt_settings', {
-  type: text().primaryKey(),
-  value: text(),
-})

src-tauri/database/schemas/vault.ts

@@ -1,175 +0,0 @@
-import { sql } from 'drizzle-orm'
-import {
-  integer,
-  primaryKey,
-  sqliteTable,
-  text,
-  unique,
-  type AnySQLiteColumn,
-} from 'drizzle-orm/sqlite-core'
-
-export const haexSettings = sqliteTable('haex_settings', {
-  id: text().primaryKey(),
-  key: text(),
-  type: text(),
-  value: text(),
-  haex_tombstone: integer({ mode: 'boolean' }),
-})
-export type InsertHaexSettings = typeof haexSettings.$inferInsert
-export type SelectHaexSettings = typeof haexSettings.$inferSelect
-
-export const haexExtensions = sqliteTable('haex_extensions', {
-  id: text().primaryKey(),
-  author: text(),
-  enabled: integer({ mode: 'boolean' }),
-  icon: text(),
-  name: text(),
-  url: text(),
-  version: text(),
-  haex_tombstone: integer({ mode: 'boolean' }),
-})
-export type InsertHaexExtensions = typeof haexExtensions.$inferInsert
-export type SelectHaexExtensions = typeof haexExtensions.$inferSelect
-
-export const haexExtensionsPermissions = sqliteTable(
-  'haex_extensions_permissions',
-  {
-    id: text().primaryKey(),
-    extensionId: text('extension_id').references(
-      (): AnySQLiteColumn => haexExtensions.id,
-    ),
-    resource: text({ enum: ['fs', 'http', 'db', 'shell'] }),
-    operation: text({ enum: ['read', 'write', 'create'] }),
-    path: text(),
-    createdAt: text('created_at').default(sql`(CURRENT_TIMESTAMP)`),
-    updateAt: integer('updated_at', { mode: 'timestamp' }).$onUpdate(
-      () => new Date(),
-    ),
-    haex_tombstone: integer({ mode: 'boolean' }),
-  },
-  (table) => [
-    unique().on(table.extensionId, table.resource, table.operation, table.path),
-  ],
-)
-export type InsertHaexExtensionsPermissions =
-  typeof haexExtensionsPermissions.$inferInsert
-export type SelectHaexExtensionsPermissions =
-  typeof haexExtensionsPermissions.$inferSelect
-
-export const haexNotifications = sqliteTable('haex_notifications', {
-  id: text().primaryKey(),
-  alt: text(),
-  date: text(),
-  icon: text(),
-  image: text(),
-  read: integer({ mode: 'boolean' }),
-  source: text(),
-  text: text(),
-  title: text(),
-  type: text({
-    enum: ['error', 'success', 'warning', 'info', 'log'],
-  }).notNull(),
-  haex_tombstone: integer({ mode: 'boolean' }),
-})
-export type InsertHaexNotifications = typeof haexNotifications.$inferInsert
-export type SelectHaexNotifications = typeof haexNotifications.$inferSelect
-
-export const haexPasswordsItemDetails = sqliteTable(
-  'haex_passwords_item_details',
-  {
-    id: text().primaryKey(),
-    title: text(),
-    username: text(),
-    password: text(),
-    note: text(),
-    icon: text(),
-    tags: text(),
-    url: text(),
-    createdAt: text('created_at').default(sql`(CURRENT_TIMESTAMP)`),
-    updateAt: integer('updated_at', { mode: 'timestamp' }).$onUpdate(
-      () => new Date(),
-    ),
-    haex_tombstone: integer({ mode: 'boolean' }),
-  },
-)
-export type InsertHaexPasswordsItemDetails =
-  typeof haexPasswordsItemDetails.$inferInsert
-export type SelectHaexPasswordsItemDetails =
-  typeof haexPasswordsItemDetails.$inferSelect
-
-export const haexPasswordsItemKeyValues = sqliteTable(
-  'haex_passwords_item_key_values',
-  {
-    id: text().primaryKey(),
-    itemId: text('item_id').references(
-      (): AnySQLiteColumn => haexPasswordsItemDetails.id,
-    ),
-    key: text(),
-    value: text(),
-    updateAt: integer('updated_at', { mode: 'timestamp' }).$onUpdate(
-      () => new Date(),
-    ),
-    haex_tombstone: integer({ mode: 'boolean' }),
-  },
-)
-export type InserthaexPasswordsItemKeyValues =
-  typeof haexPasswordsItemKeyValues.$inferInsert
-export type SelectHaexPasswordsItemKeyValues =
-  typeof haexPasswordsItemKeyValues.$inferSelect
-
-export const haexPasswordsItemHistory = sqliteTable(
-  'haex_passwords_item_history',
-  {
-    id: text().primaryKey(),
-    itemId: text('item_id').references(
-      (): AnySQLiteColumn => haexPasswordsItemDetails.id,
-    ),
-    changedProperty:
-      text('changed_property').$type<keyof typeof haexPasswordsItemDetails>(),
-    oldValue: text('old_value'),
-    newValue: text('new_value'),
-    createdAt: text('created_at').default(sql`(CURRENT_TIMESTAMP)`),
-    haex_tombstone: integer({ mode: 'boolean' }),
-  },
-)
-export type InserthaexPasswordsItemHistory =
-  typeof haexPasswordsItemHistory.$inferInsert
-export type SelectHaexPasswordsItemHistory =
-  typeof haexPasswordsItemHistory.$inferSelect
-
-export const haexPasswordsGroups = sqliteTable('haex_passwords_groups', {
-  id: text().primaryKey(),
-  name: text(),
-  description: text(),
-  icon: text(),
-  order: integer(),
-  color: text(),
-  parentId: text('parent_id').references(
-    (): AnySQLiteColumn => haexPasswordsGroups.id,
-  ),
-  createdAt: text('created_at').default(sql`(CURRENT_TIMESTAMP)`),
-  updateAt: integer('updated_at', { mode: 'timestamp' }).$onUpdate(
-    () => new Date(),
-  ),
-  haex_tombstone: integer({ mode: 'boolean' }),
-})
-export type InsertHaexPasswordsGroups = typeof haexPasswordsGroups.$inferInsert
-export type SelectHaexPasswordsGroups = typeof haexPasswordsGroups.$inferSelect
-
-export const haexPasswordsGroupItems = sqliteTable(
-  'haex_passwords_group_items',
-  {
-    groupId: text('group_id').references(
-      (): AnySQLiteColumn => haexPasswordsGroups.id,
-    ),
-    itemId: text('item_id').references(
-      (): AnySQLiteColumn => haexPasswordsItemDetails.id,
-    ),
-    haex_tombstone: integer({ mode: 'boolean' }),
-  },
-  (table) => [primaryKey({ columns: [table.itemId, table.groupId] })],
-)
-export type InsertHaexPasswordsGroupItems =
-  typeof haexPasswordsGroupItems.$inferInsert
-export type SelectHaexPasswordsGroupItems =
-  typeof haexPasswordsGroupItems.$inferSelect

src-tauri/gen/android/app/build.gradle.kts

@@ -24,6 +24,23 @@ android {
         versionCode = tauriProperties.getProperty("tauri.android.versionCode", "1").toInt()
         versionName = tauriProperties.getProperty("tauri.android.versionName", "1.0")
     }
+
+    signingConfigs {
+        create("release") {
+            val keystorePath = System.getenv("ANDROID_KEYSTORE_PATH")
+            val keystorePassword = System.getenv("ANDROID_KEYSTORE_PASSWORD")
+            val keyAlias = System.getenv("ANDROID_KEY_ALIAS")
+            val keyPassword = System.getenv("ANDROID_KEY_PASSWORD")
+
+            if (keystorePath != null && keystorePassword != null && keyAlias != null && keyPassword != null) {
+                storeFile = file(keystorePath)
+                storePassword = keystorePassword
+                this.keyAlias = keyAlias
+                this.keyPassword = keyPassword
+            }
+        }
+    }
+
     buildTypes {
         getByName("debug") {
             manifestPlaceholders["usesCleartextTraffic"] = "true"
@@ -43,6 +60,12 @@ android {
                     .plus(getDefaultProguardFile("proguard-android-optimize.txt"))
                     .toList().toTypedArray()
             )
+
+            // Sign with release config if available
+            val releaseSigningConfig = signingConfigs.getByName("release")
+            if (releaseSigningConfig.storeFile != null) {
+                signingConfig = releaseSigningConfig
+            }
         }
     }
     kotlinOptions {

src-tauri/gen/schemas/capabilities.json

@@ -1 +1 @@
-{"default":{"identifier":"default","description":"Capability for the main window","local":true,"windows":["main"],"permissions":["core:default","core:webview:allow-create-webview-window","core:webview:allow-create-webview","core:webview:allow-webview-show","core:webview:default","core:window:allow-create","core:window:allow-get-all-windows","core:window:allow-show","core:window:default","dialog:default","fs:allow-appconfig-read-recursive","fs:allow-appconfig-write-recursive","fs:allow-appdata-read-recursive","fs:allow-appdata-write-recursive","fs:allow-read-file","fs:allow-read-dir","fs:allow-resource-read-recursive","fs:allow-resource-write-recursive","fs:allow-download-read-recursive","fs:allow-download-write-recursive","fs:default","android-fs:default",{"identifier":"fs:scope","allow":[{"path":"**"}]},"http:allow-fetch-send","http:allow-fetch","http:default","notification:allow-create-channel","notification:allow-list-channels","notification:allow-notify","notification:default","opener:allow-open-url","opener:default","os:allow-hostname","os:default","store:default"]}}
+{"default":{"identifier":"default","description":"Capability for the main window","local":true,"windows":["main"],"permissions":["core:default","core:webview:allow-create-webview-window","core:webview:allow-create-webview","core:webview:allow-webview-show","core:webview:default","core:window:allow-create","core:window:allow-get-all-windows","core:window:allow-show","core:window:default","dialog:default","fs:allow-appconfig-read-recursive","fs:allow-appconfig-write-recursive","fs:allow-appdata-read-recursive","fs:allow-appdata-write-recursive","fs:allow-applocaldata-read-recursive","fs:allow-applocaldata-write-recursive","fs:allow-read-file","fs:allow-write-file","fs:allow-read-dir","fs:allow-mkdir","fs:allow-exists","fs:allow-remove","fs:allow-resource-read-recursive","fs:allow-resource-write-recursive","fs:allow-download-read-recursive","fs:allow-download-write-recursive","fs:default",{"identifier":"fs:scope","allow":[{"path":"**"}]},"http:allow-fetch-send","http:allow-fetch","http:default","notification:allow-create-channel","notification:allow-list-channels","notification:allow-notify","notification:allow-is-permission-granted","notification:default","opener:allow-open-url","opener:default","os:allow-hostname","os:default","store:default"]}}

src-tauri/gen/schemas/desktop-schema.json

@@ -1400,10 +1400,10 @@
                         "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
                       },
                       {
-                        "description": "An empty permission you can use to modify the global scope.",
+                        "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
                         "type": "string",
                         "const": "fs:scope",
-                        "markdownDescription": "An empty permission you can use to modify the global scope."
+                        "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
                       },
                       {
                         "description": "This scope permits access to all files and list content of top level directories in the application folders.",
@@ -2270,12 +2270,6 @@
     "Identifier": {
       "description": "Permission identifier",
       "oneOf": [
-        {
-          "description": "Default permissions for the plugin",
-          "type": "string",
-          "const": "android-fs:default",
-          "markdownDescription": "Default permissions for the plugin"
-        },
         {
           "description": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`",
           "type": "string",
@@ -2283,10 +2277,10 @@
           "markdownDescription": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`"
         },
         {
-          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`",
+          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`",
           "type": "string",
           "const": "core:app:default",
-          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`"
+          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`"
         },
         {
           "description": "Enables the app_hide command without any pre-configured scope.",
@@ -2330,12 +2324,24 @@
           "const": "core:app:allow-name",
           "markdownDescription": "Enables the name command without any pre-configured scope."
         },
+        {
+          "description": "Enables the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-register-listener",
+          "markdownDescription": "Enables the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:allow-remove-data-store",
           "markdownDescription": "Enables the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Enables the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-remove-listener",
+          "markdownDescription": "Enables the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -2402,12 +2408,24 @@
           "const": "core:app:deny-name",
           "markdownDescription": "Denies the name command without any pre-configured scope."
         },
+        {
+          "description": "Denies the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-register-listener",
+          "markdownDescription": "Denies the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:deny-remove-data-store",
           "markdownDescription": "Denies the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Denies the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-remove-listener",
+          "markdownDescription": "Denies the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -5547,10 +5565,10 @@
           "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
         },
         {
-          "description": "An empty permission you can use to modify the global scope.",
+          "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
           "type": "string",
           "const": "fs:scope",
-          "markdownDescription": "An empty permission you can use to modify the global scope."
+          "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
         },
         {
           "description": "This scope permits access to all files and list content of top level directories in the application folders.",

src-tauri/gen/schemas/linux-schema.json

@@ -1400,10 +1400,10 @@
                         "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
                       },
                       {
-                        "description": "An empty permission you can use to modify the global scope.",
+                        "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
                         "type": "string",
                         "const": "fs:scope",
-                        "markdownDescription": "An empty permission you can use to modify the global scope."
+                        "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
                       },
                       {
                         "description": "This scope permits access to all files and list content of top level directories in the application folders.",
@@ -2270,12 +2270,6 @@
     "Identifier": {
       "description": "Permission identifier",
       "oneOf": [
-        {
-          "description": "Default permissions for the plugin",
-          "type": "string",
-          "const": "android-fs:default",
-          "markdownDescription": "Default permissions for the plugin"
-        },
         {
           "description": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`",
           "type": "string",
@@ -2283,10 +2277,10 @@
           "markdownDescription": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`"
         },
         {
-          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`",
+          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`",
           "type": "string",
           "const": "core:app:default",
-          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`"
+          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`"
         },
         {
           "description": "Enables the app_hide command without any pre-configured scope.",
@@ -2330,12 +2324,24 @@
           "const": "core:app:allow-name",
           "markdownDescription": "Enables the name command without any pre-configured scope."
         },
+        {
+          "description": "Enables the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-register-listener",
+          "markdownDescription": "Enables the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:allow-remove-data-store",
           "markdownDescription": "Enables the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Enables the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-remove-listener",
+          "markdownDescription": "Enables the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -2402,12 +2408,24 @@
           "const": "core:app:deny-name",
           "markdownDescription": "Denies the name command without any pre-configured scope."
         },
+        {
+          "description": "Denies the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-register-listener",
+          "markdownDescription": "Denies the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:deny-remove-data-store",
           "markdownDescription": "Denies the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Denies the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-remove-listener",
+          "markdownDescription": "Denies the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -5547,10 +5565,10 @@
           "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
         },
         {
-          "description": "An empty permission you can use to modify the global scope.",
+          "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
           "type": "string",
           "const": "fs:scope",
-          "markdownDescription": "An empty permission you can use to modify the global scope."
+          "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
         },
         {
           "description": "This scope permits access to all files and list content of top level directories in the application folders.",

src-tauri/generator/mod.rs

@@ -0,0 +1,3 @@
+// build/mod.rs
+pub mod rust_types;
+pub mod table_names;

src-tauri/generator/rust_types.rs

@@ -0,0 +1,24 @@
+// src-tauri/src/build/rust_types.rs
+use std::fs;
+use std::path::Path;
+
+pub fn generate_rust_types() {
+    // Prüfe ob die generierte Datei vom TypeScript-Script existiert
+    let generated_path = Path::new("src/database/generated.rs");
+
+    if !generated_path.exists() {
+        eprintln!("⚠️  Warning: src/database/generated.rs not found!");
+        eprintln!("   Run 'pnpm generate:rust-types' first.");
+
+        // Erstelle eine leere Datei als Fallback
+        fs::write(
+            generated_path,
+            "// Run 'pnpm generate:rust-types' to generate this file\n",
+        )
+        .ok();
+    }
+
+    println!("cargo:rerun-if-changed=src/database/generated.rs");
+    println!("cargo:rerun-if-changed=src/database/schemas/crdt.ts");
+    println!("cargo:rerun-if-changed=src/database/schemas/haex.ts");
+}

src-tauri/generator/table_names.rs

@@ -0,0 +1,117 @@
+// src-tarui/src/build/table_names.rs
+use serde::Deserialize;
+use serde_json::Value;
+use std::collections::HashMap;
+use std::env;
+use std::fs::File;
+use std::io::{BufReader, Write};
+use std::path::Path;
+
+#[derive(Debug, Deserialize)]
+struct Schema {
+    haex: HashMap<String, Value>,
+}
+
+#[derive(Debug, Deserialize)]
+struct TableDefinition {
+    name: String,
+    columns: HashMap<String, String>,
+}
+
+pub fn generate_table_names() {
+    let out_dir = env::var("OUT_DIR").expect("OUT_DIR ist nicht gesetzt.");
+    println!("Generiere Tabellennamen nach {out_dir}");
+    let schema_path = Path::new("../src/database/tableNames.json");
+    let dest_path = Path::new(&out_dir).join("tableNames.rs");
+
+    let file = File::open(schema_path).expect("Konnte tableNames.json nicht öffnen");
+    let reader = BufReader::new(file);
+    let schema: Schema =
+        serde_json::from_reader(reader).expect("Konnte tableNames.json nicht parsen");
+
+    let mut code = String::from(
+        r#"
+// ==================================================================
+// HINWEIS: Diese Datei wurde automatisch von build.rs generiert.
+// Manuelle Änderungen werden bei der nächsten Kompilierung überschrieben!
+// ==================================================================
+
+"#,
+    );
+
+    // Dynamisch über alle Einträge in haex iterieren
+    for (key, value) in &schema.haex {
+        // Spezialbehandlung für nested structures wie "crdt"
+        if key == "crdt" {
+            if let Some(crdt_obj) = value.as_object() {
+                for (crdt_key, crdt_value) in crdt_obj {
+                    if let Ok(table) = serde_json::from_value::<TableDefinition>(crdt_value.clone())
+                    {
+                        let const_prefix = format!("CRDT_{}", to_screaming_snake_case(crdt_key));
+                        code.push_str(&generate_table_constants(&table, &const_prefix));
+                    }
+                }
+            }
+        } else {
+            // Normale Tabelle (settings, extensions, notifications, workspaces, desktop_items, etc.)
+            if let Ok(table) = serde_json::from_value::<TableDefinition>(value.clone()) {
+                let const_prefix = to_screaming_snake_case(key);
+                code.push_str(&generate_table_constants(&table, &const_prefix));
+            }
+        }
+    }
+
+    // --- Datei schreiben ---
+    let mut f = File::create(&dest_path).expect("Konnte Zieldatei nicht erstellen");
+    f.write_all(code.as_bytes())
+        .expect("Konnte nicht in Zieldatei schreiben");
+
+    println!("cargo:rerun-if-changed=../src/database/tableNames.json");
+}
+
+/// Konvertiert einen String zu SCREAMING_SNAKE_CASE
+fn to_screaming_snake_case(s: &str) -> String {
+    let mut result = String::new();
+    let mut prev_is_lower = false;
+
+    for (i, ch) in s.chars().enumerate() {
+        if ch == '_' {
+            result.push('_');
+            prev_is_lower = false;
+        } else if ch.is_uppercase() {
+            if i > 0 && prev_is_lower {
+                result.push('_');
+            }
+            result.push(ch);
+            prev_is_lower = false;
+        } else {
+            result.push(ch.to_ascii_uppercase());
+            prev_is_lower = true;
+        }
+    }
+
+    result
+}
+
+/// Generiert die Konstanten für eine Tabelle
+fn generate_table_constants(table: &TableDefinition, const_prefix: &str) -> String {
+    let mut code = String::new();
+
+    // Tabellenname
+    code.push_str(&format!("// --- Table: {} ---\n", table.name));
+    code.push_str(&format!(
+        "pub const TABLE_{}: &str = \"{}\";\n",
+        const_prefix, table.name
+    ));
+
+    // Spalten
+    for (col_key, col_value) in &table.columns {
+        let col_const_name = format!("COL_{}_{}", const_prefix, to_screaming_snake_case(col_key));
+        code.push_str(&format!(
+            "pub const {col_const_name}: &str = \"{col_value}\";\n"
+        ));
+    }
+
+    code.push('\n');
+    code
+}

src-tauri/src/android_storage/mod.rs

@@ -1,94 +0,0 @@
-#[cfg(target_os = "android")]
-#[tauri::command]
-pub async fn request_storage_permission(app_handle: tauri::AppHandle) -> Result<String, String> {
-    Ok("Settings opened - Enable 'Allow management of all files'".to_string())
-    /* use tauri_plugin_opener::OpenerExt;
-
-    // Korrekte Android Settings Intent
-    let intent_uri = "android.settings.MANAGE_ALL_FILES_ACCESS_PERMISSION";
-
-    match app.opener().open_url(intent_uri, None::<&str>) {
-        Ok(_) => Ok("Settings opened - Enable 'Allow management of all files'".to_string()),
-        Err(_) => {
-            // Fallback: App-spezifische Settings
-            let app_settings = format!(
-                "android.settings.APPLICATION_DETAILS_SETTINGS?package={}",
-                app.config().identifier
-            );
-            match app.opener().open_url(&app_settings, None::<&str>) {
-                Ok(_) => Ok("App settings opened - Go to Permissions > Files and media".to_string()),
-                Err(_) => Ok("Manually go to: Settings > Apps > Special app access > All files access > HaexHub > Allow".to_string())
-            }
-        }
-    }*/
-}
-
-#[cfg(target_os = "android")]
-#[tauri::command]
-pub async fn has_storage_permission() -> Result<bool, String> {
-    use std::path::Path;
-
-    // Teste Schreibzugriff auf externen Speicher
-    let test_paths = [
-        "/storage/emulated/0/Android",
-        "/sdcard/Android",
-        "/storage/emulated/0",
-    ];
-
-    for path in &test_paths {
-        if Path::new(path).exists() {
-            // Versuche Testdatei zu erstellen
-            let test_file = format!("{}/haex_test.tmp", path);
-            match std::fs::write(&test_file, "test") {
-                Ok(_) => {
-                    let _ = std::fs::remove_file(&test_file);
-                    return Ok(true);
-                }
-                Err(_) => continue,
-            }
-        }
-    }
-
-    Ok(false)
-}
-
-#[cfg(target_os = "android")]
-#[tauri::command]
-pub async fn get_external_storage_paths() -> Result<Vec<String>, String> {
-    let mut paths = Vec::new();
-
-    let common_paths = [
-        "/storage/emulated/0",
-        "/sdcard",
-        "/storage/emulated/0/Download",
-        "/storage/emulated/0/Documents",
-        "/storage/emulated/0/Pictures",
-        "/storage/emulated/0/DCIM",
-    ];
-
-    for path in &common_paths {
-        if std::path::Path::new(path).exists() {
-            paths.push(path.to_string());
-        }
-    }
-
-    Ok(paths)
-}
-
-#[cfg(not(target_os = "android"))]
-#[tauri::command]
-pub async fn request_storage_permission(_app: tauri::AppHandle) -> Result<String, String> {
-    Ok("aaaaaaaa".to_string())
-}
-
-#[cfg(not(target_os = "android"))]
-#[tauri::command]
-pub async fn has_storage_permission() -> Result<bool, String> {
-    Ok(true)
-}
-
-#[cfg(not(target_os = "android"))]
-#[tauri::command]
-pub async fn get_external_storage_paths() -> Result<Vec<String>, String> {
-    Ok(vec![])
-}

src-tauri/src/binss/setup-triggers.rs

@@ -1,32 +0,0 @@
-use crdt::trigger::TriggerManager;
-use rusqlite::{Connection, Result};
-// anpassen an dein Crate-Modul
-
-fn main() -> Result<()> {
-    // Vault-Datenbank öffnen
-    let conn = Connection::open("vault.db")?;
-
-    println!("🔄 Setup CRDT triggers...");
-
-    // Tabellen aus der DB holen
-    let mut stmt =
-        conn.prepare("SELECT name FROM sqlite_master WHERE type='table' AND name LIKE 'haex_%' AND NOT LIKE 'haex_crdt_%';")?;
-    let table_iter = stmt.query_map([], |row| row.get::<_, String>(0))?;
-
-    for table_name in table_iter {
-        let table_name = table_name?;
-        println!("➡️  Processing table: {}", table_name);
-
-        // Trigger für die Tabelle neu anlegen
-        match TriggerManager::setup_triggers_for_table(&conn, &table_name) {
-            Ok(_) => println!("   ✅ Triggers created for {}", table_name),
-            Err(e) => println!(
-                "   ⚠️ Could not create triggers for {}: {:?}",
-                table_name, e
-            ),
-        }
-    }
-
-    println!("✨ Done setting up CRDT triggers.");
-    Ok(())
-}

src-tauri/src/browser/manager.rs

@@ -1,285 +0,0 @@
-//mod middleware;
-
-use std::collections::HashMap;
-use std::sync::{Arc, Mutex};
-use tauri::{webview, AppHandle, LogicalPosition, LogicalSize, Manager, WebviewUrl, Window};
-//use uuid::Uuid;
-
-#[derive(Debug, Clone)]
-pub struct Tab {
-    pub id: String,
-    pub webview_label: String,
-    pub title: String,
-    pub url: String,
-    pub is_loading: bool,
-    pub is_visible: bool,
-}
-
-pub struct BrowserManager {
-    tabs: Arc<Mutex<HashMap<String, Tab>>>,
-    active_tab_id: Arc<Mutex<Option<String>>>,
-    //middleware: Arc<RoutingMiddleware>,
-}
-
-impl BrowserManager {
-    pub fn new() -> Self {
-        Self {
-            tabs: Arc::new(Mutex::new(HashMap::new())),
-            active_tab_id: Arc::new(Mutex::new(None)),
-            //middleware: Arc::new(RoutingMiddleware::new()),
-        }
-    }
-
-    /* pub async fn create_window(app: tauri::AppHandle) -> Result<tauri::WebviewWindow, _> {
-        let webview_window = tauri::WebviewWindowBuilder::new(
-            &app,
-            "label",
-            tauri::WebviewUrl::App("index.html".into()),
-        )
-        .build()
-        .unwrap();
-        Ok(webview_window);
-    } */
-    pub fn create_tab(&self, app: AppHandle, url: &str) {
-        // Generiere eine eindeutige ID für den Tab
-        /* let tab_id = Uuid::new_v4().to_string();
-        let webview_label = format!("webview-{}", tab_id); */
-
-        // Überprüfe URL mit Middleware
-        //let processed_url = self.middleware.process_url(url);
-
-        // Hole das Hauptfenster
-        let main_window = app.get_webview_window("main").unwrap();
-
-        // Berechne die Position und Größe für den Webview
-        // Hier nehmen wir an, dass wir einen Header-Bereich von 100 Pixeln haben
-        /* let window_size = main_window.inner_size()?;
-               let header_height = 100.0;
-               let webview_position = LogicalPosition::new(0.0, header_height);
-               let webview_size = LogicalSize::new(window_size.width, window_size.height - header_height);
-        */
-        /* let webview = tauri::WebviewWindowBuilder::new(
-            &app,
-            "label",
-            //WebviewUrl::External(processed_url.parse().unwrap()),
-            WebviewUrl::External(url),
-        )
-        .build()
-        .unwrap() */
-        /* .on_navigation(move |url| {
-            // Middleware für Navigation anwenden
-            self.middleware.process_navigation(url.as_str())
-        })
-        .on_web_resource_request(move |request, response| {
-            // Middleware für HTTP-Anfragen anwenden
-            self.middleware.process_request(request, response)
-        }); */
-
-        // Erstelle Tab-Objekt
-        /* let tab = Tab {
-            id: tab_id.clone(),
-            webview_label: webview_label.clone(),
-            title: "Neuer Tab".to_string(),
-            url: processed_url.to_string(),
-            is_loading: true,
-            is_visible: false,
-        }; */
-
-        // Speichere Tab
-        /* {
-            let mut tabs = self.tabs.lock().unwrap();
-            tabs.insert(tab_id.clone(), tab.clone());
-        } */
-
-        // Setze als aktiven Tab
-        //self.activate_tab(app, &tab_id)?;
-
-        // Injiziere die Webview-Bridge
-        /* let script = include_str!("../assets/webview-bridge.js");
-        webview.evaluate_script(script)?; */
-
-        // Registriere Event-Handler für Titeländerungen
-        let tab_manager = self.clone();
-        //let tab_id_clone = tab_id.clone();
-        /* webview.listen("tauri://title-changed", move |event| {
-            if let Some(title) = event.payload().and_then(|p| p.as_str()) {
-                tab_manager.update_tab_title(&tab_id_clone, title);
-            }
-        }); */
-
-        // Registriere Event-Handler für Ladestatus
-        let tab_manager = self.clone();
-        //let tab_id_clone = tab_id.clone();
-        /* webview.listen("tauri://load-changed", move |event| {
-            if let Some(status) = event.payload().and_then(|p| p.as_str()) {
-                let is_loading = status == "loading";
-                tab_manager.update_tab_loading_status(&tab_id_clone, is_loading);
-            }
-        }); */
-
-        //Ok()
-    }
-
-    pub fn close_tab(&self, app: &AppHandle, tab_id: &str) -> Result<(), tauri::Error> {
-        // Hole das Hauptfenster
-        let main_window = app.get_webview_window("main").unwrap();
-
-        // Entferne Tab aus der Verwaltung
-        let webview_label = {
-            let mut tabs = self.tabs.lock().unwrap();
-            if let Some(tab) = tabs.remove(tab_id) {
-                tab.webview_label
-            } else {
-                return Ok(());
-            }
-        };
-
-        // Entferne den Webview
-        //main_window.remove_child(&webview_label)?;
-
-        // Aktualisiere aktiven Tab, falls nötig
-        {
-            let mut active_tab_id = self.active_tab_id.lock().unwrap();
-            if active_tab_id.as_ref().map_or(false, |id| id == tab_id) {
-                // Wähle einen anderen Tab als aktiv
-                let tabs = self.tabs.lock().unwrap();
-                *active_tab_id = tabs.keys().next().cloned();
-
-                // Aktiviere den neuen Tab, falls vorhanden
-                if let Some(new_active_id) = active_tab_id.clone() {
-                    drop(active_tab_id); // Mutex freigeben vor dem rekursiven Aufruf
-                    self.activate_tab(app, &new_active_id)?;
-                }
-            }
-        }
-
-        Ok(())
-    }
-
-    pub fn activate_tab(&self, app: &AppHandle, tab_id: &str) -> Result<(), tauri::Error> {
-        // Hole das Hauptfenster
-        let main_window = app.get_webview_window("main").unwrap();
-
-        // Setze Tab als aktiv
-        {
-            let mut active_tab_id = self.active_tab_id.lock().unwrap();
-            *active_tab_id = Some(tab_id.to_string());
-        }
-
-        // Verstecke alle anderen Tabs und zeige den aktiven
-        let mut tabs = self.tabs.lock().unwrap();
-        for (id, tab) in tabs.iter_mut() {
-            if id == tab_id {
-                // Zeige den aktiven Tab
-                /* main_window
-                .get_webview_window(&tab.webview_label)?
-                .set_visible(true)?; */
-                tab.is_visible = true;
-            } else {
-                // Verstecke alle anderen Tabs
-                /* main_window
-                .get_webview_window(&tab.webview_label)?
-                .set_visible(false)?; */
-                tab.is_visible = false;
-            }
-        }
-
-        Ok(())
-    }
-
-    pub fn navigate_to_url(
-        &self,
-        app: &AppHandle,
-        tab_id: &str,
-        url: &str,
-    ) -> Result<(), tauri::Error> {
-        // Überprüfe URL mit Middleware
-        //let processed_url = self.middleware.process_url(url);
-
-        // Aktualisiere URL im Tab
-        {
-            let mut tabs = self.tabs.lock().unwrap();
-            if let Some(tab) = tabs.get_mut(tab_id) {
-                tab.url = url.to_string() //processed_url.to_string();
-            }
-        }
-
-        // Navigiere zum URL im Webview
-        let tabs = self.tabs.lock().unwrap();
-        if let Some(tab) = tabs.get(tab_id) {
-            let main_window = app.get_webview_window("main").unwrap();
-            /* let webview = main_window.get_webview_window(&tab.webview_label)?;
-            webview.navigate(&processed_url)?; */
-        }
-
-        Ok(())
-    }
-
-    pub fn get_all_tabs(&self) -> Vec<Tab> {
-        let tabs = self.tabs.lock().unwrap();
-        tabs.values().cloned().collect()
-    }
-
-    pub fn get_active_tab_id(&self) -> Option<String> {
-        let active_tab_id = self.active_tab_id.lock().unwrap();
-        active_tab_id.clone()
-    }
-
-    pub fn update_tab_title(&self, tab_id: &str, title: &str) {
-        let mut tabs = self.tabs.lock().unwrap();
-        if let Some(tab) = tabs.get_mut(tab_id) {
-            tab.title = title.to_string();
-        }
-    }
-
-    pub fn update_tab_loading_status(&self, tab_id: &str, is_loading: bool) {
-        let mut tabs = self.tabs.lock().unwrap();
-        if let Some(tab) = tabs.get_mut(tab_id) {
-            tab.is_loading = is_loading;
-        }
-    }
-
-    // Weitere Methoden für Browser-Navigation
-    pub fn go_back(&self, app: &AppHandle, tab_id: &str) -> Result<(), tauri::Error> {
-        let tabs = self.tabs.lock().unwrap();
-        if let Some(tab) = tabs.get(tab_id) {
-            let main_window = app.get_webview_window("main").unwrap();
-            /* let webview = main_window.get_webview(&tab.webview_label)?;
-            webview.evaluate_script("window.history.back()")?; */
-        }
-        Ok(())
-    }
-
-    pub fn go_forward(&self, app: &AppHandle, tab_id: &str) -> Result<(), tauri::Error> {
-        let tabs = self.tabs.lock().unwrap();
-        if let Some(tab) = tabs.get(tab_id) {
-            let main_window = app.get_webview_window("main").unwrap();
-            /* let webview = main_window.get_webview(&tab.webview_label)?;
-            webview.evaluate_script("window.history.forward()")?; */
-        }
-        Ok(())
-    }
-
-    pub fn inject_content_script(
-        &self,
-        app: &AppHandle,
-        tab_id: &str,
-        script: &str,
-    ) -> Result<(), tauri::Error> {
-        let tabs = self.tabs.lock().unwrap();
-        if let Some(tab) = tabs.get(tab_id) {
-            let main_window = app.get_webview_window("main").unwrap();
-            /* let webview = main_window.get_webview(&tab.webview_label)?;
-            webview.evaluate_script(script)?; */
-        }
-        Ok(())
-    }
-
-    pub fn clone(&self) -> Self {
-        Self {
-            tabs: Arc::clone(&self.tabs),
-            active_tab_id: Arc::clone(&self.active_tab_id),
-            //middleware: Arc::clone(&self.middleware),
-        }
-    }
-}

src-tauri/src/browser/middleware.rs

@@ -1,125 +0,0 @@
-use std::sync::{Arc, Mutex};
-use tauri::http::{Request, Response, ResponseBuilder};
-
-pub struct RoutingMiddleware {
-    extensions: Arc<Mutex<Vec<Box<dyn MiddlewareExtension + Send + Sync>>>>,
-}
-
-pub trait MiddlewareExtension: Send + Sync {
-    fn name(&self) -> &str;
-    fn process_url(&self, url: &str) -> String;
-    fn process_navigation(&self, url: &str) -> bool;
-    fn process_request(&self, request: &Request, response: &mut Response) -> bool;
-}
-
-impl RoutingMiddleware {
-    pub fn new() -> Self {
-        let mut middleware = Self {
-            extensions: Arc::new(Mutex::new(Vec::new())),
-        };
-
-        // Registriere Standard-Erweiterungen
-        //middleware.register_extension(Box::new(AdBlockerExtension::new()));
-
-        middleware
-    }
-
-    pub fn register_extension(&mut self, extension: Box<dyn MiddlewareExtension + Send + Sync>) {
-        let mut extensions = self.extensions.lock().unwrap();
-        extensions.push(extension);
-    }
-
-    pub fn process_url(&self, url: &str) -> String {
-        let extensions = self.extensions.lock().unwrap();
-        let mut processed_url = url.to_string();
-
-        for extension in extensions.iter() {
-            processed_url = extension.process_url(&processed_url);
-        }
-
-        processed_url
-    }
-
-    pub fn process_navigation(&self, url: &str) -> bool {
-        let extensions = self.extensions.lock().unwrap();
-
-        for extension in extensions.iter() {
-            if !extension.process_navigation(url) {
-                return false;
-            }
-        }
-
-        true
-    }
-
-    pub fn process_request(&self, request: &Request, response: &mut Response) -> bool {
-        let extensions = self.extensions.lock().unwrap();
-
-        for extension in extensions.iter() {
-            if extension.process_request(request, response) {
-                return true;
-            }
-        }
-
-        false
-    }
-}
-
-// Beispiel für eine Ad-Blocker-Erweiterung
-struct AdBlockerExtension {
-    block_patterns: Vec<String>,
-}
-
-impl AdBlockerExtension {
-    fn new() -> Self {
-        Self {
-            block_patterns: vec![
-                "ads".to_string(),
-                "analytics".to_string(),
-                "tracker".to_string(),
-                "banner".to_string(),
-            ],
-        }
-    }
-
-    fn is_blocked_url(&self, url: &str) -> bool {
-        for pattern in &self.block_patterns {
-            if url.contains(pattern) {
-                return true;
-            }
-        }
-        false
-    }
-}
-
-impl MiddlewareExtension for AdBlockerExtension {
-    fn name(&self) -> &str {
-        "AdBlocker"
-    }
-
-    fn process_url(&self, url: &str) -> String {
-        // Für vollständige Navigationen blockieren wir normalerweise nicht die ganze Seite
-        url.to_string()
-    }
-
-    fn process_navigation(&self, url: &str) -> bool {
-        // Blockiere nur vollständige Navigationen zu Werbeseiten
-        let is_ad_site = url.contains("doubleclick.net")
-            || url.contains("googleadservices.com")
-            || url.contains("ads.example.com");
-        !is_ad_site
-    }
-
-    fn process_request(&self, request: &Request, response: &mut Response) -> bool {
-        let url = request.uri().to_string();
-        if self.is_blocked_url(&url) {
-            println!("AdBlocker: Blockiere Anfrage: {}", url);
-            *response = ResponseBuilder::new()
-                .status(403)
-                .body("Zugriff verweigert durch AdBlocker".as_bytes().to_vec())
-                .unwrap();
-            return true;
-        }
-        false
-    }
-}

src-tauri/src/browser/mod.rs

@@ -1,188 +0,0 @@
-use serde::{Deserialize, Serialize};
-use tauri::{AppHandle, Manager, State};
-
-mod manager;
-
-#[derive(Serialize, Deserialize)]
-pub struct TabInfo {
-    id: String,
-    title: String,
-    url: String,
-    is_loading: bool,
-    is_active: bool,
-}
-
-// Einfache Kommandos für die Tab-Verwaltung
-#[tauri::command]
-pub fn create_tab(app_handle: tauri::AppHandle, tab_id: String, url: String) -> Result<(), String> {
-    let main_window = app_handle
-        .get_webview_window("main")
-        .ok_or("Hauptfenster nicht gefunden")?;
-    let window_size = main_window.inner_size().map_err(|e| e.to_string())?;
-
-    // Erstelle eine neue Webview als eigenständiges Fenster
-    let webview = tauri::WebviewWindowBuilder::new(
-        &app_handle,
-        tab_id.clone(),
-        tauri::WebviewUrl::External(url.parse::<tauri::Url>().map_err(|e| e.to_string())?),
-        //tauri::WebviewUrl::External("http://google.de"),
-    )
-    .title(format!("Tab: {}", tab_id))
-    .inner_size(window_size.width as f64, window_size.height as f64 - 50.0)
-    .position(0.0, 50.0)
-    .build()
-    .map_err(|e| e.to_string())?;
-
-    // Sende die Tab-ID zurück an das Hauptfenster
-    /* main_window
-    .emit("tab-created", tab_id)
-    .map_err(|e| e.to_string())?; */
-
-    Ok(())
-}
-
-#[tauri::command]
-pub fn show_tab(app_handle: tauri::AppHandle, tab_id: String) -> Result<(), String> {
-    // Hole alle Webview-Fenster
-    let windows = app_handle.webview_windows();
-
-    // Zeige das ausgewählte Tab und verstecke die anderen
-    for (id, window) in windows {
-        if id != "main" {
-            // Hauptfenster nicht verstecken
-            if id == tab_id {
-                window.show().map_err(|e| e.to_string())?;
-                window.set_focus().map_err(|e| e.to_string())?;
-            } else {
-                window.hide().map_err(|e| e.to_string())?;
-            }
-        }
-    }
-
-    Ok(())
-}
-
-#[tauri::command]
-pub fn close_tab(app_handle: tauri::AppHandle, tab_id: String) -> Result<(), String> {
-    if let Some(window) = app_handle.get_webview_window(&tab_id) {
-        window.close().map_err(|e| e.to_string())?;
-    }
-
-    Ok(())
-}
-
-/* #[tauri::command]
-pub fn create_tab(app: AppHandle, url: String) -> Result<TabInfo, String> {
-    let browser_manager = app.state::<manager::BrowserManager>();
-
-    match browser_manager.create_tab(&app, &url) {
-        Ok(tab) => {
-            let active_tab_id = browser_manager.get_active_tab_id();
-            let is_active = active_tab_id.as_ref().map_or(false, |id| id == &tab.id);
-
-            let main = app.get_webview_window("main");
-
-            //main.unwrap().
-            // Sende Event an Frontend
-            /* app.emit_all(
-                "tab-created",
-                TabInfo {
-                    id: tab.id.clone(),
-                    title: tab.title.clone(),
-                    url: tab.url.clone(),
-                    is_loading: tab.is_loading,
-                    is_active,
-                },
-            )
-            .unwrap(); */
-
-            Ok(TabInfo {
-                id: tab.id,
-                title: tab.title,
-                url: tab.url,
-                is_loading: tab.is_loading,
-                is_active: true,
-            })
-        }
-        Err(e) => Err(format!("Fehler beim Erstellen des Tabs: {}", e)),
-    }
-} */
-
-/* #[tauri::command]
-pub fn close_tab(app: AppHandle, tab_id: String) -> Result<(), String> {
-    let browser_manager = app.state::<manager::BrowserManager>();
-
-    match browser_manager.close_tab(&app, &tab_id) {
-        Ok(_) => {
-            // Sende Event an Frontend
-            //app.emit_all("tab-closed", tab_id).unwrap();
-            Ok(())
-        }
-        Err(e) => Err(format!("Fehler beim Schließen des Tabs: {}", e)),
-    }
-} */
-
-#[tauri::command]
-pub fn navigate_to_url(app: AppHandle, tab_id: String, url: String) -> Result<(), String> {
-    let browser_manager = app.state::<manager::BrowserManager>();
-
-    match browser_manager.navigate_to_url(&app, &tab_id, &url) {
-        Ok(_) => Ok(()),
-        Err(e) => Err(format!("Fehler bei der Navigation: {}", e)),
-    }
-}
-
-#[tauri::command]
-pub fn get_current_url(app: AppHandle, tab_id: String) -> Result<String, String> {
-    let browser_manager = app.state::<manager::BrowserManager>();
-    let tabs = browser_manager.get_all_tabs();
-
-    for tab in tabs {
-        if tab.id == tab_id {
-            return Ok(tab.url);
-        }
-    }
-
-    Err("Tab nicht gefunden".to_string())
-}
-
-#[tauri::command]
-pub fn go_back(app: AppHandle, tab_id: String) -> Result<(), String> {
-    let browser_manager = app.state::<manager::BrowserManager>();
-
-    match browser_manager.go_back(&app, &tab_id) {
-        Ok(_) => Ok(()),
-        Err(e) => Err(format!("Fehler beim Zurückgehen: {}", e)),
-    }
-}
-
-#[tauri::command]
-pub fn go_forward(app: AppHandle, tab_id: String) -> Result<(), String> {
-    let browser_manager = app.state::<manager::BrowserManager>();
-
-    match browser_manager.go_forward(&app, &tab_id) {
-        Ok(_) => Ok(()),
-        Err(e) => Err(format!("Fehler beim Vorwärtsgehen: {}", e)),
-    }
-}
-
-#[tauri::command]
-pub fn block_resource_request(url: String, resource_type: String) -> bool {
-    // Diese Funktion wird vom Frontend aufgerufen, um zu prüfen, ob eine Ressource blockiert werden soll
-    // Die eigentliche Logik wird im JavaScript-Erweiterungssystem implementiert
-    // Hier könnten Sie zusätzliche Rust-seitige Prüfungen durchführen
-    println!("Prüfe Ressourcenanfrage: {} (Typ: {})", url, resource_type);
-
-    // Einfache Prüfung für Beispielzwecke
-    url.contains("ads") || url.contains("analytics") || url.contains("tracker")
-}
-
-#[tauri::command]
-pub fn inject_content_script(app: AppHandle, tab_id: String, script: String) -> Result<(), String> {
-    let browser_manager = app.state::<manager::BrowserManager>();
-
-    match browser_manager.inject_content_script(&app, &tab_id, &script) {
-        Ok(_) => Ok(()),
-        Err(e) => Err(format!("Fehler beim Injizieren des Scripts: {}", e)),
-    }
-}

src-tauri/src/crdt/hlc.rs

@@ -1,12 +1,17 @@
-// src/hlc_service.rs
+// src-tauri/src/crdt/hlc.rs
 
-use rusqlite::{params, Connection, Result as RusqliteResult, Transaction};
+use crate::table_names::TABLE_CRDT_CONFIGS;
+use rusqlite::{params, Connection, Transaction};
+use serde_json::json;
 use std::{
     fmt::Debug,
+    path::PathBuf,
     str::FromStr,
     sync::{Arc, Mutex},
     time::Duration,
 };
+use tauri::AppHandle;
+use tauri_plugin_store::StoreExt;
 use thiserror::Error;
 use uhlc::{HLCBuilder, Timestamp, HLC, ID};
 use uuid::Uuid;
@@ -14,8 +19,6 @@ use uuid::Uuid;
 const HLC_NODE_ID_TYPE: &str = "hlc_node_id";
 const HLC_TIMESTAMP_TYPE: &str = "hlc_timestamp";
 
-pub const CRDT_SETTINGS_TABLE: &str = "haex_crdt_settings";
-
 #[derive(Error, Debug)]
 pub enum HlcError {
     #[error("Database error: {0}")]
@@ -24,108 +27,197 @@ pub enum HlcError {
     ParseTimestamp(String),
     #[error("Failed to parse persisted HLC state: {0}")]
     Parse(String),
+    #[error("Failed to parse HLC Node ID: {0}")]
+    ParseNodeId(String),
     #[error("HLC mutex was poisoned")]
     MutexPoisoned,
     #[error("Failed to create node ID: {0}")]
     CreateNodeId(#[from] uhlc::SizeError),
+    #[error("No database connection available")]
+    NoConnection,
+    #[error("HLC service not initialized")]
+    NotInitialized,
+    #[error("Hex decode error: {0}")]
+    HexDecode(String),
+    #[error("UTF-8 conversion error: {0}")]
+    Utf8Error(String),
+    #[error("Failed to access device store: {0}")]
+    DeviceStore(String),
+}
+
+impl From<tauri_plugin_store::Error> for HlcError {
+    fn from(error: tauri_plugin_store::Error) -> Self {
+        HlcError::DeviceStore(error.to_string())
+    }
 }
 
 /// A thread-safe, persistent HLC service.
 #[derive(Clone)]
-pub struct HlcService(Arc<Mutex<HLC>>);
+pub struct HlcService {
+    hlc: Arc<Mutex<Option<HLC>>>,
+}
 
 impl HlcService {
-    /// Creates a new HLC service, initializing it from the database or creating a new
+    /// Creates a new HLC service. The HLC will be initialized on first database access.
-    /// persistent identity if one does not exist.
+    pub fn new() -> Self {
-    pub fn new(conn: &mut Connection) -> Result<Self, HlcError> {
+        HlcService {
-        // 1. Manage persistent node identity.
+            hlc: Arc::new(Mutex::new(None)),
-        let node_id = Self::get_or_create_node_id(conn)?;
-
-        // 2. Create HLC instance with stable identity using the HLCBuilder.
-        let hlc = HLCBuilder::new()
-            .with_id(node_id)
-            .with_max_delta(Duration::from_secs(1)) // Example of custom configuration
-            .build();
-
-        // 3. Load the last persisted timestamp and update the clock.
-        let last_state_str: RusqliteResult<String> = conn.query_row(
-            &format!("SELECT value FROM {} WHERE type = ?1", CRDT_SETTINGS_TABLE),
-            params![HLC_TIMESTAMP_TYPE],
-            |row| row.get(0),
-        );
-
-        if let Ok(state_str) = last_state_str {
-            let timestamp =
-                Timestamp::from_str(&state_str).map_err(|e| HlcError::ParseTimestamp(e.cause))?;
-
-            // Update the clock with the persisted state.
-            // we might want to handle the error case where the clock drifts too far.
-            hlc.update_with_timestamp(&timestamp)
-                .map_err(|e| HlcError::Parse(e.to_string()))?;
         }
-
-        let hlc_arc = Arc::new(Mutex::new(hlc));
-        Ok(HlcService(hlc_arc))
     }
 
-    /// Generates a new timestamp and immediately persists the HLC's new state.
+    /// Factory-Funktion: Erstellt und initialisiert einen neuen HLC-Service aus einer bestehenden DB-Verbindung.
-    /// This method MUST be called within an existing database transaction (`tx`)
+    /// Dies ist die bevorzugte Methode zur Instanziierung.
-    /// along with the actual data operation that this timestamp is for.
+    pub fn try_initialize(conn: &Connection, app_handle: &AppHandle) -> Result<Self, HlcError> {
-    /// This design ensures atomicity: the data is saved with its timestamp,
+        // 1. Hole oder erstelle eine persistente Node-ID
-    /// and the clock state is updated, or none of it is.
+        let node_id_str = Self::get_or_create_device_id(app_handle)?;
+
+        // Parse den String in ein Uuid-Objekt.
+        let uuid = Uuid::parse_str(&node_id_str).map_err(|e| {
+            HlcError::ParseNodeId(format!(
+                "Stored device ID is not a valid UUID: {node_id_str}. Error: {e}"
+            ))
+        })?;
+
+        // Hol dir die rohen 16 Bytes und erstelle daraus die uhlc::ID.
+        // Das `*` dereferenziert den `&[u8; 16]` zu `[u8; 16]`, was `try_from` erwartet.
+        let node_id = ID::try_from(*uuid.as_bytes()).map_err(|e| {
+            HlcError::ParseNodeId(format!("Invalid node ID format from device store: {e:?}"))
+        })?;
+
+        // 2. Erstelle eine HLC-Instanz mit stabiler Identität
+        let hlc = HLCBuilder::new()
+            .with_id(node_id)
+            .with_max_delta(Duration::from_secs(1))
+            .build();
+
+        // 3. Lade und wende den letzten persistenten Zeitstempel an
+        if let Some(last_timestamp) = Self::load_last_timestamp(conn)? {
+            hlc.update_with_timestamp(&last_timestamp).map_err(|e| {
+                HlcError::Parse(format!(
+                    "Failed to update HLC with persisted timestamp: {e:?}"
+                ))
+            })?;
+        }
+
+        Ok(HlcService {
+            hlc: Arc::new(Mutex::new(Some(hlc))),
+        })
+    }
+
+    /// Holt die Geräte-ID aus dem Tauri Store oder erstellt eine neue, wenn keine existiert.
+    fn get_or_create_device_id(app_handle: &AppHandle) -> Result<String, HlcError> {
+        let store_path = PathBuf::from("instance.json");
+        let store = app_handle
+            .store(store_path)
+            .map_err(|e| HlcError::DeviceStore(e.to_string()))?;
+
+        let id_exists = match store.get("id") {
+            // Fall 1: Der Schlüssel "id" existiert UND sein Wert ist ein String.
+            Some(value) => {
+                if let Some(s) = value.as_str() {
+                    // Das ist unser Erfolgsfall. Wir haben einen &str und können
+                    // eine Kopie davon zurückgeben.
+                    println!("Gefundene und validierte Geräte-ID: {s}");
+                    if Uuid::parse_str(s).is_ok() {
+                        // Erfolgsfall: Der Wert ist ein String UND eine gültige UUID.
+                        // Wir können die Funktion direkt mit dem Wert verlassen.
+                        return Ok(s.to_string());
+                    }
+                }
+                // Der Wert existiert, ist aber kein String (z.B. eine Zahl).
+                // Wir behandeln das, als gäbe es keine ID.
+                false
+            }
+            // Fall 2: Der Schlüssel "id" existiert nicht.
+            None => false,
+        };
+
+        // Wenn wir hier ankommen, bedeutet das, `id_exists` ist `false`.
+        // Entweder weil der Schlüssel fehlte oder weil der Wert kein String war.
+        // Also erstellen wir eine neue ID.
+        if !id_exists {
+            let new_id = Uuid::new_v4().to_string();
+
+            store.set("id".to_string(), json!(new_id.clone()));
+
+            store.save()?;
+
+            return Ok(new_id);
+        }
+
+        // Dieser Teil des Codes sollte nie erreicht werden, aber der Compiler
+        // braucht einen finalen return-Wert. Wir können hier einen Fehler werfen.
+        Err(HlcError::DeviceStore(
+            "Unreachable code: Failed to determine device ID".to_string(),
+        ))
+    }
+
+    /// Generiert einen neuen Zeitstempel und persistiert den neuen Zustand des HLC sofort.
+    /// Muss innerhalb einer bestehenden Datenbanktransaktion aufgerufen werden.
     pub fn new_timestamp_and_persist<'tx>(
         &self,
         tx: &Transaction<'tx>,
     ) -> Result<Timestamp, HlcError> {
-        let hlc = self.0.lock().map_err(|_| HlcError::MutexPoisoned)?;
+        let mut hlc_guard = self.hlc.lock().map_err(|_| HlcError::MutexPoisoned)?;
-        let new_timestamp = hlc.new_timestamp();
+        let hlc = hlc_guard.as_mut().ok_or(HlcError::NotInitialized)?;
-        let timestamp_str = new_timestamp.to_string();
 
-        tx.execute(
+        let new_timestamp = hlc.new_timestamp();
-            &format!(
+        Self::persist_timestamp(tx, &new_timestamp)?;
-                "INSERT INTO {} (type, value) VALUES (?1,?2)
-                 ON CONFLICT(type) DO UPDATE SET value = excluded.value",
-                CRDT_SETTINGS_TABLE
-            ),
-            params![HLC_TIMESTAMP_TYPE, timestamp_str],
-        )?;
 
         Ok(new_timestamp)
     }
 
-    /// Retrieves or creates and persists a stable node ID for the HLC.
+    /// Erstellt einen neuen Zeitstempel, ohne ihn zu persistieren (z.B. für Leseoperationen).
-    fn get_or_create_node_id(conn: &mut Connection) -> Result<ID, HlcError> {
+    pub fn new_timestamp(&self) -> Result<Timestamp, HlcError> {
-        let tx = conn.transaction_with_behavior(rusqlite::TransactionBehavior::Immediate)?;
+        let mut hlc_guard = self.hlc.lock().map_err(|_| HlcError::MutexPoisoned)?;
+        let hlc = hlc_guard.as_mut().ok_or(HlcError::NotInitialized)?;
 
-        let query = format!("SELECT value FROM {} WHERE type =?1", CRDT_SETTINGS_TABLE);
+        Ok(hlc.new_timestamp())
+    }
 
-        match tx.query_row(&query, params![HLC_NODE_ID_TYPE], |row| {
+    /// Aktualisiert den HLC mit einem externen Zeitstempel (für die Synchronisation).
+    pub fn update_with_timestamp(&self, timestamp: &Timestamp) -> Result<(), HlcError> {
+        let mut hlc_guard = self.hlc.lock().map_err(|_| HlcError::MutexPoisoned)?;
+        let hlc = hlc_guard.as_mut().ok_or(HlcError::NotInitialized)?;
+
+        hlc.update_with_timestamp(timestamp)
+            .map_err(|e| HlcError::Parse(format!("Failed to update HLC: {e:?}")))
+    }
+
+    /// Lädt den letzten persistierten Zeitstempel aus der Datenbank.
+    fn load_last_timestamp(conn: &Connection) -> Result<Option<Timestamp>, HlcError> {
+        let query = format!("SELECT value FROM {TABLE_CRDT_CONFIGS} WHERE key = ?1");
+
+        match conn.query_row(&query, params![HLC_TIMESTAMP_TYPE], |row| {
             row.get::<_, String>(0)
         }) {
-            Ok(id_str) => {
+            Ok(state_str) => {
-                // ID exists, parse and return it.
+                let timestamp = Timestamp::from_str(&state_str).map_err(|e| {
-                let id_bytes = hex::decode(id_str).map_err(|e| HlcError::Parse(e.to_string()))?;
+                    HlcError::ParseTimestamp(format!("Invalid timestamp format: {e:?}"))
-                let id = ID::try_from(id_bytes.as_slice())?;
+                })?;
-                tx.commit()?;
+                Ok(Some(timestamp))
-                Ok(id)
             }
-            Err(rusqlite::Error::QueryReturnedNoRows) => {
+            Err(rusqlite::Error::QueryReturnedNoRows) => Ok(None),
-                // No ID found, create, persist, and return a new one.
+            Err(e) => Err(HlcError::Database(e)),
-                let new_id_bytes = Uuid::new_v4().as_bytes().to_vec();
-                let new_id = ID::try_from(new_id_bytes.as_slice())?;
-                let new_id_str = hex::encode(new_id.to_le_bytes());
-
-                tx.execute(
-                    &format!(
-                        "INSERT INTO {} (type, value) VALUES (?1, ?2)",
-                        CRDT_SETTINGS_TABLE
-                    ),
-                    params![HLC_NODE_ID_TYPE, new_id_str],
-                )?;
-                tx.commit()?;
-                Ok(new_id)
-            }
-            Err(e) => Err(HlcError::from(e)),
         }
     }
+
+    /// Persistiert einen Zeitstempel in der Datenbank innerhalb einer Transaktion.
+    fn persist_timestamp(tx: &Transaction, timestamp: &Timestamp) -> Result<(), HlcError> {
+        let timestamp_str = timestamp.to_string();
+        tx.execute(
+            &format!(
+                "INSERT INTO {TABLE_CRDT_CONFIGS} (key, value) VALUES (?1, ?2)
+                 ON CONFLICT(key) DO UPDATE SET value = excluded.value"
+            ),
+            params![HLC_TIMESTAMP_TYPE, timestamp_str],
+        )?;
+        Ok(())
+    }
+}
+
+impl Default for HlcService {
+    fn default() -> Self {
+        Self::new()
+    }
 }

src-tauri/src/crdt/insert_transformer.rs

@@ -0,0 +1,99 @@
+// src-tauri/src/crdt/insert_transformer.rs
+// INSERT-spezifische CRDT-Transformationen (ON CONFLICT, RETURNING)
+
+use crate::crdt::trigger::HLC_TIMESTAMP_COLUMN;
+use crate::database::error::DatabaseError;
+use sqlparser::ast::{Expr, Ident, Insert, SelectItem, SetExpr, Value};
+use uhlc::Timestamp;
+
+/// Helper-Struct für INSERT-Transformationen
+pub struct InsertTransformer {
+    hlc_timestamp_column: &'static str,
+}
+
+impl InsertTransformer {
+    pub fn new() -> Self {
+        Self {
+            hlc_timestamp_column: HLC_TIMESTAMP_COLUMN,
+        }
+    }
+
+    fn find_or_add_column(columns: &mut Vec<Ident>, col_name: &'static str) -> usize {
+        match columns.iter().position(|c| c.value == col_name) {
+            Some(index) => index, // Gefunden! Gib Index zurück.
+            None => {
+                // Nicht gefunden! Hinzufügen.
+                columns.push(Ident::new(col_name));
+                columns.len() - 1 // Der Index des gerade hinzugefügten Elements
+            }
+        }
+    }
+
+    /// Wenn der Index == der Länge ist, wird der Wert stattdessen gepusht.
+    fn set_or_push_value(row: &mut Vec<Expr>, index: usize, value: Expr) {
+        if index < row.len() {
+            // Spalte war vorhanden, Wert (wahrscheinlich `?` oder NULL) ersetzen
+            row[index] = value;
+        } else {
+            // Spalte war nicht vorhanden, Wert hinzufügen
+            row.push(value);
+        }
+    }
+
+    fn set_or_push_projection(projection: &mut Vec<SelectItem>, index: usize, value: Expr) {
+        let item = SelectItem::UnnamedExpr(value);
+        if index < projection.len() {
+            projection[index] = item;
+        } else {
+            projection.push(item);
+        }
+    }
+
+    /// Transformiert INSERT-Statements (fügt HLC-Timestamp hinzu)
+    /// Hard Delete: Kein ON CONFLICT mehr nötig - gelöschte Einträge sind wirklich weg
+    pub fn transform_insert(
+        &self,
+        insert_stmt: &mut Insert,
+        timestamp: &Timestamp,
+    ) -> Result<(), DatabaseError> {
+        // Add haex_timestamp  column if not exists
+        let hlc_col_index =
+            Self::find_or_add_column(&mut insert_stmt.columns, self.hlc_timestamp_column);
+
+        // ON CONFLICT Logik komplett entfernt!
+        // Bei Hard Deletes gibt es keine Tombstone-Einträge mehr zu reaktivieren
+        // UNIQUE Constraint Violations sind echte Fehler
+
+        match insert_stmt.source.as_mut() {
+            Some(query) => match &mut *query.body {
+                SetExpr::Values(values) => {
+                    for row in &mut values.rows {
+                        let hlc_value =
+                            Expr::Value(Value::SingleQuotedString(timestamp.to_string()).into());
+
+                        Self::set_or_push_value(row, hlc_col_index, hlc_value);
+                    }
+                }
+                SetExpr::Select(select) => {
+                    let hlc_value =
+                        Expr::Value(Value::SingleQuotedString(timestamp.to_string()).into());
+
+                    Self::set_or_push_projection(&mut select.projection, hlc_col_index, hlc_value);
+                }
+                _ => {
+                    return Err(DatabaseError::UnsupportedStatement {
+                        sql: insert_stmt.to_string(),
+                        reason: "INSERT with unsupported source type".to_string(),
+                    });
+                }
+            },
+            None => {
+                return Err(DatabaseError::UnsupportedStatement {
+                    reason: "INSERT statement has no source".to_string(),
+                    sql: insert_stmt.to_string(),
+                });
+            }
+        }
+        Ok(())
+    }
+}

src-tauri/src/crdt/mod.rs

@@ -1,3 +1,5 @@
 pub mod hlc;
-pub mod proxy;
+pub mod insert_transformer;
+//pub mod query_transformer;
+pub mod transformer;
 pub mod trigger;

src-tauri/src/crdt/proxy.rs

@@ -1,418 +0,0 @@
-// In src-tauri/src/crdt/proxy.rs
-
-use crate::crdt::hlc::HlcService;
-use crate::crdt::trigger::{HLC_TIMESTAMP_COLUMN, TOMBSTONE_COLUMN};
-use serde::{Deserialize, Serialize};
-use sqlparser::ast::{
-    Assignment, AssignmentTarget, BinaryOperator, ColumnDef, DataType, Expr, Ident, Insert,
-    ObjectName, ObjectNamePart, SelectItem, SetExpr, Statement, TableFactor, TableObject,
-    TableWithJoins, UpdateTableFromKind, Value, ValueWithSpan,
-};
-use sqlparser::dialect::SQLiteDialect;
-use sqlparser::parser::Parser;
-use std::collections::HashSet;
-use ts_rs::TS;
-use uhlc::Timestamp;
-
-#[derive(Serialize, Deserialize, TS)]
-#[ts(export)]
-#[serde(tag = "type", content = "details")]
-pub enum ProxyError {
-    /// Der SQL-Code konnte nicht geparst werden.
-    ParseError {
-        reason: String,
-    },
-    /// Ein Fehler ist während der Ausführung in der Datenbank aufgetreten.
-    ExecutionError {
-        sql: String,
-        reason: String,
-    },
-    /// Ein Fehler ist beim Verwalten der Transaktion aufgetreten.
-    TransactionError {
-        reason: String,
-    },
-    /// Ein SQL-Statement wird vom Proxy nicht unterstützt (z.B. DELETE von einer Subquery).
-    UnsupportedStatement {
-        description: String,
-    },
-    HlcError {
-        reason: String,
-    },
-}
-
-// Tabellen, die von der Proxy-Logik ausgeschlossen sind.
-const EXCLUDED_TABLES: &[&str] = &["haex_crdt_settings", "haex_crdt_logs"];
-
-pub struct SqlProxy;
-
-impl SqlProxy {
-    pub fn new() -> Self {
-        Self {}
-    }
-
-    /// Führt SQL-Anweisungen aus, nachdem sie für CRDT-Konformität transformiert wurden.
-    pub fn execute(
-        &self,
-        sql: &str,
-        conn: &mut rusqlite::Connection,
-        hlc_service: &HlcService,
-    ) -> Result<Vec<String>, ProxyError> {
-        let dialect = SQLiteDialect {};
-        let mut ast_vec = Parser::parse_sql(&dialect, sql).map_err(|e| ProxyError::ParseError {
-            reason: e.to_string(),
-        })?;
-
-        let mut modified_schema_tables = HashSet::new();
-
-        let tx = conn
-            .transaction()
-            .map_err(|e| ProxyError::TransactionError {
-                reason: e.to_string(),
-            })?;
-
-        let hlc_timestamp =
-            hlc_service
-                .new_timestamp_and_persist(&tx)
-                .map_err(|e| ProxyError::HlcError {
-                    reason: e.to_string(),
-                })?;
-
-        for statement in &mut ast_vec {
-            if let Some(table_name) = self.transform_statement(statement, Some(&hlc_timestamp))? {
-                modified_schema_tables.insert(table_name);
-            }
-        }
-
-        for statement in ast_vec {
-            let final_sql = statement.to_string();
-            tx.execute(&final_sql, [])
-                .map_err(|e| ProxyError::ExecutionError {
-                    sql: final_sql,
-                    reason: e.to_string(),
-                })?;
-        }
-        tx.commit().map_err(|e| ProxyError::TransactionError {
-            reason: e.to_string(),
-        })?;
-
-        Ok(modified_schema_tables.into_iter().collect())
-    }
-
-    /// Wendet die Transformation auf ein einzelnes Statement an.
-    fn transform_statement(
-        &self,
-        stmt: &mut Statement,
-        hlc_timestamp: Option<&Timestamp>,
-    ) -> Result<Option<String>, ProxyError> {
-        match stmt {
-            sqlparser::ast::Statement::Query(query) => {
-                if let SetExpr::Select(select) = &mut *query.body {
-                    let mut tombstone_filters = Vec::new();
-                    for twj in &select.from {
-                        if let TableFactor::Table { name, alias, .. } = &twj.relation {
-                            if self.is_audited_table(name) {
-                                let table_idents = if let Some(a) = alias {
-                                    vec![a.name.clone()]
-                                } else {
-                                    name.0
-                                        .iter()
-                                        .filter_map(|part| match part {
-                                            ObjectNamePart::Identifier(id) => Some(id.clone()),
-                                            _ => None,
-                                        })
-                                        .collect::<Vec<_>>()
-                                };
-                                let column_ident = Ident::new(TOMBSTONE_COLUMN);
-                                let full_ident = [table_idents, vec![column_ident]].concat();
-                                let filter = Expr::BinaryOp {
-                                    left: Box::new(Expr::CompoundIdentifier(full_ident)),
-                                    op: BinaryOperator::Eq,
-                                    right: Box::new(Expr::Value(
-                                        sqlparser::ast::Value::Number("1".to_string(), false)
-                                            .into(),
-                                    )),
-                                };
-                                tombstone_filters.push(filter);
-                            }
-                        }
-                    }
-                    if !tombstone_filters.is_empty() {
-                        let combined_filter = tombstone_filters
-                            .into_iter()
-                            .reduce(|acc, expr| Expr::BinaryOp {
-                                left: Box::new(acc),
-                                op: BinaryOperator::And,
-                                right: Box::new(expr),
-                            })
-                            .unwrap();
-                        match &mut select.selection {
-                            Some(existing) => {
-                                *existing = Expr::BinaryOp {
-                                    left: Box::new(existing.clone()),
-                                    op: BinaryOperator::And,
-                                    right: Box::new(combined_filter),
-                                };
-                            }
-                            None => {
-                                select.selection = Some(combined_filter);
-                            }
-                        }
-                    }
-                }
-
-                // Hinweis: UNION, EXCEPT etc. werden hier nicht behandelt, was dem bisherigen Code entspricht.
-            }
-            Statement::CreateTable(create_table) => {
-                if self.is_audited_table(&create_table.name) {
-                    self.add_crdt_columns(&mut create_table.columns);
-                    return Ok(Some(
-                        create_table
-                            .name
-                            .to_string()
-                            .trim_matches('`')
-                            .trim_matches('"')
-                            .to_string(),
-                    ));
-                }
-            }
-            Statement::Insert(insert_stmt) => {
-                if let TableObject::TableName(name) = &insert_stmt.table {
-                    if self.is_audited_table(name) {
-                        if let Some(ts) = hlc_timestamp {
-                            self.add_hlc_to_insert(insert_stmt, ts);
-                        }
-                    }
-                }
-            }
-            /* Statement::Update(update_stmt) => {
-                if let TableFactor::Table { name, .. } = &update_stmt.table.relation {
-                    if self.is_audited_table(&name) {
-                        if let Some(ts) = hlc_timestamp {
-                            update_stmt.assignments.push(self.create_hlc_assignment(ts));
-                        }
-                    }
-                }
-            } */
-            Statement::Update {
-                table,
-                assignments,
-                from,
-                selection,
-                returning,
-                or,
-            } => {
-                if let TableFactor::Table { name, .. } = &table.relation {
-                    if self.is_audited_table(&name) {
-                        if let Some(ts) = hlc_timestamp {
-                            assignments.push(self.create_hlc_assignment(ts));
-                        }
-                    }
-                }
-                *stmt = Statement::Update {
-                    table: table.clone(),
-                    assignments: assignments.clone(),
-                    from: from.clone(),
-                    selection: selection.clone(),
-                    returning: returning.clone(),
-                    or: *or,
-                };
-            }
-            Statement::Delete(del_stmt) => {
-                let table_name = self.extract_table_name_from_from(&del_stmt.from);
-                if let Some(name) = table_name {
-                    if self.is_audited_table(&name) {
-                        // GEÄNDERT: Übergibt den Zeitstempel an die Transformationsfunktion
-                        if let Some(ts) = hlc_timestamp {
-                            self.transform_delete_to_update(stmt, ts);
-                        }
-                    }
-                } else {
-                    return Err(ProxyError::UnsupportedStatement {
-                        description: "DELETE from non-table source or multiple tables".to_string(),
-                    });
-                }
-            }
-            Statement::AlterTable { name, .. } => {
-                if self.is_audited_table(name) {
-                    return Ok(Some(
-                        name.to_string()
-                            .trim_matches('`')
-                            .trim_matches('"')
-                            .to_string(),
-                    ));
-                }
-            }
-            _ => {}
-        }
-        Ok(None)
-    }
-
-    /// Fügt die Tombstone-Spalte zu einer Liste von Spaltendefinitionen hinzu.
-    fn add_tombstone_column(&self, columns: &mut Vec<ColumnDef>) {
-        if !columns
-            .iter()
-            .any(|c| c.name.value.to_lowercase() == TOMBSTONE_COLUMN)
-        {
-            columns.push(ColumnDef {
-                name: Ident::new(TOMBSTONE_COLUMN),
-                data_type: DataType::Integer(None),
-                options: vec![],
-            });
-        }
-    }
-
-    /// Prüft, ob eine Tabelle von der Proxy-Logik betroffen sein soll.
-    fn is_audited_table(&self, name: &ObjectName) -> bool {
-        let table_name = name.to_string().to_lowercase();
-        let table_name = table_name.trim_matches('`').trim_matches('"');
-        !EXCLUDED_TABLES.contains(&table_name)
-    }
-
-    fn extract_table_name_from_from(&self, from: &sqlparser::ast::FromTable) -> Option<ObjectName> {
-        let tables = match from {
-            sqlparser::ast::FromTable::WithFromKeyword(from)
-            | sqlparser::ast::FromTable::WithoutKeyword(from) => from,
-        };
-        if tables.len() == 1 {
-            if let TableFactor::Table { name, .. } = &tables[0].relation {
-                Some(name.clone())
-            } else {
-                None
-            }
-        } else {
-            None
-        }
-    }
-
-    fn extract_table_name(&self, from: &[TableWithJoins]) -> Option<ObjectName> {
-        if from.len() == 1 {
-            if let TableFactor::Table { name, .. } = &from[0].relation {
-                Some(name.clone())
-            } else {
-                None
-            }
-        } else {
-            None
-        }
-    }
-
-    fn create_tombstone_assignment(&self) -> Assignment {
-        Assignment {
-            target: AssignmentTarget::ColumnName(ObjectName(vec![ObjectNamePart::Identifier(
-                Ident::new(TOMBSTONE_COLUMN),
-            )])),
-            value: Expr::Value(sqlparser::ast::Value::Number("1".to_string(), false).into()),
-        }
-    }
-
-    fn add_tombstone_filter(&self, selection: &mut Option<Expr>) {
-        let tombstone_expr = Expr::BinaryOp {
-            left: Box::new(Expr::Identifier(Ident::new(TOMBSTONE_COLUMN))),
-            op: BinaryOperator::Eq,
-            // HIER IST DIE FINALE KORREKTUR:
-            right: Box::new(Expr::Value(Value::Number("0".to_string(), false).into())),
-        };
-
-        match selection {
-            Some(existing) => {
-                // Kombiniere mit AND, wenn eine WHERE-Klausel existiert
-                *selection = Some(Expr::BinaryOp {
-                    left: Box::new(existing.clone()),
-                    op: BinaryOperator::And,
-                    right: Box::new(tombstone_expr),
-                });
-            }
-            None => {
-                // Setze neue WHERE-Klausel, wenn keine existiert
-                *selection = Some(tombstone_expr);
-            }
-        }
-    }
-
-    fn add_crdt_columns(&self, columns: &mut Vec<ColumnDef>) {
-        if !columns.iter().any(|c| c.name.value == TOMBSTONE_COLUMN) {
-            columns.push(ColumnDef {
-                name: Ident::new(TOMBSTONE_COLUMN),
-                data_type: DataType::Integer(None),
-                options: vec![],
-            });
-        }
-        if !columns.iter().any(|c| c.name.value == HLC_TIMESTAMP_COLUMN) {
-            columns.push(ColumnDef {
-                name: Ident::new(HLC_TIMESTAMP_COLUMN),
-                data_type: DataType::Text, // HLC wird als String gespeichert
-                options: vec![],
-            });
-        }
-    }
-
-    fn transform_delete_to_update(&self, stmt: &mut Statement, hlc_timestamp: &Timestamp) {
-        if let Statement::Delete(del_stmt) = stmt {
-            let table_to_update = match &del_stmt.from {
-                sqlparser::ast::FromTable::WithFromKeyword(from)
-                | sqlparser::ast::FromTable::WithoutKeyword(from) => from[0].clone(),
-            };
-
-            // Erstellt beide Zuweisungen
-            let assignments = vec![
-                self.create_tombstone_assignment(),
-                self.create_hlc_assignment(hlc_timestamp),
-            ];
-
-            *stmt = Statement::Update {
-                table: table_to_update,
-                assignments,
-                from: None,
-                selection: del_stmt.selection.clone(),
-                returning: None,
-                or: None,
-            };
-        }
-    }
-
-    fn add_hlc_to_insert(
-        &self,
-        insert_stmt: &mut sqlparser::ast::Insert,
-        ts: &Timestamp,
-    ) -> Result<(), ProxyError> {
-        insert_stmt.columns.push(Ident::new(HLC_TIMESTAMP_COLUMN));
-
-        match insert_stmt.source.as_mut() {
-            Some(query) => match &mut *query.body {
-                // Dereferenziere die Box mit *
-                SetExpr::Values(values) => {
-                    for row in &mut values.rows {
-                        row.push(Expr::Value(
-                            Value::SingleQuotedString(ts.to_string()).into(),
-                        ));
-                    }
-                }
-                SetExpr::Select(select) => {
-                    let hlc_expr = Expr::Value(Value::SingleQuotedString(ts.to_string()).into());
-                    select.projection.push(SelectItem::UnnamedExpr(hlc_expr));
-                }
-                _ => {
-                    return Err(ProxyError::UnsupportedStatement {
-                        description: "INSERT with unsupported source".to_string(),
-                    });
-                }
-            },
-            None => {
-                return Err(ProxyError::UnsupportedStatement {
-                    description: "INSERT statement has no source".to_string(),
-                });
-            }
-        }
-        Ok(())
-    }
-    /// Erstellt eine Zuweisung `haex_modified_hlc = '...'`
-    // NEU: Hilfsfunktion
-    fn create_hlc_assignment(&self, ts: &Timestamp) -> Assignment {
-        Assignment {
-            target: AssignmentTarget::ColumnName(ObjectName(vec![ObjectNamePart::Identifier(
-                Ident::new(HLC_TIMESTAMP_COLUMN),
-            )])),
-            value: Expr::Value(Value::SingleQuotedString(ts.to_string()).into()),
-        }
-    }
-}

src-tauri/src/crdt/transformer.rs

@@ -0,0 +1,187 @@
+// src-tauri/src/crdt/transformer.rs
+
+use crate::crdt::insert_transformer::InsertTransformer;
+use crate::crdt::trigger::HLC_TIMESTAMP_COLUMN;
+use crate::database::error::DatabaseError;
+use crate::table_names::{TABLE_CRDT_CONFIGS, TABLE_CRDT_LOGS};
+use sqlparser::ast::{
+    Assignment, AssignmentTarget, ColumnDef, DataType, Expr, Ident, ObjectName, ObjectNamePart,
+    Statement, TableFactor, TableObject, Value,
+};
+use std::borrow::Cow;
+use std::collections::HashSet;
+use uhlc::Timestamp;
+
+/// Konfiguration für CRDT-Spalten
+#[derive(Clone)]
+struct CrdtColumns {
+    hlc_timestamp: &'static str,
+}
+
+impl CrdtColumns {
+    const DEFAULT: Self = Self {
+        hlc_timestamp: HLC_TIMESTAMP_COLUMN,
+    };
+
+    /// Erstellt eine HLC-Zuweisung für UPDATE/DELETE
+    fn create_hlc_assignment(&self, timestamp: &Timestamp) -> Assignment {
+        Assignment {
+            target: AssignmentTarget::ColumnName(ObjectName(vec![ObjectNamePart::Identifier(
+                Ident::new(self.hlc_timestamp),
+            )])),
+            value: Expr::Value(Value::SingleQuotedString(timestamp.to_string()).into()),
+        }
+    }
+
+    /// Fügt CRDT-Spalten zu einer Tabellendefinition hinzu
+    fn add_to_table_definition(&self, columns: &mut Vec<ColumnDef>) {
+        if !columns.iter().any(|c| c.name.value == self.hlc_timestamp) {
+            columns.push(ColumnDef {
+                name: Ident::new(self.hlc_timestamp),
+                data_type: DataType::String(None),
+                options: vec![],
+            });
+        }
+    }
+}
+
+pub struct CrdtTransformer {
+    columns: CrdtColumns,
+    excluded_tables: HashSet<&'static str>,
+}
+
+impl CrdtTransformer {
+    pub fn new() -> Self {
+        let mut excluded_tables = HashSet::new();
+        excluded_tables.insert(TABLE_CRDT_CONFIGS);
+        excluded_tables.insert(TABLE_CRDT_LOGS);
+
+        Self {
+            columns: CrdtColumns::DEFAULT,
+            excluded_tables,
+        }
+    }
+
+    /// Prüft, ob eine Tabelle CRDT-Synchronisation unterstützen soll
+    fn is_crdt_sync_table(&self, name: &ObjectName) -> bool {
+        let table_name = self.normalize_table_name(name);
+        !self.excluded_tables.contains(table_name.as_ref())
+    }
+
+    /// Normalisiert Tabellennamen (entfernt Anführungszeichen)
+    fn normalize_table_name(&self, name: &ObjectName) -> Cow<str> {
+        let name_str = name.to_string().to_lowercase();
+        Cow::Owned(name_str.trim_matches('`').trim_matches('"').to_string())
+    }
+
+    // =================================================================
+    // ÖFFENTLICHE API-METHODEN
+    // =================================================================
+
+    pub fn transform_execute_statement_with_table_info(
+        &self,
+        stmt: &mut Statement,
+        hlc_timestamp: &Timestamp,
+    ) -> Result<Option<String>, DatabaseError> {
+        match stmt {
+            Statement::CreateTable(create_table) => {
+                if self.is_crdt_sync_table(&create_table.name) {
+                    self.columns
+                        .add_to_table_definition(&mut create_table.columns);
+                    Ok(Some(
+                        self.normalize_table_name(&create_table.name).into_owned(),
+                    ))
+                } else {
+                    Ok(None)
+                }
+            }
+            Statement::Insert(insert_stmt) => {
+                if let TableObject::TableName(name) = &insert_stmt.table {
+                    if self.is_crdt_sync_table(name) {
+                        // Hard Delete: Kein Schema-Lookup mehr nötig (kein ON CONFLICT)
+                        let insert_transformer = InsertTransformer::new();
+                        insert_transformer.transform_insert(insert_stmt, hlc_timestamp)?;
+                    }
+                }
+                Ok(None)
+            }
+            Statement::Update {
+                table, assignments, ..
+            } => {
+                if let TableFactor::Table { name, .. } = &table.relation {
+                    if self.is_crdt_sync_table(name) {
+                        assignments.push(self.columns.create_hlc_assignment(hlc_timestamp));
+                    }
+                }
+                Ok(None)
+            }
+            Statement::Delete(_del_stmt) => {
+                // Hard Delete - keine Transformation!
+                // DELETE bleibt DELETE
+                // BEFORE DELETE Trigger schreiben die Logs
+                Ok(None)
+            }
+            Statement::AlterTable { name, .. } => {
+                if self.is_crdt_sync_table(name) {
+                    Ok(Some(self.normalize_table_name(name).into_owned()))
+                } else {
+                    Ok(None)
+                }
+            }
+            _ => Ok(None),
+        }
+    }
+
+    pub fn transform_execute_statement(
+        &self,
+        stmt: &mut Statement,
+        hlc_timestamp: &Timestamp,
+    ) -> Result<Option<String>, DatabaseError> {
+        match stmt {
+            Statement::CreateTable(create_table) => {
+                if self.is_crdt_sync_table(&create_table.name) {
+                    self.columns
+                        .add_to_table_definition(&mut create_table.columns);
+                    Ok(Some(
+                        self.normalize_table_name(&create_table.name).into_owned(),
+                    ))
+                } else {
+                    Ok(None)
+                }
+            }
+            Statement::Insert(insert_stmt) => {
+                if let TableObject::TableName(name) = &insert_stmt.table {
+                    if self.is_crdt_sync_table(name) {
+                        // Hard Delete: Keine ON CONFLICT Logik mehr nötig
+                        let insert_transformer = InsertTransformer::new();
+                        insert_transformer.transform_insert(insert_stmt, hlc_timestamp)?;
+                    }
+                }
+                Ok(None)
+            }
+            Statement::Update {
+                table, assignments, ..
+            } => {
+                if let TableFactor::Table { name, .. } = &table.relation {
+                    if self.is_crdt_sync_table(name) {
+                        assignments.push(self.columns.create_hlc_assignment(hlc_timestamp));
+                    }
+                }
+                Ok(None)
+            }
+            Statement::Delete(_del_stmt) => {
+                // Hard Delete - keine Transformation!
+                // DELETE bleibt DELETE
+                Ok(None)
+            }
+            Statement::AlterTable { name, .. } => {
+                if self.is_crdt_sync_table(name) {
+                    Ok(Some(self.normalize_table_name(name).into_owned()))
+                } else {
+                    Ok(None)
+                }
+            }
+            _ => Ok(None),
+        }
+    }
+}

src-tauri/src/crdt/trigger.rs

@@ -1,32 +1,79 @@
-use rusqlite::{Connection, Result, Row};
+// src-tauri/src/crdt/trigger.rs
+use crate::table_names::TABLE_CRDT_LOGS;
+use rusqlite::{Connection, Result as RusqliteResult, Row, Transaction};
 use serde::Serialize;
-use std::fmt::Write;
+use std::error::Error;
+use std::fmt::{self, Display, Formatter, Write};
 use ts_rs::TS;
 
-// the z_ prefix should make sure that these triggers are executed lasts
+// Der "z_"-Präfix soll sicherstellen, dass diese Trigger als Letzte ausgeführt werden
 const INSERT_TRIGGER_TPL: &str = "z_crdt_{TABLE_NAME}_insert";
 const UPDATE_TRIGGER_TPL: &str = "z_crdt_{TABLE_NAME}_update";
+const DELETE_TRIGGER_TPL: &str = "z_crdt_{TABLE_NAME}_delete";
+
+pub const HLC_TIMESTAMP_COLUMN: &str = "haex_timestamp";
+
+/// Name der custom UUID-Generierungs-Funktion (registriert in database::core::open_and_init_db)
+pub const UUID_FUNCTION_NAME: &str = "gen_uuid";
+
+#[derive(Debug)]
+pub enum CrdtSetupError {
+    /// Kapselt einen Fehler, der von der rusqlite-Bibliothek kommt.
+    DatabaseError(rusqlite::Error),
+    HlcColumnMissing {
+        table_name: String,
+        column_name: String,
+    },
+    /// Die Tabelle hat keinen Primärschlüssel, was eine CRDT-Voraussetzung ist.
+    PrimaryKeyMissing { table_name: String },
+}
+
+// Implementierung, damit unser Error-Typ schön formatiert werden kann.
+impl Display for CrdtSetupError {
+    fn fmt(&self, f: &mut Formatter<'_>) -> fmt::Result {
+        match self {
+            CrdtSetupError::DatabaseError(e) => write!(f, "Database error: {e}"),
+            CrdtSetupError::HlcColumnMissing {
+                table_name,
+                column_name,
+            } => write!(
+                f,
+                "Table '{table_name}' is missing the required hlc column '{column_name}'"
+            ),
+            CrdtSetupError::PrimaryKeyMissing { table_name } => {
+                write!(f, "Table '{table_name}' has no primary key")
+            }
+        }
+    }
+}
+
+// Implementierung, damit unser Typ als "echter" Error erkannt wird.
+impl Error for CrdtSetupError {}
+
+// Wichtige Konvertierung: Erlaubt uns, den `?`-Operator auf Funktionen zu verwenden,
+// die `rusqlite::Error` zurückgeben. Der Fehler wird automatisch in unseren
+// `CrdtSetupError::DatabaseError` verpackt.
+impl From<rusqlite::Error> for CrdtSetupError {
+    fn from(err: rusqlite::Error) -> Self {
+        CrdtSetupError::DatabaseError(err)
+    }
+}
 
-pub const LOG_TABLE_NAME: &str = "haex_crdt_logs";
-pub const TOMBSTONE_COLUMN: &str = "haex_tombstone";
-pub const HLC_TIMESTAMP_COLUMN: &str = "haex_hlc_timestamp";
 #[derive(Debug, Serialize, TS)]
 #[ts(export)]
-#[serde(tag = "status", content = "details")]
 pub enum TriggerSetupResult {
     Success,
     TableNotFound,
-    TombstoneColumnMissing { column_name: String },
-    PrimaryKeyMissing,
 }
 
-struct ColumnInfo {
+#[derive(Debug, Clone)]
-    name: String,
+pub struct ColumnInfo {
-    is_pk: bool,
+    pub name: String,
+    pub is_pk: bool,
 }
 
 impl ColumnInfo {
-    fn from_row(row: &Row) -> Result<Self> {
+    pub fn from_row(row: &Row) -> RusqliteResult<Self> {
         Ok(ColumnInfo {
             name: row.get("name")?,
             is_pk: row.get::<_, i64>("pk")? > 0,
@@ -34,145 +81,278 @@ impl ColumnInfo {
     }
 }
 
-pub struct TriggerManager;
+fn is_safe_identifier(name: &str) -> bool {
+    // Allow alphanumeric characters, underscores, and hyphens (for extension names like "nuxt-app")
+    !name.is_empty() && name.chars().all(|c| c.is_alphanumeric() || c == '_' || c == '-')
+}
 
-impl TriggerManager {
+/// Richtet CRDT-Trigger für eine einzelne Tabelle ein.
-    pub fn new() -> Self {
+pub fn setup_triggers_for_table(
-        TriggerManager {}
+    tx: &Transaction,
+    table_name: &str,
+    recreate: bool,
+) -> Result<TriggerSetupResult, CrdtSetupError> {
+    let columns = get_table_schema(tx, table_name)?;
+
+    if columns.is_empty() {
+        return Ok(TriggerSetupResult::TableNotFound);
     }
 
-    pub fn setup_triggers_for_table(
+    if !columns.iter().any(|c| c.name == HLC_TIMESTAMP_COLUMN) {
-        &self,
+        return Err(CrdtSetupError::HlcColumnMissing {
-        conn: &mut Connection,
+            table_name: table_name.to_string(),
-        table_name: &str,
+            column_name: HLC_TIMESTAMP_COLUMN.to_string(),
-    ) -> Result<TriggerSetupResult, rusqlite::Error> {
+        });
-        let columns = self.get_table_schema(conn, table_name)?;
-
-        if columns.is_empty() {
-            return Ok(TriggerSetupResult::TableNotFound);
-        }
-
-        if !columns.iter().any(|c| c.name == TOMBSTONE_COLUMN) {
-            return Ok(TriggerSetupResult::TombstoneColumnMissing {
-                column_name: TOMBSTONE_COLUMN.to_string(),
-            });
-        }
-
-        let pks: Vec<String> = columns
-            .iter()
-            .filter(|c| c.is_pk)
-            .map(|c| c.name.clone())
-            .collect();
-        if pks.is_empty() {
-            return Ok(TriggerSetupResult::PrimaryKeyMissing);
-        }
-
-        let cols_to_track: Vec<String> = columns
-            .iter()
-            .filter(|c| !c.is_pk && c.name != TOMBSTONE_COLUMN)
-            .map(|c| c.name.clone())
-            .collect();
-
-        let insert_trigger_sql = self.generate_insert_trigger_sql(table_name, &pks, &cols_to_track);
-        let update_trigger_sql = self.generate_update_trigger_sql(table_name, &pks, &cols_to_track);
-        let drop_insert_trigger_sql = self.drop_trigger_sql(table_name, "insert");
-
-        let tx = conn.transaction()?;
-        tx.execute_batch(&format!("{}\n{}", insert_trigger_sql, update_trigger_sql))?;
-        tx.commit()?;
-
-        Ok(TriggerSetupResult::Success)
     }
 
-    fn get_table_schema(&self, conn: &Connection, table_name: &str) -> Result<Vec<ColumnInfo>> {
+    let pks: Vec<String> = columns
-        let sql = format!("PRAGMA table_info('{}');", table_name);
+        .iter()
-        let mut stmt = conn.prepare(&sql)?;
+        .filter(|c| c.is_pk)
-        let rows = stmt.query_map([], ColumnInfo::from_row)?;
+        .map(|c| c.name.clone())
-        rows.collect()
+        .collect();
+
+    if pks.is_empty() {
+        return Err(CrdtSetupError::PrimaryKeyMissing {
+            table_name: table_name.to_string(),
+        });
     }
 
-    fn generate_insert_trigger_sql(
+    let cols_to_track: Vec<String> = columns
-        &self,
+        .iter()
-        table_name: &str,
+        .filter(|c| !c.is_pk)
-        pks: &[String],
+        .map(|c| c.name.clone())
-        cols: &[String],
+        .collect();
-    ) -> String {
-        let pk_json_payload = pks
-            .iter()
-            .map(|pk| format!("'{}', NEW.\"{}\"", pk, pk))
-            .collect::<Vec<_>>()
-            .join(", ");
 
-        let column_inserts = cols.iter().fold(String::new(), |mut acc, col| {
+    let insert_trigger_sql = generate_insert_trigger_sql(table_name, &pks, &cols_to_track);
-            writeln!(&mut acc, "INSERT INTO {log_table} (hlc_timestamp, op_type, table_name, row_pk, column_name, value) VALUES (NEW.\"{hlc_col}\", 'INSERT', '{table}', json_object({pk_payload}), '{column}', json_object('value', NEW.\"{column}\"));",
+    let update_trigger_sql = generate_update_trigger_sql(table_name, &pks, &cols_to_track);
-                log_table = LOG_TABLE_NAME,
+    let delete_trigger_sql = generate_delete_trigger_sql(table_name, &pks, &cols_to_track);
-                hlc_col = HLC_TIMESTAMP_COLUMN,
+
-                table = table_name,
+    if recreate {
-                pk_payload = pk_json_payload,
+        drop_triggers_for_table(tx, table_name)?;
-                column = col
+    }
+
+    tx.execute_batch(&insert_trigger_sql)?;
+    tx.execute_batch(&update_trigger_sql)?;
+    tx.execute_batch(&delete_trigger_sql)?;
+
+    Ok(TriggerSetupResult::Success)
+}
+
+/// Holt das Schema für eine gegebene Tabelle.
+pub fn get_table_schema(conn: &Connection, table_name: &str) -> RusqliteResult<Vec<ColumnInfo>> {
+    if !is_safe_identifier(table_name) {
+        return Err(rusqlite::Error::InvalidParameterName(format!(
+            "Invalid or unsafe table name provided: {table_name}"
+        )));
+    }
+
+    let sql = format!("PRAGMA table_info(\"{table_name}\");");
+    let mut stmt = conn.prepare(&sql)?;
+    let rows = stmt.query_map([], ColumnInfo::from_row)?;
+    rows.collect()
+}
+
+// get_foreign_key_columns() removed - not needed with hard deletes (no ON CONFLICT logic)
+
+pub fn drop_triggers_for_table(
+    tx: &Transaction, // Arbeitet direkt auf einer Transaktion
+    table_name: &str,
+) -> Result<(), CrdtSetupError> {
+    if !is_safe_identifier(table_name) {
+        return Err(rusqlite::Error::InvalidParameterName(format!(
+            "Invalid or unsafe table name provided: {table_name}"
+        ))
+        .into());
+    }
+
+    let drop_insert_trigger_sql =
+        drop_trigger_sql(INSERT_TRIGGER_TPL.replace("{TABLE_NAME}", table_name));
+    let drop_update_trigger_sql =
+        drop_trigger_sql(UPDATE_TRIGGER_TPL.replace("{TABLE_NAME}", table_name));
+    let drop_delete_trigger_sql =
+        drop_trigger_sql(DELETE_TRIGGER_TPL.replace("{TABLE_NAME}", table_name));
+
+    let sql_batch = format!(
+        "{drop_insert_trigger_sql}\n{drop_update_trigger_sql}\n{drop_delete_trigger_sql}"
+    );
+
+    tx.execute_batch(&sql_batch)?;
+    Ok(())
+}
+
+/* pub fn recreate_triggers_for_table(
+    conn: &mut Connection,
+    table_name: &str,
+) -> Result<TriggerSetupResult, CrdtSetupError> {
+    // Starte eine einzige Transaktion für beide Operationen
+    let tx = conn.transaction()?;
+
+    // 1. Rufe die Drop-Funktion auf
+    drop_triggers_for_table(&tx, table_name)?;
+
+    // 2. Erstelle die Trigger neu (vereinfachte Logik ohne Drop)
+    // Wir rufen die `setup_triggers_for_table` Logik hier manuell nach,
+    // um die Transaktion weiterzuverwenden.
+    let columns = get_table_schema(&tx, table_name)?;
+
+    if columns.is_empty() {
+        tx.commit()?; // Wichtig: Transaktion beenden
+        return Ok(TriggerSetupResult::TableNotFound);
+    }
+    // ... (Validierungslogik wiederholen) ...
+    if !columns.iter().any(|c| c.name == TOMBSTONE_COLUMN) {
+        /* ... */
+        return Err(CrdtSetupError::TombstoneColumnMissing {
+            table_name: table_name.to_string(),
+            column_name: TOMBSTONE_COLUMN.to_string(),
+        });
+    }
+    let pks: Vec<String> = columns
+        .iter()
+        .filter(|c| c.is_pk)
+        .map(|c| c.name.clone())
+        .collect();
+    if pks.is_empty() {
+        /* ... */
+        return Err(CrdtSetupError::PrimaryKeyMissing {
+            table_name: table_name.to_string(),
+        });
+    }
+    let cols_to_track: Vec<String> = columns
+        .iter()
+        .filter(|c| !c.is_pk && c.name != TOMBSTONE_COLUMN && c.name != HLC_TIMESTAMP_COLUMN)
+        .map(|c| c.name.clone())
+        .collect();
+
+    let insert_trigger_sql = generate_insert_trigger_sql(table_name, &pks, &cols_to_track);
+    let update_trigger_sql = generate_update_trigger_sql(table_name, &pks, &cols_to_track);
+    let sql_batch = format!("{}\n{}", insert_trigger_sql, update_trigger_sql);
+    tx.execute_batch(&sql_batch)?;
+
+    // Beende die Transaktion
+    tx.commit()?;
+
+    Ok(TriggerSetupResult::Success)
+}
+ */
+/// Generiert das SQL für den INSERT-Trigger.
+fn generate_insert_trigger_sql(table_name: &str, pks: &[String], cols: &[String]) -> String {
+    let pk_json_payload = pks
+        .iter()
+        .map(|pk| format!("'{pk}', NEW.\"{pk}\""))
+        .collect::<Vec<_>>()
+        .join(", ");
+
+    let column_inserts = if cols.is_empty() {
+        // Nur PKs -> einfacher Insert ins Log
+        format!(
+            "INSERT INTO {TABLE_CRDT_LOGS} (id, haex_timestamp, op_type, table_name, row_pks)
+            VALUES ({UUID_FUNCTION_NAME}(), NEW.\"{HLC_TIMESTAMP_COLUMN}\", 'INSERT', '{table_name}', json_object({pk_json_payload}));"
+        )
+    } else {
+        cols.iter().fold(String::new(), |mut acc, col| {
+            writeln!(
+                &mut acc,
+                "INSERT INTO {TABLE_CRDT_LOGS} (id, haex_timestamp, op_type, table_name, row_pks, column_name, new_value)
+                VALUES ({UUID_FUNCTION_NAME}(), NEW.\"{HLC_TIMESTAMP_COLUMN}\", 'INSERT', '{table_name}', json_object({pk_json_payload}), '{col}', json_object('value', NEW.\"{col}\"));"
             ).unwrap();
             acc
-        });
+        })
+    };
 
-        // Verwende die neue Konstante für den Trigger-Namen
+    let trigger_name = INSERT_TRIGGER_TPL.replace("{TABLE_NAME}", table_name);
-        let trigger_name = INSERT_TRIGGER_TPL.replace("{TABLE_NAME}", table_name);
 
-        format!(
+    format!(
-            "CREATE TRIGGER IF NOT EXISTS {trigger_name}
+        "CREATE TRIGGER IF NOT EXISTS \"{trigger_name}\"
             AFTER INSERT ON \"{table_name}\"
             FOR EACH ROW
             BEGIN
-                {column_inserts}
+            {column_inserts}
             END;"
-        )
+    )
+}
+
+/// Generiert das SQL zum Löschen eines Triggers.
+fn drop_trigger_sql(trigger_name: String) -> String {
+    format!("DROP TRIGGER IF EXISTS \"{trigger_name}\";")
+}
+
+/// Generiert das SQL für den UPDATE-Trigger.
+fn generate_update_trigger_sql(table_name: &str, pks: &[String], cols: &[String]) -> String {
+    let pk_json_payload = pks
+        .iter()
+        .map(|pk| format!("'{pk}', NEW.\"{pk}\""))
+        .collect::<Vec<_>>()
+        .join(", ");
+
+    let mut body = String::new();
+
+    // Spaltenänderungen loggen
+    if !cols.is_empty() {
+        for col in cols {
+            writeln!(
+                &mut body,
+                "INSERT INTO {TABLE_CRDT_LOGS} (id, haex_timestamp, op_type, table_name, row_pks, column_name, new_value, old_value)
+                    SELECT {UUID_FUNCTION_NAME}(), NEW.\"{HLC_TIMESTAMP_COLUMN}\", 'UPDATE', '{table_name}', json_object({pk_json_payload}), '{col}',
+                    json_object('value', NEW.\"{col}\"), json_object('value', OLD.\"{col}\")
+                    WHERE NEW.\"{col}\" IS NOT OLD.\"{col}\";"
+            ).unwrap();
+        }
     }
 
-    fn drop_trigger_sql(&self, table: &str, action: &str) -> String {
+    // Soft-delete Logging entfernt - wir nutzen jetzt Hard Deletes mit eigenem BEFORE DELETE Trigger
-        format!("DROP TRIGGER IF EXISTS z_crdt_{table}_{action};")
-    }
 
-    fn generate_update_trigger_sql(
+    let trigger_name = UPDATE_TRIGGER_TPL.replace("{TABLE_NAME}", table_name);
-        &self,
-        table_name: &str,
-        pks: &[String],
-        cols: &[String],
-    ) -> String {
-        let pk_json_payload = pks
-            .iter()
-            .map(|pk| format!("'{}', NEW.\"{}\"", pk, pk))
-            .collect::<Vec<_>>()
-            .join(", ");
 
-        let column_updates = cols.iter().fold(String::new(), |mut acc, col| {
+    format!(
-            writeln!(&mut acc, "IF NEW.\"{column}\" IS NOT OLD.\"{column}\" THEN INSERT INTO {log_table} (hlc_timestamp, op_type, table_name, row_pk, column_name, value, old_value) VALUES (NEW.\"{hlc_col}\", 'UPDATE', '{table}', json_object({pk_payload}), '{column}', json_object('value', NEW.\"{column}\"), json_object('value', OLD.\"{column}\")); END IF;",
+        "CREATE TRIGGER IF NOT EXISTS \"{trigger_name}\"
-                log_table = LOG_TABLE_NAME,
-                hlc_col = HLC_TIMESTAMP_COLUMN,
-                table = table_name,
-                pk_payload = pk_json_payload,
-                column = col).unwrap();
-            acc
-        });
-
-        let soft_delete_logic = format!(
-            "IF NEW.{tombstone_col} = 1 AND OLD.{tombstone_col} = 0 THEN INSERT INTO {log_table} (hlc_timestamp, op_type, table_name, row_pk) VALUES (NEW.\"{hlc_col}\", 'DELETE', '{table}', json_object({pk_payload})); END IF;",
-            log_table = LOG_TABLE_NAME,
-            hlc_col = HLC_TIMESTAMP_COLUMN,
-            tombstone_col = TOMBSTONE_COLUMN,
-            table = table_name,
-            pk_payload = pk_json_payload
-        );
-
-        // Verwende die neue Konstante für den Trigger-Namen
-        let trigger_name = UPDATE_TRIGGER_TPL.replace("{TABLE_NAME}", table_name);
-
-        format!(
-            "CREATE TRIGGER IF NOT EXISTS {trigger_name}
             AFTER UPDATE ON \"{table_name}\"
             FOR EACH ROW
             BEGIN
-                {column_updates}
+            {body}
-                {soft_delete_logic}
             END;"
-        )
+    )
-    }
+}
+
+/// Generiert das SQL für den BEFORE DELETE-Trigger.
+/// WICHTIG: BEFORE DELETE damit die Daten noch verfügbar sind!
+fn generate_delete_trigger_sql(table_name: &str, pks: &[String], cols: &[String]) -> String {
+    let pk_json_payload = pks
+        .iter()
+        .map(|pk| format!("'{pk}', OLD.\"{pk}\""))
+        .collect::<Vec<_>>()
+        .join(", ");
+
+    let mut body = String::new();
+
+    // Alle Spaltenwerte speichern für mögliche Wiederherstellung
+    if !cols.is_empty() {
+        for col in cols {
+            writeln!(
+                &mut body,
+                "INSERT INTO {TABLE_CRDT_LOGS} (id, haex_timestamp, op_type, table_name, row_pks, column_name, old_value)
+                    VALUES ({UUID_FUNCTION_NAME}(), OLD.\"{HLC_TIMESTAMP_COLUMN}\", 'DELETE', '{table_name}', json_object({pk_json_payload}), '{col}',
+                    json_object('value', OLD.\"{col}\"));"
+            ).unwrap();
+        }
+    } else {
+        // Nur PKs -> minimales Delete Log
+        writeln!(
+            &mut body,
+            "INSERT INTO {TABLE_CRDT_LOGS} (id, haex_timestamp, op_type, table_name, row_pks)
+                VALUES ({UUID_FUNCTION_NAME}(), OLD.\"{HLC_TIMESTAMP_COLUMN}\", 'DELETE', '{table_name}', json_object({pk_json_payload}));"
+        )
+        .unwrap();
+    }
+
+    let trigger_name = DELETE_TRIGGER_TPL.replace("{TABLE_NAME}", table_name);
+
+    format!(
+        "CREATE TRIGGER IF NOT EXISTS \"{trigger_name}\"
+            BEFORE DELETE ON \"{table_name}\"
+            FOR EACH ROW
+            BEGIN
+            {body}
+            END;"
+    )
 }

src-tauri/src/database/core.rs

@@ -1,246 +1,609 @@
-// database/core.rs
+// src-tauri/src/database/core.rs
-use crate::crdt::hlc;
+
+use crate::crdt::trigger::UUID_FUNCTION_NAME;
+use crate::database::error::DatabaseError;
 use crate::database::DbConnection;
+use crate::extension::database::executor::SqlExecutor;
 use base64::{engine::general_purpose::STANDARD, Engine as _};
+use rusqlite::functions::FunctionFlags;
+use rusqlite::types::Value as SqlValue;
 use rusqlite::{
     types::{Value as RusqliteValue, ValueRef},
     Connection, OpenFlags, ToSql,
 };
 use serde_json::Value as JsonValue;
-use tauri::State;
+use sqlparser::ast::{Expr, Query, Select, SetExpr, Statement, TableFactor, TableObject};
-// --- Hilfsfunktion: Konvertiert JSON Value zu etwas, das rusqlite versteht ---
+use sqlparser::dialect::SQLiteDialect;
-// Diese Funktion ist etwas knifflig wegen Ownership und Lifetimes.
+use sqlparser::parser::Parser;
-// Eine einfachere Variante ist oft, direkt rusqlite::types::Value zu erstellen.
+use uuid::Uuid;
-// Hier ein Beispiel, das owned Values erstellt (braucht evtl. Anpassung je nach rusqlite-Version/Nutzung)
-fn json_to_rusqlite_value(json_val: &JsonValue) -> Result<RusqliteValue, String> {
-    match json_val {
-        JsonValue::Null => Ok(RusqliteValue::Null),
-        JsonValue::Bool(b) => Ok(RusqliteValue::Integer(*b as i64)), // SQLite hat keinen BOOLEAN
-        JsonValue::Number(n) => {
-            if let Some(i) = n.as_i64() {
-                Ok(RusqliteValue::Integer(i))
-            } else if let Some(f) = n.as_f64() {
-                Ok(RusqliteValue::Real(f))
-            } else {
-                Err("Ungültiger Zahlenwert".to_string())
-            }
-        }
-        JsonValue::String(s) => Ok(RusqliteValue::Text(s.clone())),
-        JsonValue::Array(_) | JsonValue::Object(_) => {
-            // SQLite kann Arrays/Objects nicht direkt speichern (außer als TEXT/BLOB)
-            // Konvertiere sie zu JSON-Strings, wenn das gewünscht ist
-            Ok(RusqliteValue::Text(
-                serde_json::to_string(json_val).map_err(|e| e.to_string())?,
-            ))
-            // Oder gib einen Fehler zurück, wenn Arrays/Objekte nicht erlaubt sind
-            // Err("Arrays oder Objekte werden nicht direkt als Parameter unterstützt".to_string())
-        }
-    }
-}
-
-pub async fn execute(
-    sql: String,
-    params: Vec<JsonValue>,
-    state: &State<'_, DbConnection>,
-) -> Result<usize, String> {
-    // Gibt Anzahl betroffener Zeilen zurück
-
-    let params_converted: Vec<RusqliteValue> = params
-        .iter()
-        .map(json_to_rusqlite_value)
-        .collect::<Result<Vec<_>, _>>()?;
-    let params_sql: Vec<&dyn ToSql> = params_converted.iter().map(|v| v as &dyn ToSql).collect();
-
-    let db_lock = state
-        .0
-        .lock()
-        .map_err(|e| format!("Mutex Lock Fehler: {}", e))?;
-    let conn = db_lock.as_ref().ok_or("Keine Datenbankverbindung")?;
-
-    let affected_rows = conn
-        .execute(&sql, &params_sql[..])
-        .map_err(|e| format!("SQL Execute Fehler: {}", e))?;
-
-    Ok(affected_rows)
-}
-
-pub async fn select(
-    sql: String,
-    params: Vec<JsonValue>,
-    state: &State<'_, DbConnection>,
-) -> Result<Vec<Vec<JsonValue>>, String> {
-    // Ergebnis als Vec<RowObject>
-
-    // Konvertiere JSON Params zu rusqlite Values für die Abfrage
-    // Wir sammeln sie als owned Values, da `params_from_iter` Referenzen braucht,
-    // was mit lokalen Konvertierungen schwierig ist.
-    let params_converted: Vec<RusqliteValue> = params
-        .iter()
-        .map(json_to_rusqlite_value)
-        .collect::<Result<Vec<_>, _>>()?; // Sammle Ergebnisse, gibt Fehler weiter
-
-    // Konvertiere zu Slice von ToSql-Referenzen (erfordert, dass die Values leben)
-    let params_sql: Vec<&dyn ToSql> = params_converted.iter().map(|v| v as &dyn ToSql).collect();
-
-    // Zugriff auf die Verbindung (blockierend, okay für SQLite in vielen Fällen)
-    let db_lock = state
-        .0
-        .lock()
-        .map_err(|e| format!("Mutex Lock Fehler: {}", e))?;
-    let conn = db_lock.as_ref().ok_or("Keine Datenbankverbindung")?;
-
-    let mut stmt = conn
-        .prepare(&sql)
-        .map_err(|e| format!("SQL Prepare Fehler: {}", e))?;
-    let column_names: Vec<String> = stmt
-        .column_names()
-        .into_iter()
-        .map(|s| s.to_string())
-        .collect();
-    let num_columns = column_names.len();
-
-    let mut rows = stmt
-        .query(&params_sql[..])
-        .map_err(|e| format!("SQL Query Fehler: {}", e))?;
-    let mut result_vec: Vec<Vec<JsonValue>> = Vec::new();
-
-    println!();
-    println!();
-    println!();
-    println!();
-
-    while let Some(row) = rows.next().map_err(|e| format!("Row Next Fehler: {}", e))? {
-        //let mut row_map = HashMap::new();
-        let mut row_data: Vec<JsonValue> = Vec::with_capacity(num_columns);
-        for i in 0..num_columns {
-            let col_name = &column_names[i];
-
-            println!(
-                "--- Processing Column --- Index: {}, Name: '{}'",
-                i, col_name
-            );
-            let value_ref = row
-                .get_ref(i)
-                .map_err(|e| format!("Get Ref Fehler Spalte {}: {}", i, e))?;
-
-            // Wandle rusqlite ValueRef zurück zu serde_json Value
-            let json_val = match value_ref {
-                ValueRef::Null => JsonValue::Null,
-                ValueRef::Integer(i) => JsonValue::Number(i.into()),
-                ValueRef::Real(f) => JsonValue::Number(
-                    serde_json::Number::from_f64(f).unwrap_or(serde_json::Number::from(0)),
-                ), // Fallback für NaN/Infinity
-                ValueRef::Text(t) => {
-                    let s = String::from_utf8_lossy(t).to_string();
-                    // Versuche, als JSON zu parsen, falls es ursprünglich ein Array/Objekt war
-                    //serde_json::from_str(&s).unwrap_or(JsonValue::String(s))
-                    JsonValue::String(s)
-                }
-                ValueRef::Blob(b) => {
-                    // BLOBs z.B. als Base64-String zurückgeben
-                    JsonValue::String(STANDARD.encode(b))
-                }
-            };
-            println!(
-                "new row: name: {} with value: {}",
-                column_names[i].clone(),
-                json_val,
-            );
-            row_data.push(json_val);
-            //row_map.insert(column_names[i].clone(), json_val);
-        }
-        //result_vec.push(row_map);
-        result_vec.push(row_data);
-    }
-
-    Ok(result_vec)
-}
 
 /// Öffnet und initialisiert eine Datenbank mit Verschlüsselung
-pub fn open_and_init_db(path: &str, key: &str, create: bool) -> Result<Connection, String> {
+pub fn open_and_init_db(path: &str, key: &str, create: bool) -> Result<Connection, DatabaseError> {
     let flags = if create {
         OpenFlags::SQLITE_OPEN_READ_WRITE | OpenFlags::SQLITE_OPEN_CREATE
     } else {
         OpenFlags::SQLITE_OPEN_READ_WRITE
     };
 
-    let conn = Connection::open_with_flags(path, flags).map_err(|e| {
+    let conn =
-        format!(
+        Connection::open_with_flags(path, flags).map_err(|e| DatabaseError::ConnectionFailed {
-            "Dateiii gibt es nicht: {}. Habe nach {} gesucht",
+            path: path.to_string(),
-            e.to_string(),
+            reason: e.to_string(),
-            path
+        })?;
-        )
-    })?;
-    conn.pragma_update(None, "key", key)
-        .map_err(|e| e.to_string())?;
 
-    conn.execute_batch("SELECT count(*) from haex_extensions")
+    conn.pragma_update(None, "key", key)
-        .map_err(|e| e.to_string())?;
+        .map_err(|e| DatabaseError::PragmaError {
+            pragma: "key".to_string(),
+            reason: e.to_string(),
+        })?;
+
+    // Register custom UUID function for SQLite triggers
+    conn.create_scalar_function(
+        UUID_FUNCTION_NAME,
+        0,
+        FunctionFlags::SQLITE_UTF8 | FunctionFlags::SQLITE_DETERMINISTIC,
+        |_ctx| {
+            Ok(Uuid::new_v4().to_string())
+        },
+    )
+    .map_err(|e| DatabaseError::DatabaseError {
+        reason: format!("Failed to register {UUID_FUNCTION_NAME} function: {e}"),
+    })?;
 
     let journal_mode: String = conn
         .query_row("PRAGMA journal_mode=WAL;", [], |row| row.get(0))
-        .map_err(|e| e.to_string())?;
+        .map_err(|e| DatabaseError::PragmaError {
+            pragma: "journal_mode=WAL".to_string(),
+            reason: e.to_string(),
+        })?;
 
     if journal_mode.eq_ignore_ascii_case("wal") {
         println!("WAL mode successfully enabled.");
     } else {
-        eprintln!("Failed to enable WAL mode.");
+        eprintln!(
+            "Failed to enable WAL mode, journal_mode is '{journal_mode}'."
+        );
     }
 
     Ok(conn)
 }
 
-// Hilfsfunktionen für SQL-Parsing
+/// Utility für SQL-Parsing - parst ein einzelnes SQL-Statement
-pub fn extract_tables_from_query(query: &sqlparser::ast::Query) -> Vec<String> {
+pub fn parse_single_statement(sql: &str) -> Result<Statement, DatabaseError> {
+    let dialect = SQLiteDialect {};
+    let statements = Parser::parse_sql(&dialect, sql).map_err(|e| DatabaseError::ParseError {
+        reason: e.to_string(),
+        sql: sql.to_string(),
+    })?;
+
+    statements
+        .into_iter()
+        .next()
+        .ok_or(DatabaseError::ParseError {
+            reason: "No SQL statement found".to_string(),
+            sql: sql.to_string(),
+        })
+}
+
+/// Utility für SQL-Parsing - parst mehrere SQL-Statements
+pub fn parse_sql_statements(sql: &str) -> Result<Vec<Statement>, DatabaseError> {
+    let dialect = SQLiteDialect {};
+
+    // Normalize whitespace: replace multiple whitespaces (including newlines, tabs) with single space
+    let normalized_sql = sql
+        .split_whitespace()
+        .collect::<Vec<&str>>()
+        .join(" ");
+
+    Parser::parse_sql(&dialect, &normalized_sql).map_err(|e| DatabaseError::ParseError {
+        reason: format!("Failed to parse SQL: {e}"),
+        sql: sql.to_string(),
+    })
+}
+
+/// Prüft ob ein Statement ein RETURNING Clause hat (AST-basiert, sicher)
+pub fn statement_has_returning(statement: &Statement) -> bool {
+    match statement {
+        Statement::Insert(insert) => insert.returning.is_some(),
+        Statement::Update { returning, .. } => returning.is_some(),
+        Statement::Delete(delete) => delete.returning.is_some(),
+        _ => false,
+    }
+}
+
+pub struct ValueConverter;
+
+impl ValueConverter {
+    pub fn json_to_rusqlite_value(json_val: &JsonValue) -> Result<SqlValue, DatabaseError> {
+        match json_val {
+            JsonValue::Null => Ok(SqlValue::Null),
+            JsonValue::Bool(b) => {
+                // SQLite hat keinen Bool-Typ; verwende Integer 0/1
+                Ok(SqlValue::Integer(if *b { 1 } else { 0 }))
+            }
+            JsonValue::Number(n) => {
+                if let Some(i) = n.as_i64() {
+                    Ok(SqlValue::Integer(i))
+                } else if let Some(f) = n.as_f64() {
+                    Ok(SqlValue::Real(f))
+                } else {
+                    // Fallback: als Text
+                    Ok(SqlValue::Text(n.to_string()))
+                }
+            }
+            JsonValue::String(s) => Ok(SqlValue::Text(s.clone())),
+            JsonValue::Array(_) | JsonValue::Object(_) => {
+                // Arrays/Objects als JSON-Text speichern
+                serde_json::to_string(json_val)
+                    .map(SqlValue::Text)
+                    .map_err(|e| DatabaseError::SerializationError {
+                        reason: format!("Failed to serialize JSON param: {e}"),
+                    })
+            }
+        }
+    }
+
+    pub fn convert_params(params: &[JsonValue]) -> Result<Vec<SqlValue>, DatabaseError> {
+        params.iter().map(Self::json_to_rusqlite_value).collect()
+    }
+}
+
+/// Execute SQL mit CRDT-Transformation (für Drizzle-Integration)
+/// Diese Funktion sollte von Drizzle verwendet werden, um CRDT-Support zu erhalten
+pub fn execute_with_crdt(
+    sql: String,
+    params: Vec<JsonValue>,
+    connection: &DbConnection,
+    hlc_service: &std::sync::MutexGuard<crate::crdt::hlc::HlcService>,
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
+    with_connection(connection, |conn| {
+        let tx = conn.transaction().map_err(DatabaseError::from)?;
+        let _modified_tables = SqlExecutor::execute_internal(&tx, hlc_service, &sql, &params)?;
+        tx.commit().map_err(DatabaseError::from)?;
+
+        // Für Drizzle: gebe leeres Array zurück (wie bei execute ohne RETURNING)
+        Ok(vec![])
+    })
+}
+
+/// Execute SQL OHNE CRDT-Transformation (für spezielle Fälle)
+pub fn execute(
+    sql: String,
+    params: Vec<JsonValue>,
+    connection: &DbConnection,
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
+    // Konvertiere Parameter
+    let params_converted: Vec<RusqliteValue> = params
+        .iter()
+        .map(ValueConverter::json_to_rusqlite_value)
+        .collect::<Result<Vec<_>, _>>()?;
+    let params_sql: Vec<&dyn ToSql> = params_converted.iter().map(|v| v as &dyn ToSql).collect();
+
+    with_connection(connection, |conn| {
+        if sql.to_uppercase().contains("RETURNING") {
+            let mut stmt = conn.prepare(&sql)?;
+            let num_columns = stmt.column_count();
+            let mut rows = stmt.query(&params_sql[..])?;
+            let mut result_vec: Vec<Vec<JsonValue>> = Vec::new();
+
+            while let Some(row) = rows.next()? {
+                let mut row_values: Vec<JsonValue> = Vec::with_capacity(num_columns);
+                for i in 0..num_columns {
+                    let value_ref = row.get_ref(i)?;
+                    let json_val = convert_value_ref_to_json(value_ref)?;
+                    row_values.push(json_val);
+                }
+                result_vec.push(row_values);
+            }
+            Ok(result_vec)
+        } else {
+            conn.execute(&sql, &params_sql[..]).map_err(|e| {
+                let table_name = extract_primary_table_name_from_sql(&sql).unwrap_or(None);
+                DatabaseError::ExecutionError {
+                    sql: sql.clone(),
+                    reason: e.to_string(),
+                    table: table_name,
+                }
+            })?;
+            Ok(vec![])
+        }
+    })
+}
+
+pub fn select(
+    sql: String,
+    params: Vec<JsonValue>,
+    connection: &DbConnection,
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
+    // Validiere SQL-Statement
+    let statement = parse_single_statement(&sql)?;
+
+    // Stelle sicher, dass es eine Query ist
+    if !matches!(statement, Statement::Query(_)) {
+        return Err(DatabaseError::StatementError {
+            reason: "Only SELECT statements are allowed in select function".to_string(),
+        });
+    }
+
+    // Konvertiere Parameter
+    let params_converted: Vec<RusqliteValue> = params
+        .iter()
+        .map(ValueConverter::json_to_rusqlite_value)
+        .collect::<Result<Vec<_>, _>>()?;
+
+    let params_sql: Vec<&dyn ToSql> = params_converted.iter().map(|v| v as &dyn ToSql).collect();
+
+    with_connection(connection, |conn| {
+        let mut stmt = conn.prepare(&sql)?;
+        let num_columns = stmt.column_count();
+        let mut rows = stmt.query(&params_sql[..])?;
+        let mut result_vec: Vec<Vec<JsonValue>> = Vec::new();
+
+        while let Some(row) = rows.next()? {
+            let mut row_values: Vec<JsonValue> = Vec::with_capacity(num_columns);
+            for i in 0..num_columns {
+                let value_ref = row.get_ref(i)?;
+                let json_val = convert_value_ref_to_json(value_ref)?;
+                row_values.push(json_val);
+            }
+            result_vec.push(row_values);
+        }
+        Ok(result_vec)
+    })
+}
+
+pub fn select_with_crdt(
+    sql: String,
+    params: Vec<JsonValue>,
+    connection: &DbConnection,
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
+    with_connection(connection, |conn| {
+        SqlExecutor::query_select(conn, &sql, &params)
+    })
+}
+
+/// Konvertiert rusqlite ValueRef zu JSON
+pub fn convert_value_ref_to_json(value_ref: ValueRef) -> Result<JsonValue, DatabaseError> {
+    let json_val = match value_ref {
+        ValueRef::Null => JsonValue::Null,
+        ValueRef::Integer(i) => JsonValue::Number(i.into()),
+        ValueRef::Real(f) => JsonValue::Number(
+            serde_json::Number::from_f64(f).unwrap_or_else(|| serde_json::Number::from(0)),
+        ),
+        ValueRef::Text(t) => {
+            let s = String::from_utf8_lossy(t).to_string();
+            JsonValue::String(s)
+        }
+        ValueRef::Blob(b) => {
+            // BLOBs als Base64-String zurückgeben
+            JsonValue::String(STANDARD.encode(b))
+        }
+    };
+    Ok(json_val)
+}
+// Extrahiert alle Tabellennamen aus einem SQL-Statement über AST-Parsing
+pub fn extract_table_names_from_sql(sql: &str) -> Result<Vec<String>, DatabaseError> {
+    let statement = parse_single_statement(sql)?;
+    Ok(extract_table_names_from_statement(&statement))
+}
+
+/// Extrahiert den ersten/primären Tabellennamen aus einem SQL-Statement
+pub fn extract_primary_table_name_from_sql(sql: &str) -> Result<Option<String>, DatabaseError> {
+    let table_names = extract_table_names_from_sql(sql)?;
+    Ok(table_names.into_iter().next())
+}
+
+/// Extrahiert alle Tabellennamen aus einem AST Statement
+pub fn extract_table_names_from_statement(statement: &Statement) -> Vec<String> {
     let mut tables = Vec::new();
-    extract_tables_from_set_expr(&query.body, &mut tables);
+
+    match statement {
+        Statement::Query(query) => {
+            extract_tables_from_query_recursive(query, &mut tables);
+        }
+        Statement::Insert(insert) => {
+            if let TableObject::TableName(name) = &insert.table {
+                tables.push(name.to_string());
+            }
+        }
+        Statement::Update { table, .. } => {
+            extract_tables_from_table_factor(&table.relation, &mut tables);
+        }
+        Statement::Delete(delete) => {
+            use sqlparser::ast::FromTable;
+            match &delete.from {
+                FromTable::WithFromKeyword(table_refs) | FromTable::WithoutKeyword(table_refs) => {
+                    for table_ref in table_refs {
+                        extract_tables_from_table_factor(&table_ref.relation, &mut tables);
+                    }
+                }
+            }
+            // Fallback für DELETE-Syntax ohne FROM
+            for table_name in &delete.tables {
+                tables.push(table_name.to_string());
+            }
+        }
+        Statement::CreateTable(create) => {
+            tables.push(create.name.to_string());
+        }
+        Statement::AlterTable { name, .. } => {
+            tables.push(name.to_string());
+        }
+        Statement::Drop { names, .. } => {
+            for name in names {
+                tables.push(name.to_string());
+            }
+        }
+        Statement::CreateIndex(create_index) => {
+            tables.push(create_index.table_name.to_string());
+        }
+        Statement::Truncate { table_names, .. } => {
+            for table_name in table_names {
+                tables.push(table_name.to_string());
+            }
+        }
+        // Weitere Statement-Typen können hier hinzugefügt werden
+        _ => {
+            // Für unbekannte Statement-Typen geben wir eine leere Liste zurück
+        }
+    }
+
     tables
 }
 
-fn extract_tables_from_set_expr(set_expr: &sqlparser::ast::SetExpr, tables: &mut Vec<String>) {
+/// Extrahiert Tabellennamen rekursiv aus Query-Strukturen
-    match set_expr {
+fn extract_tables_from_query_recursive(query: &Query, tables: &mut Vec<String>) {
-        sqlparser::ast::SetExpr::Select(select) => {
+    extract_tables_from_set_expr_recursive(&query.body, tables);
-            for from in &select.from {
+}
-                extract_tables_from_table_with_joins(from, tables);
+
-            }
+/// Extrahiert Tabellennamen aus SELECT-Statements
+fn extract_tables_from_select(select: &Select, tables: &mut Vec<String>) {
+    // FROM clause
+    for table_ref in &select.from {
+        extract_tables_from_table_factor(&table_ref.relation, tables);
+
+        // JOINs
+        for join in &table_ref.joins {
+            extract_tables_from_table_factor(&join.relation, tables);
         }
-        sqlparser::ast::SetExpr::Query(query) => {
+    }
-            extract_tables_from_set_expr(&query.body, tables);
+    if let Some(selection) = &select.selection {
-        }
+        extract_tables_from_expr_recursive(selection, tables);
-        sqlparser::ast::SetExpr::SetOperation { left, right, .. } => {
-            extract_tables_from_set_expr(left, tables);
-            extract_tables_from_set_expr(right, tables);
-        }
-        _ => (), // Andere Fälle wie Values oder Insert ignorieren
     }
 }
 
-fn extract_tables_from_table_with_joins(
+fn extract_tables_from_expr_recursive(expr: &Expr, tables: &mut Vec<String>) {
-    table_with_joins: &sqlparser::ast::TableWithJoins,
+    match expr {
-    tables: &mut Vec<String>,
+        // This is the key: we found a subquery!
-) {
+        Expr::Subquery(subquery) => {
-    extract_tables_from_table_factor(&table_with_joins.relation, tables);
+            extract_tables_from_query_recursive(subquery, tables);
-    for join in &table_with_joins.joins {
+        }
-        extract_tables_from_table_factor(&join.relation, tables);
+        // These expressions can contain other expressions
+        Expr::BinaryOp { left, right, .. } => {
+            extract_tables_from_expr_recursive(left, tables);
+            extract_tables_from_expr_recursive(right, tables);
+        }
+        Expr::UnaryOp { expr, .. } => {
+            extract_tables_from_expr_recursive(expr, tables);
+        }
+        Expr::InSubquery { expr, subquery, .. } => {
+            extract_tables_from_expr_recursive(expr, tables);
+            extract_tables_from_query_recursive(subquery, tables);
+        }
+        Expr::Between {
+            expr, low, high, ..
+        } => {
+            extract_tables_from_expr_recursive(expr, tables);
+            extract_tables_from_expr_recursive(low, tables);
+            extract_tables_from_expr_recursive(high, tables);
+        }
+        // ... other expression types can be added here if needed
+        _ => {
+            // Other expressions (like literals, column names, etc.) don't contain tables.
+        }
     }
 }
-
+/// Extrahiert Tabellennamen aus TableFactor-Strukturen
-fn extract_tables_from_table_factor(
+fn extract_tables_from_table_factor(table_factor: &TableFactor, tables: &mut Vec<String>) {
-    table_factor: &sqlparser::ast::TableFactor,
-    tables: &mut Vec<String>,
-) {
     match table_factor {
-        sqlparser::ast::TableFactor::Table { name, .. } => {
+        TableFactor::Table { name, .. } => {
             tables.push(name.to_string());
         }
-        sqlparser::ast::TableFactor::Derived { subquery, .. } => {
+        TableFactor::Derived { subquery, .. } => {
-            extract_tables_from_set_expr(&subquery.body, tables);
+            extract_tables_from_query_recursive(subquery, tables);
         }
-        sqlparser::ast::TableFactor::NestedJoin {
+        TableFactor::TableFunction { .. } => {
+            // Table functions haben normalerweise keine direkten Tabellennamen
+        }
+        TableFactor::NestedJoin {
             table_with_joins, ..
         } => {
-            extract_tables_from_table_with_joins(table_with_joins, tables);
+            extract_tables_from_table_factor(&table_with_joins.relation, tables);
+            for join in &table_with_joins.joins {
+                extract_tables_from_table_factor(&join.relation, tables);
+            }
+        }
+        _ => {
+            // TableFunction, UNNEST, JsonTable, etc. haben normalerweise keine direkten Tabellennamen
+            // oder sind nicht relevant für SQLite
         }
-        _ => (), // Andere Fälle wie TableFunction ignorieren
+    }
+}
+
+/// Extrahiert Tabellennamen rekursiv aus SetExpr-Strukturen.
+/// Diese Funktion enthält die eigentliche rekursive Logik.
+fn extract_tables_from_set_expr_recursive(set_expr: &SetExpr, tables: &mut Vec<String>) {
+    match set_expr {
+        SetExpr::Select(select) => {
+            extract_tables_from_select(select, tables);
+        }
+        SetExpr::Query(sub_query) => {
+            extract_tables_from_set_expr_recursive(&sub_query.body, tables);
+        }
+        SetExpr::SetOperation { left, right, .. } => {
+            extract_tables_from_set_expr_recursive(left, tables);
+            extract_tables_from_set_expr_recursive(right, tables);
+        }
+
+        SetExpr::Values(_)
+        | SetExpr::Table(_)
+        | SetExpr::Insert(_)
+        | SetExpr::Update(_)
+        | SetExpr::Merge(_)
+        | SetExpr::Delete(_) => {}
+    }
+}
+
+pub fn with_connection<T, F>(connection: &DbConnection, f: F) -> Result<T, DatabaseError>
+where
+    F: FnOnce(&mut Connection) -> Result<T, DatabaseError>,
+{
+    let mut db_lock = connection
+        .0
+        .lock()
+        .map_err(|e| DatabaseError::MutexPoisoned {
+            reason: e.to_string(),
+        })?;
+
+    let conn = db_lock.as_mut().ok_or(DatabaseError::ConnectionError {
+        reason: "Connection to vault failed".to_string(),
+    })?;
+
+    f(conn)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    #[test]
+    fn test_extract_simple_select() {
+        let sql = "SELECT * FROM users";
+        let tables = extract_table_names_from_sql(sql).unwrap();
+        assert_eq!(tables, vec!["users"]);
+    }
+
+    #[test]
+    fn test_extract_select_with_join() {
+        let sql = "SELECT u.name, p.title FROM users u JOIN posts p ON u.id = p.user_id";
+        let tables = extract_table_names_from_sql(sql).unwrap();
+        assert_eq!(tables, vec!["users", "posts"]);
+    }
+
+    #[test]
+    fn test_extract_insert() {
+        let sql = "INSERT INTO users (name, email) VALUES (?, ?)";
+        let tables = extract_table_names_from_sql(sql).unwrap();
+        assert_eq!(tables, vec!["users"]);
+    }
+
+    #[test]
+    fn test_extract_update() {
+        let sql = "UPDATE users SET name = ? WHERE id = ?";
+        let tables = extract_table_names_from_sql(sql).unwrap();
+        assert_eq!(tables, vec!["users"]);
+    }
+
+    #[test]
+    fn test_extract_delete() {
+        let sql = "DELETE FROM users WHERE id = ?";
+        let tables = extract_table_names_from_sql(sql).unwrap();
+        assert_eq!(tables, vec!["users"]);
+    }
+
+    #[test]
+    fn test_extract_create_table() {
+        let sql = "CREATE TABLE new_table (id INTEGER, name TEXT)";
+        let tables = extract_table_names_from_sql(sql).unwrap();
+        assert_eq!(tables, vec!["new_table"]);
+    }
+
+    #[test]
+    fn test_extract_subquery() {
+        let sql = "SELECT * FROM (SELECT id FROM users) AS sub";
+        let tables = extract_table_names_from_sql(sql).unwrap();
+        assert_eq!(tables, vec!["users"]);
+    }
+
+    #[test]
+    fn test_extract_primary_table() {
+        let sql = "SELECT u.name FROM users u JOIN posts p ON u.id = p.user_id";
+        let primary_table = extract_primary_table_name_from_sql(sql).unwrap();
+        assert_eq!(primary_table, Some("users".to_string()));
+    }
+
+    #[test]
+    fn test_extract_complex_query() {
+        let sql = r#"
+            SELECT u.name, COUNT(p.id) as post_count 
+            FROM users u 
+            LEFT JOIN posts p ON u.id = p.user_id 
+            WHERE u.created_at > (SELECT MIN(created_at) FROM sessions)
+            GROUP BY u.id
+        "#;
+        let tables = extract_table_names_from_sql(sql).unwrap();
+        assert_eq!(tables, vec!["users", "posts", "sessions"]);
+    }
+
+    #[test]
+    fn test_invalid_sql() {
+        let sql = "INVALID SQL";
+        let result = extract_table_names_from_sql(sql);
+        assert!(result.is_err());
+    }
+
+    #[test]
+    fn test_parse_single_statement() {
+        let sql = "SELECT * FROM users WHERE id = ?";
+        let result = parse_single_statement(sql);
+        assert!(result.is_ok());
+        assert!(matches!(result.unwrap(), Statement::Query(_)));
+    }
+
+    #[test]
+    fn test_parse_invalid_sql() {
+        let sql = "INVALID SQL STATEMENT";
+        let result = parse_single_statement(sql);
+        assert!(matches!(result, Err(DatabaseError::ParseError { .. })));
+    }
+
+    #[test]
+    fn test_convert_value_ref_to_json() {
+        use rusqlite::types::ValueRef;
+
+        assert_eq!(
+            convert_value_ref_to_json(ValueRef::Null).unwrap(),
+            JsonValue::Null
+        );
+        assert_eq!(
+            convert_value_ref_to_json(ValueRef::Integer(42)).unwrap(),
+            JsonValue::Number(42.into())
+        );
+        assert_eq!(
+            convert_value_ref_to_json(ValueRef::Text(b"hello")).unwrap(),
+            JsonValue::String("hello".to_string())
+        );
+    }
+
+    // Test für die neuen AST-basierten Funktionen
+    #[test]
+    fn test_extract_table_names_comprehensive() {
+        // Test verschiedene SQL-Statement-Typen
+        assert_eq!(
+            extract_primary_table_name_from_sql("SELECT * FROM users WHERE id = 1").unwrap(),
+            Some("users".to_string())
+        );
+        assert_eq!(
+            extract_primary_table_name_from_sql("INSERT INTO products (name) VALUES ('test')")
+                .unwrap(),
+            Some("products".to_string())
+        );
+        assert_eq!(
+            extract_primary_table_name_from_sql("UPDATE orders SET status = 'completed'").unwrap(),
+            Some("orders".to_string())
+        );
+        assert_eq!(
+            extract_primary_table_name_from_sql("DELETE FROM customers").unwrap(),
+            Some("customers".to_string())
+        );
     }
 }

src-tauri/src/database/error.rs

@@ -0,0 +1,203 @@
+// src-tauri/src/database/error.rs
+
+use crate::crdt::trigger::CrdtSetupError;
+use serde::{Deserialize, Serialize};
+use thiserror::Error;
+use ts_rs::TS;
+
+#[derive(Error, Debug, Serialize, Deserialize, TS)]
+#[ts(export)]
+#[serde(tag = "type", content = "details")]
+pub enum DatabaseError {
+    /// Der SQL-Code konnte nicht geparst werden.
+    #[error("Failed to parse SQL: {reason} - SQL: {sql}")]
+    ParseError { reason: String, sql: String },
+
+    /// Parameter-Fehler (falsche Anzahl, ungültiger Typ, etc.)
+    #[error("Parameter count mismatch: SQL has {expected} placeholders but {provided} provided. SQL Statement: {sql}")]
+    ParameterMismatchError {
+        expected: usize,
+        provided: usize,
+        sql: String,
+    },
+
+    #[error("No table provided in SQL Statement: {sql}")]
+    NoTableError { sql: String },
+
+    #[error("Statement Error: {reason}")]
+    StatementError { reason: String },
+
+    #[error("Failed to prepare statement: {reason}")]
+    PrepareError { reason: String },
+
+    #[error("Database error: {reason}")]
+    DatabaseError { reason: String },
+
+    /// Ein Fehler ist während der Ausführung in der Datenbank aufgetreten.
+    #[error("Execution error on table {table:?}: {reason} - SQL: {sql}")]
+    ExecutionError {
+        sql: String,
+        reason: String,
+        table: Option<String>,
+    },
+    /// Ein Fehler ist beim Verwalten der Transaktion aufgetreten.
+    #[error("Transaction error: {reason}")]
+    TransactionError { reason: String },
+
+    /// Ein SQL-Statement wird vom Proxy nicht unterstützt.
+    #[error("Unsupported statement. '{reason}'. - SQL: {sql}")]
+    UnsupportedStatement { reason: String, sql: String },
+
+    /// Fehler im HLC-Service
+    #[error("HLC error: {reason}")]
+    HlcError { reason: String },
+
+    /// Fehler beim Sperren der Datenbankverbindung
+    #[error("Lock error: {reason}")]
+    LockError { reason: String },
+
+    /// Fehler bei der Datenbankverbindung
+    #[error("Connection error: {reason}")]
+    ConnectionError { reason: String },
+
+    /// Fehler bei der JSON-Serialisierung
+    #[error("Serialization error: {reason}")]
+    SerializationError { reason: String },
+
+    /// Permission-bezogener Fehler für Extensions
+    #[error("Permission error for extension '{extension_id}': {reason} (operation: {operation:?}, resource: {resource:?})")]
+    PermissionError {
+        extension_id: String,
+        operation: Option<String>,
+        resource: Option<String>,
+        reason: String,
+    },
+
+    #[error("Query error: {reason}")]
+    QueryError { reason: String },
+
+    #[error("Row processing error: {reason}")]
+    RowProcessingError { reason: String },
+
+    #[error("Mutex Poisoned error: {reason}")]
+    MutexPoisoned { reason: String },
+
+    #[error("Datenbankverbindung fehlgeschlagen für Pfad '{path}': {reason}")]
+    ConnectionFailed { path: String, reason: String },
+
+    #[error("PRAGMA-Befehl '{pragma}' konnte nicht gesetzt werden: {reason}")]
+    PragmaError { pragma: String, reason: String },
+
+    #[error("Fehler beim Auflösen des Dateipfads: {reason}")]
+    PathResolutionError { reason: String },
+
+    #[error("Datei-I/O-Fehler für Pfad '{path}': {reason}")]
+    IoError { path: String, reason: String },
+
+    #[error("CRDT setup failed: {0}")]
+    CrdtSetup(String),
+}
+
+impl From<rusqlite::Error> for DatabaseError {
+    fn from(err: rusqlite::Error) -> Self {
+        DatabaseError::DatabaseError {
+            reason: err.to_string(),
+        }
+    }
+}
+
+impl From<String> for DatabaseError {
+    fn from(reason: String) -> Self {
+        DatabaseError::DatabaseError { reason }
+    }
+}
+
+impl From<CrdtSetupError> for DatabaseError {
+    fn from(err: CrdtSetupError) -> Self {
+        // Wir konvertieren den Fehler in einen String, um ihn einfach zu halten.
+        DatabaseError::CrdtSetup(err.to_string())
+    }
+}
+
+impl DatabaseError {
+    /// Extract extension ID if this error is related to an extension
+    pub fn extension_id(&self) -> Option<&str> {
+        match self {
+            DatabaseError::PermissionError { extension_id, .. } => Some(extension_id.as_str()),
+            _ => None,
+        }
+    }
+
+    /// Check if this is a permission-related error
+    pub fn is_permission_error(&self) -> bool {
+        matches!(self, DatabaseError::PermissionError { .. })
+    }
+
+    /// Get operation if available
+    pub fn operation(&self) -> Option<&str> {
+        match self {
+            DatabaseError::PermissionError {
+                operation: Some(op),
+                ..
+            } => Some(op.as_str()),
+            _ => None,
+        }
+    }
+
+    /// Get resource if available
+    pub fn resource(&self) -> Option<&str> {
+        match self {
+            DatabaseError::PermissionError {
+                resource: Some(res),
+                ..
+            } => Some(res.as_str()),
+            _ => None,
+        }
+    }
+}
+/* impl From<crate::extension::database::ExtensionDatabaseError> for DatabaseError {
+    fn from(err: crate::extension::database::ExtensionDatabaseError) -> Self {
+        match err {
+            crate::extension::database::ExtensionDatabaseError::Permission { source } => {
+                // Konvertiere PermissionError zu DatabaseError
+                match source {
+                    crate::extension::database::permissions::PermissionError::AccessDenied {
+                        extension_id,
+                        operation,
+                        resource,
+                        reason,
+                    } => DatabaseError::PermissionError {
+                        extension_id,
+                        operation: Some(operation),
+                        resource: Some(resource),
+                        reason,
+                    },
+                    crate::extension::database::permissions::PermissionError::Database {
+                        source,
+                    } => source,
+                    other => DatabaseError::PermissionError {
+                        extension_id: "unknown".to_string(),
+                        operation: None,
+                        resource: None,
+                        reason: other.to_string(),
+                    },
+                }
+            }
+            crate::extension::database::ExtensionDatabaseError::Database { source } => source,
+            crate::extension::database::ExtensionDatabaseError::ParameterValidation { reason } => {
+                DatabaseError::ParamError {
+                    reason: reason.clone(),
+                    expected: 0, // Kann nicht aus dem Grund extrahiert werden
+                    provided: 0, // Kann nicht aus dem Grund extrahiert werden
+                }
+            }
+            crate::extension::database::ExtensionDatabaseError::StatementExecution { reason } => {
+                DatabaseError::ExecutionError {
+                    sql: "unknown".to_string(),
+                    reason,
+                    table: None,
+                }
+            }
+        }
+    }
+} */

src-tauri/src/database/generated.rs

@@ -0,0 +1,240 @@
+// Auto-generated from Drizzle schema
+// DO NOT EDIT MANUALLY
+// Run 'pnpm generate:rust-types' to regenerate
+
+use serde::{Deserialize, Serialize};
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct HaexSettings {
+    pub id: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub key: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    #[serde(rename = "type")]
+    pub r#type: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub value: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub haex_timestamp: Option<String>,
+}
+
+impl HaexSettings {
+    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
+        Ok(Self {
+            id: row.get(0)?,
+            key: row.get(1)?,
+            r#type: row.get(2)?,
+            value: row.get(3)?,
+            haex_timestamp: row.get(4)?,
+        })
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct HaexExtensions {
+    pub id: String,
+    pub public_key: String,
+    pub name: String,
+    pub version: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub author: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub description: Option<String>,
+    pub entry: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub homepage: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub enabled: Option<bool>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub icon: Option<String>,
+    pub signature: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub haex_timestamp: Option<String>,
+}
+
+impl HaexExtensions {
+    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
+        Ok(Self {
+            id: row.get(0)?,
+            public_key: row.get(1)?,
+            name: row.get(2)?,
+            version: row.get(3)?,
+            author: row.get(4)?,
+            description: row.get(5)?,
+            entry: row.get(6)?,
+            homepage: row.get(7)?,
+            enabled: row.get(8)?,
+            icon: row.get(9)?,
+            signature: row.get(10)?,
+            haex_timestamp: row.get(11)?,
+        })
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct HaexExtensionPermissions {
+    pub id: String,
+    pub extension_id: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub resource_type: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub action: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub target: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub constraints: Option<String>,
+    pub status: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub created_at: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub updated_at: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub haex_timestamp: Option<String>,
+}
+
+impl HaexExtensionPermissions {
+    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
+        Ok(Self {
+            id: row.get(0)?,
+            extension_id: row.get(1)?,
+            resource_type: row.get(2)?,
+            action: row.get(3)?,
+            target: row.get(4)?,
+            constraints: row.get(5)?,
+            status: row.get(6)?,
+            created_at: row.get(7)?,
+            updated_at: row.get(8)?,
+            haex_timestamp: row.get(9)?,
+        })
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct HaexCrdtLogs {
+    pub id: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub haex_timestamp: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub table_name: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub row_pks: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub op_type: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub column_name: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub new_value: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub old_value: Option<String>,
+}
+
+impl HaexCrdtLogs {
+    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
+        Ok(Self {
+            id: row.get(0)?,
+            haex_timestamp: row.get(1)?,
+            table_name: row.get(2)?,
+            row_pks: row.get(3)?,
+            op_type: row.get(4)?,
+            column_name: row.get(5)?,
+            new_value: row.get(6)?,
+            old_value: row.get(7)?,
+        })
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct HaexCrdtSnapshots {
+    pub snapshot_id: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub created: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub epoch_hlc: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub location_url: Option<String>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub file_size_bytes: Option<i64>,
+}
+
+impl HaexCrdtSnapshots {
+    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
+        Ok(Self {
+            snapshot_id: row.get(0)?,
+            created: row.get(1)?,
+            epoch_hlc: row.get(2)?,
+            location_url: row.get(3)?,
+            file_size_bytes: row.get(4)?,
+        })
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct HaexCrdtConfigs {
+    pub key: String,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub value: Option<String>,
+}
+
+impl HaexCrdtConfigs {
+    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
+        Ok(Self {
+            key: row.get(0)?,
+            value: row.get(1)?,
+        })
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct HaexDesktopItems {
+    pub id: String,
+    pub workspace_id: String,
+    pub item_type: String,
+    pub reference_id: String,
+    pub position_x: i64,
+    pub position_y: i64,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub haex_timestamp: Option<String>,
+}
+
+impl HaexDesktopItems {
+    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
+        Ok(Self {
+            id: row.get(0)?,
+            workspace_id: row.get(1)?,
+            item_type: row.get(2)?,
+            reference_id: row.get(3)?,
+            position_x: row.get(4)?,
+            position_y: row.get(5)?,
+            haex_timestamp: row.get(6)?,
+        })
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+#[serde(rename_all = "camelCase")]
+pub struct HaexWorkspaces {
+    pub id: String,
+    pub name: String,
+    pub position: i64,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub haex_timestamp: Option<String>,
+}
+
+impl HaexWorkspaces {
+    pub fn from_row(row: &rusqlite::Row) -> rusqlite::Result<Self> {
+        Ok(Self {
+            id: row.get(0)?,
+            name: row.get(1)?,
+            position: row.get(2)?,
+            haex_timestamp: row.get(3)?,
+        })
+    }
+}
+

src-tauri/src/database/init.rs

@@ -0,0 +1,66 @@
+// src-tauri/src/database/init.rs
+// Database initialization utilities (trigger setup, etc.)
+
+use crate::crdt::trigger;
+use crate::database::error::DatabaseError;
+use crate::table_names::{
+    TABLE_DESKTOP_ITEMS,
+    TABLE_EXTENSIONS,
+    TABLE_EXTENSION_PERMISSIONS,
+    TABLE_NOTIFICATIONS,
+    TABLE_SETTINGS,
+    TABLE_WORKSPACES,
+};
+use rusqlite::{params, Connection};
+
+/// Liste aller CRDT-Tabellen die Trigger benötigen (ohne Password-Tabellen - die kommen in Extension)
+const CRDT_TABLES: &[&str] = &[
+    TABLE_SETTINGS,
+    TABLE_EXTENSIONS,
+    TABLE_EXTENSION_PERMISSIONS,
+    TABLE_NOTIFICATIONS,
+    TABLE_WORKSPACES,
+    TABLE_DESKTOP_ITEMS,
+];
+
+/// Prüft ob Trigger bereits initialisiert wurden und erstellt sie falls nötig
+///
+/// Diese Funktion wird beim ersten Öffnen einer Template-DB aufgerufen.
+/// Sie erstellt alle CRDT-Trigger für die definierten Tabellen und markiert
+/// die Initialisierung in haex_settings.
+///
+/// Bei Migrations (ALTER TABLE) werden Trigger automatisch neu erstellt,
+/// daher ist kein Versioning nötig.
+pub fn ensure_triggers_initialized(conn: &mut Connection) -> Result<bool, DatabaseError> {
+    let tx = conn.transaction()?;
+
+    // Check if triggers already initialized
+    let check_sql = format!(
+        "SELECT value FROM {TABLE_SETTINGS} WHERE key = ? AND type = ?"
+    );
+    let initialized: Option<String> = tx
+        .query_row(
+            &check_sql,
+            params!["triggers_initialized", "system"],
+            |row| row.get(0),
+        )
+        .ok();
+
+    if initialized.is_some() {
+        eprintln!("DEBUG: Triggers already initialized, skipping");
+        tx.commit()?; // Wichtig: Transaktion trotzdem abschließen
+        return Ok(true); // true = war schon initialisiert
+    }
+
+    eprintln!("INFO: Initializing CRDT triggers for database...");
+
+    // Create triggers for all CRDT tables
+    for table_name in CRDT_TABLES {
+        eprintln!("  - Setting up triggers for: {table_name}");
+        trigger::setup_triggers_for_table(&tx, table_name, false)?;
+    }
+
+    tx.commit()?;
+    eprintln!("INFO: ✓ CRDT triggers created successfully (flag pending)");
+    Ok(false) // false = wurde gerade initialisiert
+}

src-tauri/src/database/mod.rs

@@ -1,295 +1,533 @@
-// database/mod.rs
+// src-tauri/src/database/mod.rs
+
 pub mod core;
+pub mod error;
+pub mod generated;
+pub mod init;
 
+use crate::crdt::hlc::HlcService;
+use crate::database::core::execute_with_crdt;
+use crate::database::error::DatabaseError;
+use crate::extension::database::executor::SqlExecutor;
+use crate::table_names::{TABLE_CRDT_CONFIGS, TABLE_SETTINGS};
+use crate::AppState;
 use rusqlite::Connection;
+use serde::{Deserialize, Serialize};
 use serde_json::Value as JsonValue;
+use std::path::Path;
+use std::sync::Mutex;
+use std::time::UNIX_EPOCH;
+use std::{fs, sync::Arc};
+use tauri::{path::BaseDirectory, AppHandle, Manager, State};
+use tauri_plugin_fs::FsExt;
+#[cfg(not(target_os = "android"))]
+use trash;
+use ts_rs::TS;
 
-use std::fs;
-use std::path::{Path, PathBuf};
-use std::str::FromStr;
-use std::sync::{Arc, Mutex};
-use tauri::{path::BaseDirectory, AppHandle, Manager, State, Wry};
-
-use crate::database::core::open_and_init_db;
-pub struct HlcService(pub Mutex<uhlc::HLC>);
 pub struct DbConnection(pub Arc<Mutex<Option<Connection>>>);
 
+const VAULT_EXTENSION: &str = ".db";
+const VAULT_DIRECTORY: &str = "vaults";
+
 #[tauri::command]
-pub async fn sql_select(
+pub fn sql_select(
     sql: String,
     params: Vec<JsonValue>,
-    state: State<'_, DbConnection>,
+    state: State<'_, AppState>,
-) -> Result<Vec<Vec<JsonValue>>, String> {
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
-    core::select(sql, params, &state).await
+    core::select(sql, params, &state.db)
 }
 
 #[tauri::command]
-pub async fn sql_execute(
+pub fn sql_execute(
     sql: String,
     params: Vec<JsonValue>,
-    state: State<'_, DbConnection>,
+    state: State<'_, AppState>,
-) -> Result<usize, String> {
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
-    core::execute(sql, params, &state).await
+    core::execute(sql, params, &state.db)
 }
 
 #[tauri::command]
-pub fn test(app_handle: AppHandle) -> Result<String, String> {
+pub fn sql_select_with_crdt(
-    let resource_path = app_handle
+    sql: String,
+    params: Vec<JsonValue>,
+    state: State<'_, AppState>,
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
+    core::select_with_crdt(sql, params, &state.db)
+}
+
+#[tauri::command]
+pub fn sql_execute_with_crdt(
+    sql: String,
+    params: Vec<JsonValue>,
+    state: State<'_, AppState>,
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
+    let hlc_service = state.hlc.lock().map_err(|_| DatabaseError::MutexPoisoned {
+        reason: "Failed to lock HLC service".to_string(),
+    })?;
+    core::execute_with_crdt(sql, params, &state.db, &hlc_service)
+}
+
+#[tauri::command]
+pub fn sql_query_with_crdt(
+    sql: String,
+    params: Vec<JsonValue>,
+    state: State<'_, AppState>,
+) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
+    let hlc_service = state.hlc.lock().map_err(|_| DatabaseError::MutexPoisoned {
+        reason: "Failed to lock HLC service".to_string(),
+    })?;
+
+    core::with_connection(&state.db, |conn| {
+        let tx = conn.transaction().map_err(DatabaseError::from)?;
+        let (_modified_tables, result) =
+            SqlExecutor::query_internal(&tx, &hlc_service, &sql, &params)?;
+        tx.commit().map_err(DatabaseError::from)?;
+        Ok(result)
+    })
+}
+
+/// Resolves a database name to the full vault path
+fn get_vault_path(app_handle: &AppHandle, vault_name: &str) -> Result<String, DatabaseError> {
+    // Sicherstellen, dass der Name eine .db Endung hat
+    let vault_file_name = if vault_name.ends_with(VAULT_EXTENSION) {
+        vault_name.to_string()
+    } else {
+        format!("{vault_name}{VAULT_EXTENSION}")
+    };
+
+    let vault_directory = get_vaults_directory(app_handle)?;
+
+    let vault_path = app_handle
         .path()
-        .resolve("database/vault.db", BaseDirectory::Resource)
+        .resolve(
-        .map_err(|e| format!("Fehler {}", e));
+            format!("{vault_directory}/{vault_file_name}"),
-    //let file = app_handle.fs().open(resource_path, {}).unwrap().read();
+            BaseDirectory::AppLocalData,
-    Ok(String::from(resource_path.unwrap().to_string_lossy()))
+        )
-    /* std::fs::exists(String::from(resource_path.unwrap().to_string_lossy()))
+        .map_err(|e| DatabaseError::PathResolutionError {
-    .map_err(|e| format!("Fehler: {}", e)) */
+            reason: format!(
+                "Failed to resolve vault path for '{vault_file_name}': {e}"
+            ),
+        })?;
+
+    // Sicherstellen, dass das vaults-Verzeichnis existiert
+    if let Some(parent) = vault_path.parent() {
+        fs::create_dir_all(parent).map_err(|e| DatabaseError::IoError {
+            path: parent.display().to_string(),
+            reason: format!("Failed to create vaults directory: {e}"),
+        })?;
+    }
+
+    Ok(vault_path.to_string_lossy().to_string())
+}
+
+/// Returns the vaults directory path
+#[tauri::command]
+pub fn get_vaults_directory(app_handle: &AppHandle) -> Result<String, DatabaseError> {
+    let vaults_dir = app_handle
+        .path()
+        .resolve(VAULT_DIRECTORY, BaseDirectory::AppLocalData)
+        .map_err(|e| DatabaseError::PathResolutionError {
+            reason: e.to_string(),
+        })?;
+
+    Ok(vaults_dir.to_string_lossy().to_string())
+}
+
+#[derive(Debug, Serialize, Deserialize, TS)]
+#[ts(export)]
+#[serde(rename_all = "camelCase")]
+pub struct VaultInfo {
+    name: String,
+    last_access: u64,
+    path: String,
+}
+
+/// Lists all vault databases in the vaults directory
+#[tauri::command]
+pub fn list_vaults(app_handle: AppHandle) -> Result<Vec<VaultInfo>, DatabaseError> {
+    let vaults_dir_str = get_vaults_directory(&app_handle)?;
+    let vaults_dir = Path::new(&vaults_dir_str);
+
+    println!("Suche vaults in {}", vaults_dir.display());
+
+    let mut vaults: Vec<VaultInfo> = vec![];
+
+    if !vaults_dir.exists() {
+        println!("Vaults-Verzeichnis existiert nicht, gebe leere Liste zurück.");
+        return Ok(vec![]);
+    }
+
+    for entry in fs::read_dir(vaults_dir).map_err(|e| DatabaseError::IoError {
+        path: "vaults directory".to_string(),
+        reason: e.to_string(),
+    })? {
+        let entry = entry.map_err(|e| DatabaseError::IoError {
+            path: "vaults directory entry".to_string(),
+            reason: e.to_string(),
+        })?;
+
+        println!("Suche entry {}", entry.path().to_string_lossy());
+        let path = entry.path();
+        if path.is_file() {
+            if let Some(filename) = path.file_name().and_then(|n| n.to_str()) {
+                if filename.ends_with(VAULT_EXTENSION) {
+                    // Entferne .db Endung für die Rückgabe
+                    println!("Vault gefunden {filename}");
+
+                    let metadata = fs::metadata(&path).map_err(|e| DatabaseError::IoError {
+                        path: path.to_string_lossy().to_string(),
+                        reason: format!("Metadaten konnten nicht gelesen werden: {e}"),
+                    })?;
+
+                    let last_access_timestamp = metadata
+                        .accessed()
+                        .map_err(|e| DatabaseError::IoError {
+                            path: path.to_string_lossy().to_string(),
+                            reason: format!("Zugriffszeit konnte nicht gelesen werden: {e}"),
+                        })?
+                        .duration_since(UNIX_EPOCH)
+                        .unwrap_or_default() // Fallback für den seltenen Fall einer Zeit vor 1970
+                        .as_secs();
+
+                    let vault_name = filename.trim_end_matches(VAULT_EXTENSION).to_string();
+
+                    vaults.push(VaultInfo {
+                        name: vault_name,
+                        last_access: last_access_timestamp,
+                        path: path.to_string_lossy().to_string(),
+                    });
+                }
+            }
+        }
+    }
+
+    Ok(vaults)
+}
+
+/// Checks if a vault with the given name exists
+#[tauri::command]
+pub fn vault_exists(app_handle: AppHandle, vault_name: String) -> Result<bool, DatabaseError> {
+    let vault_path = get_vault_path(&app_handle, &vault_name)?;
+    Ok(Path::new(&vault_path).exists())
+}
+
+/// Moves a vault database file to trash (or deletes permanently if trash is unavailable)
+#[tauri::command]
+pub fn move_vault_to_trash(
+    app_handle: AppHandle,
+    vault_name: String,
+) -> Result<String, DatabaseError> {
+    // On Android, trash is not available, so delete permanently
+    #[cfg(target_os = "android")]
+    {
+        println!(
+            "Android platform detected, permanently deleting vault '{}'",
+            vault_name
+        );
+        return delete_vault(app_handle, vault_name);
+    }
+
+    // On non-Android platforms, try to use trash
+    #[cfg(not(target_os = "android"))]
+    {
+        let vault_path = get_vault_path(&app_handle, &vault_name)?;
+        let vault_shm_path = format!("{vault_path}-shm");
+        let vault_wal_path = format!("{vault_path}-wal");
+
+        if !Path::new(&vault_path).exists() {
+            return Err(DatabaseError::IoError {
+                path: vault_path,
+                reason: "Vault does not exist".to_string(),
+            });
+        }
+
+        // Try to move to trash first (works on desktop systems)
+        let moved_to_trash = trash::delete(&vault_path).is_ok();
+
+        if moved_to_trash {
+            // Also try to move auxiliary files to trash (ignore errors as they might not exist)
+            let _ = trash::delete(&vault_shm_path);
+            let _ = trash::delete(&vault_wal_path);
+
+            Ok(format!(
+                "Vault '{vault_name}' successfully moved to trash"
+            ))
+        } else {
+            // Fallback: Permanent deletion if trash fails
+            println!(
+                "Trash not available, falling back to permanent deletion for vault '{vault_name}'"
+            );
+            delete_vault(app_handle, vault_name)
+        }
+    }
+}
+
+/// Deletes a vault database file permanently (bypasses trash)
+#[tauri::command]
+pub fn delete_vault(app_handle: AppHandle, vault_name: String) -> Result<String, DatabaseError> {
+    let vault_path = get_vault_path(&app_handle, &vault_name)?;
+    let vault_shm_path = format!("{vault_path}-shm");
+    let vault_wal_path = format!("{vault_path}-wal");
+
+    if !Path::new(&vault_path).exists() {
+        return Err(DatabaseError::IoError {
+            path: vault_path,
+            reason: "Vault does not exist".to_string(),
+        });
+    }
+
+    if Path::new(&vault_shm_path).exists() {
+        fs::remove_file(&vault_shm_path).map_err(|e| DatabaseError::IoError {
+            path: vault_shm_path.clone(),
+            reason: format!("Failed to delete vault: {e}"),
+        })?;
+    }
+
+    if Path::new(&vault_wal_path).exists() {
+        fs::remove_file(&vault_wal_path).map_err(|e| DatabaseError::IoError {
+            path: vault_wal_path.clone(),
+            reason: format!("Failed to delete vault: {e}"),
+        })?;
+    }
+
+    fs::remove_file(&vault_path).map_err(|e| DatabaseError::IoError {
+        path: vault_path.clone(),
+        reason: format!("Failed to delete vault: {e}"),
+    })?;
+
+    Ok(format!("Vault '{vault_name}' successfully deleted"))
 }
 
 #[tauri::command]
 pub fn create_encrypted_database(
     app_handle: AppHandle,
-    path: String,
+    vault_name: String,
     key: String,
-    state: State<'_, DbConnection>,
+    state: State<'_, AppState>,
-) -> Result<String, String> {
+) -> Result<String, DatabaseError> {
-    // Ressourcenpfad zur eingebundenen Datenbank auflösen
+    println!("Creating encrypted vault with name: {vault_name}");
 
-    println!("Arbeitsverzeichnis: {:?}", std::env::current_dir());
+    let vault_path = get_vault_path(&app_handle, &vault_name)?;
-    println!(
+    println!("Resolved vault path: {vault_path}");
-        "Ressourcenverzeichnis: {:?}",
-        app_handle.path().resource_dir()
-    );
 
+    // Prüfen, ob bereits eine Vault mit diesem Namen existiert
+    if Path::new(&vault_path).exists() {
+        return Err(DatabaseError::IoError {
+            path: vault_path,
+            reason: format!("A vault with the name '{vault_name}' already exists"),
+        });
+    }
     /* let resource_path = app_handle
     .path()
     .resolve("database/vault.db", BaseDirectory::Resource)
     .map_err(|e| format!("Fehler beim Auflösen des Ressourcenpfads: {}", e))?; */
 
-    let resource_path = app_handle
+    let template_path = app_handle
+        .path()
+        .resolve("database/vault.db", BaseDirectory::Resource)
+        .map_err(|e| DatabaseError::PathResolutionError {
+            reason: format!("Failed to resolve template database: {e}"),
+        })?;
+
+    let template_content =
+        app_handle
+            .fs()
+            .read(&template_path)
+            .map_err(|e| DatabaseError::IoError {
+                path: template_path.display().to_string(),
+                reason: format!("Failed to read template database from resources: {e}"),
+            })?;
+
+    let temp_path = app_handle
         .path()
         .resolve("temp_vault.db", BaseDirectory::AppLocalData)
-        .map_err(|e| format!("Fehler beim Auflösen des Ressourcenpfads: {}", e))?;
+        .map_err(|e| DatabaseError::PathResolutionError {
+            reason: format!("Failed to resolve temp database: {e}"),
+        })?;
 
-    // Prüfen, ob die Ressourcendatei existiert
+    let temp_path_clone = temp_path.to_owned();
-    if !resource_path.exists() {
+    fs::write(temp_path, template_content).map_err(|e| DatabaseError::IoError {
-        return Err(format!(
+        path: vault_path.to_string(),
-            "Ressourcendatenbank wurde nicht gefunden: {}",
+        reason: format!("Failed to write temporary template database: {e}"),
-            resource_path.display()
+    })?;
-        ));
+    /* if !template_path.exists() {
-    }
+        return Err(DatabaseError::IoError {
-
+            path: template_path.display().to_string(),
-    // Sicherstellen, dass das Zielverzeichnis existiert
+            reason: "Template database not found in resources".to_string(),
-    /* if let Some(parent) = Path::new(&path).parent() {
+        });
-        if !parent.exists() {
-            std::fs::create_dir_all(parent).map_err(|e| {
-                format!(
-                    "Fehler beim Erstellen des Zielverzeichnisses: {}\n mit Fehler {}",
-                    path, e
-                )
-            })?;
-        }
     } */
 
-    let target = Path::new(&path);
+    println!("Öffne Temp-Datenbank direkt: {}", temp_path_clone.display());
-    if target.exists() & target.is_file() {
+    let conn = Connection::open(&temp_path_clone).map_err(|e| DatabaseError::ConnectionFailed {
-        println!(
+        path: temp_path_clone.display().to_string(),
-            "Datei '{}' existiert bereits. Sie wird gelöscht.",
+        reason: format!(
-            target.display()
+            "Fehler beim Öffnen der unverschlüsselten Quelldatenbank: {e}"
-        );
+        ),
-
-        fs::remove_file(target)
-            .map_err(|e| format!("Kann Vault {} nicht löschen. \n {}", target.display(), e))?;
-    } else {
-        println!("Datei '{}' existiert nicht.", target.display());
-    }
-
-    println!(
-        "Öffne unverschlüsselte Datenbank: {}",
-        resource_path.as_path().display()
-    );
-
-    let conn = Connection::open(&resource_path).map_err(|e| {
-        format!(
-            "Fehler beim Öffnen der kopierten Datenbank: {}",
-            e.to_string()
-        )
     })?;
 
-    println!("Hänge neue, verschlüsselte Datenbank an unter '{}'", &path);
-    // ATTACH DATABASE 'Dateiname' AS Alias KEY 'Passwort';
-    conn.execute("ATTACH DATABASE ?1 AS encrypted KEY ?2;", [&path, &key])
-        .map_err(|e| format!("Fehler bei ATTACH DATABASE: {}", e.to_string()))?;
-
     println!(
-        "Exportiere Daten von 'main' nach 'encrypted' mit password {} ...",
+        "Hänge neue, verschlüsselte Datenbank an unter '{}'",
-        &key
+        &vault_path
     );
+    // ATTACH DATABASE 'Dateiname' AS Alias KEY 'Passwort';
+    conn.execute(
+        "ATTACH DATABASE ?1 AS encrypted KEY ?2;",
+        [&vault_path, &key],
+    )
+    .map_err(|e| DatabaseError::ExecutionError {
+        sql: "ATTACH DATABASE ...".to_string(),
+        reason: e.to_string(),
+        table: None,
+    })?;
 
-    match conn.query_row("SELECT sqlcipher_export('encrypted');", [], |_row| Ok(())) {
+    println!("Exportiere Daten von 'main' nach 'encrypted' ...");
-        Ok(_) => {
+
-            println!(">>> sqlcipher_export erfolgreich ausgeführt (Rückgabewert ignoriert).");
+    if let Err(e) = conn.query_row("SELECT sqlcipher_export('encrypted');", [], |_| Ok(())) {
-        }
+        // Versuche aufzuräumen, ignoriere Fehler dabei
-        Err(e) => {
+        let _ = conn.execute("DETACH DATABASE encrypted;", []);
-            eprintln!("!!! FEHLER während sqlcipher_export: {}", e);
+        // Lösche auch die eventuell teilweise erstellte Datei
-            conn.execute("DETACH DATABASE encrypted;", []).ok(); // Versuche zu detachen
+        let _ = fs::remove_file(&vault_path);
-            return Err(e.to_string()); // Gib den Fehler zurück
+        let _ = fs::remove_file(&temp_path_clone);
-        }
+        return Err(DatabaseError::QueryError {
+            reason: format!("Fehler während sqlcipher_export: {e}"),
+        });
     }
 
     println!("Löse die verschlüsselte Datenbank vom Handle...");
-    conn.execute("DETACH DATABASE encrypted;", [])
-        .map_err(|e| format!("Fehler bei DETACH DATABASE: {}", e.to_string()))?;
 
-    println!("Datenbank erfolgreich nach '{}' verschlüsselt.", &path);
+    conn.execute("DETACH DATABASE encrypted;", [])
+        .map_err(|e| DatabaseError::ExecutionError {
+            sql: "DETACH DATABASE ...".to_string(),
+            reason: e.to_string(),
+            table: None,
+        })?;
+
     println!(
-        "Die Originaldatei '{}' ist unverändert.",
+        "Datenbank erfolgreich nach '{}' verschlüsselt.",
-        resource_path.as_path().display()
+        &vault_path
     );
 
-    // 2. VERSUCHEN, EINE SQLCIPHER-SPEZIFISCHE OPERATION AUSZUFÜHREN
+    // SQLCipher-Verifizierung
     println!("Prüfe SQLCipher-Aktivität mit 'PRAGMA cipher_version;'...");
     match conn.query_row("PRAGMA cipher_version;", [], |row| {
         let version: String = row.get(0)?;
         Ok(version)
     }) {
         Ok(version) => {
-            println!("SQLCipher ist aktiv! Version: {}", version);
+            println!("SQLCipher ist aktiv! Version: {version}");
         }
         Err(e) => {
             eprintln!("FEHLER: SQLCipher scheint NICHT aktiv zu sein!");
-            eprintln!("Der Befehl 'PRAGMA cipher_version;' schlug fehl: {}", e);
+            eprintln!("Der Befehl 'PRAGMA cipher_version;' schlug fehl: {e}");
             eprintln!("Die Datenbank wurde wahrscheinlich NICHT verschlüsselt.");
         }
     }
 
-    println!("resource_path: {}", resource_path.display());
+    conn.close()
+        .map_err(|(_, e)| DatabaseError::ConnectionFailed {
+            path: template_path.display().to_string(),
+            reason: format!("Fehler beim Schließen der Quelldatenbank: {e}"),
+        })?;
 
-    conn.close().unwrap();
+    let _ = fs::remove_file(&temp_path_clone);
 
-    let new_conn = open_and_init_db(&path, &key, false)?;
+    initialize_session(&app_handle, &vault_path, &key, &state)?;
 
-    // Aktualisieren der Datenbankverbindung im State
+    Ok(vault_path)
-    let mut db = state
-        .0
-        .lock()
-        .map_err(|e| format!("Mutex-Fehler: {}", e.to_string()))?;
-    *db = Some(new_conn);
-
-    Ok(format!("Verschlüsselte CRDT-Datenbank erstellt",))
 }
 
 #[tauri::command]
 pub fn open_encrypted_database(
     app_handle: AppHandle,
-    path: String,
+    vault_path: String,
     key: String,
-    state: State<'_, DbConnection>,
+    state: State<'_, AppState>,
-) -> Result<String, String> {
+) -> Result<String, DatabaseError> {
-    /* let vault_path = app_handle
+    println!("Opening encrypted database vault_path: {vault_path}");
-    .path()
+    println!("Resolved vault path: {vault_path}");
-    .resolve(format!("vaults/{}", path), BaseDirectory::AppLocalData)
+
-    .map_err(|e| format!("Fehler {}", e))?
+    if !Path::new(&vault_path).exists() {
-    .into_os_string()
+        return Err(DatabaseError::IoError {
-    .into_string()
+            path: vault_path.to_string(),
-    .unwrap(); */
+            reason: format!("Vault '{vault_path}' does not exist"),
-    if !std::path::Path::new(&path).exists() {
+        });
-        return Err(format!("File not found {}", path).into());
     }
 
-    let conn =
+    initialize_session(&app_handle, &vault_path, &key, &state)?;
-        core::open_and_init_db(&path, &key, false).map_err(|e| format!("Error during open: {}", e));
 
-    let mut db = state.0.lock().map_err(|e| e.to_string())?;
+    Ok(format!("Vault '{vault_path}' opened successfully"))
-    *db = Some(conn.unwrap());
-
-    Ok(format!("success"))
 }
 
-fn get_target_triple() -> Result<String, String> {
+/// Opens the DB, initializes the HLC service, and stores both in the AppState.
-    let target_triple = if cfg!(target_os = "linux") {
+fn initialize_session(
-        if cfg!(target_arch = "x86_64") {
+    app_handle: &AppHandle,
-            "x86_64-unknown-linux-gnu".to_string()
+    path: &str,
-        } else if cfg!(target_arch = "aarch64") {
+    key: &str,
-            "aarch64-unknown-linux-gnu".to_string()
+    state: &State<'_, AppState>,
-        } else {
+) -> Result<(), DatabaseError> {
-            return Err(format!(
+    // 1. Establish the raw database connection
-                "Unbekannte Linux-Architektur: {}",
+    let mut conn = core::open_and_init_db(path, key, false)?;
-                std::env::consts::ARCH
+
-            ));
+    // 2. Ensure CRDT triggers are initialized (for template DB)
+    let triggers_were_already_initialized = init::ensure_triggers_initialized(&mut conn)?;
+
+    // 3. Initialize the HLC service
+    let hlc_service = HlcService::try_initialize(&conn, app_handle).map_err(|e| {
+        // We convert the HlcError into a DatabaseError
+        DatabaseError::ExecutionError {
+            sql: "HLC Initialization".to_string(),
+            reason: e.to_string(),
+            table: Some(TABLE_CRDT_CONFIGS.to_string()),
         }
-    } else if cfg!(target_os = "macos") {
+    })?;
-        if cfg!(target_arch = "x86_64") {
+
-            "x86_64-apple-darwin".to_string()
+    // 4. Store everything in the global AppState
-        } else if cfg!(target_arch = "aarch64") {
+    let mut db_guard = state.db.0.lock().map_err(|e| DatabaseError::LockError {
-            "aarch64-apple-darwin".to_string()
+        reason: e.to_string(),
-        } else {
+    })?;
-            return Err(format!(
+    // Wichtig: Wir brauchen den db_guard gleich nicht mehr,
-                "Unbekannte macOS-Architektur: {}",
+    // da 'execute_with_crdt' 'with_connection' aufruft, was
-                std::env::consts::ARCH
+    // 'state.db' selbst locken muss.
-            ));
+    // Wir müssen den Guard freigeben, *bevor* wir 'execute_with_crdt' rufen,
-        }
+    // um einen Deadlock zu verhindern.
-    } else if cfg!(target_os = "windows") {
+    // Aber wir müssen die 'conn' erst hineinbewegen.
-        if cfg!(target_arch = "x86_64") {
+    *db_guard = Some(conn);
-            "x86_64-pc-windows-msvc".to_string()
+    drop(db_guard);
-        } else if cfg!(target_arch = "x86") {
+
-            "i686-pc-windows-msvc".to_string()
+    let mut hlc_guard = state.hlc.lock().map_err(|e| DatabaseError::LockError {
-        } else {
+        reason: e.to_string(),
-            return Err(format!(
+    })?;
-                "Unbekannte Windows-Architektur: {}",
+    *hlc_guard = hlc_service;
-                std::env::consts::ARCH
+
-            ));
+    // WICHTIG: hlc_guard *nicht* freigeben, da 'execute_with_crdt'
-        }
+    // eine Referenz auf die Guard erwartet.
-    } else if cfg!(target_os = "android") {
+
-        if cfg!(target_arch = "aarch64") {
+    // 5. NEUER SCHRITT: Setze das Flag via CRDT, falls nötig
-            "aarch64-linux-android".to_string()
+    if !triggers_were_already_initialized {
-        } else {
+        eprintln!("INFO: Setting 'triggers_initialized' flag via CRDT...");
-            return Err(format!(
+
-                "Unbekannte Android-Architektur: {}",
+        let insert_sql = format!(
-                std::env::consts::ARCH
+            "INSERT INTO {TABLE_SETTINGS} (id, key, type, value) VALUES (?, ?, ?, ?)"
-            ));
+        );
-        }
+
-    } else if cfg!(target_os = "ios") {
+        // execute_with_crdt erwartet Vec<JsonValue>, kein params!-Makro
-        if cfg!(target_arch = "aarch64") {
+        let params_vec: Vec<JsonValue> = vec![
-            "aarch64-apple-ios".to_string()
+            JsonValue::String(uuid::Uuid::new_v4().to_string()),
-        } else {
+            JsonValue::String("triggers_initialized".to_string()),
-            return Err(format!(
+            JsonValue::String("system".to_string()),
-                "Unbekannte iOS-Architektur: {}",
+            JsonValue::String("1".to_string()),
-                std::env::consts::ARCH
+        ];
-            ));
+
-        }
+        // Jetzt können wir 'execute_with_crdt' sicher aufrufen,
-    } else {
+        // da der AppState initialisiert ist.
-        return Err("Unbekanntes Zielsystem".to_string());
+        execute_with_crdt(
-    };
+            insert_sql, params_vec, &state.db,  // Das &DbConnection (der Mutex)
-    Ok(target_triple)
+            &hlc_guard, // Die gehaltene MutexGuard
-}
+        )?;
-
+
-pub fn get_hlc_timestamp(state: tauri::State<HlcService>) -> String {
+        eprintln!("INFO: ✓ 'triggers_initialized' flag set.");
-    let hlc = state.0.lock().unwrap();
+    }
-    hlc.new_timestamp().to_string()
+
-}
+    Ok(())
-
-#[tauri::command]
-pub fn update_hlc_from_remote(
-    remote_timestamp_str: String,
-    state: tauri::State<HlcService>,
-) -> Result<(), String> {
-    let remote_ts =
-        uhlc::Timestamp::from_str(&remote_timestamp_str).map_err(|e| e.cause.to_string())?;
-
-    let hlc = state.0.lock().unwrap();
-    hlc.update_with_timestamp(&remote_ts)
-        .map_err(|e| format!("HLC update failed: {:?}", e))
-}
-
-#[tauri::command]
-pub async fn create_crdt_trigger_for_table(
-    state: &State<'_, DbConnection>,
-    table_name: String,
-) -> Result<Vec<Vec<JsonValue>>, String> {
-    let stmt = format!(
-        "SELECT cid, name, type, notnull, dflt_value, pk from pragma_table_info('{}')",
-        table_name
-    );
-
-    let table_info = core::select(stmt, vec![], state).await;
-    Ok(table_info.unwrap())
 }

src-tauri/src/extension/core.rs

@@ -1,298 +0,0 @@
-use mime;
-use serde::Deserialize;
-use std::fmt;
-use std::fs;
-use std::path::PathBuf;
-
-use tauri::{
-    http::{Request, Response},
-    AppHandle, Error as TauriError, Manager, Runtime, UriSchemeContext,
-};
-
-#[derive(Deserialize, Debug)]
-struct ExtensionInfo {
-    id: String,
-    version: String,
-}
-
-#[derive(Debug)]
-enum DataProcessingError {
-    HexDecoding(hex::FromHexError),
-    Utf8Conversion(std::string::FromUtf8Error),
-    JsonParsing(serde_json::Error),
-}
-
-// Implementierung von Display für benutzerfreundliche Fehlermeldungen
-impl fmt::Display for DataProcessingError {
-    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
-        match self {
-            DataProcessingError::HexDecoding(e) => write!(f, "Hex-Dekodierungsfehler: {}", e),
-            DataProcessingError::Utf8Conversion(e) => {
-                write!(f, "UTF-8-Konvertierungsfehler: {}", e)
-            }
-            DataProcessingError::JsonParsing(e) => write!(f, "JSON-Parsing-Fehler: {}", e),
-        }
-    }
-}
-
-// Implementierung von std::error::Error (optional, aber gute Praxis für bibliotheksähnlichen Code)
-impl std::error::Error for DataProcessingError {
-    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
-        match self {
-            DataProcessingError::HexDecoding(e) => Some(e),
-            DataProcessingError::Utf8Conversion(e) => Some(e),
-            DataProcessingError::JsonParsing(e) => Some(e),
-        }
-    }
-}
-
-// Implementierung von From-Traits für einfache Verwendung des '?'-Operators
-impl From<hex::FromHexError> for DataProcessingError {
-    fn from(err: hex::FromHexError) -> Self {
-        DataProcessingError::HexDecoding(err)
-    }
-}
-
-impl From<std::string::FromUtf8Error> for DataProcessingError {
-    fn from(err: std::string::FromUtf8Error) -> Self {
-        DataProcessingError::Utf8Conversion(err)
-    }
-}
-
-impl From<serde_json::Error> for DataProcessingError {
-    fn from(err: serde_json::Error) -> Self {
-        DataProcessingError::JsonParsing(err)
-    }
-}
-
-pub fn copy_directory(source: String, destination: String) -> Result<(), String> {
-    println!(
-        "Kopiere Verzeichnis von '{}' nach '{}'",
-        source, destination
-    );
-
-    let source_path = PathBuf::from(&source);
-    let destination_path = PathBuf::from(&destination);
-
-    if !source_path.exists() || !source_path.is_dir() {
-        return Err(format!(
-            "Quellverzeichnis '{}' nicht gefunden oder ist kein Verzeichnis.",
-            source
-        ));
-    }
-
-    // Optionen für fs_extra::dir::copy
-    let mut options = fs_extra::dir::CopyOptions::new();
-    options.overwrite = true; // Überschreibe Zieldateien, falls sie existieren
-    options.copy_inside = true; // Kopiere den *Inhalt* des Quellordners in den Zielordner
-                                // options.content_only = true; // Alternative: nur Inhalt kopieren, Zielordner muss existieren
-    options.buffer_size = 64000; // Standard-Puffergröße, kann angepasst werden
-
-    // Führe die Kopieroperation aus
-    match fs_extra::dir::copy(&source_path, &destination_path, &options) {
-        Ok(bytes_copied) => {
-            println!("Verzeichnis erfolgreich kopiert ({} bytes)", bytes_copied);
-            Ok(()) // Erfolg signalisieren
-        }
-        Err(e) => {
-            eprintln!("Fehler beim Kopieren des Verzeichnisses: {}", e);
-            Err(format!("Fehler beim Kopieren: {}", e.to_string())) // Fehler als String zurückgeben
-        }
-    }
-}
-
-pub fn resolve_secure_extension_asset_path<R: Runtime>(
-    app_handle: &AppHandle<R>,
-    extension_id: &str,
-    extension_version: &str,
-    requested_asset_path: &str,
-) -> Result<PathBuf, String> {
-    // 1. Validiere die Extension ID
-    if extension_id.is_empty()
-        || !extension_id
-            .chars()
-            .all(|c| c.is_ascii_alphanumeric() || c == '-')
-    {
-        return Err(format!("Ungültige Extension ID: {}", extension_id));
-    }
-
-    if extension_version.is_empty()
-        || !extension_version
-            .chars()
-            .all(|c| c.is_ascii_alphanumeric() || c == '-' || c == '.')
-    {
-        return Err(format!(
-            "Ungültige Extension Version: {}",
-            extension_version
-        ));
-    }
-
-    // 2. Bestimme das Basisverzeichnis für alle Erweiterungen (Resource Directory)
-    let base_extensions_dir = app_handle
-        .path()
-        .app_data_dir() // Korrekt für Ressourcen
-        // Wenn du stattdessen App Local Data willst: .app_local_data_dir()
-        .map_err(|e: TauriError| format!("Basis-Verzeichnis nicht gefunden: {}", e))?
-        .join("extensions");
-
-    // 3. Verzeichnis für die spezifische Erweiterung
-    let specific_extension_dir =
-        base_extensions_dir.join(format!("{}/{}", extension_id, extension_version));
-
-    // 4. Bereinige den angeforderten Asset-Pfad
-    let clean_relative_path = requested_asset_path
-        .replace('\\', "/")
-        .trim_start_matches('/')
-        .split('/')
-        .filter(|&part| !part.is_empty() && part != "." && part != "..")
-        .collect::<PathBuf>();
-
-    if clean_relative_path.as_os_str().is_empty() && requested_asset_path != "/" {
-        return Err("Leerer oder ungültiger Asset-Pfad".to_string());
-    }
-
-    // 5. Setze den finalen Pfad zusammen
-    let final_path = specific_extension_dir.join(clean_relative_path);
-
-    // 6. SICHERHEITSCHECK (wie vorher)
-    match final_path.canonicalize() {
-        Ok(canonical_path) => {
-            let canonical_base = specific_extension_dir.canonicalize().map_err(|e| {
-                format!(
-                    "Kann Basis-Pfad '{}' nicht kanonisieren: {}",
-                    specific_extension_dir.display(),
-                    e
-                )
-            })?;
-            if canonical_path.starts_with(&canonical_base) {
-                Ok(canonical_path)
-            } else {
-                eprintln!( /* ... Sicherheitswarnung ... */ );
-                Err("Ungültiger oder nicht erlaubter Asset-Pfad (kanonisch)".to_string())
-            }
-        }
-        Err(_) => {
-            // Fehler bei canonicalize (z.B. Pfad existiert nicht)
-            if final_path.starts_with(&specific_extension_dir) {
-                Ok(final_path) // Nicht-kanonisierten Pfad zurückgeben
-            } else {
-                eprintln!( /* ... Sicherheitswarnung ... */ );
-                Err("Ungültiger oder nicht erlaubter Asset-Pfad (nicht kanonisiert)".to_string())
-            }
-        }
-    }
-}
-
-pub fn extension_protocol_handler<R: Runtime>(
-    context: &UriSchemeContext<'_, R>,
-    request: &Request<Vec<u8>>,
-) -> Result<Response<Vec<u8>>, Box<dyn std::error::Error>> {
-    let uri_ref = request.uri();
-    println!("Protokoll Handler für: {}", uri_ref);
-
-    let host = uri_ref
-        .host()
-        .ok_or("Kein Host (Extension ID) in URI gefunden")?
-        .to_string();
-
-    let path_str = uri_ref.path();
-    let segments_iter = path_str.split('/').filter(|s| !s.is_empty());
-    let resource_segments: Vec<&str> = segments_iter.collect();
-    let raw_asset_path = resource_segments.join("/");
-    let asset_to_load = if raw_asset_path.is_empty() {
-        "index.html"
-    } else {
-        &raw_asset_path
-    };
-
-    match process_hex_encoded_json(&host) {
-        Ok(info) => {
-            println!("Daten erfolgreich verarbeitet:");
-            println!("  ID: {}", info.id);
-            println!("  Version: {}", info.version);
-            let absolute_secure_path = resolve_secure_extension_asset_path(
-                context.app_handle(),
-                &info.id,
-                &info.version,
-                &asset_to_load,
-            )?;
-
-            println!("absolute_secure_path: {}", absolute_secure_path.display());
-
-            if absolute_secure_path.exists() && absolute_secure_path.is_file() {
-                match fs::read(&absolute_secure_path) {
-                    Ok(content) => {
-                        let mime_type = mime_guess::from_path(&absolute_secure_path)
-                            .first_or(mime::APPLICATION_OCTET_STREAM)
-                            .to_string();
-                        let content_length = content.len();
-                        println!(
-                            "Liefere {} ({}, {} bytes) ", // Content-Length zum Log hinzugefügt
-                            absolute_secure_path.display(),
-                            mime_type,
-                            content_length
-                        );
-                        Response::builder()
-                            .status(200)
-                            .header("Content-Type", mime_type)
-                            .header("Content-Length", content_length.to_string()) // <-- HIER HINZUGEFÜGT
-                            // Optional, aber gut für Streaming-Fähigkeit:
-                            .header("Accept-Ranges", "bytes")
-                            .body(content)
-                            .map_err(|e| e.into())
-                    }
-                    Err(e) => {
-                        eprintln!(
-                            "Fehler beim Lesen der Datei {}: {}",
-                            absolute_secure_path.display(),
-                            e
-                        );
-                        let status_code = if e.kind() == std::io::ErrorKind::NotFound {
-                            404
-                        } else if e.kind() == std::io::ErrorKind::PermissionDenied {
-                            403
-                        } else {
-                            500
-                        };
-
-                        Response::builder()
-                            .status(status_code)
-                            .body(Vec::new()) // Leerer Body für Fehler
-                            .map_err(|e| e.into()) // Wandle http::Error in Box<dyn Error> um
-                    }
-                }
-            } else {
-                // Datei nicht gefunden oder es ist keine Datei
-                eprintln!(
-                    "Asset nicht gefunden oder ist kein File: {}",
-                    absolute_secure_path.display()
-                );
-                Response::builder()
-                    .status(404) // HTTP 404 Not Found
-                    .body(Vec::new())
-                    .map_err(|e| e.into())
-            }
-        }
-        Err(e) => {
-            eprintln!("Fehler bei der Datenverarbeitung: {}", e);
-
-            Response::builder()
-                .status(500)
-                .body(Vec::new()) // Leerer Body für Fehler
-                .map_err(|e| e.into())
-        }
-    }
-}
-
-fn process_hex_encoded_json(hex_input: &str) -> Result<ExtensionInfo, DataProcessingError> {
-    // Schritt 1: Hex-String zu Bytes dekodieren
-    let bytes = hex::decode(hex_input)?; // Konvertiert hex::FromHexError automatisch
-
-    // Schritt 2: Bytes zu UTF-8-String konvertieren
-    let json_string = String::from_utf8(bytes)?; // Konvertiert FromUtf8Error automatisch
-
-    // Schritt 3: JSON-String zu Struktur parsen
-    let extension_info: ExtensionInfo = serde_json::from_str(&json_string)?; // Konvertiert serde_json::Error automatisch
-
-    Ok(extension_info)
-}

src-tauri/src/extension/core/manager.rs

@@ -0,0 +1,869 @@
+use crate::database::core::with_connection;
+use crate::database::error::DatabaseError;
+use crate::extension::core::manifest::{EditablePermissions, ExtensionManifest, ExtensionPreview};
+use crate::extension::core::types::{copy_directory, Extension, ExtensionSource};
+use crate::extension::core::ExtensionPermissions;
+use crate::extension::crypto::ExtensionCrypto;
+use crate::extension::database::executor::SqlExecutor;
+use crate::extension::error::ExtensionError;
+use crate::extension::permissions::manager::PermissionManager;
+use crate::extension::permissions::types::ExtensionPermission;
+use crate::table_names::{TABLE_EXTENSIONS, TABLE_EXTENSION_PERMISSIONS};
+use crate::AppState;
+use std::collections::HashMap;
+use std::fs;
+use std::path::PathBuf;
+use std::sync::Mutex;
+use std::time::{Duration, SystemTime};
+use tauri::{AppHandle, Manager, State};
+use zip::ZipArchive;
+
+#[derive(Debug, Clone)]
+pub struct CachedPermission {
+    pub permissions: Vec<ExtensionPermission>,
+    pub cached_at: SystemTime,
+    pub ttl: Duration,
+}
+
+#[derive(Debug, Clone)]
+pub struct MissingExtension {
+    pub id: String,
+    pub public_key: String,
+    pub name: String,
+    pub version: String,
+}
+
+struct ExtensionDataFromDb {
+    id: String,
+    manifest: ExtensionManifest,
+    enabled: bool,
+}
+
+#[derive(Default)]
+pub struct ExtensionManager {
+    pub production_extensions: Mutex<HashMap<String, Extension>>,
+    pub dev_extensions: Mutex<HashMap<String, Extension>>,
+    pub permission_cache: Mutex<HashMap<String, CachedPermission>>,
+    pub missing_extensions: Mutex<Vec<MissingExtension>>,
+}
+
+struct ExtractedExtension {
+    temp_dir: PathBuf,
+    manifest: ExtensionManifest,
+    content_hash: String,
+}
+
+impl Drop for ExtractedExtension {
+    fn drop(&mut self) {
+        std::fs::remove_dir_all(&self.temp_dir).ok();
+    }
+}
+
+impl ExtensionManager {
+    pub fn new() -> Self {
+        Self::default()
+    }
+
+    /// Helper function to validate path and check for path traversal
+    /// Returns the cleaned path if valid, or None if invalid/not found
+    /// If require_exists is true, returns None if path doesn't exist
+    pub fn validate_path_in_directory(
+        base_dir: &PathBuf,
+        relative_path: &str,
+        require_exists: bool,
+    ) -> Result<Option<PathBuf>, ExtensionError> {
+        // Check for path traversal patterns
+        if relative_path.contains("..") {
+            return Err(ExtensionError::SecurityViolation {
+                reason: format!("Path traversal attempt: {relative_path}"),
+            });
+        }
+
+        // Clean the path (same logic as in protocol.rs)
+        let clean_path = relative_path
+            .replace('\\', "/")
+            .trim_start_matches('/')
+            .split('/')
+            .filter(|&part| !part.is_empty() && part != "." && part != "..")
+            .collect::<PathBuf>();
+
+        let full_path = base_dir.join(&clean_path);
+
+        // Check if file/directory exists (if required)
+        if require_exists && !full_path.exists() {
+            return Ok(None);
+        }
+
+        // Verify path is within base directory
+        let canonical_base = base_dir
+            .canonicalize()
+            .map_err(|e| ExtensionError::Filesystem { source: e })?;
+
+        if let Ok(canonical_path) = full_path.canonicalize() {
+            if !canonical_path.starts_with(&canonical_base) {
+                return Err(ExtensionError::SecurityViolation {
+                    reason: format!("Path outside base directory: {relative_path}"),
+                });
+            }
+            Ok(Some(canonical_path))
+        } else {
+            // Path doesn't exist yet - still validate it would be within base
+            if full_path.starts_with(&canonical_base) {
+                Ok(Some(full_path))
+            } else {
+                Err(ExtensionError::SecurityViolation {
+                    reason: format!("Path outside base directory: {relative_path}"),
+                })
+            }
+        }
+    }
+
+    /// Validates icon path and falls back to favicon.ico if not specified
+    fn validate_and_resolve_icon_path(
+        extension_dir: &PathBuf,
+        haextension_dir: &str,
+        icon_path: Option<&str>,
+    ) -> Result<Option<String>, ExtensionError> {
+        // If icon is specified in manifest, validate it
+        if let Some(icon) = icon_path {
+            if let Some(clean_path) = Self::validate_path_in_directory(extension_dir, icon, true)? {
+                return Ok(Some(clean_path.to_string_lossy().to_string()));
+            } else {
+                eprintln!("WARNING: Icon path specified in manifest not found: {icon}");
+                // Continue to fallback logic
+            }
+        }
+
+        // Fallback 1: Check haextension/favicon.ico
+        let haextension_favicon = format!("{haextension_dir}/favicon.ico");
+        if let Some(clean_path) = Self::validate_path_in_directory(extension_dir, &haextension_favicon, true)? {
+            return Ok(Some(clean_path.to_string_lossy().to_string()));
+        }
+
+        // Fallback 2: Check public/favicon.ico
+        if let Some(clean_path) = Self::validate_path_in_directory(extension_dir, "public/favicon.ico", true)? {
+            return Ok(Some(clean_path.to_string_lossy().to_string()));
+        }
+
+        // No icon found
+        Ok(None)
+    }
+
+    /// Extrahiert eine Extension-ZIP-Datei und validiert das Manifest
+    fn extract_and_validate_extension(
+        bytes: Vec<u8>,
+        temp_prefix: &str,
+        app_handle: &AppHandle,
+    ) -> Result<ExtractedExtension, ExtensionError> {
+        // Use app_cache_dir for better Android compatibility
+        let cache_dir = app_handle
+            .path()
+            .app_cache_dir()
+            .map_err(|e| ExtensionError::InstallationFailed {
+                reason: format!("Cannot get app cache dir: {e}"),
+            })?;
+
+        let temp_id = uuid::Uuid::new_v4();
+        let temp = cache_dir.join(format!("{temp_prefix}_{temp_id}"));
+        let zip_file_path = cache_dir.join(format!("{}_{}_{}.haextension", temp_prefix, temp_id, "temp"));
+
+        // Write bytes to a temporary ZIP file first (important for Android file system)
+        fs::write(&zip_file_path, &bytes).map_err(|e| {
+            ExtensionError::filesystem_with_path(zip_file_path.display().to_string(), e)
+        })?;
+
+        // Create extraction directory
+        fs::create_dir_all(&temp)
+            .map_err(|e| ExtensionError::filesystem_with_path(temp.display().to_string(), e))?;
+
+        // Open ZIP file from disk (more reliable on Android than from memory)
+        let zip_file = fs::File::open(&zip_file_path).map_err(|e| {
+            ExtensionError::filesystem_with_path(zip_file_path.display().to_string(), e)
+        })?;
+
+        let mut archive = ZipArchive::new(zip_file).map_err(|e| {
+            ExtensionError::InstallationFailed {
+                reason: format!("Invalid ZIP: {e}"),
+            }
+        })?;
+
+        archive
+            .extract(&temp)
+            .map_err(|e| ExtensionError::InstallationFailed {
+                reason: format!("Cannot extract ZIP: {e}"),
+            })?;
+
+        // Clean up temporary ZIP file
+        let _ = fs::remove_file(&zip_file_path);
+
+        // Read haextension_dir from config if it exists, otherwise use default
+        let config_path = temp.join("haextension.config.json");
+        let haextension_dir = if config_path.exists() {
+            let config_content = std::fs::read_to_string(&config_path)
+                .map_err(|e| ExtensionError::ManifestError {
+                    reason: format!("Cannot read haextension.config.json: {e}"),
+                })?;
+
+            let config: serde_json::Value = serde_json::from_str(&config_content)
+                .map_err(|e| ExtensionError::ManifestError {
+                    reason: format!("Invalid haextension.config.json: {e}"),
+                })?;
+
+            let dir = config
+                .get("dev")
+                .and_then(|dev| dev.get("haextension_dir"))
+                .and_then(|dir| dir.as_str())
+                .unwrap_or("haextension")
+                .to_string();
+
+            dir
+        } else {
+            "haextension".to_string()
+        };
+
+        // Validate manifest path using helper function
+        let manifest_relative_path = format!("{haextension_dir}/manifest.json");
+        let manifest_path = Self::validate_path_in_directory(&temp, &manifest_relative_path, true)?
+            .ok_or_else(|| ExtensionError::ManifestError {
+                reason: format!("manifest.json not found at {haextension_dir}/manifest.json"),
+            })?;
+
+        let actual_dir = temp.clone();
+        let manifest_content =
+            std::fs::read_to_string(&manifest_path).map_err(|e| ExtensionError::ManifestError {
+                reason: format!("Cannot read manifest: {e}"),
+            })?;
+
+        let mut manifest: ExtensionManifest = serde_json::from_str(&manifest_content)?;
+
+        // Validate and resolve icon path with fallback logic
+        let validated_icon = Self::validate_and_resolve_icon_path(&actual_dir, &haextension_dir, manifest.icon.as_deref())?;
+        manifest.icon = validated_icon;
+
+        let content_hash = ExtensionCrypto::hash_directory(&actual_dir, &manifest_path).map_err(|e| {
+            ExtensionError::SignatureVerificationFailed {
+                reason: e.to_string(),
+            }
+        })?;
+
+        Ok(ExtractedExtension {
+            temp_dir: actual_dir,
+            manifest,
+            content_hash,
+        })
+    }
+
+    pub fn get_base_extension_dir(
+        &self,
+        app_handle: &AppHandle,
+    ) -> Result<PathBuf, ExtensionError> {
+        let path = app_handle
+            .path()
+            .app_local_data_dir()
+            .map_err(|e| ExtensionError::Filesystem {
+                source: std::io::Error::new(std::io::ErrorKind::NotFound, e.to_string()),
+            })?
+            .join("extensions");
+
+        // Sicherstellen, dass das Basisverzeichnis existiert
+        if !path.exists() {
+            fs::create_dir_all(&path)
+                .map_err(|e| ExtensionError::filesystem_with_path(path.display().to_string(), e))?;
+        }
+        Ok(path)
+    }
+
+    pub fn get_extension_dir(
+        &self,
+        app_handle: &AppHandle,
+        public_key: &str,
+        extension_name: &str,
+        extension_version: &str,
+    ) -> Result<PathBuf, ExtensionError> {
+        let specific_extension_dir = self
+            .get_base_extension_dir(app_handle)?
+            .join(public_key)
+            .join(extension_name)
+            .join(extension_version);
+
+        Ok(specific_extension_dir)
+    }
+
+    pub fn add_production_extension(&self, extension: Extension) -> Result<(), ExtensionError> {
+        if extension.id.is_empty() {
+            return Err(ExtensionError::ValidationError {
+                reason: "Extension ID cannot be empty".to_string(),
+            });
+        }
+
+        match &extension.source {
+            ExtensionSource::Production { .. } => {
+                let mut extensions = self.production_extensions.lock().unwrap();
+                extensions.insert(extension.id.clone(), extension);
+                Ok(())
+            }
+            _ => Err(ExtensionError::ValidationError {
+                reason: "Expected Production source".to_string(),
+            }),
+        }
+    }
+
+    pub fn add_dev_extension(&self, extension: Extension) -> Result<(), ExtensionError> {
+        if extension.id.is_empty() {
+            return Err(ExtensionError::ValidationError {
+                reason: "Extension ID cannot be empty".to_string(),
+            });
+        }
+
+        match &extension.source {
+            ExtensionSource::Development { .. } => {
+                let mut extensions = self.dev_extensions.lock().unwrap();
+                extensions.insert(extension.id.clone(), extension);
+                Ok(())
+            }
+            _ => Err(ExtensionError::ValidationError {
+                reason: "Expected Development source".to_string(),
+            }),
+        }
+    }
+
+    pub fn get_extension(&self, extension_id: &str) -> Option<Extension> {
+        let dev_extensions = self.dev_extensions.lock().unwrap();
+        if let Some(extension) = dev_extensions.get(extension_id) {
+            return Some(extension.clone());
+        }
+
+        let prod_extensions = self.production_extensions.lock().unwrap();
+        prod_extensions.get(extension_id).cloned()
+    }
+
+    /// Find extension ID by public_key and name (checks dev extensions first, then production)
+    fn find_extension_id_by_public_key_and_name(
+        &self,
+        public_key: &str,
+        name: &str,
+    ) -> Result<Option<(String, Extension)>, ExtensionError> {
+        // 1. Check dev extensions first (higher priority)
+        let dev_extensions =
+            self.dev_extensions
+                .lock()
+                .map_err(|e| ExtensionError::MutexPoisoned {
+                    reason: e.to_string(),
+                })?;
+
+        for (id, ext) in dev_extensions.iter() {
+            if ext.manifest.public_key == public_key && ext.manifest.name == name {
+                return Ok(Some((id.clone(), ext.clone())));
+            }
+        }
+
+        // 2. Check production extensions
+        let prod_extensions =
+            self.production_extensions
+                .lock()
+                .map_err(|e| ExtensionError::MutexPoisoned {
+                    reason: e.to_string(),
+                })?;
+
+        for (id, ext) in prod_extensions.iter() {
+            if ext.manifest.public_key == public_key && ext.manifest.name == name {
+                return Ok(Some((id.clone(), ext.clone())));
+            }
+        }
+
+        Ok(None)
+    }
+
+    /// Get extension by public_key and name (used by frontend)
+    pub fn get_extension_by_public_key_and_name(
+        &self,
+        public_key: &str,
+        name: &str,
+    ) -> Result<Option<Extension>, ExtensionError> {
+        Ok(self
+            .find_extension_id_by_public_key_and_name(public_key, name)?
+            .map(|(_, ext)| ext))
+    }
+
+    pub fn remove_extension(&self, public_key: &str, name: &str) -> Result<(), ExtensionError> {
+        let (id, _) = self
+            .find_extension_id_by_public_key_and_name(public_key, name)?
+            .ok_or_else(|| ExtensionError::NotFound {
+                public_key: public_key.to_string(),
+                name: name.to_string(),
+            })?;
+
+        // Remove from dev extensions first
+        {
+            let mut dev_extensions =
+                self.dev_extensions
+                    .lock()
+                    .map_err(|e| ExtensionError::MutexPoisoned {
+                        reason: e.to_string(),
+                    })?;
+            if dev_extensions.remove(&id).is_some() {
+                return Ok(());
+            }
+        }
+
+        // Remove from production extensions
+        {
+            let mut prod_extensions =
+                self.production_extensions
+                    .lock()
+                    .map_err(|e| ExtensionError::MutexPoisoned {
+                        reason: e.to_string(),
+                    })?;
+            prod_extensions.remove(&id);
+        }
+
+        Ok(())
+    }
+
+    pub async fn remove_extension_internal(
+        &self,
+        app_handle: &AppHandle,
+        public_key: &str,
+        extension_name: &str,
+        extension_version: &str,
+        state: &State<'_, AppState>,
+    ) -> Result<(), ExtensionError> {
+        // Get the extension from memory to get its ID
+        let extension = self
+            .get_extension_by_public_key_and_name(public_key, extension_name)?
+            .ok_or_else(|| ExtensionError::NotFound {
+                public_key: public_key.to_string(),
+                name: extension_name.to_string(),
+            })?;
+
+        eprintln!("DEBUG: Removing extension with ID: {}", extension.id);
+        eprintln!(
+            "DEBUG: Extension name: {extension_name}, version: {extension_version}"
+        );
+
+        // Lösche Permissions und Extension-Eintrag in einer Transaktion
+        with_connection(&state.db, |conn| {
+            let tx = conn.transaction().map_err(DatabaseError::from)?;
+
+            let hlc_service = state.hlc.lock().map_err(|_| DatabaseError::MutexPoisoned {
+                reason: "Failed to lock HLC service".to_string(),
+            })?;
+
+            // Lösche alle Permissions mit extension_id
+            eprintln!(
+                "DEBUG: Deleting permissions for extension_id: {}",
+                extension.id
+            );
+            PermissionManager::delete_permissions_in_transaction(&tx, &hlc_service, &extension.id)?;
+
+            // Lösche Extension-Eintrag mit extension_id
+            let sql = format!("DELETE FROM {TABLE_EXTENSIONS} WHERE id = ?");
+            eprintln!("DEBUG: Executing SQL: {} with id = {}", sql, extension.id);
+            SqlExecutor::execute_internal_typed(
+                &tx,
+                &hlc_service,
+                &sql,
+                rusqlite::params![&extension.id],
+            )?;
+
+            eprintln!("DEBUG: Committing transaction");
+            tx.commit().map_err(DatabaseError::from)
+        })?;
+
+        eprintln!("DEBUG: Transaction committed successfully");
+
+        // Entferne aus dem In-Memory-Manager
+        self.remove_extension(public_key, extension_name)?;
+
+        // Lösche nur den spezifischen Versions-Ordner: public_key/name/version
+        let extension_dir =
+            self.get_extension_dir(app_handle, public_key, extension_name, extension_version)?;
+
+        if extension_dir.exists() {
+            std::fs::remove_dir_all(&extension_dir).map_err(|e| {
+                ExtensionError::filesystem_with_path(extension_dir.display().to_string(), e)
+            })?;
+
+            // Versuche, leere Parent-Ordner zu löschen
+            // 1. Extension-Name-Ordner (key_hash/name)
+            if let Some(name_dir) = extension_dir.parent() {
+                if name_dir.exists() {
+                    if let Ok(entries) = std::fs::read_dir(name_dir) {
+                        if entries.count() == 0 {
+                            let _ = std::fs::remove_dir(name_dir);
+
+                            // 2. Key-Hash-Ordner (key_hash) - nur wenn auch leer
+                            if let Some(key_hash_dir) = name_dir.parent() {
+                                if key_hash_dir.exists() {
+                                    if let Ok(entries) = std::fs::read_dir(key_hash_dir) {
+                                        if entries.count() == 0 {
+                                            let _ = std::fs::remove_dir(key_hash_dir);
+                                        }
+                                    }
+                                }
+                            }
+                        }
+                    }
+                }
+            }
+        }
+
+        Ok(())
+    }
+
+    pub async fn preview_extension_internal(
+        &self,
+        app_handle: &AppHandle,
+        file_bytes: Vec<u8>,
+    ) -> Result<ExtensionPreview, ExtensionError> {
+        let extracted = Self::extract_and_validate_extension(file_bytes, "haexhub_preview", app_handle)?;
+
+        let is_valid_signature = ExtensionCrypto::verify_signature(
+            &extracted.manifest.public_key,
+            &extracted.content_hash,
+            &extracted.manifest.signature,
+        )
+        .is_ok();
+
+        let editable_permissions = extracted.manifest.to_editable_permissions();
+
+        Ok(ExtensionPreview {
+            manifest: extracted.manifest.clone(),
+            is_valid_signature,
+            editable_permissions,
+        })
+    }
+
+    pub async fn install_extension_with_permissions_internal(
+        &self,
+        app_handle: AppHandle,
+        file_bytes: Vec<u8>,
+        custom_permissions: EditablePermissions,
+        state: &State<'_, AppState>,
+    ) -> Result<String, ExtensionError> {
+        let extracted = Self::extract_and_validate_extension(file_bytes, "haexhub_ext", &app_handle)?;
+
+        // Signatur verifizieren (bei Installation wird ein Fehler geworfen, nicht nur geprüft)
+        ExtensionCrypto::verify_signature(
+            &extracted.manifest.public_key,
+            &extracted.content_hash,
+            &extracted.manifest.signature,
+        )
+        .map_err(|e| ExtensionError::SignatureVerificationFailed { reason: e })?;
+
+        let extensions_dir = self.get_extension_dir(
+            &app_handle,
+            &extracted.manifest.public_key,
+            &extracted.manifest.name,
+            &extracted.manifest.version,
+        )?;
+
+        // If extension version already exists, remove it completely before installing
+        if extensions_dir.exists() {
+            eprintln!(
+                "Extension version already exists at {}, removing old version",
+                extensions_dir.display()
+            );
+            std::fs::remove_dir_all(&extensions_dir).map_err(|e| {
+                ExtensionError::filesystem_with_path(extensions_dir.display().to_string(), e)
+            })?;
+        }
+
+        std::fs::create_dir_all(&extensions_dir).map_err(|e| {
+            ExtensionError::filesystem_with_path(extensions_dir.display().to_string(), e)
+        })?;
+
+        // Copy contents of extracted.temp_dir to extensions_dir
+        // Note: extracted.temp_dir already points to the correct directory with manifest.json
+        for entry in fs::read_dir(&extracted.temp_dir).map_err(|e| {
+            ExtensionError::filesystem_with_path(extracted.temp_dir.display().to_string(), e)
+        })? {
+            let entry = entry.map_err(|e| ExtensionError::Filesystem { source: e })?;
+            let path = entry.path();
+            let file_name = entry.file_name();
+            let dest_path = extensions_dir.join(&file_name);
+
+            if path.is_dir() {
+                copy_directory(
+                    path.to_string_lossy().to_string(),
+                    dest_path.to_string_lossy().to_string(),
+                )?;
+            } else {
+                fs::copy(&path, &dest_path).map_err(|e| {
+                    ExtensionError::filesystem_with_path(path.display().to_string(), e)
+                })?;
+            }
+        }
+
+        // Generate UUID for extension (Drizzle's $defaultFn only works from JS, not raw SQL)
+        let extension_id = uuid::Uuid::new_v4().to_string();
+        let permissions = custom_permissions.to_internal_permissions(&extension_id);
+
+        // Extension-Eintrag und Permissions in einer Transaktion speichern
+        let actual_extension_id = with_connection(&state.db, |conn| {
+            let tx = conn.transaction().map_err(DatabaseError::from)?;
+
+            let hlc_service_guard = state.hlc.lock().map_err(|_| DatabaseError::MutexPoisoned {
+                reason: "Failed to lock HLC service".to_string(),
+            })?;
+            // Klonen, um den MutexGuard freizugeben, bevor potenziell lange DB-Operationen stattfinden
+            let hlc_service = hlc_service_guard.clone();
+            drop(hlc_service_guard);
+
+            // 1. Extension-Eintrag erstellen mit generierter UUID
+            let insert_ext_sql = format!(
+                "INSERT INTO {TABLE_EXTENSIONS} (id, name, version, author, entry, icon, public_key, signature, homepage, description, enabled, single_instance) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
+            );
+
+            SqlExecutor::execute_internal_typed(
+                    &tx,
+                    &hlc_service,
+                    &insert_ext_sql,
+                    rusqlite::params![
+                        extension_id,
+                        extracted.manifest.name,
+                        extracted.manifest.version,
+                        extracted.manifest.author,
+                        extracted.manifest.entry,
+                        extracted.manifest.icon,
+                        extracted.manifest.public_key,
+                        extracted.manifest.signature,
+                        extracted.manifest.homepage,
+                        extracted.manifest.description,
+                        true, // enabled
+                        extracted.manifest.single_instance.unwrap_or(false),
+                    ],
+                )?;
+
+            // 2. Permissions speichern
+            let insert_perm_sql = format!(
+                "INSERT INTO {TABLE_EXTENSION_PERMISSIONS} (id, extension_id, resource_type, action, target, constraints, status) VALUES (?, ?, ?, ?, ?, ?, ?)"
+            );
+
+            for perm in &permissions {
+                use crate::database::generated::HaexExtensionPermissions;
+                let db_perm: HaexExtensionPermissions = perm.into();
+
+                SqlExecutor::execute_internal_typed(
+                    &tx,
+                    &hlc_service,
+                    &insert_perm_sql,
+                    rusqlite::params![
+                        db_perm.id,
+                        db_perm.extension_id,
+                        db_perm.resource_type,
+                        db_perm.action,
+                        db_perm.target,
+                        db_perm.constraints,
+                        db_perm.status,
+                    ],
+                )?;
+            }
+
+            tx.commit().map_err(DatabaseError::from)?;
+            Ok(extension_id.clone())
+        })?;
+
+        let extension = Extension {
+            id: extension_id.clone(),
+            source: ExtensionSource::Production {
+                path: extensions_dir.clone(),
+                version: extracted.manifest.version.clone(),
+            },
+            manifest: extracted.manifest.clone(),
+            enabled: true,
+            last_accessed: SystemTime::now(),
+        };
+
+        self.add_production_extension(extension)?;
+
+        Ok(actual_extension_id) // Gebe die actual_extension_id an den Caller zurück
+    }
+
+    /// Scannt das Dateisystem beim Start und lädt alle installierten Erweiterungen.
+    pub async fn load_installed_extensions(
+        &self,
+        app_handle: &AppHandle,
+        state: &State<'_, AppState>,
+    ) -> Result<Vec<String>, ExtensionError> {
+        // Clear existing data
+        self.production_extensions
+            .lock()
+            .map_err(|e| ExtensionError::MutexPoisoned {
+                reason: e.to_string(),
+            })?
+            .clear();
+        self.permission_cache
+            .lock()
+            .map_err(|e| ExtensionError::MutexPoisoned {
+                reason: e.to_string(),
+            })?
+            .clear();
+        self.missing_extensions
+            .lock()
+            .map_err(|e| ExtensionError::MutexPoisoned {
+                reason: e.to_string(),
+            })?
+            .clear();
+
+        // Lade alle Daten aus der Datenbank
+        let extensions = with_connection(&state.db, |conn| {
+            let sql = format!(
+            "SELECT id, name, version, author, entry, icon, public_key, signature, homepage, description, enabled, single_instance FROM {TABLE_EXTENSIONS}"
+        );
+            eprintln!("DEBUG: SQL Query before transformation: {sql}");
+
+            let results = SqlExecutor::query_select(conn, &sql, &[])?;
+            eprintln!("DEBUG: Query returned {} results", results.len());
+
+            let mut data = Vec::new();
+            for row in results {
+                // Wir erwarten die Werte in der Reihenfolge der SELECT-Anweisung
+                let id = row[0]
+                    .as_str()
+                    .ok_or_else(|| DatabaseError::SerializationError {
+                        reason: "Missing id field".to_string(),
+                    })?
+                    .to_string();
+
+                let manifest = ExtensionManifest {
+                    name: row[1]
+                        .as_str()
+                        .ok_or_else(|| DatabaseError::SerializationError {
+                            reason: "Missing name field".to_string(),
+                        })?
+                        .to_string(),
+                    version: row[2]
+                        .as_str()
+                        .ok_or_else(|| DatabaseError::SerializationError {
+                            reason: "Missing version field".to_string(),
+                        })?
+                        .to_string(),
+                    author: row[3].as_str().map(String::from),
+                    entry: row[4].as_str().map(String::from),
+                    icon: row[5].as_str().map(String::from),
+                    public_key: row[6].as_str().unwrap_or("").to_string(),
+                    signature: row[7].as_str().unwrap_or("").to_string(),
+                    permissions: ExtensionPermissions::default(),
+                    homepage: row[8].as_str().map(String::from),
+                    description: row[9].as_str().map(String::from),
+                    single_instance: row[11]
+                        .as_bool()
+                        .or_else(|| row[11].as_i64().map(|v| v != 0)),
+                };
+
+                let enabled = row[10]
+                    .as_bool()
+                    .or_else(|| row[10].as_i64().map(|v| v != 0))
+                    .unwrap_or(false);
+
+                data.push(ExtensionDataFromDb {
+                    id,
+                    manifest,
+                    enabled,
+                });
+            }
+            Ok(data)
+        })?;
+
+        // Schritt 2: Die gesammelten Daten verarbeiten (Dateisystem, State-Mutationen).
+        let mut loaded_extension_ids = Vec::new();
+
+        eprintln!("DEBUG: Found {} extensions in database", extensions.len());
+
+        for extension_data in extensions {
+            let extension_id = extension_data.id;
+            eprintln!("DEBUG: Processing extension: {extension_id}");
+
+            // Use public_key/name/version path structure
+            let extension_path = self.get_extension_dir(
+                app_handle,
+                &extension_data.manifest.public_key,
+                &extension_data.manifest.name,
+                &extension_data.manifest.version,
+            )?;
+
+            // Check if extension directory exists
+            if !extension_path.exists() {
+                eprintln!(
+                    "DEBUG: Extension directory missing for: {extension_id} at {extension_path:?}"
+                );
+                self.missing_extensions
+                    .lock()
+                    .map_err(|e| ExtensionError::MutexPoisoned {
+                        reason: e.to_string(),
+                    })?
+                    .push(MissingExtension {
+                        id: extension_id.clone(),
+                        public_key: extension_data.manifest.public_key.clone(),
+                        name: extension_data.manifest.name.clone(),
+                        version: extension_data.manifest.version.clone(),
+                    });
+                continue;
+            }
+
+            // Read haextension_dir from config if it exists, otherwise use default
+            let config_path = extension_path.join("haextension.config.json");
+            let haextension_dir = if config_path.exists() {
+                match std::fs::read_to_string(&config_path) {
+                    Ok(config_content) => {
+                        match serde_json::from_str::<serde_json::Value>(&config_content) {
+                            Ok(config) => {
+                                config
+                                    .get("dev")
+                                    .and_then(|dev| dev.get("haextension_dir"))
+                                    .and_then(|dir| dir.as_str())
+                                    .unwrap_or("haextension")
+                                    .to_string()
+                            }
+                            Err(_) => "haextension".to_string(),
+                        }
+                    }
+                    Err(_) => "haextension".to_string(),
+                }
+            } else {
+                "haextension".to_string()
+            };
+
+            // Validate manifest.json path using helper function
+            let manifest_relative_path = format!("{haextension_dir}/manifest.json");
+            if Self::validate_path_in_directory(&extension_path, &manifest_relative_path, true)?
+                .is_none()
+            {
+                eprintln!(
+                    "DEBUG: manifest.json missing or invalid for: {extension_id} at {haextension_dir}/manifest.json"
+                );
+                self.missing_extensions
+                    .lock()
+                    .map_err(|e| ExtensionError::MutexPoisoned {
+                        reason: e.to_string(),
+                    })?
+                    .push(MissingExtension {
+                        id: extension_id.clone(),
+                        public_key: extension_data.manifest.public_key.clone(),
+                        name: extension_data.manifest.name.clone(),
+                        version: extension_data.manifest.version.clone(),
+                    });
+                continue;
+            }
+
+            eprintln!("DEBUG: Extension loaded successfully: {extension_id}");
+
+            let extension = Extension {
+                id: extension_id.clone(),
+                source: ExtensionSource::Production {
+                    path: extension_path,
+                    version: extension_data.manifest.version.clone(),
+                },
+                manifest: extension_data.manifest,
+                enabled: extension_data.enabled,
+                last_accessed: SystemTime::now(),
+            };
+
+            loaded_extension_ids.push(extension_id.clone());
+            self.add_production_extension(extension)?;
+        }
+
+        Ok(loaded_extension_ids)
+    }
+}

src-tauri/src/extension/core/manifest.rs

@@ -0,0 +1,214 @@
+use crate::extension::error::ExtensionError;
+use crate::extension::permissions::types::{
+    Action, DbAction, ExtensionPermission, FsAction, HttpAction, PermissionConstraints,
+    PermissionStatus, ResourceType, ShellAction,
+};
+use serde::{Deserialize, Serialize};
+use std::str::FromStr;
+use ts_rs::TS;
+
+/// Repräsentiert einen einzelnen Berechtigungseintrag im Manifest und im UI-Modell.
+#[derive(Serialize, Deserialize, Clone, Debug, Default, TS)]
+#[ts(export)]
+pub struct PermissionEntry {
+    pub target: String,
+
+    /// Die auszuführende Aktion (z.B. "read", "read_write", "GET", "execute").
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub operation: Option<String>,
+
+    /// Optionale, spezifische Einschränkungen für diese Berechtigung.
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    #[ts(type = "Record<string, unknown>")]
+    pub constraints: Option<serde_json::Value>,
+
+    /// Der Status der Berechtigung (wird nur im UI-Modell verwendet).
+    #[serde(default, skip_serializing_if = "Option::is_none")]
+    pub status: Option<PermissionStatus>,
+}
+
+#[derive(Serialize, Deserialize, TS)]
+#[ts(export)]
+pub struct ExtensionPreview {
+    pub manifest: ExtensionManifest,
+    pub is_valid_signature: bool,
+    pub editable_permissions: EditablePermissions,
+}
+/// Definiert die einheitliche Struktur für alle Berechtigungsarten im Manifest und UI.
+#[derive(Serialize, Deserialize, Clone, Debug, Default, TS)]
+#[ts(export)]
+pub struct ExtensionPermissions {
+    #[serde(default)]
+    pub database: Option<Vec<PermissionEntry>>,
+    #[serde(default)]
+    pub filesystem: Option<Vec<PermissionEntry>>,
+    #[serde(default)]
+    pub http: Option<Vec<PermissionEntry>>,
+    #[serde(default)]
+    pub shell: Option<Vec<PermissionEntry>>,
+}
+
+/// Typ-Alias für bessere Lesbarkeit, wenn die Struktur als UI-Modell verwendet wird.
+pub type EditablePermissions = ExtensionPermissions;
+
+#[derive(Serialize, Deserialize, Clone, Debug, TS)]
+#[ts(export)]
+pub struct ExtensionManifest {
+    pub name: String,
+    pub version: String,
+    pub author: Option<String>,
+    #[serde(default = "default_entry_value")]
+    pub entry: Option<String>,
+    pub icon: Option<String>,
+    pub public_key: String,
+    pub signature: String,
+    pub permissions: ExtensionPermissions,
+    pub homepage: Option<String>,
+    pub description: Option<String>,
+    #[serde(default)]
+    pub single_instance: Option<bool>,
+}
+
+fn default_entry_value() -> Option<String> {
+    Some("index.html".to_string())
+}
+
+impl ExtensionManifest {
+    /// Konvertiert die Manifest-Berechtigungen in das bearbeitbare UI-Modell,
+    /// indem der Standardstatus `Granted` gesetzt wird.
+    pub fn to_editable_permissions(&self) -> EditablePermissions {
+        let mut editable = self.permissions.clone();
+
+        let set_status_for_list = |list: Option<&mut Vec<PermissionEntry>>| {
+            if let Some(entries) = list {
+                for entry in entries.iter_mut() {
+                    entry.status = Some(PermissionStatus::Granted);
+                }
+            }
+        };
+
+        set_status_for_list(editable.database.as_mut());
+        set_status_for_list(editable.filesystem.as_mut());
+        set_status_for_list(editable.http.as_mut());
+        set_status_for_list(editable.shell.as_mut());
+
+        editable
+    }
+}
+
+impl ExtensionPermissions {
+    /// Konvertiert das UI-Modell in die flache Liste von internen `ExtensionPermission`-Objekten.
+    pub fn to_internal_permissions(&self, extension_id: &str) -> Vec<ExtensionPermission> {
+        let mut permissions = Vec::new();
+
+        if let Some(entries) = &self.database {
+            for p in entries {
+                if let Some(perm) = Self::create_internal(extension_id, ResourceType::Db, p) {
+                    permissions.push(perm);
+                }
+            }
+        }
+        if let Some(entries) = &self.filesystem {
+            for p in entries {
+                if let Some(perm) = Self::create_internal(extension_id, ResourceType::Fs, p) {
+                    permissions.push(perm);
+                }
+            }
+        }
+        if let Some(entries) = &self.http {
+            for p in entries {
+                if let Some(perm) = Self::create_internal(extension_id, ResourceType::Http, p) {
+                    permissions.push(perm);
+                }
+            }
+        }
+        if let Some(entries) = &self.shell {
+            for p in entries {
+                if let Some(perm) = Self::create_internal(extension_id, ResourceType::Shell, p) {
+                    permissions.push(perm);
+                }
+            }
+        }
+
+        permissions
+    }
+
+    /// Parst einen einzelnen `PermissionEntry` und wandelt ihn in die interne, typsichere `ExtensionPermission`-Struktur um.
+    fn create_internal(
+        extension_id: &str,
+        resource_type: ResourceType,
+        p: &PermissionEntry,
+    ) -> Option<ExtensionPermission> {
+        let operation_str = p.operation.as_deref().unwrap_or_default();
+
+        let action = match resource_type {
+            ResourceType::Db => DbAction::from_str(operation_str).ok().map(Action::Database),
+            ResourceType::Fs => FsAction::from_str(operation_str)
+                .ok()
+                .map(Action::Filesystem),
+            ResourceType::Http => HttpAction::from_str(operation_str).ok().map(Action::Http),
+            ResourceType::Shell => ShellAction::from_str(operation_str).ok().map(Action::Shell),
+        };
+
+        action.map(|act| ExtensionPermission {
+            id: uuid::Uuid::new_v4().to_string(),
+            extension_id: extension_id.to_string(),
+            resource_type: resource_type.clone(),
+            action: act,
+            target: p.target.clone(),
+            constraints: p
+                .constraints
+                .as_ref()
+                .and_then(|c| serde_json::from_value::<PermissionConstraints>(c.clone()).ok()),
+            status: p.status.clone().unwrap_or(PermissionStatus::Ask),
+            haex_timestamp: None,
+        })
+    }
+}
+
+#[derive(Serialize, Deserialize, Clone, Debug, TS)]
+#[ts(export)]
+#[serde(rename_all = "camelCase")]
+pub struct ExtensionInfoResponse {
+    pub id: String,
+    pub public_key: String,
+    pub name: String,
+    pub version: String,
+    pub author: Option<String>,
+    pub enabled: bool,
+    pub description: Option<String>,
+    pub homepage: Option<String>,
+    pub icon: Option<String>,
+    pub entry: Option<String>,
+    pub single_instance: Option<bool>,
+    #[serde(skip_serializing_if = "Option::is_none")]
+    pub dev_server_url: Option<String>,
+}
+
+impl ExtensionInfoResponse {
+    pub fn from_extension(
+        extension: &crate::extension::core::types::Extension,
+    ) -> Result<Self, ExtensionError> {
+        use crate::extension::core::types::ExtensionSource;
+
+        let dev_server_url = match &extension.source {
+            ExtensionSource::Development { dev_server_url, .. } => Some(dev_server_url.clone()),
+            ExtensionSource::Production { .. } => None,
+        };
+
+        Ok(Self {
+            id: extension.id.clone(),
+            public_key: extension.manifest.public_key.clone(),
+            name: extension.manifest.name.clone(),
+            version: extension.manifest.version.clone(),
+            author: extension.manifest.author.clone(),
+            enabled: extension.enabled,
+            description: extension.manifest.description.clone(),
+            homepage: extension.manifest.homepage.clone(),
+            icon: extension.manifest.icon.clone(),
+            entry: extension.manifest.entry.clone(),
+            single_instance: extension.manifest.single_instance,
+            dev_server_url,
+        })
+    }
+}

src-tauri/src/extension/core/mod.rs

@@ -0,0 +1,10 @@
+// src-tauri/src/extension/core/mod.rs
+
+pub mod manager;
+pub mod manifest;
+pub mod protocol;
+pub mod types;
+
+pub use manager::*;
+pub use manifest::*;
+pub use protocol::*;

src-tauri/src/extension/core/protocol.rs

@@ -0,0 +1,671 @@
+// src-tauri/src/extension/core/protocol.rs
+
+use crate::extension::core::types::get_tauri_origin;
+use crate::extension::error::ExtensionError;
+use crate::AppState;
+use base64::{Engine as _, engine::general_purpose::STANDARD as BASE64_STANDARD};
+use mime;
+use serde::Deserialize;
+use serde::Serialize;
+use std::fmt;
+use std::fs;
+use std::path::PathBuf;
+use std::sync::Mutex;
+use tauri::http::Uri;
+use tauri::http::{Request, Response};
+use tauri::{AppHandle, State};
+
+// Extension protocol name constant
+pub const EXTENSION_PROTOCOL_NAME: &str = "haex-extension";
+
+// Cache for extension info (used for asset loading without origin header)
+lazy_static::lazy_static! {
+    static ref EXTENSION_CACHE: Mutex<Option<ExtensionInfo>> = Mutex::new(None);
+}
+
+#[derive(Deserialize, Serialize, Debug, Clone)]
+#[serde(rename_all = "camelCase")]
+struct ExtensionInfo {
+    public_key: String,
+    name: String,
+    version: String,
+}
+
+#[derive(Debug)]
+enum DataProcessingError {
+    HexDecoding(hex::FromHexError),
+    Utf8Conversion(std::string::FromUtf8Error),
+    JsonParsing(serde_json::Error),
+    Custom(String),
+}
+
+impl fmt::Display for DataProcessingError {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        match self {
+            DataProcessingError::HexDecoding(e) => write!(f, "Hex-Dekodierungsfehler: {e}"),
+            DataProcessingError::Utf8Conversion(e) => {
+                write!(f, "UTF-8-Konvertierungsfehler: {e}")
+            }
+            DataProcessingError::JsonParsing(e) => write!(f, "JSON-Parsing-Fehler: {e}"),
+            DataProcessingError::Custom(msg) => write!(f, "Datenverarbeitungsfehler: {msg}"),
+        }
+    }
+}
+
+impl std::error::Error for DataProcessingError {
+    fn source(&self) -> Option<&(dyn std::error::Error + 'static)> {
+        match self {
+            DataProcessingError::HexDecoding(e) => Some(e),
+            DataProcessingError::Utf8Conversion(e) => Some(e),
+            DataProcessingError::JsonParsing(e) => Some(e),
+            DataProcessingError::Custom(_) => None,
+        }
+    }
+}
+
+impl From<String> for DataProcessingError {
+    fn from(msg: String) -> Self {
+        DataProcessingError::Custom(msg)
+    }
+}
+
+impl From<hex::FromHexError> for DataProcessingError {
+    fn from(err: hex::FromHexError) -> Self {
+        DataProcessingError::HexDecoding(err)
+    }
+}
+
+impl From<std::string::FromUtf8Error> for DataProcessingError {
+    fn from(err: std::string::FromUtf8Error) -> Self {
+        DataProcessingError::Utf8Conversion(err)
+    }
+}
+
+impl From<serde_json::Error> for DataProcessingError {
+    fn from(err: serde_json::Error) -> Self {
+        DataProcessingError::JsonParsing(err)
+    }
+}
+
+pub fn resolve_secure_extension_asset_path(
+    app_handle: &AppHandle,
+    state: &State<AppState>,
+    public_key: &str,
+    extension_name: &str,
+    extension_version: &str,
+    requested_asset_path: &str,
+) -> Result<PathBuf, ExtensionError> {
+    if extension_name.is_empty()
+        || !extension_name
+            .chars()
+            .all(|c| c.is_ascii_alphanumeric() || c == '-')
+    {
+        return Err(ExtensionError::ValidationError {
+            reason: format!("Invalid extension name: {extension_name}"),
+        });
+    }
+
+    if extension_version.is_empty()
+        || !extension_version
+            .chars()
+            .all(|c| c.is_ascii_alphanumeric() || c == '-' || c == '.')
+    {
+        return Err(ExtensionError::ValidationError {
+            reason: format!("Invalid extension version: {extension_version}"),
+        });
+    }
+
+    let specific_extension_dir = state.extension_manager.get_extension_dir(
+        app_handle,
+        public_key,
+        extension_name,
+        extension_version,
+    )?;
+
+    let clean_relative_path = requested_asset_path
+        .replace('\\', "/")
+        .trim_start_matches('/')
+        .split('/')
+        .filter(|&part| !part.is_empty() && part != "." && part != "..")
+        .collect::<PathBuf>();
+
+    if clean_relative_path.as_os_str().is_empty() && requested_asset_path != "/" {
+        return Err(ExtensionError::ValidationError {
+            reason: "Empty or invalid asset path".to_string(),
+        });
+    }
+
+    let final_path = specific_extension_dir.join(clean_relative_path);
+
+    match final_path.canonicalize() {
+        Ok(canonical_path) => {
+            let canonical_base = specific_extension_dir
+                .canonicalize()
+                .map_err(|e| ExtensionError::Filesystem { source: e })?;
+            if canonical_path.starts_with(&canonical_base) {
+                Ok(canonical_path)
+            } else {
+                eprintln!(
+                    "SECURITY WARNING: Path traversal attempt blocked: {requested_asset_path}"
+                );
+                Err(ExtensionError::SecurityViolation {
+                    reason: format!("Path traversal attempt: {requested_asset_path}"),
+                })
+            }
+        }
+        Err(_) => {
+            if final_path.starts_with(&specific_extension_dir) {
+                Ok(final_path)
+            } else {
+                eprintln!(
+                    "SECURITY WARNING: Invalid asset path: {requested_asset_path}"
+                );
+                Err(ExtensionError::SecurityViolation {
+                    reason: format!("Invalid asset path: {requested_asset_path}"),
+                })
+            }
+        }
+    }
+}
+
+pub fn extension_protocol_handler(
+    state: State<AppState>,
+    app_handle: &AppHandle,
+    request: &Request<Vec<u8>>,
+) -> Result<Response<Vec<u8>>, Box<dyn std::error::Error>> {
+    // Get the origin from the request
+    let origin = request
+        .headers()
+        .get("origin")
+        .and_then(|v| v.to_str().ok())
+        .unwrap_or("");
+
+    // Only allow same-protocol requests or tauri origin
+    // For null/empty origin (initial load), use wildcard
+    let protocol_prefix = format!("{EXTENSION_PROTOCOL_NAME}://");
+    let allowed_origin = if origin.starts_with(&protocol_prefix) || origin == get_tauri_origin() {
+        origin
+    } else if origin.is_empty() || origin == "null" {
+        "*" // Allow initial load without origin
+    } else {
+        // Reject other origins
+        return Response::builder()
+            .status(403)
+            .body(Vec::from("Origin not allowed"))
+            .map_err(|e| e.into());
+    };
+
+    // Handle OPTIONS requests for CORS preflight
+    if request.method() == "OPTIONS" {
+        return Response::builder()
+            .status(200)
+            .header("Access-Control-Allow-Origin", allowed_origin)
+            .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+            .header("Access-Control-Allow-Headers", "*")
+            .header("Access-Control-Allow-Credentials", "true")
+            .body(Vec::new())
+            .map_err(|e| e.into());
+    }
+
+    let uri_ref = request.uri();
+    let referer = request
+        .headers()
+        .get("referer")
+        .and_then(|v| v.to_str().ok())
+        .unwrap_or("");
+
+    println!("Protokoll Handler für: {uri_ref}");
+    println!("Origin: {origin}");
+    println!("Referer: {referer}");
+
+    let path_str = uri_ref.path();
+
+    // Try to decode base64-encoded extension info from URI
+    // Format:
+    // - Desktop: haex-extension://<base64>/{assetPath}
+    // - Android: http://localhost/{base64}/{assetPath}
+    let host = uri_ref.host().unwrap_or("");
+    println!("URI Host: {host}");
+
+    let (info, segments_after_version) = if host == "localhost" || host == format!("{EXTENSION_PROTOCOL_NAME}.localhost").as_str() {
+        // Android format: http://haex-extension.localhost/{base64}/{assetPath}
+        // Extract base64 from first path segment
+        println!("Android format detected: http://{host}/...");
+        let mut segments_iter = path_str.split('/').filter(|s| !s.is_empty());
+
+        if let Some(first_segment) = segments_iter.next() {
+            println!("First path segment (base64): {first_segment}");
+            match BASE64_STANDARD.decode(first_segment) {
+                Ok(decoded_bytes) => match String::from_utf8(decoded_bytes) {
+                    Ok(json_str) => match serde_json::from_str::<ExtensionInfo>(&json_str) {
+                        Ok(info) => {
+                            println!("=== Extension Info from path (Android) ===");
+                            println!("  PublicKey: {}", info.public_key);
+                            println!("  Name: {}", info.name);
+                            println!("  Version: {}", info.version);
+                            cache_extension_info(&info);
+
+                            // Remaining segments after base64 are the asset path
+                            let remaining: Vec<String> = segments_iter.map(|s| s.to_string()).collect();
+                            (info, remaining)
+                        }
+                        Err(e) => {
+                            eprintln!("Failed to parse JSON from base64 path: {e}");
+                            return Response::builder()
+                                .status(400)
+                                .header("Access-Control-Allow-Origin", allowed_origin)
+                                .body(Vec::from(format!("Invalid extension info in base64 path: {e}")))
+                                .map_err(|e| e.into());
+                        }
+                    },
+                    Err(e) => {
+                        eprintln!("Failed to decode UTF-8 from base64 path: {e}");
+                        return Response::builder()
+                            .status(400)
+                            .header("Access-Control-Allow-Origin", allowed_origin)
+                            .body(Vec::from(format!("Invalid UTF-8 in base64 path: {e}")))
+                            .map_err(|e| e.into());
+                    }
+                },
+                Err(e) => {
+                    eprintln!("Failed to decode base64 from path: {e}");
+                    return Response::builder()
+                        .status(400)
+                        .header("Access-Control-Allow-Origin", allowed_origin)
+                        .body(Vec::from(format!("Invalid base64 in path: {e}")))
+                        .map_err(|e| e.into());
+                }
+            }
+        } else {
+            eprintln!("No path segment found for Android format");
+            return Response::builder()
+                .status(400)
+                .header("Access-Control-Allow-Origin", allowed_origin)
+                .body(Vec::from("No base64 segment found in path"))
+                .map_err(|e| e.into());
+        }
+    } else if host != "localhost" && !host.is_empty() {
+        // Desktop format: haex-extension://<base64>/{assetPath}
+        println!("Desktop format detected: haex-extension://<base64>/...");
+        match BASE64_STANDARD.decode(host) {
+            Ok(decoded_bytes) => match String::from_utf8(decoded_bytes) {
+                Ok(json_str) => match serde_json::from_str::<ExtensionInfo>(&json_str) {
+                    Ok(info) => {
+                        println!("=== Extension Info from base64-encoded host ===");
+                        println!("  PublicKey: {}", info.public_key);
+                        println!("  Name: {}", info.name);
+                        println!("  Version: {}", info.version);
+                        cache_extension_info(&info);
+
+                        // Parse path segments as asset path
+                        // Format: haex-extension://<base64>/{asset_path}
+                        // All extension info is in the base64-encoded host
+                        let segments: Vec<String> = path_str
+                            .split('/')
+                            .filter(|s| !s.is_empty())
+                            .map(|s| s.to_string())
+                            .collect();
+
+                        (info, segments)
+                    }
+                    Err(e) => {
+                        eprintln!("Failed to parse JSON from base64 host: {e}");
+                        return Response::builder()
+                            .status(400)
+                            .header("Access-Control-Allow-Origin", allowed_origin)
+                            .body(Vec::from(format!("Invalid extension info in base64 host: {e}")))
+                            .map_err(|e| e.into());
+                    }
+                },
+                Err(e) => {
+                    eprintln!("Failed to decode UTF-8 from base64 host: {e}");
+                    return Response::builder()
+                        .status(400)
+                        .header("Access-Control-Allow-Origin", allowed_origin)
+                        .body(Vec::from(format!("Invalid UTF-8 in base64 host: {e}")))
+                        .map_err(|e| e.into());
+                }
+            },
+            Err(e) => {
+                eprintln!("Failed to decode base64 host: {e}");
+                return Response::builder()
+                    .status(400)
+                    .header("Access-Control-Allow-Origin", allowed_origin)
+                    .body(Vec::from(format!("Invalid base64 in host: {e}")))
+                    .map_err(|e| e.into());
+            }
+        }
+    } else {
+        // No base64 host - use path-based parsing (for localhost/Android/Windows)
+        parse_extension_info_from_path(path_str, origin, uri_ref, referer)?
+    };
+
+    // Construct asset path from remaining segments
+    let raw_asset_path = segments_after_version.join("/");
+
+    // Simple asset loading: if path is empty, serve index.html, otherwise try to load the asset
+    // This is framework-agnostic and lets the file system determine if it exists
+    let asset_to_load = if raw_asset_path.is_empty() {
+        "index.html"
+    } else {
+        &raw_asset_path
+    };
+
+    println!("Path: {path_str}");
+    println!("Asset to load: {asset_to_load}");
+
+    let absolute_secure_path = resolve_secure_extension_asset_path(
+        app_handle,
+        &state,
+        &info.public_key,
+        &info.name,
+        &info.version,
+        asset_to_load,
+    )?;
+
+    println!("Resolved path: {}", absolute_secure_path.display());
+    println!("File exists: {}", absolute_secure_path.exists());
+
+    if absolute_secure_path.exists() && absolute_secure_path.is_file() {
+        match fs::read(&absolute_secure_path) {
+            Ok(content) => {
+                let mime_type = mime_guess::from_path(&absolute_secure_path)
+                    .first_or(mime::APPLICATION_OCTET_STREAM)
+                    .to_string();
+
+                // Note: Base tag and polyfills are now injected by the SDK at runtime
+                // No server-side HTML modification needed
+
+                let content_length = content.len();
+                println!(
+                    "Liefere {} ({}, {} bytes) ",
+                    absolute_secure_path.display(),
+                    mime_type,
+                    content_length
+                );
+                Response::builder()
+                    .status(200)
+                    .header("Content-Type", &mime_type)
+                    .header("Content-Length", content_length.to_string())
+                    .header("Accept-Ranges", "bytes")
+                    .header("Access-Control-Allow-Origin", allowed_origin)
+                    .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+                    .header("Access-Control-Allow-Headers", "*")
+                    .header("Access-Control-Allow-Credentials", "true")
+                    .body(content)
+                    .map_err(|e| e.into())
+            }
+            Err(e) => {
+                eprintln!(
+                    "Fehler beim Lesen der Datei {}: {}",
+                    absolute_secure_path.display(),
+                    e
+                );
+                let status_code = if e.kind() == std::io::ErrorKind::NotFound {
+                    404
+                } else if e.kind() == std::io::ErrorKind::PermissionDenied {
+                    403
+                } else {
+                    500
+                };
+                Response::builder()
+                    .status(status_code)
+                    .header("Access-Control-Allow-Origin", allowed_origin)
+                    .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+                    .header("Access-Control-Allow-Headers", "*")
+                    .body(Vec::new())
+                    .map_err(|e| e.into())
+            }
+        }
+    } else {
+        // Asset not found - try index.html fallback for SPA routing
+        // This allows client-side routing to work (e.g., /settings -> index.html)
+        if asset_to_load != "index.html" {
+            eprintln!(
+                "Asset nicht gefunden: {}, versuche index.html fallback für SPA routing",
+                absolute_secure_path.display()
+            );
+
+            let index_path = resolve_secure_extension_asset_path(
+                app_handle,
+                &state,
+                &info.public_key,
+                &info.name,
+                &info.version,
+                "index.html",
+            )?;
+
+            if index_path.exists() && index_path.is_file() {
+                match fs::read(&index_path) {
+                    Ok(content) => {
+                        let mime_type = "text/html";
+
+                        // Note: Base tag and polyfills are injected by SDK at runtime
+
+                        let content_length = content.len();
+                        return Response::builder()
+                            .status(200)
+                            .header("Content-Type", mime_type)
+                            .header("Content-Length", content_length.to_string())
+                            .header("Accept-Ranges", "bytes")
+                            .header("Access-Control-Allow-Origin", allowed_origin)
+                            .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+                            .header("Access-Control-Allow-Headers", "*")
+                            .header("Access-Control-Allow-Credentials", "true")
+                            .body(content)
+                            .map_err(|e| e.into());
+                    }
+                    Err(_) => {
+                        // Fall through to 404
+                    }
+                }
+            }
+        }
+
+        // No fallback available - return 404
+        eprintln!(
+            "Asset nicht gefunden oder ist kein File: {}",
+            absolute_secure_path.display()
+        );
+        Response::builder()
+            .status(404)
+            .header("Access-Control-Allow-Origin", allowed_origin)
+            .header("Access-Control-Allow-Methods", "GET, POST, OPTIONS")
+            .header("Access-Control-Allow-Headers", "*")
+            .body(Vec::new())
+            .map_err(|e| e.into())
+    }
+}
+
+fn process_hex_encoded_json(hex_input: &str) -> Result<ExtensionInfo, DataProcessingError> {
+    let bytes = hex::decode(hex_input)?;
+    let json_string = String::from_utf8(bytes)?;
+    let extension_info: ExtensionInfo = serde_json::from_str(&json_string)?;
+    Ok(extension_info)
+}
+
+fn parse_encoded_info_from_origin_or_uri_or_referer_or_cache(
+    origin: &str,
+    uri_ref: &Uri,
+    referer: &str,
+) -> Result<ExtensionInfo, DataProcessingError> {
+    // Return direkt ExtensionInfo (dekodiert)
+    // 1-3. Bestehende Fallbacks (wie vorher, aber return decoded Info statt hex)
+    if !origin.is_empty() && origin != "null" {
+        if let Ok(hex) = parse_from_origin(origin) {
+            if let Ok(info) = process_hex_encoded_json(&hex) {
+                cache_extension_info(&info); // Cache setzen
+                println!("Parsed und gecached aus Origin: {hex}");
+                return Ok(info);
+            }
+        }
+    }
+
+    println!("Fallback zu URI-Parsing");
+    if let Ok(hex) = parse_from_uri_path(uri_ref) {
+        if let Ok(info) = process_hex_encoded_json(&hex) {
+            cache_extension_info(&info); // Cache setzen
+            println!("Parsed und gecached aus URI: {hex}");
+            return Ok(info);
+        }
+    }
+
+    println!("Fallback zu Referer-Parsing: {referer}");
+    if !referer.is_empty() && referer != "null" {
+        if let Ok(hex) = parse_from_uri_string(referer) {
+            if let Ok(info) = process_hex_encoded_json(&hex) {
+                cache_extension_info(&info); // Cache setzen
+                println!("Parsed und gecached aus Referer: {hex}");
+                return Ok(info);
+            }
+        }
+    }
+
+    // 4. Fallback: Globaler Cache (für Assets in derselben Session)
+    println!("Fallback zu Cache");
+    if let Some(cached_info) = get_cached_extension_info() {
+        println!(
+            "Gecached Info verwendet: PublicKey={}, Name={}, Version={}",
+            cached_info.public_key, cached_info.name, cached_info.version
+        );
+        return Ok(cached_info);
+    }
+
+    Err(
+        "Kein gültiger Hex in Origin, URI, Referer oder Cache gefunden"
+            .to_string()
+            .into(),
+    )
+}
+
+// NEU: Cache-Helper (Mutex-sicher)
+fn cache_extension_info(info: &ExtensionInfo) {
+    if let Ok(mut cache) = EXTENSION_CACHE.lock() {
+        *cache = Some(info.clone());
+    }
+}
+
+fn get_cached_extension_info() -> Option<ExtensionInfo> {
+    if let Ok(cache) = EXTENSION_CACHE.lock() {
+        cache.clone()
+    } else {
+        None
+    }
+}
+
+fn parse_hex_from_url_string(url_str: &str) -> Result<String, DataProcessingError> {
+    // Suche nach Scheme-Ende (://)
+    let scheme_end = match url_str.find("://") {
+        Some(pos) => pos + 3, // Nach "://"
+        _none => return Err("Kein Scheme in URL".to_string().into()),
+    };
+
+    let after_scheme = &url_str[scheme_end..];
+    let path_start = match after_scheme.find('/') {
+        Some(pos) => pos,
+        _none => return Err("Kein Path in URL".to_string().into()),
+    };
+
+    let path = &after_scheme[path_start..]; // z.B. "/7b22.../index.html"
+    let mut segments = path.split('/').filter(|s| !s.is_empty());
+
+    let first_segment = match segments.next() {
+        Some(seg) => seg,
+        _none => return Err("Kein Path-Segment in URL".to_string().into()),
+    };
+
+    validate_and_return_hex(first_segment)
+}
+
+// Vereinfachte parse_from_origin
+fn parse_from_origin(origin: &str) -> Result<String, DataProcessingError> {
+    parse_hex_from_url_string(origin)
+}
+
+// Vereinfachte parse_from_uri_path
+fn parse_from_uri_path(uri_ref: &Uri) -> Result<String, DataProcessingError> {
+    let uri_str = uri_ref.to_string();
+    parse_hex_from_url_string(&uri_str)
+}
+
+// Vereinfachte parse_from_uri_string (für Referer)
+fn parse_from_uri_string(uri_str: &str) -> Result<String, DataProcessingError> {
+    parse_hex_from_url_string(uri_str)
+}
+
+// validate_and_return_hex bleibt unverändert (aus letztem Vorschlag)
+fn validate_and_return_hex(segment: &str) -> Result<String, DataProcessingError> {
+    if segment.is_empty() {
+        return Err("Kein Extension-Info (hex) im Path".to_string().into());
+    }
+    if segment.len() % 2 != 0 {
+        return Err("Ungültiger Hex: Ungerade Länge".to_string().into());
+    }
+    if !segment.chars().all(|c| c.is_ascii_hexdigit()) {
+        return Err("Ungültiger Hex: Ungültige Zeichen".to_string().into());
+    }
+    Ok(segment.to_string())
+}
+
+// Helper function to parse extension info from path segments
+fn parse_extension_info_from_path(
+    path_str: &str,
+    origin: &str,
+    uri_ref: &Uri,
+    referer: &str,
+) -> Result<(ExtensionInfo, Vec<String>), Box<dyn std::error::Error>> {
+    let mut segments_iter = path_str.split('/').filter(|s| !s.is_empty());
+
+    match (segments_iter.next(), segments_iter.next(), segments_iter.next()) {
+        (Some(public_key), Some(name), Some(version)) => {
+            println!("=== Extension Protocol Handler (path-based) ===");
+            println!("Full URI: {uri_ref}");
+            println!("Parsed from path segments:");
+            println!("  PublicKey: {public_key}");
+            println!("  Name: {name}");
+            println!("  Version: {version}");
+
+            let info = ExtensionInfo {
+                public_key: public_key.to_string(),
+                name: name.to_string(),
+                version: version.to_string(),
+            };
+
+            cache_extension_info(&info);
+
+            // Collect remaining segments as asset path (owned strings)
+            let remaining: Vec<String> = segments_iter.map(|s| s.to_string()).collect();
+
+            Ok((info, remaining))
+        }
+        _ => {
+            // Fallback: Try hex-encoded format for backwards compatibility
+            match parse_encoded_info_from_origin_or_uri_or_referer_or_cache(
+                origin, uri_ref, referer,
+            ) {
+                Ok(decoded) => {
+                    println!("=== Extension Protocol Handler (legacy hex format) ===");
+                    println!("Full URI: {uri_ref}");
+                    println!("Decoded info:");
+                    println!("  PublicKey: {}", decoded.public_key);
+                    println!("  Name: {}", decoded.name);
+                    println!("  Version: {}", decoded.version);
+
+                    // For legacy format, collect all segments after parsing (owned strings)
+                    let segments: Vec<String> = path_str
+                        .split('/')
+                        .filter(|s| !s.is_empty())
+                        .skip(1) // Skip the hex segment
+                        .map(|s| s.to_string())
+                        .collect();
+
+                    Ok((decoded, segments))
+                }
+                Err(e) => {
+                    eprintln!("Fehler beim Parsen (alle Fallbacks): {e}");
+                    Err(format!("Ungültige Anfrage: {e}").into())
+                }
+            }
+        }
+    }
+}

src-tauri/src/extension/core/types.rs

@@ -0,0 +1,99 @@
+// src-tauri/src/extension/core/types.rs
+
+use crate::extension::core::manifest::ExtensionManifest;
+use std::path::PathBuf;
+use std::time::SystemTime;
+
+/// Extension source type (production vs development)
+#[derive(Debug, Clone)]
+pub enum ExtensionSource {
+    Production {
+        path: PathBuf,
+        version: String,
+    },
+    Development {
+        dev_server_url: String,
+        manifest_path: PathBuf,
+        auto_reload: bool,
+    },
+}
+
+/// Complete extension data structure
+#[derive(Debug, Clone)]
+pub struct Extension {
+    /// UUID from database (primary key)
+    pub id: String,
+    /// Extension source (production path or dev server)
+    pub source: ExtensionSource,
+    /// Extension manifest containing all metadata (name, version, public_key, etc.)
+    pub manifest: ExtensionManifest,
+    /// Whether the extension is enabled
+    pub enabled: bool,
+    /// Last time the extension was accessed
+    pub last_accessed: SystemTime,
+}
+
+pub fn get_tauri_origin() -> String {
+    #[cfg(target_os = "windows")]
+    {
+        "https://tauri.localhost".to_string()
+    }
+
+    #[cfg(target_os = "macos")]
+    {
+        "tauri://localhost".to_string()
+    }
+
+    #[cfg(target_os = "linux")]
+    {
+        "tauri://localhost".to_string()
+    }
+
+    #[cfg(target_os = "android")]
+    {
+        // On Android, with http://*.localhost URLs, the origin is "null"
+        // This is a browser security feature for local/file protocols
+        "null".to_string()
+    }
+
+    #[cfg(target_os = "ios")]
+    {
+        "tauri://localhost".to_string()
+    }
+}
+
+pub fn copy_directory(
+    source: String,
+    destination: String,
+) -> Result<(), crate::extension::error::ExtensionError> {
+    use crate::extension::error::ExtensionError;
+    use std::path::PathBuf;
+
+    println!(
+        "Kopiere Verzeichnis von '{source}' nach '{destination}'"
+    );
+
+    let source_path = PathBuf::from(&source);
+    let destination_path = PathBuf::from(&destination);
+
+    if !source_path.exists() || !source_path.is_dir() {
+        return Err(ExtensionError::Filesystem {
+            source: std::io::Error::new(
+                std::io::ErrorKind::NotFound,
+                format!("Source directory '{source}' not found"),
+            ),
+        });
+    }
+
+    let mut options = fs_extra::dir::CopyOptions::new();
+    options.overwrite = true;
+    options.copy_inside = true;
+    options.buffer_size = 64000;
+
+    fs_extra::dir::copy(&source_path, &destination_path, &options).map_err(|e| {
+        ExtensionError::Filesystem {
+            source: std::io::Error::other(e.to_string()),
+        }
+    })?;
+    Ok(())
+}

src-tauri/src/extension/crypto.rs

@@ -0,0 +1,144 @@
+use std::{
+    fs,
+    path::{Path, PathBuf},
+};
+
+// src-tauri/src/extension/crypto.rs
+use crate::extension::error::ExtensionError;
+use ed25519_dalek::{Signature, Verifier, VerifyingKey};
+use sha2::{Digest, Sha256};
+
+pub struct ExtensionCrypto;
+
+impl ExtensionCrypto {
+    /// Verifiziert Extension-Signatur
+    pub fn verify_signature(
+        public_key_hex: &str,
+        content_hash_hex: &str,
+        signature_hex: &str,
+    ) -> Result<(), String> {
+        let public_key_bytes =
+            hex::decode(public_key_hex).map_err(|e| format!("Invalid public key: {e}"))?;
+        let public_key = VerifyingKey::from_bytes(&public_key_bytes.try_into().unwrap())
+            .map_err(|e| format!("Invalid public key: {e}"))?;
+
+        let signature_bytes =
+            hex::decode(signature_hex).map_err(|e| format!("Invalid signature: {e}"))?;
+        let signature = Signature::from_bytes(&signature_bytes.try_into().unwrap());
+
+        let content_hash =
+            hex::decode(content_hash_hex).map_err(|e| format!("Invalid content hash: {e}"))?;
+
+        public_key
+            .verify(&content_hash, &signature)
+            .map_err(|e| format!("Signature verification failed: {e}"))
+    }
+
+    /// Berechnet Hash eines Verzeichnisses (für Verifikation)
+    pub fn hash_directory(dir: &Path, manifest_path: &Path) -> Result<String, ExtensionError> {
+        // 1. Alle Dateipfade rekursiv sammeln
+        let mut all_files = Vec::new();
+        Self::collect_files_recursively(dir, &mut all_files)
+            .map_err(|e| ExtensionError::Filesystem { source: e })?;
+
+        // 2. Konvertiere zu relativen Pfaden für konsistente Sortierung (wie im SDK)
+        let mut relative_files: Vec<(String, PathBuf)> = all_files
+            .into_iter()
+            .map(|path| {
+                let relative = path.strip_prefix(dir)
+                    .unwrap_or(&path)
+                    .to_string_lossy()
+                    .to_string()
+                    // Normalisiere Pfad-Separatoren zu Unix-Style (/) für plattformübergreifende Konsistenz
+                    .replace('\\', "/");
+                (relative, path)
+            })
+            .collect();
+
+        // 3. Sortiere nach relativen Pfaden
+        relative_files.sort_by(|a, b| a.0.cmp(&b.0));
+
+        let mut hasher = Sha256::new();
+
+        // Canonicalize manifest path for comparison (important on Android where symlinks may differ)
+        // Also ensure the canonical path is still within the allowed directory (security check)
+        let canonical_manifest_path = manifest_path.canonicalize()
+            .unwrap_or_else(|_| manifest_path.to_path_buf());
+
+        // Security: Verify canonical manifest path is still within dir
+        let canonical_dir = dir.canonicalize()
+            .unwrap_or_else(|_| dir.to_path_buf());
+
+        if !canonical_manifest_path.starts_with(&canonical_dir) {
+            return Err(ExtensionError::ManifestError {
+                reason: "Manifest path resolves outside of extension directory (potential path traversal)".to_string(),
+            });
+        }
+
+        // 4. Inhalte der sortierten Dateien hashen
+        for (_relative, file_path) in relative_files {
+            // Canonicalize file_path for comparison
+            let canonical_file_path = file_path.canonicalize()
+                .unwrap_or_else(|_| file_path.clone());
+
+            if canonical_file_path == canonical_manifest_path {
+                // FÜR DIE MANIFEST.JSON:
+                let content_str = fs::read_to_string(&file_path)
+                    .map_err(|e| ExtensionError::Filesystem { source: e })?;
+
+                // Parse zu einem generischen JSON-Wert
+                let mut manifest: serde_json::Value =
+                    serde_json::from_str(&content_str).map_err(|e| {
+                        ExtensionError::ManifestError {
+                            reason: format!("Cannot parse manifest JSON: {e}"),
+                        }
+                    })?;
+
+                // Entferne oder leere das Signaturfeld, um den "kanonischen Inhalt" zu erhalten
+                if let Some(obj) = manifest.as_object_mut() {
+                    obj.insert(
+                        "signature".to_string(),
+                        serde_json::Value::String("".to_string()),
+                    );
+                }
+
+                // Serialisiere das modifizierte Manifest zurück (mit 2 Spaces, wie in JS)
+                // serde_json sortiert die Keys automatisch alphabetisch
+                let canonical_manifest_content =
+                    serde_json::to_string_pretty(&manifest).map_err(|e| {
+                        ExtensionError::ManifestError {
+                            reason: format!("Failed to serialize manifest: {e}"),
+                        }
+                    })?;
+
+                // Normalisiere Zeilenenden zu Unix-Style (\n), wie Node.js JSON.stringify es macht
+                // Dies ist wichtig für plattformübergreifende Konsistenz (Desktop vs Android)
+                let normalized_content = canonical_manifest_content.replace("\r\n", "\n");
+
+                hasher.update(normalized_content.as_bytes());
+            } else {
+                // FÜR ALLE ANDEREN DATEIEN:
+                let content =
+                    fs::read(&file_path).map_err(|e| ExtensionError::Filesystem { source: e })?;
+                hasher.update(&content);
+            }
+        }
+
+        Ok(hex::encode(hasher.finalize()))
+    }
+
+    fn collect_files_recursively(dir: &Path, file_list: &mut Vec<PathBuf>) -> std::io::Result<()> {
+        if dir.is_dir() {
+            for entry in fs::read_dir(dir)? {
+                let entry = entry?;
+                let path = entry.path();
+                if path.is_dir() {
+                    Self::collect_files_recursively(&path, file_list)?;
+                } else {
+                    file_list.push(path);
+                }
+            }
+        }
+        Ok(())
+    }
+}

src-tauri/src/extension/database/executor.rs

@@ -0,0 +1,284 @@
+// src-tauri/src/extension/database/executor.rs
+
+use crate::crdt::hlc::HlcService;
+use crate::crdt::transformer::CrdtTransformer;
+use crate::crdt::trigger;
+use crate::database::core::{convert_value_ref_to_json, parse_sql_statements};
+use crate::database::error::DatabaseError;
+use rusqlite::{params_from_iter, types::Value as SqliteValue, ToSql, Transaction};
+use serde_json::Value as JsonValue;
+use sqlparser::ast::Statement;
+use std::collections::HashSet;
+
+/// SQL-Executor OHNE Berechtigungsprüfung - für interne Nutzung
+pub struct SqlExecutor;
+
+impl SqlExecutor {
+    /// Führt ein SQL Statement OHNE RETURNING aus (mit CRDT)
+    /// Returns: modified_schema_tables
+    pub fn execute_internal_typed(
+        tx: &Transaction,
+        hlc_service: &HlcService,
+        sql: &str,
+        params: &[&dyn ToSql],
+    ) -> Result<HashSet<String>, DatabaseError> {
+        let mut ast_vec = parse_sql_statements(sql)?;
+
+        if ast_vec.len() != 1 {
+            return Err(DatabaseError::ExecutionError {
+                sql: sql.to_string(),
+                reason: "execute_internal_typed should only receive a single SQL statement"
+                    .to_string(),
+                table: None,
+            });
+        }
+
+        let mut statement = ast_vec.pop().unwrap();
+
+        let transformer = CrdtTransformer::new();
+        let hlc_timestamp =
+            hlc_service
+                .new_timestamp_and_persist(tx)
+                .map_err(|e| DatabaseError::HlcError {
+                    reason: e.to_string(),
+                })?;
+
+        let mut modified_schema_tables = HashSet::new();
+        if let Some(table_name) = transformer.transform_execute_statement_with_table_info(
+            &mut statement,
+            &hlc_timestamp,
+        )? {
+            modified_schema_tables.insert(table_name);
+        }
+
+        let sql_str = statement.to_string();
+        eprintln!("DEBUG: Transformed execute SQL: {sql_str}");
+
+        // Führe Statement aus
+        tx.execute(&sql_str, params)
+            .map_err(|e| DatabaseError::ExecutionError {
+                sql: sql_str.clone(),
+                table: None,
+                reason: format!("Execute failed: {e}"),
+            })?;
+
+        // Trigger-Logik für CREATE TABLE
+        if let Statement::CreateTable(create_table_details) = statement {
+            let raw_name = create_table_details.name.to_string();
+            // Remove quotes from table name
+            let table_name_str = raw_name
+                .trim_matches('"')
+                .trim_matches('`')
+                .to_string();
+            eprintln!("DEBUG: Setting up triggers for table: {table_name_str}");
+            trigger::setup_triggers_for_table(tx, &table_name_str, false)?;
+        }
+
+        Ok(modified_schema_tables)
+    }
+
+    /// Führt ein SQL Statement MIT RETURNING aus (mit CRDT)
+    /// Returns: (modified_schema_tables, returning_results)
+    pub fn query_internal_typed(
+        tx: &Transaction,
+        hlc_service: &HlcService,
+        sql: &str,
+        params: &[&dyn ToSql],
+    ) -> Result<(HashSet<String>, Vec<Vec<JsonValue>>), DatabaseError> {
+        let mut ast_vec = parse_sql_statements(sql)?;
+
+        if ast_vec.len() != 1 {
+            return Err(DatabaseError::ExecutionError {
+                sql: sql.to_string(),
+                reason: "query_internal_typed should only receive a single SQL statement"
+                    .to_string(),
+                table: None,
+            });
+        }
+
+        let mut statement = ast_vec.pop().unwrap();
+
+        let transformer = CrdtTransformer::new();
+        let hlc_timestamp =
+            hlc_service
+                .new_timestamp_and_persist(tx)
+                .map_err(|e| DatabaseError::HlcError {
+                    reason: e.to_string(),
+                })?;
+
+        let mut modified_schema_tables = HashSet::new();
+        if let Some(table_name) = transformer.transform_execute_statement_with_table_info(
+            &mut statement,
+            &hlc_timestamp,
+        )? {
+            modified_schema_tables.insert(table_name);
+        }
+
+        let sql_str = statement.to_string();
+        eprintln!("DEBUG: Transformed SQL (with RETURNING): {sql_str}");
+
+        // Prepare und query ausführen
+        let mut stmt = tx
+            .prepare(&sql_str)
+            .map_err(|e| DatabaseError::ExecutionError {
+                sql: sql_str.clone(),
+                table: None,
+                reason: e.to_string(),
+            })?;
+
+        let column_names: Vec<String> = stmt
+            .column_names()
+            .into_iter()
+            .map(|s| s.to_string())
+            .collect();
+        let num_columns = column_names.len();
+
+        let mut rows = stmt
+            .query(params_from_iter(params.iter()))
+            .map_err(|e| DatabaseError::ExecutionError {
+                sql: sql_str.clone(),
+                table: None,
+                reason: e.to_string(),
+            })?;
+
+        let mut result_vec: Vec<Vec<JsonValue>> = Vec::new();
+
+        // Lese alle RETURNING Zeilen
+        while let Some(row) = rows.next().map_err(|e| DatabaseError::ExecutionError {
+            sql: sql_str.clone(),
+            table: None,
+            reason: e.to_string(),
+        })? {
+            let mut row_values: Vec<JsonValue> = Vec::new();
+            for i in 0..num_columns {
+                let value_ref = row.get_ref(i).map_err(|e| DatabaseError::ExecutionError {
+                    sql: sql_str.clone(),
+                    table: None,
+                    reason: e.to_string(),
+                })?;
+                let json_value = convert_value_ref_to_json(value_ref)?;
+                row_values.push(json_value);
+            }
+            result_vec.push(row_values);
+        }
+
+        // Trigger-Logik für CREATE TABLE
+        if let Statement::CreateTable(create_table_details) = statement {
+            let raw_name = create_table_details.name.to_string();
+            // Remove quotes from table name
+            let table_name_str = raw_name
+                .trim_matches('"')
+                .trim_matches('`')
+                .to_string();
+            eprintln!("DEBUG: Setting up triggers for table (RETURNING): {table_name_str}");
+            trigger::setup_triggers_for_table(tx, &table_name_str, false)?;
+        }
+
+        Ok((modified_schema_tables, result_vec))
+    }
+
+    /// Führt ein einzelnes SQL Statement OHNE Typinformationen aus (JSON params)
+    pub fn execute_internal(
+        tx: &Transaction,
+        hlc_service: &HlcService,
+        sql: &str,
+        params: &[JsonValue],
+    ) -> Result<HashSet<String>, DatabaseError> {
+        let sql_params: Vec<SqliteValue> = params
+            .iter()
+            .map(crate::database::core::ValueConverter::json_to_rusqlite_value)
+            .collect::<Result<Vec<_>, _>>()?;
+        let param_refs: Vec<&dyn ToSql> = sql_params.iter().map(|p| p as &dyn ToSql).collect();
+        Self::execute_internal_typed(tx, hlc_service, sql, &param_refs)
+    }
+
+    /// Query-Variante (mit RETURNING) OHNE Typinformationen (JSON params)
+    pub fn query_internal(
+        tx: &Transaction,
+        hlc_service: &HlcService,
+        sql: &str,
+        params: &[JsonValue],
+    ) -> Result<(HashSet<String>, Vec<Vec<JsonValue>>), DatabaseError> {
+        let sql_params: Vec<SqliteValue> = params
+            .iter()
+            .map(crate::database::core::ValueConverter::json_to_rusqlite_value)
+            .collect::<Result<Vec<_>, _>>()?;
+        let param_refs: Vec<&dyn ToSql> = sql_params.iter().map(|p| p as &dyn ToSql).collect();
+        Self::query_internal_typed(tx, hlc_service, sql, &param_refs)
+    }
+
+    /// Führt mehrere SQL Statements als Batch aus
+    pub fn execute_batch_internal(
+        tx: &Transaction,
+        hlc_service: &HlcService,
+        sqls: &[String],
+        params: &[Vec<JsonValue>],
+    ) -> Result<HashSet<String>, DatabaseError> {
+        if sqls.len() != params.len() {
+            return Err(DatabaseError::ExecutionError {
+                sql: format!("{} statements but {} param sets", sqls.len(), params.len()),
+                reason: "Statement count and parameter count mismatch".to_string(),
+                table: None,
+            });
+        }
+
+        let mut all_modified_tables = HashSet::new();
+
+        for (sql, param_set) in sqls.iter().zip(params.iter()) {
+            let modified_tables = Self::execute_internal(tx, hlc_service, sql, param_set)?;
+            all_modified_tables.extend(modified_tables);
+        }
+
+        Ok(all_modified_tables)
+    }
+
+    /// Query für SELECT-Statements (read-only, kein CRDT nötig außer Filter)
+    pub fn query_select(
+        conn: &rusqlite::Connection,
+        sql: &str,
+        params: &[JsonValue],
+    ) -> Result<Vec<Vec<JsonValue>>, DatabaseError> {
+        let mut ast_vec = parse_sql_statements(sql)?;
+
+        if ast_vec.len() != 1 {
+            return Err(DatabaseError::ExecutionError {
+                sql: sql.to_string(),
+                reason: "query_select should only receive a single SELECT statement".to_string(),
+                table: None,
+            });
+        }
+
+        // Hard Delete: Keine SELECT-Transformation mehr nötig
+        let stmt_to_execute = ast_vec.pop().unwrap();
+        let transformed_sql = stmt_to_execute.to_string();
+
+        eprintln!("DEBUG: SELECT (no transformation): {transformed_sql}");
+
+        // Convert JSON params to SQLite values
+        let sql_params: Vec<SqliteValue> = params
+            .iter()
+            .map(crate::database::core::ValueConverter::json_to_rusqlite_value)
+            .collect::<Result<Vec<_>, _>>()?;
+
+        let mut prepared_stmt = conn.prepare(&transformed_sql)?;
+
+        let num_columns = prepared_stmt.column_count();
+
+        let param_refs: Vec<&dyn ToSql> = sql_params.iter().map(|p| p as &dyn ToSql).collect();
+
+        let mut rows = prepared_stmt.query(params_from_iter(param_refs.iter()))?;
+
+        let mut result: Vec<Vec<JsonValue>> = Vec::new();
+        while let Some(row) = rows.next()? {
+            let mut row_values: Vec<JsonValue> = Vec::new();
+            for i in 0..num_columns {
+                let value_ref = row.get_ref(i)?;
+                let json_value = convert_value_ref_to_json(value_ref)?;
+                row_values.push(json_value);
+            }
+            result.push(row_values);
+        }
+
+        Ok(result)
+    }
+}

src-tauri/src/extension/database/mod.rs

@@ -1,48 +1,350 @@
-mod permissions;
+// src-tauri/src/extension/database/mod.rs
 
-use crate::database;
+pub mod executor;
-use crate::database::DbConnection;
+use crate::crdt::transformer::CrdtTransformer;
-use crate::models::ExtensionState;
+use crate::crdt::trigger;
+use crate::database::core::{parse_sql_statements, with_connection, ValueConverter};
+use crate::database::error::DatabaseError;
+use crate::extension::database::executor::SqlExecutor;
+use crate::extension::error::ExtensionError;
+use crate::extension::permissions::validator::SqlPermissionValidator;
+use crate::AppState;
+
+use rusqlite::params_from_iter;
+use rusqlite::types::Value as SqlValue;
+use rusqlite::Transaction;
 use serde_json::Value as JsonValue;
-use std::collections::HashMap;
+use sqlparser::ast::{Statement, TableFactor, TableObject};
-use tauri::{AppHandle, State};
+use tauri::State;
-// Extension-bezogene Funktionen mit extension_-Präfix
+
-/// Lädt eine Extension aus einer Manifest-Datei
+/// Führt Statements mit korrekter Parameter-Bindung aus
-/* #[tauri::command]
+pub struct StatementExecutor<'a> {
-pub fn extension_load(
+    transaction: &'a Transaction<'a>,
-    manifest_path: String,
+}
-    app: AppHandle,
+
-) -> Result<crate::models::ExtensionManifest, String> {
+impl<'a> StatementExecutor<'a> {
-    let manifest_content = std::fs::read_to_string(&manifest_path).map_err(|e| e.to_string())?;
+    fn new(transaction: &'a Transaction<'a>) -> Self {
-    let manifest: crate::models::ExtensionManifest =
+        Self { transaction }
-        serde_json::from_str(&manifest_content).map_err(|e| e.to_string())?;
+    }
-    app.state::<ExtensionState>()
+
-        .add_extension(manifest_path.clone(), manifest.clone());
+    /// Führt ein einzelnes Statement mit Parametern aus
-    Ok(manifest)
+    fn execute_statement_with_params(
-}
+        &self,
- */
+        statement: &Statement,
-/// Führt SQL-Leseoperationen mit Berechtigungsprüfung aus
+        params: &[SqlValue],
-#[tauri::command]
+    ) -> Result<(), DatabaseError> {
-pub async fn extension_sql_select(
+        let sql = statement.to_string();
-    app: AppHandle,
+        let expected_params = count_sql_placeholders(&sql);
-    extension_id: String,
+
-    sql: String,
+        if expected_params != params.len() {
-    params: Vec<JsonValue>,
+            return Err(DatabaseError::ParameterMismatchError {
-    state: State<'_, DbConnection>,
+                expected: expected_params,
-) -> Result<Vec<Vec<JsonValue>>, String> {
+                provided: params.len(),
-    permissions::check_read_permission(&app, &extension_id, &sql).await?;
+                sql,
-    database::core::select(sql, params, &state).await
+            });
+        }
+
+        self.transaction
+            .execute(&sql, params_from_iter(params.iter()))
+            .map_err(|e| DatabaseError::ExecutionError {
+                sql,
+                table: Some(
+                    self.extract_table_name_from_statement(statement)
+                        .unwrap_or_else(|| "unknown".to_string()),
+                ),
+                reason: e.to_string(),
+            })?;
+
+        Ok(())
+    }
+
+    /// Extrahiert den Tabellennamen aus einem Statement für bessere Fehlermeldungen
+    fn extract_table_name_from_statement(&self, statement: &Statement) -> Option<String> {
+        match statement {
+            Statement::Insert(insert) => {
+                if let TableObject::TableName(name) = &insert.table {
+                    Some(name.to_string())
+                } else {
+                    None
+                }
+            }
+            Statement::Update { table, .. } => {
+                if let TableFactor::Table { name, .. } = &table.relation {
+                    Some(name.to_string())
+                } else {
+                    None
+                }
+            }
+            Statement::Delete(delete) => {
+                // Verbessertes Extrahieren für DELETE
+                use sqlparser::ast::FromTable;
+                match &delete.from {
+                    FromTable::WithFromKeyword(tables) | FromTable::WithoutKeyword(tables) => {
+                        if !tables.is_empty() {
+                            if let TableFactor::Table { name, .. } = &tables[0].relation {
+                                Some(name.to_string())
+                            } else {
+                                None
+                            }
+                        } else if !delete.tables.is_empty() {
+                            Some(delete.tables[0].to_string())
+                        } else {
+                            None
+                        }
+                    }
+                }
+            }
+            Statement::CreateTable(create) => Some(create.name.to_string()),
+            Statement::AlterTable { name, .. } => Some(name.to_string()),
+            Statement::Drop { names, .. } => names.first().map(|name| name.to_string()),
+            _ => None,
+        }
+    }
 }
 
-/// Führt SQL-Schreiboperationen mit Berechtigungsprüfung aus
 #[tauri::command]
 pub async fn extension_sql_execute(
-    app: AppHandle,
+    sql: &str,
-    extension_id: String,
-    sql: String,
     params: Vec<JsonValue>,
-    state: State<'_, DbConnection>,
+    public_key: String,
-) -> Result<usize, String> {
+    name: String,
-    permissions::check_write_permission(&app, &extension_id, &sql).await?;
+    state: State<'_, AppState>,
-    database::core::execute(sql, params, &state).await
+) -> Result<Vec<Vec<JsonValue>>, ExtensionError> {
+    // Get extension to retrieve its ID
+    let extension = state
+        .extension_manager
+        .get_extension_by_public_key_and_name(&public_key, &name)?
+        .ok_or_else(|| ExtensionError::NotFound {
+            public_key: public_key.clone(),
+            name: name.clone(),
+        })?;
+
+    // Permission check
+    SqlPermissionValidator::validate_sql(&state, &extension.id, sql).await?;
+
+    // Parameter validation
+    validate_params(sql, &params)?;
+
+    // SQL parsing
+    let mut ast_vec = parse_sql_statements(sql)?;
+
+    if ast_vec.len() != 1 {
+        return Err(ExtensionError::Database {
+            source: DatabaseError::ExecutionError {
+                sql: sql.to_string(),
+                reason: "extension_sql_execute should only receive a single SQL statement"
+                    .to_string(),
+                table: None,
+            },
+        });
+    }
+
+    let mut statement = ast_vec.pop().unwrap();
+
+    // Check if statement has RETURNING clause
+    let has_returning = crate::database::core::statement_has_returning(&statement);
+
+    // Database operation
+    with_connection(&state.db, |conn| {
+        let tx = conn.transaction().map_err(DatabaseError::from)?;
+
+        let transformer = CrdtTransformer::new();
+
+        // Get HLC service reference
+        let hlc_service = state.hlc.lock().map_err(|_| DatabaseError::MutexPoisoned {
+            reason: "Failed to lock HLC service".to_string(),
+        })?;
+
+        // Generate HLC timestamp
+        let hlc_timestamp =
+            hlc_service
+                .new_timestamp_and_persist(&tx)
+                .map_err(|e| DatabaseError::HlcError {
+                    reason: e.to_string(),
+                })?;
+
+        // Transform statement
+        transformer.transform_execute_statement(&mut statement, &hlc_timestamp)?;
+
+        // Convert parameters to references
+        let sql_values = ValueConverter::convert_params(&params)?;
+        let param_refs: Vec<&dyn rusqlite::ToSql> = sql_values
+            .iter()
+            .map(|v| v as &dyn rusqlite::ToSql)
+            .collect();
+
+        let result = if has_returning {
+            // Use query_internal for statements with RETURNING
+            let (_, rows) = SqlExecutor::query_internal_typed(
+                &tx,
+                &hlc_service,
+                &statement.to_string(),
+                &param_refs,
+            )?;
+            rows
+        } else {
+            // Use execute_internal for statements without RETURNING
+            SqlExecutor::execute_internal_typed(
+                &tx,
+                &hlc_service,
+                &statement.to_string(),
+                &param_refs,
+            )?;
+            vec![]
+        };
+
+        // Handle CREATE TABLE trigger setup
+        if let Statement::CreateTable(ref create_table_details) = statement {
+            // Extract table name and remove quotes (both " and `)
+            let raw_name = create_table_details.name.to_string();
+            println!("DEBUG: Raw table name from AST: {raw_name:?}");
+            println!(
+                "DEBUG: Raw table name chars: {:?}",
+                raw_name.chars().collect::<Vec<_>>()
+            );
+
+            let table_name_str = raw_name.trim_matches('"').trim_matches('`').to_string();
+
+            println!("DEBUG: Cleaned table name: {table_name_str:?}");
+            println!(
+                "DEBUG: Cleaned table name chars: {:?}",
+                table_name_str.chars().collect::<Vec<_>>()
+            );
+
+            println!("Table '{table_name_str}' created by extension, setting up CRDT triggers...");
+            trigger::setup_triggers_for_table(&tx, &table_name_str, false)?;
+            println!("Triggers for table '{table_name_str}' successfully created.");
+        }
+
+        // Commit transaction
+        tx.commit().map_err(DatabaseError::from)?;
+
+        Ok(result)
+    })
+    .map_err(ExtensionError::from)
+}
+
+#[tauri::command]
+pub async fn extension_sql_select(
+    sql: &str,
+    params: Vec<JsonValue>,
+    public_key: String,
+    name: String,
+    state: State<'_, AppState>,
+) -> Result<Vec<Vec<JsonValue>>, ExtensionError> {
+    // Get extension to retrieve its ID
+    let extension = state
+        .extension_manager
+        .get_extension_by_public_key_and_name(&public_key, &name)?
+        .ok_or_else(|| ExtensionError::NotFound {
+            public_key: public_key.clone(),
+            name: name.clone(),
+        })?;
+
+    // Permission check
+    SqlPermissionValidator::validate_sql(&state, &extension.id, sql).await?;
+
+    // Parameter validation
+    validate_params(sql, &params)?;
+
+    // SQL parsing
+    let mut ast_vec = parse_sql_statements(sql)?;
+
+    if ast_vec.is_empty() {
+        return Ok(vec![]);
+    }
+
+    // Validate that all statements are queries
+    for stmt in &ast_vec {
+        if !matches!(stmt, Statement::Query(_)) {
+            return Err(ExtensionError::Database {
+                source: DatabaseError::ExecutionError {
+                    sql: sql.to_string(),
+                    reason: "Only SELECT statements are allowed in extension_sql_select"
+                        .to_string(),
+                    table: None,
+                },
+            });
+        }
+    }
+
+    // Database operation - return Vec<Vec<JsonValue>> like sql_select_with_crdt
+    with_connection(&state.db, |conn| {
+        let sql_params = ValueConverter::convert_params(&params)?;
+        let stmt_to_execute = ast_vec.pop().unwrap();
+        let transformed_sql = stmt_to_execute.to_string();
+
+        // Prepare and execute query
+        let mut prepared_stmt =
+            conn.prepare(&transformed_sql)
+                .map_err(|e| DatabaseError::ExecutionError {
+                    sql: transformed_sql.clone(),
+                    reason: e.to_string(),
+                    table: None,
+                })?;
+
+        let num_columns = prepared_stmt.column_count();
+        let mut rows = prepared_stmt
+            .query(params_from_iter(sql_params.iter()))
+            .map_err(|e| DatabaseError::QueryError {
+                reason: e.to_string(),
+            })?;
+
+        let mut result_vec: Vec<Vec<JsonValue>> = Vec::new();
+
+        while let Some(row) = rows.next().map_err(|e| DatabaseError::QueryError {
+            reason: e.to_string(),
+        })? {
+            let mut row_values: Vec<JsonValue> = Vec::new();
+            for i in 0..num_columns {
+                let value_ref = row.get_ref(i).map_err(|e| DatabaseError::QueryError {
+                    reason: e.to_string(),
+                })?;
+                let json_value = crate::database::core::convert_value_ref_to_json(value_ref)?;
+                row_values.push(json_value);
+            }
+            result_vec.push(row_values);
+        }
+
+        Ok(result_vec)
+    })
+    .map_err(ExtensionError::from)
+}
+
+/// Validiert Parameter gegen SQL-Platzhalter
+fn validate_params(sql: &str, params: &[JsonValue]) -> Result<(), DatabaseError> {
+    let total_placeholders = count_sql_placeholders(sql);
+
+    if total_placeholders != params.len() {
+        return Err(DatabaseError::ParameterMismatchError {
+            expected: total_placeholders,
+            provided: params.len(),
+            sql: sql.to_string(),
+        });
+    }
+
+    Ok(())
+}
+
+/// Zählt SQL-Platzhalter (verbesserte Version)
+fn count_sql_placeholders(sql: &str) -> usize {
+    sql.matches('?').count()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_count_sql_placeholders() {
+        assert_eq!(
+            count_sql_placeholders("SELECT * FROM users WHERE id = ?"),
+            1
+        );
+        assert_eq!(
+            count_sql_placeholders("SELECT * FROM users WHERE id = ? AND name = ?"),
+            2
+        );
+        assert_eq!(count_sql_placeholders("SELECT * FROM users"), 0);
+    }
 }