Bump version to 0.1.3

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude <noreply@anthropic.com>

.github/workflows/build.yml

@@ -0,0 +1,228 @@
+name: Build
+
+on:
+  push:
+    branches:
+      - main
+      - develop
+    tags-ignore:
+      - '**'
+  pull_request:
+    branches:
+      - main
+      - develop
+  workflow_dispatch:
+
+jobs:
+  build-desktop:
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: 'macos-latest'
+            args: '--target aarch64-apple-darwin'
+          - platform: 'macos-latest'
+            args: '--target x86_64-apple-darwin'
+          - platform: 'ubuntu-22.04'
+            args: ''
+          - platform: 'windows-latest'
+            args: ''
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
+
+      - name: Install dependencies (Ubuntu)
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf libssl-dev
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install frontend dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build Tauri app
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          args: ${{ matrix.args }}
+
+      - name: Upload artifacts (macOS)
+        if: matrix.platform == 'macos-latest'
+        uses: actions/upload-artifact@v4
+        with:
+          name: macos-${{ contains(matrix.args, 'aarch64') && 'aarch64' || 'x86_64' }}
+          path: |
+            src-tauri/target/*/release/bundle/dmg/*.dmg
+            src-tauri/target/*/release/bundle/macos/*.app
+
+      - name: Upload artifacts (Ubuntu)
+        if: matrix.platform == 'ubuntu-22.04'
+        uses: actions/upload-artifact@v4
+        with:
+          name: linux
+          path: |
+            src-tauri/target/release/bundle/deb/*.deb
+            src-tauri/target/release/bundle/appimage/*.AppImage
+            src-tauri/target/release/bundle/rpm/*.rpm
+
+      - name: Upload artifacts (Windows)
+        if: matrix.platform == 'windows-latest'
+        uses: actions/upload-artifact@v4
+        with:
+          name: windows
+          path: |
+            src-tauri/target/release/bundle/msi/*.msi
+            src-tauri/target/release/bundle/nsis/*.exe
+
+  build-android:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@v3
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install Rust Android targets
+        run: |
+          rustup target add aarch64-linux-android
+          rustup target add armv7-linux-androideabi
+          rustup target add i686-linux-android
+          rustup target add x86_64-linux-android
+
+      - name: Setup NDK
+        uses: nttld/setup-ndk@v1
+        with:
+          ndk-version: r26d
+        id: setup-ndk
+
+      - name: Setup Android NDK environment for OpenSSL
+        run: |
+          echo "ANDROID_NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV
+          echo "NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV
+
+          # Add all Android toolchains to PATH for OpenSSL cross-compilation
+          echo "${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin" >> $GITHUB_PATH
+
+          # Set CC, AR, RANLIB for each target
+          echo "CC_aarch64_linux_android=aarch64-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_aarch64_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_aarch64_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_armv7_linux_androideabi=armv7a-linux-androideabi24-clang" >> $GITHUB_ENV
+          echo "AR_armv7_linux_androideabi=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_armv7_linux_androideabi=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_i686_linux_android=i686-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_i686_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_i686_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_x86_64_linux_android=x86_64-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_x86_64_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_x86_64_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+      - name: Install build dependencies for OpenSSL
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y perl make
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install frontend dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Setup Keystore (if secrets available)
+        env:
+          ANDROID_KEYSTORE: ${{ secrets.ANDROID_KEYSTORE }}
+          ANDROID_KEYSTORE_PASSWORD: ${{ secrets.ANDROID_KEYSTORE_PASSWORD }}
+          ANDROID_KEY_ALIAS: ${{ secrets.ANDROID_KEY_ALIAS }}
+          ANDROID_KEY_PASSWORD: ${{ secrets.ANDROID_KEY_PASSWORD }}
+        run: |
+          if [ -n "$ANDROID_KEYSTORE" ]; then
+            echo "$ANDROID_KEYSTORE" | base64 -d > $HOME/keystore.jks
+            echo "ANDROID_KEYSTORE_PATH=$HOME/keystore.jks" >> $GITHUB_ENV
+            echo "ANDROID_KEYSTORE_PASSWORD=$ANDROID_KEYSTORE_PASSWORD" >> $GITHUB_ENV
+            echo "ANDROID_KEY_ALIAS=$ANDROID_KEY_ALIAS" >> $GITHUB_ENV
+            echo "ANDROID_KEY_PASSWORD=$ANDROID_KEY_PASSWORD" >> $GITHUB_ENV
+            echo "Keystore configured for signing"
+          else
+            echo "No keystore configured, building unsigned APK"
+          fi
+
+      - name: Build Android APK and AAB (unsigned if no keystore)
+        run: pnpm tauri android build
+
+      - name: Upload Android artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: android
+          path: |
+            src-tauri/gen/android/app/build/outputs/apk/**/*.apk
+            src-tauri/gen/android/app/build/outputs/bundle/**/*.aab

.github/workflows/release.yml

@@ -0,0 +1,251 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+  workflow_dispatch:
+
+jobs:
+  create-release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-22.04
+    outputs:
+      release_id: ${{ steps.create-release.outputs.release_id }}
+      upload_url: ${{ steps.create-release.outputs.upload_url }}
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Get version
+        run: echo "PACKAGE_VERSION=$(node -p "require('./package.json').version")" >> $GITHUB_ENV
+
+      - name: Create release
+        id: create-release
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const { data } = await github.rest.repos.createRelease({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              tag_name: `v${process.env.PACKAGE_VERSION}`,
+              name: `haex-hub v${process.env.PACKAGE_VERSION}`,
+              body: 'Take a look at the assets to download and install this app.',
+              draft: true,
+              prerelease: false
+            })
+            core.setOutput('release_id', data.id)
+            core.setOutput('upload_url', data.upload_url)
+            return data.id
+
+  build-desktop:
+    needs: create-release
+    permissions:
+      contents: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: 'macos-latest'
+            args: '--target aarch64-apple-darwin'
+          - platform: 'macos-latest'
+            args: '--target x86_64-apple-darwin'
+          - platform: 'ubuntu-22.04'
+            args: ''
+          - platform: 'windows-latest'
+            args: ''
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.platform == 'macos-latest' && 'aarch64-apple-darwin,x86_64-apple-darwin' || '' }}
+
+      - name: Install dependencies (Ubuntu)
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf libssl-dev
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install frontend dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Build and release Tauri app
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          releaseId: ${{ needs.create-release.outputs.release_id }}
+          args: ${{ matrix.args }}
+
+  build-android:
+    needs: create-release
+    permissions:
+      contents: write
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: '20'
+
+      - name: Install pnpm
+        uses: pnpm/action-setup@v4
+
+      - name: Setup Java
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '17'
+
+      - name: Setup Android SDK
+        uses: android-actions/setup-android@v3
+
+      - name: Setup Rust
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Install Rust Android targets
+        run: |
+          rustup target add aarch64-linux-android
+          rustup target add armv7-linux-androideabi
+          rustup target add i686-linux-android
+          rustup target add x86_64-linux-android
+
+      - name: Setup NDK
+        uses: nttld/setup-ndk@v1
+        with:
+          ndk-version: r26d
+        id: setup-ndk
+
+      - name: Setup Android NDK environment for OpenSSL
+        run: |
+          echo "ANDROID_NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV
+          echo "NDK_HOME=${{ steps.setup-ndk.outputs.ndk-path }}" >> $GITHUB_ENV
+
+          # Add all Android toolchains to PATH for OpenSSL cross-compilation
+          echo "${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin" >> $GITHUB_PATH
+
+          # Set CC, AR, RANLIB for each target
+          echo "CC_aarch64_linux_android=aarch64-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_aarch64_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_aarch64_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_armv7_linux_androideabi=armv7a-linux-androideabi24-clang" >> $GITHUB_ENV
+          echo "AR_armv7_linux_androideabi=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_armv7_linux_androideabi=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_i686_linux_android=i686-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_i686_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_i686_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+          echo "CC_x86_64_linux_android=x86_64-linux-android24-clang" >> $GITHUB_ENV
+          echo "AR_x86_64_linux_android=llvm-ar" >> $GITHUB_ENV
+          echo "RANLIB_x86_64_linux_android=llvm-ranlib" >> $GITHUB_ENV
+
+      - name: Install build dependencies for OpenSSL
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y perl make
+
+      - name: Get pnpm store directory
+        shell: bash
+        run: |
+          echo "STORE_PATH=$(pnpm store path --silent)" >> $GITHUB_ENV
+
+      - name: Setup pnpm cache
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.STORE_PATH }}
+          key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }}
+          restore-keys: |
+            ${{ runner.os }}-pnpm-store-
+
+      - name: Setup Rust cache
+        uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: src-tauri
+
+      - name: Install frontend dependencies
+        run: pnpm install --frozen-lockfile
+
+      - name: Setup Keystore (required for release)
+        run: |
+          echo "${{ secrets.ANDROID_KEYSTORE }}" | base64 -d > $HOME/keystore.jks
+          echo "ANDROID_KEYSTORE_PATH=$HOME/keystore.jks" >> $GITHUB_ENV
+          echo "ANDROID_KEYSTORE_PASSWORD=${{ secrets.ANDROID_KEYSTORE_PASSWORD }}" >> $GITHUB_ENV
+          echo "ANDROID_KEY_ALIAS=${{ secrets.ANDROID_KEY_ALIAS }}" >> $GITHUB_ENV
+          echo "ANDROID_KEY_PASSWORD=${{ secrets.ANDROID_KEY_PASSWORD }}" >> $GITHUB_ENV
+
+      - name: Build Android APK and AAB (signed)
+        run: pnpm tauri android build
+
+      - name: Upload Android artifacts to Release
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          gh release upload ${{ github.ref_name }} \
+            src-tauri/gen/android/app/build/outputs/apk/universal/release/app-universal-release.apk \
+            src-tauri/gen/android/app/build/outputs/bundle/universalRelease/app-universal-release.aab \
+            --clobber
+
+  publish-release:
+    permissions:
+      contents: write
+    runs-on: ubuntu-22.04
+    needs: [create-release, build-desktop, build-android]
+
+    steps:
+      - name: Publish release
+        id: publish-release
+        uses: actions/github-script@v7
+        env:
+          release_id: ${{ needs.create-release.outputs.release_id }}
+        with:
+          script: |
+            github.rest.repos.updateRelease({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              release_id: process.env.release_id,
+              draft: false,
+              prerelease: false
+            })

.gitignore

@@ -27,3 +27,5 @@ src-tauri/target
 nogit*
 .claude
 .output
+target
+CLAUDE.md

nuxt.config.ts

@@ -1,5 +1,3 @@
-//import tailwindcss from '@tailwindcss/vite'
-
 import { fileURLToPath } from 'node:url'
 
 // https://nuxt.com/docs/api/configuration/nuxt-config
@@ -16,6 +14,9 @@ export default defineNuxtConfig({
   },
 
   app: {
+    head: {
+      viewport: 'width=device-width, initial-scale=1.0, viewport-fit=cover',
+    },
     pageTransition: {
       name: 'fade',
     },
@@ -28,7 +29,6 @@ export default defineNuxtConfig({
     '@vueuse/nuxt',
     '@nuxt/icon',
     '@nuxt/eslint',
-    //"@nuxt/image",
     '@nuxt/fonts',
     '@nuxt/ui',
   ],
@@ -108,8 +108,7 @@ export default defineNuxtConfig({
   runtimeConfig: {
     public: {
       haexVault: {
-        lastVaultFileName: 'lastVaults.json',
+        deviceFileName: 'device.json',
-        instanceFileName: 'instance.json',
         defaultVaultName: 'HaexHub',
       },
     },
@@ -123,7 +122,6 @@ export default defineNuxtConfig({
   },
 
   vite: {
-    //plugins: [tailwindcss()],
     // Better support for Tauri CLI output
     clearScreen: false,
     // Enable environment variables

package.json

@@ -1,10 +1,10 @@
 {
   "name": "haex-hub",
   "private": true,
-  "version": "0.1.0",
+  "version": "0.1.3",
   "type": "module",
   "scripts": {
-    "build": "nuxt build",
+    "build": "nuxt build && node scripts/fix-vite-mapdeps.js",
     "dev": "nuxt dev",
     "drizzle:generate": "drizzle-kit generate",
     "drizzle:migrate": "drizzle-kit migrate",
@@ -21,27 +21,23 @@
     "@nuxt/eslint": "1.9.0",
     "@nuxt/fonts": "0.11.4",
     "@nuxt/icon": "2.0.0",
-    "@nuxt/ui": "4.0.0",
+    "@nuxt/ui": "4.1.0",
     "@nuxtjs/i18n": "10.0.6",
     "@pinia/nuxt": "^0.11.2",
     "@tailwindcss/vite": "^4.1.16",
     "@tauri-apps/api": "^2.9.0",
-    "@tauri-apps/plugin-dialog": "^2.4.0",
+    "@tauri-apps/plugin-dialog": "^2.4.2",
-    "@tauri-apps/plugin-fs": "^2.4.2",
+    "@tauri-apps/plugin-fs": "^2.4.4",
-    "@tauri-apps/plugin-http": "2.5.2",
     "@tauri-apps/plugin-notification": "2.3.1",
-    "@tauri-apps/plugin-opener": "^2.5.0",
+    "@tauri-apps/plugin-opener": "^2.5.2",
-    "@tauri-apps/plugin-os": "^2.3.1",
+    "@tauri-apps/plugin-os": "^2.3.2",
-    "@tauri-apps/plugin-sql": "2.3.0",
+    "@tauri-apps/plugin-store": "^2.4.1",
-    "@tauri-apps/plugin-store": "^2.4.0",
     "@vueuse/components": "^13.9.0",
     "@vueuse/core": "^13.9.0",
     "@vueuse/gesture": "^2.0.0",
     "@vueuse/nuxt": "^13.9.0",
     "drizzle-orm": "^0.44.7",
     "eslint": "^9.38.0",
-    "fuse.js": "^7.1.0",
-    "nuxt": "^4.1.3",
     "nuxt-zod-i18n": "^1.12.1",
     "swiper": "^12.0.3",
     "tailwindcss": "^4.1.16",
@@ -51,8 +47,8 @@
   },
   "devDependencies": {
     "@iconify-json/hugeicons": "^1.2.17",
-    "@iconify-json/lucide": "^1.2.70",
+    "@iconify-json/lucide": "^1.2.71",
-    "@iconify/json": "^2.2.399",
+    "@iconify/json": "^2.2.401",
     "@iconify/tailwind4": "^1.0.6",
     "@libsql/client": "^0.15.15",
     "@tauri-apps/cli": "^2.9.1",
@@ -61,6 +57,7 @@
     "@vue/compiler-sfc": "^3.5.22",
     "drizzle-kit": "^0.31.5",
     "globals": "^16.4.0",
+    "nuxt": "^4.2.0",
     "prettier": "3.6.2",
     "tsx": "^4.20.6",
     "tw-animate-css": "^1.4.0",

scripts/fix-vite-mapdeps.js

@@ -0,0 +1,52 @@
+#!/usr/bin/env node
+
+/**
+ * Post-build script to fix the Vite 7.x TDZ error in __vite__mapDeps
+ * This script patches the generated JavaScript files after the build
+ */
+
+import { readdir, readFile, writeFile } from 'node:fs/promises'
+import { join } from 'node:path'
+
+const NUXT_DIR = join(process.cwd(), '.output/public/_nuxt')
+
+async function fixFile(filePath) {
+  const content = await readFile(filePath, 'utf-8')
+  const fixedContent = content.replace(
+    /const __vite__mapDeps=\(i,m=__vite__mapDeps,/g,
+    'let __vite__mapDeps;__vite__mapDeps=(i,m=__vite__mapDeps,'
+  )
+
+  if (fixedContent !== content) {
+    await writeFile(filePath, fixedContent, 'utf-8')
+    console.log(`✓ Fixed TDZ error in ${filePath.split('/').pop()}`)
+    return true
+  }
+
+  return false
+}
+
+async function main() {
+  try {
+    const files = await readdir(NUXT_DIR)
+    const jsFiles = files.filter((f) => f.endsWith('.js'))
+
+    let fixedCount = 0
+    for (const file of jsFiles) {
+      const filePath = join(NUXT_DIR, file)
+      const fixed = await fixFile(filePath)
+      if (fixed) fixedCount++
+    }
+
+    if (fixedCount > 0) {
+      console.log(`\n✓ Fixed __vite__mapDeps TDZ error in ${fixedCount} file(s)`)
+    } else {
+      console.log('\n✓ No __vite__mapDeps TDZ errors found')
+    }
+  } catch (error) {
+    console.error('Error fixing __vite__mapDeps:', error)
+    process.exit(1)
+  }
+}
+
+main()

src-tauri/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "haex-hub"
-version = "0.1.0"
+version = "0.1.3"
 description = "A Tauri App"
 authors = ["you"]
 edition = "2021"
@@ -20,14 +20,7 @@ tauri-build = { version = "2.2", features = [] }
 serde = { version = "1.0.228", features = ["derive"] }
 
 [dependencies]
-rusqlite = { version = "0.37.0", features = [
+tokio = { version = "1.47.1", features = ["macros", "rt-multi-thread"] }
-    "load_extension",
-    "bundled-sqlcipher-vendored-openssl",
-    "functions",
-] }
-
-#tauri-plugin-sql = { version = "2", features = ["sqlite"] }tokio = { version = "1.47.1", features = ["macros", "rt-multi-thread"] }#libsqlite3-sys = { version = "0.31", features = ["bundled-sqlcipher"] }
-#sqlx = { version = "0.8", features = ["runtime-tokio-rustls", "sqlite"] }
 base64 = "0.22"
 ed25519-dalek = "2.1"
 fs_extra = "1.3.0"
@@ -39,18 +32,25 @@ serde = { version = "1", features = ["derive"] }
 serde_json = "1.0.143"
 sha2 = "0.10.9"
 sqlparser = { version = "0.59.0", features = ["visitor"] }
-tauri = { version = "2.8.5", features = ["protocol-asset", "devtools"] }
+tauri = { version = "2.9.1", features = ["protocol-asset", "devtools"] }
-tauri-plugin-dialog = "2.4.0"
+tauri-plugin-dialog = "2.4.2"
 tauri-plugin-fs = "2.4.0"
-tauri-plugin-http = "2.5.2"
+tauri-plugin-http = "2.5.4"
-tauri-plugin-notification = "2.3.1"
+tauri-plugin-notification = "2.3.3"
-tauri-plugin-opener = "2.5.0"
+tauri-plugin-opener = "2.5.2"
-tauri-plugin-os = "2.3"
+tauri-plugin-os = "2.3.2"
-tauri-plugin-persisted-scope = "2.3.2"
+tauri-plugin-persisted-scope = "2.3.4"
-tauri-plugin-store = "2.4.0"
+tauri-plugin-store = "2.4.1"
 thiserror = "2.0.17"
 ts-rs = { version = "11.1.0", features = ["serde-compat"] }
 uhlc = "0.8.2"
+url = "2.5.7"
 uuid = { version = "1.18.1", features = ["v4"] }
 zip = "6.0.0"
-url = "2.5.7"
+
+[target.'cfg(not(target_os = "android"))'.dependencies]
+trash = "5.2.0"
+rusqlite = { version = "0.37.0", features = ["load_extension", "bundled-sqlcipher-vendored-openssl", "functions"] }
+
+[target.'cfg(target_os = "android")'.dependencies]
+rusqlite = { version = "0.37.0", features = ["load_extension", "bundled-sqlcipher-vendored-openssl", "functions"] }

src-tauri/bindings/ExtensionInfoResponse.ts

@@ -1,3 +1,3 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 
-export type ExtensionInfoResponse = { id: string, publicKey: string, name: string, version: string, author: string | null, enabled: boolean, description: string | null, homepage: string | null, icon: string | null, devServerUrl: string | null, };
+export type ExtensionInfoResponse = { id: string, publicKey: string, name: string, version: string, author: string | null, enabled: boolean, description: string | null, homepage: string | null, icon: string | null, entry: string | null, singleInstance: boolean | null, devServerUrl: string | null, };

src-tauri/bindings/ExtensionManifest.ts

@@ -1,4 +1,4 @@
 // This file was generated by [ts-rs](https://github.com/Aleph-Alpha/ts-rs). Do not edit this file manually.
 import type { ExtensionPermissions } from "./ExtensionPermissions";
 
-export type ExtensionManifest = { name: string, version: string, author: string | null, entry: string, icon: string | null, public_key: string, signature: string, permissions: ExtensionPermissions, homepage: string | null, description: string | null, };
+export type ExtensionManifest = { name: string, version: string, author: string | null, entry: string | null, icon: string | null, public_key: string, signature: string, permissions: ExtensionPermissions, homepage: string | null, description: string | null, single_instance: boolean | null, };

src-tauri/database/index.ts

@@ -19,5 +19,3 @@ const dummyExecutor = async (
 // Erstelle die Drizzle-Instanz für den SQLite-Dialekt
 // Übergib den dummyExecutor und das importierte Schema
 export const db = drizzle(dummyExecutor, { schema })
-
-// Exportiere auch alle Schema-Definitionen weiter, damit man alles aus einer Datei importieren kann

src-tauri/database/migrations/0000_dashing_night_nurse.sql

@@ -28,11 +28,14 @@ CREATE TABLE `haex_desktop_items` (
 	`id` text PRIMARY KEY NOT NULL,
 	`workspace_id` text NOT NULL,
 	`item_type` text NOT NULL,
-	`reference_id` text NOT NULL,
+	`extension_id` text,
+	`system_window_id` text,
 	`position_x` integer DEFAULT 0 NOT NULL,
 	`position_y` integer DEFAULT 0 NOT NULL,
 	`haex_timestamp` text,
-	FOREIGN KEY (`workspace_id`) REFERENCES `haex_workspaces`(`id`) ON UPDATE no action ON DELETE cascade
+	FOREIGN KEY (`workspace_id`) REFERENCES `haex_workspaces`(`id`) ON UPDATE no action ON DELETE cascade,
+	FOREIGN KEY (`extension_id`) REFERENCES `haex_extensions`(`id`) ON UPDATE no action ON DELETE cascade,
+	CONSTRAINT "item_reference" CHECK(("haex_desktop_items"."item_type" = 'extension' AND "haex_desktop_items"."extension_id" IS NOT NULL AND "haex_desktop_items"."system_window_id" IS NULL) OR ("haex_desktop_items"."item_type" = 'system' AND "haex_desktop_items"."system_window_id" IS NOT NULL AND "haex_desktop_items"."extension_id" IS NULL) OR ("haex_desktop_items"."item_type" = 'file' AND "haex_desktop_items"."system_window_id" IS NOT NULL AND "haex_desktop_items"."extension_id" IS NULL) OR ("haex_desktop_items"."item_type" = 'folder' AND "haex_desktop_items"."system_window_id" IS NOT NULL AND "haex_desktop_items"."extension_id" IS NULL))
 );
 --> statement-breakpoint
 CREATE TABLE `haex_extension_permissions` (
@@ -57,11 +60,12 @@ CREATE TABLE `haex_extensions` (
 	`version` text NOT NULL,
 	`author` text,
 	`description` text,
-	`entry` text DEFAULT 'index.html' NOT NULL,
+	`entry` text DEFAULT 'index.html',
 	`homepage` text,
 	`enabled` integer DEFAULT true,
 	`icon` text,
 	`signature` text NOT NULL,
+	`single_instance` integer DEFAULT false,
 	`haex_timestamp` text
 );
 --> statement-breakpoint
@@ -91,6 +95,7 @@ CREATE TABLE `haex_settings` (
 CREATE UNIQUE INDEX `haex_settings_key_type_value_unique` ON `haex_settings` (`key`,`type`,`value`);--> statement-breakpoint
 CREATE TABLE `haex_workspaces` (
 	`id` text PRIMARY KEY NOT NULL,
+	`device_id` text NOT NULL,
 	`name` text NOT NULL,
 	`position` integer DEFAULT 0 NOT NULL,
 	`haex_timestamp` text

src-tauri/database/migrations/meta/0000_snapshot.json

@@ -1,7 +1,7 @@
 {
   "version": "6",
   "dialect": "sqlite",
-  "id": "21ca1268-1057-48c1-8647-29bd7cb67d49",
+  "id": "8dc25226-70f9-4d2e-89d4-f3a6b2bdf58d",
   "prevId": "00000000-0000-0000-0000-000000000000",
   "tables": {
     "haex_crdt_configs": {
@@ -179,11 +179,18 @@
           "notNull": true,
           "autoincrement": false
         },
-        "reference_id": {
+        "extension_id": {
-          "name": "reference_id",
+          "name": "extension_id",
           "type": "text",
           "primaryKey": false,
-          "notNull": true,
+          "notNull": false,
+          "autoincrement": false
+        },
+        "system_window_id": {
+          "name": "system_window_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": false,
           "autoincrement": false
         },
         "position_x": {
@@ -224,11 +231,29 @@
           ],
           "onDelete": "cascade",
           "onUpdate": "no action"
+        },
+        "haex_desktop_items_extension_id_haex_extensions_id_fk": {
+          "name": "haex_desktop_items_extension_id_haex_extensions_id_fk",
+          "tableFrom": "haex_desktop_items",
+          "tableTo": "haex_extensions",
+          "columnsFrom": [
+            "extension_id"
+          ],
+          "columnsTo": [
+            "id"
+          ],
+          "onDelete": "cascade",
+          "onUpdate": "no action"
         }
       },
       "compositePrimaryKeys": {},
       "uniqueConstraints": {},
-      "checkConstraints": {}
+      "checkConstraints": {
+        "item_reference": {
+          "name": "item_reference",
+          "value": "(\"haex_desktop_items\".\"item_type\" = 'extension' AND \"haex_desktop_items\".\"extension_id\" IS NOT NULL AND \"haex_desktop_items\".\"system_window_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'system' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'file' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL) OR (\"haex_desktop_items\".\"item_type\" = 'folder' AND \"haex_desktop_items\".\"system_window_id\" IS NOT NULL AND \"haex_desktop_items\".\"extension_id\" IS NULL)"
+        }
+      }
     },
     "haex_extension_permissions": {
       "name": "haex_extension_permissions",
@@ -386,7 +411,7 @@
           "name": "entry",
           "type": "text",
           "primaryKey": false,
-          "notNull": true,
+          "notNull": false,
           "autoincrement": false,
           "default": "'index.html'"
         },
@@ -419,6 +444,14 @@
           "notNull": true,
           "autoincrement": false
         },
+        "single_instance": {
+          "name": "single_instance",
+          "type": "integer",
+          "primaryKey": false,
+          "notNull": false,
+          "autoincrement": false,
+          "default": false
+        },
         "haex_timestamp": {
           "name": "haex_timestamp",
           "type": "text",
@@ -594,6 +627,13 @@
           "notNull": true,
           "autoincrement": false
         },
+        "device_id": {
+          "name": "device_id",
+          "type": "text",
+          "primaryKey": false,
+          "notNull": true,
+          "autoincrement": false
+        },
         "name": {
           "name": "name",
           "type": "text",

src-tauri/database/migrations/meta/_journal.json

@@ -5,8 +5,8 @@
     {
       "idx": 0,
       "version": "6",
-      "when": 1761216357702,
+      "when": 1761821821609,
-      "tag": "0000_bumpy_valkyrie",
+      "tag": "0000_dashing_night_nurse",
       "breakpoints": true
     }
   ]

src-tauri/database/schemas/haex.ts

@@ -1,5 +1,6 @@
 import { sql } from 'drizzle-orm'
 import {
+  check,
   integer,
   sqliteTable,
   text,
@@ -8,30 +9,28 @@ import {
   type SQLiteColumnBuilderBase,
 } from 'drizzle-orm/sqlite-core'
 import tableNames from '../tableNames.json'
+import { crdtColumnNames } from '.'
 
 // Helper function to add common CRDT columns ( haexTimestamp)
 export const withCrdtColumns = <
   T extends Record<string, SQLiteColumnBuilderBase>,
 >(
   columns: T,
-  columnNames: { haexTimestamp: string },
 ) => ({
   ...columns,
-  haexTimestamp: text(columnNames.haexTimestamp),
+  haexTimestamp: text(crdtColumnNames.haexTimestamp),
 })
 
 export const haexSettings = sqliteTable(
   tableNames.haex.settings.name,
-  {
+  withCrdtColumns({
     id: text()
       .primaryKey()
       .$defaultFn(() => crypto.randomUUID()),
     key: text(),
     type: text(),
     value: text(),
-
+  }),
-    haexTimestamp: text(tableNames.haex.settings.columns.haexTimestamp),
-  },
   (table) => [unique().on(table.key, table.type, table.value)],
 )
 export type InsertHaexSettings = typeof haexSettings.$inferInsert
@@ -39,7 +38,7 @@ export type SelectHaexSettings = typeof haexSettings.$inferSelect
 
 export const haexExtensions = sqliteTable(
   tableNames.haex.extensions.name,
-  {
+  withCrdtColumns({
     id: text()
       .primaryKey()
       .$defaultFn(() => crypto.randomUUID()),
@@ -48,13 +47,13 @@ export const haexExtensions = sqliteTable(
     version: text().notNull(),
     author: text(),
     description: text(),
-    entry: text().notNull().default('index.html'),
+    entry: text().default('index.html'),
     homepage: text(),
     enabled: integer({ mode: 'boolean' }).default(true),
     icon: text(),
     signature: text().notNull(),
-    haexTimestamp: text(tableNames.haex.extensions.columns.haexTimestamp),
+    single_instance: integer({ mode: 'boolean' }).default(false),
-  },
+  }),
   (table) => [
     // UNIQUE constraint: Pro Developer (public_key) kann nur eine Extension mit diesem Namen existieren
     unique().on(table.public_key, table.name),
@@ -65,7 +64,7 @@ export type SelectHaexExtensions = typeof haexExtensions.$inferSelect
 
 export const haexExtensionPermissions = sqliteTable(
   tableNames.haex.extension_permissions.name,
-  {
+  withCrdtColumns({
     id: text()
       .primaryKey()
       .$defaultFn(() => crypto.randomUUID()),
@@ -87,10 +86,7 @@ export const haexExtensionPermissions = sqliteTable(
     updateAt: integer('updated_at', { mode: 'timestamp' }).$onUpdate(
       () => new Date(),
     ),
-    haexTimestamp: text(
+  }),
-      tableNames.haex.extension_permissions.columns.haexTimestamp,
-    ),
-  },
   (table) => [
     unique().on(
       table.extensionId,
@@ -107,7 +103,7 @@ export type SelecthaexExtensionPermissions =
 
 export const haexNotifications = sqliteTable(
   tableNames.haex.notifications.name,
-  {
+  withCrdtColumns({
     id: text().primaryKey(),
     alt: text(),
     date: text(),
@@ -120,26 +116,23 @@ export const haexNotifications = sqliteTable(
     type: text({
       enum: ['error', 'success', 'warning', 'info', 'log'],
     }).notNull(),
-    haexTimestamp: text(tableNames.haex.notifications.columns.haexTimestamp),
+  }),
-  },
 )
 export type InsertHaexNotifications = typeof haexNotifications.$inferInsert
 export type SelectHaexNotifications = typeof haexNotifications.$inferSelect
 
 export const haexWorkspaces = sqliteTable(
   tableNames.haex.workspaces.name,
-  withCrdtColumns(
+  withCrdtColumns({
-    {
     id: text(tableNames.haex.workspaces.columns.id)
       .primaryKey()
       .$defaultFn(() => crypto.randomUUID()),
+    deviceId: text(tableNames.haex.workspaces.columns.deviceId).notNull(),
     name: text(tableNames.haex.workspaces.columns.name).notNull(),
     position: integer(tableNames.haex.workspaces.columns.position)
       .notNull()
       .default(0),
-    },
+  }),
-    tableNames.haex.workspaces.columns,
-  ),
   (table) => [unique().on(table.position)],
 )
 export type InsertHaexWorkspaces = typeof haexWorkspaces.$inferInsert
@@ -147,8 +140,7 @@ export type SelectHaexWorkspaces = typeof haexWorkspaces.$inferSelect
 
 export const haexDesktopItems = sqliteTable(
   tableNames.haex.desktop_items.name,
-  withCrdtColumns(
+  withCrdtColumns({
-    {
     id: text(tableNames.haex.desktop_items.columns.id)
       .primaryKey()
       .$defaultFn(() => crypto.randomUUID()),
@@ -158,18 +150,27 @@ export const haexDesktopItems = sqliteTable(
     itemType: text(tableNames.haex.desktop_items.columns.itemType, {
       enum: ['system', 'extension', 'file', 'folder'],
     }).notNull(),
-      referenceId: text(
+    // Für Extensions (wenn itemType = 'extension')
-        tableNames.haex.desktop_items.columns.referenceId,
+    extensionId: text(
-      ).notNull(), // systemId für system windows, extensionId für extensions, filePath für files/folders
+      tableNames.haex.desktop_items.columns.extensionId,
+    ).references((): AnySQLiteColumn => haexExtensions.id, {
+      onDelete: 'cascade',
+    }),
+    // Für System Windows (wenn itemType = 'system')
+    systemWindowId: text(tableNames.haex.desktop_items.columns.systemWindowId),
     positionX: integer(tableNames.haex.desktop_items.columns.positionX)
       .notNull()
       .default(0),
     positionY: integer(tableNames.haex.desktop_items.columns.positionY)
       .notNull()
       .default(0),
-    },
+  }),
-    tableNames.haex.desktop_items.columns,
+  (table) => [
+    check(
+      'item_reference',
+      sql`(${table.itemType} = 'extension' AND ${table.extensionId} IS NOT NULL AND ${table.systemWindowId} IS NULL) OR (${table.itemType} = 'system' AND ${table.systemWindowId} IS NOT NULL AND ${table.extensionId} IS NULL) OR (${table.itemType} = 'file' AND ${table.systemWindowId} IS NOT NULL AND ${table.extensionId} IS NULL) OR (${table.itemType} = 'folder' AND ${table.systemWindowId} IS NOT NULL AND ${table.extensionId} IS NULL)`,
     ),
+  ],
 )
 export type InsertHaexDesktopItems = typeof haexDesktopItems.$inferInsert
 export type SelectHaexDesktopItems = typeof haexDesktopItems.$inferSelect

src-tauri/database/schemas/index.ts

@@ -1,2 +1,5 @@
+export const crdtColumnNames = {
+  haexTimestamp: 'haex_timestamp',
+}
 export * from './crdt'
 export * from './haex'

src-tauri/database/tableNames.json

@@ -67,6 +67,7 @@
       "name": "haex_workspaces",
       "columns": {
         "id": "id",
+        "deviceId": "device_id",
         "name": "name",
         "position": "position",
         "createdAt": "created_at",
@@ -80,7 +81,8 @@
         "id": "id",
         "workspaceId": "workspace_id",
         "itemType": "item_type",
-        "referenceId": "reference_id",
+        "extensionId": "extension_id",
+        "systemWindowId": "system_window_id",
         "positionX": "position_x",
         "positionY": "position_y",
 

src-tauri/gen/android/app/build.gradle.kts

@@ -24,6 +24,23 @@ android {
         versionCode = tauriProperties.getProperty("tauri.android.versionCode", "1").toInt()
         versionName = tauriProperties.getProperty("tauri.android.versionName", "1.0")
     }
+
+    signingConfigs {
+        create("release") {
+            val keystorePath = System.getenv("ANDROID_KEYSTORE_PATH")
+            val keystorePassword = System.getenv("ANDROID_KEYSTORE_PASSWORD")
+            val keyAlias = System.getenv("ANDROID_KEY_ALIAS")
+            val keyPassword = System.getenv("ANDROID_KEY_PASSWORD")
+
+            if (keystorePath != null && keystorePassword != null && keyAlias != null && keyPassword != null) {
+                storeFile = file(keystorePath)
+                storePassword = keystorePassword
+                this.keyAlias = keyAlias
+                this.keyPassword = keyPassword
+            }
+        }
+    }
+
     buildTypes {
         getByName("debug") {
             manifestPlaceholders["usesCleartextTraffic"] = "true"
@@ -43,6 +60,12 @@ android {
                     .plus(getDefaultProguardFile("proguard-android-optimize.txt"))
                     .toList().toTypedArray()
             )
+
+            // Sign with release config if available
+            val releaseSigningConfig = signingConfigs.getByName("release")
+            if (releaseSigningConfig.storeFile != null) {
+                signingConfig = releaseSigningConfig
+            }
         }
     }
     kotlinOptions {

src-tauri/gen/schemas/android-schema.json

@@ -1400,10 +1400,10 @@
                         "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
                       },
                       {
-                        "description": "An empty permission you can use to modify the global scope.",
+                        "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
                         "type": "string",
                         "const": "fs:scope",
-                        "markdownDescription": "An empty permission you can use to modify the global scope."
+                        "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
                       },
                       {
                         "description": "This scope permits access to all files and list content of top level directories in the application folders.",
@@ -2277,10 +2277,10 @@
           "markdownDescription": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`"
         },
         {
-          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`",
+          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`",
           "type": "string",
           "const": "core:app:default",
-          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`"
+          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`"
         },
         {
           "description": "Enables the app_hide command without any pre-configured scope.",
@@ -2324,12 +2324,24 @@
           "const": "core:app:allow-name",
           "markdownDescription": "Enables the name command without any pre-configured scope."
         },
+        {
+          "description": "Enables the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-register-listener",
+          "markdownDescription": "Enables the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:allow-remove-data-store",
           "markdownDescription": "Enables the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Enables the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-remove-listener",
+          "markdownDescription": "Enables the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -2396,12 +2408,24 @@
           "const": "core:app:deny-name",
           "markdownDescription": "Denies the name command without any pre-configured scope."
         },
+        {
+          "description": "Denies the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-register-listener",
+          "markdownDescription": "Denies the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:deny-remove-data-store",
           "markdownDescription": "Denies the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Denies the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-remove-listener",
+          "markdownDescription": "Denies the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -5541,10 +5565,10 @@
           "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
         },
         {
-          "description": "An empty permission you can use to modify the global scope.",
+          "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
           "type": "string",
           "const": "fs:scope",
-          "markdownDescription": "An empty permission you can use to modify the global scope."
+          "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
         },
         {
           "description": "This scope permits access to all files and list content of top level directories in the application folders.",

src-tauri/gen/schemas/desktop-schema.json

@@ -1400,10 +1400,10 @@
                         "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
                       },
                       {
-                        "description": "An empty permission you can use to modify the global scope.",
+                        "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
                         "type": "string",
                         "const": "fs:scope",
-                        "markdownDescription": "An empty permission you can use to modify the global scope."
+                        "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
                       },
                       {
                         "description": "This scope permits access to all files and list content of top level directories in the application folders.",
@@ -2277,10 +2277,10 @@
           "markdownDescription": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`"
         },
         {
-          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`",
+          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`",
           "type": "string",
           "const": "core:app:default",
-          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`"
+          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`"
         },
         {
           "description": "Enables the app_hide command without any pre-configured scope.",
@@ -2324,12 +2324,24 @@
           "const": "core:app:allow-name",
           "markdownDescription": "Enables the name command without any pre-configured scope."
         },
+        {
+          "description": "Enables the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-register-listener",
+          "markdownDescription": "Enables the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:allow-remove-data-store",
           "markdownDescription": "Enables the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Enables the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-remove-listener",
+          "markdownDescription": "Enables the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -2396,12 +2408,24 @@
           "const": "core:app:deny-name",
           "markdownDescription": "Denies the name command without any pre-configured scope."
         },
+        {
+          "description": "Denies the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-register-listener",
+          "markdownDescription": "Denies the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:deny-remove-data-store",
           "markdownDescription": "Denies the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Denies the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-remove-listener",
+          "markdownDescription": "Denies the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -5541,10 +5565,10 @@
           "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
         },
         {
-          "description": "An empty permission you can use to modify the global scope.",
+          "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
           "type": "string",
           "const": "fs:scope",
-          "markdownDescription": "An empty permission you can use to modify the global scope."
+          "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
         },
         {
           "description": "This scope permits access to all files and list content of top level directories in the application folders.",

src-tauri/gen/schemas/linux-schema.json

@@ -1400,10 +1400,10 @@
                         "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
                       },
                       {
-                        "description": "An empty permission you can use to modify the global scope.",
+                        "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
                         "type": "string",
                         "const": "fs:scope",
-                        "markdownDescription": "An empty permission you can use to modify the global scope."
+                        "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
                       },
                       {
                         "description": "This scope permits access to all files and list content of top level directories in the application folders.",
@@ -2277,10 +2277,10 @@
           "markdownDescription": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`"
         },
         {
-          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`",
+          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`",
           "type": "string",
           "const": "core:app:default",
-          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`"
+          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`"
         },
         {
           "description": "Enables the app_hide command without any pre-configured scope.",
@@ -2324,12 +2324,24 @@
           "const": "core:app:allow-name",
           "markdownDescription": "Enables the name command without any pre-configured scope."
         },
+        {
+          "description": "Enables the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-register-listener",
+          "markdownDescription": "Enables the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:allow-remove-data-store",
           "markdownDescription": "Enables the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Enables the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-remove-listener",
+          "markdownDescription": "Enables the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -2396,12 +2408,24 @@
           "const": "core:app:deny-name",
           "markdownDescription": "Denies the name command without any pre-configured scope."
         },
+        {
+          "description": "Denies the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-register-listener",
+          "markdownDescription": "Denies the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:deny-remove-data-store",
           "markdownDescription": "Denies the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Denies the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-remove-listener",
+          "markdownDescription": "Denies the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -5541,10 +5565,10 @@
           "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
         },
         {
-          "description": "An empty permission you can use to modify the global scope.",
+          "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
           "type": "string",
           "const": "fs:scope",
-          "markdownDescription": "An empty permission you can use to modify the global scope."
+          "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
         },
         {
           "description": "This scope permits access to all files and list content of top level directories in the application folders.",

src-tauri/gen/schemas/mobile-schema.json

@@ -1400,10 +1400,10 @@
                         "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
                       },
                       {
-                        "description": "An empty permission you can use to modify the global scope.",
+                        "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
                         "type": "string",
                         "const": "fs:scope",
-                        "markdownDescription": "An empty permission you can use to modify the global scope."
+                        "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
                       },
                       {
                         "description": "This scope permits access to all files and list content of top level directories in the application folders.",
@@ -2277,10 +2277,10 @@
           "markdownDescription": "Default core plugins set.\n#### This default permission set includes:\n\n- `core:path:default`\n- `core:event:default`\n- `core:window:default`\n- `core:webview:default`\n- `core:app:default`\n- `core:image:default`\n- `core:resources:default`\n- `core:menu:default`\n- `core:tray:default`"
         },
         {
-          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`",
+          "description": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`",
           "type": "string",
           "const": "core:app:default",
-          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`"
+          "markdownDescription": "Default permissions for the plugin.\n#### This default permission set includes:\n\n- `allow-version`\n- `allow-name`\n- `allow-tauri-version`\n- `allow-identifier`\n- `allow-bundle-type`\n- `allow-register-listener`\n- `allow-remove-listener`"
         },
         {
           "description": "Enables the app_hide command without any pre-configured scope.",
@@ -2324,12 +2324,24 @@
           "const": "core:app:allow-name",
           "markdownDescription": "Enables the name command without any pre-configured scope."
         },
+        {
+          "description": "Enables the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-register-listener",
+          "markdownDescription": "Enables the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:allow-remove-data-store",
           "markdownDescription": "Enables the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Enables the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:allow-remove-listener",
+          "markdownDescription": "Enables the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Enables the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -2396,12 +2408,24 @@
           "const": "core:app:deny-name",
           "markdownDescription": "Denies the name command without any pre-configured scope."
         },
+        {
+          "description": "Denies the register_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-register-listener",
+          "markdownDescription": "Denies the register_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the remove_data_store command without any pre-configured scope.",
           "type": "string",
           "const": "core:app:deny-remove-data-store",
           "markdownDescription": "Denies the remove_data_store command without any pre-configured scope."
         },
+        {
+          "description": "Denies the remove_listener command without any pre-configured scope.",
+          "type": "string",
+          "const": "core:app:deny-remove-listener",
+          "markdownDescription": "Denies the remove_listener command without any pre-configured scope."
+        },
         {
           "description": "Denies the set_app_theme command without any pre-configured scope.",
           "type": "string",
@@ -5541,10 +5565,10 @@
           "markdownDescription": "This enables all index or metadata related commands without any pre-configured accessible paths."
         },
         {
-          "description": "An empty permission you can use to modify the global scope.",
+          "description": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n",
           "type": "string",
           "const": "fs:scope",
-          "markdownDescription": "An empty permission you can use to modify the global scope."
+          "markdownDescription": "An empty permission you can use to modify the global scope.\n\n## Example\n\n```json\n{\n  \"identifier\": \"read-documents\",\n  \"windows\": [\"main\"],\n  \"permissions\": [\n    \"fs:allow-read\",\n    {\n      \"identifier\": \"fs:scope\",\n      \"allow\": [\n        \"$APPDATA/documents/**/*\"\n      ],\n      \"deny\": [\n        \"$APPDATA/documents/secret.txt\"\n      ]\n    }\n  ]\n}\n```\n"
         },
         {
           "description": "This scope permits access to all files and list content of top level directories in the application folders.",

src-tauri/src/crdt/trigger.rs

@@ -11,8 +11,6 @@ const INSERT_TRIGGER_TPL: &str = "z_crdt_{TABLE_NAME}_insert";
 const UPDATE_TRIGGER_TPL: &str = "z_crdt_{TABLE_NAME}_update";
 const DELETE_TRIGGER_TPL: &str = "z_crdt_{TABLE_NAME}_delete";
 
-//const SYNC_ACTIVE_KEY: &str = "sync_active";
-
 pub const HLC_TIMESTAMP_COLUMN: &str = "haex_timestamp";
 
 /// Name der custom UUID-Generierungs-Funktion (registriert in database::core::open_and_init_db)
@@ -85,7 +83,8 @@ impl ColumnInfo {
 }
 
 fn is_safe_identifier(name: &str) -> bool {
-    !name.is_empty() && name.chars().all(|c| c.is_alphanumeric() || c == '_')
+    // Allow alphanumeric characters, underscores, and hyphens (for extension names like "nuxt-app")
+    !name.is_empty() && name.chars().all(|c| c.is_alphanumeric() || c == '_' || c == '-')
 }
 
 /// Richtet CRDT-Trigger für eine einzelne Tabelle ein.

src-tauri/src/database/core.rs

@@ -89,8 +89,15 @@ pub fn parse_single_statement(sql: &str) -> Result<Statement, DatabaseError> {
 /// Utility für SQL-Parsing - parst mehrere SQL-Statements
 pub fn parse_sql_statements(sql: &str) -> Result<Vec<Statement>, DatabaseError> {
     let dialect = SQLiteDialect {};
-    Parser::parse_sql(&dialect, sql).map_err(|e| DatabaseError::ParseError {
+
-        reason: e.to_string(),
+    // Normalize whitespace: replace multiple whitespaces (including newlines, tabs) with single space
+    let normalized_sql = sql
+        .split_whitespace()
+        .collect::<Vec<&str>>()
+        .join(" ");
+
+    Parser::parse_sql(&dialect, &normalized_sql).map_err(|e| DatabaseError::ParseError {
+        reason: format!("Failed to parse SQL: {}", e),
         sql: sql.to_string(),
     })
 }

src-tauri/src/database/mod.rs

@@ -20,6 +20,8 @@ use std::time::UNIX_EPOCH;
 use std::{fs, sync::Arc};
 use tauri::{path::BaseDirectory, AppHandle, Manager, State};
 use tauri_plugin_fs::FsExt;
+#[cfg(not(target_os = "android"))]
+use trash;
 use ts_rs::TS;
 
 pub struct DbConnection(pub Arc<Mutex<Option<Connection>>>);
@@ -133,7 +135,6 @@ pub fn get_vaults_directory(app_handle: &AppHandle) -> Result<String, DatabaseEr
     Ok(vaults_dir.to_string_lossy().to_string())
 }
 
-//#[serde(tag = "type", content = "details")]
 #[derive(Debug, Serialize, Deserialize, TS)]
 #[ts(export)]
 #[serde(rename_all = "camelCase")]
@@ -212,7 +213,60 @@ pub fn vault_exists(app_handle: AppHandle, vault_name: String) -> Result<bool, D
     Ok(Path::new(&vault_path).exists())
 }
 
-/// Deletes a vault database file
+/// Moves a vault database file to trash (or deletes permanently if trash is unavailable)
+#[tauri::command]
+pub fn move_vault_to_trash(
+    app_handle: AppHandle,
+    vault_name: String,
+) -> Result<String, DatabaseError> {
+    // On Android, trash is not available, so delete permanently
+    #[cfg(target_os = "android")]
+    {
+        println!(
+            "Android platform detected, permanently deleting vault '{}'",
+            vault_name
+        );
+        return delete_vault(app_handle, vault_name);
+    }
+
+    // On non-Android platforms, try to use trash
+    #[cfg(not(target_os = "android"))]
+    {
+        let vault_path = get_vault_path(&app_handle, &vault_name)?;
+        let vault_shm_path = format!("{}-shm", vault_path);
+        let vault_wal_path = format!("{}-wal", vault_path);
+
+        if !Path::new(&vault_path).exists() {
+            return Err(DatabaseError::IoError {
+                path: vault_path,
+                reason: "Vault does not exist".to_string(),
+            });
+        }
+
+        // Try to move to trash first (works on desktop systems)
+        let moved_to_trash = trash::delete(&vault_path).is_ok();
+
+        if moved_to_trash {
+            // Also try to move auxiliary files to trash (ignore errors as they might not exist)
+            let _ = trash::delete(&vault_shm_path);
+            let _ = trash::delete(&vault_wal_path);
+
+            Ok(format!(
+                "Vault '{}' successfully moved to trash",
+                vault_name
+            ))
+        } else {
+            // Fallback: Permanent deletion if trash fails
+            println!(
+                "Trash not available, falling back to permanent deletion for vault '{}'",
+                vault_name
+            );
+            delete_vault(app_handle, vault_name)
+        }
+    }
+}
+
+/// Deletes a vault database file permanently (bypasses trash)
 #[tauri::command]
 pub fn delete_vault(app_handle: AppHandle, vault_name: String) -> Result<String, DatabaseError> {
     let vault_path = get_vault_path(&app_handle, &vault_name)?;
@@ -395,9 +449,6 @@ pub fn open_encrypted_database(
     state: State<'_, AppState>,
 ) -> Result<String, DatabaseError> {
     println!("Opening encrypted database vault_path: {}", vault_path);
-
-    // Vault-Pfad aus dem Namen ableiten
-    //let vault_path = get_vault_path(&app_handle, &vault_name)?;
     println!("Resolved vault path: {}", vault_path);
 
     if !Path::new(&vault_path).exists() {

src-tauri/src/extension/core/manager.rs

@@ -66,17 +66,124 @@ impl ExtensionManager {
         Self::default()
     }
 
+    /// Helper function to validate path and check for path traversal
+    /// Returns the cleaned path if valid, or None if invalid/not found
+    /// If require_exists is true, returns None if path doesn't exist
+    pub fn validate_path_in_directory(
+        base_dir: &PathBuf,
+        relative_path: &str,
+        require_exists: bool,
+    ) -> Result<Option<PathBuf>, ExtensionError> {
+        // Check for path traversal patterns
+        if relative_path.contains("..") {
+            return Err(ExtensionError::SecurityViolation {
+                reason: format!("Path traversal attempt: {}", relative_path),
+            });
+        }
+
+        // Clean the path (same logic as in protocol.rs)
+        let clean_path = relative_path
+            .replace('\\', "/")
+            .trim_start_matches('/')
+            .split('/')
+            .filter(|&part| !part.is_empty() && part != "." && part != "..")
+            .collect::<PathBuf>();
+
+        let full_path = base_dir.join(&clean_path);
+
+        // Check if file/directory exists (if required)
+        if require_exists && !full_path.exists() {
+            return Ok(None);
+        }
+
+        // Verify path is within base directory
+        let canonical_base = base_dir
+            .canonicalize()
+            .map_err(|e| ExtensionError::Filesystem { source: e })?;
+
+        if let Ok(canonical_path) = full_path.canonicalize() {
+            if !canonical_path.starts_with(&canonical_base) {
+                return Err(ExtensionError::SecurityViolation {
+                    reason: format!("Path outside base directory: {}", relative_path),
+                });
+            }
+            Ok(Some(canonical_path))
+        } else {
+            // Path doesn't exist yet - still validate it would be within base
+            if full_path.starts_with(&canonical_base) {
+                Ok(Some(full_path))
+            } else {
+                Err(ExtensionError::SecurityViolation {
+                    reason: format!("Path outside base directory: {}", relative_path),
+                })
+            }
+        }
+    }
+
+    /// Validates icon path and falls back to favicon.ico if not specified
+    fn validate_and_resolve_icon_path(
+        extension_dir: &PathBuf,
+        haextension_dir: &str,
+        icon_path: Option<&str>,
+    ) -> Result<Option<String>, ExtensionError> {
+        // If icon is specified in manifest, validate it
+        if let Some(icon) = icon_path {
+            if let Some(clean_path) = Self::validate_path_in_directory(extension_dir, icon, true)? {
+                return Ok(Some(clean_path.to_string_lossy().to_string()));
+            } else {
+                eprintln!("WARNING: Icon path specified in manifest not found: {}", icon);
+                // Continue to fallback logic
+            }
+        }
+
+        // Fallback 1: Check haextension/favicon.ico
+        let haextension_favicon = format!("{}/favicon.ico", haextension_dir);
+        if let Some(clean_path) = Self::validate_path_in_directory(extension_dir, &haextension_favicon, true)? {
+            return Ok(Some(clean_path.to_string_lossy().to_string()));
+        }
+
+        // Fallback 2: Check public/favicon.ico
+        if let Some(clean_path) = Self::validate_path_in_directory(extension_dir, "public/favicon.ico", true)? {
+            return Ok(Some(clean_path.to_string_lossy().to_string()));
+        }
+
+        // No icon found
+        Ok(None)
+    }
+
     /// Extrahiert eine Extension-ZIP-Datei und validiert das Manifest
     fn extract_and_validate_extension(
         bytes: Vec<u8>,
         temp_prefix: &str,
+        app_handle: &AppHandle,
     ) -> Result<ExtractedExtension, ExtensionError> {
-        let temp = std::env::temp_dir().join(format!("{}_{}", temp_prefix, uuid::Uuid::new_v4()));
+        // Use app_cache_dir for better Android compatibility
+        let cache_dir = app_handle
+            .path()
+            .app_cache_dir()
+            .map_err(|e| ExtensionError::InstallationFailed {
+                reason: format!("Cannot get app cache dir: {}", e),
+            })?;
 
+        let temp_id = uuid::Uuid::new_v4();
+        let temp = cache_dir.join(format!("{}_{}", temp_prefix, temp_id));
+        let zip_file_path = cache_dir.join(format!("{}_{}_{}.haextension", temp_prefix, temp_id, "temp"));
+
+        // Write bytes to a temporary ZIP file first (important for Android file system)
+        fs::write(&zip_file_path, &bytes).map_err(|e| {
+            ExtensionError::filesystem_with_path(zip_file_path.display().to_string(), e)
+        })?;
+
+        // Create extraction directory
         fs::create_dir_all(&temp)
             .map_err(|e| ExtensionError::filesystem_with_path(temp.display().to_string(), e))?;
 
-        let mut archive = ZipArchive::new(Cursor::new(bytes)).map_err(|e| {
+        // Open ZIP file from disk (more reliable on Android than from memory)
+        let zip_file = fs::File::open(&zip_file_path).map_err(|e| {
+            ExtensionError::filesystem_with_path(zip_file_path.display().to_string(), e)
+        })?;
+
+        let mut archive = ZipArchive::new(zip_file).map_err(|e| {
             ExtensionError::InstallationFailed {
                 reason: format!("Invalid ZIP: {}", e),
             }
@@ -88,6 +195,9 @@ impl ExtensionManager {
                 reason: format!("Cannot extract ZIP: {}", e),
             })?;
 
+        // Clean up temporary ZIP file
+        let _ = fs::remove_file(&zip_file_path);
+
         // Read haextension_dir from config if it exists, otherwise use default
         let config_path = temp.join("haextension.config.json");
         let haextension_dir = if config_path.exists() {
@@ -108,42 +218,17 @@ impl ExtensionManager {
                 .unwrap_or("haextension")
                 .to_string();
 
-            // Security: Validate that haextension_dir doesn't contain ".." for path traversal
-            if dir.contains("..") {
-                return Err(ExtensionError::ManifestError {
-                    reason: "Invalid haextension_dir: path traversal with '..' not allowed".to_string(),
-                });
-            }
-
             dir
         } else {
             "haextension".to_string()
         };
 
-        // Build the manifest path
+        // Validate manifest path using helper function
-        let manifest_path = temp.join(&haextension_dir).join("manifest.json");
+        let manifest_relative_path = format!("{}/manifest.json", haextension_dir);
-
+        let manifest_path = Self::validate_path_in_directory(&temp, &manifest_relative_path, true)?
-        // Ensure the resolved path is still within temp directory (safety check against path traversal)
+            .ok_or_else(|| ExtensionError::ManifestError {
-        let canonical_temp = temp.canonicalize()
-            .map_err(|e| ExtensionError::Filesystem { source: e })?;
-
-        // Only check if manifest_path parent exists to avoid errors
-        if let Some(parent) = manifest_path.parent() {
-            if let Ok(canonical_manifest_dir) = parent.canonicalize() {
-                if !canonical_manifest_dir.starts_with(&canonical_temp) {
-                    return Err(ExtensionError::ManifestError {
-                        reason: "Security violation: manifest path outside extension directory".to_string(),
-                    });
-                }
-            }
-        }
-
-        // Check if manifest exists
-        if !manifest_path.exists() {
-            return Err(ExtensionError::ManifestError {
                 reason: format!("manifest.json not found at {}/manifest.json", haextension_dir),
-            });
+            })?;
-        }
 
         let actual_dir = temp.clone();
         let manifest_content =
@@ -151,7 +236,11 @@ impl ExtensionManager {
                 reason: format!("Cannot read manifest: {}", e),
             })?;
 
-        let manifest: ExtensionManifest = serde_json::from_str(&manifest_content)?;
+        let mut manifest: ExtensionManifest = serde_json::from_str(&manifest_content)?;
+
+        // Validate and resolve icon path with fallback logic
+        let validated_icon = Self::validate_and_resolve_icon_path(&actual_dir, &haextension_dir, manifest.icon.as_deref())?;
+        manifest.icon = validated_icon;
 
         let content_hash = ExtensionCrypto::hash_directory(&actual_dir, &manifest_path).map_err(|e| {
             ExtensionError::SignatureVerificationFailed {
@@ -427,9 +516,10 @@ impl ExtensionManager {
 
     pub async fn preview_extension_internal(
         &self,
+        app_handle: &AppHandle,
         file_bytes: Vec<u8>,
     ) -> Result<ExtensionPreview, ExtensionError> {
-        let extracted = Self::extract_and_validate_extension(file_bytes, "haexhub_preview")?;
+        let extracted = Self::extract_and_validate_extension(file_bytes, "haexhub_preview", app_handle)?;
 
         let is_valid_signature = ExtensionCrypto::verify_signature(
             &extracted.manifest.public_key,
@@ -454,7 +544,7 @@ impl ExtensionManager {
         custom_permissions: EditablePermissions,
         state: &State<'_, AppState>,
     ) -> Result<String, ExtensionError> {
-        let extracted = Self::extract_and_validate_extension(file_bytes, "haexhub_ext")?;
+        let extracted = Self::extract_and_validate_extension(file_bytes, "haexhub_ext", &app_handle)?;
 
         // Signatur verifizieren (bei Installation wird ein Fehler geworfen, nicht nur geprüft)
         ExtensionCrypto::verify_signature(
@@ -525,7 +615,7 @@ impl ExtensionManager {
 
             // 1. Extension-Eintrag erstellen mit generierter UUID
             let insert_ext_sql = format!(
-                "INSERT INTO {} (id, name, version, author, entry, icon, public_key, signature, homepage, description, enabled) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
+                "INSERT INTO {} (id, name, version, author, entry, icon, public_key, signature, homepage, description, enabled, single_instance) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)",
                 TABLE_EXTENSIONS
             );
 
@@ -545,6 +635,7 @@ impl ExtensionManager {
                         extracted.manifest.homepage,
                         extracted.manifest.description,
                         true, // enabled
+                        extracted.manifest.single_instance.unwrap_or(false),
                     ],
                 )?;
 
@@ -623,7 +714,7 @@ impl ExtensionManager {
         // Lade alle Daten aus der Datenbank
         let extensions = with_connection(&state.db, |conn| {
             let sql = format!(
-            "SELECT id, name, version, author, entry, icon, public_key, signature, homepage, description, enabled FROM {}",
+            "SELECT id, name, version, author, entry, icon, public_key, signature, homepage, description, enabled, single_instance FROM {}",
             TABLE_EXTENSIONS
         );
             eprintln!("DEBUG: SQL Query before transformation: {}", sql);
@@ -655,13 +746,16 @@ impl ExtensionManager {
                         })?
                         .to_string(),
                     author: row[3].as_str().map(String::from),
-                    entry: row[4].as_str().unwrap_or("index.html").to_string(),
+                    entry: row[4].as_str().map(String::from),
                     icon: row[5].as_str().map(String::from),
                     public_key: row[6].as_str().unwrap_or("").to_string(),
                     signature: row[7].as_str().unwrap_or("").to_string(),
                     permissions: ExtensionPermissions::default(),
                     homepage: row[8].as_str().map(String::from),
                     description: row[9].as_str().map(String::from),
+                    single_instance: row[11]
+                        .as_bool()
+                        .or_else(|| row[11].as_i64().map(|v| v != 0)),
                 };
 
                 let enabled = row[10]
@@ -695,9 +789,10 @@ impl ExtensionManager {
                 &extension_data.manifest.version,
             )?;
 
-            if !extension_path.exists() || !extension_path.join("manifest.json").exists() {
+            // Check if extension directory exists
+            if !extension_path.exists() {
                 eprintln!(
-                    "DEBUG: Extension files missing for: {} at {:?}",
+                    "DEBUG: Extension directory missing for: {} at {:?}",
                     extension_id, extension_path
                 );
                 self.missing_extensions
@@ -714,6 +809,52 @@ impl ExtensionManager {
                 continue;
             }
 
+            // Read haextension_dir from config if it exists, otherwise use default
+            let config_path = extension_path.join("haextension.config.json");
+            let haextension_dir = if config_path.exists() {
+                match std::fs::read_to_string(&config_path) {
+                    Ok(config_content) => {
+                        match serde_json::from_str::<serde_json::Value>(&config_content) {
+                            Ok(config) => {
+                                config
+                                    .get("dev")
+                                    .and_then(|dev| dev.get("haextension_dir"))
+                                    .and_then(|dir| dir.as_str())
+                                    .unwrap_or("haextension")
+                                    .to_string()
+                            }
+                            Err(_) => "haextension".to_string(),
+                        }
+                    }
+                    Err(_) => "haextension".to_string(),
+                }
+            } else {
+                "haextension".to_string()
+            };
+
+            // Validate manifest.json path using helper function
+            let manifest_relative_path = format!("{}/manifest.json", haextension_dir);
+            if Self::validate_path_in_directory(&extension_path, &manifest_relative_path, true)?
+                .is_none()
+            {
+                eprintln!(
+                    "DEBUG: manifest.json missing or invalid for: {} at {}/manifest.json",
+                    extension_id, haextension_dir
+                );
+                self.missing_extensions
+                    .lock()
+                    .map_err(|e| ExtensionError::MutexPoisoned {
+                        reason: e.to_string(),
+                    })?
+                    .push(MissingExtension {
+                        id: extension_id.clone(),
+                        public_key: extension_data.manifest.public_key.clone(),
+                        name: extension_data.manifest.name.clone(),
+                        version: extension_data.manifest.version.clone(),
+                    });
+                continue;
+            }
+
             eprintln!("DEBUG: Extension loaded successfully: {}", extension_id);
 
             let extension = Extension {

src-tauri/src/extension/core/manifest.rs

@@ -57,13 +57,20 @@ pub struct ExtensionManifest {
     pub name: String,
     pub version: String,
     pub author: Option<String>,
-    pub entry: String,
+    #[serde(default = "default_entry_value")]
+    pub entry: Option<String>,
     pub icon: Option<String>,
     pub public_key: String,
     pub signature: String,
     pub permissions: ExtensionPermissions,
     pub homepage: Option<String>,
     pub description: Option<String>,
+    #[serde(default)]
+    pub single_instance: Option<bool>,
+}
+
+fn default_entry_value() -> Option<String> {
+    Some("index.html".to_string())
 }
 
 impl ExtensionManifest {
@@ -172,6 +179,8 @@ pub struct ExtensionInfoResponse {
     pub description: Option<String>,
     pub homepage: Option<String>,
     pub icon: Option<String>,
+    pub entry: Option<String>,
+    pub single_instance: Option<bool>,
     #[serde(skip_serializing_if = "Option::is_none")]
     pub dev_server_url: Option<String>,
 }
@@ -197,6 +206,8 @@ impl ExtensionInfoResponse {
             description: extension.manifest.description.clone(),
             homepage: extension.manifest.homepage.clone(),
             icon: extension.manifest.icon.clone(),
+            entry: extension.manifest.entry.clone(),
+            single_instance: extension.manifest.single_instance,
             dev_server_url,
         })
     }

src-tauri/src/extension/crypto.rs

@@ -48,7 +48,9 @@ impl ExtensionCrypto {
                 let relative = path.strip_prefix(dir)
                     .unwrap_or(&path)
                     .to_string_lossy()
-                    .to_string();
+                    .to_string()
+                    // Normalisiere Pfad-Separatoren zu Unix-Style (/) für plattformübergreifende Konsistenz
+                    .replace('\\', "/");
                 (relative, path)
             })
             .collect();
@@ -56,16 +58,30 @@ impl ExtensionCrypto {
         // 3. Sortiere nach relativen Pfaden
         relative_files.sort_by(|a, b| a.0.cmp(&b.0));
 
-        println!("=== Files to hash ({}): ===", relative_files.len());
-        for (rel, _) in &relative_files {
-            println!("  - {}", rel);
-        }
-
         let mut hasher = Sha256::new();
 
+        // Canonicalize manifest path for comparison (important on Android where symlinks may differ)
+        // Also ensure the canonical path is still within the allowed directory (security check)
+        let canonical_manifest_path = manifest_path.canonicalize()
+            .unwrap_or_else(|_| manifest_path.to_path_buf());
+
+        // Security: Verify canonical manifest path is still within dir
+        let canonical_dir = dir.canonicalize()
+            .unwrap_or_else(|_| dir.to_path_buf());
+
+        if !canonical_manifest_path.starts_with(&canonical_dir) {
+            return Err(ExtensionError::ManifestError {
+                reason: format!("Manifest path resolves outside of extension directory (potential path traversal)"),
+            });
+        }
+
         // 4. Inhalte der sortierten Dateien hashen
         for (_relative, file_path) in relative_files {
-            if file_path == manifest_path {
+            // Canonicalize file_path for comparison
+            let canonical_file_path = file_path.canonicalize()
+                .unwrap_or_else(|_| file_path.clone());
+
+            if canonical_file_path == canonical_manifest_path {
                 // FÜR DIE MANIFEST.JSON:
                 let content_str = fs::read_to_string(&file_path)
                     .map_err(|e| ExtensionError::Filesystem { source: e })?;
@@ -94,8 +110,12 @@ impl ExtensionCrypto {
                             reason: format!("Failed to serialize manifest: {}", e),
                         }
                     })?;
-                println!("canonical_manifest_content: {}", canonical_manifest_content);
+
-                hasher.update(canonical_manifest_content.as_bytes());
+                // Normalisiere Zeilenenden zu Unix-Style (\n), wie Node.js JSON.stringify es macht
+                // Dies ist wichtig für plattformübergreifende Konsistenz (Desktop vs Android)
+                let normalized_content = canonical_manifest_content.replace("\r\n", "\n");
+
+                hasher.update(normalized_content.as_bytes());
             } else {
                 // FÜR ALLE ANDEREN DATEIEN:
                 let content =

src-tauri/src/extension/database/executor.rs

@@ -64,7 +64,13 @@ impl SqlExecutor {
 
         // Trigger-Logik für CREATE TABLE
         if let Statement::CreateTable(create_table_details) = statement {
-            let table_name_str = create_table_details.name.to_string();
+            let raw_name = create_table_details.name.to_string();
+            // Remove quotes from table name
+            let table_name_str = raw_name
+                .trim_matches('"')
+                .trim_matches('`')
+                .to_string();
+            eprintln!("DEBUG: Setting up triggers for table: {}", table_name_str);
             trigger::setup_triggers_for_table(tx, &table_name_str, false)?;
         }
 
@@ -158,7 +164,13 @@ impl SqlExecutor {
 
         // Trigger-Logik für CREATE TABLE
         if let Statement::CreateTable(create_table_details) = statement {
-            let table_name_str = create_table_details.name.to_string();
+            let raw_name = create_table_details.name.to_string();
+            // Remove quotes from table name
+            let table_name_str = raw_name
+                .trim_matches('"')
+                .trim_matches('`')
+                .to_string();
+            eprintln!("DEBUG: Setting up triggers for table (RETURNING): {}", table_name_str);
             trigger::setup_triggers_for_table(tx, &table_name_str, false)?;
         }
 

src-tauri/src/extension/database/mod.rs

@@ -5,6 +5,7 @@ use crate::crdt::transformer::CrdtTransformer;
 use crate::crdt::trigger;
 use crate::database::core::{parse_sql_statements, with_connection, ValueConverter};
 use crate::database::error::DatabaseError;
+use crate::extension::database::executor::SqlExecutor;
 use crate::extension::error::ExtensionError;
 use crate::extension::permissions::validator::SqlPermissionValidator;
 use crate::AppState;
@@ -110,7 +111,7 @@ pub async fn extension_sql_execute(
     public_key: String,
     name: String,
     state: State<'_, AppState>,
-) -> Result<Vec<String>, ExtensionError> {
+) -> Result<Vec<Vec<JsonValue>>, ExtensionError> {
     // Get extension to retrieve its ID
     let extension = state
         .extension_manager
@@ -129,42 +130,72 @@ pub async fn extension_sql_execute(
     // SQL parsing
     let mut ast_vec = parse_sql_statements(sql)?;
 
+    if ast_vec.len() != 1 {
+        return Err(ExtensionError::Database {
+            source: DatabaseError::ExecutionError {
+                sql: sql.to_string(),
+                reason: "extension_sql_execute should only receive a single SQL statement"
+                    .to_string(),
+                table: None,
+            },
+        });
+    }
+
+    let mut statement = ast_vec.pop().unwrap();
+
+    // Check if statement has RETURNING clause
+    let has_returning = crate::database::core::statement_has_returning(&statement);
+
     // Database operation
     with_connection(&state.db, |conn| {
         let tx = conn.transaction().map_err(DatabaseError::from)?;
 
         let transformer = CrdtTransformer::new();
-        let executor = StatementExecutor::new(&tx);
+
+        // Get HLC service reference
+        let hlc_service = state.hlc.lock().map_err(|_| DatabaseError::MutexPoisoned {
+            reason: "Failed to lock HLC service".to_string(),
+        })?;
 
         // Generate HLC timestamp
-        let hlc_timestamp = state
+        let hlc_timestamp = hlc_service
-            .hlc
-            .lock()
-            .unwrap()
             .new_timestamp_and_persist(&tx)
             .map_err(|e| DatabaseError::HlcError {
                 reason: e.to_string(),
             })?;
 
-        // Transform statements
+        // Transform statement
-        let mut modified_schema_tables = HashSet::new();
+        transformer.transform_execute_statement(&mut statement, &hlc_timestamp)?;
-        for statement in &mut ast_vec {
-            if let Some(table_name) =
-                transformer.transform_execute_statement(statement, &hlc_timestamp)?
-            {
-                modified_schema_tables.insert(table_name);
-            }
-        }
 
-        // Convert parameters
+        // Convert parameters to references
         let sql_values = ValueConverter::convert_params(&params)?;
+        let param_refs: Vec<&dyn rusqlite::ToSql> = sql_values.iter().map(|v| v as &dyn rusqlite::ToSql).collect();
 
-        // Execute statements
+        let result = if has_returning {
-        for statement in ast_vec {
+            // Use query_internal for statements with RETURNING
-            executor.execute_statement_with_params(&statement, &sql_values)?;
+            let (_, rows) = SqlExecutor::query_internal_typed(&tx, &hlc_service, &statement.to_string(), &param_refs)?;
+            rows
+        } else {
+            // Use execute_internal for statements without RETURNING
+            SqlExecutor::execute_internal_typed(&tx, &hlc_service, &statement.to_string(), &param_refs)?;
+            vec![]
+        };
+
+        // Handle CREATE TABLE trigger setup
+        if let Statement::CreateTable(ref create_table_details) = statement {
+            // Extract table name and remove quotes (both " and `)
+            let raw_name = create_table_details.name.to_string();
+            println!("DEBUG: Raw table name from AST: {:?}", raw_name);
+            println!("DEBUG: Raw table name chars: {:?}", raw_name.chars().collect::<Vec<_>>());
+
+            let table_name_str = raw_name
+                .trim_matches('"')
+                .trim_matches('`')
+                .to_string();
+
+            println!("DEBUG: Cleaned table name: {:?}", table_name_str);
+            println!("DEBUG: Cleaned table name chars: {:?}", table_name_str.chars().collect::<Vec<_>>());
 
-            if let Statement::CreateTable(create_table_details) = statement {
-                let table_name_str = create_table_details.name.to_string();
             println!(
                 "Table '{}' created by extension, setting up CRDT triggers...",
                 table_name_str
@@ -175,12 +206,11 @@ pub async fn extension_sql_execute(
                 table_name_str
             );
         }
-        }
 
         // Commit transaction
         tx.commit().map_err(DatabaseError::from)?;
 
-        Ok(modified_schema_tables.into_iter().collect())
+        Ok(result)
     })
     .map_err(ExtensionError::from)
 }
@@ -192,7 +222,7 @@ pub async fn extension_sql_select(
     public_key: String,
     name: String,
     state: State<'_, AppState>,
-) -> Result<Vec<JsonValue>, ExtensionError> {
+) -> Result<Vec<Vec<JsonValue>>, ExtensionError> {
     // Get extension to retrieve its ID
     let extension = state
         .extension_manager
@@ -229,10 +259,9 @@ pub async fn extension_sql_select(
         }
     }
 
-    // Database operation
+    // Database operation - return Vec<Vec<JsonValue>> like sql_select_with_crdt
     with_connection(&state.db, |conn| {
         let sql_params = ValueConverter::convert_params(&params)?;
-        // Hard Delete: Keine SELECT-Transformation mehr nötig
         let stmt_to_execute = ast_vec.pop().unwrap();
         let transformed_sql = stmt_to_execute.to_string();
 
@@ -245,51 +274,34 @@ pub async fn extension_sql_select(
                     table: None,
                 })?;
 
-        let column_names: Vec<String> = prepared_stmt
+        let num_columns = prepared_stmt.column_count();
-            .column_names()
+        let mut rows = prepared_stmt
-            .into_iter()
+            .query(params_from_iter(sql_params.iter()))
-            .map(|s| s.to_string())
-            .collect();
-
-        let rows = prepared_stmt
-            .query_map(params_from_iter(sql_params.iter()), |row| {
-                row_to_json_value(row, &column_names)
-            })
             .map_err(|e| DatabaseError::QueryError {
                 reason: e.to_string(),
             })?;
 
-        let mut results = Vec::new();
+        let mut result_vec: Vec<Vec<JsonValue>> = Vec::new();
-        for row_result in rows {
+
-            results.push(row_result.map_err(|e| DatabaseError::RowProcessingError {
+        while let Some(row) = rows.next().map_err(|e| DatabaseError::QueryError {
             reason: e.to_string(),
-            })?);
+        })? {
+            let mut row_values: Vec<JsonValue> = Vec::new();
+            for i in 0..num_columns {
+                let value_ref = row.get_ref(i).map_err(|e| DatabaseError::QueryError {
+                    reason: e.to_string(),
+                })?;
+                let json_value = crate::database::core::convert_value_ref_to_json(value_ref)?;
+                row_values.push(json_value);
+            }
+            result_vec.push(row_values);
         }
 
-        Ok(results)
+        Ok(result_vec)
     })
     .map_err(ExtensionError::from)
 }
 
-/// Konvertiert eine SQLite-Zeile zu JSON
-fn row_to_json_value(
-    row: &rusqlite::Row,
-    columns: &[String],
-) -> Result<JsonValue, rusqlite::Error> {
-    let mut map = serde_json::Map::new();
-    for (i, col_name) in columns.iter().enumerate() {
-        let value = row.get::<usize, rusqlite::types::Value>(i)?;
-        let json_value = match value {
-            rusqlite::types::Value::Null => JsonValue::Null,
-            rusqlite::types::Value::Integer(i) => json!(i),
-            rusqlite::types::Value::Real(f) => json!(f),
-            rusqlite::types::Value::Text(s) => json!(s),
-            rusqlite::types::Value::Blob(blob) => json!(blob.to_vec()),
-        };
-        map.insert(col_name.clone(), json_value);
-    }
-    Ok(JsonValue::Object(map))
-}
 
 /// Validiert Parameter gegen SQL-Platzhalter
 fn validate_params(sql: &str, params: &[JsonValue]) -> Result<(), DatabaseError> {

src-tauri/src/extension/mod.rs

@@ -1,7 +1,7 @@
 /// src-tauri/src/extension/mod.rs
 use crate::{
     extension::{
-        core::{EditablePermissions, ExtensionInfoResponse, ExtensionPreview},
+        core::{manager::ExtensionManager, EditablePermissions, ExtensionInfoResponse, ExtensionPreview},
         error::ExtensionError,
     },
     AppState,
@@ -37,7 +37,7 @@ pub async fn get_all_extensions(
     state: State<'_, AppState>,
 ) -> Result<Vec<ExtensionInfoResponse>, String> {
     // Check if extensions are loaded, if not load them first
-    let needs_loading = {
+    /*  let needs_loading = {
         let prod_exts = state
             .extension_manager
             .production_extensions
@@ -45,15 +45,15 @@ pub async fn get_all_extensions(
             .unwrap();
         let dev_exts = state.extension_manager.dev_extensions.lock().unwrap();
         prod_exts.is_empty() && dev_exts.is_empty()
-    };
+    }; */
 
-    if needs_loading {
+    /* if needs_loading { */
     state
         .extension_manager
         .load_installed_extensions(&app_handle, &state)
         .await
         .map_err(|e| format!("Failed to load extensions: {:?}", e))?;
-    }
+    /* } */
 
     let mut extensions = Vec::new();
 
@@ -82,12 +82,13 @@ pub async fn get_all_extensions(
 
 #[tauri::command]
 pub async fn preview_extension(
+    app_handle: AppHandle,
     state: State<'_, AppState>,
     file_bytes: Vec<u8>,
 ) -> Result<ExtensionPreview, ExtensionError> {
     state
         .extension_manager
-        .preview_extension_internal(file_bytes)
+        .preview_extension_internal(&app_handle, file_bytes)
         .await
 }
 
@@ -193,13 +194,7 @@ pub async fn remove_extension(
 ) -> Result<(), ExtensionError> {
     state
         .extension_manager
-        .remove_extension_internal(
+        .remove_extension_internal(&app_handle, &public_key, &name, &version, &state)
-            &app_handle,
-            &public_key,
-            &name,
-            &version,
-            &state,
-        )
         .await
 }
 
@@ -259,8 +254,8 @@ fn default_haextension_dir() -> String {
 
 /// Check if a dev server is reachable by making a simple HTTP request
 async fn check_dev_server_health(url: &str) -> bool {
-    use tauri_plugin_http::reqwest;
     use std::time::Duration;
+    use tauri_plugin_http::reqwest;
 
     // Try to connect with a short timeout
     let client = reqwest::Client::builder()
@@ -295,16 +290,14 @@ pub async fn load_dev_extension(
     // 1. Read haextension.config.json to get dev server config and haextension directory
     let config_path = extension_path_buf.join("haextension.config.json");
     let (host, port, haextension_dir) = if config_path.exists() {
-        let config_content = std::fs::read_to_string(&config_path).map_err(|e| {
+        let config_content =
-            ExtensionError::ValidationError {
+            std::fs::read_to_string(&config_path).map_err(|e| ExtensionError::ValidationError {
                 reason: format!("Failed to read haextension.config.json: {}", e),
-            }
             })?;
 
-        let config: HaextensionConfig = serde_json::from_str(&config_content).map_err(|e| {
+        let config: HaextensionConfig =
-            ExtensionError::ValidationError {
+            serde_json::from_str(&config_content).map_err(|e| ExtensionError::ValidationError {
                 reason: format!("Failed to parse haextension.config.json: {}", e),
-            }
             })?;
 
         (config.dev.host, config.dev.port, config.dev.haextension_dir)
@@ -328,35 +321,30 @@ pub async fn load_dev_extension(
     }
     eprintln!("✅ Dev server is reachable");
 
-    // 2. Build path to manifest: <extension_path>/<haextension_dir>/manifest.json
+    // 2. Validate and build path to manifest: <extension_path>/<haextension_dir>/manifest.json
-    let manifest_path = extension_path_buf.join(&haextension_dir).join("manifest.json");
+    let manifest_relative_path = format!("{}/manifest.json", haextension_dir);
-
+    let manifest_path = ExtensionManager::validate_path_in_directory(
-    // Check if manifest exists
+        &extension_path_buf,
-    if !manifest_path.exists() {
+        &manifest_relative_path,
-        return Err(ExtensionError::ManifestError {
+        true,
+    )?
+    .ok_or_else(|| ExtensionError::ManifestError {
         reason: format!(
-                "Manifest not found at: {}. Make sure you run 'npx @haexhub/sdk init' first.",
+            "Manifest not found at: {}/manifest.json. Make sure you run 'npx @haexhub/sdk init' first.",
-                manifest_path.display()
+            haextension_dir
         ),
-        });
+    })?;
-    }
 
     // 3. Read and parse manifest
-    let manifest_content = std::fs::read_to_string(&manifest_path).map_err(|e| {
+    let manifest_content =
-        ExtensionError::ManifestError {
+        std::fs::read_to_string(&manifest_path).map_err(|e| ExtensionError::ManifestError {
             reason: format!("Failed to read manifest: {}", e),
-        }
         })?;
 
     let manifest: ExtensionManifest = serde_json::from_str(&manifest_content)?;
 
-    // 4. Generate a unique ID for dev extension: dev_<public_key_first_8>_<name>
+    // 4. Generate a unique ID for dev extension: dev_<public_key>_<name>
-    let key_prefix = manifest
+    let extension_id = format!("dev_{}_{}", manifest.public_key, manifest.name);
-        .public_key
-        .chars()
-        .take(8)
-        .collect::<String>();
-    let extension_id = format!("dev_{}_{}", key_prefix, manifest.name);
 
     // 5. Check if dev extension already exists (allow reload)
     if let Some(existing) = state
@@ -404,12 +392,10 @@ pub fn remove_dev_extension(
     state: State<'_, AppState>,
 ) -> Result<(), ExtensionError> {
     // Only remove from dev_extensions, not production_extensions
-    let mut dev_exts = state
+    let mut dev_exts = state.extension_manager.dev_extensions.lock().map_err(|e| {
-        .extension_manager
+        ExtensionError::MutexPoisoned {
-        .dev_extensions
-        .lock()
-        .map_err(|e| ExtensionError::MutexPoisoned {
             reason: e.to_string(),
+        }
     })?;
 
     // Find and remove by public_key and name
@@ -423,10 +409,7 @@ pub fn remove_dev_extension(
         eprintln!("✅ Dev extension removed: {}", name);
         Ok(())
     } else {
-        Err(ExtensionError::NotFound {
+        Err(ExtensionError::NotFound { public_key, name })
-            public_key,
-            name,
-        })
     }
 }
 

src-tauri/src/extension/permissions/manager.rs

@@ -197,6 +197,30 @@ impl PermissionManager {
         action: Action,
         table_name: &str,
     ) -> Result<(), ExtensionError> {
+        // Remove quotes from table name if present (from SDK's getTableName())
+        let clean_table_name = table_name.trim_matches('"');
+
+        // Auto-allow: Extensions have full access to their own tables
+        // Table format: {publicKey}__{extensionName}__{tableName}
+        // Extension ID format: dev_{publicKey}_{extensionName} or {publicKey}_{extensionName}
+
+        // Get the extension to check if this is its own table
+        let extension = app_state
+            .extension_manager
+            .get_extension(extension_id)
+            .ok_or_else(|| ExtensionError::ValidationError {
+                reason: format!("Extension with ID {} not found", extension_id),
+            })?;
+
+        // Build expected table prefix: {publicKey}__{extensionName}__
+        let expected_prefix = format!("{}__{}__", extension.manifest.public_key, extension.manifest.name);
+
+        if clean_table_name.starts_with(&expected_prefix) {
+            // This is the extension's own table - auto-allow
+            return Ok(());
+        }
+
+        // Not own table - check explicit permissions
         let permissions = Self::get_permissions(app_state, extension_id).await?;
 
         let has_permission = permissions
@@ -205,7 +229,7 @@ impl PermissionManager {
             .filter(|perm| perm.resource_type == ResourceType::Db)
             .filter(|perm| perm.action == action) // action ist nicht mehr Option
             .any(|perm| {
-                if perm.target != "*" && perm.target != table_name {
+                if perm.target != "*" && perm.target != clean_table_name {
                     return false;
                 }
                 true

src-tauri/src/lib.rs

@@ -68,6 +68,7 @@ pub fn run() {
         .invoke_handler(tauri::generate_handler![
             database::create_encrypted_database,
             database::delete_vault,
+            database::move_vault_to_trash,
             database::list_vaults,
             database::open_encrypted_database,
             database::sql_execute_with_crdt,

src-tauri/tauri.conf.json

@@ -1,7 +1,7 @@
 {
   "$schema": "https://schema.tauri.app/config/2",
   "productName": "haex-hub",
-  "version": "0.1.0",
+  "version": "0.1.3",
   "identifier": "space.haex.hub",
   "build": {
     "beforeDevCommand": "pnpm dev",
@@ -25,7 +25,8 @@
           "'self'",
           "http://tauri.localhost",
           "haex-extension:",
-          "'wasm-unsafe-eval'"
+          "'wasm-unsafe-eval'",
+          "'unsafe-inline'"
         ],
         "style-src": [
           "'self'",

src/app.config.ts

@@ -3,6 +3,8 @@ export default defineAppConfig({
     colors: {
       primary: 'sky',
       secondary: 'fuchsia',
+      warning: 'yellow',
+      danger: 'red',
     },
   },
 })

src/app.vue

@@ -1,9 +1,7 @@
 <template>
   <UApp :locale="locales[locale]">
     <div data-vaul-drawer-wrapper>
-      <NuxtLayout>
       <NuxtPage />
-      </NuxtLayout>
     </div>
   </UApp>
 </template>

src/assets/css/main.css

@@ -13,6 +13,46 @@
   [disabled] {
     @apply cursor-not-allowed;
   }
+
+  /* Define safe-area-insets as CSS custom properties for JavaScript access */
+  :root {
+    --safe-area-inset-top: env(safe-area-inset-top, 0px);
+    --safe-area-inset-bottom: env(safe-area-inset-bottom, 0px);
+    --safe-area-inset-left: env(safe-area-inset-left, 0px);
+    --safe-area-inset-right: env(safe-area-inset-right, 0px);
+  }
+
+  /* Verhindere Scrolling auf html und body */
+  html {
+    overflow: hidden;
+    margin: 0;
+    padding: 0;
+    height: 100dvh;
+    height: 100vh; /* Fallback */
+    width: 100%;
+  }
+
+  body {
+    overflow: hidden;
+    margin: 0;
+    height: 100%;
+    width: 100%;
+    padding: 0;
+  }
+
+  #__nuxt {
+    /* Volle Höhe des body */
+    height: 100%;
+    width: 100%;
+
+    /* Safe-Area Paddings auf root element - damit ALLES davon profitiert */
+    padding-top: var(--safe-area-inset-top);
+    padding-bottom: var(--safe-area-inset-bottom);
+    padding-left: var(--safe-area-inset-left);
+    padding-right: var(--safe-area-inset-right);
+
+    box-sizing: border-box;
+  }
 }
 
 @theme {

src/components/haex/debug/overlay.vue

@@ -0,0 +1,61 @@
+<template>
+  <div
+    v-if="data"
+    class="fixed top-2 right-2 bg-black/90 text-white text-xs p-3 rounded-lg shadow-2xl max-w-sm z-[9999] backdrop-blur-sm"
+  >
+    <div class="flex justify-between items-start gap-3 mb-2">
+      <span class="font-bold text-sm">{{ title }}</span>
+      <div class="flex gap-1">
+        <button
+          class="bg-white/20 hover:bg-white/30 px-2 py-1 rounded text-xs transition-colors"
+          @click="copyToClipboardAsync"
+        >
+          Copy
+        </button>
+        <button
+          v-if="dismissible"
+          class="bg-white/20 hover:bg-white/30 px-2 py-1 rounded text-xs transition-colors"
+          @click="handleDismiss"
+        >
+          ✕
+        </button>
+      </div>
+    </div>
+    <pre class="text-xs whitespace-pre-wrap font-mono overflow-auto max-h-96">{{ formattedData }}</pre>
+  </div>
+</template>
+
+<script setup lang="ts">
+const props = withDefaults(
+  defineProps<{
+    data: Record<string, any> | null
+    title?: string
+    dismissible?: boolean
+  }>(),
+  {
+    title: 'Debug Info',
+    dismissible: false,
+  },
+)
+
+const emit = defineEmits<{
+  dismiss: []
+}>()
+
+const formattedData = computed(() => {
+  if (!props.data) return ''
+  return JSON.stringify(props.data, null, 2)
+})
+
+const copyToClipboardAsync = async () => {
+  try {
+    await navigator.clipboard.writeText(formattedData.value)
+  } catch (err) {
+    console.error('Failed to copy debug info:', err)
+  }
+}
+
+const handleDismiss = () => {
+  emit('dismiss')
+}
+</script>

src/components/haex/desktop/index.vue

@@ -1,7 +1,7 @@
 <template>
   <div
     ref="desktopEl"
-    class="w-full h-full relative overflow-hidden isolate"
+    class="absolute inset-0 overflow-hidden"
   >
     <Swiper
       :modules="[SwiperNavigation]"
@@ -13,7 +13,7 @@
       :no-swiping="true"
       no-swiping-class="no-swipe"
       :allow-touch-move="allowSwipe"
-      class="w-full h-full"
+      class="h-full w-full"
       direction="vertical"
       @swiper="onSwiperInit"
       @slide-change="onSlideChange"
@@ -24,7 +24,7 @@
         class="w-full h-full"
       >
         <div
-          class="w-full h-full relative isolate"
+          class="w-full h-full relative"
           @click.self.stop="handleDesktopClick"
           @mousedown.left.self="handleAreaSelectStart"
           @dragover.prevent="handleDragOver"
@@ -41,18 +41,16 @@
           />
 
           <!-- Snap Dropzones (only visible when window drag near edge) -->
-          <Transition name="fade">
+
           <div
-              v-if="showLeftSnapZone"
+            class="absolute left-0 top-0 bottom-0 border-blue-500 pointer-events-none backdrop-blur-sm z-50 transition-all duration-500 ease-in-out"
-              class="absolute left-0 top-0 bottom-0 w-1/2 bg-blue-500/20 border-2 border-blue-500 pointer-events-none backdrop-blur-sm z-40"
+            :class="showLeftSnapZone ? 'w-1/2 bg-blue-500/20 border-2' : 'w-0'"
           />
-          </Transition>
+
-          <Transition name="fade">
           <div
-              v-if="showRightSnapZone"
+            class="absolute right-0 top-0 bottom-0 border-blue-500 pointer-events-none backdrop-blur-sm z-50 transition-all duration-500 ease-in-out"
-              class="absolute right-0 top-0 bottom-0 w-1/2 bg-blue-500/20 border-2 border-blue-500 pointer-events-none backdrop-blur-sm z-40"
+            :class="showRightSnapZone ? 'w-1/2 bg-blue-500/20 border-2' : 'w-0'"
           />
-          </Transition>
 
           <!-- Area Selection Box -->
           <div
@@ -85,7 +83,10 @@
           >
             <!-- Overview Mode: Teleport to window preview -->
             <Teleport
-              v-if="windowManager.showWindowOverview && overviewWindowState.has(window.id)"
+              v-if="
+                windowManager.showWindowOverview &&
+                overviewWindowState.has(window.id)
+              "
               :to="`#window-preview-${window.id}`"
             >
               <div
@@ -114,6 +115,14 @@
                   :source-height="window.sourceHeight"
                   :is-opening="window.isOpening"
                   :is-closing="window.isClosing"
+                  :warning-level="
+                    window.type === 'extension' &&
+                    availableExtensions.find(
+                      (ext) => ext.id === window.sourceId,
+                    )?.devServerUrl
+                      ? 'warning'
+                      : undefined
+                  "
                   class="no-swipe"
                   @close="windowManager.closeWindow(window.id)"
                   @minimize="windowManager.minimizeWindow(window.id)"
@@ -163,6 +172,13 @@
               :source-height="window.sourceHeight"
               :is-opening="window.isOpening"
               :is-closing="window.isClosing"
+              :warning-level="
+                window.type === 'extension' &&
+                availableExtensions.find((ext) => ext.id === window.sourceId)
+                  ?.devServerUrl
+                  ? 'warning'
+                  : undefined
+              "
               class="no-swipe"
               @close="windowManager.closeWindow(window.id)"
               @minimize="windowManager.minimizeWindow(window.id)"
@@ -197,52 +213,6 @@
 
     <!-- Window Overview Modal -->
     <HaexWindowOverview />
-
-    <!-- Workspace Drawer -->
-    <UDrawer
-      v-model:open="isOverviewMode"
-      direction="left"
-      :dismissible="false"
-      :overlay="false"
-      :modal="false"
-      title="Workspaces"
-      description="Workspaces"
-    >
-      <template #content>
-        <div class="p-6 h-full overflow-y-auto">
-          <UButton
-            block
-            trailing-icon="mdi-close"
-            class="text-2xl font-bold ext-gray-900 dark:text-white mb-4"
-            @click="isOverviewMode = false"
-          >
-            Workspaces
-          </UButton>
-
-          <!-- Workspace Cards -->
-          <div class="flex flex-col gap-3">
-            <HaexWorkspaceCard
-              v-for="workspace in workspaces"
-              :key="workspace.id"
-              :workspace
-            />
-          </div>
-
-          <!-- Add New Workspace Button -->
-          <UButton
-            block
-            variant="outline"
-            class="mt-6"
-            @click="handleAddWorkspace"
-          >
-            <template #leading>
-              <UIcon name="i-heroicons-plus" />
-            </template>
-            New Workspace
-          </UButton>
-        </div>
-      </template>
-    </UDrawer>
   </div>
 </template>
 
@@ -330,9 +300,9 @@ const getWorkspaceIcons = (workspaceId: string) => {
     .filter((item) => item.workspaceId === workspaceId)
     .map((item) => {
       if (item.itemType === 'system') {
-        const systemWindow = windowManager.getAllSystemWindows().find(
+        const systemWindow = windowManager
-          (win) => win.id === item.referenceId,
+          .getAllSystemWindows()
-        )
+          .find((win) => win.id === item.referenceId)
 
         return {
           ...item,
@@ -346,6 +316,7 @@ const getWorkspaceIcons = (workspaceId: string) => {
           (ext) => ext.id === item.referenceId,
         )
 
+        console.log('found ext', extension)
         return {
           ...item,
           label: extension?.name || 'Unknown',
@@ -429,7 +400,9 @@ const handleDragOver = (event: DragEvent) => {
 const handleDrop = async (event: DragEvent, workspaceId: string) => {
   if (!event.dataTransfer) return
 
-  const launcherItemData = event.dataTransfer.getData('application/haex-launcher-item')
+  const launcherItemData = event.dataTransfer.getData(
+    'application/haex-launcher-item',
+  )
   if (!launcherItemData) return
 
   try {
@@ -441,7 +414,9 @@ const handleDrop = async (event: DragEvent, workspaceId: string) => {
     }
 
     // Get drop position relative to desktop
-    const desktopRect = (event.currentTarget as HTMLElement).getBoundingClientRect()
+    const desktopRect = (
+      event.currentTarget as HTMLElement
+    ).getBoundingClientRect()
     const x = Math.max(0, event.clientX - desktopRect.left - 32) // Center icon (64px / 2)
     const y = Math.max(0, event.clientY - desktopRect.top - 32)
 
@@ -451,7 +426,7 @@ const handleDrop = async (event: DragEvent, workspaceId: string) => {
       item.id,
       x,
       y,
-      workspaceId
+      workspaceId,
     )
   } catch (error) {
     console.error('Failed to create desktop icon:', error)
@@ -486,6 +461,34 @@ const handleWindowDragStart = (windowId: string) => {
 
 const handleWindowDragEnd = async () => {
   console.log('[Desktop] handleWindowDragEnd')
+
+  // Check if window should snap to left or right
+  const draggingWindowId = windowManager.draggingWindowId
+
+  if (draggingWindowId) {
+    if (showLeftSnapZone.value) {
+      // Snap to left half
+      windowManager.updateWindowPosition(draggingWindowId, 0, 0)
+      windowManager.updateWindowSize(
+        draggingWindowId,
+        viewportWidth.value / 2,
+        viewportHeight.value,
+      )
+    } else if (showRightSnapZone.value) {
+      // Snap to right half
+      windowManager.updateWindowPosition(
+        draggingWindowId,
+        viewportWidth.value / 2,
+        0,
+      )
+      windowManager.updateWindowSize(
+        draggingWindowId,
+        viewportWidth.value / 2,
+        viewportHeight.value,
+      )
+    }
+  }
+
   isWindowDragging.value = false
   windowManager.draggingWindowId = null // Clear from store
   allowSwipe.value = true // Re-enable Swiper after drag
@@ -565,17 +568,6 @@ const onSlideChange = (swiper: SwiperType) => {
   )
 }
 
-// Workspace control handlers
-const handleAddWorkspace = async () => {
-  await workspaceStore.addWorkspaceAsync()
-  // Swiper will auto-slide to new workspace because we switch in addWorkspaceAsync
-  nextTick(() => {
-    if (swiperInstance.value) {
-      swiperInstance.value.slideTo(workspaces.value.length - 1)
-    }
-  })
-}
-
 /* const handleRemoveWorkspace = async () => {
   if (!currentWorkspace.value || workspaces.value.length <= 1) return
 
@@ -611,7 +603,10 @@ const MAX_PREVIEW_HEIGHT = 450 // 50% increase from 300
 
 // Store window state for overview (position only, size stays original)
 const overviewWindowState = ref(
-  new Map<string, { x: number; y: number; width: number; height: number; scale: number }>(),
+  new Map<
+    string,
+    { x: number; y: number; width: number; height: number; scale: number }
+  >(),
 )
 
 // Calculate scale and card dimensions for each window
@@ -635,7 +630,10 @@ watch(
             finalScale = MIN_PREVIEW_WIDTH / window.width
           }
           if (scaledHeight < MIN_PREVIEW_HEIGHT) {
-            finalScale = Math.max(finalScale, MIN_PREVIEW_HEIGHT / window.height)
+            finalScale = Math.max(
+              finalScale,
+              MIN_PREVIEW_HEIGHT / window.height,
+            )
           }
 
           overviewWindowState.value.set(window.id, {

src/components/haex/extension/card.vue

@@ -89,7 +89,11 @@ const removeExtensionAsync = async () => {
   }
 
   try {
-    await extensionStore.removeExtensionAsync(extension.id, extension.version)
+    await extensionStore.removeExtensionAsync(
+      extension.publicKey,
+      extension.name,
+      extension.version,
+    )
     await extensionStore.loadExtensionsAsync()
 
     add({

src/components/haex/extension/dialog/install.vue

@@ -15,7 +15,7 @@
           <div class="flex items-start gap-4">
             <div
               v-if="preview?.manifest.icon"
-              class="w-16 h-16 flex-shrink-0"
+              class="w-16 h-16 shrink-0"
             >
               <UIcon
                 :name="preview.manifest.icon"
@@ -184,7 +184,6 @@ const shellPermissions = computed({
   },
 })
 
-
 const permissionAccordionItems = computed(() => {
   const items = []
 

src/components/haex/extension/launcher.vue

@@ -1,5 +1,13 @@
 <template>
-  <UPopover v-model:open="open">
+  <UDrawer
+    v-model:open="open"
+    direction="right"
+    :title="t('launcher.title')"
+    :description="t('launcher.description')"
+    :ui="{
+      content: 'w-dvw max-w-md sm:max-w-fit',
+    }"
+  >
     <UButton
       icon="material-symbols:apps"
       color="neutral"
@@ -9,7 +17,8 @@
     />
 
     <template #content>
-      <ul class="p-4 max-h-96 grid grid-cols-3 gap-2 overflow-scroll">
+      <div class="p-4 h-full overflow-y-auto">
+        <div class="flex flex-wrap">
           <!-- All launcher items (system windows + enabled extensions, alphabetically sorted) -->
           <UContextMenu
             v-for="item in launcherItems"
@@ -52,12 +61,31 @@
             :label="extension.name"
             :tooltip="`${extension.name} (${t('disabled')})`"
           />
-      </ul>
+        </div>
+      </div>
     </template>
-  </UPopover>
+  </UDrawer>
+
+  <!-- Uninstall Confirmation Dialog -->
+  <UiDialogConfirm
+    v-model:open="showUninstallDialog"
+    :title="t('uninstall.confirm.title')"
+    :description="
+      t('uninstall.confirm.description', {
+        name: extensionToUninstall?.name || '',
+      })
+    "
+    :confirm-label="t('uninstall.confirm.button')"
+    confirm-icon="i-heroicons-trash"
+    @confirm="confirmUninstall"
+  />
 </template>
 
 <script setup lang="ts">
+defineOptions({
+  inheritAttrs: false,
+})
+
 const extensionStore = useExtensionsStore()
 const windowManagerStore = useWindowManagerStore()
 
@@ -65,6 +93,10 @@ const { t } = useI18n()
 
 const open = ref(false)
 
+// Uninstall dialog state
+const showUninstallDialog = ref(false)
+const extensionToUninstall = ref<LauncherItem | null>(null)
+
 // Unified launcher item type
 interface LauncherItem {
   id: string
@@ -127,17 +159,44 @@ const openItem = async (item: LauncherItem) => {
   }
 }
 
-// Uninstall extension
+// Uninstall extension - shows confirmation dialog first
 const uninstallExtension = async (item: LauncherItem) => {
+  extensionToUninstall.value = item
+  showUninstallDialog.value = true
+}
+
+// Confirm uninstall - actually removes the extension
+const confirmUninstall = async () => {
+  if (!extensionToUninstall.value) return
+
   try {
-    const extension = extensionStore.availableExtensions.find(ext => ext.id === item.id)
+    const extension = extensionStore.availableExtensions.find(
+      (ext) => ext.id === extensionToUninstall.value!.id,
+    )
     if (!extension) return
 
+    // Close all windows of this extension first
+    const extensionWindows = windowManagerStore.windows.filter(
+      (win) => win.type === 'extension' && win.sourceId === extension.id,
+    )
+
+    for (const win of extensionWindows) {
+      windowManagerStore.closeWindow(win.id)
+    }
+
+    // Uninstall the extension
     await extensionStore.removeExtensionAsync(
       extension.publicKey,
       extension.name,
-      extension.version
+      extension.version,
     )
+
+    // Refresh available extensions list
+    await extensionStore.loadExtensionsAsync()
+
+    // Close dialog and reset state
+    showUninstallDialog.value = false
+    extensionToUninstall.value = null
   } catch (error) {
     console.error('Failed to uninstall extension:', error)
   }
@@ -149,8 +208,8 @@ const getContextMenuItems = (item: LauncherItem) => {
     {
       label: t('contextMenu.open'),
       icon: 'i-heroicons-arrow-top-right-on-square',
-      click: () => openItem(item),
+      onSelect: () => openItem(item),
-    }
+    },
   ]
 
   // Add uninstall option for extensions
@@ -158,7 +217,7 @@ const getContextMenuItems = (item: LauncherItem) => {
     items.push({
       label: t('contextMenu.uninstall'),
       icon: 'i-heroicons-trash',
-      click: () => uninstallExtension(item),
+      onSelect: () => uninstallExtension(item),
     })
   }
 
@@ -171,7 +230,10 @@ const handleDragStart = (event: DragEvent, item: LauncherItem) => {
 
   // Store the launcher item data
   event.dataTransfer.effectAllowed = 'copy'
-  event.dataTransfer.setData('application/haex-launcher-item', JSON.stringify(item))
+  event.dataTransfer.setData(
+    'application/haex-launcher-item',
+    JSON.stringify(item),
+  )
 
   // Set drag image (optional - uses default if not set)
   const dragImage = event.target as HTMLElement
@@ -189,14 +251,30 @@ const handleDragEnd = () => {
 de:
   disabled: Deaktiviert
   marketplace: Marketplace
+  launcher:
+    title: App Launcher
+    description: Wähle eine App zum Öffnen
   contextMenu:
     open: Öffnen
     uninstall: Deinstallieren
+  uninstall:
+    confirm:
+      title: Erweiterung deinstallieren
+      description: Möchtest du wirklich "{name}" deinstallieren? Diese Aktion kann nicht rückgängig gemacht werden.
+      button: Deinstallieren
 
 en:
   disabled: Disabled
   marketplace: Marketplace
+  launcher:
+    title: App Launcher
+    description: Select an app to open
   contextMenu:
     open: Open
     uninstall: Uninstall
+  uninstall:
+    confirm:
+      title: Uninstall Extension
+      description: Do you really want to uninstall "{name}"? This action cannot be undone.
+      button: Uninstall
 </i18n>

src/components/haex/extension/marketplace-card.vue

@@ -8,7 +8,7 @@
   >
     <div class="flex items-start gap-4">
       <!-- Icon -->
-      <div class="flex-shrink-0">
+      <div class="shrink-0">
         <div
           v-if="extension.icon"
           class="w-16 h-16 rounded-lg bg-primary/10 flex items-center justify-center"

src/components/haex/vault/create.vue

@@ -2,6 +2,7 @@
   <UiDialogConfirm
     :confirm-label="t('create')"
     @confirm="onCreateAsync"
+    :description="t('description')"
   >
     <UiButton
       :label="t('vault.create')"
@@ -55,7 +56,9 @@
 <script setup lang="ts">
 import { vaultSchema } from './schema'
 
-const { t } = useI18n()
+const { t } = useI18n({
+  useScope: 'local',
+})
 
 const vault = reactive<{
   name: string
@@ -118,6 +121,7 @@ de:
     name: HaexVault
   title: Neue {haexvault} erstellen
   create: Erstellen
+  description: Erstelle eine neue Vault für deine Daten
 
 en:
   vault:
@@ -127,4 +131,5 @@ en:
     name: HaexVault
   title: Create new {haexvault}
   create: Create
+  description: Create a new vault for your data
 </i18n>

src/components/haex/vault/open.vue

@@ -5,7 +5,7 @@
     :description="vault.path || path"
     @confirm="onOpenDatabase"
   >
-    <!-- <UiButton
+    <UiButton
       :label="t('vault.open')"
       :ui="{
         base: 'px-3 py-2',
@@ -14,8 +14,7 @@
       size="xl"
       variant="outline"
       block
-      @click.stop="onLoadDatabase"
+    />
-    /> -->
 
     <template #title>
       <i18n-t
@@ -59,7 +58,9 @@ const props = defineProps<{
   path?: string
 }>()
 
-const { t } = useI18n()
+const { t } = useI18n({
+  useScope: 'local',
+})
 
 const vault = reactive<{
   name: string

src/components/haex/window/button.vue

@@ -0,0 +1,83 @@
+<template>
+  <UTooltip :text="tooltip">
+    <button
+      class="size-8 shrink-0 rounded-lg flex justify-center transition-colors group"
+      :class="variantClasses.buttonClass"
+      @click="(e) => $emit('click', e)"
+    >
+      <UIcon
+        :name="icon"
+        class="size-4 text-gray-600 dark:text-gray-400"
+        :class="variantClasses.iconClass"
+      />
+    </button>
+  </UTooltip>
+</template>
+
+<script setup lang="ts">
+const props = defineProps<{
+  variant: 'close' | 'maximize' | 'minimize'
+  isMaximized?: boolean
+}>()
+
+defineEmits(['click'])
+
+const icon = computed(() => {
+  switch (props.variant) {
+    case 'close':
+      return 'i-heroicons-x-mark'
+    case 'maximize':
+      return props.isMaximized
+        ? 'i-heroicons-arrows-pointing-in'
+        : 'i-heroicons-arrows-pointing-out'
+    default:
+      return 'i-heroicons-minus'
+  }
+})
+
+const variantClasses = computed(() => {
+  if (props.variant === 'close') {
+    return {
+      iconClass: 'group-hover:text-error',
+      buttonClass: 'hover:bg-error/30 items-center',
+    }
+  } else if (props.variant === 'maximize') {
+    return {
+      iconClass: 'group-hover:text-warning',
+      buttonClass: 'hover:bg-warning/30 items-center',
+    }
+  } else {
+    return {
+      iconClass: 'group-hover:text-success',
+      buttonClass: 'hover:bg-success/30 items-end pb-1',
+    }
+  }
+})
+
+const { t } = useI18n()
+
+const tooltip = computed(() => {
+  switch (props.variant) {
+    case 'close':
+      return t('close')
+    case 'maximize':
+      return props.isMaximized ? t('shrink') : t('maximize')
+    default:
+      return t('minimize')
+  }
+})
+</script>
+
+<i18n lang="yaml">
+de:
+  close: Schließen
+  maximize: Maximieren
+  shrink: Verkleinern
+  minimize: Minimieren
+
+en:
+  close: Close
+  maximize: Maximize
+  shrink: Shrink
+  minimize: Minimize
+</i18n>

src/components/haex/window/index.vue

@@ -3,11 +3,17 @@
     ref="windowEl"
     :style="windowStyle"
     :class="[
-      'absolute bg-default/80 backdrop-blur-xl rounded-lg shadow-xl overflow-hidden isolate',
+      'absolute bg-default/80 backdrop-blur-xl rounded-lg shadow-xl overflow-hidden',
-      'border border-gray-200 dark:border-gray-700 transition-all ease-out duration-600 ',
+      'transition-all ease-out duration-600',
       'flex flex-col @container',
       { 'select-none': isResizingOrDragging },
-      isActive ? 'z-100' : 'z-50',
+      isActive ? 'z-20' : 'z-10',
+      // Border colors based on warning level
+      warningLevel === 'warning'
+        ? 'border-2 border-warning-500'
+        : warningLevel === 'danger'
+          ? 'border-2 border-danger-500'
+          : 'border border-gray-200 dark:border-gray-700',
     ]"
     @mousedown="handleActivate"
   >
@@ -38,37 +44,21 @@
 
       <!-- Right: Window Controls -->
       <div class="flex items-center gap-1 justify-end">
-        <button
+        <HaexWindowButton
-          class="w-8 h-8 rounded-lg hover:bg-gray-200 dark:hover:bg-gray-700 flex items-center justify-center transition-colors"
+          variant="minimize"
           @click.stop="handleMinimize"
-        >
-          <UIcon
-            name="i-heroicons-minus"
-            class="w-4 h-4 text-gray-600 dark:text-gray-400"
         />
-        </button>
+
-        <button
+        <HaexWindowButton
-          class="w-8 h-8 rounded-lg hover:bg-gray-200 dark:hover:bg-gray-700 flex items-center justify-center transition-colors"
+          :is-maximized
+          variant="maximize"
           @click.stop="handleMaximize"
-        >
-          <UIcon
-            :name="
-              isMaximized
-                ? 'i-heroicons-arrows-pointing-in'
-                : 'i-heroicons-arrows-pointing-out'
-            "
-            class="w-4 h-4 text-gray-600 dark:text-gray-400"
         />
-        </button>
+
-        <button
+        <HaexWindowButton
-          class="w-8 h-8 rounded-lg hover:bg-red-100 dark:hover:bg-red-900/30 flex items-center justify-center transition-colors group"
+          variant="close"
           @click.stop="handleClose"
-        >
-          <UIcon
-            name="i-heroicons-x-mark"
-            class="w-4 h-4 text-gray-600 dark:text-gray-400 group-hover:text-red-600 dark:group-hover:text-red-400"
         />
-        </button>
       </div>
     </div>
 
@@ -102,6 +92,7 @@ const props = defineProps<{
   sourceHeight?: number
   isOpening?: boolean
   isClosing?: boolean
+  warningLevel?: 'warning' | 'danger' // Warning indicator (e.g., dev extension, dangerous permissions)
 }>()
 
 const emit = defineEmits<{
@@ -331,13 +322,33 @@ const handleMaximize = () => {
     const bounds = getViewportBounds()
 
     if (bounds && bounds.width > 0 && bounds.height > 0) {
+      // Get safe-area-insets from CSS variables for debug
+      const safeAreaTop = parseFloat(
+        getComputedStyle(document.documentElement).getPropertyValue(
+          '--safe-area-inset-top',
+        ) || '0',
+      )
+      const safeAreaBottom = parseFloat(
+        getComputedStyle(document.documentElement).getPropertyValue(
+          '--safe-area-inset-bottom',
+        ) || '0',
+      )
+
+      // Desktop container uses 'absolute inset-0' which stretches over full viewport
+      // bounds.height = full viewport height (includes header area + safe-areas)
+      // We need to calculate available space properly
+
+      // Get header height from UI store (measured reactively in layout)
+      const uiStore = useUiStore()
+      const headerHeight = uiStore.headerHeight
+
       x.value = 0
-      y.value = 0
+      y.value = 0 // Start below header and status bar
       width.value = bounds.width
-      height.value = bounds.height
+      // Height: viewport - header - both safe-areas
+      height.value = bounds.height - headerHeight - safeAreaTop - safeAreaBottom
       isMaximized.value = true
     }
-    console.log('handleMaximize', preMaximizeState, bounds)
   }
 }
 

src/components/haex/window/overview.vue

@@ -1,27 +1,14 @@
 <template>
-  <UModal
+  <UDrawer
     v-model:open="localShowWindowOverview"
+    direction="bottom"
     :title="t('modal.title')"
     :description="t('modal.description')"
-    fullscreen
   >
     <template #content>
-      <div class="flex flex-col h-full">
+      <div class="h-full overflow-y-auto p-6 justify-center flex">
-        <!-- Header -->
-        <div
-          class="flex items-center justify-end border-b p-2 border-gray-200 dark:border-gray-700"
-        >
-          <UButton
-            icon="i-heroicons-x-mark"
-            color="error"
-            variant="soft"
-            @click="localShowWindowOverview = false"
-          />
-        </div>
-
-        <!-- Scrollable Content -->
-        <div class="flex-1 overflow-y-auto p-6 justify-center flex">
         <!-- Window Thumbnails Flex Layout -->
+
         <div
           v-if="windows.length > 0"
           class="flex flex-wrap gap-6 justify-center-safe items-start"
@@ -82,9 +69,8 @@
           </p>
         </div>
       </div>
-      </div>
     </template>
-  </UModal>
+  </UDrawer>
 </template>
 
 <script setup lang="ts">

src/components/ui/button/context.vue

@@ -0,0 +1,28 @@
+<template>
+  <UContextMenu :items="contextMenuItems">
+    <UiButton
+      v-bind="$attrs"
+      @click="$emit('click', $event)"
+    >
+      <template
+        v-for="(_, slotName) in $slots"
+        #[slotName]="slotProps"
+      >
+        <slot
+          :name="slotName"
+          v-bind="slotProps"
+        />
+      </template>
+    </UiButton>
+  </UContextMenu>
+</template>
+
+<script setup lang="ts">
+import type { ContextMenuItem } from '@nuxt/ui'
+
+defineProps<{
+  contextMenuItems: ContextMenuItem[]
+}>()
+
+defineEmits<{ click: [Event] }>()
+</script>

src/components/ui/button/index.vue

@@ -4,11 +4,10 @@
       <UButton
         class="pointer-events-auto"
         v-bind="{
-          ...{ size: isSmallScreen ? 'lg' : 'md' },
           ...buttonProps,
           ...$attrs,
         }"
-        @click="(e) => $emit('click', e)"
+        @click="$emit('click', $event)"
       >
         <template
           v-for="(_, slotName) in $slots"

src/composables/extensionContextBroadcast.ts

@@ -1,65 +0,0 @@
-// composables/extensionContextBroadcast.ts
-// NOTE: This composable is deprecated. Use tabsStore.broadcastToAllTabs() instead.
-// Keeping for backwards compatibility.
-
-import { getExtensionWindow } from './extensionMessageHandler'
-
-export const useExtensionContextBroadcast = () => {
-  // Globaler State für Extension IDs statt IFrames
-  const extensionIds = useState<Set<string>>(
-    'extension-ids',
-    () => new Set(),
-  )
-
-  const registerExtensionIframe = (_iframe: HTMLIFrameElement, extensionId: string) => {
-    extensionIds.value.add(extensionId)
-  }
-
-  const unregisterExtensionIframe = (_iframe: HTMLIFrameElement, extensionId: string) => {
-    extensionIds.value.delete(extensionId)
-  }
-
-  const broadcastContextChange = (context: {
-    theme: string
-    locale: string
-    platform: string
-  }) => {
-    const message = {
-      type: 'context.changed',
-      data: { context },
-      timestamp: Date.now(),
-    }
-
-    extensionIds.value.forEach((extensionId) => {
-      const win = getExtensionWindow(extensionId)
-      if (win) {
-        win.postMessage(message, '*')
-      }
-    })
-  }
-
-  const broadcastSearchRequest = (query: string, requestId: string) => {
-    const message = {
-      type: 'search.request',
-      data: {
-        query: { query, limit: 10 },
-        requestId,
-      },
-      timestamp: Date.now(),
-    }
-
-    extensionIds.value.forEach((extensionId) => {
-      const win = getExtensionWindow(extensionId)
-      if (win) {
-        win.postMessage(message, '*')
-      }
-    })
-  }
-
-  return {
-    registerExtensionIframe,
-    unregisterExtensionIframe,
-    broadcastContextChange,
-    broadcastSearchRequest,
-  }
-}

src/composables/extensionMessageHandler.ts

@@ -166,20 +166,18 @@ const registerGlobalMessageHandler = () => {
     try {
       let result: unknown
 
-      if (request.method.startsWith('extension.')) {
+      if (request.method.startsWith('haextension.context.')) {
-        result = await handleExtensionMethodAsync(request, instance.extension)
-      } else if (request.method.startsWith('db.')) {
-        result = await handleDatabaseMethodAsync(request, instance.extension)
-      } else if (request.method.startsWith('fs.')) {
-        result = await handleFilesystemMethodAsync(request, instance.extension)
-      } else if (request.method.startsWith('http.')) {
-        result = await handleHttpMethodAsync(request, instance.extension)
-      } else if (request.method.startsWith('permissions.')) {
-        result = await handlePermissionsMethodAsync(request, instance.extension)
-      } else if (request.method.startsWith('context.')) {
         result = await handleContextMethodAsync(request)
-      } else if (request.method.startsWith('storage.')) {
+      } else if (request.method.startsWith('haextension.storage.')) {
         result = await handleStorageMethodAsync(request, instance)
+      } else if (request.method.startsWith('haextension.db.')) {
+        result = await handleDatabaseMethodAsync(request, instance.extension)
+      } else if (request.method.startsWith('haextension.fs.')) {
+        result = await handleFilesystemMethodAsync(request, instance.extension)
+      } else if (request.method.startsWith('haextension.http.')) {
+        result = await handleHttpMethodAsync(request, instance.extension)
+      } else if (request.method.startsWith('haextension.permissions.')) {
+        result = await handlePermissionsMethodAsync(request, instance.extension)
       } else {
         throw new Error(`Unknown method: ${request.method}`)
       }
@@ -328,31 +326,28 @@ export const getExtensionWindow = (extensionId: string): Window | undefined => {
   return getAllInstanceWindows(extensionId)[0]
 }
 
-// ==========================================
+// Broadcast context changes to all extension instances
-// Extension Methods
+export const broadcastContextToAllExtensions = (context: {
-// ==========================================
+  theme: string
+  locale: string
+  platform?: string
+}) => {
+  const message = {
+    type: 'haextension.context.changed',
+    data: { context },
+    timestamp: Date.now(),
+  }
 
-async function handleExtensionMethodAsync(
+  console.log('[ExtensionHandler] Broadcasting context to all extensions:', context)
-  request: ExtensionRequest,
+
-  extension: IHaexHubExtension, // Direkter Typ, kein ComputedRef mehr
+  // Send to all registered extension windows
-) {
+  for (const [_, instance] of iframeRegistry.entries()) {
-  switch (request.method) {
+    const win = windowIdToWindowMap.get(instance.windowId)
-    case 'extension.getInfo': {
+    if (win) {
-      const info = (await invoke('get_extension_info', {
+      console.log('[ExtensionHandler] Sending context to:', instance.extension.name, instance.windowId)
-        publicKey: extension.publicKey,
+      win.postMessage(message, '*')
-        name: extension.name,
-      })) as Record<string, unknown>
-      // Override allowedOrigin with the actual window origin
-      // This fixes the dev-mode issue where Rust returns "tauri://localhost"
-      // but the actual origin is "http://localhost:3003"
-      return {
-        ...info,
-        allowedOrigin: window.location.origin,
     }
   }
-    default:
-      throw new Error(`Unknown extension method: ${request.method}`)
-  }
 }
 
 // ==========================================
@@ -369,11 +364,12 @@ async function handleDatabaseMethodAsync(
   }
 
   switch (request.method) {
-    case 'db.query': {
+    case 'haextension.db.query': {
       const rows = await invoke<unknown[]>('extension_sql_select', {
         sql: params.query || '',
         params: params.params || [],
-        extensionId: extension.id,
+        publicKey: extension.publicKey,
+        name: extension.name,
       })
 
       return {
@@ -383,21 +379,22 @@ async function handleDatabaseMethodAsync(
       }
     }
 
-    case 'db.execute': {
+    case 'haextension.db.execute': {
-      await invoke<string[]>('extension_sql_execute', {
+      const rows = await invoke<unknown[]>('extension_sql_execute', {
         sql: params.query || '',
         params: params.params || [],
-        extensionId: extension.id,
+        publicKey: extension.publicKey,
+        name: extension.name,
       })
 
       return {
-        rows: [],
+        rows,
         rowsAffected: 1,
         lastInsertId: undefined,
       }
     }
 
-    case 'db.transaction': {
+    case 'haextension.db.transaction': {
       const statements =
         (request.params as { statements?: string[] }).statements || []
 
@@ -405,7 +402,8 @@ async function handleDatabaseMethodAsync(
         await invoke('extension_sql_execute', {
           sql: stmt,
           params: [],
-          extensionId: extension.id,
+          publicKey: extension.publicKey,
+          name: extension.name,
         })
       }
 
@@ -467,7 +465,7 @@ async function handlePermissionsMethodAsync(
 
 async function handleContextMethodAsync(request: ExtensionRequest) {
   switch (request.method) {
-    case 'context.get':
+    case 'haextension.context.get':
       if (!contextGetters) {
         throw new Error(
           'Context not initialized. Make sure useExtensionMessageHandler is called in a component.',
@@ -499,25 +497,25 @@ async function handleStorageMethodAsync(
   )
 
   switch (request.method) {
-    case 'storage.getItem': {
+    case 'haextension.storage.getItem': {
       const key = request.params.key as string
       return localStorage.getItem(storageKey + key)
     }
 
-    case 'storage.setItem': {
+    case 'haextension.storage.setItem': {
       const key = request.params.key as string
       const value = request.params.value as string
       localStorage.setItem(storageKey + key, value)
       return null
     }
 
-    case 'storage.removeItem': {
+    case 'haextension.storage.removeItem': {
       const key = request.params.key as string
       localStorage.removeItem(storageKey + key)
       return null
     }
 
-    case 'storage.clear': {
+    case 'haextension.storage.clear': {
       // Remove only instance-specific keys
       const keys = Object.keys(localStorage).filter((k) =>
         k.startsWith(storageKey),
@@ -526,7 +524,7 @@ async function handleStorageMethodAsync(
       return null
     }
 
-    case 'storage.keys': {
+    case 'haextension.storage.keys': {
       // Return only instance-specific keys (without prefix)
       const keys = Object.keys(localStorage)
         .filter((k) => k.startsWith(storageKey))

src/layouts/app.vue

@@ -1,98 +0,0 @@
-<template>
-  <div class="flex flex-col w-full h-full overflow-hidden">
-    <div ref="headerRef">
-      <UPageHeader
-        as="header"
-        :ui="{
-          root: [
-            'bg-default border-b border-accented sticky top-0 z-50 pt-2 px-8 h-header',
-          ],
-          wrapper: [
-            'flex flex-col sm:flex-row sm:items-center sm:justify-between gap-4',
-          ],
-        }"
-      >
-        <template #title>
-          <div class="flex items-center">
-            <UiLogoHaexhub class="size-12 shrink-0" />
-
-            <NuxtLinkLocale
-              class="link text-base-content link-neutral text-xl font-semibold no-underline flex items-center"
-              :to="{ name: 'desktop' }"
-            >
-              <UiTextGradient class="text-nowrap">
-                {{ currentVaultName }}
-              </UiTextGradient>
-            </NuxtLinkLocale>
-          </div>
-        </template>
-
-        <template #links>
-          <UButton
-            color="neutral"
-            variant="outline"
-            :block="isSmallScreen"
-            icon="i-bi-person-workspace"
-            size="lg"
-            @click="isOverviewMode = !isOverviewMode"
-          />
-          <UButton
-            color="neutral"
-            variant="outline"
-            :block="isSmallScreen"
-            icon="i-heroicons-squares-2x2"
-            size="lg"
-            @click="showWindowOverview = !showWindowOverview"
-          >
-            <template v-if="openWindowsCount > 0" #trailing>
-              <UBadge
-                :label="openWindowsCount.toString()"
-                color="primary"
-                size="xs"
-              />
-            </template>
-          </UButton>
-          <HaexExtensionLauncher :block="isSmallScreen" />
-        </template>
-      </UPageHeader>
-    </div>
-
-    <main class="flex-1 overflow-hidden bg-elevated">
-      <NuxtPage />
-    </main>
-  </div>
-</template>
-
-<script setup lang="ts">
-const { currentVaultName } = storeToRefs(useVaultStore())
-
-const { isSmallScreen } = storeToRefs(useUiStore())
-
-const { isOverviewMode } = storeToRefs(useWorkspaceStore())
-
-const { showWindowOverview, openWindowsCount } = storeToRefs(
-  useWindowManagerStore(),
-)
-</script>
-
-<i18n lang="yaml">
-de:
-  vault:
-    close: Vault schließen
-
-  sidebar:
-    close: Sidebar ausblenden
-    show: Sidebar anzeigen
-
-  search:
-    label: Suche
-en:
-  vault:
-    close: Close vault
-  sidebar:
-    close: close sidebar
-    show: show sidebar
-
-  search:
-    label: Search
-</i18n>

src/layouts/default.vue

@@ -1,5 +1,155 @@
 <template>
-  <div class="bg-default isolate w-dvw h-dvh flex flex-col">
+  <div class="w-full h-dvh flex flex-col">
-    <slot />
+    <UPageHeader
+      ref="headerEl"
+      as="header"
+      :ui="{
+        root: ['px-8 py-0'],
+        wrapper: ['flex flex-row items-center justify-between gap-4'],
+      }"
+    >
+      <template #default>
+        <div class="flex justify-between items-center py-1">
+          <div>
+            <!-- <NuxtLinkLocale
+                class="link text-base-content link-neutral text-xl font-semibold no-underline flex items-center"
+                :to="{ name: 'desktop' }"
+              >
+                <UiTextGradient class="text-nowrap">
+                  {{ currentVaultName }}
+                </UiTextGradient>
+              </NuxtLinkLocale> -->
+            <UiButton
+              v-if="currentVaultId"
+              color="neutral"
+              variant="outline"
+              icon="i-bi-person-workspace"
+              size="lg"
+              :tooltip="t('workspaces.label')"
+              @click="isOverviewMode = !isOverviewMode"
+            />
+          </div>
+
+          <div>
+            <div v-if="!currentVaultId">
+              <UiDropdownLocale @select="onSelectLocale" />
+            </div>
+            <div
+              v-else
+              class="flex flex-row gap-2"
+            >
+              <UButton
+                v-if="openWindowsCount > 0"
+                color="primary"
+                variant="outline"
+                size="lg"
+                @click="showWindowOverview = !showWindowOverview"
+              >
+                {{ openWindowsCount }}
+              </UButton>
+              <HaexExtensionLauncher />
+            </div>
+          </div>
         </div>
       </template>
+    </UPageHeader>
+
+    <main class="overflow-hidden relative bg-elevated h-full">
+      <slot />
+    </main>
+
+    <!-- Workspace Drawer -->
+    <UDrawer
+      v-model:open="isOverviewMode"
+      direction="left"
+      :dismissible="false"
+      :overlay="false"
+      :modal="false"
+      title="Workspaces"
+      description="Workspaces"
+    >
+      <template #content>
+        <div class="p-6 h-full overflow-y-auto">
+          <UButton
+            block
+            trailing-icon="mdi-close"
+            class="text-2xl font-bold ext-gray-900 dark:text-white mb-4"
+            @click="isOverviewMode = false"
+          >
+            Workspaces
+          </UButton>
+
+          <!-- Workspace Cards -->
+          <div class="flex flex-col gap-3">
+            <HaexWorkspaceCard
+              v-for="workspace in workspaces"
+              :key="workspace.id"
+              :workspace
+            />
+          </div>
+
+          <!-- Add New Workspace Button -->
+          <UButton
+            block
+            variant="outline"
+            class="mt-6"
+            @click="handleAddWorkspace"
+            icon="i-heroicons-plus"
+            :label="t('workspaces.add')"
+          >
+          </UButton>
+        </div>
+      </template>
+    </UDrawer>
+  </div>
+</template>
+
+<script setup lang="ts">
+import type { Locale } from 'vue-i18n'
+
+const { t, setLocale } = useI18n()
+const onSelectLocale = async (locale: Locale) => {
+  await setLocale(locale)
+}
+
+const { currentVaultId } = storeToRefs(useVaultStore())
+const { showWindowOverview, openWindowsCount } = storeToRefs(
+  useWindowManagerStore(),
+)
+
+const workspaceStore = useWorkspaceStore()
+const { workspaces, isOverviewMode } = storeToRefs(workspaceStore)
+
+const handleAddWorkspace = async () => {
+  const workspace = await workspaceStore.addWorkspaceAsync()
+  nextTick(() => {
+    workspaceStore.slideToWorkspace(workspace?.id)
+  })
+}
+
+// Measure header height and store it in UI store
+const headerEl = useTemplateRef('headerEl')
+const { height } = useElementSize(headerEl)
+const uiStore = useUiStore()
+
+watch(height, (newHeight) => {
+  uiStore.headerHeight = newHeight
+})
+</script>
+
+<i18n lang="yaml">
+de:
+  search:
+    label: Suche
+
+  workspaces:
+    label: Workspaces
+    add: Workspace hinzufügen
+en:
+  search:
+    label: Search
+
+  workspaces:
+    label: Workspaces
+    add: Add Workspace
+</i18n>

src/pages/index.vue

@@ -1,10 +1,9 @@
 <template>
-  <div class="items-center justify-center flex w-full h-full relative">
+  <div class="h-full">
-    <div class="absolute top-8 right-8 sm:top-4 sm:right-4">
+    <NuxtLayout>
-      <UiDropdownLocale @select="onSelectLocale" />
+      <div
-    </div>
+        class="flex flex-col justify-center items-center gap-5 mx-auto h-full overflow-scroll"
-
+      >
-    <div class="flex flex-col justify-center items-center gap-5 max-w-3xl">
         <UiLogoHaexhub class="bg-primary p-3 size-16 rounded-full shrink-0" />
         <span
           class="flex flex-wrap font-bold text-pretty text-xl gap-2 justify-center"
@@ -15,7 +14,7 @@
           <UiTextGradient>Haex Hub</UiTextGradient>
         </span>
 
-      <div class="flex flex-col md:flex-row gap-4 w-full h-24 md:h-auto">
+        <div class="flex flex-col gap-4 h-24 items-stretch justify-center">
           <HaexVaultCreate />
 
           <HaexVaultOpen
@@ -26,9 +25,9 @@
 
         <div
           v-show="lastVaults.length"
-        class="w-full"
+          class="max-w-md w-full sm:px-5"
         >
-        <div class="font-thin text-sm justify-start px-2 pb-1">
+          <div class="font-thin text-sm pb-1 w-full">
             {{ t('lastUsed') }}
           </div>
 
@@ -40,10 +39,19 @@
               :key="vault.name"
               class="flex items-center justify-between group overflow-x-scroll"
             >
-            <UButton
+              <UiButtonContext
                 variant="ghost"
                 color="neutral"
-              class="flex items-center no-underline justify-between text-nowrap text-sm md:text-base shrink w-full px-3"
+                size="xl"
+                class="flex items-center no-underline justify-between text-nowrap text-sm md:text-base shrink w-full hover:bg-default"
+                :context-menu-items="[
+                  {
+                    icon: 'mdi:trash-can-outline',
+                    label: t('remove.button'),
+                    onSelect: () => prepareRemoveVault(vault.name),
+                    color: 'error',
+                  },
+                ]"
                 @click="
                   () => {
                     passwordPromptOpen = true
@@ -54,7 +62,7 @@
                 <span class="block">
                   {{ vault.name }}
                 </span>
-            </UButton>
+              </UiButtonContext>
               <UButton
                 color="error"
                 square
@@ -81,33 +89,38 @@
           </div>
         </div>
       </div>
+
       <UiDialogConfirm
         v-model:open="showRemoveDialog"
         :title="t('remove.title')"
         :description="t('remove.description', { vaultName: vaultToBeRemoved })"
         @confirm="onConfirmRemoveAsync"
       />
+    </NuxtLayout>
   </div>
 </template>
 
 <script setup lang="ts">
 import { openUrl } from '@tauri-apps/plugin-opener'
-import type { Locale } from 'vue-i18n'
+
 import type { VaultInfo } from '@bindings/VaultInfo'
 
 definePageMeta({
   name: 'vaultOpen',
 })
 
-const { t, setLocale } = useI18n()
+const { t } = useI18n()
 
 const passwordPromptOpen = ref(false)
 const selectedVault = ref<VaultInfo>()
 
 const showRemoveDialog = ref(false)
-const { syncLastVaultsAsync, removeVaultAsync } = useLastVaultStore()
+
 const { lastVaults } = storeToRefs(useLastVaultStore())
 
+const { syncLastVaultsAsync, moveVaultToTrashAsync } = useLastVaultStore()
+const { syncDeviceIdAsync } = useDeviceStore()
+
 const vaultToBeRemoved = ref('')
 const prepareRemoveVault = (vaultName: string) => {
   vaultToBeRemoved.value = vaultName
@@ -117,7 +130,7 @@ const prepareRemoveVault = (vaultName: string) => {
 const toast = useToast()
 const onConfirmRemoveAsync = async () => {
   try {
-    await removeVaultAsync(vaultToBeRemoved.value)
+    await moveVaultToTrashAsync(vaultToBeRemoved.value)
     showRemoveDialog.value = false
     await syncLastVaultsAsync()
   } catch (error) {
@@ -127,17 +140,15 @@ const onConfirmRemoveAsync = async () => {
     })
   }
 }
+
 onMounted(async () => {
   try {
     await syncLastVaultsAsync()
+    await syncDeviceIdAsync()
   } catch (error) {
     console.error('ERROR: ', error)
   }
 })
-
-const onSelectLocale = async (locale: Locale) => {
-  await setLocale(locale)
-}
 </script>
 
 <i18n lang="yaml">
@@ -146,6 +157,7 @@ de:
   lastUsed: 'Zuletzt verwendete Vaults'
   sponsors: Supported by
   remove:
+    button: Löschen
     title: Vault löschen
     description: Möchtest du die Vault {vaultName} wirklich löschen?
 
@@ -154,6 +166,7 @@ en:
   lastUsed: 'Last used Vaults'
   sponsors: 'Supported by'
   remove:
+    button: Delete
     title: Delete Vault
     description: Are you sure you really want to delete {vaultName}?
 </i18n>

src/pages/vault.vue

@@ -1,6 +1,6 @@
 <template>
-  <div class="w-full h-full overflow-y-auto">
+  <div>
-    <NuxtLayout name="app">
+    <NuxtLayout>
       <NuxtPage />
     </NuxtLayout>
 
@@ -9,6 +9,7 @@
         v-model:open="showNewDeviceDialog"
         :confirm-label="t('newDevice.save')"
         :title="t('newDevice.title')"
+        :description="t('newDevice.setName')"
         confirm-icon="mdi:content-save-outline"
         @abort="showNewDeviceDialog = false"
         @confirm="onSetDeviceNameAsync"
@@ -48,7 +49,7 @@ const newDeviceName = ref<string>('unknown')
 const { readNotificationsAsync } = useNotificationStore()
 const { isKnownDeviceAsync } = useDeviceStore()
 const { loadExtensionsAsync } = useExtensionsStore()
-const { setDeviceIdIfNotExistsAsync, addDeviceNameAsync } = useDeviceStore()
+const { addDeviceNameAsync } = useDeviceStore()
 const { deviceId } = storeToRefs(useDeviceStore())
 const { syncLocaleAsync, syncThemeAsync, syncVaultNameAsync } =
   useVaultSettingsStore()
@@ -56,11 +57,11 @@ const { syncLocaleAsync, syncThemeAsync, syncVaultNameAsync } =
 onMounted(async () => {
   try {
     // Sync settings first before other initialization
+
     await Promise.allSettled([
       syncLocaleAsync(),
       syncThemeAsync(),
       syncVaultNameAsync(),
-      setDeviceIdIfNotExistsAsync(),
       loadExtensionsAsync(),
       readNotificationsAsync(),
     ])

src/pages/vault/[vaultId]/index.vue

@@ -1,6 +1,8 @@
 <template>
-  <div class="w-full h-full flex items-center justify-center">
+  <div>
+    <UDashboardPanel resizable>
       <HaexDesktop />
+    </UDashboardPanel>
   </div>
 </template>
 

src/plugins/init-logger.ts

@@ -0,0 +1,25 @@
+export default defineNuxtPlugin({
+  name: 'init-logger',
+  enforce: 'pre',
+  parallel: false,
+  setup() {
+    // Add global error handler for better debugging
+    window.addEventListener('error', (event) => {
+      console.error('[HaexHub] Global error caught:', {
+        message: event.message,
+        filename: event.filename,
+        lineno: event.lineno,
+        colno: event.colno,
+        error: event.error,
+        stack: event.error?.stack,
+      })
+    })
+
+    window.addEventListener('unhandledrejection', (event) => {
+      console.error('[HaexHub] Unhandled rejection:', {
+        reason: event.reason,
+        promise: event.promise,
+      })
+    })
+  },
+})

src/stores/desktop/index.ts

@@ -12,6 +12,7 @@ export type DesktopItemType = 'extension' | 'file' | 'folder' | 'system'
 export interface IDesktopItem extends SelectHaexDesktopItems {
   label?: string
   icon?: string
+  referenceId: string // Computed: extensionId or systemWindowId
 }
 
 export const useDesktopStore = defineStore('desktopStore', () => {
@@ -45,7 +46,10 @@ export const useDesktopStore = defineStore('desktopStore', () => {
         .from(haexDesktopItems)
         .where(eq(haexDesktopItems.workspaceId, currentWorkspace.value.id))
 
-      desktopItems.value = items
+      desktopItems.value = items.map(item => ({
+        ...item,
+        referenceId: item.itemType === 'extension' ? item.extensionId! : item.systemWindowId!,
+      }))
     } catch (error) {
       console.error('Fehler beim Laden der Desktop-Items:', error)
       throw error
@@ -72,7 +76,8 @@ export const useDesktopStore = defineStore('desktopStore', () => {
       const newItem: InsertHaexDesktopItems = {
         workspaceId: targetWorkspaceId,
         itemType: itemType,
-        referenceId: referenceId,
+        extensionId: itemType === 'extension' ? referenceId : null,
+        systemWindowId: itemType === 'system' || itemType === 'file' || itemType === 'folder' ? referenceId : null,
         positionX: positionX,
         positionY: positionY,
       }
@@ -83,8 +88,12 @@ export const useDesktopStore = defineStore('desktopStore', () => {
         .returning()
 
       if (result.length > 0 && result[0]) {
-        desktopItems.value.push(result[0])
+        const itemWithRef = {
-        return result[0]
+          ...result[0],
+          referenceId: itemType === 'extension' ? result[0].extensionId! : result[0].systemWindowId!,
+        }
+        desktopItems.value.push(itemWithRef)
+        return itemWithRef
       }
     } catch (error) {
       console.error('Fehler beim Hinzufügen des Desktop-Items:', {
@@ -126,7 +135,11 @@ export const useDesktopStore = defineStore('desktopStore', () => {
       if (result.length > 0 && result[0]) {
         const index = desktopItems.value.findIndex((item) => item.id === id)
         if (index !== -1) {
-          desktopItems.value[index] = result[0]
+          const item = result[0]
+          desktopItems.value[index] = {
+            ...item,
+            referenceId: item.itemType === 'extension' ? item.extensionId! : item.systemWindowId!,
+          }
         }
       }
     } catch (error) {
@@ -159,7 +172,14 @@ export const useDesktopStore = defineStore('desktopStore', () => {
     referenceId: string,
   ) => {
     return desktopItems.value.find(
-      (item) => item.itemType === itemType && item.referenceId === referenceId,
+      (item) => {
+        if (item.itemType !== itemType) return false
+        if (itemType === 'extension') {
+          return item.extensionId === referenceId
+        } else {
+          return item.systemWindowId === referenceId
+        }
+      },
     )
   }
 

src/stores/desktop/workspace.ts

@@ -10,6 +10,7 @@ export type IWorkspace = SelectHaexWorkspaces
 export const useWorkspaceStore = defineStore('workspaceStore', () => {
   const vaultStore = useVaultStore()
   const windowStore = useWindowManagerStore()
+  const { deviceId } = storeToRefs(useDeviceStore())
 
   const { currentVault } = storeToRefs(vaultStore)
 
@@ -31,10 +32,16 @@ export const useWorkspaceStore = defineStore('workspaceStore', () => {
       return
     }
 
+    if (!deviceId.value) {
+      console.error('Keine DeviceId vergeben')
+      return
+    }
+
     try {
       const items = await currentVault.value.drizzle
         .select()
         .from(haexWorkspaces)
+        .where(eq(haexWorkspaces.deviceId, deviceId.value))
         .orderBy(asc(haexWorkspaces.position))
 
       workspaces.value = items
@@ -58,11 +65,16 @@ export const useWorkspaceStore = defineStore('workspaceStore', () => {
       throw new Error('Kein Vault geöffnet')
     }
 
+    if (!deviceId.value) {
+      return
+    }
+
     try {
       const newIndex = workspaces.value.length + 1
       const newWorkspace = {
         name: name || `Workspace ${newIndex}`,
         position: workspaces.value.length,
+        deviceId: deviceId.value,
       }
 
       const result = await currentVault.value.drizzle

src/stores/extensions/index.ts

@@ -50,7 +50,7 @@ export const useExtensionsStore = defineStore('extensionsStore', () => {
       currentExtension.value.publicKey,
       currentExtension.value.name,
       currentExtension.value.version,
-      'index.html',
+      currentExtension.value.entry ?? 'index.html',
       currentExtension.value.devServerUrl ?? undefined,
     )
   })
@@ -90,6 +90,7 @@ export const useExtensionsStore = defineStore('extensionsStore', () => {
       const extensions =
         await invoke<ExtensionInfoResponse[]>('get_all_extensions')
 
+      console.log('get_all_extensions', extensions)
       // ExtensionInfoResponse is now directly compatible with IHaexHubExtension
       availableExtensions.value = extensions
     } catch (error) {

src/stores/extensions/tabs.ts

@@ -1,175 +0,0 @@
-// stores/extensions/tabs.ts
-import type { IHaexHubExtension } from '~/types/haexhub'
-import { getExtensionWindow } from '~/composables/extensionMessageHandler'
-
-interface ExtensionTab {
-  extension: IHaexHubExtension
-  iframe: HTMLIFrameElement | null
-  isVisible: boolean
-  lastAccessed: number
-}
-
-export const useExtensionTabsStore = defineStore('extensionTabsStore', () => {
-  // State
-  const openTabs = ref(new Map<string, ExtensionTab>())
-  const activeTabId = ref<string | null>(null)
-
-  // Getters
-  const activeTab = computed(() => {
-    if (!activeTabId.value) return null
-    return openTabs.value.get(activeTabId.value) || null
-  })
-
-  const tabCount = computed(() => openTabs.value.size)
-
-  const sortedTabs = computed(() => {
-    return Array.from(openTabs.value.values()).sort(
-      (a, b) => b.lastAccessed - a.lastAccessed,
-    )
-  })
-
-  const extensionsStore = useExtensionsStore()
-
-  // Actions
-  const openTab = (extensionId: string) => {
-    const extension = extensionsStore.availableExtensions.find(
-      (ext) => ext.id === extensionId,
-    )
-
-    if (!extension) {
-      console.error(`Extension ${extensionId} nicht gefunden`)
-      return
-    }
-
-    // Check if extension is enabled
-    if (!extension.enabled) {
-      console.warn(
-        `Extension ${extensionId} ist deaktiviert und kann nicht geöffnet werden`,
-      )
-      return
-    }
-
-    // Bereits geöffnet? Nur aktivieren
-    if (openTabs.value.has(extensionId)) {
-      setActiveTab(extensionId)
-      return
-    }
-
-    // Limit: Max 10 Tabs
-    if (openTabs.value.size >= 10) {
-      const oldestInactive = sortedTabs.value
-        .filter((tab) => tab.extension.id !== activeTabId.value)
-        .pop()
-
-      if (oldestInactive) {
-        closeTab(oldestInactive.extension.id)
-      }
-    }
-
-    // Neuen Tab erstellen
-    openTabs.value.set(extensionId, {
-      extension,
-      iframe: null,
-      isVisible: false,
-      lastAccessed: Date.now(),
-    })
-
-    setActiveTab(extensionId)
-  }
-
-  const setActiveTab = (extensionId: string) => {
-    // Verstecke aktuellen Tab
-    if (activeTabId.value && openTabs.value.has(activeTabId.value)) {
-      const currentTab = openTabs.value.get(activeTabId.value)!
-      currentTab.isVisible = false
-    }
-
-    // Zeige neuen Tab
-    const newTab = openTabs.value.get(extensionId)
-    if (newTab) {
-      const now = Date.now()
-      const inactiveDuration = now - newTab.lastAccessed
-      const TEN_MINUTES = 10 * 60 * 1000
-
-      // Reload iframe if inactive for more than 10 minutes
-      if (inactiveDuration > TEN_MINUTES && newTab.iframe) {
-        console.log(
-          `[TabStore] Reloading extension ${extensionId} after ${Math.round(inactiveDuration / 1000)}s inactivity`,
-        )
-        const currentSrc = newTab.iframe.src
-        newTab.iframe.src = 'about:blank'
-        // Small delay to ensure reload
-        setTimeout(() => {
-          if (newTab.iframe) {
-            newTab.iframe.src = currentSrc
-          }
-        }, 50)
-      }
-
-      newTab.isVisible = true
-      newTab.lastAccessed = now
-      activeTabId.value = extensionId
-    }
-  }
-
-  const closeTab = (extensionId: string) => {
-    const tab = openTabs.value.get(extensionId)
-    if (!tab) return
-
-    // IFrame entfernen
-    tab.iframe?.remove()
-    openTabs.value.delete(extensionId)
-
-    // Nächsten Tab aktivieren
-    if (activeTabId.value === extensionId) {
-      const remaining = sortedTabs.value
-      const nextTab = remaining[0]
-
-      if (nextTab) {
-        setActiveTab(nextTab.extension.id)
-      } else {
-        activeTabId.value = null
-      }
-    }
-  }
-
-  const registerIFrame = (extensionId: string, iframe: HTMLIFrameElement) => {
-    const tab = openTabs.value.get(extensionId)
-    if (tab) {
-      tab.iframe = iframe
-    }
-  }
-
-  const broadcastToAllTabs = (message: unknown) => {
-    openTabs.value.forEach(({ extension }) => {
-      // Use sandbox-compatible window reference
-      const win = getExtensionWindow(extension.id)
-      if (win) {
-        win.postMessage(message, '*')
-      }
-    })
-  }
-
-  const closeAllTabs = () => {
-    openTabs.value.forEach((tab) => tab.iframe?.remove())
-    openTabs.value.clear()
-    activeTabId.value = null
-  }
-
-  return {
-    // State
-    openTabs,
-    activeTabId,
-    // Getters
-    activeTab,
-    tabCount,
-    sortedTabs,
-    // Actions
-    openTab,
-    setActiveTab,
-    closeTab,
-    registerIFrame,
-    broadcastToAllTabs,
-    closeAllTabs,
-  }
-})

src/stores/ui/index.ts

@@ -1,4 +1,6 @@
 import { breakpointsTailwind } from '@vueuse/core'
+import { broadcastContextToAllExtensions } from '~/composables/extensionMessageHandler'
+
 import de from './de.json'
 import en from './en.json'
 
@@ -9,6 +11,9 @@ export const useUiStore = defineStore('uiStore', () => {
   const isSmallScreen = breakpoints.smaller('sm')
 
   const { $i18n } = useNuxtApp()
+  const { locale } = useI18n({
+    useScope: 'global',
+  })
 
   $i18n.setLocaleMessage('de', {
     ui: de,
@@ -56,11 +61,24 @@ export const useUiStore = defineStore('uiStore', () => {
     colorMode.preference = currentThemeName.value
   })
 
+  // Broadcast theme and locale changes to extensions
+  watch([currentThemeName, locale], async () => {
+    const deviceStore = useDeviceStore()
+    const platformValue = await deviceStore.platform
+    broadcastContextToAllExtensions({
+      theme: currentThemeName.value,
+      locale: locale.value,
+      platform: platformValue,
+    })
+  })
+
   const viewportHeightWithoutHeader = ref(0)
+  const headerHeight = ref(0)
 
   return {
     availableThemes,
     viewportHeightWithoutHeader,
+    headerHeight,
     currentTheme,
     currentThemeName,
     defaultTheme,

src/stores/vault/device.ts

@@ -4,8 +4,18 @@ import {
   platform as tauriPlatform,
 } from '@tauri-apps/plugin-os'
 
-export const useDeviceStore = defineStore('vaultInstanceStore', () => {
+const deviceIdKey = 'deviceId'
-  const deviceId = ref<string>()
+const defaultDeviceFileName = 'device.json'
+
+export const useDeviceStore = defineStore('vaultDeviceStore', () => {
+  const deviceId = ref<string | undefined>('')
+
+  const syncDeviceIdAsync = async () => {
+    deviceId.value = await getDeviceIdAsync()
+    if (deviceId.value) return deviceId.value
+
+    deviceId.value = await setDeviceIdAsync()
+  }
 
   const platform = computedAsync(() => tauriPlatform())
 
@@ -15,7 +25,7 @@ export const useDeviceStore = defineStore('vaultInstanceStore', () => {
 
   const getDeviceIdAsync = async () => {
     const store = await getStoreAsync()
-    return store.get<string>('id')
+    return await store.get<string>(deviceIdKey)
   }
 
   const getStoreAsync = async () => {
@@ -23,30 +33,19 @@ export const useDeviceStore = defineStore('vaultInstanceStore', () => {
       public: { haexVault },
     } = useRuntimeConfig()
 
-    return await load(haexVault.instanceFileName || 'instance.json')
+    return await load(haexVault.deviceFileName || defaultDeviceFileName)
   }
 
   const setDeviceIdAsync = async (id?: string) => {
     const store = await getStoreAsync()
     const _id = id || crypto.randomUUID()
-    await store.set('id', _id)
+    await store.set(deviceIdKey, _id)
-    deviceId.value = _id
     return _id
   }
 
-  const setDeviceIdIfNotExistsAsync = async () => {
-    const _deviceId = await getDeviceIdAsync()
-    if (_deviceId) {
-      deviceId.value = _deviceId
-      return deviceId.value
-    }
-    return await setDeviceIdAsync()
-  }
-
   const isKnownDeviceAsync = async () => {
     const { readDeviceNameAsync } = useVaultSettingsStore()
-    const deviceId = await getDeviceIdAsync()
+    return !!(await readDeviceNameAsync(deviceId.value))
-    return deviceId ? (await readDeviceNameAsync(deviceId)) || false : false
   }
 
   const readDeviceNameAsync = async (id?: string) => {
@@ -99,12 +98,13 @@ export const useDeviceStore = defineStore('vaultInstanceStore', () => {
     addDeviceNameAsync,
     deviceId,
     deviceName,
+    getDeviceIdAsync,
     hostname,
     isKnownDeviceAsync,
     platform,
     readDeviceNameAsync,
     setDeviceIdAsync,
-    setDeviceIdIfNotExistsAsync,
+    syncDeviceIdAsync,
     updateDeviceNameAsync,
   }
 })

src/stores/vault/lastVaults.ts

@@ -22,9 +22,14 @@ export const useLastVaultStore = defineStore('lastVaultStore', () => {
     return await invoke('delete_vault', { vaultName })
   }
 
+  const moveVaultToTrashAsync = async (vaultName: string) => {
+    return await invoke('move_vault_to_trash', { vaultName })
+  }
+
   return {
     syncLastVaultsAsync,
     lastVaults,
     removeVaultAsync,
+    moveVaultToTrashAsync,
   }
 })

src/stores/vault/settings.ts

@@ -118,9 +118,11 @@ export const useVaultSettingsStore = defineStore('vaultSettingsStore', () => {
       .where(eq(schema.haexSettings.key, 'vaultName'))
   }
 
-  const readDeviceNameAsync = async (id: string) => {
+  const readDeviceNameAsync = async (id?: string) => {
     const { currentVault } = useVaultStore()
 
+    if (!id) return undefined
+
     const deviceName =
       await currentVault?.drizzle?.query.haexSettings.findFirst({
         where: and(