Security with cryptography (#32)

* Add some experiment code for crypto crate * feat: add crypto crate with ssl, rsa, ed25519 for https, encryption, signing * Implement aes encryption helper in crypto crate * ci: add dep for CI rust test (protobuf) * fix: try to fix window CI with next * fix: CI * ci: add dep for ubuntu * ci: fix * fix: openssl lib path in CI * fix: CI * update applications-rs, disable some tests * fix: CI * feat: add file transfer grpc proto and server setup * CI: try to fix CI * fix: missing proto in build.rs * ci: add cargo build before cargo test * fix: grpc file descriptor * ci: fix CI by removing a redundant main.rs * fix: disable local windows test in applications-rs which fails CI * ci: run CI rust test only on ubuntu, windows is failing. will be handled in another PR * fix: vue template * fix: allow unused variable * fix: remove node:buffer type from api shell.ts to avoid frontend build error * try to fix test in create-kunkun * upgrade api to 0.0.44, remove node:buffer * upgrade next template to 15 * feat: turn the default server into a https server * feat: make SSL certificate loadable from env * feat: add conditional SSL cert in debug mode, use local default cert, in production generate new self-signed cert every time app starts * chore: add vscode debug config * feat: add server public key * feat: setup sqlite db encryption * fix: settings hotkey * chore: add .gitkeep * ci: add node-fetch to dep for api package
2025-04-03 22:26:43 +00:00 · 2024-11-24 00:45:36 -05:00 · 2024-11-24 00:45:36 -05:00 · da8e37c4a1
commit da8e37c4a1
parent 84b82f47a4
69 changed files with 2870 additions and 771 deletions
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@ -29,12 +29,39 @@ jobs:
      - uses: denoland/setup-deno@v2
        with:
          deno-version: v2.x
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
      - name: Install Dependencies
        run: pnpm install
      - name: Setup
        run: pnpm prepare
      - name: Build
        run: pnpm build
-      - name: Test
+      - name: JS Test
        if: matrix.os == 'ubuntu-24.04'
        run: pnpm test
+      - name: Install protobuf (Mac)
+        if: matrix.os == 'macos-14'
+        run: |
+          brew install protobuf
+      - name: Install Protobuf (Ubuntu)
+        if: matrix.os == 'ubuntu-24.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y protobuf-compiler libwebkit2gtk-4.1-dev libappindicator3-dev librsvg2-dev patchelf
+      - name: Install protoc and openssl for windows
+        if: matrix.os == 'windows-latest'
+        run: |
+          choco install protoc
+          echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
+          vcpkg install openssl:x64-windows-static-md
+          # choco install openssl -y
+          # echo OPENSSL_DIR='"C:\\Program Files\\OpenSSL-Win64"' >> $env:GITHUB_ENV
+          # echo OPENSSL_INCLUDE_DIR='"C:\\Program Files\\OpenSSL-Win64\\include"' >> $env:GITHUB_ENV
+          # echo OPENSSL_LIB_DIR='"C:\\Program Files\\OpenSSL-Win64\\lib"' >> $env:GITHUB_ENV
+          # openssl version
+      - name: Cargo Build and Test
+        if: matrix.os == 'ubuntu-24.04'
+        run: |
+          cargo build
+          cargo test
--- a/.github/workflows/desktop-publish.yml
+++ b/.github/workflows/desktop-publish.yml
@ -52,7 +52,7 @@ jobs:
          choco install openssl
          echo OPENSSL_DIR='"C:\\Program Files\\OpenSSL-Win64"' >> $env:GITHUB_ENV
          echo OPENSSL_INCLUDE_DIR='"C:\\Program Files\\OpenSSL-Win64\\include"' >> $env:GITHUB_ENV
-          echo OPENSSL_LIB_DIR='"C:\\Program Files\\OpenSSL-Win64\\lib"' >> $env:GITHUB_ENV
+          echo OPENSSL_LIB_DIR='"C:\\Program Files\\OpenSSL-Win64\\lib\\VC\\x64\\MDd"' >> $env:GITHUB_ENV
      - uses: pnpm/action-setup@v4
      - name: setup node
        uses: actions/setup-node@v4
--- a/.gitignore
+++ b/.gitignore
@ -38,3 +38,4 @@ yarn-error.log*
 *.pem
 stats.html
 target/
+.idea/
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@ -0,0 +1,32 @@
+{
+	// Use IntelliSense to learn about possible attributes.
+	// Hover to view descriptions of existing attributes.
+	// For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
+	"version": "0.2.0",
+	"configurations": [
+		{
+			"type": "lldb",
+			"request": "launch",
+			"name": "Tauri Development Debug",
+			"cargo": {
+				"args": [
+					"build",
+					"--manifest-path=./apps/desktop/src-tauri/Cargo.toml",
+					"--no-default-features"
+				]
+			},
+			// task for the `beforeDevCommand` if used, must be configured in `.vscode/tasks.json`
+			"preLaunchTask": "ui:dev"
+		},
+		{
+			"type": "lldb",
+			"request": "launch",
+			"name": "Tauri Production Debug",
+			"cargo": {
+				"args": ["build", "--release", "--manifest-path=./apps/desktop/src-tauri/Cargo.toml"]
+			},
+			// task for the `beforeBuildCommand` if used, must be configured in `.vscode/tasks.json`
+			"preLaunchTask": "ui:build"
+		}
+	]
+}
--- a/.vscode/tasks.json
+++ b/.vscode/tasks.json
@ -0,0 +1,18 @@
+{
+	"version": "2.0.0",
+	"tasks": [
+		{
+			"label": "ui:dev",
+			"type": "shell",
+			"isBackground": true,
+			"command": "pnpm",
+			"args": ["-F", "desktop", "dev"]
+		},
+		{
+			"label": "ui:build",
+			"type": "shell",
+			"command": "pnpm",
+			"args": ["-F", "desktop", "build"]
+		}
+	]
+}
--- a/Cargo.lock
+++ b/Cargo.lock
@ -468,6 +468,33 @@ dependencies = [
 "arrayvec",
 ]

+[[package]]
+name = "aws-lc-rs"
+version = "1.11.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fe7c2840b66236045acd2607d5866e274380afd87ef99d6226e961e2cb47df45"
+dependencies = [
+ "aws-lc-sys",
+ "mirai-annotations",
+ "paste",
+ "zeroize",
+]
+
+[[package]]
+name = "aws-lc-sys"
+version = "0.23.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ad3a619a9de81e1d7de1f1186dcba4506ed661a0e483d84410fdef0ee87b2f96"
+dependencies = [
+ "bindgen",
+ "cc",
+ "cmake",
+ "dunce",
+ "fs_extra",
+ "libc",
+ "paste",
+]
+
 [[package]]
 name = "axum"
 version = "0.6.20"
@ -585,6 +612,35 @@ version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"

+[[package]]
+name = "base64ct"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+
+[[package]]
+name = "bindgen"
+version = "0.69.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "271383c67ccabffb7381723dea0672a673f292304fcb45c01cc648c7a8d58088"
+dependencies = [
+ "bitflags 2.6.0",
+ "cexpr",
+ "clang-sys",
+ "itertools",
+ "lazy_static",
+ "lazycell",
+ "log",
+ "prettyplease",
+ "proc-macro2",
+ "quote",
+ "regex",
+ "rustc-hash 1.1.0",
+ "shlex",
+ "syn 2.0.87",
+ "which",
+]
+
 [[package]]
 name = "bit_field"
 version = "0.10.2"
@ -639,6 +695,15 @@ dependencies = [
 "generic-array",
 ]

+[[package]]
+name = "block-padding"
+version = "0.3.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "a8894febbff9f758034a5b8e12d87918f56dfc64a8e1fe757d65e29041538d93"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "block2"
 version = "0.5.1"
@ -876,6 +941,15 @@ dependencies = [
 "toml 0.8.2",
 ]

+[[package]]
+name = "cbc"
+version = "0.1.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "26b52a9543ae338f279b96b0b9fed9c8093744685043739079ce85cd58f289a6"
+dependencies = [
+ "cipher",
+]
+
 [[package]]
 name = "cc"
 version = "1.1.33"
@ -893,6 +967,15 @@ version = "1.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "6d43a04d8753f35258c91f8ec639f792891f748a1edbd759cf1dcea3382ad83c"

+[[package]]
+name = "cexpr"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6fac387a98bb7c37292057cffc56d62ecb629900026402633ae9160df93a8766"
+dependencies = [
+ "nom",
+]
+
 [[package]]
 name = "cfb"
 version = "0.7.3"
@ -957,6 +1040,17 @@ dependencies = [
 "inout",
 ]

+[[package]]
+name = "clang-sys"
+version = "1.8.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b023947811758c97c59bf9d1c188fd619ad4718dcaa767947df1cadb14f39f4"
+dependencies = [
+ "glob",
+ "libc",
+ "libloading 0.8.5",
+]
+
 [[package]]
 name = "clap"
 version = "4.5.20"
@ -1141,6 +1235,12 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "fe1d7dcda7d1da79e444bdfba1465f2f849a58b07774e1df473ee77030cb47a7"

+[[package]]
+name = "const-oid"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
+
 [[package]]
 name = "const-random"
 version = "0.1.18"
@ -1361,6 +1461,27 @@ version = "0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7a81dae078cea95a014a339291cec439d2f232ebe854a9d672b796c6afafa9b7"

+[[package]]
+name = "crypto"
+version = "0.1.0"
+dependencies = [
+ "aes",
+ "anyhow",
+ "axum",
+ "axum-server",
+ "block-padding",
+ "cbc",
+ "hex",
+ "openssl",
+ "rand 0.8.5",
+ "reqwest 0.12.9",
+ "ring",
+ "rsa",
+ "rustls 0.23.16",
+ "sha2",
+ "tokio",
+]
+
 [[package]]
 name = "crypto-common"
 version = "0.1.6"
@ -1468,6 +1589,17 @@ version = "0.1.9"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "da692b8d1080ea3045efaab14434d40468c3d8657e42abddfffca87b428f4c1b"

+[[package]]
+name = "der"
+version = "0.7.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f55bf8e7b65898637379c1b74eb1551107c8294ed26d855ceb9fd1a09cfc9bc0"
+dependencies = [
+ "const-oid",
+ "pem-rfc7468",
+ "zeroize",
+]
+
 [[package]]
 name = "deranged"
 version = "0.3.11"
@ -1520,6 +1652,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
 dependencies = [
 "block-buffer",
+ "const-oid",
 "crypto-common",
 "subtle",
 ]
@ -1970,6 +2103,12 @@ dependencies = [
 "percent-encoding",
 ]

+[[package]]
+name = "fs_extra"
+version = "1.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
+
 [[package]]
 name = "funty"
 version = "2.0.0"
@ -2562,6 +2701,15 @@ dependencies = [
 "digest",
 ]

+[[package]]
+name = "home"
+version = "0.5.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e3d1354bf6b7235cb4a0576c2619fd4ed18183f689b12b006a0ee7329eeff9a5"
+dependencies = [
+ "windows-sys 0.52.0",
+]
+
 [[package]]
 name = "html5ever"
 version = "0.26.0"
@ -2737,6 +2885,22 @@ dependencies = [
 "tokio-native-tls",
 ]

+[[package]]
+name = "hyper-tls"
+version = "0.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "70206fc6890eaca9fde8a0bf71caa2ddfc9fe045ac9e5c70df101a7dbde866e0"
+dependencies = [
+ "bytes",
+ "http-body-util",
+ "hyper 1.5.0",
+ "hyper-util",
+ "native-tls",
+ "tokio",
+ "tokio-native-tls",
+ "tower-service",
+]
+
 [[package]]
 name = "hyper-util"
 version = "0.1.10"
@ -2936,6 +3100,7 @@ version = "0.1.3"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "a0c10553d664a4d0bcff9f4215d0aac67a639cc68ef660840afe309b807bc9f5"
 dependencies = [
+ "block-padding",
 "generic-array",
 ]

@ -3156,6 +3321,7 @@ dependencies = [
 "log",
 "mac-security-rs",
 "mdns-sd",
+ "obfstr",
 "objc",
 "serde",
 "serde_json",
@ -3192,6 +3358,9 @@ name = "lazy_static"
 version = "1.5.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "bbd2bcb4c963f2ddae06a2efc7e9f3591312473c50c6685e1f298068316e66fe"
+dependencies = [
+ "spin",
+]

 [[package]]
 name = "lazycell"
@ -3266,6 +3435,12 @@ dependencies = [
 "windows-targets 0.52.6",
 ]

+[[package]]
+name = "libm"
+version = "0.2.11"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8355be11b20d696c8f18f6cc018c4e372165b1fa8126cef092399c9951984ffa"
+
 [[package]]
 name = "libredox"
 version = "0.1.3"
@ -3531,6 +3706,12 @@ dependencies = [
 "windows-sys 0.52.0",
 ]

+[[package]]
+name = "mirai-annotations"
+version = "1.12.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c9be0862c1b3f26a88803c4a49de6889c10e608b3ee9344e6ef5b45fb37ad3d1"
+
 [[package]]
 name = "muda"
 version = "0.15.2"
@ -3701,6 +3882,23 @@ dependencies = [
 "num-traits",
 ]

+[[package]]
+name = "num-bigint-dig"
+version = "0.8.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151"
+dependencies = [
+ "byteorder",
+ "lazy_static",
+ "libm",
+ "num-integer",
+ "num-iter",
+ "num-traits",
+ "rand 0.8.5",
+ "smallvec",
+ "zeroize",
+]
+
 [[package]]
 name = "num-conv"
 version = "0.1.0"
@ -3738,6 +3936,17 @@ dependencies = [
 "num-traits",
 ]

+[[package]]
+name = "num-iter"
+version = "0.1.45"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1429034a0490724d0075ebb2bc9e875d6503c3cf69e235a8941aa757d83ef5bf"
+dependencies = [
+ "autocfg",
+ "num-integer",
+ "num-traits",
+]
+
 [[package]]
 name = "num-rational"
 version = "0.4.2"
@ -3756,6 +3965,7 @@ source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
 dependencies = [
 "autocfg",
+ "libm",
 ]

 [[package]]
@ -3798,6 +4008,12 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "obfstr"
+version = "0.4.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d0d354e9a302760d07e025701d40534f17dd1fe4c4db955b4e3bd2907c63bdee"
+
 [[package]]
 name = "objc"
 version = "0.2.7"
@ -4252,6 +4468,15 @@ dependencies = [
 "hmac",
 ]

+[[package]]
+name = "pem-rfc7468"
+version = "0.7.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
+dependencies = [
+ "base64ct",
+]
+
 [[package]]
 name = "percent-encoding"
 version = "2.3.1"
@ -4445,6 +4670,27 @@ dependencies = [
 "futures-io",
 ]

+[[package]]
+name = "pkcs1"
+version = "0.7.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
+dependencies = [
+ "der",
+ "pkcs8",
+ "spki",
+]
+
+[[package]]
+name = "pkcs8"
+version = "0.10.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f950b2377845cebe5cf8b5165cb3cc1a5e0fa5cfa3e1f7f55707d8fd82e0a7b7"
+dependencies = [
+ "der",
+ "spki",
+]
+
 [[package]]
 name = "pkg-config"
 version = "0.3.31"
@ -4758,7 +5004,7 @@ dependencies = [
 "pin-project-lite",
 "quinn-proto",
 "quinn-udp",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "rustls 0.23.16",
 "socket2",
 "thiserror 1.0.66",
@ -4775,7 +5021,7 @@ dependencies = [
 "bytes",
 "rand 0.8.5",
 "ring",
- "rustc-hash",
+ "rustc-hash 2.0.0",
 "rustls 0.23.16",
 "slab",
 "thiserror 1.0.66",
@ -5052,7 +5298,7 @@ dependencies = [
 "http 0.2.12",
 "http-body 0.4.6",
 "hyper 0.14.31",
- "hyper-tls",
+ "hyper-tls 0.5.0",
 "ipnet",
 "js-sys",
 "log",
@ -5096,11 +5342,13 @@ dependencies = [
 "http-body-util",
 "hyper 1.5.0",
 "hyper-rustls",
+ "hyper-tls 0.6.0",
 "hyper-util",
 "ipnet",
 "js-sys",
 "log",
 "mime",
+ "native-tls",
 "once_cell",
 "percent-encoding",
 "pin-project-lite",
@ -5114,6 +5362,7 @@ dependencies = [
 "sync_wrapper 1.0.1",
 "system-configuration 0.6.1",
 "tokio",
+ "tokio-native-tls",
 "tokio-rustls 0.26.0",
 "tokio-util",
 "tower-service",
@ -5199,6 +5448,27 @@ dependencies = [
 "syn 1.0.109",
 ]

+[[package]]
+name = "rsa"
+version = "0.9.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5d0e5124fcb30e76a7e79bfee683a2746db83784b86289f6251b54b7950a0dfc"
+dependencies = [
+ "const-oid",
+ "digest",
+ "num-bigint-dig",
+ "num-integer",
+ "num-traits",
+ "pkcs1",
+ "pkcs8",
+ "rand_core 0.6.4",
+ "sha2",
+ "signature",
+ "spki",
+ "subtle",
+ "zeroize",
+]
+
 [[package]]
 name = "rusqlite"
 version = "0.31.0"
@ -5259,6 +5529,12 @@ version = "0.1.24"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "719b953e2095829ee67db738b3bfa9fa368c94900df327b3f07fe6e794d2fe1f"

+[[package]]
+name = "rustc-hash"
+version = "1.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "08d43f7aa6b08d49f382cde6a7982047c3426db949b1424bc4b7ec9ae12c6ce2"
+
 [[package]]
 name = "rustc-hash"
 version = "2.0.0"
@ -5305,6 +5581,8 @@ version = "0.23.16"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "eee87ff5d9b36712a58574e12e9f0ea80f915a5b0ac518d322b24a465617925e"
 dependencies = [
+ "aws-lc-rs",
+ "log",
 "once_cell",
 "ring",
 "rustls-pki-types",
@ -5353,6 +5631,7 @@ version = "0.102.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "64ca1bc8749bd4cf37b5ce386cc146580777b4e8572c7b97baf22c83f444bee9"
 dependencies = [
+ "aws-lc-rs",
 "ring",
 "rustls-pki-types",
 "untrusted",
@ -5700,6 +5979,16 @@ dependencies = [
 "libc",
 ]

+[[package]]
+name = "signature"
+version = "2.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77549399552de45a898a580c1b41d445bf730df867cc44e6c0233bbc4b8329de"
+dependencies = [
+ "digest",
+ "rand_core 0.6.4",
+]
+
 [[package]]
 name = "simd-adler32"
 version = "0.3.7"
@ -5809,6 +6098,16 @@ dependencies = [
 "lock_api",
 ]

+[[package]]
+name = "spki"
+version = "0.7.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
+dependencies = [
+ "base64ct",
+ "der",
+]
+
 [[package]]
 name = "stable_deref_trait"
 version = "1.2.0"
@ -6398,13 +6697,16 @@ dependencies = [
 "axum",
 "axum-extra",
 "axum-server",
+ "base64 0.22.1",
 "chrono",
+ "crypto",
 "db",
 "flate2",
 "ico",
 "log",
 "mac-security-rs",
 "mdns-sd",
+ "obfstr",
 "plist",
 "prost",
 "rust_search",
@ -7757,6 +8059,18 @@ version = "0.1.8"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "53a85b86a771b1c87058196170769dd264f66c0782acf1ae6cc51bfd64b39082"

+[[package]]
+name = "which"
+version = "4.4.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "87ba24419a2078cd2b0f2ede2691b6c66d8e47836da3b6db8265ebad47afbfc7"
+dependencies = [
+ "either",
+ "home",
+ "once_cell",
+ "rustix",
+]
+
 [[package]]
 name = "widestring"
 version = "0.4.3"
--- a/Cargo.toml
+++ b/Cargo.toml
@ -7,6 +7,7 @@ members = [
    "packages/db",
    "packages/mac-security-rs",
    "packages/tauri-plugins/jarvis",
+    "packages/crypto",
 ]

 [workspace.dependencies]
@ -26,3 +27,11 @@ applications = { path = "./vendors/applications-rs" }
 tauri-plugin-jarvis = { path = "./packages/tauri-plugins/jarvis" }
 tauri-plugin-system-info = { path = "./vendors/tauri-plugin-system-info" }
 db = { path = "./packages/db" }
+axum = { version = "0.6.20" }
+axum-extra = { version = "0.8.0" }
+axum-server = { version = "0.5", features = ["tls-rustls"] }
+rustls = { version = "0.23", features = ["ring"] }
+reqwest = { version = "0.12", features = ["json", "rustls-tls"] }
+crypto = { path = "./packages/crypto" }
+base64 = "0.22.1"
+obfstr = "0.4.4"
--- a/apps/create-kunkun/tests/create-template.test.ts
+++ b/apps/create-kunkun/tests/create-template.test.ts
@ -22,9 +22,9 @@ await Promise.all(
 		const folderName = `${templateName}-ext`
 		await $`node ${indexjsPath} --outdir ${testDir} --name ${folderName} --template ${templateName}`
 		const templateDir = path.join(testDir, folderName)
-		await $`rm -rf node_modules`.cwd(templateDir).text() // this doesn't work within bun test
-		await $`pnpm install`.cwd(templateDir).text() // this doesn't work within bun test
-		await $`pnpm run build`.cwd(templateDir).text()
+		await $`rm -rf node_modules`.cwd(templateDir) // this doesn't work within bun test
+		await $`pnpm install`.cwd(templateDir) // this doesn't work within bun test
+		await $`pnpm run build`.cwd(templateDir)
 	})
 )

--- a/apps/desktop/src-tauri/Cargo.toml
+++ b/apps/desktop/src-tauri/Cargo.toml
@ -17,7 +17,8 @@ crate-type = ["staticlib", "cdylib", "rlib"]
 tauri-build = { version = "2.0.2", features = [] }

 [dependencies]
-tauri = { version = "2.0.6", features = [ "macos-private-api",
+tauri = { version = "2.0.6", features = [
+    "macos-private-api",
    "image-png",
    "image-ico",
    "tray-icon",
@ -50,6 +51,7 @@ tauri-plugin-log = { version = "2.0.1", features = ["colored"] }
 zip = "2.1.3"
 uuid = "1.11.0"
 # tauri-plugin-devtools = "2.0.0"
+obfstr = { workspace = true }

 [target."cfg(target_os = \"macos\")".dependencies]
 cocoa = "0.24.1"
--- a/apps/desktop/src-tauri/build.rs
+++ b/apps/desktop/src-tauri/build.rs
@ -1,3 +1,8 @@
 fn main() {
+    let db_enc_key = match std::env::var("DB_ENCRYPTION_KEY") {
+        Ok(key) => key,
+        Err(_) => String::from("none"),
+    };
+    println!("cargo:rustc-env=DB_ENCRYPTION_KEY={}", db_enc_key);
    tauri_build::build()
 }
--- a/apps/desktop/src-tauri/src/lib.rs
+++ b/apps/desktop/src-tauri/src/lib.rs
@ -23,6 +23,16 @@ pub fn run() {
    let context = tauri::generate_context!();
    let mut builder = tauri::Builder::default();

+    let db_key = if cfg!(debug_assertions) {
+        None
+    } else {
+        let db_enc_key_env = obfstr::obfstr!(env!("DB_ENCRYPTION_KEY")).to_string();
+        match db_enc_key_env == "none" {
+            true => None,
+            false => Some(db_enc_key_env),
+        }
+    };
+
    #[cfg(debug_assertions)]
    {
        println!("Install crabnebula devtools");
@ -91,7 +101,7 @@ pub fn run() {
        .plugin(tauri_plugin_notification::init())
        .plugin(tauri_plugin_fs::init())
        .plugin(tauri_plugin_shellx::init(shell_unlocked))
-        .plugin(tauri_plugin_jarvis::init())
+        .plugin(tauri_plugin_jarvis::init(db_key.clone()))
        .plugin(tauri_plugin_clipboard::init())
        .plugin(tauri_plugin_network::init())
        .plugin(tauri_plugin_system_info::init());
@ -127,7 +137,7 @@ pub fn run() {
                    .unwrap(),
            }
        })
-        .setup(|app| {
+        .setup(move |app| {
            setup::window::setup_window(app.handle());
            setup::tray::create_tray(app.handle())?;
            #[cfg(all(not(target_os = "macos"), debug_assertions))]
@ -145,20 +155,21 @@ pub fn run() {
            //     Err(_) => AppSettings::default(),
            // };
            // let dev_extension_path: Option<PathBuf> = app_settings.dev_extension_path.clone();
-            let my_port = tauri_plugin_network::network::scan::find_available_port_from_list(
-                tauri_plugin_jarvis::server::CANDIDATE_PORTS.to_vec(),
-            )
-            .unwrap();
-            log::info!("Jarvis Server Port: {}", my_port);
+            // let my_port = tauri_plugin_network::network::scan::find_available_port_from_list(
+            //     tauri_plugin_jarvis::server::CANDIDATE_PORTS.to_vec(),
+            // )
+            // .unwrap();
+            // log::info!("Jarvis Server Port: {}", my_port);
            // log::info!(
            //     "App Settings Dev Extension Path: {:?}",
            //     app_settings.dev_extension_path.clone(),
            // );
+            let my_port = 9559;
            app.manage(tauri_plugin_jarvis::server::http::Server::new(
                app.handle().clone(),
                my_port,
-                Protocol::Http,
-                // Protocol::Https,
+                // Protocol::Http,
+                Protocol::Https,
            ));
            app.manage(tauri_plugin_jarvis::model::app_state::AppState {});
            tauri_plugin_jarvis::setup::server::setup_server(app.handle())?; // start the server
@ -173,13 +184,20 @@ pub fn run() {
            // setup::db::setup_db(app)?;
            /* ------------------------- Clipboard History Setup ------------------------ */
            let db_path = get_kunkun_db_path(app.app_handle())?;
-            let db_key: Option<String> = None;
-            let jarvis_db = JarvisDB::new(db_path.clone(), db_key.clone())?;
+
+            // println!("DB_ENCRYPTION_KEY: {:?}", db_key);
+            // let jarvis_db = JarvisDB::new(db_path.clone(), db_key.clone())?;
            // The clipboard extension should be created in setup_db, ext is guaranteed to be Some
+            // let jarvis_db = app
+            //     .state::<tauri_plugin_jarvis::commands::db::DBState>()
+            //     .db
+            //     .lock()
+            //     .unwrap();
+
+            let jarvis_db = tauri_plugin_jarvis::utils::db::get_db(db_path, db_key)?;
            let ext = jarvis_db.get_unique_extension_by_identifier(
                tauri_plugin_jarvis::constants::KUNKUN_CLIPBOARD_EXT_IDENTIFIER,
            )?;
-
            app.manage(
                tauri_plugin_jarvis::model::clipboard_history::ClipboardHistory::new(
                    jarvis_db,
--- a/apps/desktop/src/lib/cmds/builtin.ts
+++ b/apps/desktop/src/lib/cmds/builtin.ts
@ -3,6 +3,7 @@ import { checkUpdateAndInstall } from "@/utils/updater"
 import { IconEnum } from "@kksh/api/models"
 import type { BuiltinCmd } from "@kksh/ui/types"
 import { getVersion } from "@tauri-apps/api/app"
+import { appDataDir } from "@tauri-apps/api/path"
 import { WebviewWindow } from "@tauri-apps/api/webviewWindow"
 import { exit } from "@tauri-apps/plugin-process"
 import { dev } from "$app/environment"
@ -10,6 +11,7 @@ import { goto } from "$app/navigation"
 import { toast } from "svelte-sonner"
 import { derived } from "svelte/store"
 import * as clipboard from "tauri-plugin-clipboard-api"
+import { open } from "tauri-plugin-shellx-api"
 import { v4 as uuidv4 } from "uuid"
 import { hexColor } from "valibot"

@ -338,6 +340,18 @@ export const rawBuiltinCmds: BuiltinCmd[] = [
 				return { ...config, developerMode: !config.developerMode }
 			})
 		}
+	},
+	{
+		name: "Open App Data Dir",
+		icon: {
+			type: IconEnum.Iconify,
+			value: "mdi:folder-open"
+		},
+		description: "Open App Data Dir",
+		function: async () => {
+			console.log(await appDataDir())
+			open(await appDataDir())
+		}
 	}
 ].map((cmd) => ({ ...cmd, id: uuidv4() }))

--- a/apps/desktop/src/routes/+layout.svelte
+++ b/apps/desktop/src/routes/+layout.svelte
@ -32,7 +32,6 @@
 	/* -------------------------------------------------------------------------- */
 	gsap.registerPlugin(Flip)
 	let flipState: Flip.FlipState
-
 	beforeNavigate(() => {
 		flipState = Flip.getState(
 			`.${Constants.CLASSNAMES.EXT_LOGO}, .${Constants.CLASSNAMES.BACK_BUTTON}`
@ -55,7 +54,9 @@

 	let { children } = $props()
 	const unlisteners: UnlistenFn[] = []
-
+	onDestroy(() => {
+		unlisteners.forEach((unlistener) => unlistener())
+	})
 	onMount(async () => {
 		attachConsole().then((unlistener) => unlisteners.push(unlistener))
 		initDeeplink().then((unlistener) => unlisteners.push(unlistener))
@ -103,10 +104,6 @@
 		}
 		getCurrentWebviewWindow().show()
 	})
-
-	onDestroy(() => {
-		unlisteners.forEach((unlistener) => unlistener())
-	})
 </script>

 <svelte:window on:keydown={globalKeyDownHandler} />
--- a/apps/desktop/src/routes/auth/+page.svelte
+++ b/apps/desktop/src/routes/auth/+page.svelte
@ -27,6 +27,8 @@
 		if (error) {
 			toast.error("Failed to sign in with OAuth", { description: error.message })
 		} else {
+			console.log(data.url);
+			
 			data.url && open(data.url)
 		}
 	}
--- a/apps/desktop/src/routes/settings/+layout.svelte
+++ b/apps/desktop/src/routes/settings/+layout.svelte
@ -11,7 +11,7 @@

 <SideBar.Provider style="--sidebar-width: 13rem;">
 	<SettingsSidebar />
-	<main class="grow overflow-x-clip">
+	<main class="grow overflow-x-clip flex flex-col">
 		<SidebarTrigger />
 		{@render children?.()}
 	</main>
--- a/apps/desktop/src/routes/settings/about/+page.svelte
+++ b/apps/desktop/src/routes/settings/about/+page.svelte
@ -13,14 +13,14 @@
 	})
 </script>

-<Layouts.Center class="absolute left-0 top-0 h-full w-full overflow-hidden border">
-	<div>
+<Layouts.Center class="w-full grow -translate-y-10 overflow-hidden">
+	<div class="">
 		<div class="flex w-full items-center space-x-5">
 			<img src="/favicon.png" class="w-44" alt="Logo" />
 			<div class="flex flex-col space-y-1">
 				<p class="text-3xl font-bold">KunKun Shell</p>
 				<p class="text-xs">Version: {appVersion}</p>
-				<p>
+				<p class="flex gap-1">
 					<strong class="font-bold">Author: </strong>
 					<a
 						href="https://github.com/HuakunShen"
--- a/packages/api/jsr.json
+++ b/packages/api/jsr.json
@ -1,7 +1,7 @@
 {
 	"$schema": "https://jsr.io/schema/config-file.v1.json",
 	"name": "@kunkun/api",
-	"version": "0.0.41",
+	"version": "0.0.44",
 	"license": "MIT",
 	"exports": {
 		".": "./src/index.ts",
--- a/packages/api/package.json
+++ b/packages/api/package.json
@ -1,6 +1,6 @@
 {
 	"name": "@kksh/api",
-	"version": "0.0.43",
+	"version": "0.0.44",
 	"type": "module",
 	"exports": {
 		".": "./src/index.ts",
@ -57,6 +57,7 @@
 		"kkrpc": "^0.0.12",
 		"lodash": "^4.17.21",
 		"minimatch": "^10.0.1",
+		"node-fetch": "^3.3.2",
 		"semver": "^7.6.3",
 		"svelte-sonner": "^0.3.28",
 		"tauri-api-adapter": "^0.3.13",
--- a/packages/api/src/dev/index.ts
+++ b/packages/api/src/dev/index.ts
@ -1,20 +1,26 @@
 import { exec } from "child_process"
+import https from "https"
 import os from "node:os"
+import fetch from "node-fetch"
 import {
 	DEEP_LINK_PATH_REFRESH_DEV_EXTENSION,
 	DESKTOP_SERVICE_NAME,
 	KUNKUN_DESKTOP_APP_SERVER_PORTS
 } from "../constants"

+const httpsAgent = new https.Agent({
+	rejectUnauthorized: false // Accept self-signed certificates
+})
+
 export function checkLocalKunkunService(port: number): Promise<boolean> {
-	return fetch(`http://localhost:${port}/info`)
+	return fetch(`https://localhost:${port}/info`, { agent: httpsAgent })
 		.then((res) => {
 			if (!res.ok) {
 				return false
 			}
 			return res.json()
 		})
-		.then((data) => {
+		.then((data: any) => {
 			return data["service_name"].toLowerCase() === DESKTOP_SERVICE_NAME.toLowerCase()
 		})
 		.catch((err) => {
@ -45,8 +51,9 @@ export async function refreshTemplateWorkerExtensionViaServer() {
 		console.warn("Will Refresh Every Instance")
 	}
 	for (const port of ports) {
-		fetch(`http://localhost:${port}/refresh-worker-extension`, {
-			method: "POST"
+		fetch(`https://localhost:${port}/refresh-worker-extension`, {
+			method: "POST",
+			agent: httpsAgent
 		}).catch((err) => {
 			console.error("Failed to send refresh worker extension request", err)
 		})
--- a/packages/api/src/ui/api/shell.ts
+++ b/packages/api/src/ui/api/shell.ts
@ -1,7 +1,4 @@
-import { type Buffer } from "node:buffer"
-import { Channel, invoke } from "@tauri-apps/api/core"
 import { RPCChannel, type IoInterface } from "kkrpc/browser"
-import { constructShellAPI as constructShellAPI1 } from "tauri-api-adapter/client"
 import {
 	// Child,
 	EventEmitter,
@ -244,7 +241,7 @@ export class TauriShellStdio implements IoInterface {
 		private childProcess: Child
 	) {}

-	read(): Promise<string | Buffer | Uint8Array | null> {
+	read(): Promise<string | Uint8Array | null> {
 		return new Promise((resolve, reject) => {
 			this.readStream.on("data", (chunk) => {
 				resolve(chunk)
--- a/packages/api/src/version.ts
+++ b/packages/api/src/version.ts
@ -17,7 +17,7 @@ export const breakingChangesVersionCheckpoints = [
 const checkpointVersions = breakingChangesVersionCheckpoints.map((c) => c.version)
 const sortedCheckpointVersions = sort(checkpointVersions)

-export const version = "0.0.43"
+export const version = "0.0.44"

 export function isVersionBetween(v: string, start: string, end: string) {
 	const vCleaned = clean(v)
--- a/packages/ci/scripts/init-env.ts
+++ b/packages/ci/scripts/init-env.ts
@ -52,3 +52,5 @@ PUBLIC_SUPABASE_PROJECT_ID=${process.env.SUPABASE_PROJECT_ID}
 )
 // writeFileSync(join(__dirname, "../packages/gql/.env"), envContent)
 writeFileSync(join(REPO_ROOT, "packages/schema/.env"), envContent)
+
+writeFileSync(join(REPO_ROOT, "packages/tauri-plugins/jarvis/.env"), envContent)
--- a/packages/crypto/Cargo.toml
+++ b/packages/crypto/Cargo.toml
@ -0,0 +1,21 @@
+[package]
+name = "crypto"
+version = "0.1.0"
+edition = "2021"
+
+[dependencies]
+openssl = "0.10.68"
+rand = "0.8.5"
+ring = "0.17.8"
+rsa = { version = "0.9.6", features = ["sha2"] }
+sha2 = "0.10.8"
+anyhow = { workspace = true }
+hex = "0.4.3"
+axum = { workspace = true }
+tokio = { workspace = true }
+rustls = { workspace = true }
+axum-server = { workspace = true }
+reqwest = { workspace = true }
+aes = "0.8.4"
+block-padding = "0.3.3"
+cbc = { version = "0.1.2", features = ["alloc"] }
--- a/packages/crypto/src/aes.rs
+++ b/packages/crypto/src/aes.rs
@ -0,0 +1,54 @@
+use aes::cipher::{BlockDecryptMut, BlockEncryptMut, KeyIvInit};
+use block_padding::Pkcs7;
+use cbc::Decryptor as CbcDec;
+use cbc::Encryptor as CbcEnc;
+type Aes256CbcEnc = CbcEnc<aes::Aes256>;
+type Aes256CbcDec = CbcDec<aes::Aes256>;
+
+pub struct Aes256Cbc {
+    encryptor: Aes256CbcEnc,
+    decryptor: Aes256CbcDec,
+}
+
+impl Aes256Cbc {
+    pub fn new(key: [u8; 32], iv: [u8; 16]) -> Self {
+        Self {
+            encryptor: Aes256CbcEnc::new(&key.into(), &iv.into()),
+            decryptor: Aes256CbcDec::new(&key.into(), &iv.into()),
+        }
+    }
+
+    pub fn encrypt(&self, data: &[u8]) -> Vec<u8> {
+        self.encryptor.clone().encrypt_padded_vec_mut::<Pkcs7>(data)
+    }
+
+    pub fn decrypt(&self, data: &[u8]) -> Vec<u8> {
+        // let mut buf = data.to_vec();
+        self.decryptor
+            .clone()
+            .decrypt_padded_vec_mut::<Pkcs7>(data)
+            .unwrap()
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_encrypt_decrypt() {
+        let aes = Aes256Cbc::new([0; 32], [0; 16]);
+        let encrypted = aes.encrypt(b"kunkun");
+        let decrypted = aes.decrypt(&encrypted);
+        assert_eq!(decrypted, b"kunkun");
+    }
+
+    #[test]
+    fn test_encrypt_huge_chunk_data() {
+        let aes = Aes256Cbc::new([0; 32], [0; 16]);
+        let data = vec![0; 1024 * 1024];
+        let encrypted = aes.encrypt(&data);
+        let decrypted = aes.decrypt(&encrypted);
+        assert_eq!(decrypted, data);
+    }
+}
--- a/packages/crypto/src/ed25519.rs
+++ b/packages/crypto/src/ed25519.rs
@ -0,0 +1,92 @@
+//! ed25519 is a cryptographic signature algorithm.
+//! It cannot be used for encryption, only for signing and verifying.
+//!
+//! For example, ed25519 is commonly used as SSH key.
+//! When ssh login starts, the private key is used to sign a challenge message.
+//! The server verifies the signature of the public key.
+
+use openssl::{
+    pkey::{PKey, Private, Public},
+    sign::{Signer, Verifier},
+};
+
+use crate::types::Signature;
+
+pub struct Ed25519Crypto {}
+
+impl Ed25519Crypto {
+    pub fn generate_key() -> anyhow::Result<PKey<Private>> {
+        PKey::generate_ed25519().map_err(anyhow::Error::from)
+    }
+
+    pub fn generate_key_pair_pem() -> anyhow::Result<(Vec<u8>, Vec<u8>)> {
+        let private_key = PKey::generate_ed25519()?;
+        let private_pem = private_key.private_key_to_pem_pkcs8()?;
+        let public_pem = private_key.public_key_to_pem()?;
+        Ok((private_pem, public_pem))
+    }
+
+    pub fn private_key_from_pem(pem: &[u8]) -> anyhow::Result<PKey<Private>> {
+        PKey::private_key_from_pem(pem).map_err(anyhow::Error::from)
+    }
+
+    pub fn public_key_from_pem(pem: &[u8]) -> anyhow::Result<PKey<Public>> {
+        PKey::public_key_from_pem(pem).map_err(anyhow::Error::from)
+    }
+
+    pub fn sign(private_key: &PKey<Private>, message: &[u8]) -> anyhow::Result<Vec<u8>> {
+        let mut signer = Signer::new_without_digest(&private_key)?;
+        Ok(signer.sign_oneshot_to_vec(message)?)
+    }
+
+    pub fn verify(
+        public_key: &PKey<Public>,
+        message: &[u8],
+        signature: &[u8],
+    ) -> anyhow::Result<bool> {
+        let mut verifier = Verifier::new_without_digest(public_key)?;
+        Ok(verifier.verify_oneshot(&signature, message)?)
+    }
+}
+
+impl Signature for Ed25519Crypto {
+    fn sign_with_pem(private_pem: &[u8], message: &[u8]) -> anyhow::Result<Vec<u8>> {
+        let private_key = Ed25519Crypto::private_key_from_pem(private_pem)?;
+        Ed25519Crypto::sign(&private_key, message)
+    }
+
+    fn verify_with_pem(
+        public_pem: &[u8],
+        message: &[u8],
+        signature: &[u8],
+    ) -> anyhow::Result<bool> {
+        let public_key = Ed25519Crypto::public_key_from_pem(public_pem)?;
+        Ed25519Crypto::verify(&public_key, message, signature)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_ed25519_sign_verify() {
+        let (private_pem, public_pem) = Ed25519Crypto::generate_key_pair_pem().unwrap();
+        let message = b"hello world";
+        let private_key = Ed25519Crypto::private_key_from_pem(&private_pem).unwrap();
+        let public_key = Ed25519Crypto::public_key_from_pem(&public_pem).unwrap();
+        let signature = Ed25519Crypto::sign(&private_key, message).unwrap();
+        let verified = Ed25519Crypto::verify(&public_key, message, &signature).unwrap();
+        assert!(verified);
+        assert!(!Ed25519Crypto::verify(&public_key, b"hello world2", &signature).unwrap());
+    }
+
+    #[test]
+    fn test_ed25519_sign_verify_with_pem() {
+        let (private_pem, public_pem) = Ed25519Crypto::generate_key_pair_pem().unwrap();
+        let message = b"hello world";
+        let signature = Ed25519Crypto::sign_with_pem(&private_pem, message).unwrap();
+        let verified = Ed25519Crypto::verify_with_pem(&public_pem, message, &signature).unwrap();
+        assert!(verified);
+    }
+}
--- a/packages/crypto/src/lib.rs
+++ b/packages/crypto/src/lib.rs
@ -0,0 +1,17 @@
+//! This module provides simplified cryptographic interface for Kunkun.
+//!
+//! Features include
+//! - RSA (generation/sign/verify/encrypt/decrypt)
+//! - Ed25519 (generation/sign/verify).
+//! - SSL/TLS (self-signed certificate generation).
+
+pub mod aes;
+pub mod ed25519;
+pub mod rsa;
+pub mod ssl;
+pub mod types;
+
+pub use ed25519::Ed25519Crypto;
+pub use rsa::RsaCrypto;
+pub use ssl::generate_self_signed_certificate;
+pub use types::Signature;
--- a/packages/crypto/src/main.rs
+++ b/packages/crypto/src/main.rs
@ -0,0 +1,37 @@
+// use crypto::{Ed25519Crypto, Signature};
+// use openssl::pkey::PKey;
+// use openssl::rsa::{Padding, Rsa};
+// use std::str;
+
+// fn main() {
+//     let (private_pem, public_pem) = Ed25519Crypto::generate_key_pair_pem().unwrap();
+//     let message = b"hello world";
+//     let signature = Ed25519Crypto::sign(&private_pem, message);
+//     println!("Signature: {:?}", signature);
+// }
+
+use openssl::pkey::PKey;
+use openssl::sign::{Signer, Verifier};
+
+fn main() -> Result<(), Box<dyn std::error::Error>> {
+    // Generate an Ed25519 private key
+    let private_key = PKey::generate_ed25519()?;
+
+    // The message to sign
+    let message = b"Hello, this is a test message!";
+
+    // Create a signer using the private key
+    let mut signer = Signer::new_without_digest(&private_key)?;
+
+    // Sign the message directly (no need to call update)
+    let signature = signer.sign_oneshot_to_vec(message)?;
+
+    println!("Message: {:?}", String::from_utf8_lossy(message));
+    println!("Signature: {:?}", signature);
+    // verify the signature
+    let mut verifier = Verifier::new_without_digest(&private_key)?;
+    verifier.update(message)?;
+    verifier.verify(&signature)?;
+    println!("Signature verified successfully!");
+    Ok(())
+}
--- a/packages/crypto/src/rsa.rs
+++ b/packages/crypto/src/rsa.rs
@ -0,0 +1,120 @@
+use openssl::{
+    hash::MessageDigest,
+    pkey::{PKey, Private, Public},
+    rsa::Rsa,
+    sign::{Signer, Verifier},
+};
+
+use crate::types::Signature;
+
+pub struct RsaCrypto {}
+
+impl RsaCrypto {
+    pub fn generate_rsa() -> anyhow::Result<Rsa<Private>> {
+        Rsa::generate(2048).map_err(anyhow::Error::from)
+    }
+
+    pub fn generate_rsa_key_pair_pem() -> anyhow::Result<(Vec<u8>, Vec<u8>)> {
+        let rsa = Rsa::generate(2048)?;
+        let private_pem = rsa.private_key_to_pem()?;
+        let public_pem = rsa.public_key_to_pem()?;
+        Ok((private_pem, public_pem))
+    }
+
+    pub fn private_key_from_pem(pem: &[u8]) -> anyhow::Result<Rsa<Private>> {
+        Rsa::private_key_from_pem(pem).map_err(anyhow::Error::from)
+    }
+
+    pub fn public_key_from_pem(pem: &[u8]) -> anyhow::Result<Rsa<Public>> {
+        Rsa::public_key_from_pem(pem).map_err(anyhow::Error::from)
+    }
+
+    pub fn encrypt_message(public_key: &Rsa<Public>, message: &[u8]) -> anyhow::Result<Vec<u8>> {
+        let mut encrypted = vec![0; public_key.size() as usize];
+        public_key.public_encrypt(message, &mut encrypted, openssl::rsa::Padding::PKCS1)?;
+        Ok(encrypted)
+    }
+
+    pub fn decrypt_message(
+        private_key: &Rsa<Private>,
+        encrypted: &[u8],
+    ) -> anyhow::Result<Vec<u8>> {
+        let mut decrypted = vec![0; private_key.size() as usize];
+        private_key.private_decrypt(encrypted, &mut decrypted, openssl::rsa::Padding::PKCS1)?;
+        Ok(decrypted)
+    }
+    pub fn sign(private_key: &Rsa<Private>, message: &[u8]) -> anyhow::Result<Vec<u8>> {
+        let pkey = PKey::from_rsa(private_key.clone())?;
+        let mut signer = Signer::new(MessageDigest::sha256(), &pkey)?;
+        signer.update(message)?;
+        let signature = signer.sign_to_vec()?;
+        Ok(signature)
+    }
+
+    pub fn verify(
+        public_key: &Rsa<Public>,
+        message: &[u8],
+        signature: &[u8],
+    ) -> anyhow::Result<bool> {
+        let pkey = PKey::from_rsa(public_key.clone())?;
+        let mut verifier = Verifier::new(MessageDigest::sha256(), &pkey)?;
+        verifier.update(message)?;
+        Ok(verifier.verify(&signature)?)
+    }
+}
+
+impl Signature for RsaCrypto {
+    fn sign_with_pem(private_pem: &[u8], message: &[u8]) -> anyhow::Result<Vec<u8>> {
+        let private_key = RsaCrypto::private_key_from_pem(private_pem)?;
+        RsaCrypto::sign(&private_key, message)
+    }
+
+    fn verify_with_pem(
+        public_pem: &[u8],
+        message: &[u8],
+        signature: &[u8],
+    ) -> anyhow::Result<bool> {
+        let public_key = RsaCrypto::public_key_from_pem(public_pem)?;
+        RsaCrypto::verify(&public_key, message, signature)
+    }
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[test]
+    fn test_encrypt_decrypt() {
+        let rsa = RsaCrypto::generate_rsa().unwrap();
+
+        let public_key = rsa.public_key_to_pem().unwrap();
+        let private_key = rsa.private_key_to_pem().unwrap();
+        let public_rsa = RsaCrypto::public_key_from_pem(&public_key).unwrap();
+        let private_rsa = RsaCrypto::private_key_from_pem(&private_key).unwrap();
+
+        let encrypted = RsaCrypto::encrypt_message(&public_rsa, b"hello world").unwrap();
+        let decrypted = RsaCrypto::decrypt_message(&private_rsa, &encrypted).unwrap();
+        assert_eq!(b"hello world", &decrypted[..11]);
+    }
+
+    #[test]
+    fn test_rsa_sign_verify() {
+        let (private_pem, public_pem) = RsaCrypto::generate_rsa_key_pair_pem().unwrap();
+        let message = b"hello world";
+        let private_key = RsaCrypto::private_key_from_pem(&private_pem).unwrap();
+        let public_key = RsaCrypto::public_key_from_pem(&public_pem).unwrap();
+        let signature = RsaCrypto::sign(&private_key, message).unwrap();
+        let verified = RsaCrypto::verify(&public_key, message, &signature).unwrap();
+        assert!(verified);
+        assert!(!RsaCrypto::verify(&public_key, b"hello world2", &signature).unwrap());
+    }
+
+    #[test]
+    fn test_rsa_sign_verify_with_pem() {
+        let (private_pem, public_pem) = RsaCrypto::generate_rsa_key_pair_pem().unwrap();
+        let message = b"hello world";
+        let signature = RsaCrypto::sign_with_pem(&private_pem, message).unwrap();
+        let verified = RsaCrypto::verify_with_pem(&public_pem, message, &signature).unwrap();
+        assert!(verified);
+    }
+}
--- a/packages/crypto/src/ssl.rs
+++ b/packages/crypto/src/ssl.rs
@ -0,0 +1,89 @@
+use openssl::{
+    hash::MessageDigest,
+    pkey::{PKey, Private},
+    rsa::Rsa,
+    x509::{extension::SubjectAlternativeName, X509NameBuilder, X509},
+};
+
+pub fn generate_self_signed_certificate(
+    rsa: &Rsa<Private>,
+    days: u32,
+) -> anyhow::Result<(Vec<u8>, Vec<u8>)> {
+    let private_key = PKey::from_rsa(rsa.to_owned())?;
+    let mut x509_name_builder = X509NameBuilder::new()?;
+    x509_name_builder.append_entry_by_text("C", "US")?; // Country
+    x509_name_builder.append_entry_by_text("ST", "Localhost")?; // State/Province
+    x509_name_builder.append_entry_by_text("L", "Localhost")?; // Locality
+    x509_name_builder.append_entry_by_text("O", "Localhost Development")?; // Organization
+    x509_name_builder.append_entry_by_text("CN", "localhost")?; // Common Name
+    let x509_name = x509_name_builder.build();
+    let mut builder = X509::builder()?;
+    builder.set_version(2)?; // X.509 v3
+    builder.set_subject_name(&x509_name)?;
+    builder.set_issuer_name(&x509_name)?; // Self-signed
+    builder.set_pubkey(&private_key)?;
+
+    // Set certificate validity
+    let not_before = openssl::asn1::Asn1Time::days_from_now(0)?; // Start now
+    let not_after = openssl::asn1::Asn1Time::days_from_now(days)?; // Valid for 1 year
+    builder.set_not_before(&not_before)?;
+    builder.set_not_after(&not_after)?;
+
+    // Add Subject Alternative Name (SAN) for localhost
+    let subject_alt_name = SubjectAlternativeName::new()
+        .dns("localhost") // Ensures the certificate is valid for "localhost"
+        .build(&builder.x509v3_context(None, None))?;
+    builder.append_extension(subject_alt_name)?;
+    builder.sign(&private_key, MessageDigest::sha256())?;
+    let x509 = builder.build();
+    let private_key_pem = private_key.private_key_to_pem_pkcs8()?;
+    let certificate_pem = x509.to_pem()?;
+    Ok((private_key_pem, certificate_pem))
+}
+
+#[cfg(test)]
+mod tests {
+    use axum::{routing::get, Router};
+    use axum_server::tls_rustls::RustlsConfig;
+    use reqwest;
+    use std::{net::SocketAddr, time::Duration};
+
+    use super::*;
+
+    #[tokio::test]
+    async fn test_generate_self_signed_certificate() -> anyhow::Result<()> {
+        let rsa = Rsa::generate(2048)?;
+        let (private_key_pem, certificate_pem) = generate_self_signed_certificate(&rsa, 365)?;
+        let config = RustlsConfig::from_pem(certificate_pem, private_key_pem)
+            .await
+            .unwrap();
+        async fn handler() -> &'static str {
+            "Hello, World!"
+        }
+
+        let handle = axum_server::Handle::new();
+        let app = Router::new().route("/", get(handler));
+
+        // run https server
+        let addr = SocketAddr::from(([127, 0, 0, 1], 8080));
+        let server = axum_server::bind_rustls(addr, config)
+            .handle(handle.clone())
+            .serve(app.into_make_service());
+
+        let server_handle = tokio::spawn(server);
+        // send a request to server, trust the certificate
+        let client = reqwest::Client::builder()
+            .danger_accept_invalid_certs(true)
+            .build()?;
+        let response = client.get("https://localhost:8080").send().await?;
+        assert_eq!(response.status().is_success(), true);
+        // read the response body
+        let body = response.text().await?;
+        assert_eq!(body, "Hello, World!");
+        println!("shutting down server");
+        handle.graceful_shutdown(Some(Duration::from_secs(10)));
+        println!("server shutdown");
+        server_handle.abort();
+        Ok(())
+    }
+}
--- a/packages/crypto/src/types.rs
+++ b/packages/crypto/src/types.rs
@ -0,0 +1,5 @@
+pub trait Signature {
+    fn sign_with_pem(private_pem: &[u8], message: &[u8]) -> anyhow::Result<Vec<u8>>;
+    fn verify_with_pem(public_pem: &[u8], message: &[u8], signature: &[u8])
+        -> anyhow::Result<bool>;
+}
--- a/packages/db/.gitignore
+++ b/packages/db/.gitignore
@ -0,0 +1 @@
+*.db
--- a/packages/db/Cargo.toml
+++ b/packages/db/Cargo.toml
@ -4,10 +4,7 @@ version = "0.1.0"
 edition = "2021"

 [dependencies]
-rusqlite = { version = "0.31.0", features = [
-    "bundled",
-    # "bundled-sqlcipher"
-] }
+rusqlite = { version = "0.31.0", features = ["bundled", "bundled-sqlcipher"] }
 serde = { workspace = true, features = ["derive"] }
 serde_json = { workspace = true }
 tempfile = "3.10.1"
--- a/packages/extensions/demo-worker-template-ext/src/index.ts
+++ b/packages/extensions/demo-worker-template-ext/src/index.ts
@ -32,15 +32,33 @@ const allItems: List.Item[] = itemsTitle.map(
 		})
 )

-const files = [
-	"/Users/hacker/Dev/projects/photographer-lib-deno/data/DSC03635.JPG",
-	"/Users/hacker/Dev/projects/photographer-lib-deno/data/IMG_3181.HEIC",
-	"/Users/hacker/Dev/projects/photographer-lib-deno/data/DJI_20241002175820_0054_D.JPG",
-	"/Users/hacker/Dev/projects/photographer-lib-deno/data/DJI_20241002175651_0051_D.DNG",
-	"/Users/hacker/Dev/projects/photographer-lib-deno/data/DSC03635.ARW"
-]
 class ExtensionTemplate extends WorkerExtension {
+	async onBeforeGoBack() {
+		console.log("onBeforeGoBack")
+		// console.log(`Try killing pid: ${this.apiProcess?.pid}`)
+		// await this.apiProcess?.kill()
+		// console.log("apiProcess killed")
+	}
+	async onFormSubmit(value: Record<string, any>): Promise<void> {
+		console.log("Form submitted", value)
+	}
+
+	async onEnterPressedOnSearchBar(): Promise<void> {
+		console.log("Enter pressed on search bar")
+	}
+
 	async load() {
+		clipboard.readText().then((text) => {
+			console.log("Clipboard text:", text)
+		})
+		// console.log("Check screen capture permission:", await security.mac.checkScreenCapturePermission())
+		// await security.mac.revealSecurityPane("AllFiles")
+		// console.log(await security.mac.verifyFingerprint())
+		ui.setSearchBarPlaceholder("Search for items")
+		ui.showLoadingBar(true)
+		setTimeout(() => {
+			ui.showLoadingBar(false)
+		}, 2000)
 		const { rpcChannel, process, command } = await shell.createDenoRpcChannel<
 			{},
 			{
@ -64,196 +82,134 @@ class ExtensionTemplate extends WorkerExtension {
 			},
 			{}
 		)
-		const api = rpcChannel.getAPI()
-		const metadata = await api.batchReadImageMetadata(files)
-		console.log(metadata)
+		// const child = new Child(process.pid)
+		command.stdout.on("data", (data) => {
+			console.log("stdout", data.toString())
+		})
+		command.stderr.on("data", (data) => {
+			console.log("stderr", data.toString())
+		})
+		// await api
+		// 	.readImageMetadata("/Users/hacker/Pictures/3D-Image/pics/IMG_0767.jpeg")
+		// 	.then((data) => {
+		// 		console.log("metadata", data)
+		// 	})
+		// 	.catch((err) => {
+		// 		console.error("error", err)
+		// 	})
+		// await api.add(1, 2).then(console.log)
+		// await api.subtract(1, 2).then(console.log)
+
+		await process.kill()
+		const extPath = await path.extensionDir()
+		// console.log("Extension path:", extPath)
+		const tagList = new List.ItemDetailMetadataTagList({
+			title: "Tag List Title",
+			tags: [
+				new List.ItemDetailMetadataTagListItem({
+					text: "red",
+					color: "#ff0000"
+				}),
+				new List.ItemDetailMetadataTagListItem({
+					text: "yellow",
+					color: "#ffff00"
+				})
+			]
+		})
+		const list = new List.List({
+			items: allItems,
+			defaultAction: "Top Default Action",
+			detail: new List.ItemDetail({
+				children: [
+					new List.ItemDetailMetadata([
+						new List.ItemDetailMetadataLabel({
+							title: "Label Title",
+							text: "Label Text"
+						}),
+						new List.ItemDetailMetadataLabel({
+							title: "Label Title",
+							text: "Label Text",
+							icon: new Icon({
+								type: IconType.enum.Iconify,
+								value: "mingcute:appstore-fill"
+							})
+						}),
+						new List.ItemDetailMetadataSeparator(),
+						new List.ItemDetailMetadataLabel({
+							title: "Label Title",
+							text: "Label Text"
+						}),
+						new List.ItemDetailMetadataLink({
+							title: "Link Title",
+							text: "Link Text",
+							url: "https://github.com/huakunshen"
+						}),
+						new List.ItemDetailMetadataLabel({
+							title: "Label Title",
+							text: "Label Text"
+						}),
+						tagList
+					]),
+					new Markdown(`
+# Hello World
+<img src="https://github.com/huakunshen.png" />
+<img src="https://github.com/huakunshen.png" />
+<img src="https://github.com/huakunshen.png" />
+							`)
+				],
+				width: 50
+			}),
+			actions: new Action.ActionPanel({
+				items: [
+					new Action.Action({
+						title: "Action 1",
+						value: "action 1",
+						icon: new Icon({ type: IconType.enum.Iconify, value: "material-symbols:add-reaction" })
+					}),
+					new Action.Action({ title: "Action 2", value: "action 2" }),
+					new Action.Action({ title: "Action 3", value: "action 3" }),
+					new Action.Action({ title: "Action 4", value: "action 4" })
+				]
+			})
+		})
+
+		return ui.render(list)
+	}
+
+	async onSearchTermChange(term: string): Promise<void> {
+		return ui.render(
+			new List.List({
+				// items: allItems.filter((item) => item.title.toLowerCase().includes(term.toLowerCase())),
+				inherits: ["items", "sections"],
+				defaultAction: "Top Default Action",
+				detail: new List.ItemDetail({
+					children: [
+						new List.ItemDetailMetadata([
+							new List.ItemDetailMetadataLabel({
+								title: "Label Title",
+								text: "Label Text"
+							})
+						])
+						// 						new Markdown(`
+						// ## Search results for "${term}"
+						// <img src="https://github.com/huakunshen.png" />
+						// <img src="https://github.com/huakunshen.png" />
+						// <img src="https://github.com/huakunshen.png" />
+						// 						`)
+					],
+					width: term.length > 3 ? 70 : 30
+				})
+			})
+		)
+	}
+
+	async onListItemSelected(value: string): Promise<void> {
+		console.log("Item selected:", value)
+	}
+
+	async onActionSelected(value: string): Promise<void> {
+		console.log("Action selected:", value)
 	}
 }
-// class ExtensionTemplate extends WorkerExtension {
-// 	async onBeforeGoBack() {
-// 		console.log("onBeforeGoBack")
-// 		// console.log(`Try killing pid: ${this.apiProcess?.pid}`)
-// 		// await this.apiProcess?.kill()
-// 		// console.log("apiProcess killed")
-// 	}
-// 	async onFormSubmit(value: Record<string, any>): Promise<void> {
-// 		console.log("Form submitted", value)
-// 	}
-
-// 	async onEnterPressedOnSearchBar(): Promise<void> {
-// 		console.log("Enter pressed on search bar")
-// 	}
-
-// 	async load() {
-// 		clipboard.readText().then((text) => {
-// 			console.log("Clipboard text:", text)
-// 		})
-// 		// console.log("Check screen capture permission:", await security.mac.checkScreenCapturePermission())
-// 		// await security.mac.revealSecurityPane("AllFiles")
-// 		// console.log(await security.mac.verifyFingerprint())
-// 		ui.setSearchBarPlaceholder("Search for items")
-// 		ui.showLoadingBar(true)
-// 		setTimeout(() => {
-// 			ui.showLoadingBar(false)
-// 		}, 2000)
-// 		const { rpcChannel, process, command } = await shell.createDenoRpcChannel<
-// 			{},
-// 			{
-// 				add(a: number, b: number): Promise<number>
-// 				subtract(a: number, b: number): Promise<number>
-// 				readImageMetadata(path: string): Promise<any>
-// 				batchReadImageMetadata: (paths: string[]) => Promise<any[]>
-// 			}
-// 		>(
-// 			"$EXTENSION/deno-src/rpc.ts",
-// 			[],
-// 			{
-// 				// allowEnv: ["npm_package_config_libvips"],
-// 				allowAllEnv: true,
-// 				// allowFfi: ["*sharp-darwin-arm64.node"],
-// 				allowAllFfi: true,
-// 				allowAllRead: true,
-// 				allowAllSys: true,
-// 				// allowRun: ["*exiftool"]
-// 				allowAllRun: true
-// 			},
-// 			{}
-// 		)
-// 		// const child = new Child(process.pid)
-// 		command.stdout.on("data", (data) => {
-// 			console.log("stdout", data.toString())
-// 		})
-// 		command.stderr.on("data", (data) => {
-// 			console.log("stderr", data.toString())
-// 		})
-// 		const api = rpcChannel.getAPI()
-// 		await api
-// 			.batchReadImageMetadata(files)
-// 			.then((metadata) => {
-// 				console.log("metadata", metadata)
-// 			})
-// 			.catch(console.error)
-// 		// await api
-// 		// 	.readImageMetadata("/Users/hacker/Pictures/3D-Image/pics/IMG_0767.jpeg")
-// 		// 	.then((data) => {
-// 		// 		console.log("metadata", data)
-// 		// 	})
-// 		// 	.catch((err) => {
-// 		// 		console.error("error", err)
-// 		// 	})
-// 		// await api.add(1, 2).then(console.log)
-// 		// await api.subtract(1, 2).then(console.log)
-
-// 		await process.kill()
-// 		const extPath = await path.extensionDir()
-// 		// console.log("Extension path:", extPath)
-// 		const tagList = new List.ItemDetailMetadataTagList({
-// 			title: "Tag List Title",
-// 			tags: [
-// 				new List.ItemDetailMetadataTagListItem({
-// 					text: "red",
-// 					color: "#ff0000"
-// 				}),
-// 				new List.ItemDetailMetadataTagListItem({
-// 					text: "yellow",
-// 					color: "#ffff00"
-// 				})
-// 			]
-// 		})
-// 		const list = new List.List({
-// 			items: allItems,
-// 			defaultAction: "Top Default Action",
-// 			detail: new List.ItemDetail({
-// 				children: [
-// 					new List.ItemDetailMetadata([
-// 						new List.ItemDetailMetadataLabel({
-// 							title: "Label Title",
-// 							text: "Label Text"
-// 						}),
-// 						new List.ItemDetailMetadataLabel({
-// 							title: "Label Title",
-// 							text: "Label Text",
-// 							icon: new Icon({
-// 								type: IconType.enum.Iconify,
-// 								value: "mingcute:appstore-fill"
-// 							})
-// 						}),
-// 						new List.ItemDetailMetadataSeparator(),
-// 						new List.ItemDetailMetadataLabel({
-// 							title: "Label Title",
-// 							text: "Label Text"
-// 						}),
-// 						new List.ItemDetailMetadataLink({
-// 							title: "Link Title",
-// 							text: "Link Text",
-// 							url: "https://github.com/huakunshen"
-// 						}),
-// 						new List.ItemDetailMetadataLabel({
-// 							title: "Label Title",
-// 							text: "Label Text"
-// 						}),
-// 						tagList
-// 					]),
-// 					new Markdown(`
-// # Hello World
-// <img src="https://github.com/huakunshen.png" />
-// <img src="https://github.com/huakunshen.png" />
-// <img src="https://github.com/huakunshen.png" />
-// 							`)
-// 				],
-// 				width: 50
-// 			}),
-// 			actions: new Action.ActionPanel({
-// 				items: [
-// 					new Action.Action({
-// 						title: "Action 1",
-// 						value: "action 1",
-// 						icon: new Icon({ type: IconType.enum.Iconify, value: "material-symbols:add-reaction" })
-// 					}),
-// 					new Action.Action({ title: "Action 2", value: "action 2" }),
-// 					new Action.Action({ title: "Action 3", value: "action 3" }),
-// 					new Action.Action({ title: "Action 4", value: "action 4" })
-// 				]
-// 			})
-// 		})
-
-// 		return ui.render(list)
-// 	}
-
-// 	async onSearchTermChange(term: string): Promise<void> {
-// 		return ui.render(
-// 			new List.List({
-// 				// items: allItems.filter((item) => item.title.toLowerCase().includes(term.toLowerCase())),
-// 				inherits: ["items", "sections"],
-// 				defaultAction: "Top Default Action",
-// 				detail: new List.ItemDetail({
-// 					children: [
-// 						new List.ItemDetailMetadata([
-// 							new List.ItemDetailMetadataLabel({
-// 								title: "Label Title",
-// 								text: "Label Text"
-// 							})
-// 						])
-// 						// 						new Markdown(`
-// 						// ## Search results for "${term}"
-// 						// <img src="https://github.com/huakunshen.png" />
-// 						// <img src="https://github.com/huakunshen.png" />
-// 						// <img src="https://github.com/huakunshen.png" />
-// 						// 						`)
-// 					],
-// 					width: term.length > 3 ? 70 : 30
-// 				})
-// 			})
-// 		)
-// 	}
-
-// 	async onListItemSelected(value: string): Promise<void> {
-// 		console.log("Item selected:", value)
-// 	}
-
-// 	async onActionSelected(value: string): Promise<void> {
-// 		console.log("Action selected:", value)
-// 	}
-// }

 expose(new ExtensionTemplate())
--- a/packages/mac-security-rs/src/main.rs
+++ b/packages/mac-security-rs/src/main.rs
@ -1,13 +0,0 @@
-#![cfg(target_os = "macos")]
-use mac_security_rs::{
-    preflight_screen_capture_access, request_screen_capture_access, verify_auth, AuthPolicy,
-};
-
-fn main() {
-    #[cfg(target_os = "macos")]
-    // println!("{}", request_screen_capture_access());
-    println!("{}", verify_auth(AuthPolicy::Biometrics));
-}
-
-#[cfg(not(target_os = "macos"))]
-fn main() {}
--- a/packages/tauri-plugins/jarvis/Cargo.toml
+++ b/packages/tauri-plugins/jarvis/Cargo.toml
@ -19,9 +19,9 @@ tar = "0.4.40"
 flate2 = "1.0.30"
 window-vibrancy = "0.5.0"
 tauri-plugin-store = "2.0.1"
-axum = { version = "0.6.20" }
-axum-extra = { version = "0.8.0" }
-axum-server = { version = "0.5", features = ["tls-rustls"] }
+axum = { workspace = true }
+axum-extra = { workspace = true }
+axum-server = { workspace = true }
 tower = { version = "0.4", features = ["util"] }
 tower-http = { version = "0.4.0", features = ["fs", "trace", "cors"] }
 tonic = "0.11"
@ -41,6 +41,9 @@ mac-security-rs = { workspace = true }
 zip = "1.1.4"
 rust_search = "2.1.0"
 plist = "1.7.0"
+crypto = { workspace = true }
+base64 = { workspace = true }
+obfstr = { workspace = true }

 [target.'cfg(target_os = "macos")'.dependencies]
 tauri-icns = "0.1.0"
@ -50,5 +53,6 @@ tauri-winres = "0.1.1"
 ico = "0.3.0"

 [build-dependencies]
-tauri-plugin = { version = "2.0.1", features = ["build"] }
+tauri-plugin = { version = "2.0.3", features = ["build"] }
 tonic-build = "0.11"
+base64 = { workspace = true }
--- a/packages/tauri-plugins/jarvis/build.rs
+++ b/packages/tauri-plugins/jarvis/build.rs
@ -1,3 +1,5 @@
+use base64::prelude::*;
+
 const COMMANDS: &[&str] = &[
    "open_devtools",
    "close_devtools",
@ -115,11 +117,42 @@ const COMMANDS: &[&str] = &[
 ];

 fn main() {
+    // SSL Cert
+    let cert_pem = match std::env::var("CERT_PEM") {
+        Ok(cert) => cert.into_bytes(),
+        Err(_) => include_bytes!("./self_signed_certs/cert.pem").to_vec(),
+    };
+    let key_pem = match std::env::var("KEY_PEM") {
+        Ok(key) => key.into_bytes(),
+        Err(_) => include_bytes!("./self_signed_certs/key.pem").to_vec(),
+    };
+
+    println!(
+        "cargo:rustc-env=BASE64_CERT_PEM={}",
+        BASE64_STANDARD.encode(cert_pem)
+    );
+    println!(
+        "cargo:rustc-env=BASE64_KEY_PEM={}",
+        BASE64_STANDARD.encode(key_pem)
+    );
+
+    // GRPC
    let out_dir = std::path::PathBuf::from(std::env::var("OUT_DIR").unwrap());
    tonic_build::configure()
-        .file_descriptor_set_path(out_dir.join("helloworld_descriptor.bin"))
-        .compile(&["proto/helloworld.proto"], &["proto"])
+        .file_descriptor_set_path(out_dir.join("kk_grpc.bin"))
+        .compile(
+            &["proto/helloworld.proto", "proto/file-transfer.proto"],
+            &["proto"],
+        )
        .expect("Failed to compile protos");
+
+    // Server Public Key
+    let raw_server_public_key = include_bytes!("./keys/server_public_key.pem").to_vec();
+    println!(
+        "cargo:rustc-env=BASE64_SERVER_PUBLIC_KEY={}",
+        BASE64_STANDARD.encode(raw_server_public_key)
+    );
+
    tauri_plugin::Builder::new(COMMANDS)
        .android_path("android")
        .ios_path("ios")
--- a/packages/tauri-plugins/jarvis/keys/.gitkeep
+++ b/packages/tauri-plugins/jarvis/keys/.gitkeep
--- a/packages/tauri-plugins/jarvis/package.json
+++ b/packages/tauri-plugins/jarvis/package.json
@ -0,0 +1,16 @@
+{
+	"name": "jarvis",
+	"module": "index.ts",
+	"type": "module",
+	"scripts": {
+		"prepare": "bun setup.ts"
+	},
+	"devDependencies": {
+		"@kksh/supabase": "workspace:*",
+		"@kksh/ci": "workspace:*",
+		"@types/bun": "latest"
+	},
+	"peerDependencies": {
+		"typescript": "^5.0.0"
+	}
+}
--- a/packages/tauri-plugins/jarvis/proto/file-transfer.proto
+++ b/packages/tauri-plugins/jarvis/proto/file-transfer.proto
@ -0,0 +1,25 @@
+syntax = "proto3";
+package file_transfer;
+
+
+service FileTransfer {
+    rpc StartTransfer (StartTransferRequest) returns (StartTransferResponse);
+    rpc SendTransferInfo(TransferInfo) returns (SendTransferInfoResponse);
+}
+
+message StartTransferRequest {
+    string ssl_cert = 1;
+}
+
+message StartTransferResponse {
+    string port = 1;
+}
+
+message TransferInfo {
+    string filename = 1;
+    string code = 2;
+    int32 port = 3;
+}
+
+message SendTransferInfoResponse {}
+
--- a/packages/tauri-plugins/jarvis/setup.ts
+++ b/packages/tauri-plugins/jarvis/setup.ts
@ -0,0 +1,16 @@
+import { writeFileSync } from "fs"
+import { createSB } from "@kksh/supabase"
+
+if (!process.env.SUPABASE_URL || !process.env.SUPABASE_ANON_KEY) {
+	throw new Error("SUPABASE_URL and SUPABASE_ANON_KEY must be set")
+}
+
+const supabase = createSB(process.env.SUPABASE_URL, process.env.SUPABASE_ANON_KEY)
+
+const { data, error } = await supabase.storage.from("pub").download("server_public_key.pem")
+if (error) {
+	console.error(error)
+	throw error
+}
+
+writeFileSync("./keys/server_public_key.pem", await data.text())
--- a/packages/tauri-plugins/jarvis/src/commands/db.rs
+++ b/packages/tauri-plugins/jarvis/src/commands/db.rs
@ -5,6 +5,8 @@ use db::{
 use std::{path::PathBuf, sync::Mutex};
 use tauri::{utils::acl::identifier, State};

+use crate::utils::db::get_db;
+
 #[derive(Debug)]
 pub struct DBState {
    pub db: Mutex<JarvisDB>,
@ -13,7 +15,7 @@ pub struct DBState {

 impl DBState {
    pub fn new(path: PathBuf, key: Option<String>) -> anyhow::Result<Self> {
-        let db = JarvisDB::new(path, key)?;
+        let db = get_db(path, key)?;
        db.init()?;
        Ok(Self { db: Mutex::new(db) })
    }
--- a/packages/tauri-plugins/jarvis/src/constants.rs
+++ b/packages/tauri-plugins/jarvis/src/constants.rs
@ -1,3 +1,5 @@
+use base64::prelude::*;
+
 /* -------------------------------------------------------------------------- */
 /*                        Buildin Extension Identifiers                       */
 /* -------------------------------------------------------------------------- */
@ -11,3 +13,10 @@ pub const KUNKUN_DEV_EXT_IDENTIFIER: &str = "sh.kunkun.ext.dev";
 /*                            Kunkun Builtin Events                           */
 /* -------------------------------------------------------------------------- */
 pub const KUNKUN_REFRESH_WORKER_EXTENSION: &str = "kunkun://refresh-dev-extension";
+
+pub static BASE64_SERVER_PUBLIC_KEY: &str = env!("BASE64_SERVER_PUBLIC_KEY");
+pub static SERVER_PUBLIC_KEY: std::sync::LazyLock<Vec<u8>> = std::sync::LazyLock::new(|| {
+    BASE64_STANDARD
+        .decode(BASE64_SERVER_PUBLIC_KEY)
+        .expect("Failed to decode base64 encoded server public key")
+});
--- a/packages/tauri-plugins/jarvis/src/lib.rs
+++ b/packages/tauri-plugins/jarvis/src/lib.rs
@ -54,7 +54,7 @@ impl<R: Runtime, T: Manager<R>> crate::JarvisExt<R> for T {
 }

 /// Initializes the plugin.
-pub fn init<R: Runtime>() -> TauriPlugin<R> {
+pub fn init<R: Runtime>(db_key: Option<String>) -> TauriPlugin<R> {
    Builder::new("jarvis")
        .invoke_handler(tauri::generate_handler![
            /* ------------------------------ dev commands ------------------------------ */
@ -169,7 +169,7 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
            /* -------------------------------------------------------------------------- */
            commands::discovery::get_peers
        ])
-        .setup(|app, api| {
+        .setup(move |app, api| {
            // #[cfg(mobile)]
            // let jarvis = mobile::init(app, api)?;
            #[cfg(desktop)]
@ -182,7 +182,6 @@ pub fn init<R: Runtime>() -> TauriPlugin<R> {
            app.manage(JarvisState::default());
            app.manage(commands::apps::ApplicationsState::default());
            let db_path = get_kunkun_db_path(app)?;
-            let db_key: Option<String> = None;
            app.manage(commands::db::DBState::new(db_path.clone(), db_key.clone())?);
            setup::db::setup_db(app)?;
            println!("Jarvis Plugin Initialized");
--- a/packages/tauri-plugins/jarvis/src/server/grpc/file_transfer.rs
+++ b/packages/tauri-plugins/jarvis/src/server/grpc/file_transfer.rs
@ -0,0 +1,39 @@
+use file_transfer::file_transfer_server::FileTransfer;
+use file_transfer::{
+    SendTransferInfoResponse, StartTransferRequest, StartTransferResponse, TransferInfo,
+};
+use tauri::AppHandle;
+use tonic::{Request, Response, Status};
+
+pub mod file_transfer {
+    tonic::include_proto!("file_transfer"); // The string specified here must match the proto package name
+    pub const FILE_DESCRIPTOR_SET: &[u8] = tonic::include_file_descriptor_set!("kk_grpc");
+}
+
+#[derive(Debug)]
+pub struct MyFileTransfer {
+    pub app_handle: AppHandle,
+}
+
+#[tonic::async_trait]
+impl FileTransfer for MyFileTransfer {
+    async fn start_transfer(
+        &self,
+        request: Request<StartTransferRequest>, // Accept request of type StartTransferRequest
+    ) -> Result<Response<StartTransferResponse>, Status> {
+        println!("Got a request: {:?}", request);
+        let reply = StartTransferResponse {
+            port: "8080".to_string(),
+        };
+
+        Ok(Response::new(reply)) // Send back our formatted greeting
+    }
+
+    async fn send_transfer_info(
+        &self,
+        request: Request<TransferInfo>,
+    ) -> Result<Response<SendTransferInfoResponse>, Status> {
+        println!("Got a request: {:?}", request);
+        Ok(Response::new(SendTransferInfoResponse {}))
+    }
+}
--- a/packages/tauri-plugins/jarvis/src/server/grpc/greeter.rs
+++ b/packages/tauri-plugins/jarvis/src/server/grpc/greeter.rs
@ -1,15 +1,18 @@
 use hello_world::greeter_server::Greeter;
 use hello_world::{HelloReply, HelloRequest};
+use tauri::AppHandle;
 use tonic::{Request, Response, Status};

 pub mod hello_world {
    tonic::include_proto!("helloworld"); // The string specified here must match the proto package name
-    pub const FILE_DESCRIPTOR_SET: &[u8] =
-        tonic::include_file_descriptor_set!("helloworld_descriptor");
+    pub const FILE_DESCRIPTOR_SET: &[u8] = tonic::include_file_descriptor_set!("kk_grpc");
 }

-#[derive(Debug, Default)]
-pub struct MyGreeter {}
+#[derive(Debug)]
+pub struct MyGreeter {
+    pub app_handle: AppHandle,
+    pub name: String,
+}

 #[tonic::async_trait]
 impl Greeter for MyGreeter {
@ -19,7 +22,12 @@ impl Greeter for MyGreeter {
    ) -> Result<Response<HelloReply>, Status> {
        println!("Got a request: {:?}", request);
        let reply = HelloReply {
-            message: format!("Hello {}!", request.into_inner().name), // We must use .into_inner() as the fields of gRPC requests and responses are private
+            message: format!(
+                "Hello {} from {} by Kunkun {}!",
+                request.into_inner().name,
+                self.name,
+                self.app_handle.package_info().version
+            ), // We must use .into_inner() as the fields of gRPC requests and responses are private
        };

        Ok(Response::new(reply)) // Send back our formatted greeting
--- a/packages/tauri-plugins/jarvis/src/server/grpc/mod.rs
+++ b/packages/tauri-plugins/jarvis/src/server/grpc/mod.rs
@ -1 +1,2 @@
+pub mod file_transfer;
 pub mod greeter;
--- a/packages/tauri-plugins/jarvis/src/server/http.rs
+++ b/packages/tauri-plugins/jarvis/src/server/http.rs
@ -1,13 +1,19 @@
-use super::grpc::greeter::hello_world::greeter_server::GreeterServer;
 use super::grpc::greeter::MyGreeter;
-/// This module is responsible for controlling the main server
+use super::grpc::{
+    file_transfer::file_transfer::file_transfer_server::FileTransferServer,
+    greeter::hello_world::greeter_server::GreeterServer,
+};
 use super::model::ServerState;
 use super::Protocol;
+use crate::server::grpc::file_transfer::MyFileTransfer;
 use crate::server::tls::{CERT_PEM, KEY_PEM};
 use crate::utils::path::get_default_extensions_dir;
 use axum::http::{HeaderValue, Method, StatusCode, Uri};
 use axum::routing::{get, get_service, post};
 use axum_server::tls_rustls::RustlsConfig;
+use base64::prelude::*;
+/// This module is responsible for controlling the main server
+use obfstr::obfstr as s;
 use std::sync::Mutex;
 use std::{net::SocketAddr, path::PathBuf, sync::Arc};
 use tauri::AppHandle;
@ -23,7 +29,6 @@ async fn start_server(
    shtdown_handle: axum_server::Handle,
    options: ServerOptions,
 ) -> Result<(), Box<dyn std::error::Error>> {
-    let greeter = MyGreeter::default();
    let server_state = ServerState {
        app_handle: app_handle.clone(),
    };
@ -31,13 +36,24 @@ async fn start_server(
        .register_encoded_file_descriptor_set(
            super::grpc::greeter::hello_world::FILE_DESCRIPTOR_SET,
        )
+        .register_encoded_file_descriptor_set(
+            super::grpc::file_transfer::file_transfer::FILE_DESCRIPTOR_SET,
+        )
        .build()
        .unwrap();
+    let greeter = MyGreeter {
+        app_handle: app_handle.clone(),
+        name: "jarvis".to_string(),
+    };
+    let file_transfer = MyFileTransfer {
+        app_handle: app_handle.clone(),
+    };
    let grpc_router = TonicServer::builder()
        .add_service(reflection_service)
        .add_service(GreeterServer::new(greeter))
+        .add_service(FileTransferServer::new(file_transfer))
        .into_router();
-    let mut rest_router = axum::Router::new()
+    let rest_router = axum::Router::new()
        .route(
            "/refresh-worker-extension",
            post(super::rest::refresh_worker_extension),
@ -64,12 +80,25 @@ async fn start_server(
        Protocol::Https => {
            let manifest_dir = PathBuf::from(env!("CARGO_MANIFEST_DIR"));
            println!("manifest_dir: {}", manifest_dir.display());
-            let tls_config = RustlsConfig::from_pem(CERT_PEM.to_vec(), KEY_PEM.to_vec()).await?;
-            // let tls_config = RustlsConfig::from_pem_file(
-            //     manifest_dir.join("self_signed_certs").join("server.crt"),
-            //     manifest_dir.join("self_signed_certs").join("server.key"),
-            // )
-            // .await?;
+
+            let (key_pem, cert_pem) = if cfg!(debug_assertions) {
+                // In debug mode, use the base64 encoded certs from env
+                let cert_pem = BASE64_STANDARD
+                    .decode(s!(env!("BASE64_CERT_PEM")).to_string())
+                    .expect("Failed to decode cert_pem");
+                let key_pem = BASE64_STANDARD
+                    .decode(s!(env!("BASE64_KEY_PEM")).to_string())
+                    .expect("Failed to decode key_pem");
+                (key_pem, cert_pem)
+            } else {
+                // In release mode, generate new self-signed certs every time app starts for safety
+                let rsa =
+                    crypto::RsaCrypto::generate_rsa().expect("Failed to generate RSA key pair");
+                crypto::ssl::generate_self_signed_certificate(&rsa, 365)
+                    .expect("Failed to generate self-signed certificate")
+            };
+
+            let tls_config = RustlsConfig::from_pem(cert_pem, key_pem).await?;
            axum_server::bind_rustls(server_addr, tls_config)
                .handle(shtdown_handle)
                .serve(combined_router.into_make_service())
--- a/packages/tauri-plugins/jarvis/src/server/model.rs
+++ b/packages/tauri-plugins/jarvis/src/server/model.rs
@ -5,6 +5,7 @@ use tauri::{AppHandle, Runtime};
 pub struct ServerInfo {
    pub service_name: String,
    pub service_version: String,
+    pub public_key: String,
 }

 #[derive(Clone)]
--- a/packages/tauri-plugins/jarvis/src/server/rest.rs
+++ b/packages/tauri-plugins/jarvis/src/server/rest.rs
@ -1,5 +1,5 @@
 use super::model::{ServerInfo, ServerState};
-use crate::constants::KUNKUN_REFRESH_WORKER_EXTENSION;
+use crate::constants::{KUNKUN_REFRESH_WORKER_EXTENSION, SERVER_PUBLIC_KEY};
 use axum::extract::State;
 use tauri::Emitter;

@ -16,6 +16,7 @@ pub async fn get_server_info(State(state): State<ServerState>) -> axum::Json<Ser
    axum::Json(ServerInfo {
        service_name: pkg_info.name.to_string(),
        service_version: pkg_info.version.to_string(),
+        public_key: String::from_utf8(SERVER_PUBLIC_KEY.clone()).unwrap(),
    })
 }

--- a/packages/tauri-plugins/jarvis/src/server/tls.rs
+++ b/packages/tauri-plugins/jarvis/src/server/tls.rs
@ -1,2 +1,13 @@
 pub const CERT_PEM: &[u8] = include_bytes!("../../self_signed_certs/cert.pem");
 pub const KEY_PEM: &[u8] = include_bytes!("../../self_signed_certs/key.pem");
+// pub const CERT_PEM: &[u8] = if option_env!("CERT_PEM").is_some() {
+//     env!("CERT_PEM").as_bytes()
+// } else {
+//     include_bytes!("../../self_signed_certs/cert.pem")
+// };
+
+// pub const KEY_PEM: &[u8] = if option_env!("KEY_PEM").is_some() {
+//     env!("KEY_PEM").as_bytes()
+// } else {
+//     include_bytes!("../../self_signed_certs/key.pem")
+// };
--- a/packages/tauri-plugins/jarvis/src/utils/db.rs
+++ b/packages/tauri-plugins/jarvis/src/utils/db.rs
@ -0,0 +1,7 @@
+use std::path::PathBuf;
+
+use db::JarvisDB;
+
+pub fn get_db(path: PathBuf, key: Option<String>) -> anyhow::Result<JarvisDB> {
+    JarvisDB::new(path, key).map_err(|e| anyhow::anyhow!("Failed to get db: {}", e))
+}
--- a/packages/tauri-plugins/jarvis/src/utils/mod.rs
+++ b/packages/tauri-plugins/jarvis/src/utils/mod.rs
@ -1,3 +1,4 @@
+pub mod db;
 pub mod fs;
 pub mod icns;
 pub mod manifest;
--- a/packages/tauri-plugins/jarvis/src/utils/path.rs
+++ b/packages/tauri-plugins/jarvis/src/utils/path.rs
@ -16,5 +16,9 @@ pub fn get_default_extensions_storage_dir<R: Runtime>(
 }

 pub fn get_kunkun_db_path<R: Runtime>(app: &AppHandle<R>) -> anyhow::Result<PathBuf> {
-    Ok(app.path().app_data_dir()?.join("kk.db"))
+    Ok(app.path().app_data_dir()?.join(if cfg!(debug_assertions) {
+        "kk.dev.db"
+    } else {
+        "kk.db"
+    }))
 }
--- a/packages/templates/template-ext-next/next.config.mjs
+++ b/packages/templates/template-ext-next/next.config.mjs
@ -1,11 +1,7 @@
 /** @type {import('next').NextConfig} */
 const nextConfig = {
 	output: "export",
-	transpilePackages: ["@kksh/api"],
-	experimental: {
-		workerThreads: false,
-		cpus: 1 // Limit to 1 CPU
-	}
+	transpilePackages: ["@kksh/api"]
 }

 export default nextConfig
--- a/packages/templates/template-ext-next/package.json
+++ b/packages/templates/template-ext-next/package.json
@ -42,19 +42,19 @@
 		"@kksh/api": "workspace:*",
 		"@kksh/react": "0.1.1",
 		"@radix-ui/react-icons": "^1.3.2",
-		"next": "14.2.18",
-		"react": "^18",
-		"react-dom": "^18"
+		"react": "19.0.0-rc-66855b96-20241106",
+		"react-dom": "19.0.0-rc-66855b96-20241106",
+		"next": "15.0.3"
 	},
 	"devDependencies": {
+		"typescript": "^5",
 		"@types/node": "^20",
 		"@types/react": "^18",
 		"@types/react-dom": "^18",
-		"eslint": "^8",
-		"eslint-config-next": "14.2.7",
 		"postcss": "^8",
 		"tailwindcss": "^3.4.1",
-		"typescript": "^5"
+		"eslint": "^8",
+		"eslint-config-next": "15.0.3"
 	},
 	"files": [
 		"out"
--- a/packages/templates/template-ext-vue/CHANGELOG.md
+++ b/packages/templates/template-ext-vue/CHANGELOG.md
@ -1,15 +0,0 @@
-# template-ext-vue
-
-## 0.0.2
-
-### Patch Changes
-
- Updated dependencies
-  - @kksh/api@0.0.4
-
-## 0.0.1
-
-### Patch Changes
-
- Updated dependencies [fba6a49]
-  - @kksh/vue@0.0.1
--- a/packages/templates/template-ext-vue/package.json
+++ b/packages/templates/template-ext-vue/package.json
@ -1,8 +1,7 @@
 {
-	"$schema": "./node_modules/@kksh/api/dist/schema.json",
 	"name": "template-ext-vue",
 	"private": true,
-	"version": "0.0.2",
+	"version": "0.0.0",
 	"type": "module",
 	"scripts": {
 		"dev": "vite",
@ -18,17 +17,16 @@
 		"radix-vue": "^1.9.5",
 		"tailwind-merge": "^2.4.0",
 		"tailwindcss-animate": "^1.0.7",
-		"vue": "^3.4.31"
+		"vue": "^3.5.12"
 	},
 	"devDependencies": {
-		"@types/node": "^20.14.12",
-		"@vitejs/plugin-vue": "^5.0.5",
+		"@vitejs/plugin-vue": "^5.1.4",
 		"autoprefixer": "^10.4.20",
-		"postcss": "^8.4.47",
-		"tailwindcss": "^3.4.9",
-		"typescript": "^5.2.2",
-		"vite": "^5.4.9",
-		"vue-tsc": "^2.0.24"
+		"postcss": "^8.4.49",
+		"tailwindcss": "^3.4.15",
+		"typescript": "~5.6.2",
+		"vite": "^5.4.10",
+		"vue-tsc": "^2.1.8"
 	},
 	"kunkun": {
 		"name": "TODO: Change Display Name",
--- a/packages/templates/template-ext-vue/postcss.config.js
+++ b/packages/templates/template-ext-vue/postcss.config.js
@ -1,6 +1,6 @@
 export default {
 	plugins: {
 		tailwindcss: {},
-    autoprefixer: {},
-  },
-};
+		autoprefixer: {}
+	}
+}
--- a/packages/templates/template-ext-vue/src/index.css
+++ b/packages/templates/template-ext-vue/src/index.css
@ -1,80 +0,0 @@
-@import url("@kksh/vue/css");
-@import url("@kksh/vue/themes");
-@tailwind base;
-@tailwind components;
-@tailwind utilities;
- 
-@layer base {
-  :root {
-    --background: 0 0% 100%;
-    --foreground: 0 0% 3.9%;
- 
-    --muted: 0 0% 96.1%;
-    --muted-foreground: 0 0% 45.1%;
- 
-    --popover: 0 0% 100%;
-    --popover-foreground: 0 0% 3.9%;
- 
-    --card: 0 0% 100%;
-    --card-foreground: 0 0% 3.9%;
- 
-    --border: 0 0% 89.8%;
-    --input: 0 0% 89.8%;
- 
-    --primary: 0 0% 9%;
-    --primary-foreground: 0 0% 98%;
- 
-    --secondary: 0 0% 96.1%;
-    --secondary-foreground: 0 0% 9%;
- 
-    --accent: 0 0% 96.1%;
-    --accent-foreground: 0 0% 9%;
- 
-    --destructive: 0 84.2% 60.2%;
-    --destructive-foreground: 0 0% 98%;
- 
-    --ring: 0 0% 3.9%;
- 
-    --radius: 0.5rem;
-  }
- 
-  .dark {
-    --background: 0 0% 3.9%;
-    --foreground: 0 0% 98%;
- 
-    --muted: 0 0% 14.9%;
-    --muted-foreground: 0 0% 63.9%;
- 
-    --popover: 0 0% 3.9%;
-    --popover-foreground: 0 0% 98%;
- 
-    --card: 0 0% 3.9%;
-    --card-foreground: 0 0% 98%;
- 
-    --border: 0 0% 14.9%;
-    --input: 0 0% 14.9%;
- 
-    --primary: 0 0% 98%;
-    --primary-foreground: 0 0% 9%;
- 
-    --secondary: 0 0% 14.9%;
-    --secondary-foreground: 0 0% 98%;
- 
-    --accent: 0 0% 14.9%;
-    --accent-foreground: 0 0% 98%;
- 
-    --destructive: 0 62.8% 30.6%;
-    --destructive-foreground: 0 0% 98%;
- 
-    --ring: 0 0% 83.1%;
-  }
-}
- 
-@layer base {
-  * {
-    @apply border-border;
-  }
-  body {
-    @apply bg-background text-foreground;
-  }
-}
--- a/packages/templates/template-ext-vue/src/main.ts
+++ b/packages/templates/template-ext-vue/src/main.ts
@ -1,5 +1,5 @@
 import { createApp } from "vue"
-import "./index.css"
+import "./style.css"
 import App from "./App.vue"

 createApp(App).mount("#app")
--- a/packages/templates/template-ext-vue/src/style.css
+++ b/packages/templates/template-ext-vue/src/style.css
@ -0,0 +1,80 @@
+@import url("@kksh/vue/css");
+@import url("@kksh/vue/themes");
+@tailwind base;
+@tailwind components;
+@tailwind utilities;
+
+@layer base {
+	:root {
+		--background: 0 0% 100%;
+		--foreground: 0 0% 3.9%;
+
+		--muted: 0 0% 96.1%;
+		--muted-foreground: 0 0% 45.1%;
+
+		--popover: 0 0% 100%;
+		--popover-foreground: 0 0% 3.9%;
+
+		--card: 0 0% 100%;
+		--card-foreground: 0 0% 3.9%;
+
+		--border: 0 0% 89.8%;
+		--input: 0 0% 89.8%;
+
+		--primary: 0 0% 9%;
+		--primary-foreground: 0 0% 98%;
+
+		--secondary: 0 0% 96.1%;
+		--secondary-foreground: 0 0% 9%;
+
+		--accent: 0 0% 96.1%;
+		--accent-foreground: 0 0% 9%;
+
+		--destructive: 0 84.2% 60.2%;
+		--destructive-foreground: 0 0% 98%;
+
+		--ring: 0 0% 3.9%;
+
+		--radius: 0.5rem;
+	}
+
+	.dark {
+		--background: 0 0% 3.9%;
+		--foreground: 0 0% 98%;
+
+		--muted: 0 0% 14.9%;
+		--muted-foreground: 0 0% 63.9%;
+
+		--popover: 0 0% 3.9%;
+		--popover-foreground: 0 0% 98%;
+
+		--card: 0 0% 3.9%;
+		--card-foreground: 0 0% 98%;
+
+		--border: 0 0% 14.9%;
+		--input: 0 0% 14.9%;
+
+		--primary: 0 0% 98%;
+		--primary-foreground: 0 0% 9%;
+
+		--secondary: 0 0% 14.9%;
+		--secondary-foreground: 0 0% 98%;
+
+		--accent: 0 0% 14.9%;
+		--accent-foreground: 0 0% 98%;
+
+		--destructive: 0 62.8% 30.6%;
+		--destructive-foreground: 0 0% 98%;
+
+		--ring: 0 0% 83.1%;
+	}
+}
+
+@layer base {
+	* {
+		@apply border-border;
+	}
+	body {
+		@apply bg-background text-foreground;
+	}
+}
--- a/packages/templates/template-ext-vue/tailwind.config.js
+++ b/packages/templates/template-ext-vue/tailwind.config.js
@ -7,10 +7,10 @@ module.exports = {
 	prefix: "",

 	content: [
-    './pages/**/*.{ts,tsx,vue}',
-    './components/**/*.{ts,tsx,vue}',
-    './app/**/*.{ts,tsx,vue}',
-    './src/**/*.{ts,tsx,vue}',
+		"./pages/**/*.{ts,tsx,vue}",
+		"./components/**/*.{ts,tsx,vue}",
+		"./app/**/*.{ts,tsx,vue}",
+		"./src/**/*.{ts,tsx,vue}"
 	],

 	theme: {
@ -18,8 +18,8 @@ module.exports = {
 			center: true,
 			padding: "2rem",
 			screens: {
-        "2xl": "1400px",
-      },
+				"2xl": "1400px"
+			}
 		},
 		extend: {
 			colors: {
@ -30,64 +30,64 @@ module.exports = {
 				foreground: "hsl(var(--foreground))",
 				primary: {
 					DEFAULT: "hsl(var(--primary))",
-          foreground: "hsl(var(--primary-foreground))",
+					foreground: "hsl(var(--primary-foreground))"
 				},
 				secondary: {
 					DEFAULT: "hsl(var(--secondary))",
-          foreground: "hsl(var(--secondary-foreground))",
+					foreground: "hsl(var(--secondary-foreground))"
 				},
 				destructive: {
 					DEFAULT: "hsl(var(--destructive))",
-          foreground: "hsl(var(--destructive-foreground))",
+					foreground: "hsl(var(--destructive-foreground))"
 				},
 				muted: {
 					DEFAULT: "hsl(var(--muted))",
-          foreground: "hsl(var(--muted-foreground))",
+					foreground: "hsl(var(--muted-foreground))"
 				},
 				accent: {
 					DEFAULT: "hsl(var(--accent))",
-          foreground: "hsl(var(--accent-foreground))",
+					foreground: "hsl(var(--accent-foreground))"
 				},
 				popover: {
 					DEFAULT: "hsl(var(--popover))",
-          foreground: "hsl(var(--popover-foreground))",
+					foreground: "hsl(var(--popover-foreground))"
 				},
 				card: {
 					DEFAULT: "hsl(var(--card))",
-          foreground: "hsl(var(--card-foreground))",
-        },
+					foreground: "hsl(var(--card-foreground))"
+				}
 			},
 			borderRadius: {
 				xl: "calc(var(--radius) + 4px)",
 				lg: "var(--radius)",
 				md: "calc(var(--radius) - 2px)",
-        sm: "calc(var(--radius) - 4px)",
+				sm: "calc(var(--radius) - 4px)"
 			},
 			keyframes: {
 				"accordion-down": {
 					from: { height: 0 },
-          to: { height: "var(--radix-accordion-content-height)" },
+					to: { height: "var(--radix-accordion-content-height)" }
 				},
 				"accordion-up": {
 					from: { height: "var(--radix-accordion-content-height)" },
-          to: { height: 0 },
+					to: { height: 0 }
 				},
 				"collapsible-down": {
 					from: { height: 0 },
-          to: { height: 'var(--radix-collapsible-content-height)' },
+					to: { height: "var(--radix-collapsible-content-height)" }
 				},
 				"collapsible-up": {
-          from: { height: 'var(--radix-collapsible-content-height)' },
-          to: { height: 0 },
-        },
+					from: { height: "var(--radix-collapsible-content-height)" },
+					to: { height: 0 }
+				}
 			},
 			animation: {
 				"accordion-down": "accordion-down 0.2s ease-out",
 				"accordion-up": "accordion-up 0.2s ease-out",
 				"collapsible-down": "collapsible-down 0.2s ease-in-out",
-        "collapsible-up": "collapsible-up 0.2s ease-in-out",
+				"collapsible-up": "collapsible-up 0.2s ease-in-out"
+			}
+		}
 	},
-    },
-  },
-  plugins: [animate],
+	plugins: [animate]
 }
--- a/packages/templates/template-ext-vue/tsconfig.app.json
+++ b/packages/templates/template-ext-vue/tsconfig.app.json
@ -1,6 +1,5 @@
 {
 	"compilerOptions": {
-		"composite": true,
 		"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.app.tsbuildinfo",
 		"target": "ES2020",
 		"useDefineForClassFields": true,
@ -9,23 +8,19 @@
 		"skipLibCheck": true,

 		/* Bundler mode */
-		"moduleResolution": "bundler",
+		"moduleResolution": "Bundler",
 		"allowImportingTsExtensions": true,
-		"resolveJsonModule": true,
 		"isolatedModules": true,
 		"moduleDetection": "force",
 		"noEmit": true,
 		"jsx": "preserve",
-		"baseUrl": ".",
-		"paths": {
-			"@/*": ["./src/*"]
-		},

 		/* Linting */
 		"strict": true,
 		"noUnusedLocals": false,
 		"noUnusedParameters": false,
-		"noFallthroughCasesInSwitch": true
+		"noFallthroughCasesInSwitch": true,
+		"noUncheckedSideEffectImports": true
 	},
 	"include": ["src/**/*.ts", "src/**/*.tsx", "src/**/*.vue"]
 }
--- a/packages/templates/template-ext-vue/tsconfig.json
+++ b/packages/templates/template-ext-vue/tsconfig.json
@ -1,11 +1,4 @@
 {
 	"files": [],
-	"references": [
-		{
-			"path": "./tsconfig.app.json"
-		},
-		{
-			"path": "./tsconfig.node.json"
-		}
-	]
+	"references": [{ "path": "./tsconfig.app.json" }, { "path": "./tsconfig.node.json" }]
 }
--- a/packages/templates/template-ext-vue/tsconfig.node.json
+++ b/packages/templates/template-ext-vue/tsconfig.node.json
@ -1,13 +1,24 @@
 {
 	"compilerOptions": {
-		"composite": true,
 		"tsBuildInfoFile": "./node_modules/.tmp/tsconfig.node.tsbuildinfo",
-		"skipLibCheck": true,
+		"target": "ES2022",
+		"lib": ["ES2023"],
 		"module": "ESNext",
-		"moduleResolution": "bundler",
-		"allowSyntheticDefaultImports": true,
+		"skipLibCheck": true,
+
+		/* Bundler mode */
+		"moduleResolution": "Bundler",
+		"allowImportingTsExtensions": true,
+		"isolatedModules": true,
+		"moduleDetection": "force",
+		"noEmit": true,
+
+		/* Linting */
 		"strict": true,
-		"noEmit": true
+		"noUnusedLocals": true,
+		"noUnusedParameters": true,
+		"noFallthroughCasesInSwitch": true,
+		"noUncheckedSideEffectImports": true
 	},
 	"include": ["vite.config.ts"]
 }
--- a/packages/templates/template-ext-vue/vite.config.ts
+++ b/packages/templates/template-ext-vue/vite.config.ts
@ -1,19 +1,7 @@
-import path from "node:path"
 import vue from "@vitejs/plugin-vue"
-import autoprefixer from "autoprefixer"
 import { defineConfig } from "vite"

-// https://vitejs.dev/config/
+// https://vite.dev/config/
 export default defineConfig({
-	css: {
-		postcss: {
-			plugins: [autoprefixer()]
-		}
-	},
-	plugins: [vue()],
-	resolve: {
-		alias: {
-			"@": path.resolve(__dirname, "./src")
-		}
-	}
+	plugins: [vue()]
 })
--- a/pnpm-lock.yaml
+++ b/pnpm-lock.yaml
--- a/vendors/applications-rs
+++ b/vendors/applications-rs
@ -1 +1 @@
-Subproject commit 6b38505d8534d81d826d613527eb75fd8da4ede4
+Subproject commit ac41b051f0ebeac96213c6c32621b098634219ac