shiva-hack
diff --git a/‎.github/workflows/ci.yml‎
Lines changed: 107 additions & 0 deletions b/‎.github/workflows/ci.yml‎
Lines changed: 107 additions & 0 deletions
diff --git a/‎.github/workflows/release.yml‎
Lines changed: 123 additions & 0 deletions b/‎.github/workflows/release.yml‎
Lines changed: 123 additions & 0 deletions
diff --git a/‎.gitignore‎
Lines changed: 33 additions & 0 deletions b/‎.gitignore‎
Lines changed: 33 additions & 0 deletions
diff --git a/‎CLAUDE.md‎
Lines changed: 104 additions & 0 deletions b/‎CLAUDE.md‎
Lines changed: 104 additions & 0 deletions
@@ -0,0 +1,107 @@
+name: CI
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+
+jobs:
+  lint-frontend:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install dependencies
+        run: npm ci
+
+      - name: Type check
+        run: npx tsc --noEmit
+
+  test-rust:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          components: clippy, rustfmt
+
+      - name: Rust cache
+        uses: swatinem/rust-cache@v2
+        with:
+          workspaces: "./src-tauri -> target"
+
+      - name: Install Linux dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            libwebkit2gtk-4.1-dev \
+            libgtk-3-dev \
+            libayatana-appindicator3-dev \
+            librsvg2-dev \
+            libssl-dev
+
+      - name: Check formatting
+        working-directory: src-tauri
+        run: cargo fmt --check
+
+      - name: Clippy
+        working-directory: src-tauri
+        run: cargo clippy -- -D warnings
+
+      - name: Run tests
+        working-directory: src-tauri
+        run: cargo test
+
+  build-check:
+    needs: [lint-frontend, test-rust]
+    strategy:
+      fail-fast: false
+      matrix:
+        platform: [macos-latest, ubuntu-22.04, windows-latest]
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+
+      - name: Rust cache
+        uses: swatinem/rust-cache@v2
+        with:
+          workspaces: "./src-tauri -> target"
+
+      - name: Install Linux dependencies
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            libwebkit2gtk-4.1-dev \
+            libgtk-3-dev \
+            libayatana-appindicator3-dev \
+            librsvg2-dev \
+            libssl-dev
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install frontend dependencies
+        run: npm ci
+
+      - name: Build Tauri app
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          args: ""
@@ -0,0 +1,123 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - "v*"
+  workflow_dispatch:
+
+jobs:
+  create-release:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    outputs:
+      release_id: ${{ steps.create_release.outputs.id }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Create GitHub Release
+        id: create_release
+        uses: actions/create-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag_name: ${{ github.ref_name }}
+          release_name: DotEnv Vault ${{ github.ref_name }}
+          draft: true
+          prerelease: false
+          body: |
+            ## What's New
+
+            See the [full changelog](https://github.com/${{ github.repository }}/compare/.../${{ github.ref_name }}).
+
+            ## Downloads
+
+            | Platform | File |
+            |----------|------|
+            | macOS (Apple Silicon) | `.dmg` |
+            | macOS (Intel) | `.dmg` |
+            | Windows | `.msi` / `.exe` |
+            | Linux (Debian/Ubuntu) | `.deb` |
+            | Linux (AppImage) | `.AppImage` |
+
+  build:
+    needs: create-release
+    permissions:
+      contents: write
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+          - platform: macos-latest
+            args: --target aarch64-apple-darwin
+            rust_target: aarch64-apple-darwin
+          - platform: macos-latest
+            args: --target x86_64-apple-darwin
+            rust_target: x86_64-apple-darwin
+          - platform: ubuntu-22.04
+            args: ""
+            rust_target: ""
+          - platform: windows-latest
+            args: ""
+            rust_target: ""
+
+    runs-on: ${{ matrix.platform }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install Rust stable
+        uses: dtolnay/rust-toolchain@stable
+        with:
+          targets: ${{ matrix.rust_target }}
+
+      - name: Rust cache
+        uses: swatinem/rust-cache@v2
+        with:
+          workspaces: "./src-tauri -> target"
+
+      - name: Install Linux dependencies
+        if: matrix.platform == 'ubuntu-22.04'
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y \
+            libwebkit2gtk-4.1-dev \
+            libgtk-3-dev \
+            libayatana-appindicator3-dev \
+            librsvg2-dev \
+            libssl-dev \
+            patchelf
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+          cache: npm
+
+      - name: Install frontend dependencies
+        run: npm ci
+
+      - name: Build Tauri app
+        uses: tauri-apps/tauri-action@v0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          releaseId: ${{ needs.create-release.outputs.release_id }}
+          args: ${{ matrix.args }}
+
+  publish-release:
+    runs-on: ubuntu-latest
+    needs: [create-release, build]
+    permissions:
+      contents: write
+    steps:
+      - name: Publish release
+        uses: actions/github-script@v7
+        with:
+          script: |
+            github.rest.repos.updateRelease({
+              owner: context.repo.owner,
+              repo: context.repo.repo,
+              release_id: '${{ needs.create-release.outputs.release_id }}',
+              draft: false,
+            });
@@ -0,0 +1,33 @@
+# Dependencies
+node_modules/
+
+# Build output
+dist/
+src-tauri/target/
+
+# Environment files (ironic, but correct)
+.env
+.env.*
+
+# IDE
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS
+.DS_Store
+Thumbs.db
+
+# Logs
+*.log
+npm-debug.log*
+
+# Tauri
+src-tauri/gen/
+
+# SQLite database (user data, never commit)
+*.db
+*.db-journal
+*.db-wal
@@ -0,0 +1,104 @@
+# CLAUDE.md
+
+This file provides guidance to Claude Code when working with this repository.
+
+## Project Overview
+
+DotEnv Vault is a **Tauri 2.x desktop app** that discovers, catalogs, compares, and encrypts `.env` files across all your projects. It scans root directories, finds projects, parses their env files, and stores everything in an encrypted local SQLite vault.
+
+## Commands
+
+```bash
+npm install                # Install frontend dependencies
+npm run tauri dev          # Start Tauri development (requires Rust toolchain)
+npm run tauri build        # Production build
+npm run dev                # Start Vite dev server only (frontend)
+npm run build              # Build frontend only
+```
+
+### Prerequisites
+
+- **Rust** (stable, via rustup)
+- **Node.js** ≥ 18
+- **Tauri CLI**: `cargo install tauri-cli` (or use `npx tauri`)
+- **System deps** (Linux): `libwebkit2gtk-4.1-dev libgtk-3-dev libayatana-appindicator3-dev librsvg2-dev libssl-dev`
+
+## Tech Stack
+
+- **Shell**: Tauri 2.x (Rust backend, webview frontend)
+- **Backend**: Rust with rusqlite, aes-gcm, argon2, walkdir, notify
+- **Frontend**: React 19 + TypeScript + Tailwind CSS v4 + React Router v7
+- **Storage**: SQLite (via rusqlite with bundled feature)
+- **Encryption**: AES-256-GCM + Argon2id key derivation
+
+## Architecture
+
+### Rust Backend (`src-tauri/src/`)
+
+```
+src-tauri/src/
+├── main.rs           # Entry point
+├── lib.rs            # Tauri app setup, state management
+├── commands.rs       # All #[tauri::command] handlers
+├── db/
+│   ├── mod.rs        # Database struct, all CRUD operations
+│   └── schema.rs     # SQLite CREATE TABLE statements
+├── parser/
+│   └── mod.rs        # .env file parser + tier detection + ecosystem detection
+├── scanner/
+│   └── mod.rs        # Recursive filesystem scanner, project discovery
+├── crypto/
+│   └── mod.rs        # AES-256-GCM encryption, Argon2id key derivation, vault state
+├── watcher/
+│   └── mod.rs        # File system watcher (notify crate)
+└── search/
+    └── mod.rs        # Search filters + fuzzy matching
+```
+
+### React Frontend (`src/`)
+
+```
+src/
+├── main.tsx          # React entry point
+├── App.tsx           # Root component: routing, vault state, keyboard shortcuts
+├── index.css         # Tailwind v4 @theme tokens (design system)
+├── lib/
+│   └── tauri.ts      # Type definitions + invoke wrappers for all Tauri commands
+├── hooks/
+│   └── useVault.ts   # Vault state management hook
+├── components/
+│   ├── Sidebar.tsx   # Navigation sidebar with roots/projects tree
+│   ├── Header.tsx    # Top bar with search trigger + scan button
+│   ├── SearchPalette.tsx  # Cmd+K search palette
+│   └── TierBadge.tsx # Color-coded environment tier badge
+└── pages/
+    ├── SetupScreen.tsx      # First-time master password creation
+    ├── UnlockScreen.tsx     # Vault unlock screen
+    ├── ProjectsPage.tsx     # Overview dashboard with all projects
+    ├── ProjectDetailPage.tsx # Single project: env hierarchy tree + file table
+    ├── EnvFilePage.tsx      # Env file variables with masked/reveal values
+    ├── ComparisonPage.tsx   # Cross-environment comparison matrix
+    └── SettingsPage.tsx     # Vault settings, password change, export
+```
+
+### Design System
+
+Uses Tailwind v4's `@theme` directive. Key tokens:
+- `bg-bg` (#09090B) — main background
+- `bg-surface` (#18181B) — cards/panels
+- `bg-surface-2` (#27272A) — hover states
+- `text-accent` (#6366F1) — indigo accent
+- `text-green/yellow/red` — status colors
+- `font-ui` — Inter/system sans-serif
+- `font-code` — JetBrains Mono
+
+### Tauri Command Surface
+
+All frontend-to-backend calls go through `src/lib/tauri.ts` which wraps `invoke()` with typed APIs. Commands are registered in `lib.rs` via `generate_handler![]`.
+
+### Key Design Decisions
+
+- **Values encrypted, keys plaintext**: Variable names are stored unencrypted for instant search and comparison. Only secret values are AES-256-GCM encrypted.
+- **Vault state in OnceLock**: The encryption key lives in a process-global `OnceLock<Mutex<VaultState>>` so it's accessible across commands without being part of Tauri's managed state serialization.
+- **Stable project IDs**: Projects are identified by UUID, matched by (root_path, name) on re-scan to avoid duplication.
+- **Non-blocking scan**: Scanning runs in Tauri's command thread pool. The file watcher uses a separate thread.