rework error alerts

add passphrase reset
finish manage-credentials page and rework home screen
2024-06-28 20:35:18 -04:00 · 2024-06-28 11:19:52 -04:00 · 2024-06-28 06:25:55 -04:00 · 2024-06-26 22:24:44 -04:00 · 2024-06-26 15:01:07 -04:00 · 2024-06-26 11:10:50 -04:00
45 changed files with 2025 additions and 946 deletions
--- a/index.html
+++ b/index.html
@ -1,5 +1,5 @@
 <!DOCTYPE html>
-<html lang="en" data-theme="dark">
+<html lang="en" data-theme="creddy">
  <head>
    <meta charset="UTF-8" />
    <link rel="icon" type="image/svg+xml" href="/vite.svg" />
--- a/package-lock.json
+++ b/package-lock.json
@ -1,17 +1,17 @@
 {
  "name": "creddy",
-  "version": "0.4.7",
+  "version": "0.4.9",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "creddy",
-      "version": "0.4.7",
+      "version": "0.4.9",
      "dependencies": {
        "@tauri-apps/api": "^2.0.0-beta.13",
        "@tauri-apps/plugin-dialog": "^2.0.0-beta.5",
        "@tauri-apps/plugin-os": "^2.0.0-beta.5",
-        "daisyui": "^2.51.5"
+        "daisyui": "^4.12.8"
      },
      "devDependencies": {
        "@sveltejs/vite-plugin-svelte": "^1.0.1",
@ -27,6 +27,7 @@
      "version": "5.2.0",
      "resolved": "https://registry.npmjs.org/@alloc/quick-lru/-/quick-lru-5.2.0.tgz",
      "integrity": "sha512-UrcABB+4bUrFABwbluTIBErXwvbsU/V7TZWfmbgJfbkwiBuziS9gxdODUyuiecfdGQ85jglMW6juS3+z5TsKLw==",
      "dev": true,
      "engines": {
        "node": ">=10"
      },
@ -70,6 +71,7 @@
      "version": "8.0.2",
      "resolved": "https://registry.npmjs.org/@isaacs/cliui/-/cliui-8.0.2.tgz",
      "integrity": "sha512-O8jcjabXaleOG9DQ0+ARXWZBTfnP4WNAqzuiJK7ll44AmxGKv/J2M4TPjxjY3znBCfvBXFzucm1twdyFybFqEA==",
      "dev": true,
      "dependencies": {
        "string-width": "^5.1.2",
        "string-width-cjs": "npm:string-width@^4.2.0",
@ -86,6 +88,7 @@
      "version": "0.3.5",
      "resolved": "https://registry.npmjs.org/@jridgewell/gen-mapping/-/gen-mapping-0.3.5.tgz",
      "integrity": "sha512-IzL8ZoEDIBRWEzlCcRhOaCupYyN5gdIK+Q6fbFdPDg6HqX6jpkItn7DFIpW9LQzXG6Df9sA7+OKnq0qlz/GaQg==",
      "dev": true,
      "dependencies": {
        "@jridgewell/set-array": "^1.2.1",
        "@jridgewell/sourcemap-codec": "^1.4.10",
@ -99,6 +102,7 @@
      "version": "3.1.2",
      "resolved": "https://registry.npmjs.org/@jridgewell/resolve-uri/-/resolve-uri-3.1.2.tgz",
      "integrity": "sha512-bRISgCIjP20/tbWSPWMEi54QVPRZExkuD9lJL+UIxUKtwVJA8wW1Trb1jMs1RFXo1CBTNZ/5hpC9QvmKWdopKw==",
      "dev": true,
      "engines": {
        "node": ">=6.0.0"
      }
@ -107,6 +111,7 @@
      "version": "1.2.1",
      "resolved": "https://registry.npmjs.org/@jridgewell/set-array/-/set-array-1.2.1.tgz",
      "integrity": "sha512-R8gLRTZeyp03ymzP/6Lil/28tGeGEzhx1q2k703KGWRAI1VdvPIXdG70VJc2pAMw3NA6JKL5hhFu1sJX0Mnn/A==",
      "dev": true,
      "engines": {
        "node": ">=6.0.0"
      }
@ -114,12 +119,14 @@
    "node_modules/@jridgewell/sourcemap-codec": {
      "version": "1.4.15",
      "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.4.15.tgz",
-      "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg=="
+      "integrity": "sha512-eF2rxCRulEKXHTRiDrDy6erMYWqNw4LPdQ8UQA4huuxaQsVeRPFl2oM8oDGxMFhJUWZf9McpLtJasDDZb/Bpeg==",
      "dev": true
    },
    "node_modules/@jridgewell/trace-mapping": {
      "version": "0.3.25",
      "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.25.tgz",
      "integrity": "sha512-vNk6aEwybGtawWmy/PzwnGDOjCkLWSD2wqvjGGAgOAwCGWySYXfYoxt00IJkTF+8Lb57DwOb3Aa0o9CApepiYQ==",
      "dev": true,
      "dependencies": {
        "@jridgewell/resolve-uri": "^3.1.0",
        "@jridgewell/sourcemap-codec": "^1.4.14"
@ -129,6 +136,7 @@
      "version": "2.1.5",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.scandir/-/fs.scandir-2.1.5.tgz",
      "integrity": "sha512-vq24Bq3ym5HEQm2NKCr3yXDwjc7vTsEThRDnkp2DK9p1uqLR+DHurm/NOTo0KG7HYHU7eppKZj3MyqYuMBf62g==",
      "dev": true,
      "dependencies": {
        "@nodelib/fs.stat": "2.0.5",
        "run-parallel": "^1.1.9"
@ -141,6 +149,7 @@
      "version": "2.0.5",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.stat/-/fs.stat-2.0.5.tgz",
      "integrity": "sha512-RkhPPp2zrqDAQA/2jNhnztcPAlv64XdhIp7a7454A5ovI7Bukxgt7MX7udwAu3zg1DcpPU0rz3VV1SeaqvY4+A==",
      "dev": true,
      "engines": {
        "node": ">= 8"
      }
@ -149,6 +158,7 @@
      "version": "1.2.8",
      "resolved": "https://registry.npmjs.org/@nodelib/fs.walk/-/fs.walk-1.2.8.tgz",
      "integrity": "sha512-oGB+UxlgWcgQkgwo8GcEGwemoTFt3FIO9ababBmaGwXIoBKZ+GTy0pP185beGg7Llih/NSHSV2XAs1lnznocSg==",
      "dev": true,
      "dependencies": {
        "@nodelib/fs.scandir": "2.1.5",
        "fastq": "^1.6.0"
@ -161,6 +171,7 @@
      "version": "0.11.0",
      "resolved": "https://registry.npmjs.org/@pkgjs/parseargs/-/parseargs-0.11.0.tgz",
      "integrity": "sha512-+1VkjdD0QBLPodGrJUeqarH8VAIvQODIbwh9XpP5Syisf7YoQgsJKPNFoqqLQlu+VQ/tVSshMR6loPMn8U+dPg==",
      "dev": true,
      "optional": true,
      "engines": {
        "node": ">=14"
@ -409,6 +420,7 @@
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-6.0.1.tgz",
      "integrity": "sha512-n5M855fKb2SsfMIiFFoVrABHJC8QtHwVx+mHWP3QcEqBHYienj5dHSgjbxtC0WEZXYt4wcD6zrQElDPhFuZgfA==",
      "dev": true,
      "engines": {
        "node": ">=12"
      },
@ -420,6 +432,7 @@
      "version": "6.2.1",
      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-6.2.1.tgz",
      "integrity": "sha512-bN798gFfQX+viw3R7yrGWRqnrN2oRkEkUjjl4JNn4E8GxxbjtG3FbrEIIY3l8/hrwUwIeCZvi4QuOTP4MErVug==",
      "dev": true,
      "engines": {
        "node": ">=12"
      },
@ -430,12 +443,14 @@
    "node_modules/any-promise": {
      "version": "1.3.0",
      "resolved": "https://registry.npmjs.org/any-promise/-/any-promise-1.3.0.tgz",
-      "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A=="
+      "integrity": "sha512-7UvmKalWRt1wgjL1RrGxoSJW/0QZFIegpeGvZG9kjp8vrRu55XTHbwnqq2GpXm9uLbcuhxm3IqX9OB4MZR1b2A==",
      "dev": true
    },
    "node_modules/anymatch": {
      "version": "3.1.3",
      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.3.tgz",
      "integrity": "sha512-KMReFUr0B4t+D+OBkjR3KYqvocp2XaSzO55UcB6mgQMd3KbcE+mWTyvVV7D/zsdEbNnV6acZUutkiHQXvTr1Rw==",
      "dev": true,
      "dependencies": {
        "normalize-path": "^3.0.0",
        "picomatch": "^2.0.4"
@ -447,12 +462,14 @@
    "node_modules/arg": {
      "version": "5.0.2",
      "resolved": "https://registry.npmjs.org/arg/-/arg-5.0.2.tgz",
-      "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg=="
+      "integrity": "sha512-PYjyFOLKQ9y57JvQ6QLo8dAgNqswh8M1RMJYdQduT6xbWSgK36P/Z/v+p888pM69jMMfS8Xd8F6I1kQ/I9HUGg==",
      "dev": true
    },
    "node_modules/autoprefixer": {
      "version": "10.4.19",
      "resolved": "https://registry.npmjs.org/autoprefixer/-/autoprefixer-10.4.19.tgz",
      "integrity": "sha512-BaENR2+zBZ8xXhM4pUaKUxlVdxZ0EZhjvbopwnXmxRUfqDmwSpC2lAi/QXvx7NRdPCo1WKEcEF6mV64si1z4Ew==",
      "dev": true,
      "funding": [
        {
          "type": "opencollective",
@ -488,12 +505,14 @@
    "node_modules/balanced-match": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.2.tgz",
-      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw=="
+      "integrity": "sha512-3oSeUO0TMV67hN1AmbXsK4yaqU7tjiHlbxRDZOpH0KW9+CeX4bRAaX0Anxt0tx2MrpRpWwQaPwIlISEJhYU5Pw==",
      "dev": true
    },
    "node_modules/binary-extensions": {
      "version": "2.3.0",
      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.3.0.tgz",
      "integrity": "sha512-Ceh+7ox5qe7LJuLHoY0feh3pHuUDHAcRUeyL2VYghZwfpkNIy/+8Ocg0a3UuSoYzavmylwuLWQOf3hl0jjMMIw==",
      "dev": true,
      "engines": {
        "node": ">=8"
      },
@ -505,6 +524,7 @@
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
      "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
      "dev": true,
      "dependencies": {
        "balanced-match": "^1.0.0"
      }
@ -513,6 +533,7 @@
      "version": "3.0.3",
      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.3.tgz",
      "integrity": "sha512-yQbXgO/OSZVD2IsiLlro+7Hf6Q18EJrKSEsdoMzKePKXct3gvD8oLcOQdIzGupr5Fj+EDe8gO/lxc1BzfMpxvA==",
      "dev": true,
      "dependencies": {
        "fill-range": "^7.1.1"
      },
@ -524,6 +545,7 @@
      "version": "4.23.0",
      "resolved": "https://registry.npmjs.org/browserslist/-/browserslist-4.23.0.tgz",
      "integrity": "sha512-QW8HiM1shhT2GuzkvklfjcKDiWFXHOeFCIA/huJPwHsslwcydgk7X+z2zXpEijP98UCY7HbubZt5J2Zgvf0CaQ==",
      "dev": true,
      "funding": [
        {
          "type": "opencollective",
@ -563,6 +585,7 @@
      "version": "1.0.30001625",
      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001625.tgz",
      "integrity": "sha512-4KE9N2gcRH+HQhpeiRZXd+1niLB/XNLAhSy4z7fI8EzcbcPoAqjNInxVHTiTwWfTIV4w096XG8OtCOCQQKPv3w==",
      "dev": true,
      "funding": [
        {
          "type": "opencollective",
@ -582,6 +605,7 @@
      "version": "3.6.0",
      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.6.0.tgz",
      "integrity": "sha512-7VT13fmjotKpGipCW9JEQAusEPE+Ei8nl6/g4FBAmIm0GOOLMua9NDDo/DWp0ZAxCr3cPq5ZpBqmPAQgDda2Pw==",
      "dev": true,
      "dependencies": {
        "anymatch": "~3.1.2",
        "braces": "~3.0.2",
@ -605,6 +629,7 @@
      "version": "5.1.2",
      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
      "dev": true,
      "dependencies": {
        "is-glob": "^4.0.1"
      },
@ -612,22 +637,11 @@
        "node": ">= 6"
      }
    },
    "node_modules/color": {
      "version": "4.2.3",
      "resolved": "https://registry.npmjs.org/color/-/color-4.2.3.tgz",
      "integrity": "sha512-1rXeuUUiGGrykh+CeBdu5Ie7OJwinCgQY0bc7GCRxy5xVHy+moaqkpL/jqQq0MtQOeYcrqEz4abc5f0KtU7W4A==",
      "dependencies": {
        "color-convert": "^2.0.1",
        "color-string": "^1.9.0"
      },
      "engines": {
        "node": ">=12.5.0"
      }
    },
    "node_modules/color-convert": {
      "version": "2.0.1",
      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
      "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
      "dev": true,
      "dependencies": {
        "color-name": "~1.1.4"
      },
@ -638,21 +652,14 @@
    "node_modules/color-name": {
      "version": "1.1.4",
      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
-      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA=="
+      "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
-    },
+      "dev": true
    "node_modules/color-string": {
      "version": "1.9.1",
      "resolved": "https://registry.npmjs.org/color-string/-/color-string-1.9.1.tgz",
      "integrity": "sha512-shrVawQFojnZv6xM40anx4CkoDP+fZsw/ZerEMsW/pyzsRbElpsL/DBVW7q3ExxwusdNXI3lXpuhEZkzs8p5Eg==",
      "dependencies": {
        "color-name": "^1.0.0",
        "simple-swizzle": "^0.2.2"
      }
    },
    "node_modules/commander": {
      "version": "4.1.1",
      "resolved": "https://registry.npmjs.org/commander/-/commander-4.1.1.tgz",
      "integrity": "sha512-NOKm8xhkzAjzFx8B2v5OAHT+u5pRQc2UCa2Vq9jYL/31o2wi9mxBA7LIFs3sV5VSC49z6pEhfbMULvShKj26WA==",
      "dev": true,
      "engines": {
        "node": ">= 6"
      }
@ -661,6 +668,7 @@
      "version": "7.0.3",
      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
      "dev": true,
      "dependencies": {
        "path-key": "^3.1.0",
        "shebang-command": "^2.0.0",
@ -690,23 +698,30 @@
        "node": ">=4"
      }
    },
    "node_modules/culori": {
      "version": "3.3.0",
      "resolved": "https://registry.npmjs.org/culori/-/culori-3.3.0.tgz",
      "integrity": "sha512-pHJg+jbuFsCjz9iclQBqyL3B2HLCBF71BwVNujUYEvCeQMvV97R59MNK3R2+jgJ3a1fcZgI9B3vYgz8lzr/BFQ==",
      "engines": {
        "node": "^12.20.0 || ^14.13.1 || >=16.0.0"
      }
    },
    "node_modules/daisyui": {
-      "version": "2.52.0",
+      "version": "4.12.8",
-      "resolved": "https://registry.npmjs.org/daisyui/-/daisyui-2.52.0.tgz",
+      "resolved": "https://registry.npmjs.org/daisyui/-/daisyui-4.12.8.tgz",
-      "integrity": "sha512-LQTA5/IVXAJHBMFoeaEMfd7/akAFPPcdQPR3O9fzzcFiczneJFM73CFPnScmW2sOgn/D83cvkP854ep2T9OfTg==",
+      "integrity": "sha512-FDdh0z9BsWMI0VeUSwZy6rwp9frEuUgd83SCPOaCYV3iULPzcgTEQT3IlcAbMCrsriu2ziDYZfGOUwPYHkHrfw==",
      "dependencies": {
-        "color": "^4.2",
+        "css-selector-tokenizer": "^0.8",
-        "css-selector-tokenizer": "^0.8.0",
+        "culori": "^3",
-        "postcss-js": "^4.0.0",
+        "picocolors": "^1",
-        "tailwindcss": "^3"
+        "postcss-js": "^4"
      },
      "engines": {
        "node": ">=16.9.0"
      },
      "funding": {
        "type": "opencollective",
        "url": "https://opencollective.com/daisyui"
      },
      "peerDependencies": {
        "autoprefixer": "^10.0.2",
        "postcss": "^8.1.6"
      }
    },
    "node_modules/debug": {
@ -738,27 +753,32 @@
    "node_modules/didyoumean": {
      "version": "1.2.2",
      "resolved": "https://registry.npmjs.org/didyoumean/-/didyoumean-1.2.2.tgz",
-      "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw=="
+      "integrity": "sha512-gxtyfqMg7GKyhQmb056K7M3xszy/myH8w+B4RT+QXBQsvAOdc3XymqDDPHx1BgPgsdAA5SIifona89YtRATDzw==",
      "dev": true
    },
    "node_modules/dlv": {
      "version": "1.1.3",
      "resolved": "https://registry.npmjs.org/dlv/-/dlv-1.1.3.tgz",
-      "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA=="
+      "integrity": "sha512-+HlytyjlPKnIG8XuRG8WvmBP8xs8P71y+SKKS6ZXWoEgLuePxtDoUEiH7WkdePWrQ5JBpE6aoVqfZfJUQkjXwA==",
      "dev": true
    },
    "node_modules/eastasianwidth": {
      "version": "0.2.0",
      "resolved": "https://registry.npmjs.org/eastasianwidth/-/eastasianwidth-0.2.0.tgz",
-      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA=="
+      "integrity": "sha512-I88TYZWc9XiYHRQ4/3c5rjjfgkjhLyW2luGIheGERbNQ6OY7yTybanSpDXZa8y7VUP9YmDcYa+eyq4ca7iLqWA==",
      "dev": true
    },
    "node_modules/electron-to-chromium": {
      "version": "1.4.787",
      "resolved": "https://registry.npmjs.org/electron-to-chromium/-/electron-to-chromium-1.4.787.tgz",
-      "integrity": "sha512-d0EFmtLPjctczO3LogReyM2pbBiiZbnsKnGF+cdZhsYzHm/A0GV7W94kqzLD8SN4O3f3iHlgLUChqghgyznvCQ=="
+      "integrity": "sha512-d0EFmtLPjctczO3LogReyM2pbBiiZbnsKnGF+cdZhsYzHm/A0GV7W94kqzLD8SN4O3f3iHlgLUChqghgyznvCQ==",
      "dev": true
    },
    "node_modules/emoji-regex": {
      "version": "9.2.2",
      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-9.2.2.tgz",
-      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg=="
+      "integrity": "sha512-L18DaJsXSUk2+42pv8mLs5jJT2hqFkFE4j21wOmgbUqsZ2hL72NsUU785g9RXgo3s0ZNgVl42TiHp3ZtOv/Vyg==",
      "dev": true
    },
    "node_modules/esbuild": {
      "version": "0.15.18",
@ -1121,6 +1141,7 @@
      "version": "3.1.2",
      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.2.tgz",
      "integrity": "sha512-ErCHMCae19vR8vQGe50xIsVomy19rg6gFu3+r3jkEO46suLMWBksvVyoGgQV+jOfl84ZSOSlmv6Gxa89PmTGmA==",
      "dev": true,
      "engines": {
        "node": ">=6"
      }
@ -1129,6 +1150,7 @@
      "version": "3.3.2",
      "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.2.tgz",
      "integrity": "sha512-oX2ruAFQwf/Orj8m737Y5adxDQO0LAB7/S5MnxCdTNDd4p6BsyIVsv9JQsATbTSq8KHRpLwIHbVlUNatxd+1Ow==",
      "dev": true,
      "dependencies": {
        "@nodelib/fs.stat": "^2.0.2",
        "@nodelib/fs.walk": "^1.2.3",
@ -1144,6 +1166,7 @@
      "version": "5.1.2",
      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
      "dev": true,
      "dependencies": {
        "is-glob": "^4.0.1"
      },
@ -1160,6 +1183,7 @@
      "version": "1.17.1",
      "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.17.1.tgz",
      "integrity": "sha512-sRVD3lWVIXWg6By68ZN7vho9a1pQcN/WBFaAAsDDFzlJjvoGx0P8z7V1t72grFJfJhu3YPZBuu25f7Kaw2jN1w==",
      "dev": true,
      "dependencies": {
        "reusify": "^1.0.4"
      }
@ -1168,6 +1192,7 @@
      "version": "7.1.1",
      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.1.1.tgz",
      "integrity": "sha512-YsGpe3WHLK8ZYi4tWDg2Jy3ebRz2rXowDxnld4bkQB00cc/1Zw9AWnC0i9ztDJitivtQvaI9KaLyKrc+hBW0yg==",
      "dev": true,
      "dependencies": {
        "to-regex-range": "^5.0.1"
      },
@ -1179,6 +1204,7 @@
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-3.1.1.tgz",
      "integrity": "sha512-TMKDUnIte6bfb5nWv7V/caI169OHgvwjb7V4WkeUvbQQdjr5rWKqHFiKWb/fcOwB+CzBT+qbWjvj+DVwRskpIg==",
      "dev": true,
      "dependencies": {
        "cross-spawn": "^7.0.0",
        "signal-exit": "^4.0.1"
@ -1194,6 +1220,7 @@
      "version": "4.3.7",
      "resolved": "https://registry.npmjs.org/fraction.js/-/fraction.js-4.3.7.tgz",
      "integrity": "sha512-ZsDfxO51wGAXREY55a7la9LScWpwv9RxIrYABrlvOFBlH/ShPnrtsXeuUIfXKKOVicNxQ+o8JTbJvjS4M89yew==",
      "dev": true,
      "engines": {
        "node": "*"
      },
@ -1206,6 +1233,7 @@
      "version": "2.3.3",
      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.3.tgz",
      "integrity": "sha512-5xoDfX+fL7faATnagmWPpbFtwh/R77WmMMqqHGS65C3vvB0YHrgF+B1YmZ3441tMj5n63k0212XNoJwzlhffQw==",
      "dev": true,
      "hasInstallScript": true,
      "optional": true,
      "os": [
@ -1219,6 +1247,7 @@
      "version": "1.1.2",
      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.2.tgz",
      "integrity": "sha512-7XHNxH7qX9xG5mIwxkhumTox/MIRNcOgDrxWsMt2pAr23WHp6MrRlN7FBSFpCpr+oVO0F744iUgR82nJMfG2SA==",
      "dev": true,
      "funding": {
        "url": "https://github.com/sponsors/ljharb"
      }
@ -1227,6 +1256,7 @@
      "version": "10.4.1",
      "resolved": "https://registry.npmjs.org/glob/-/glob-10.4.1.tgz",
      "integrity": "sha512-2jelhlq3E4ho74ZyVLN03oKdAZVUa6UDZzFLVH1H7dnoax+y9qyaq8zBkfDIggjniU19z0wU18y16jMB2eyVIw==",
      "dev": true,
      "dependencies": {
        "foreground-child": "^3.1.0",
        "jackspeak": "^3.1.2",
@ -1248,6 +1278,7 @@
      "version": "6.0.2",
      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-6.0.2.tgz",
      "integrity": "sha512-XxwI8EOhVQgWp6iDL+3b0r86f4d6AX6zSU55HfB4ydCEuXLXc5FcYeOu+nnGftS4TEju/11rt4KJPTMgbfmv4A==",
      "dev": true,
      "dependencies": {
        "is-glob": "^4.0.3"
      },
@ -1259,6 +1290,7 @@
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/hasown/-/hasown-2.0.2.tgz",
      "integrity": "sha512-0hJU9SCPvmMzIBdZFqNPXWa6dqh7WdH0cII9y+CyS8rG3nL48Bclra9HmKhVVUHyPWNH5Y7xDwAB7bfgSjkUMQ==",
      "dev": true,
      "dependencies": {
        "function-bind": "^1.1.2"
      },
@ -1266,15 +1298,11 @@
        "node": ">= 0.4"
      }
    },
    "node_modules/is-arrayish": {
      "version": "0.3.2",
      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.3.2.tgz",
      "integrity": "sha512-eVRqCvVlZbuw3GrM63ovNSNAeA1K16kaR/LRY/92w0zxQ5/1YzwblUX652i4Xs9RwAGjW9d9y6X88t8OaAJfWQ=="
    },
    "node_modules/is-binary-path": {
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
      "dev": true,
      "dependencies": {
        "binary-extensions": "^2.0.0"
      },
@ -1286,6 +1314,7 @@
      "version": "2.13.1",
      "resolved": "https://registry.npmjs.org/is-core-module/-/is-core-module-2.13.1.tgz",
      "integrity": "sha512-hHrIjvZsftOsvKSn2TRYl63zvxsgE0K+0mYMoH6gD4omR5IWB2KynivBQczo3+wF1cCkjzvptnI9Q0sPU66ilw==",
      "dev": true,
      "dependencies": {
        "hasown": "^2.0.0"
      },
@ -1297,6 +1326,7 @@
      "version": "2.1.1",
      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
      "integrity": "sha512-SbKbANkN603Vi4jEZv49LeVJMn4yGwsbzZworEoyEiutsN3nJYdbO36zfhGJ6QEDpOZIFkDtnq5JRxmvl3jsoQ==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
      }
@ -1305,6 +1335,7 @@
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
      "dev": true,
      "engines": {
        "node": ">=8"
      }
@ -1313,6 +1344,7 @@
      "version": "4.0.3",
      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
      "dev": true,
      "dependencies": {
        "is-extglob": "^2.1.1"
      },
@ -1324,6 +1356,7 @@
      "version": "7.0.0",
      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
      "dev": true,
      "engines": {
        "node": ">=0.12.0"
      }
@ -1331,12 +1364,14 @@
    "node_modules/isexe": {
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw=="
+      "integrity": "sha512-RHxMLp9lnKHGHRng9QFhRCMbYAcVpn69smSGcq3f36xjgVVWThj4qqLbTLlq7Ssj8B+fIQ1EuCEGI2lKsyQeIw==",
      "dev": true
    },
    "node_modules/jackspeak": {
      "version": "3.1.2",
      "resolved": "https://registry.npmjs.org/jackspeak/-/jackspeak-3.1.2.tgz",
      "integrity": "sha512-kWmLKn2tRtfYMF/BakihVVRzBKOxz4gJMiL2Rj91WnAB5TPZumSH99R/Yf1qE1u4uRimvCSJfm6hnxohXeEXjQ==",
      "dev": true,
      "dependencies": {
        "@isaacs/cliui": "^8.0.2"
      },
@ -1354,6 +1389,7 @@
      "version": "1.21.0",
      "resolved": "https://registry.npmjs.org/jiti/-/jiti-1.21.0.tgz",
      "integrity": "sha512-gFqAIbuKyyso/3G2qhiO2OM6shY6EPP/R0+mkDbyspxKazh8BXDC5FiFsUjlczgdNz/vfra0da2y+aHrusLG/Q==",
      "dev": true,
      "bin": {
        "jiti": "bin/jiti.js"
      }
@ -1371,6 +1407,7 @@
      "version": "2.1.0",
      "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-2.1.0.tgz",
      "integrity": "sha512-utWOt/GHzuUxnLKxB6dk81RoOeoNeHgbrXiuGk4yyF5qlRz+iIVWu56E2fqGHFrXz0QNUhLB/8nKqvRH66JKGQ==",
      "dev": true,
      "engines": {
        "node": ">=10"
      }
@ -1378,12 +1415,14 @@
    "node_modules/lines-and-columns": {
      "version": "1.2.4",
      "resolved": "https://registry.npmjs.org/lines-and-columns/-/lines-and-columns-1.2.4.tgz",
-      "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg=="
+      "integrity": "sha512-7ylylesZQ/PV29jhEDl3Ufjo6ZX7gCqJr5F7PKrqc93v7fzSymt1BpwEU8nAUXs8qzzvqhbjhK5QZg6Mt/HkBg==",
      "dev": true
    },
    "node_modules/lru-cache": {
      "version": "10.2.2",
      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-10.2.2.tgz",
      "integrity": "sha512-9hp3Vp2/hFQUiIwKo8XCeFVnrg8Pk3TYNPIR7tJADKi5YfcF7vEaK7avFHTlSy3kOKYaJQaalfEo6YuXdceBOQ==",
      "dev": true,
      "engines": {
        "node": "14 || >=16.14"
      }
@ -1404,6 +1443,7 @@
      "version": "1.4.1",
      "resolved": "https://registry.npmjs.org/merge2/-/merge2-1.4.1.tgz",
      "integrity": "sha512-8q7VEgMJW4J8tcfVPy8g09NcQwZdbwFEqhe/WZkoIzjn/3TGDwtOCYtXGxA3O8tPzpczCCDgv+P2P5y00ZJOOg==",
      "dev": true,
      "engines": {
        "node": ">= 8"
      }
@ -1412,6 +1452,7 @@
      "version": "4.0.7",
      "resolved": "https://registry.npmjs.org/micromatch/-/micromatch-4.0.7.tgz",
      "integrity": "sha512-LPP/3KorzCwBxfeUuZmaR6bG2kdeHSbe0P2tY3FLRU4vYrjYz5hI4QZwV0njUx3jeuKe67YukQ1LSPZBKDqO/Q==",
      "dev": true,
      "dependencies": {
        "braces": "^3.0.3",
        "picomatch": "^2.3.1"
@ -1424,6 +1465,7 @@
      "version": "9.0.4",
      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-9.0.4.tgz",
      "integrity": "sha512-KqWh+VchfxcMNRAJjj2tnsSJdNbHsVgnkBhTNrW7AjVo6OvLtxw8zfT9oLw1JSohlFzJ8jCoTgaoXvJ+kHt6fw==",
      "dev": true,
      "dependencies": {
        "brace-expansion": "^2.0.1"
      },
@ -1438,6 +1480,7 @@
      "version": "7.1.2",
      "resolved": "https://registry.npmjs.org/minipass/-/minipass-7.1.2.tgz",
      "integrity": "sha512-qOOzS1cBTWYF4BH8fVePDBOO9iptMnGUEZwNc/cMWnTV2nVLZ7VoNWEPHkYczZA0pdoA7dl6e7FL659nX9S2aw==",
      "dev": true,
      "engines": {
        "node": ">=16 || 14 >=14.17"
      }
@ -1452,6 +1495,7 @@
      "version": "2.7.0",
      "resolved": "https://registry.npmjs.org/mz/-/mz-2.7.0.tgz",
      "integrity": "sha512-z81GNO7nnYMEhrGh9LeymoE4+Yr0Wn5McHIZMK5cfQCl+NDX08sCZgUc9/6MHni9IWuFLm1Z3HTCXu2z9fN62Q==",
      "dev": true,
      "dependencies": {
        "any-promise": "^1.0.0",
        "object-assign": "^4.0.1",
@ -1478,12 +1522,14 @@
    "node_modules/node-releases": {
      "version": "2.0.14",
      "resolved": "https://registry.npmjs.org/node-releases/-/node-releases-2.0.14.tgz",
-      "integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw=="
+      "integrity": "sha512-y10wOWt8yZpqXmOgRo77WaHEmhYQYGNA6y421PKsKYWEK8aW+cqAphborZDhqfyKrbZEN92CN1X2KbafY2s7Yw==",
      "dev": true
    },
    "node_modules/normalize-path": {
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
      }
@ -1492,6 +1538,7 @@
      "version": "0.1.2",
      "resolved": "https://registry.npmjs.org/normalize-range/-/normalize-range-0.1.2.tgz",
      "integrity": "sha512-bdok/XvKII3nUpklnV6P2hxtMNrCboOjAcyBuQnWEhO665FwrSNRxU+AqpsyvO6LgGYPspN+lu5CLtw4jPRKNA==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
      }
@ -1500,6 +1547,7 @@
      "version": "4.1.1",
      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
      "integrity": "sha512-rJgTQnkUnH1sFw8yT6VSU3zD3sWmu6sZhIseY8VX+GRu3P6F7Fu+JNDoXfklElbLJSnc3FUQHVe4cU5hj+BcUg==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
      }
@ -1508,6 +1556,7 @@
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/object-hash/-/object-hash-3.0.0.tgz",
      "integrity": "sha512-RSn9F68PjH9HqtltsSnqYC1XXoWe9Bju5+213R98cNGttag9q9yAOTzdbsqvIa7aNm5WffBZFpWYr2aWrklWAw==",
      "dev": true,
      "engines": {
        "node": ">= 6"
      }
@ -1516,6 +1565,7 @@
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
      "dev": true,
      "engines": {
        "node": ">=8"
      }
@ -1523,12 +1573,14 @@
    "node_modules/path-parse": {
      "version": "1.0.7",
      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
-      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw=="
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
      "dev": true
    },
    "node_modules/path-scurry": {
      "version": "1.11.1",
      "resolved": "https://registry.npmjs.org/path-scurry/-/path-scurry-1.11.1.tgz",
      "integrity": "sha512-Xa4Nw17FS9ApQFJ9umLiJS4orGjm7ZzwUrwamcGQuHSzDyth9boKDaycYdDcZDuqYATXw4HFXgaqWTctW/v1HA==",
      "dev": true,
      "dependencies": {
        "lru-cache": "^10.2.0",
        "minipass": "^5.0.0 || ^6.0.2 || ^7.0.0"
@ -1549,6 +1601,7 @@
      "version": "2.3.1",
      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
      "dev": true,
      "engines": {
        "node": ">=8.6"
      },
@ -1560,6 +1613,7 @@
      "version": "2.3.0",
      "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
      "integrity": "sha512-udgsAY+fTnvv7kI7aaxbqwWNb0AHiB0qBO89PZKPkoTmGOgdbrHDKD+0B2X4uTfJ/FT1R09r9gTsjUjNJotuog==",
      "dev": true,
      "engines": {
        "node": ">=0.10.0"
      }
@ -1568,6 +1622,7 @@
      "version": "4.0.6",
      "resolved": "https://registry.npmjs.org/pirates/-/pirates-4.0.6.tgz",
      "integrity": "sha512-saLsH7WeYYPiD25LDuLRRY/i+6HaPYr6G1OUlN39otzkSTxKnubR9RTxS3/Kk50s1g2JTgFwWQDQyplC5/SHZg==",
      "dev": true,
      "engines": {
        "node": ">= 6"
      }
@ -1603,6 +1658,7 @@
      "version": "15.1.0",
      "resolved": "https://registry.npmjs.org/postcss-import/-/postcss-import-15.1.0.tgz",
      "integrity": "sha512-hpr+J05B2FVYUAXHeK1YyI267J/dDDhMU6B6civm8hSY1jYJnBXxzKDKDswzJmtLHryrjhnDjqqp/49t8FALew==",
      "dev": true,
      "dependencies": {
        "postcss-value-parser": "^4.0.0",
        "read-cache": "^1.0.0",
@ -1637,6 +1693,7 @@
      "version": "4.0.2",
      "resolved": "https://registry.npmjs.org/postcss-load-config/-/postcss-load-config-4.0.2.tgz",
      "integrity": "sha512-bSVhyJGL00wMVoPUzAVAnbEoWyqRxkjv64tUl427SKnPrENtq6hJwUojroMz2VB+Q1edmi4IfrAPpami5VVgMQ==",
      "dev": true,
      "funding": [
        {
          "type": "opencollective",
@ -1671,6 +1728,7 @@
      "version": "3.1.1",
      "resolved": "https://registry.npmjs.org/lilconfig/-/lilconfig-3.1.1.tgz",
      "integrity": "sha512-O18pf7nyvHTckunPWCV1XUNXU1piu01y2b7ATJ0ppkUkk8ocqVWBrYjJBCwHDjD/ZWcfyrA0P4gKhzWGi5EINQ==",
      "dev": true,
      "engines": {
        "node": ">=14"
      },
@ -1682,6 +1740,7 @@
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/postcss-nested/-/postcss-nested-6.0.1.tgz",
      "integrity": "sha512-mEp4xPMi5bSWiMbsgoPfcP74lsWLHkQbZc3sY+jWYd65CUwXrUaTp0fmNpa01ZcETKlIgUdFN/MpS2xZtqL9dQ==",
      "dev": true,
      "dependencies": {
        "postcss-selector-parser": "^6.0.11"
      },
@ -1700,6 +1759,7 @@
      "version": "6.1.0",
      "resolved": "https://registry.npmjs.org/postcss-selector-parser/-/postcss-selector-parser-6.1.0.tgz",
      "integrity": "sha512-UMz42UD0UY0EApS0ZL9o1XnLhSTtvvvLe5Dc2H2O56fvRZi+KulDyf5ctDhhtYJBGKStV2FL1fy6253cmLgqVQ==",
      "dev": true,
      "dependencies": {
        "cssesc": "^3.0.0",
        "util-deprecate": "^1.0.2"
@ -1711,12 +1771,14 @@
    "node_modules/postcss-value-parser": {
      "version": "4.2.0",
      "resolved": "https://registry.npmjs.org/postcss-value-parser/-/postcss-value-parser-4.2.0.tgz",
-      "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ=="
+      "integrity": "sha512-1NNCs6uurfkVbeXG4S8JFT9t19m45ICnif8zWLd5oPSZ50QnwMfK+H3jv408d4jw/7Bttv5axS5IiHoLaVNHeQ==",
      "dev": true
    },
    "node_modules/queue-microtask": {
      "version": "1.2.3",
      "resolved": "https://registry.npmjs.org/queue-microtask/-/queue-microtask-1.2.3.tgz",
      "integrity": "sha512-NuaNSa6flKT5JaSYQzJok04JzTL1CA6aGhv5rfLW3PgqA+M2ChpZQnAC8h8i4ZFkBS8X5RqkDBHA7r4hej3K9A==",
      "dev": true,
      "funding": [
        {
          "type": "github",
@ -1736,6 +1798,7 @@
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/read-cache/-/read-cache-1.0.0.tgz",
      "integrity": "sha512-Owdv/Ft7IjOgm/i0xvNDZ1LrRANRfew4b2prF3OWMQLxLfu3bS8FVhCsrSCMK4lR56Y9ya+AThoTpDCTxCmpRA==",
      "dev": true,
      "dependencies": {
        "pify": "^2.3.0"
      }
@ -1744,6 +1807,7 @@
      "version": "3.6.0",
      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
      "dev": true,
      "dependencies": {
        "picomatch": "^2.2.1"
      },
@ -1755,6 +1819,7 @@
      "version": "1.22.8",
      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.22.8.tgz",
      "integrity": "sha512-oKWePCxqpd6FlLvGV1VU0x7bkPmmCNolxzjMf4NczoDnQcIWrAF+cPtZn5i6n+RfD2d9i0tzpKnG6Yk168yIyw==",
      "dev": true,
      "dependencies": {
        "is-core-module": "^2.13.0",
        "path-parse": "^1.0.7",
@ -1771,6 +1836,7 @@
      "version": "1.0.4",
      "resolved": "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz",
      "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==",
      "dev": true,
      "engines": {
        "iojs": ">=1.0.0",
        "node": ">=0.10.0"
@ -1795,6 +1861,7 @@
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.2.0.tgz",
      "integrity": "sha512-5l4VyZR86LZ/lDxZTR6jqL8AFE2S0IFLMP26AbjsLVADxHdhB/c0GUsH+y39UfCi3dzz8OlQuPmnaJOMoDHQBA==",
      "dev": true,
      "funding": [
        {
          "type": "github",
@ -1817,6 +1884,7 @@
      "version": "2.0.0",
      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
      "dev": true,
      "dependencies": {
        "shebang-regex": "^3.0.0"
      },
@ -1828,6 +1896,7 @@
      "version": "3.0.0",
      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
      "dev": true,
      "engines": {
        "node": ">=8"
      }
@ -1836,6 +1905,7 @@
      "version": "4.1.0",
      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-4.1.0.tgz",
      "integrity": "sha512-bzyZ1e88w9O1iNJbKnOlvYTrWPDl46O1bG0D3XInv+9tkPrxrN8jUUTiFlDkkmKWgn1M6CfIA13SuGqOa9Korw==",
      "dev": true,
      "engines": {
        "node": ">=14"
      },
@ -1843,14 +1913,6 @@
        "url": "https://github.com/sponsors/isaacs"
      }
    },
    "node_modules/simple-swizzle": {
      "version": "0.2.2",
      "resolved": "https://registry.npmjs.org/simple-swizzle/-/simple-swizzle-0.2.2.tgz",
      "integrity": "sha512-JA//kQgZtbuY83m+xT+tXJkmJncGMTFT+C+g2h2R9uxkYIrE2yy9sgmcLhCnw57/WSD+Eh3J97FPEDFnbXnDUg==",
      "dependencies": {
        "is-arrayish": "^0.3.1"
      }
    },
    "node_modules/source-map-js": {
      "version": "1.2.0",
      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz",
@ -1870,6 +1932,7 @@
      "version": "5.1.2",
      "resolved": "https://registry.npmjs.org/string-width/-/string-width-5.1.2.tgz",
      "integrity": "sha512-HnLOCR3vjcY8beoNLtcjZ5/nxn2afmME6lhrDrebokqMap+XbeW8n9TXpPDOqdGK5qcI3oT0GKTW6wC7EMiVqA==",
      "dev": true,
      "dependencies": {
        "eastasianwidth": "^0.2.0",
        "emoji-regex": "^9.2.2",
@ -1887,6 +1950,7 @@
      "version": "4.2.3",
      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
      "dev": true,
      "dependencies": {
        "emoji-regex": "^8.0.0",
        "is-fullwidth-code-point": "^3.0.0",
@ -1900,6 +1964,7 @@
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
      "dev": true,
      "engines": {
        "node": ">=8"
      }
@ -1907,12 +1972,14 @@
    "node_modules/string-width-cjs/node_modules/emoji-regex": {
      "version": "8.0.0",
      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
      "dev": true
    },
    "node_modules/string-width-cjs/node_modules/strip-ansi": {
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
      "dev": true,
      "dependencies": {
        "ansi-regex": "^5.0.1"
      },
@ -1924,6 +1991,7 @@
      "version": "7.1.0",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-7.1.0.tgz",
      "integrity": "sha512-iq6eVVI64nQQTRYq2KtEg2d2uU7LElhTJwsH4YzIHZshxlgZms/wIc4VoDQTlG/IvVIrBKG06CrZnp0qv7hkcQ==",
      "dev": true,
      "dependencies": {
        "ansi-regex": "^6.0.1"
      },
@ -1939,6 +2007,7 @@
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
      "dev": true,
      "dependencies": {
        "ansi-regex": "^5.0.1"
      },
@ -1950,6 +2019,7 @@
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
      "dev": true,
      "engines": {
        "node": ">=8"
      }
@ -1958,6 +2028,7 @@
      "version": "3.35.0",
      "resolved": "https://registry.npmjs.org/sucrase/-/sucrase-3.35.0.tgz",
      "integrity": "sha512-8EbVDiu9iN/nESwxeSxDKe0dunta1GOlHufmSSXxMD2z2/tMZpDMpvXQGsc+ajGo8y2uYUmixaSRUc/QPoQ0GA==",
      "dev": true,
      "dependencies": {
        "@jridgewell/gen-mapping": "^0.3.2",
        "commander": "^4.0.0",
@ -1979,6 +2050,7 @@
      "version": "1.0.0",
      "resolved": "https://registry.npmjs.org/supports-preserve-symlinks-flag/-/supports-preserve-symlinks-flag-1.0.0.tgz",
      "integrity": "sha512-ot0WnXS9fgdkgIcePe6RHNk1WA8+muPa6cSjeR3V8K27q9BB1rTE3R1p7Hv0z1ZyAc8s6Vvv8DIyWf681MAt0w==",
      "dev": true,
      "engines": {
        "node": ">= 0.4"
      },
@ -2011,6 +2083,7 @@
      "version": "3.4.3",
      "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-3.4.3.tgz",
      "integrity": "sha512-U7sxQk/n397Bmx4JHbJx/iSOOv5G+II3f1kpLpY2QeUv5DcPdcTsYLlusZfq1NthHS1c1cZoyFmmkex1rzke0A==",
      "dev": true,
      "dependencies": {
        "@alloc/quick-lru": "^5.2.0",
        "arg": "^5.0.2",
@ -2047,6 +2120,7 @@
      "version": "3.3.1",
      "resolved": "https://registry.npmjs.org/thenify/-/thenify-3.3.1.tgz",
      "integrity": "sha512-RVZSIV5IG10Hk3enotrhvz0T9em6cyHBLkH/YAZuKqd8hRkKhSfCGIcP2KUY0EPxndzANBmNllzWPwak+bheSw==",
      "dev": true,
      "dependencies": {
        "any-promise": "^1.0.0"
      }
@ -2055,6 +2129,7 @@
      "version": "1.6.0",
      "resolved": "https://registry.npmjs.org/thenify-all/-/thenify-all-1.6.0.tgz",
      "integrity": "sha512-RNxQH/qI8/t3thXJDwcstUO4zeqo64+Uy/+sNVRBx4Xn2OX+OZ9oP+iJnNFqplFra2ZUVeKCSa2oVWi3T4uVmA==",
      "dev": true,
      "dependencies": {
        "thenify": ">= 3.1.0 < 4"
      },
@ -2066,6 +2141,7 @@
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
      "dev": true,
      "dependencies": {
        "is-number": "^7.0.0"
      },
@ -2076,12 +2152,14 @@
    "node_modules/ts-interface-checker": {
      "version": "0.1.13",
      "resolved": "https://registry.npmjs.org/ts-interface-checker/-/ts-interface-checker-0.1.13.tgz",
-      "integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA=="
+      "integrity": "sha512-Y/arvbn+rrz3JCKl9C4kVNfTfSm2/mEp5FSz5EsZSANGPSlQrpRI5M4PKF+mJnE52jOO90PnPSc3Ur3bTQw0gA==",
      "dev": true
    },
    "node_modules/update-browserslist-db": {
      "version": "1.0.16",
      "resolved": "https://registry.npmjs.org/update-browserslist-db/-/update-browserslist-db-1.0.16.tgz",
      "integrity": "sha512-KVbTxlBYlckhF5wgfyZXTWnMn7MMZjMu9XG8bPlliUOP9ThaF4QnhP8qrjrH7DRzHfSk0oQv1wToW+iA5GajEQ==",
      "dev": true,
      "funding": [
        {
          "type": "opencollective",
@ -2110,7 +2188,8 @@
    "node_modules/util-deprecate": {
      "version": "1.0.2",
      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw=="
+      "integrity": "sha512-EPD5q1uXyFxJpCrLnCc1nHnq3gOa6DZBocAIiI2TaSCA7VCJ1UJDMagCzIkXNsUYfD1daK//LTEQ8xiIbrHtcw==",
      "dev": true
    },
    "node_modules/vite": {
      "version": "3.2.10",
@ -2179,6 +2258,7 @@
      "version": "2.0.2",
      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
      "dev": true,
      "dependencies": {
        "isexe": "^2.0.0"
      },
@ -2193,6 +2273,7 @@
      "version": "8.1.0",
      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-8.1.0.tgz",
      "integrity": "sha512-si7QWI6zUMq56bESFvagtmzMdGOtoxfR+Sez11Mobfc7tm+VkUckk9bW2UeffTGVUbOksxmSw0AA2gs8g71NCQ==",
      "dev": true,
      "dependencies": {
        "ansi-styles": "^6.1.0",
        "string-width": "^5.0.1",
@ -2210,6 +2291,7 @@
      "version": "7.0.0",
      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
      "dev": true,
      "dependencies": {
        "ansi-styles": "^4.0.0",
        "string-width": "^4.1.0",
@ -2226,6 +2308,7 @@
      "version": "5.0.1",
      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
      "dev": true,
      "engines": {
        "node": ">=8"
      }
@ -2234,6 +2317,7 @@
      "version": "4.3.0",
      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
      "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
      "dev": true,
      "dependencies": {
        "color-convert": "^2.0.1"
      },
@ -2247,12 +2331,14 @@
    "node_modules/wrap-ansi-cjs/node_modules/emoji-regex": {
      "version": "8.0.0",
      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
-      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A=="
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
      "dev": true
    },
    "node_modules/wrap-ansi-cjs/node_modules/string-width": {
      "version": "4.2.3",
      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
      "dev": true,
      "dependencies": {
        "emoji-regex": "^8.0.0",
        "is-fullwidth-code-point": "^3.0.0",
@ -2266,6 +2352,7 @@
      "version": "6.0.1",
      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
      "dev": true,
      "dependencies": {
        "ansi-regex": "^5.0.1"
      },
@ -2277,6 +2364,7 @@
      "version": "2.4.2",
      "resolved": "https://registry.npmjs.org/yaml/-/yaml-2.4.2.tgz",
      "integrity": "sha512-B3VqDZ+JAg1nZpaEmWtTXUlBneoGx6CPM9b0TENK6aoSu5t73dItudwdgmi6tHlIZZId4dZ9skcAQ2UbcyAeVA==",
      "dev": true,
      "bin": {
        "yaml": "bin.mjs"
      },
--- a/package.json
+++ b/package.json
@ -20,6 +20,6 @@
    "@tauri-apps/api": "^2.0.0-beta.13",
    "@tauri-apps/plugin-dialog": "^2.0.0-beta.5",
    "@tauri-apps/plugin-os": "^2.0.0-beta.5",
-    "daisyui": "^2.51.5"
+    "daisyui": "^4.12.8"
  }
 }
--- a/src-tauri/migrations/20240617142724_credential_split.sql
+++ b/src-tauri/migrations/20240617142724_credential_split.sql
@ -41,13 +41,14 @@ CREATE TABLE credentials (
    -- id is a UUID so we can generate it on the frontend
    id BLOB UNIQUE NOT NULL,
    name TEXT UNIQUE NOT NULL,
-    type TEXT NOT NULL,
+    credential_type TEXT NOT NULL,
    is_default BOOLEAN NOT NULL,
    created_at INTEGER NOT NULL
 );
 -- populate with basic data from existing AWS credential
-INSERT INTO credentials (id, name, type, created_at)
+INSERT INTO credentials (id, name, credential_type, is_default, created_at)
-SELECT id, 'default', 'aws', created_at FROM aws_tmp;
+SELECT id, 'default', 'aws', 1, created_at FROM aws_tmp;
 -- new AWS-specific table
 CREATE TABLE aws_credentials (
--- a/src-tauri/src/app.rs
+++ b/src-tauri/src/app.rs
@ -46,6 +46,7 @@ pub fn run() -> tauri::Result<()> {
        .invoke_handler(tauri::generate_handler![
            ipc::unlock,
            ipc::lock,
            ipc::reset_session,
            ipc::set_passphrase,
            ipc::respond,
            ipc::get_session_status,
@ -57,6 +58,7 @@ pub fn run() -> tauri::Result<()> {
            ipc::save_config,
            ipc::launch_terminal,
            ipc::get_setup_errors,
            ipc::exit,
        ])
        .setup(|app| {
            let res = rt::block_on(setup(app));
--- a/src-tauri/src/credentials/aws.rs
+++ b/src-tauri/src/credentials/aws.rs
@ -12,19 +12,26 @@ use serde::{
 };
 use serde::de::{self, Visitor};
 use sqlx::{
-    SqlitePool,
+    FromRow,
    Sqlite,
    Transaction,
    types::Uuid,
 };
 use sqlx::error::{
    Error as SqlxError,
 };
 use tokio_stream::StreamExt;
-use super::{Credential, Crypto, SaveCredential, PersistentCredential};
+use super::{Credential, Crypto, PersistentCredential};
 use crate::errors::*;
 #[derive(Debug, Clone, FromRow)]
 pub struct AwsRow {
    id: Uuid,
    access_key_id: String,
    secret_key_enc: Vec<u8>,
    nonce: Vec<u8>,
 }
 #[derive(Clone, Debug, Eq, PartialEq, Serialize, Deserialize)]
 #[serde(rename_all = "PascalCase")]
 pub struct AwsBaseCredential {
@ -42,84 +49,39 @@ impl AwsBaseCredential {
 }
 impl PersistentCredential for AwsBaseCredential {
-    async fn save(&self, id: &Uuid, name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
+    type Row = AwsRow;
    fn type_name() -> &'static str { "aws" }
    fn into_credential(self) -> Credential { Credential::AwsBase(self) }
    fn row_id(row: &AwsRow) -> Uuid { row.id }
    fn from_row(row: AwsRow, crypto: &Crypto) -> Result<Self, LoadCredentialsError> {
        let nonce = XNonce::clone_from_slice(&row.nonce);
        let secret_key_bytes = crypto.decrypt(&nonce, &row.secret_key_enc)?;
        let secret_key = String::from_utf8(secret_key_bytes)
            .map_err(|_| LoadCredentialsError::InvalidData)?;
        Ok(Self::new(row.access_key_id, secret_key))
    }
    async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError> {
        let (nonce, ciphertext) = crypto.encrypt(self.secret_access_key.as_bytes())?;
        let nonce_bytes = &nonce.as_slice();
-        let res = sqlx::query!(
+
-            "INSERT INTO credentials (id, name, type, created_at)
+        sqlx::query!(
-            VALUES (?, ?, 'aws', strftime('%s'))
+            "INSERT OR REPLACE INTO aws_credentials (
            ON CONFLICT(id) DO UPDATE SET
                name = excluded.name,
                type = excluded.type,
                created_at = excluded.created_at;
            INSERT OR REPLACE INTO aws_credentials (
                id,
                access_key_id,
                secret_key_enc,
                nonce
            ) 
            VALUES (?, ?, ?, ?);",
-            id,
+            id, self.access_key_id, ciphertext, nonce_bytes,
-            name,
+        ).execute(&mut **txn).await?;
            id, // for the second query
            self.access_key_id,
            ciphertext,
            nonce_bytes,
        ).execute(pool).await;
-        match res {
+        Ok(())
            Err(SqlxError::Database(e)) if e.code().as_deref() == Some("2067") => Err(SaveCredentialsError::Duplicate),
            Err(e) => Err(SaveCredentialsError::DbError(e)),
            Ok(_) => Ok(())
        }
    }
    async fn load(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
        let row = sqlx::query!(
            "SELECT c.name, a.access_key_id, a.secret_key_enc, a.nonce
            FROM credentials c JOIN aws_credentials a ON a.id = c.id
            WHERE c.name = ?",
            name
            ).fetch_optional(pool)
            .await?
            .ok_or(LoadCredentialsError::NoCredentials)?;
        let nonce = XNonce::clone_from_slice(&row.nonce);
        let secret_key_bytes = crypto.decrypt(&nonce, &row.secret_key_enc)?;
        let secret_key = String::from_utf8(secret_key_bytes)
            .map_err(|_| LoadCredentialsError::InvalidData)?;
        Ok(AwsBaseCredential::new(row.access_key_id, secret_key))
    }
    async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<SaveCredential>, LoadCredentialsError> {
        let mut rows = sqlx::query!(
            "SELECT c.id, c.name, a.access_key_id, a.secret_key_enc, a.nonce
            FROM credentials c JOIN aws_credentials a ON a.id = c.id"
        ).fetch(pool);
        let mut creds = Vec::new();
        while let Some(row) = rows.try_next().await? {
            let nonce = XNonce::clone_from_slice(&row.nonce);
            let secret_key_bytes = crypto.decrypt(&nonce, &row.secret_key_enc)?;
            let secret_key = String::from_utf8(secret_key_bytes)
                .map_err(|_| LoadCredentialsError::InvalidData)?;
            let aws = AwsBaseCredential::new(row.access_key_id, secret_key);
            let id = Uuid::from_slice(&row.id)
                .map_err(|_| LoadCredentialsError::InvalidData)?;
            let cred = SaveCredential {
                id,
                name: row.name,
                credential: Credential::AwsBase(aws),
            };
            creds.push(cred);
        }
        Ok(creds)
    }
 }
@ -223,16 +185,18 @@ where S: Serializer
 #[cfg(test)]
 mod tests {
    use super::*;
    use sqlx::SqlitePool;
    use sqlx::types::uuid::uuid;
-    fn test_creds() -> AwsBaseCredential {
+    fn creds() -> AwsBaseCredential {
        AwsBaseCredential::new(
            "AKIAIOSFODNN7EXAMPLE".into(),
            "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
        )
    }
-    fn test_creds_2() -> AwsBaseCredential {
+    fn creds_2() -> AwsBaseCredential {
        AwsBaseCredential::new(
            "AKIAIOSFODNN7EXAMPL2".into(),
            "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE2".into(),
@ -253,93 +217,42 @@ mod tests {
    }
    #[sqlx::test]
    async fn test_save(pool: SqlitePool) {
        let crypt = Crypto::random();
        test_creds().save(&test_uuid_random(), "test", &crypt, &pool).await
            .expect("Failed to save AWS credentials");
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_overwrite(pool: SqlitePool) {
        let crypt = Crypto::fixed();
        let creds = test_creds_2();
        // overwite original creds with different test data
        creds.save(&test_uuid(), "test", &crypt, &pool).await
            .expect("Failed to update AWS credentials");
        // make sure update went through
        let loaded = AwsBaseCredential::load("test", &crypt, &pool).await.unwrap();
        assert_eq!(creds, loaded);
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_duplicate_name(pool: SqlitePool) {
        let crypt = Crypto::random();
        let id = test_uuid_random();
        let resp = test_creds().save(&id, "test", &crypt, &pool).await;
        if !matches!(resp, Err(SaveCredentialsError::Duplicate)) {
            panic!("Attempt to create duplicate entry returned {resp:?}")
        }
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_load(pool: SqlitePool) {
        let crypt = Crypto::fixed();
-        let loaded = AwsBaseCredential::load("test", &crypt, &pool).await.unwrap();
+        let id = uuid!("00000000-0000-0000-0000-000000000000");
-        assert_eq!(test_creds(), loaded);
+        let loaded = AwsBaseCredential::load(&id, &crypt, &pool).await.unwrap();
        assert_eq!(creds(), loaded);
    }
-    #[sqlx::test]
+    #[sqlx::test(fixtures("aws_credentials"))]
-    async fn test_save_load(pool: SqlitePool) {
+    async fn test_load_by_name(pool: SqlitePool) {
-        let crypt = Crypto::random();
+        let crypt = Crypto::fixed();
-        let creds = test_creds();
+        let loaded = AwsBaseCredential::load_by_name("test2", &crypt, &pool).await.unwrap();
-        creds.save(&test_uuid_random(), "test", &crypt, &pool).await.unwrap();
+        assert_eq!(creds_2(), loaded);
        let loaded = AwsBaseCredential::load("test", &crypt, &pool).await.unwrap();
        assert_eq!(creds, loaded);
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_load_default(pool: SqlitePool) {
        let crypt = Crypto::fixed();
        let loaded = AwsBaseCredential::load_default(&crypt, &pool).await.unwrap();
        assert_eq!(creds(), loaded)
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_list(pool: SqlitePool) {
        let crypt = Crypto::fixed();
-        let list = AwsBaseCredential::list(&crypt, &pool).await
+        let list: Vec<_> = AwsBaseCredential::list(&crypt, &pool)
-            .expect("Failed to list AWS credentials");
+            .await
            .expect("Failed to load credentials")
            .into_iter()
            .map(|(_, cred)| cred)
            .collect();
-        let first = SaveCredential {
+        assert_eq!(&creds().into_credential(), &list[0]);
-            id: test_uuid(),
+        assert_eq!(&creds_2().into_credential(), &list[1]);
-            name: "test".into(),
+    }   
            credential: Credential::AwsBase(test_creds()),
        };
        assert_eq!(&first, &list[0]);
        let second = SaveCredential {
            id: test_uuid_2(),
            name: "test2".into(),
            credential: Credential::AwsBase(test_creds_2()),
        };
        assert_eq!(&second, &list[1]);
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_rekey(pool: SqlitePool) {
        let old_crypt = Crypto::fixed();
        let orig = AwsBaseCredential::list(&old_crypt, &pool).await.unwrap();
        let new_crypt = Crypto::random();
        AwsBaseCredential::rekey(&old_crypt, &new_crypt, &pool).await
            .expect("Failed to re-key AWS credentials");
        let rekeyed = AwsBaseCredential::list(&new_crypt, &pool).await.unwrap();
        for (before, after) in orig.iter().zip(rekeyed.iter()) {
            assert_eq!(before, after);
        }
    }
 }
--- a/src-tauri/src/credentials/crypto.rs
+++ b/src-tauri/src/credentials/crypto.rs
@ -0,0 +1,116 @@
 use std::fmt::{Debug, Formatter};
 use argon2::{
    Argon2,
    Algorithm,
    Version,
    ParamsBuilder,
    password_hash::rand_core::{RngCore, OsRng},
 };
 use chacha20poly1305::{
    XChaCha20Poly1305,
    XNonce,
    aead::{
        Aead,
        AeadCore,
        KeyInit,
        generic_array::GenericArray,
    },
 };
 use crate::errors::*;
 #[derive(Clone)]
 pub struct Crypto {
    cipher: XChaCha20Poly1305,
 }
 impl Crypto {
    /// Argon2 params rationale:
    ///
    /// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB.
    /// This should roughly double the memory usage of the application
    /// while deriving the key.
    ///
    /// p_cost is irrelevant since (at present) there isn't any parallelism
    /// implemented, so we leave it at 1.
    ///
    /// With the above m_cost, t_cost = 8 results in about 800ms to derive
    /// a key on my (somewhat older) CPU. This is probably overkill, but
    /// given that it should only have to happen ~once a day for most 
    /// usage, it should be acceptable.
    #[cfg(not(debug_assertions))]
    const MEM_COST: u32 = 128 * 1024;
    #[cfg(not(debug_assertions))]
    const TIME_COST: u32 = 8;
    /// But since this takes a million years without optimizations,
    /// we turn it way down in debug builds.
    #[cfg(debug_assertions)]
    const MEM_COST: u32 = 48 * 1024;
    #[cfg(debug_assertions)]
    const TIME_COST: u32 = 1;
    pub fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> {
        let params = ParamsBuilder::new()
            .m_cost(Self::MEM_COST)
            .p_cost(1)
            .t_cost(Self::TIME_COST)
            .build()
            .unwrap(); // only errors if the given params are invalid
        let hasher = Argon2::new(
            Algorithm::Argon2id,
            Version::V0x13,
            params,
        );
        let mut key = [0; 32];
        hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?;
        let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
        Ok(Crypto { cipher })
    }
    #[cfg(test)]
    pub fn random() -> Crypto {
        // salt and key are the same length, so we can just use this
        let key = Crypto::salt();
        let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
        Crypto { cipher }
    }
    #[cfg(test)]
    pub fn fixed() -> Crypto {
        let key = [
            1u8, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
            17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
        ];
        let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
        Crypto { cipher }
    }
    pub fn salt() -> [u8; 32] {
        let mut salt = [0; 32];
        OsRng.fill_bytes(&mut salt);
        salt
    }
    pub fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), CryptoError> {
        let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng);
        let ciphertext = self.cipher.encrypt(&nonce, data)?;
        Ok((nonce, ciphertext))
    }
    pub fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, CryptoError> {
        let plaintext = self.cipher.decrypt(nonce, data)?;
        Ok(plaintext)
    }
 }
 impl Debug for Crypto {
    fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), std::fmt::Error> {
        write!(f, "Crypto {{ [...] }}")
    }
 }
--- a/src-tauri/src/credentials/fixtures/aws_credentials.sql
+++ b/src-tauri/src/credentials/fixtures/aws_credentials.sql
@ -1,7 +1,7 @@
-INSERT INTO credentials (id, name, type, created_at)
+INSERT INTO credentials (id, name, credential_type, is_default, created_at)
 VALUES
-    (X'00000000000000000000000000000000', 'test', 'aws', strftime('%s')),
+    (X'00000000000000000000000000000000', 'test', 'aws', 1, strftime('%s')),
-    (X'ffffffffffffffffffffffffffffffff', 'test2', 'aws', strftime('%s'));
+    (X'ffffffffffffffffffffffffffffffff', 'test2', 'aws', 0, strftime('%s'));
 INSERT INTO aws_credentials (id, access_key_id, secret_key_enc, nonce)
 VALUES 
--- a/src-tauri/src/credentials/mod.rs
+++ b/src-tauri/src/credentials/mod.rs
@ -1,313 +1,116 @@
-use std::fmt::{self, Debug, Formatter};
+use serde::{Serialize, Deserialize};
-
+use sqlx::{
-use argon2::{
+    FromRow,
-    Argon2,
+    Sqlite,
-    Algorithm,
+    SqlitePool,
-    Version,
+    sqlite::SqliteRow,
-    ParamsBuilder,
+    Transaction,
-    password_hash::rand_core::{RngCore, OsRng},
+    types::Uuid,
 };
-use chacha20poly1305::{
+use tokio_stream::StreamExt;
    XChaCha20Poly1305,
    XNonce,
    aead::{
        Aead,
        AeadCore,
        KeyInit,
        generic_array::GenericArray,
    },
 };
 use serde::{
    Serialize,
    Deserialize,
    Serializer,
    Deserializer,
 };
 use serde::de::{self, Visitor};
 use sqlx::SqlitePool;
 use sqlx::types::Uuid;
 use crate::errors::*;
 use crate::kv;
 mod aws;
 pub use aws::{AwsBaseCredential, AwsSessionCredential};
 mod record;
 pub use record::CredentialRecord;
 mod session;
 pub use session::AppSession;
 mod crypto;
 pub use crypto::Crypto;
 #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
 #[serde(tag = "type")]
 pub enum Credential {
    AwsBase(AwsBaseCredential),
    AwsSession(AwsSessionCredential),
 }
 // we need a special type for listing structs because 
 #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
 pub struct SaveCredential {
    #[serde(serialize_with = "serialize_uuid")]
    #[serde(deserialize_with = "deserialize_uuid")]
    id: Uuid, // UUID so it can be generated on the frontend
    name: String, // user-facing identifier so it can be changed
    credential: Credential,
 }
 impl SaveCredential {
    pub async fn save(&self, crypt: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
        let cred = match &self.credential {
            Credential::AwsBase(b) => b,
            Credential::AwsSession(_) => return Err(SaveCredentialsError::NotPersistent),
        };
        cred.save(&self.id, &self.name, crypt, pool).await
    }
 }
 fn serialize_uuid<S: Serializer>(u: &Uuid, s: S) -> Result<S::Ok, S::Error> {
    let mut buf = Vec::new();
    s.serialize_str(u.as_hyphenated().encode_lower(&mut buf))
 }
 struct UuidVisitor;
 impl<'de> Visitor<'de> for UuidVisitor {
    type Value = Uuid;
    fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
        write!(formatter, "a hyphenated UUID")
    }
    fn visit_str<E: de::Error>(self, v: &str) -> Result<Uuid, E> {
        Uuid::try_parse(v)
            .map_err(|_| E::custom(format!("Could not interpret string as UUID: {v}")))
    }
 }
 fn deserialize_uuid<'de, D: Deserializer<'de>>(ds: D) -> Result<Uuid, D::Error> {
    ds.deserialize_str(UuidVisitor)
 }
 pub trait PersistentCredential: for<'a> Deserialize<'a> + Sized {
-    async fn load(name: &str, crypt: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError>;
+    type Row: Send + Unpin + for<'r> FromRow<'r, SqliteRow>;
    async fn list(crypt: &Crypto, pool: &SqlitePool) -> Result<Vec<SaveCredential>, LoadCredentialsError>;
    async fn save(&self, id: &Uuid, name: &str, crypt: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError>;
-    async fn rekey(old: &Crypto, new: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
+    fn type_name() -> &'static str;
        for cred in Self::list(old, pool).await? {
            cred.save(new, pool).await?;
        }
        Ok(())
    }
 }
    fn into_credential(self) -> Credential;
-#[derive(Clone, Debug)]
+    fn row_id(row: &Self::Row) -> Uuid;
 pub enum AppSession {
    Unlocked {
        salt: [u8; 32],
        crypto: Crypto,
    },
    Locked {
        salt: [u8; 32],
        verify_nonce: XNonce,
        verify_blob: Vec<u8>
    },
    Empty,
 }
-impl AppSession {
+    fn from_row(row: Self::Row, crypto: &Crypto) -> Result<Self, LoadCredentialsError>;
-    pub fn new(passphrase: &str) -> Result<Self, CryptoError> {
+
-        let salt = Crypto::salt();
+    // save_details needs to be implemented per-type because we don't know the number of parameters in advance
-        let crypto = Crypto::new(passphrase, &salt)?;
+    async fn save_details(&self, id: &Uuid, crypto: &Crypto, txn: &mut Transaction<'_, Sqlite>) -> Result<(), SaveCredentialsError>;
-        Ok(Self::Unlocked {salt, crypto})
+
    fn table_name() -> String {
        format!("{}_credentials", Self::type_name())
    }
-    pub fn unlock(&mut self, passphrase: &str) -> Result<(), UnlockError> {
+    async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
-        let (salt, nonce, blob) = match self {
+        let q = format!("SELECT * FROM {} WHERE id = ?", Self::table_name());
-            Self::Empty => return Err(UnlockError::NoCredentials),
+        let row: Self::Row = sqlx::query_as(&q)
-            Self::Unlocked {..} => return Err(UnlockError::NotLocked),
+            .bind(id)
-            Self::Locked {salt, verify_nonce, verify_blob} => (salt, verify_nonce, verify_blob),
+            .fetch_optional(pool)
-        };
+            .await?
            .ok_or(LoadCredentialsError::NoCredentials)?;
-        let crypto = Crypto::new(passphrase, salt)
+        Self::from_row(row, crypto)
            .map_err(|e| CryptoError::Argon2(e))?;
        // if passphrase is incorrect, this will fail
        let _verify = crypto.decrypt(&nonce, &blob)?;
        *self = Self::Unlocked {crypto, salt: *salt};
        Ok(())
    }
-    pub async fn load(pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
+    async fn load_by_name(name: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
-        match kv::load_bytes_multi!(pool, "salt", "verify_nonce", "verify_blob").await? {
+        let q = format!(
-            Some((salt, nonce, blob)) => {
+            "SELECT * FROM {} WHERE id = (SELECT id FROM credentials WHERE name = ?)",
-
+            Self::table_name(),
                Ok(Self::Locked {
                    salt: salt.try_into().map_err(|_| LoadCredentialsError::InvalidData)?,
                    // note: replace this with try_from at some point
                    verify_nonce: XNonce::clone_from_slice(&nonce),
                    verify_blob: blob,
                })
            },
            None => Ok(Self::Empty),
        }
    }
    pub async fn save(&self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
        match self {
            Self::Unlocked {salt, crypto} => {
                let (nonce, blob) = crypto.encrypt(b"correct horse battery staple")?;
                kv::save_bytes(pool, "salt", salt).await?;
                kv::save_bytes(pool, "verify_nonce", &nonce.as_slice()).await?;
                kv::save_bytes(pool, "verify_blob", &blob).await?;
            },
            Self::Locked {salt, verify_nonce, verify_blob} => {
                kv::save_bytes(pool, "salt", salt).await?;
                kv::save_bytes(pool, "verify_nonce", &verify_nonce.as_slice()).await?;
                kv::save_bytes(pool, "verify_blob", verify_blob).await?;
            },
            // "saving" an empty session just means doing nothing
            Self::Empty => (),
        };
        Ok(())
    }
    pub fn try_get_crypto(&self) -> Result<&Crypto, GetCredentialsError> {
        match self {
            Self::Empty => Err(GetCredentialsError::Empty),
            Self::Locked {..} => Err(GetCredentialsError::Locked),
            Self::Unlocked {crypto, ..} => Ok(crypto),
        }
    }
    pub fn try_encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), GetCredentialsError> {
        let crypto = match self {
            Self::Empty => return Err(GetCredentialsError::Empty),
            Self::Locked {..} => return Err(GetCredentialsError::Locked),
            Self::Unlocked {crypto, ..} => crypto,
        };
        let res = crypto.encrypt(data)?;
        Ok(res)
    }
    pub fn try_decrypt(&self, nonce: XNonce, data: &[u8]) -> Result<Vec<u8>, GetCredentialsError> {
        let crypto = match self {
            Self::Empty => return Err(GetCredentialsError::Empty),
            Self::Locked {..} => return Err(GetCredentialsError::Locked),
            Self::Unlocked {crypto, ..} => crypto,
        };
        let res = crypto.decrypt(&nonce, data)?;
        Ok(res)
    }
 }
 #[derive(Clone)]
 pub struct Crypto {
    cipher: XChaCha20Poly1305,
 }
 impl Crypto {
    /// Argon2 params rationale:
    ///
    /// m_cost is measured in KiB, so 128 * 1024 gives us 128MiB.
    /// This should roughly double the memory usage of the application
    /// while deriving the key.
    ///
    /// p_cost is irrelevant since (at present) there isn't any parallelism
    /// implemented, so we leave it at 1.
    ///
    /// With the above m_cost, t_cost = 8 results in about 800ms to derive
    /// a key on my (somewhat older) CPU. This is probably overkill, but
    /// given that it should only have to happen ~once a day for most 
    /// usage, it should be acceptable.
    #[cfg(not(debug_assertions))]
    const MEM_COST: u32 = 128 * 1024;
    #[cfg(not(debug_assertions))]
    const TIME_COST: u32 = 8;
    /// But since this takes a million years without optimizations,
    /// we turn it way down in debug builds.
    #[cfg(debug_assertions)]
    const MEM_COST: u32 = 48 * 1024;
    #[cfg(debug_assertions)]
    const TIME_COST: u32 = 1;
    fn new(passphrase: &str, salt: &[u8]) -> argon2::Result<Crypto> {
        let params = ParamsBuilder::new()
            .m_cost(Self::MEM_COST)
            .p_cost(1)
            .t_cost(Self::TIME_COST)
            .build()
            .unwrap(); // only errors if the given params are invalid
        let hasher = Argon2::new(
            Algorithm::Argon2id,
            Version::V0x13,
            params,
        );
        let row: Self::Row = sqlx::query_as(&q)
            .bind(name)
            .fetch_optional(pool)
            .await?
            .ok_or(LoadCredentialsError::NoCredentials)?;
-        let mut key = [0; 32];
+        Self::from_row(row, crypto)
        hasher.hash_password_into(passphrase.as_bytes(), &salt, &mut key)?;
        let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
        Ok(Crypto { cipher })
    }
-    #[cfg(test)]
+    async fn load_default(crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
-    pub fn random() -> Crypto {
+        let q = format!(
-        // salt and key are the same length, so we can just use this
+            "SELECT details.*
-        let key = Crypto::salt();
+            FROM {} details
-        let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
+                JOIN credentials c
-        Crypto { cipher }
+                    ON c.id = details.id
                    AND c.is_default = 1",
            Self::table_name(),
        );
        let row: Self::Row = sqlx::query_as(&q)
            .fetch_optional(pool)
            .await?
            .ok_or(LoadCredentialsError::NoCredentials)?;
        Self::from_row(row, crypto)
    }
-    #[cfg(test)]
+    async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<(Uuid, Credential)>, LoadCredentialsError> {
-    pub fn fixed() -> Crypto {
+        let q = format!(
-        let key = [
+            "SELECT details.*
-            1u8, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16,
+            FROM 
-            17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32,
+                {} details
-        ];
+                JOIN credentials c
                    ON c.id = details.id
             ORDER BY c.created_at", 
             Self::table_name(),
        );
        let mut rows = sqlx::query_as::<_, Self::Row>(&q).fetch(pool);
        let mut creds = Vec::new();
        while let Some(row) = rows.try_next().await? {
            let id = Self::row_id(&row);
            let cred = Self::from_row(row, crypto)?.into_credential();
            creds.push((id, cred));
        }
-        let cipher = XChaCha20Poly1305::new(GenericArray::from_slice(&key));
+        Ok(creds)
        Crypto { cipher }
    }
    fn salt() -> [u8; 32] {
        let mut salt = [0; 32];
        OsRng.fill_bytes(&mut salt);
        salt
    }
    fn encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), CryptoError> {
        let nonce = XChaCha20Poly1305::generate_nonce(&mut OsRng);
        let ciphertext = self.cipher.encrypt(&nonce, data)?;
        Ok((nonce, ciphertext))
    }
    fn decrypt(&self, nonce: &XNonce, data: &[u8]) -> Result<Vec<u8>, CryptoError> {
        let plaintext = self.cipher.decrypt(nonce, data)?;
        Ok(plaintext)
    }
 }
 impl Debug for Crypto {
    fn fmt(&self, f: &mut Formatter<'_>) -> Result<(), std::fmt::Error> {
        write!(f, "Crypto {{ [...] }}")
    }
 }
 // #[cfg(test)]
 // mod tests {
 //     use super::*;
 //     #[sqlx::test(fixtures("uuid_test"))]
 //     async fn save_uuid(pool: SqlitePool) {
 //         let u = Uuid::try_parse("7140b90c-bfbd-4394-9008-01b94f94ecf8").unwrap();
 //         sqlx::query!("INSERT INTO uuids (uuid) VALUES (?)", u).execute(pool).unwrap();
 //         panic!("done, go check db");
 //     }
 // }
--- a/src-tauri/src/credentials/record.rs
+++ b/src-tauri/src/credentials/record.rs
@ -0,0 +1,410 @@
 use std::collections::HashMap;
 use std::fmt::{self, Debug, Formatter};
 use serde::{
    Serialize,
    Deserialize,
    Serializer,
    Deserializer,
 };
 use serde::de::{self, Visitor};
 use sqlx::{
    Error as SqlxError,
    FromRow,
    SqlitePool,
    types::Uuid,
 };
 use tokio_stream::StreamExt;
 use crate::errors::*;
 use super::{
    AwsBaseCredential,
    Credential,
    Crypto,
    PersistentCredential,
 };
 #[derive(Debug, Clone, FromRow)]
 struct CredentialRow {
    id: Uuid,
    name: String,
    credential_type: String,
    is_default: bool,
    created_at: i64,
 }
 #[derive(Debug, Clone, Eq, PartialEq, Serialize, Deserialize)]
 pub struct CredentialRecord {
    #[serde(serialize_with = "serialize_uuid")]
    #[serde(deserialize_with = "deserialize_uuid")]
    id: Uuid, // UUID so it can be generated on the frontend
    name: String, // user-facing identifier so it can be changed
    is_default: bool,
    credential: Credential,
 }
 impl CredentialRecord {
    pub async fn save(&self, crypto: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
        let type_name = match &self.credential {
            Credential::AwsBase(_) => AwsBaseCredential::type_name(),
            _ => return Err(SaveCredentialsError::NotPersistent),
        };
        // if the credential being saved is default, make sure it's the only default of its type
        let mut txn = pool.begin().await?;
        if self.is_default {
            sqlx::query!(
                "UPDATE credentials SET is_default = 0 WHERE credential_type = ?",
                type_name
            ).execute(&mut *txn).await?;
        }
        // save to parent credentials table
        let res = sqlx::query!(
            "INSERT INTO credentials (id, name, credential_type, is_default, created_at)
            VALUES (?, ?, ?, ?, strftime('%s'))
            ON CONFLICT(id) DO UPDATE SET
                name = excluded.name,
                credential_type = excluded.credential_type,
                is_default = excluded.is_default",
            self.id, self.name, type_name, self.is_default
        ).execute(&mut *txn).await;
        // if id is unique, but name is not, we will get an error
        // (if id is not unique, this becomes an upsert due to ON CONFLICT clause)
        match res {
            Err(SqlxError::Database(e)) if e.is_unique_violation() => Err(SaveCredentialsError::Duplicate),
            Err(e) => Err(SaveCredentialsError::DbError(e)),
            Ok(_) => Ok(())
        }?;
        // save credential details to child table
        match &self.credential {
            Credential::AwsBase(b) => b.save_details(&self.id, crypto, &mut txn).await,
            _ => Err(SaveCredentialsError::NotPersistent),
        }?;
        // make it real
        txn.commit().await?;
        Ok(())
    }
    fn from_parts(row: CredentialRow, credential: Credential) -> Self {
        CredentialRecord {
            id: row.id,
            name: row.name,
            is_default: row.is_default,
            credential,
        }
    }
    async fn load_credential(row: CredentialRow, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
        let credential = match row.credential_type.as_str() {
            "aws" => Credential::AwsBase(AwsBaseCredential::load(&row.id, crypto, pool).await?),
            _ => return Err(LoadCredentialsError::InvalidData),
        };
        Ok(Self::from_parts(row, credential))
    }
    pub async fn load(id: &Uuid, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
        let row: CredentialRow = sqlx::query_as("SELECT * FROM credentials WHERE id = ?")
            .bind(id)
            .fetch_optional(pool)
            .await?
            .ok_or(LoadCredentialsError::NoCredentials)?;
        Self::load_credential(row, crypto, pool).await
    }
    pub async fn load_default(credential_type: &str, crypto: &Crypto, pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
        let row: CredentialRow = sqlx::query_as(
            "SELECT * FROM credentials 
            WHERE credential_type = ? AND is_default = 1"
        ).bind(credential_type)
            .fetch_optional(pool)
            .await?
            .ok_or(LoadCredentialsError::NoCredentials)?;
        Self::load_credential(row, crypto, pool).await
    }
    pub async fn list(crypto: &Crypto, pool: &SqlitePool) -> Result<Vec<Self>, LoadCredentialsError> {
        let mut parent_rows = sqlx::query_as::<_, CredentialRow>(
            "SELECT * FROM credentials"
        ).fetch(pool);
        let mut parent_map = HashMap::new();
        while let Some(row) = parent_rows.try_next().await? {
            parent_map.insert(row.id, row);
        }
        let mut records = Vec::with_capacity(parent_map.len());
        for (id, credential) in AwsBaseCredential::list(crypto, pool).await? {
            let parent = parent_map.remove(&id)
                .ok_or(LoadCredentialsError::InvalidData)?;
            records.push(Self::from_parts(parent, credential));
        }
        Ok(records)
    }
    pub async fn rekey(old: &Crypto, new: &Crypto, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
        for record in Self::list(old, pool).await? {
            record.save(new, pool).await?;
        }
        Ok(())
    }
 }
 fn serialize_uuid<S: Serializer>(u: &Uuid, s: S) -> Result<S::Ok, S::Error> {
    let mut buf = Uuid::encode_buffer();
    s.serialize_str(u.as_hyphenated().encode_lower(&mut buf))
 }
 struct UuidVisitor;
 impl<'de> Visitor<'de> for UuidVisitor {
    type Value = Uuid;
    fn expecting(&self, formatter: &mut Formatter) -> fmt::Result {
        write!(formatter, "a hyphenated UUID")
    }
    fn visit_str<E: de::Error>(self, v: &str) -> Result<Uuid, E> {
        Uuid::try_parse(v)
            .map_err(|_| E::custom(format!("Could not interpret string as UUID: {v}")))
    }
 }
 fn deserialize_uuid<'de, D: Deserializer<'de>>(ds: D) -> Result<Uuid, D::Error> {
    ds.deserialize_str(UuidVisitor)
 }
 #[cfg(test)]
 mod tests {
    use super::*;
    use sqlx::types::uuid::uuid;
    fn aws_record() -> CredentialRecord {
        let id = uuid!("00000000-0000-0000-0000-000000000000");
        let aws = AwsBaseCredential::new(
            "AKIAIOSFODNN7EXAMPLE".into(),
            "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY".into(),
        );
        CredentialRecord {
            id,
            name: "test".into(),
            is_default: true,
            credential: Credential::AwsBase(aws),
        }
    }
    fn aws_record_2() -> CredentialRecord {
        let id = uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff");
        let aws = AwsBaseCredential::new(
            "AKIAIOSFODNN7EXAMPL2".into(),
            "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKE2".into(),
        );
        CredentialRecord {
            id,
            name: "test2".into(),
            is_default: false,
            credential: Credential::AwsBase(aws),
        }
    }
    fn random_uuid() -> Uuid {
        let bytes = Crypto::salt();
        Uuid::from_slice(&bytes[..16]).unwrap()
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_load_aws(pool: SqlitePool) {
        let crypt = Crypto::fixed();
        let id = uuid!("00000000-0000-0000-0000-000000000000");
        let loaded = CredentialRecord::load(&id, &crypt, &pool).await
            .expect("Failed to load record");
        assert_eq!(aws_record(), loaded);
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_load_aws_default(pool: SqlitePool) {
        let crypt = Crypto::fixed();
        let loaded = CredentialRecord::load_default("aws", &crypt, &pool).await
            .expect("Failed to load record");
        assert_eq!(aws_record(), loaded);
    }
    #[sqlx::test]
    async fn test_save_aws(pool: SqlitePool) {
        let crypt = Crypto::random();
        let mut record = aws_record();
        record.id = random_uuid();
        aws_record().save(&crypt, &pool).await
            .expect("Failed to save record");
    }
    #[sqlx::test]
    async fn test_save_load(pool: SqlitePool) {
        let crypt = Crypto::random();
        let mut record = aws_record();
        record.id = random_uuid();
        record.save(&crypt, &pool).await
            .expect("Failed to save record");
        let loaded = CredentialRecord::load(&record.id, &crypt, &pool).await
            .expect("Failed to load record");
        assert_eq!(record, loaded);
    }
    #[sqlx::test]
    async fn test_overwrite_aws(pool: SqlitePool) {
        let crypt = Crypto::fixed();
        let original = aws_record();
        original.save(&crypt, &pool).await
            .expect("Failed to save first record");
        let mut updated = aws_record_2();
        updated.id = original.id;
        updated.save(&crypt, &pool).await
            .expect("Failed to overwrite first record with second record");
        // make sure update went through
        let loaded = CredentialRecord::load(&updated.id, &crypt, &pool).await.unwrap();
        assert_eq!(updated, loaded);
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_duplicate_name(pool: SqlitePool) {
        let crypt = Crypto::random();
        let mut record = aws_record();
        record.id = random_uuid();
        let resp = record.save(&crypt, &pool).await;
        if !matches!(resp, Err(SaveCredentialsError::Duplicate)) {
            panic!("Attempt to create duplicate entry returned {resp:?}")
        }
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_change_default(pool: SqlitePool) {
        let crypt = Crypto::fixed();
        let id = uuid!("ffffffff-ffff-ffff-ffff-ffffffffffff");
        // confirm that record as it currently exists in the database is not default
        let mut record = CredentialRecord::load(&id, &crypt, &pool).await
            .expect("Failed to load record");
        assert!(!record.is_default);
        record.is_default = true;
        record.save(&crypt, &pool).await
            .expect("Failed to save record");
        let loaded = CredentialRecord::load(&id, &crypt, &pool).await
            .expect("Failed to re-load record");
        assert!(loaded.is_default);
        let other_id = uuid!("00000000-0000-0000-0000-000000000000");
        let other_loaded = CredentialRecord::load(&other_id, &crypt, &pool).await
            .expect("Failed to load other credential");
        assert!(!other_loaded.is_default);
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_list(pool: SqlitePool) {
        let crypt = Crypto::fixed();
        let records = CredentialRecord::list(&crypt, &pool).await
            .expect("Failed to list credentials");
        assert_eq!(aws_record(), records[0]);
        assert_eq!(aws_record_2(), records[1]);
    }
    #[sqlx::test(fixtures("aws_credentials"))]
    async fn test_rekey(pool: SqlitePool) {
        let old = Crypto::fixed();
        let new = Crypto::random();
        CredentialRecord::rekey(&old, &new, &pool).await
            .expect("Failed to rekey credentials");
        let records = CredentialRecord::list(&new, &pool).await
            .expect("Failed to re-list credentials");
        assert_eq!(aws_record(), records[0]);
        assert_eq!(aws_record_2(), records[1]);
    }
 }
 #[cfg(test)]
 mod uuid_tests {
    use super::*;
    use sqlx::types::uuid::uuid;
    #[derive(Debug, Eq, PartialEq, Serialize, Deserialize)]
    struct UuidWrapper {
        #[serde(serialize_with = "serialize_uuid")]
        #[serde(deserialize_with = "deserialize_uuid")]
        id: Uuid,
    }
    #[test]
    fn test_serialize_uuid() {
        let u = UuidWrapper {
            id: uuid!("693f84d2-4c1b-41e5-8483-cbe178324e04")
        };
        let computed = serde_json::to_string(&u).unwrap();
        assert_eq!(
            "{\"id\":\"693f84d2-4c1b-41e5-8483-cbe178324e04\"}",
            &computed,
        );
    }
    #[test]
    fn test_deserialize_uuid() {
        let s = "{\"id\":\"045bd359-8630-4b76-9b7d-e4a86ed2222c\"}";
        let computed = serde_json::from_str(s).unwrap();
        let expected = UuidWrapper {
            id: uuid!("045bd359-8630-4b76-9b7d-e4a86ed2222c"),
        };
        assert_eq!(expected, computed);
    }
    #[test]
    fn test_serialize_deserialize_uuid() {
        let buf = Crypto::salt();
        let expected = UuidWrapper{ 
            id: Uuid::from_slice(&buf[..16]).unwrap()
        };
        let serialized = serde_json::to_string(&expected).unwrap();
        let computed = serde_json::from_str(&serialized).unwrap();
        assert_eq!(expected, computed)
    }
 }
--- a/src-tauri/src/credentials/session.rs
+++ b/src-tauri/src/credentials/session.rs
@ -0,0 +1,120 @@
 use chacha20poly1305::XNonce;
 use sqlx::SqlitePool;
 use crate::errors::*;
 use crate::kv;
 use super::Crypto;
 #[derive(Clone, Debug)]
 pub enum AppSession {
    Unlocked {
        salt: [u8; 32],
        crypto: Crypto,
    },
    Locked {
        salt: [u8; 32],
        verify_nonce: XNonce,
        verify_blob: Vec<u8>
    },
    Empty,
 }
 impl AppSession {
    pub fn new(passphrase: &str) -> Result<Self, CryptoError> {
        let salt = Crypto::salt();
        let crypto = Crypto::new(passphrase, &salt)?;
        Ok(Self::Unlocked {salt, crypto})
    }
    pub fn unlock(&mut self, passphrase: &str) -> Result<(), UnlockError> {
        let (salt, nonce, blob) = match self {
            Self::Empty => return Err(UnlockError::NoCredentials),
            Self::Unlocked {..} => return Err(UnlockError::NotLocked),
            Self::Locked {salt, verify_nonce, verify_blob} => (salt, verify_nonce, verify_blob),
        };
        let crypto = Crypto::new(passphrase, salt)
            .map_err(|e| CryptoError::Argon2(e))?;
        // if passphrase is incorrect, this will fail
        let _verify = crypto.decrypt(&nonce, &blob)?;
        *self = Self::Unlocked {crypto, salt: *salt};
        Ok(())
    }
    pub async fn load(pool: &SqlitePool) -> Result<Self, LoadCredentialsError> {
        match kv::load_bytes_multi!(pool, "salt", "verify_nonce", "verify_blob").await? {
            Some((salt, nonce, blob)) => {
                Ok(Self::Locked {
                    salt: salt.try_into().map_err(|_| LoadCredentialsError::InvalidData)?,
                    // note: replace this with try_from at some point
                    verify_nonce: XNonce::clone_from_slice(&nonce),
                    verify_blob: blob,
                })
            },
            None => Ok(Self::Empty),
        }
    }
    pub async fn save(&self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
        match self {
            Self::Unlocked {salt, crypto} => {
                let (nonce, blob) = crypto.encrypt(b"correct horse battery staple")?;
                kv::save_bytes(pool, "salt", salt).await?;
                kv::save_bytes(pool, "verify_nonce", &nonce.as_slice()).await?;
                kv::save_bytes(pool, "verify_blob", &blob).await?;
            },
            Self::Locked {salt, verify_nonce, verify_blob} => {
                kv::save_bytes(pool, "salt", salt).await?;
                kv::save_bytes(pool, "verify_nonce", &verify_nonce.as_slice()).await?;
                kv::save_bytes(pool, "verify_blob", verify_blob).await?;
            },
            // "saving" an empty session just means doing nothing
            Self::Empty => (),
        };
        Ok(())
    }
    pub async fn reset(&mut self, pool: &SqlitePool) -> Result<(), SaveCredentialsError> {
        match self {            
            Self::Unlocked {..} | Self::Locked {..} => {
                kv::delete_multi(pool, &["salt", "verify_nonce", "verify_blob"]).await?;
                *self = Self::Empty;
            },
            Self::Empty => (),
        }
        Ok(())
    }
    pub fn try_get_crypto(&self) -> Result<&Crypto, GetCredentialsError> {
        match self {
            Self::Empty => Err(GetCredentialsError::Empty),
            Self::Locked {..} => Err(GetCredentialsError::Locked),
            Self::Unlocked {crypto, ..} => Ok(crypto),
        }
    }
    pub fn try_encrypt(&self, data: &[u8]) -> Result<(XNonce, Vec<u8>), GetCredentialsError> {
        let crypto = match self {
            Self::Empty => return Err(GetCredentialsError::Empty),
            Self::Locked {..} => return Err(GetCredentialsError::Locked),
            Self::Unlocked {crypto, ..} => crypto,
        };
        let res = crypto.encrypt(data)?;
        Ok(res)
    }
    pub fn try_decrypt(&self, nonce: XNonce, data: &[u8]) -> Result<Vec<u8>, GetCredentialsError> {
        let crypto = match self {
            Self::Empty => return Err(GetCredentialsError::Empty),
            Self::Locked {..} => return Err(GetCredentialsError::Locked),
            Self::Unlocked {crypto, ..} => crypto,
        };
        let res = crypto.decrypt(&nonce, data)?;
        Ok(res)
    }
 }
--- a/src-tauri/src/fixtures/kv.sql
+++ b/src-tauri/src/fixtures/kv.sql
@ -0,0 +1,13 @@
 INSERT INTO kv (name, value)
 VALUES
    -- b"hello world" (raw bytes)
    ('test_bytes', X'68656C6C6F20776F726C64'),
    -- b"\"hello world\"" (JSON string)
    ('test_string', X'2268656C6C6F20776F726C6422'),
    -- b"123" (JSON integer)
    ('test_int', X'313233'),
    -- b"true" (JSON bool)
    ('test_bool', X'74727565')
--- a/src-tauri/src/ipc.rs
+++ b/src-tauri/src/ipc.rs
@ -1,11 +1,11 @@
 use serde::{Serialize, Deserialize};
 use sqlx::types::Uuid;
-use tauri::State;
+use tauri::{AppHandle, State};
 use crate::config::AppConfig;
 use crate::credentials::{
    AppSession,
-    SaveCredential
+    CredentialRecord
 };
 use crate::errors::*;
 use crate::clientinfo::Client;
@ -80,6 +80,12 @@ pub async fn lock(app_state: State<'_, AppState>) -> Result<(), LockError> {
 }
 #[tauri::command]
 pub async fn reset_session(app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> {
    app_state.reset_session().await
 }
 #[tauri::command]
 pub async fn set_passphrase(passphrase: &str, app_state: State<'_, AppState>) -> Result<(), SaveCredentialsError> {
    app_state.set_passphrase(passphrase).await
@ -107,10 +113,10 @@ pub async fn signal_activity(app_state: State<'_, AppState>) -> Result<(), ()> {
 #[tauri::command]
 pub async fn save_credential(
-    cred: SaveCredential,
+    record: CredentialRecord,
    app_state: State<'_, AppState>
 ) -> Result<(), SaveCredentialsError> {
-    app_state.save_credential(cred).await
+    app_state.save_credential(record).await
 }
@ -123,7 +129,7 @@ pub async fn delete_credential(id: &str, app_state: State<'_, AppState>) -> Resu
 #[tauri::command]
-pub async fn list_credentials(app_state: State<'_, AppState>) -> Result<Vec<SaveCredential>, GetCredentialsError> {
+pub async fn list_credentials(app_state: State<'_, AppState>) -> Result<Vec<CredentialRecord>, GetCredentialsError> {
    app_state.list_credentials().await
 }
@ -154,3 +160,9 @@ pub async fn launch_terminal(base: bool) -> Result<(), LaunchTerminalError> {
 pub async fn get_setup_errors(app_state: State<'_, AppState>) -> Result<Vec<String>, ()> {
    Ok(app_state.setup_errors.clone())
 }
 #[tauri::command]
 pub fn exit(app_handle: AppHandle) {
    app_handle.exit(0)
 }
--- a/src-tauri/src/kv.rs
+++ b/src-tauri/src/kv.rs
@ -6,7 +6,7 @@ use crate::errors::*;
 pub async fn save<T>(pool: &SqlitePool, name: &str, value: &T) -> Result<(), sqlx::Error>
-    where T: Serialize
+    where T: Serialize + ?Sized
 {
    let bytes = serde_json::to_vec(value).unwrap();
    save_bytes(pool, name, &bytes).await
@ -44,9 +44,33 @@ pub async fn load_bytes(pool: &SqlitePool, name: &str) -> Result<Option<Vec<u8>>
 }
 pub async fn delete(pool: &SqlitePool, name: &str) -> Result<(), sqlx::Error> {
    sqlx::query!("DELETE FROM kv WHERE name = ?", name)
        .execute(pool)
        .await?;
    Ok(())
 }
 pub async fn delete_multi(pool: &SqlitePool, names: &[&str]) -> Result<(), sqlx::Error> {    
    let placeholder = names.iter()
        .map(|_| "?")
        .collect::<Vec<&str>>()
        .join(",");
    let query = format!("DELETE FROM kv WHERE name IN ({})", placeholder);
    let mut q = sqlx::query(&query);
    for name in names {
        q = q.bind(name);
    }
    q.execute(pool).await?;
    Ok(())
 }
 macro_rules! load_bytes_multi {
    (
-        $pool:ident,
+        $pool:expr,
        $($name:literal),*
    ) => {
        // wrap everything up in an async block for easy short-circuiting...
@ -78,7 +102,7 @@ pub(crate) use load_bytes_multi;
 // macro_rules! load_multi {
 //     (
-//         $pool:ident,
+//         $pool:expr,
 //         $($name:literal),*
 //     ) => {
 //         (|| {
@ -93,3 +117,94 @@ pub(crate) use load_bytes_multi;
 //         })()
 //     }
 // }
 #[cfg(test)]
 mod tests {
    use super::*;
    #[sqlx::test]
    async fn test_save_bytes(pool: SqlitePool) {
        save_bytes(&pool, "test_bytes", b"hello world").await
            .expect("Failed to save bytes");
    }
    #[sqlx::test]
    async fn test_save(pool: SqlitePool) {
        save(&pool, "test_string", "hello world").await
            .expect("Failed to save string");
        save(&pool, "test_int", &123).await
            .expect("Failed to save integer");
        save(&pool, "test_bool", &true).await
            .expect("Failed to save bool");
    }
    #[sqlx::test(fixtures("kv"))]
    async fn test_load_bytes(pool: SqlitePool) {
        let bytes = load_bytes(&pool, "test_bytes").await
            .expect("Failed to load bytes")
            .expect("Test data not found in database");
        assert_eq!(bytes, Vec::from(b"hello world"));
    }
    #[sqlx::test(fixtures("kv"))]
    async fn test_load(pool: SqlitePool) {
        let string: String = load(&pool, "test_string").await
            .expect("Failed to load string")
            .expect("Test data not found in database");
        assert_eq!(string, "hello world".to_string());
        let integer: usize = load(&pool, "test_int").await
            .expect("Failed to load integer")
            .expect("Test data not found in database");
        assert_eq!(integer, 123);
        let boolean: bool = load(&pool, "test_bool").await
            .expect("Failed to load boolean")
            .expect("Test data not found in database");
        assert_eq!(boolean, true);
    }
    #[sqlx::test(fixtures("kv"))]
    async fn test_load_multi(pool: SqlitePool) {
        let (bytes, boolean) = load_bytes_multi!(&pool, "test_bytes", "test_bool")
            .await
            .expect("Failed to load items")
            .expect("Test data not found in database");
        assert_eq!(bytes, Vec::from(b"hello world"));
        assert_eq!(boolean, Vec::from(b"true"));
    }
    #[sqlx::test(fixtures("kv"))]
    async fn test_delete(pool: SqlitePool) {
        delete(&pool, "test_bytes").await
            .expect("Failed to delete data");
        let loaded = load_bytes(&pool, "test_bytes").await
            .expect("Failed to load data");
        assert_eq!(loaded, None);
    }
    #[sqlx::test(fixtures("kv"))]
    async fn test_delete_multi(pool: SqlitePool) {
        delete_multi(&pool, &["test_bytes", "test_string"]).await
            .expect("Failed to delete keys");
        let bytes_opt = load_bytes(&pool, "test_bytes").await
            .expect("Failed to load bytes");
        assert_eq!(bytes_opt, None);
        let string_opt = load_bytes(&pool, "test_string").await
            .expect("Failed to load string");
        assert_eq!(string_opt, None);
    }
 }
--- a/src-tauri/src/state.rs
+++ b/src-tauri/src/state.rs
@ -21,7 +21,7 @@ use crate::credentials::{
 use crate::{config, config::AppConfig};
 use crate::credentials::{
    AwsBaseCredential,
-    SaveCredential,
+    CredentialRecord,
    PersistentCredential
 };
 use crate::ipc::{self, RequestResponse};
@ -142,10 +142,10 @@ impl AppState {
        }
    }
-    pub async fn save_credential(&self, cred: SaveCredential) -> Result<(), SaveCredentialsError> {
+    pub async fn save_credential(&self, record: CredentialRecord) -> Result<(), SaveCredentialsError> {
        let session = self.app_session.read().await;
        let crypto = session.try_get_crypto()?;
-        cred.save(crypto, &self.pool).await
+        record.save(crypto, &self.pool).await
    }
    pub async fn delete_credential(&self, id: &Uuid) -> Result<(), SaveCredentialsError> {
@ -155,12 +155,11 @@ impl AppState {
        Ok(())
    }
-    pub async fn list_credentials(&self) -> Result<Vec<SaveCredential>, GetCredentialsError> {
+    pub async fn list_credentials(&self) -> Result<Vec<CredentialRecord>, GetCredentialsError> {
        let session = self.app_session.read().await;
        let crypto = session.try_get_crypto()?;
-        let creds = AwsBaseCredential::list(crypto, &self.pool).await?;
+        let list = CredentialRecord::list(crypto, &self.pool).await?;
-        // eventual extend this vec with other credential types
+        Ok(list)
        Ok(creds)
    }
    pub async fn set_passphrase(&self, passphrase: &str) -> Result<(), SaveCredentialsError> {
@ -171,7 +170,7 @@ impl AppState {
        let new_session = AppSession::new(passphrase)?;
        if let AppSession::Unlocked {salt: _, ref crypto} = *cur_session {
-            AwsBaseCredential::rekey(
+            CredentialRecord::rekey(
                crypto,
                new_session.try_get_crypto().expect("AppSession::new() should always return Unlocked"),
                &self.pool,
@ -255,10 +254,17 @@ impl AppState {
        }
    }
    pub async fn reset_session(&self) -> Result<(), SaveCredentialsError> {
        let mut session = self.app_session.write().await;
        session.reset(&self.pool).await?;
        sqlx::query!("DELETE FROM credentials").execute(&self.pool).await?;
        Ok(())
    }
    pub async fn get_aws_base(&self, name: &str) -> Result<AwsBaseCredential, GetCredentialsError> {
        let app_session = self.app_session.read().await;
        let crypto = app_session.try_get_crypto()?;
-        let creds = AwsBaseCredential::load(name, crypto, &self.pool).await?;
+        let creds = AwsBaseCredential::load_by_name(name, crypto, &self.pool).await?;
        Ok(creds)
    }
@ -345,12 +351,7 @@ mod tests {
        state.delete_credential(&id).await.unwrap();
        // ensure delete-cascade went through correctly
-        let res = AwsBaseCredential::load(
+        let res = AwsBaseCredential::load(&id, &Crypto::fixed(), &state.pool).await;
            "test",
            &Crypto::fixed(),
            &state.pool,
        ).await;
        assert!(matches!(res, Err(LoadCredentialsError::NoCredentials)));
    }
 }
--- a/src/App.svelte
+++ b/src/App.svelte
@ -7,15 +7,22 @@ import { getVersion } from '@tauri-apps/api/app';
 import { appState, acceptRequest, cleanupRequest } from './lib/state.js';
 import { views, currentView, navigate } from './lib/routing.js';
 import Approve from './views/Approve.svelte';
 import CreatePassphrase from './views/CreatePassphrase.svelte';
 import Unlock from './views/Unlock.svelte';
-$views = import.meta.glob('./views/*.svelte', {eager: true});
+// set up app state
 navigate('Home');
 invoke('get_config').then(config => $appState.config = config);
-invoke('get_session_status').then(status => $appState.credentialStatus = status);
+invoke('get_session_status').then(status => $appState.sessionStatus = status);
 getVersion().then(version => $appState.appVersion = version);
 invoke('get_setup_errors')
    .then(errs => {
        $appState.setupErrors = errs.map(e => ({msg: e, show: true}));
    });
-listen('credentials-request', (tauriEvent) => {
+
 // set up event handlers
 listen('credential-request', (tauriEvent) => {
    $appState.pendingRequests.put(tauriEvent.payload);
 });
@ -29,29 +36,17 @@ listen('request-cancelled', (tauriEvent) => {
    }
 });
 listen('launch-terminal-request', async (tauriEvent) => {
    if ($appState.currentRequest === null) {
        let status = await invoke('get_session_status');
        if (status === 'locked') {
            navigate('Unlock');
        }
        else if (status === 'empty') {
            navigate('EnterCredentials');
        }
        // else, session is unlocked, so do nothing
        // (although we shouldn't even get the event in that case)
    }
 });
 listen('locked', () => {
-    $appState.credentialStatus = 'locked';
+    $appState.sessionStatus = 'locked';
 });
 invoke('get_setup_errors')
    .then(errs => {
        $appState.setupErrors = errs.map(e => ({msg: e, show: true}));
    });
 // set up navigation
 $views = import.meta.glob('./views/*.svelte', {eager: true});
 navigate('Home');
 // ready to rock and roll
 acceptRequest();
 </script>
@ -61,4 +56,17 @@ acceptRequest();
    on:keydown={() => invoke('signal_activity')}
 />
-<svelte:component this="{$currentView}" />
+
 {#if $appState.sessionStatus === 'empty'}
    <!-- Empty state (no passphrase) takes precedence over everything -->
    <CreatePassphrase />
 {:else if $appState.currentRequest !== null}
    <!-- if a request is pending, show approval flow (will include unlock if necessary) -->
    <Approve />
 {:else if $appState.sessionStatus === 'locked'}
    <!-- if session is locked and no request is pending, show unlock screen -->
    <Unlock />
 {:else}
    <!-- normal operation -->
    <svelte:component this="{$currentView}" />
 {/if}
--- a/src/lib/state.js
+++ b/src/lib/state.js
@ -7,7 +7,7 @@ import { navigate, currentView, previousView } from './routing.js';
 export let appState = writable({
    currentRequest: null,
    pendingRequests: queue(),
-    credentialStatus: 'locked',
+    sessionStatus: 'locked',
    setupErrors: [],
    appVersion: '',
 });
@ -25,11 +25,11 @@ export async function acceptRequest() {
 export function cleanupRequest() {
    currentView.set(get(previousView));
    previousView.set(null);
    appState.update($appState => {
        $appState.currentRequest = null;
        return $appState;
    });
    currentView.set(get(previousView));
    previousView.set(null);
    acceptRequest();
 }
--- a/src/ui/ErrorAlert.svelte
+++ b/src/ui/ErrorAlert.svelte
@ -7,11 +7,34 @@
    export let slideDuration = 150;
    let animationClass = "";
-    export function shake() {
+    let error = null;
    function shake() {
        animationClass = 'shake';
        window.setTimeout(() => animationClass = "", 400);
    }
    export async function run(fallible) {
        try {
            const ret = await Promise.resolve(fallible());
            error = null;
            return ret;
        }
        catch (e) {
            if (error) shake();
            error = e;
            // re-throw so it can be caught by the caller if necessary
            throw e;
        }
    }
    // this is a method rather than a prop so that we can re-shake every time
    // the error occurs, even if the error message doesn't change
    export function setError(e) {
        if (error) shake();
        error = e;
    }
 </script>
@ -51,17 +74,17 @@
 </style>
-<div in:slide="{{duration: slideDuration}}" class="alert alert-error shadow-lg {animationClass} {extraClasses}">
+{#if error}
-    <div>
+    <div transition:slide="{{duration: slideDuration}}" class="alert alert-error shadow-lg {animationClass} {extraClasses}">
        <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M10 14l2-2m0 0l2-2m-2 2l-2-2m2 2l2 2m7-2a9 9 0 11-18 0 9 9 0 0118 0z" /></svg>
        <span>
-            <slot></slot>
+            <slot {error}>{error.msg || error}</slot>
        </span>
    </div>
-    {#if $$slots.buttons}
+        {#if $$slots.buttons}
-        <div>
+            <div>
-            <slot name="buttons"></slot>
+                <slot name="buttons"></slot>
-        </div>
+            </div>
-    {/if}
+        {/if}
-</div>
+    </div>
 {/if}
--- a/src/ui/Icon.svelte
+++ b/src/ui/Icon.svelte
@ -5,7 +5,7 @@
    let classes = "";
    export {classes as class};
-    let svg = ICONS[`./icons/${name}.svelte`].default;
+    $: svg = ICONS[`./icons/${name}.svelte`].default;
 </script>
 <svelte:component this={svg} class={classes} />
--- a/src/ui/Link.svelte
+++ b/src/ui/Link.svelte
@ -31,6 +31,7 @@
            && shift === event.shiftKey
        ) {
            click();
            event.preventDefault();
        }
    }
 </script>
--- a/src/ui/PassphraseInput.svelte
+++ b/src/ui/PassphraseInput.svelte
@ -0,0 +1,46 @@
 <script>
    import Icon from './Icon.svelte';
    export let value = '';
    export let placeholder = '';
    export let autofocus = false;
    let classes = '';
    export {classes as class};
    let show = false;
 </script>
 <style>
    button {
        border: 1px solid oklch(var(--bc) / 0.2);
        border-left: none;
    }
 </style>
 <div class="join w-full">
    <input
        type={show ? 'text' : 'password'}
        {value} {placeholder} {autofocus}
        on:input={e => value = e.target.value}
        on:input on:change on:focus on:blur
        class="input input-bordered flex-grow join-item placeholder:text-gray-500 {classes}"
    />
    <button
        type="button"
        class="btn btn-ghost join-item swap swap-rotate"
        class:swap-active={show}
        on:click={() => show = !show}
    >
        <Icon
            name="eye"
            class="w-5 h-5 swap-off"
        />
        <Icon
            name="eye-slash"
            class="w-5 h-5 swap-on"
        />
    </button>
 </div>
--- a/src/ui/icons/arrow-right-start-on-rectangle.svelte
+++ b/src/ui/icons/arrow-right-start-on-rectangle.svelte
@ -0,0 +1,8 @@
 <script>
  let classes = '';
  export {classes as class}
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
  <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 9V5.25A2.25 2.25 0 0 0 13.5 3h-6a2.25 2.25 0 0 0-2.25 2.25v13.5A2.25 2.25 0 0 0 7.5 21h6a2.25 2.25 0 0 0 2.25-2.25V15m3 0 3-3m0 0-3-3m3 3H9" />
 </svg>
--- a/src/ui/icons/command-line.svelte
+++ b/src/ui/icons/command-line.svelte
@ -0,0 +1,8 @@
 <script>
  let classes = '';
  export {classes as class}
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
  <path stroke-linecap="round" stroke-linejoin="round" d="m6.75 7.5 3 2.25-3 2.25m4.5 0h3m-9 8.25h13.5A2.25 2.25 0 0 0 21 18V6a2.25 2.25 0 0 0-2.25-2.25H5.25A2.25 2.25 0 0 0 3 6v12a2.25 2.25 0 0 0 2.25 2.25Z" />
 </svg>
--- a/src/ui/icons/eye-slash.svelte
+++ b/src/ui/icons/eye-slash.svelte
@ -0,0 +1,9 @@
 <script>
    let classes = "";
    export {classes as class};
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
  <path stroke-linecap="round" stroke-linejoin="round" d="M3.98 8.223A10.477 10.477 0 0 0 1.934 12C3.226 16.338 7.244 19.5 12 19.5c.993 0 1.953-.138 2.863-.395M6.228 6.228A10.451 10.451 0 0 1 12 4.5c4.756 0 8.773 3.162 10.065 7.498a10.522 10.522 0 0 1-4.293 5.774M6.228 6.228 3 3m3.228 3.228 3.65 3.65m7.894 7.894L21 21m-3.228-3.228-3.65-3.65m0 0a3 3 0 1 0-4.243-4.243m4.242 4.242L9.88 9.88" />
 </svg>
--- a/src/ui/icons/eye.svelte
+++ b/src/ui/icons/eye.svelte
@ -0,0 +1,9 @@
 <script>
    let classes = "";
    export {classes as class};
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
  <path stroke-linecap="round" stroke-linejoin="round" d="M2.036 12.322a1.012 1.012 0 0 1 0-.639C3.423 7.51 7.36 4.5 12 4.5c4.638 0 8.573 3.007 9.963 7.178.07.207.07.431 0 .639C20.577 16.49 16.64 19.5 12 19.5c-4.638 0-8.573-3.007-9.963-7.178Z" />
  <path stroke-linecap="round" stroke-linejoin="round" d="M15 12a3 3 0 1 1-6 0 3 3 0 0 1 6 0Z" />
 </svg>
--- a/src/ui/icons/key.svelte
+++ b/src/ui/icons/key.svelte
@ -0,0 +1,8 @@
 <script>
  let classes = '';
  export {classes as class}
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
  <path stroke-linecap="round" stroke-linejoin="round" d="M15.75 5.25a3 3 0 0 1 3 3m3 0a6 6 0 0 1-7.029 5.912c-.563-.097-1.159.026-1.563.43L10.5 17.25H8.25v2.25H6v2.25H2.25v-2.818c0-.597.237-1.17.659-1.591l6.499-6.499c.404-.404.527-1 .43-1.563A6 6 0 1 1 21.75 8.25Z" />
 </svg>
--- a/src/ui/icons/pencil.svelte
+++ b/src/ui/icons/pencil.svelte
@ -0,0 +1,8 @@
 <script>
    let classes = '';
    export {classes as class};
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
  <path stroke-linecap="round" stroke-linejoin="round" d="m16.862 4.487 1.687-1.688a1.875 1.875 0 1 1 2.652 2.652L6.832 19.82a4.5 4.5 0 0 1-1.897 1.13l-2.685.8.8-2.685a4.5 4.5 0 0 1 1.13-1.897L16.863 4.487Zm0 0L19.5 7.125" />
 </svg>
--- a/src/ui/icons/plus-circle-mini.svelte
+++ b/src/ui/icons/plus-circle-mini.svelte
@ -0,0 +1,9 @@
 <script>
  let classes = "";
  export {classes as class};
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 20 20" fill="currentColor" class={classes}>
  <path fill-rule="evenodd" d="M10 18a8 8 0 1 0 0-16 8 8 0 0 0 0 16Zm.75-11.25a.75.75 0 0 0-1.5 0v2.5h-2.5a.75.75 0 0 0 0 1.5h2.5v2.5a.75.75 0 0 0 1.5 0v-2.5h2.5a.75.75 0 0 0 0-1.5h-2.5v-2.5Z" clip-rule="evenodd" />
 </svg>
--- a/src/ui/icons/shield-check.svelte
+++ b/src/ui/icons/shield-check.svelte
@ -0,0 +1,8 @@
 <script>
  let classes = '';
  export {classes as class}
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
  <path stroke-linecap="round" stroke-linejoin="round" d="M9 12.75 11.25 15 15 9.75m-3-7.036A11.959 11.959 0 0 1 3.598 6 11.99 11.99 0 0 0 3 9.749c0 5.592 3.824 10.29 9 11.623 5.176-1.332 9-6.03 9-11.622 0-1.31-.21-2.571-.598-3.751h-.152c-3.196 0-6.1-1.248-8.25-3.285Z" />
 </svg>
--- a/src/ui/icons/trash.svelte
+++ b/src/ui/icons/trash.svelte
@ -0,0 +1,8 @@
 <script>
    let classes = '';
    export {classes as class};
 </script>
 <svg xmlns="http://www.w3.org/2000/svg" fill="none" viewBox="0 0 24 24" stroke-width="1.5" stroke="currentColor" class={classes}>
  <path stroke-linecap="round" stroke-linejoin="round" d="m14.74 9-.346 9m-4.788 0L9.26 9m9.968-3.21c.342.052.682.107 1.022.166m-1.022-.165L18.16 19.673a2.25 2.25 0 0 1-2.244 2.077H8.084a2.25 2.25 0 0 1-2.244-2.077L4.772 5.79m14.456 0a48.108 48.108 0 0 0-3.478-.397m-12 .562c.34-.059.68-.114 1.022-.165m0 0a48.11 48.11 0 0 1 3.478-.397m7.5 0v-.916c0-1.18-.91-2.164-2.09-2.201a51.964 51.964 0 0 0-3.32 0c-1.18.037-2.09 1.022-2.09 2.201v.916m7.5 0a48.667 48.667 0 0 0-7.5 0" />
 </svg>
--- a/src/ui/settings/Setting.svelte
+++ b/src/ui/settings/Setting.svelte
@ -1,13 +1,12 @@
 <script>
    import { slide } from 'svelte/transition';
    import ErrorAlert from '../ErrorAlert.svelte';
    export let title;
 </script>
 <div>
-    <div class="flex flex-wrap justify-between gap-y-4">
+    <div class="flex flex-wrap justify-between gap-4">
        <h3 class="text-lg font-bold shrink-0">{title}</h3>
        {#if $$slots.input}
            <slot name="input"></slot>
--- a/src/views/Approve.svelte
+++ b/src/views/Approve.svelte
@ -1,145 +1,64 @@
 <script>
-    import { onMount } from 'svelte';
+    import { appState, cleanupRequest } from '../lib/state.js';
    import { invoke } from '@tauri-apps/api/core';
    import { navigate } from '../lib/routing.js';
    import { appState, cleanupRequest } from '../lib/state.js';
    import ErrorAlert from '../ui/ErrorAlert.svelte';
-    import Link from '../ui/Link.svelte';
+    import CollectResponse from './approve/CollectResponse.svelte';
-    import KeyCombo from '../ui/KeyCombo.svelte';
+    import ShowResponse from './approve/ShowResponse.svelte';
    import Unlock from './Unlock.svelte';
-    // Send response to backend, display error if applicable
+    // Extra 50ms so the window can finish disappearing before the redraw
-    let error, alert;
+    const rehideDelay = Math.min(5000, $appState.config.rehide_ms + 50);
-    async function respond() {
+
-        const response = {
+    let alert;
-            id: $appState.currentRequest.id,
+    let success = false;
-            ...$appState.currentRequest.response,
+    async function sendResponse() {
        };
        try {
-            await invoke('respond', {response});
+            await invoke('respond', {response: $appState.currentRequest.response});
-            navigate('ShowResponse');
+            success = true;
            window.setTimeout(cleanupRequest, rehideDelay);
        }
        catch (e) {
-            if (error) {
+            // reset to null so that we go back to asking for approval
-                alert.shake();
+            $appState.currentRequest.response = null;
-            }
+            // setTimeout forces this to not happen until the alert has been rendered
-            error = e;
+            window.setTimeout(() => alert.setError(e), 0);
        }
    }
-    // Approval has one of several outcomes depending on current credential state
+    async function handleResponseCollected() {
-    async function approve(base) {
+        if (
-        $appState.currentRequest.response = {approval: 'Approved', base};
+            $appState.sessionStatus === 'unlocked'
-        let status = await invoke('get_session_status');
+            || $appState.currentRequest.response.approval === 'Denied'
-        if (status === 'unlocked') {
+        ) {
-            await respond();
+            await sendResponse();
        }
        else if (status === 'locked') {
            navigate('Unlock');
        }
        else {
            navigate('EnterCredentials');
        }
    }
    // Denial has only one
    async function deny() {
        $appState.currentRequest.response = {approval: 'Denied', base: false};
        await respond();
    }
    // Extract executable name from full path
    const client = $appState.currentRequest.client;
    const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
    const appName = m[1] || m[2];
    // Executable paths can be long, so ensure they only break on \ or /
    function breakPath(path) {
        return path.replace(/(\\|\/)/g, '$1<wbr>');
    }
    // if the request has already been approved/denied, send response immediately
    onMount(async () => {
        if ($appState.currentRequest.response) {
            await respond();
        }
    });
 </script>
-<!-- Don't render at all if we're just going to immediately proceed to the next screen -->
+{#if success}
-{#if error || !$appState.currentRequest?.response}
+    <!-- if we have successfully sent a response, show it -->
    <ShowResponse />
 {:else if !$appState.currentRequest?.response}
    <!-- if a response hasn't been collected, ask for it -->
    <div class="flex flex-col space-y-4 p-4 m-auto max-w-xl h-screen items-center justify-center">
-        {#if error}
+        <ErrorAlert bind:this={alert}>
-            <ErrorAlert bind:this={alert}>
+            <svelte:fragment slot="buttons">
-                {error.msg}
+                <button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button>
-                <svelte:fragment slot="buttons">
+                <button class="btn btn-sm btn-alert-error" on:click={sendResponse}>Retry</button>
-                    <button class="btn btn-sm btn-alert-error" on:click={cleanupRequest}>Cancel</button>
+            </svelte:fragment>
-                    <button class="btn btn-sm btn-alert-error" on:click={respond}>Retry</button>
+        </ErrorAlert>
                </svelte:fragment>
            </ErrorAlert>
        {/if}
-        {#if $appState.currentRequest?.base}
+        <CollectResponse  on:response={handleResponseCollected} />
            <div class="alert alert-warning shadow-lg">
                <div>
                    <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
                    <span>
                        WARNING: This application is requesting your base AWS credentials. 
                        These credentials are less secure than session credentials, since they don't expire automatically.
                    </span>
                </div>
            </div>
        {/if}
        <div class="space-y-1 mb-4">
            <h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2>
            <div class="grid grid-cols-[auto_1fr] gap-x-3">
                <div class="text-right">Path:</div>
                <code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
                <div class="text-right">PID:</div>
                <code>{client.pid}</code>
            </div>
        </div>
        <div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6">
                <!-- Don't display the option to approve with session credentials if base was specifically requested -->
                {#if !$appState.currentRequest?.base}
                    <h3 class="font-semibold">
                        Approve with session credentials
                    </h3>
                    <Link target={() => approve(false)} hotkey="Enter" shift={true}>
                        <button class="w-full btn btn-success">
                            <KeyCombo keys={['Shift', 'Enter']} />
                        </button>
                    </Link>
                {/if}
                <h3 class="font-semibold">
                    <span class="mr-2">
                        {#if $appState.currentRequest?.base}
                            Approve
                        {:else}
                            Approve with base credentials
                        {/if}
                    </span>
                </h3>
                <Link target={() => approve(true)} hotkey="Enter" shift={true} ctrl={true}>
                    <button class="w-full btn btn-warning">
                        <KeyCombo keys={['Ctrl', 'Shift', 'Enter']} />
                    </button>
                </Link>
                <h3 class="font-semibold">
                    <span class="mr-2">Deny</span>
                </h3>
                <Link target={deny} hotkey="Escape">
                    <button class="w-full btn btn-error">
                        <KeyCombo keys={['Esc']} />
                    </button>
                </Link>
        </div>
    </div>
 {:else if $appState.sessionStatus === 'locked'}
    <!-- if session is locked and we do have a response, we must be waiting for unlock -->
    <Unlock on:unlocked={sendResponse} />
 {:else}
    <!-- failsafe sanity check -->
    <ErrorAlert>
        Something is wrong. This message should never show up during normal operation.
    </ErrorAlert>
 {/if}
--- a/src/views/ChangePassphrase.svelte
+++ b/src/views/ChangePassphrase.svelte
@ -0,0 +1,14 @@
 <script>
    import { navigate } from '../lib/routing.js';
    import EnterPassphrase from './passphrase/EnterPassphrase.svelte';
 </script>
 <div class="flex flex-col h-screen max-w-sm m-auto gap-y-8 justify-center">
        <h1 class="text-2xl font-bold text-center">
            Change passphrase
        </h1>
        <EnterPassphrase cancellable={true} on:save={() => navigate('Home')}/>
 </div>
--- a/src/views/CreatePassphrase.svelte
+++ b/src/views/CreatePassphrase.svelte
@ -0,0 +1,21 @@
 <script>
    import EnterPassphrase from './passphrase/EnterPassphrase.svelte';
 </script>
 <div class="flex flex-col h-screen max-w-lg m-auto justify-center">
    <div class="space-y-8">
        <h1 class="text-2xl font-bold text-center">Welcome to Creddy!</h1>
        <div class="space-y-4">
            <p> Create a passphrase to get started.</p>
            <p>Please note that if you forget your passphrase, there is no way to recover 
            your stored credentials. You will have to start over with a new passphrase.</p>
        </div>
        <div class="max-w-sm mx-auto">
            <EnterPassphrase />
        </div>
    </div>
 </div>
--- a/src/views/EnterCredentials.svelte
+++ b/src/views/EnterCredentials.svelte
@ -1,94 +0,0 @@
 <script>
    import { onMount } from 'svelte';
    import { invoke } from '@tauri-apps/api/core';
    import { emit } from '@tauri-apps/api/event';
    import { getRootCause } from '../lib/errors.js';
    import { appState } from '../lib/state.js';
    import { navigate } from '../lib/routing.js';
    import Link from '../ui/Link.svelte';
    import ErrorAlert from '../ui/ErrorAlert.svelte';
    import Spinner from '../ui/Spinner.svelte';
    let errorMsg = null;
    let alert;
    let AccessKeyId, SecretAccessKey, passphrase, confirmPassphrase
    function confirm() {
        if (passphrase !== confirmPassphrase) {
            errorMsg = 'Passphrases do not match.'
        }
    }
    let saving = false;
    async function save() {
        if (passphrase !== confirmPassphrase) {
            alert.shake();
            return;
        }
        let credentials = {AccessKeyId, SecretAccessKey};
        try {
            saving = true;
            await invoke('save_credentials', {credentials, passphrase});
            emit('credentials-event', 'entered');
            $appState.credentialStatus = 'unlocked';
            if ($appState.currentRequest) {
                navigate('Approve');
            }
            else {
                navigate('Home');
            }
        }
        catch (e) {
            const root = getRootCause(e);
            if (e.code === 'GetSession' && root.code) {
                errorMsg = `Error response from AWS (${root.code}): ${root.msg}`;
            }
            else {
                // some of the built-in Tauri errors are plain strings,
                // so fall back to e if e.msg doesn't exist
                errorMsg = e.msg || e;
            }
            // if the alert already existed, shake it
            if (alert) {
                alert.shake();
            }
            saving = false;
        }
    }
    function cancel() {
        emit('credentials-event', 'enter-canceled');
        navigate('Home');
    }
 </script>
 <form action="#" on:submit|preventDefault="{save}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center">
    <h2 class="text-2xl font-bold text-center">Enter your credentials</h2>
    {#if errorMsg}
        <ErrorAlert bind:this="{alert}">{errorMsg}</ErrorAlert>
    {/if}
    <input type="text" placeholder="AWS Access Key ID" bind:value="{AccessKeyId}" class="input input-bordered" />
    <input type="password" placeholder="AWS Secret Access Key" bind:value="{SecretAccessKey}" class="input input-bordered" />
    <input type="password" placeholder="Passphrase" bind:value="{passphrase}" class="input input-bordered" />
    <input type="password" placeholder="Re-enter passphrase" bind:value={confirmPassphrase} class="input input-bordered" on:change={confirm} />
    <button type="submit" class="btn btn-primary">
        {#if saving }
            <Spinner class="w-5 h-5" thickness="12"/>
        {:else}
            Submit
        {/if}
    </button>
    <Link target={cancel} hotkey="Escape">
        <button class="btn btn-sm btn-outline w-full">Cancel</button>
    </Link>
 </form>
--- a/src/views/Home.svelte
+++ b/src/views/Home.svelte
@ -8,13 +8,21 @@
    import Icon from '../ui/Icon.svelte';
    import Link from '../ui/Link.svelte';
    import vaultDoorSvg from '../assets/vault_door.svg?raw';
    let launchBase = false;
    function launchTerminal() {
        invoke('launch_terminal', {base: launchBase});
        launchBase = false;
    }
    async function lock() {
        try {
            await invoke('lock');
        }
        catch (e) {
            console.log(e);
        }
    }
 </script>
@ -23,31 +31,38 @@
 </Nav>
 <div class="flex flex-col h-screen items-center justify-center p-4 space-y-4">
-    <div class="flex flex-col items-center space-y-4">
+    <div class="grid grid-cols-2 gap-6">
-        {@html vaultDoorSvg}
+        <Link target="ManageCredentials">
-        {#if $appState.credentialStatus === 'locked'}
+            <div class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-primary hover:bg-base-200 transition-colors">
                <Icon name="key" class="size-12 stroke-1 stroke-primary" />
                <h3 class="text-lg font-bold">Credentials</h3>
                <p class="text-sm">Add, remove, and change defaults credentials.</p>
            </div>
        </Link>
        <Link target={launchTerminal}>
            <div class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-secondary hover:bg-base-200 transition-colors">
                <Icon name="command-line" class="size-12 stroke-1 stroke-secondary" />
                <h3 class="text-lg font-bold">Terminal</h3>
                <p class="text-sm">Launch a terminal pre-configured with AWS credentials.</p>
            </div>
        </Link>
-            <h2 class="text-2xl font-bold">Creddy is locked</h2>
+        <Link target={lock}>
-            <Link target="Unlock" hotkey="Enter" class="w-64">
+            <div class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-accent hover:bg-base-200 transition-colors">
-                <button class="btn btn-primary w-full">Unlock</button>
+                <Icon name="shield-check" class="size-12 stroke-1 stroke-accent" />
-            </Link>
+                <h3 class="text-lg font-bold">Lock</h3>
                <p class="text-sm">Lock Creddy.</p>
            </div>
        </Link>
-        {:else if $appState.credentialStatus === 'unlocked'}
+        <Link target={() => invoke('exit')}>
-            <h2 class="text-2xl font-bold">Waiting for requests</h2>
+            <div class="flex flex-col items-center gap-4 h-full max-w-56 rounded-box p-4 border border-warning hover:bg-base-200 transition-colors">
-            <button class="btn btn-primary w-full" on:click={launchTerminal}>
+                <Icon name="arrow-right-start-on-rectangle" class="size-12 stroke-1 stroke-warning" />
-                Launch Terminal
+                <h3 class="text-lg font-bold">Exit</h3>
-            </button>
+                <p class="text-sm">Close Creddy.</p>
-            <label class="label cursor-pointer flex items-center space-x-2">
+            </div>
-                <span class="label-text">Launch with long-lived credentials</span>
+        </Link>
                <input type="checkbox" class="checkbox checkbox-sm" bind:checked={launchBase}>
            </label>
        {:else if $appState.credentialStatus === 'empty'}
            <h2 class="text-2xl font-bold">No credentials found</h2>
            <Link target="EnterCredentials" hotkey="Enter" class="w-64">
                <button class="btn btn-primary w-full">Enter Credentials</button>
            </Link>
        {/if}
    </div>
 </div>
--- a/src/views/ManageCredentials.svelte
+++ b/src/views/ManageCredentials.svelte
@ -0,0 +1,62 @@
 <script>
    import { onMount } from 'svelte';
    import { slide, fade } from 'svelte/transition';
    import { writable } from 'svelte/store';
    import { invoke } from '@tauri-apps/api/core';
    import AwsCredential from './credentials/AwsCredential.svelte';
    import Icon from '../ui/Icon.svelte';
    import Nav from '../ui/Nav.svelte';
    let show = false;
    let records = []
    let defaults = writable({});
    async function loadCreds() {
        records = await invoke('list_credentials');
        let pairs = records.filter(r => r.is_default).map(r => [r.credential.type, r.id]);
        $defaults = Object.fromEntries(pairs);
    }
    onMount(loadCreds);
    function newAws() {
        records.push({
            id: crypto.randomUUID(),
            name: null,
            is_default: false,
            credential: {type: 'AwsBase', AccessKeyId: null, SecretAccessKey: null},
            isNew: true,
        });
        records = records;
    }
 </script>
 <Nav>
    <h1 slot="title" class="text-2xl font-bold">Credentials</h1>
 </Nav>
 <div class="max-w-xl mx-auto mb-12 flex flex-col gap-y-4 justify-center">
    <div class="divider">
        <h2 class="text-xl font-bold">AWS Access Keys</h2>
    </div>
    {#if records.length > 0}
        {#each records as record (record.id)}
            <AwsCredential {record} {defaults} on:update={loadCreds} />
        {/each}
        <button class="btn btn-primary btn-wide mx-auto" on:click={newAws}>
            <Icon name="plus-circle-mini" class="size-5" />
            Add
        </button>
    {:else}
        <div class="flex flex-col gap-6 items-center rounded-box border-2 border-dashed border-neutral-content/30 p-6">
            <div>You have no saved AWS credentials.</div>
            <button class="btn btn-primary btn-wide mx-auto" on:click={newAws}>
                <Icon name="plus-circle-mini" class="size-5" />
                Add
            </button>
        </div>
    {/if}
 </div>
--- a/src/views/Settings.svelte
+++ b/src/views/Settings.svelte
@ -5,7 +5,6 @@
    import { appState } from '../lib/state.js';
    import Nav from '../ui/Nav.svelte';
    import Link from '../ui/Link.svelte';
    import ErrorAlert from '../ui/ErrorAlert.svelte';
    import SettingsGroup from '../ui/settings/SettingsGroup.svelte';
    import Keybind from '../ui/settings/Keybind.svelte';
    import { Setting, ToggleSetting, NumericSetting, FileSetting, TextSetting, TimeSetting } from '../ui/settings';
@ -21,6 +20,7 @@
    let error = null;
    async function save() {
        try {
            throw('wtf');
            await invoke('save_config', {config});
            $appState.config = await invoke('get_config');
        }
@ -38,77 +38,78 @@
    <h1 slot="title" class="text-2xl font-bold">Settings</h1>
 </Nav>
-<div class="max-w-lg mx-auto my-1.5 p-4 space-y-16">
+<form on:submit|preventDefault={save}>
-    <SettingsGroup name="General">            
+    <div class="max-w-lg mx-auto my-1.5 p-4 space-y-16">
-        <ToggleSetting title="Start on login" bind:value={config.start_on_login}>
+        <SettingsGroup name="General">            
-            <svelte:fragment slot="description">
+            <ToggleSetting title="Start on login" bind:value={config.start_on_login}>
                Start Creddy when you log in to your computer.
            </svelte:fragment>
        </ToggleSetting>
        <ToggleSetting title="Start minimized" bind:value={config.start_minimized}>
            <svelte:fragment slot="description">
                Minimize to the system tray at startup.
            </svelte:fragment>
        </ToggleSetting>
        <NumericSetting title="Re-hide delay" bind:value={config.rehide_ms} min={0} unit="Milliseconds">
            <svelte:fragment slot="description">
                How long to wait after a request is approved/denied before minimizing
                the window to tray. Only applicable if the window was minimized
                to tray before the request was received.
            </svelte:fragment>
        </NumericSetting>
        <ToggleSetting title="Lock when idle" bind:value={config.auto_lock}>
            <svelte:fragment slot="description">
                Automatically lock Creddy after a period of inactivity.
            </svelte:fragment>
        </ToggleSetting>
        {#if config.auto_lock}
            <TimeSetting title="Idle timeout" bind:seconds={config.lock_after.secs}>
                <svelte:fragment slot="description">
-                    How long to wait before automatically locking.
+                    Start Creddy when you log in to your computer.
                </svelte:fragment>
-            </TimeSetting>
+            </ToggleSetting>
        {/if}
-        <Setting title="Update credentials">
+            <ToggleSetting title="Start minimized" bind:value={config.start_minimized}>
-            <Link slot="input" target="EnterCredentials">
+                <svelte:fragment slot="description">
-                <button class="btn btn-sm btn-primary">Update</button>
+                    Minimize to the system tray at startup.
-            </Link>
+                </svelte:fragment>
-            <svelte:fragment slot="description">
+            </ToggleSetting>
                Update or re-enter your encrypted credentials.
            </svelte:fragment>
        </Setting>
-        <FileSetting
+            <NumericSetting title="Re-hide delay" bind:value={config.rehide_ms} min={0} unit="Milliseconds">
-            title="Terminal emulator"
+                <svelte:fragment slot="description">
-            bind:value={config.terminal.exec}
+                    How long to wait after a request is approved/denied before minimizing
-        
+                    the window to tray. Only applicable if the window was minimized
-        >
+                    to tray before the request was received.
-            <svelte:fragment slot="description">
+                </svelte:fragment>
-                Choose your preferred terminal emulator (e.g. <code>gnome-terminal</code> or <code>wt.exe</code>.) May be an absolute path or an executable discoverable on <code>$PATH</code>.
+            </NumericSetting>
            </svelte:fragment>
        </FileSetting>
    </SettingsGroup>
-    <SettingsGroup name="Hotkeys">
+            <ToggleSetting title="Lock when idle" bind:value={config.auto_lock}>
-        <div class="space-y-4">
+                <svelte:fragment slot="description">
-            <p>Click on a keybinding to modify it. Use the checkbox to enable or disable a keybinding entirely.</p>
+                    Automatically lock Creddy after a period of inactivity.
                </svelte:fragment>
            </ToggleSetting>
-            <div class="grid grid-cols-[auto_1fr_auto] gap-y-3 items-center">
+            {#if config.auto_lock}
-                <Keybind description="Show Creddy" bind:value={config.hotkeys.show_window} />
+                <TimeSetting title="Idle timeout" bind:seconds={config.lock_after.secs}>
-                <Keybind description="Launch terminal" bind:value={config.hotkeys.launch_terminal} />
+                    <svelte:fragment slot="description">
                        How long to wait before automatically locking.
                    </svelte:fragment>
                </TimeSetting>
            {/if}
            <Setting title="Update passphrase">
                <Link slot="input" target="ChangePassphrase">
                    <button type="button" class="btn btn-sm btn-primary">Update</button>
                </Link>
                <svelte:fragment slot="description">
                    Change your master passphrase.
                </svelte:fragment>
            </Setting>
            <FileSetting
                title="Terminal emulator"
                bind:value={config.terminal.exec}
            >
                <svelte:fragment slot="description">
                    Choose your preferred terminal emulator (e.g. <code>gnome-terminal</code> or <code>wt.exe</code>.) May be an absolute path or an executable discoverable on <code>$PATH</code>.
                </svelte:fragment>
            </FileSetting>
        </SettingsGroup>
        <SettingsGroup name="Hotkeys">
            <div class="space-y-4">
                <p>Click on a keybinding to modify it. Use the checkbox to enable or disable a keybinding entirely.</p>
                <div class="grid grid-cols-[auto_1fr_auto] gap-y-3 items-center">
                    <Keybind description="Show Creddy" bind:value={config.hotkeys.show_window} />
                    <Keybind description="Launch terminal" bind:value={config.hotkeys.launch_terminal} />
                </div>
            </div>
-        </div>
+        </SettingsGroup>
    </SettingsGroup>
-    <p class="text-sm text-right">
+        <p class="text-sm text-right">
-        Creddy {$appState.appVersion}
+            Creddy {$appState.appVersion}
-    </p>
+        </p>
-</div>
+    </div>
 </form>
 {#if error}
    <div transition:fly={{y: 100, easing: backInOut, duration: 400}} class="toast">
--- a/src/views/Unlock.svelte
+++ b/src/views/Unlock.svelte
@ -1,85 +1,59 @@
 <script>
    import { invoke } from '@tauri-apps/api/core';
    import { emit } from '@tauri-apps/api/event';
-    import { onMount } from 'svelte';
+    import { onMount, createEventDispatcher } from 'svelte';
    import { appState } from '../lib/state.js';
    import { navigate } from '../lib/routing.js';
    import { getRootCause } from '../lib/errors.js';
    import ErrorAlert from '../ui/ErrorAlert.svelte';
    import Link from '../ui/Link.svelte';
    import PassphraseInput from '../ui/PassphraseInput.svelte';
    import ResetPassphrase from './passphrase/ResetPassphrase.svelte';
    import Spinner from '../ui/Spinner.svelte';
    import vaultDoorSvg from '../assets/vault_door.svg?raw';
-    let errorMsg = null;
+    const dispatch = createEventDispatcher();
    let alert;
    let passphrase = '';
-    let loadTime = 0;
+    
    let saving = false;
    async function unlock() {
-        // The hotkey for navigating here from homepage is Enter, which also
+        saving = true;
        // happens to trigger the form submit event
        if (Date.now() - loadTime < 10) {
            return;
        }
        try {
-            saving = true;
+            await alert.run(async () => invoke('unlock', {passphrase}));
-            let r = await invoke('unlock', {passphrase});
+            $appState.sessionStatus = 'unlocked';
-            $appState.credentialStatus = 'unlocked';
+            emit('unlocked');
-            emit('credentials-event', 'unlocked');
+            dispatch('unlocked');
            if ($appState.currentRequest) {
                navigate('Approve');
            }
            else {
                navigate('Home');
            }
        }
-        catch (e) {
+        finally {
            const root = getRootCause(e);
            if (e.code === 'GetSession' && root.code) {
                errorMsg = `Error response from AWS (${root.code}): ${root.msg}`;
            }
            else {
                errorMsg = e.msg;
            }
            // if the alert already existed, shake it
            if (alert) {
                alert.shake();
            }
            saving = false;
        }
    }
    function cancel() {
        emit('credentials-event', 'unlock-canceled');
        if ($appState.currentRequest !== null) {
            // dirty hack to prevent spurious error when returning to approve screen
            delete $appState.currentRequest.response;
            navigate('Approve');
        }
        else {
            navigate('Home');
        }
    }
    onMount(() => {
        loadTime = Date.now();
    })
 </script>
 <div class="fixed top-0 w-full p-2 text-center">
    <h1 class="text-3xl font-bold">Creddy is locked</h1>
 </div>
 <form action="#" on:submit|preventDefault="{unlock}" class="form-control space-y-4 max-w-sm m-auto p-4 h-screen justify-center">
-    <h2 class="font-bold text-2xl text-center">Enter your passphrase</h2>
+    <div class="mx-auto">
        {@html vaultDoorSvg}
    </div>
-    {#if errorMsg}
+    <label class="space-y-4">
-        <ErrorAlert bind:this="{alert}">{errorMsg}</ErrorAlert>
+        <h2 class="font-bold text-xl text-center">Please enter your passphrase</h2>
    {/if}
-    <!-- svelte-ignore a11y-autofocus -->
+        <ErrorAlert bind:this="{alert}" />
-    <input autofocus name="password" type="password" placeholder="correct horse battery staple" bind:value="{passphrase}" class="input input-bordered" />
+
        <!-- svelte-ignore a11y-autofocus -->
        <PassphraseInput autofocus="true" bind:value={passphrase} placeholder="correct horse battery staple" />
    </label>
    <button type="submit" class="btn btn-primary">
        {#if saving}
@ -89,7 +63,5 @@
        {/if}
    </button>
-    <Link target={cancel} hotkey="Escape">
+    <ResetPassphrase />
        <button class="btn btn-sm btn-outline w-full">Cancel</button>
    </Link>
 </form>
--- a/src/views/approve/CollectResponse.svelte
+++ b/src/views/approve/CollectResponse.svelte
@ -0,0 +1,91 @@
 <script>
    import { createEventDispatcher } from 'svelte';
    import { appState, cleanupRequest } from '../../lib/state.js';
    import Link from '../../ui/Link.svelte';
    import KeyCombo from '../../ui/KeyCombo.svelte';
    // Executable paths can be long, so ensure they only break on \ or /
    function breakPath(path) {
        return path.replace(/(\\|\/)/g, '$1<wbr>');
    }
    // Extract executable name from full path
    const client = $appState.currentRequest.client;
    const m = client.exe?.match(/\/([^/]+?$)|\\([^\\]+?$)/);
    const appName = m[1] || m[2];
    const dispatch = createEventDispatcher();
    function setResponse(approval, base) {
        $appState.currentRequest.response = {
            id: $appState.currentRequest.id,
            approval,
            base,
        };
        dispatch('response');
    }
 </script>
 {#if $appState.currentRequest?.base}
    <div class="alert alert-warning shadow-lg">
        <div>
            <svg xmlns="http://www.w3.org/2000/svg" class="stroke-current flex-shrink-0 h-6 w-6" fill="none" viewBox="0 0 24 24"><path stroke-linecap="round" stroke-linejoin="round" stroke-width="2" d="M12 9v2m0 4h.01m-6.938 4h13.856c1.54 0 2.502-1.667 1.732-3L13.732 4c-.77-1.333-2.694-1.333-3.464 0L3.34 16c-.77 1.333.192 3 1.732 3z" /></svg>
            <span>
                WARNING: This application is requesting your base AWS credentials. 
                These credentials are less secure than session credentials, since they don't expire automatically.
            </span>
        </div>
    </div>
 {/if}
 <div class="space-y-1 mb-4">
    <h2 class="text-xl font-bold">{appName ? `"${appName}"` : 'An appplication'} would like to access your AWS credentials.</h2>
    <div class="grid grid-cols-[auto_1fr] gap-x-3">
        <div class="text-right">Path:</div>
        <code class="">{@html client.exe ? breakPath(client.exe) : 'Unknown'}</code>
        <div class="text-right">PID:</div>
        <code>{client.pid}</code>
    </div>
 </div>
 <div class="w-full grid grid-cols-[1fr_auto] items-center gap-y-6">
        <!-- Don't display the option to approve with session credentials if base was specifically requested -->
        {#if !$appState.currentRequest?.base}
            <h3 class="font-semibold">
                Approve with session credentials
            </h3>
            <Link target={() => setResponse('Approved', false)} hotkey="Enter" shift={true}>
                <button class="w-full btn btn-success">
                    <KeyCombo keys={['Shift', 'Enter']} />
                </button>
            </Link>
        {/if}
        <h3 class="font-semibold">
            <span class="mr-2">
                {#if $appState.currentRequest?.base}
                    Approve
                {:else}
                    Approve with base credentials
                {/if}
            </span>
        </h3>
        <Link target={() => setResponse('Approved', true)} hotkey="Enter" shift={true} ctrl={true}>
            <button class="w-full btn btn-warning">
                <KeyCombo keys={['Ctrl', 'Shift', 'Enter']} />
            </button>
        </Link>
        <h3 class="font-semibold">
            <span class="mr-2">Deny</span>
        </h3>
        <Link target={() => setResponse('Denied', false)} hotkey="Escape">
            <button class="w-full btn btn-error">
                <KeyCombo keys={['Esc']} />
            </button>
        </Link>
 </div>
--- a/src/views/approve/ShowResponse.svelte
+++ b/src/views/approve/ShowResponse.svelte
@ -1,8 +1,7 @@
 <script>
    import { onMount } from 'svelte';
    import { draw, fade } from 'svelte/transition';
-    import { appState, cleanupRequest } from '../lib/state.js';
+    import { appState } from '../../lib/state.js';
    let success = false;
    let error = null;
@ -10,14 +9,6 @@
    let drawDuration = $appState.config.rehide_ms >= 750 ? 500 : 0;
    let fadeDuration = drawDuration * 0.6;
    let fadeDelay = drawDuration * 0.4;
    onMount(() => {
        window.setTimeout(
            cleanupRequest,
            // Extra 50ms so the window can finish disappearing before the redraw
            Math.min(5000, $appState.config.rehide_ms + 50),
        )
    })
 </script>
--- a/src/views/credentials/AwsCredential.svelte
+++ b/src/views/credentials/AwsCredential.svelte
@ -0,0 +1,155 @@
 <script>
    import { createEventDispatcher } from 'svelte';
    import { fade, slide } from 'svelte/transition';
    import { invoke } from '@tauri-apps/api/core';
    import ErrorAlert from '../../ui/ErrorAlert.svelte';
    import Icon from '../../ui/Icon.svelte';
    export let record;
    export let defaults;
    import PassphraseInput from '../../ui/PassphraseInput.svelte';
    const dispatch = createEventDispatcher();
    let showDetails = record.isNew ? true : false;
    let localName = name;
    let local = JSON.parse(JSON.stringify(record));
    $: isModified = JSON.stringify(local) !== JSON.stringify(record);
    // explicitly subscribe to updates to `default`, so that we can update
    // our local copy even if the component hasn't been recreated
    // (sadly we can't use a reactive binding because reasons I guess)
    defaults.subscribe(d => local.is_default = local.id === d[local.credential.type])
    let alert;
    async function saveCredential() {
        await invoke('save_credential', {record: local});
        dispatch('update');
        showDetails = false;
    }
    let deleteModal;
    function conditionalDelete() {
        if (!record.isNew) {
            deleteModal.showModal();
        }
        else {
            deleteCredential();
        }
    }
    async function deleteCredential() {
        try {
            if (!record.isNew) {
                await invoke('delete_credential', {id: record.id});
            }
            dispatch('update');
        }
        catch (e) {
            showDetails = true;
            // wait for showDetails to take effect and the alert to be rendered
            window.setTimeout(() => alert.setError(e), 0);
        }
    }
 </script>
 <div 
    transition:slide|local={{duration: record.isNew ? 300 : 0}}
    class="rounded-box space-y-4 bg-base-200 {record.is_default ? 'border border-accent' : ''}"
 >
    <div class="flex items-center px-6 py-4 gap-x-4">
        <h3 class="text-lg font-bold">{record.name || ''}</h3>
        {#if record.is_default}
            <span class="badge badge-accent">Default</span>
        {/if}
        <div class="join ml-auto">
            <button
                type="button"
                class="btn btn-outline join-item"
                on:click={() => showDetails = !showDetails}
            >
                <Icon name="pencil" class="size-6" />
            </button>
            <button
                type="button"
                class="btn btn-outline btn-error join-item"
                on:click={conditionalDelete}
            >
                <Icon name="trash" class="size-6" />
            </button>
        </div>
    </div>
    {#if showDetails}
        <form
            transition:slide|local={{duration: 200}}
            class=" px-6 pb-4 space-y-4"
            on:submit|preventDefault={() => alert.run(saveCredential)}
        >
            <ErrorAlert bind:this={alert} />
            <div class="grid grid-cols-[auto_1fr] items-center gap-4">
                {#if record.isNew}
                    <span class="justify-self-end">Name</span>
                    <input
                        type="text"
                        class="input input-bordered bg-transparent"
                        bind:value={local.name}
                    >
                {/if}
                <span class="justify-self-end">Key ID</span>
                <input
                    type="text"
                    class="input input-bordered font-mono bg-transparent"
                    bind:value={local.credential.AccessKeyId}
                >
                <span>Secret key</span>
                <div class="font-mono">
                    <PassphraseInput class="bg-transparent" bind:value={local.credential.SecretAccessKey} />
                </div>
            </div>
            <div class="flex justify-between">
                <label class="label cursor-pointer justify-self-start space-x-4">
                    <span class="label-text">Default AWS access key</span>
                    <input type="checkbox" class="toggle toggle-accent" bind:checked={local.is_default}>
                </label>
                {#if isModified}
                    <button
                        transition:fade={{duration: 100}}
                        type="submit"
                        class="btn btn-primary"
                        >
                            Save
                        </button>
                {/if}
            </div>
        </form>
    {/if}
    <dialog bind:this={deleteModal} class="modal">
        <div class="modal-box">
            <h3 class="text-lg font-bold">Delete AWS credential "{record.name}"?</h3>
            <div class="modal-action">
                <form method="dialog" class="flex gap-x-4">
                    <button class="btn btn-outline">Cancel</button>
                    <button 
                        autofocus
                        class="btn btn-error"
                        on:click={deleteCredential}
                    >Delete</button>
                </form>
            </div>
        </div>
    </dialog>
 </div>
--- a/src/views/passphrase/EnterPassphrase.svelte
+++ b/src/views/passphrase/EnterPassphrase.svelte
@ -0,0 +1,109 @@
 <script>
    import { createEventDispatcher } from 'svelte';
    import { invoke } from '@tauri-apps/api/core';
    import { appState } from '../../lib/state.js';
    import ErrorAlert from '../../ui/ErrorAlert.svelte';
    import Link from '../../ui/Link.svelte';
    import PassphraseInput from '../../ui/PassphraseInput.svelte';
    import ResetPassphrase from './ResetPassphrase.svelte';
    import Spinner from '../../ui/Spinner.svelte';
    export let cancellable = false;
    const dispatch = createEventDispatcher();
    let alert;
    let saving = false;
    let passphrase = '';
    let confirmPassphrase = '';
    // onChange only fires when an input loses focus, so always set the error if not set
    function onChange() {
        console.log(`onChange: passphrase=${passphrase}, confirmPassphrase=${confirmPassphrase}`)
        if (passphrase !== confirmPassphrase) {
            alert.setError('Passphrases do not match.');
        }
        else {
            alert.setError(null);
        }
    }
    // onInput fires on every keystroke, so only dismiss the error, don't create it
    function onInput() {
        console.log(`onInput: passphrase=${passphrase}, confirmPassphrase=${confirmPassphrase}`)
        if (passphrase === confirmPassphrase) {
            alert.setError(null);
        }
    }
    async function save() {
        if (passphrase !== confirmPassphrase) {
            return;
        }
        if (passphrase === '') {
            alert.setError('Passphrase is empty.')
            return;
        }
        saving = true;
        try {
            await alert.run(async () => {
                await invoke('set_passphrase', {passphrase})
                throw('something bad happened');
                $appState.sessionStatus = 'unlocked';
                dispatch('save');
            });
        }
        finally {
            saving = false;
        }
    }
 </script>
 <form class="form-control gap-y-4" on:submit|preventDefault={save}>
    <ErrorAlert bind:this={alert} />
    <label class="form-control w-full">
        <div class="label">
            <span class="label-text">Passphrase</span>
        </div>
        <PassphraseInput
            bind:value={passphrase}
            on:input={onInput}
            placeholder="correct horse battery staple"
        />
    </label>
    <label class="form-control w-full">
        <div class="label">
            <span class="label-text">Re-enter passphrase</span>
        </div>
        <PassphraseInput
            bind:value={confirmPassphrase}
            on:input={onInput} on:change={onChange}
            placeholder="correct horse battery staple"
        />
    </label>
    <button type="submit" class="btn btn-primary">
        {#if saving}
            <Spinner class="w-5 h-5" thickness="12"/>
        {:else}
            Submit
        {/if}
    </button>
    {#if cancellable}
        <Link target="Settings" hotkey="Escape">
            <button type="button" class="btn btn-outline btn-sm w-full">Cancel</button>
        </Link>
    {/if}
    {#if $appState.sessionStatus === 'locked'}
        <ResetPassphrase />
    {/if}
 </form>
--- a/src/views/passphrase/ResetPassphrase.svelte
+++ b/src/views/passphrase/ResetPassphrase.svelte
@ -0,0 +1,41 @@
 <script>
    import { invoke } from '@tauri-apps/api/core';
    import { appState } from '../../lib/state.js';
    import ErrorAlert from '../../ui/ErrorAlert.svelte';
    let modal;
    let alert;
    async function reset() {
        await invoke('reset_session');
        $appState.sessionStatus = 'empty';
    }
 </script>
 <button type="button" class="self-end text-sm text-secondary/75 hover:underline focus:ring-accent" on:click={modal.showModal()}>
    Reset passphrase
 </button>
 <dialog class="modal" bind:this={modal}>
    <div class="modal-box space-y-6">
        <ErrorAlert bind:this={alert} />
        <h3 class="text-lg font-bold">Delete all credentials?</h3>
        <div class="space-y-2">
            <p>Credentials are encrypted with your current passphrase and will be lost if the passphrase is reset.</p>
            <p>Are you sure you want to reset your passphrase and delete all saved credentials?</p>
        </div>
        <div class="modal-action">
            <form method="dialog" class="flex gap-x-4">
                <button autofocus class="btn btn-outline">Cancel</button>
                <button class="btn btn-error" on:click|preventDefault={() => alert.run(reset)}>
                    Reset
                </button>
            </form>
        </div>
    </div>
 </dialog>
--- a/tailwind.config.js
+++ b/tailwind.config.js
@ -10,4 +10,40 @@ module.exports = {
  plugins: [
    require('daisyui'),
  ],
  daisyui: {
    themes: [
      {
        creddy: {
          "primary": "#0ea5e9",
          "secondary": "#fb923c",
          "accent": "#8b5cf6",
          "neutral": "#2f292c",
          "base-100": "#252e3a",
          "info": "#66cccc",
          "success": "#52bf73",
          "warning": "#d1a900",
          "error": "#f87171",
        },
      },
      {
        "summer-night": {
          "primary": "#0ea5e9",
          "secondary": "#0ea5e9",
          "accent": "#fb923c",
          "neutral": "#393939",
          "base-100": "#2d2d2d",
          "info": "#66cccc",
          "success": "#22c55e",
          "warning": "#d1a900",
          "error": "#f2777a"
        },
      },
      "dark",
      "night",
      "dracula",
      "sunset",
      "dim",
      "light"
    ]
  },
 }
Author	SHA1	Message	Date
Joseph Montanaro	acc5c71bfa	rework error alerts	2024-06-28 20:35:18 -04:00
Joseph Montanaro	504c0b4156	add passphrase reset	2024-06-28 11:19:52 -04:00
Joseph Montanaro	bf0a2ca72d	finish manage-credentials page and rework home screen	2024-06-28 06:25:55 -04:00
Joseph Montanaro	bb980c5eef	continue working on default credentials	2024-06-26 22:24:44 -04:00
Joseph Montanaro	ce7d75f15a	almost finish refactoring PersistentCredential trait	2024-06-26 15:01:07 -04:00
Joseph Montanaro	37b44ddb2e	start refactoring for default credentials	2024-06-26 11:10:50 -04:00