feat(launcher): thin primitive architecture + run_osascript hardening

- file_handlers: add script_template param to native:launch-from-cache
  (AppleScript or shell: prefix; falls back to hardcoded defaults when null)
- file_handlers: add native:copy-from-cache-to-temp as composable primitive
  (copies cached file to temp, returns path — caller handles launch logic)
- shell_handlers: harden native:run-osascript with temp .scpt file approach
  (replaces -e flag; handles multi-line scripts and paths with special chars)
- README: rewrite Native Bridge section — full method table, composable
  pattern example, configurable launch scripts note
- deploy/devices.conf: update IPs for devices 03-06, uncomment entries

src/main/file_handlers.ts

@@ -101,7 +101,7 @@ export function registerFileHandlers() {
     }
   });
 
-  ipcMain.handle('native:launch-from-cache', async (event, { cache_root, hash, temp_root, filename, hash_prefix_length = 2 }) => {
+  ipcMain.handle('native:launch-from-cache', async (event, { cache_root, hash, temp_root, filename, hash_prefix_length = 2, script_template = null }) => {
     try {
       const source = get_organized_hashed_path(cache_root, hash, hash_prefix_length);
       const expanded_temp = expandPath(temp_root);
@@ -114,11 +114,45 @@ export function registerFileHandlers() {
       // 1. Copy the file to temp folder with original name
       fs.copyFileSync(source, target);
 
-      // 2. Determine file type
+      // 2a. Data-driven script override (no rebuild needed for script changes).
+      //     Set via event_device.data_json.launch_scripts or $events_loc.launcher.launch_scripts.
+      //     Format: AppleScript string with {{path}} placeholder, OR "shell:<cmd> {{path}}"
+      if (script_template) {
+        const resolved = (script_template as string).replace(/\{\{path\}\}/g, target);
+        if (resolved.startsWith('shell:')) {
+          const cmd = resolved.slice(6).trim();
+          console.log(`Native: Running custom shell script for ${filename}`);
+          return new Promise((resolve_fn) => {
+            exec(cmd, (err, stdout, stderr) => {
+              if (err) resolve_fn({ success: false, error: err.message, stderr: stderr.trim() });
+              else resolve_fn({ success: true, stdout: stdout.trim() });
+            });
+          });
+        } else {
+          // Treat as AppleScript — write to temp .scpt file (same hardened approach used below)
+          console.log(`Native: Running custom AppleScript for ${filename}`);
+          const tmp_script_path = path.join(os.tmpdir(), `ae_launch_${Date.now()}.scpt`);
+          return new Promise((resolve_fn) => {
+            try {
+              fs.writeFileSync(tmp_script_path, resolved.trim());
+            } catch (e: any) {
+              resolve_fn({ success: false, error: `Failed to write AppleScript temp file: ${e.message}` });
+              return;
+            }
+            exec(`osascript "${tmp_script_path}"`, (err) => {
+              try { fs.unlinkSync(tmp_script_path); } catch {}
+              if (err) resolve_fn({ success: false, error: err.message });
+              else resolve_fn({ success: true });
+            });
+          });
+        }
+      }
+
+      // 2b. Determine file type (legacy hardcoded launch logic — used when no script_template provided)
       const ext = path.extname(filename).toLowerCase().replace('.', '');
       const is_pres = ['pptx', 'ppt', 'key', 'pdf', 'odp'].includes(ext);
 
-      // 3. Optimized Launch (LibreOffice / AppleScript)
+      // 3. Hardcoded launch (legacy — still the default when no script_template is configured)
       if (is_pres) {
         if (os.platform() === 'linux') {
           console.log(`Native: Launching LibreOffice (--impress) for ${target}`);
@@ -183,4 +217,33 @@ export function registerFileHandlers() {
       return { success: false, error: error.message };
     }
   });
+
+  // Thin primitive: copy a cached file to the temp directory with its original filename,
+  // then return the resolved path. The caller (Svelte side) decides what to do next —
+  // run_osascript, run_cmd, open_local_file, etc.
+  //
+  // This is the preferred building block for custom launch flows. Use launch_from_cache
+  // when the built-in hardcoded logic is sufficient; use copy_from_cache_to_temp when
+  // you want full control over what happens after the file lands in temp.
+  ipcMain.handle('native:copy-from-cache-to-temp', async (event, { cache_root, hash, temp_root, filename, hash_prefix_length = 2 }) => {
+    try {
+      const source = get_organized_hashed_path(cache_root, hash, hash_prefix_length);
+
+      if (!fs.existsSync(source)) {
+        return { success: false, error: `File not in cache: ${hash}` };
+      }
+
+      const expanded_temp = expandPath(temp_root);
+      const target = path.join(expanded_temp, filename);
+
+      if (!fs.existsSync(expanded_temp)) fs.mkdirSync(expanded_temp, { recursive: true });
+
+      fs.copyFileSync(source, target);
+      console.log(`Native: Copied from cache to temp -> ${target}`);
+
+      return { success: true, path: target };
+    } catch (error: any) {
+      return { success: false, error: error.message };
+    }
+  });
 }

src/main/shell_handlers.ts

@@ -1,6 +1,7 @@
 import { ipcMain, shell } from 'electron';
 import { exec, execSync } from 'child_process';
 import * as fs from 'fs';
+import * as path from 'path';
 import * as os from 'os';
 import { expandPath } from './file_utils';
 
@@ -32,10 +33,27 @@ export function registerShellHandlers() {
 
   ipcMain.handle('native:run-osascript', async (event, script: string) => {
     if (os.platform() !== 'darwin') return { success: false, error: 'AppleScript is only available on macOS' };
-    const escapedScript = script.replace(/"/g, '\"');
-    const cmd = `osascript -e "${escapedScript}"`;
+
+    // HARDENED: Write script to a temp .scpt file rather than passing inline via -e.
+    // The old -e approach (`osascript -e "..."`) has two fatal flaws:
+    //   1. It breaks on multi-line scripts.
+    //   2. It breaks on paths containing spaces or special characters (quotes, parens, etc.)
+    // Writing to a file sidesteps both — no shell escaping needed at all.
+    // The .scpt file is deleted immediately after execution (success or failure).
+    // Worst case on crash: a stale .scpt in /tmp, cleared on next OS reboot.
+    //
+    // LEGACY (removed): const cmd = `osascript -e "${script.replace(/"/g, '\\"')}"`;
+
+    const tmp_script_path = path.join(os.tmpdir(), `ae_osa_${Date.now()}.scpt`);
     return new Promise((resolve) => {
-      exec(cmd, (error, stdout, stderr) => {
+      try {
+        fs.writeFileSync(tmp_script_path, script.trim());
+      } catch (e: any) {
+        resolve({ success: false, error: `Failed to write AppleScript temp file: ${e.message}` });
+        return;
+      }
+      exec(`osascript "${tmp_script_path}"`, (error, stdout, stderr) => {
+        try { fs.unlinkSync(tmp_script_path); } catch {}
         resolve({ success: !error, stdout: stdout.trim(), stderr: stderr.trim(), error: error ? error.message : null });
       });
     });
@@ -45,8 +63,8 @@ export function registerShellHandlers() {
     console.log(`Native: Killing processes -> `, process_name_li);
     const results = [];
     for (const name of process_name_li) {
-      const cmd = os.platform() === 'win32' 
-        ? `taskkill /F /IM ${name} /T` 
+      const cmd = os.platform() === 'win32'
+        ? `taskkill /F /IM ${name} /T`
         : `pkill -f ${name}`;
       try {
         execSync(cmd);
@@ -117,7 +135,7 @@ export function registerShellHandlers() {
 
   ipcMain.handle('native:control-presentation', async (event, { app, action }) => {
     if (os.platform() !== 'darwin') return { success: false, error: 'Presentation control is only available on macOS' };
-    
+
     let script = '';
     if (app === 'powerpoint') {
       switch (action) {