export function useVault() {
  // C-2: No more manual Authorization headers — httpOnly cookie sent automatically

  // SSH Keys
  async function listKeys() {
    return $fetch('/api/ssh-keys')
  }
  async function importKey(data: { name: string; privateKey: string; passphrase?: string; publicKey?: string }) {
    return $fetch('/api/ssh-keys', { method: 'POST', body: data })
  }
  async function deleteKey(id: number) {
    return $fetch(`/api/ssh-keys/${id}`, { method: 'DELETE' })
  }

  // Credentials
  async function listCredentials() {
    return $fetch('/api/credentials')
  }
  async function createCredential(data: any) {
    return $fetch('/api/credentials', { method: 'POST', body: data })
  }
  async function updateCredential(id: number, data: any) {
    return $fetch(`/api/credentials/${id}`, { method: 'PUT', body: data })
  }
  async function deleteCredential(id: number) {
    return $fetch(`/api/credentials/${id}`, { method: 'DELETE' })
  }

  return {
    listKeys, importKey, deleteKey,
    listCredentials, createCredential, updateCredential, deleteCredential,
  }
}