Replace API Service with Direct Script Execution

[DavidJayMartin]

Issue Description

The current plugin architecture requires users to manually start and maintain a separate Python API service (outlook_events_api.py) running on localhost:5000. This creates several usability barriers that prevent adoption by less technical users.

Current Pain Points

• Manual Service Management: Users must remember to start the Python service before using the plugin
• Process Management: Service can crash or stop without clear indication to the user
• Technical Complexity: Many potential users find managing a separate API service intimidating
• Port Conflicts: localhost:5000 might conflict with other services
• Startup Dependencies: Plugin fails silently if service isn't running

Proposed Solution

Replace the Flask API service architecture with direct script execution:

New Architecture

• Direct Execution: Plugin calls a Python script directly using Node.js child process execution
• Self-Contained: Single Python script that returns JSON data and exits
• No Service Management: Eliminates the need for users to manage a running service
• Error Handling: Direct feedback from script execution for better error reporting

Implementation Approach

• Convert outlook_events_api.py from a Flask service to a command-line script
• Accept date and configuration parameters as command-line arguments
• Return event data as JSON to stdout
• Use Logseq plugin's ability to execute system commands or child processes
• Maintain the same data format and functionality

Technical Challenges

Electron Limitations

• Previous Experience: Initial attempts at child process execution failed due to Electron runtime limitations
• Node.js Availability: The Electron service/Node.js runtime may not be available in the Logseq plugin context
• Workarounds Needed: Research indicates there may be ways around these limitations, but they require investigation
• API Access: May need to use specific Logseq APIs or electron APIs to enable process execution

Security Considerations

• Code Injection: Direct script execution opens potential attack vectors for command injection
• Path Traversal: Malicious users could potentially execute arbitrary scripts
• Privilege Escalation: Script execution runs with user privileges, potentially allowing system access
• Input Validation: All parameters passed to the script must be rigorously validated
• Sandboxing: Consider running scripts in a restricted environment

Research Required

Electron/Logseq Integration

• Investigate current Logseq plugin APIs for process execution
• Test child_process availability in Logseq's Electron context
• Research alternative approaches (IPC, native modules, etc.)
• Evaluate Logseq's security sandbox and restrictions

Security Mitigation

• Implement strict input validation and sanitization
• Research script execution sandboxing options
• Consider signed/verified script execution
• Evaluate risk vs. usability tradeoffs

User Impact

Benefits

• Simplified Setup: Users only need to install Python dependencies once
• No Service Management: Eliminates the need to start/stop/manage the API service
• Better Error Messages: Direct script output provides clearer error feedback
• Reduced Complexity: One less thing for users to understand and maintain

Potential Drawbacks

• Security Risks: Direct script execution introduces potential security vulnerabilities
• Technical Complexity: Implementation may be more complex than anticipated
• Platform Differences: Electron behavior may vary across Windows/macOS
• Startup Latency: Script initialization on each call vs. persistent service

Alternative Approaches

If direct script execution proves unfeasible or too risky:

• Background Service Manager: Create a plugin that automatically manages the API service lifecycle
• Native Module: Develop a native Node.js module that interfaces with Outlook directly
• File-Based Communication: Script writes to temp files, plugin reads results

Acceptance Criteria

• Research and resolve Electron/Node.js child process limitations in Logseq
• Implement secure script execution with proper input validation
• Convert Flask API service to standalone command-line script
• Maintain all existing functionality (event fetching, meeting links, etc.)
• Cross-platform compatibility (Windows and macOS)
• Address security concerns with appropriate safeguards
• Clear error handling and user feedback
• Updated installation instructions (no service management required)
• Security review of implementation
• Performance acceptable for typical use cases