Step 20: Encryption polish — e2e test, docs, flake.

E2e encryption test: full lifecycle covering init, add encrypted + plaintext, checkpoint, modify, status (no DEK needed), re-checkpoint, restore, verify, re-open with unlock, diff, slot management, passphrase change, old passphrase rejection. Docs updated: - ARCHITECTURE.md: package structure (encrypt.go, encrypt_fido2.go, encrypt CLI), Garden struct (dek field, encryption methods), auth.go descriptions updated for JWT - README.md: encryption commands table, encryption section with usage - CLAUDE.md: added jwt/argon2/chacha20 deps, encryption file mentions flake.nix: vendorHash updated for new deps. Phase 3 complete. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 09:34:05 -07:00
parent 76a53320c1
commit 7accc6cac6
7 changed files with 287 additions and 16 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -19,7 +19,7 @@
            src = pkgs.lib.cleanSource ./.;
            subPackages = [ "cmd/sgard" "cmd/sgardd" ];

-            vendorHash = "sha256-6tLNIknbxrRWYKo5x7yMX6+JDJxbF5l2WBIxXaF7OZ4=";
+            vendorHash = "sha256-0YpP1YfpAIAgY8k+7DlWosYN6MT5a2KLtNhQFvKT7pM=";

            ldflags = [ "-s" "-w" ];