sgard

sc/sgard

Fork 0

Commit Graph

Author	SHA1	Message	Date
Kyle Isom	490db0599c	Step 25: Real FIDO2 hardware key support. HardwareFIDO2 implements FIDO2Device via go-libfido2 (CGo bindings to Yubico's libfido2). Gated behind //go:build fido2 tag to keep default builds CGo-free. Nix flake adds sgard-fido2 package variant. CLI changes: --fido2-pin flag, unlockDEK helper tries FIDO2 first, add-fido2/encrypt init --fido2 use real hardware, auto-unlock added to restore/checkpoint/diff for encrypted entries. Tested manually: add-fido2, add --encrypt, restore, checkpoint, diff all work with hardware FIDO2 key (touch-to-unlock, no passphrase). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-24 12:40:46 -07:00
Kyle Isom	c552a3657f	Step 6: Restore with timestamp logic and confirm callback. Restore writes tracked files back to their original locations. Supports selective path restoration, force mode, and a confirm callback for files where the on-disk mtime >= manifest timestamp (truncated to seconds for cross-platform reliability). Creates parent directories, recreates symlinks, and sets file permissions. CLI: sgard restore [path...] [--force]. 6 new tests (file, permissions, symlink, parent dirs, selective, confirm skip). Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-23 21:41:53 -07:00

Author

SHA1

Message

Date

Kyle Isom

490db0599c

Step 25: Real FIDO2 hardware key support.

HardwareFIDO2 implements FIDO2Device via go-libfido2 (CGo bindings to
Yubico's libfido2). Gated behind //go:build fido2 tag to keep default
builds CGo-free. Nix flake adds sgard-fido2 package variant.

CLI changes: --fido2-pin flag, unlockDEK helper tries FIDO2 first,
add-fido2/encrypt init --fido2 use real hardware, auto-unlock added
to restore/checkpoint/diff for encrypted entries.

Tested manually: add-fido2, add --encrypt, restore, checkpoint, diff
all work with hardware FIDO2 key (touch-to-unlock, no passphrase).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-24 12:40:46 -07:00

Kyle Isom

c552a3657f

Step 6: Restore with timestamp logic and confirm callback.

Restore writes tracked files back to their original locations.
Supports selective path restoration, force mode, and a confirm
callback for files where the on-disk mtime >= manifest timestamp
(truncated to seconds for cross-platform reliability). Creates
parent directories, recreates symlinks, and sets file permissions.

CLI: sgard restore [path...] [--force].
6 new tests (file, permissions, symlink, parent dirs, selective, confirm skip).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-23 21:41:53 -07:00

2 Commits