sc/sgard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
69 Commits 1 Branch 18 Tags
e37e78888534fcdc2e7b267a7435c1abdfccad0b
Commit Graph

5 Commits

Author SHA1 Message Date
Kyle Isom
490db0599c Step 25: Real FIDO2 hardware key support. 
HardwareFIDO2 implements FIDO2Device via go-libfido2 (CGo bindings to
Yubico's libfido2). Gated behind //go:build fido2 tag to keep default
builds CGo-free. Nix flake adds sgard-fido2 package variant.

CLI changes: --fido2-pin flag, unlockDEK helper tries FIDO2 first,
add-fido2/encrypt init --fido2 use real hardware, auto-unlock added
to restore/checkpoint/diff for encrypted entries.

Tested manually: add-fido2, add --encrypt, restore, checkpoint, diff
all work with hardware FIDO2 key (touch-to-unlock, no passphrase).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 12:40:46 -07:00
Kyle Isom
7accc6cac6 Step 20: Encryption polish — e2e test, docs, flake. 
E2e encryption test: full lifecycle covering init, add encrypted +
plaintext, checkpoint, modify, status (no DEK needed), re-checkpoint,
restore, verify, re-open with unlock, diff, slot management, passphrase
change, old passphrase rejection.

Docs updated:
- ARCHITECTURE.md: package structure (encrypt.go, encrypt_fido2.go,
  encrypt CLI), Garden struct (dek field, encryption methods), auth.go
  descriptions updated for JWT
- README.md: encryption commands table, encryption section with usage
- CLAUDE.md: added jwt/argon2/chacha20 deps, encryption file mentions

flake.nix: vendorHash updated for new deps.

Phase 3 complete.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 09:34:05 -07:00
Kyle Isom
5f1bc4e14c Step 16: Polish — docs, flake, goreleaser, e2e test. 
Phase 2 complete.

ARCHITECTURE.md: full rewrite covering gRPC protocol, SSH auth,
updated package structure, all Garden methods, design decisions.
README.md: add remote sync section, mirror/prune commands, sgardd usage.
CLAUDE.md: add gRPC/proto/x-crypto deps, server/client/sgardpb packages.
flake.nix: build both sgard + sgardd, updated vendorHash.
goreleaser: add sgardd build target.
E2e test: full push/pull cycle with SSH auth between two clients.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-24 00:10:04 -07:00
Kyle Isom
0113703908 Step 9: Proto definitions and gRPC code generation. 
Define GardenSync service with 5 RPCs: PushManifest, PushBlobs,
PullManifest, PullBlobs, Prune. Messages for manifest, entries,
blob chunks (64 KiB streaming), and push/pull protocol flow.

Generated Go code in sgardpb/. Added Makefile proto target, gRPC +
protobuf + x/crypto deps, protoc tools to flake devShell.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 23:12:10 -07:00
Kyle Isom
8953090718 Add Nix flake for building and installing on NixOS. 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-23 22:32:10 -07:00