sc/sgard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
b9b9082008424b7610ef6d7cf2bbcb47d1ea697d
sgard/CLAUDE.md
Kyle Isom 490db0599c Step 25: Real FIDO2 hardware key support. 
HardwareFIDO2 implements FIDO2Device via go-libfido2 (CGo bindings to
Yubico's libfido2). Gated behind //go:build fido2 tag to keep default
builds CGo-free. Nix flake adds sgard-fido2 package variant.

CLI changes: --fido2-pin flag, unlockDEK helper tries FIDO2 first,
add-fido2/encrypt init --fido2 use real hardware, auto-unlock added
to restore/checkpoint/diff for encrypted entries.

Tested manually: add-fido2, add --encrypt, restore, checkpoint, diff
all work with hardware FIDO2 key (touch-to-unlock, no passphrase).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 12:40:46 -07:00

79 lines
2.5 KiB
Markdown
Raw Blame History

# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Critical: Keep Project Docs Updated
Any change to the codebase MUST be reflected in these files:
- **ARCHITECTURE.md** — design decisions, data model, package structure
- **PROJECT_PLAN.md** — implementation steps; check off completed items
- **PROGRESS.md** — current status, change log; update after completing any step
If another agent or engineer picks this up later, these files are how they
resume. Keeping them accurate is not optional.
## Project
sgard (Shimmering Clarity Gardener) — a dotfiles manager.
Module: `github.com/kisom/sgard`. Author: K. Isom <kyle@imap.cc>.
## Build
```bash
go build ./... # both sgard and sgardd
go build -tags fido2 ./... # with real FIDO2 hardware support (requires libfido2)
```
Nix:
```bash
nix build .#sgard # builds both binaries (no CGo)
nix build .#sgard-fido2 # with FIDO2 hardware support (links libfido2)
```
Run tests:
```bash
go test ./...
```
Lint:
```bash
golangci-lint run ./...
```
Regenerate proto (requires protoc toolchain):
```bash
make proto
```
## Dependencies
- `gopkg.in/yaml.v3` — manifest serialization
- `github.com/spf13/cobra` — CLI framework
- `github.com/jonboulle/clockwork` — injectable clock for deterministic tests
- `google.golang.org/grpc` — gRPC runtime
- `google.golang.org/protobuf` — protobuf runtime
- `golang.org/x/crypto` — SSH key auth (ssh, ssh/agent), Argon2id, XChaCha20-Poly1305
- `github.com/golang-jwt/jwt/v5` — JWT token auth
- `github.com/keys-pub/go-libfido2` — FIDO2 hardware key support (build tag `fido2`, requires libfido2)
## Package Structure
```
cmd/sgard/ CLI entry point (cobra commands, pure wiring)
cmd/sgardd/ gRPC server daemon
garden/ Core business logic (Garden struct, encryption, FIDO2 hardware via build tags)
manifest/ YAML manifest parsing (Manifest/Entry structs, Load/Save)
store/ Content-addressable blob storage (SHA-256 keyed)
server/ gRPC server (RPC handlers, JWT/SSH auth interceptor, proto conversion)
client/ gRPC client library (Push, Pull, Prune, token auth with auto-renewal)
sgardpb/ Generated protobuf + gRPC Go code
```
Key rule: all logic lives in `garden/`. The `cmd/` layer only parses flags
and calls `Garden` methods. The `server` wraps `Garden` as gRPC endpoints.
No logic duplication.
Each garden operation lives in its own file (`garden/<op>.go`) to minimize
merge conflicts during parallel development.
Reference in New Issue View Git Blame Copy Permalink