sc/sgard
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
v2.0.0
sgard/PROGRESS.md
Kyle Isom 7accc6cac6 Step 20: Encryption polish — e2e test, docs, flake. 
E2e encryption test: full lifecycle covering init, add encrypted +
plaintext, checkpoint, modify, status (no DEK needed), re-checkpoint,
restore, verify, re-open with unlock, diff, slot management, passphrase
change, old passphrase rejection.

Docs updated:
- ARCHITECTURE.md: package structure (encrypt.go, encrypt_fido2.go,
  encrypt CLI), Garden struct (dek field, encryption methods), auth.go
  descriptions updated for JWT
- README.md: encryption commands table, encryption section with usage
- CLAUDE.md: added jwt/argon2/chacha20 deps, encryption file mentions

flake.nix: vendorHash updated for new deps.

Phase 3 complete.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-24 09:34:05 -07:00

5.4 KiB
Raw Permalink Blame History

PROGRESS.md

Tracks implementation status. See PROJECT_PLAN.md for the full plan and ARCHITECTURE.md for design details.

If you are picking this up mid-implementation, read this file first.

Current Status

Phase: Phase 3 complete (Steps 1720). Encryption fully implemented.

Last updated: 2026-03-24

Completed Steps

  • Step 1: Project Scaffolding — removed old C++ files and .trunk/ config, initialized Go module, added cobra + yaml.v3 deps, created package dirs, set up cobra root command with --repo flag.
  • Step 2: Manifest PackageManifest and Entry structs with YAML tags, New(), Load(path), and Save(path) with atomic write. 5 tests.
  • Step 3: Store Package — content-addressable blob store with SHA-256 keying. New(), Write(), Read(), Exists(), Delete() with atomic writes, hash validation, and two-level directory layout. 11 tests.
  • Step 4: Garden Core — Init and AddGarden struct tying manifest + store, Init(), Open(), Add() handling files/dirs/symlinks, HashFile(), tilde path conversion, CLI init and add commands. 8 tests.
  • Step 5: Checkpoint and StatusCheckpoint() re-hashes all tracked files, stores changed blobs, updates timestamps. Status() reports ok/modified/missing per entry. CLI checkpoint (with -m flag) and status commands. 4 tests.
  • Step 6: RestoreRestore() with selective paths, force mode, confirm callback, timestamp-based auto-restore, parent dir creation, symlink support, file permission restoration. CLI restore with --force flag. 6 tests.
  • Step 7: Remaining Commands — Remove (2 tests), Verify (3 tests), List (2 tests), Diff (3 tests). Each in its own file to enable parallel development. All CLI commands wired up.
  • Step 8: Polish — golangci-lint config, all lint issues fixed, clockwork clock abstraction injected into Garden, e2e lifecycle test, docs updated.

In Progress

(none)

Up Next

Phase 3 complete. Future: TLS transport, shell completions, manifest signing, real FIDO2 hardware binding.

Known Issues / Decisions Deferred

  • Manifest signing: deferred — trust model (which key signs, how do pulling clients verify) needs design.
  • DEK rotation: sgard encrypt rotate-dek (re-encrypt all blobs) deferred to future work.
  • FIDO2 testing: hardware-dependent, may need mocks or CI skip.

Change Log

Date Step Summary
2026-03-23 Design phase complete. ARCHITECTURE.md and PROJECT_PLAN.md written.
2026-03-23 1 Scaffolding complete. Old C++ removed, Go module initialized, cobra root command.
2026-03-23 2 Manifest package complete. Structs, Load/Save with atomic write, full test suite.
2026-03-23 3 Store package complete. Content-addressable blob store, 11 tests.
2026-03-23 4 Garden core complete. Init, Open, Add with file/dir/symlink support, CLI commands. 8 tests.
2026-03-23 5 Checkpoint and Status complete. Re-hash, store changed blobs, status reporting. 4 tests.
2026-03-23 6 Restore complete. Selective paths, force/confirm, timestamp logic, symlinks, permissions. 6 tests.
2026-03-23 7 Remaining commands complete. Remove, Verify, List, Diff — 10 tests across 4 parallel units.
2026-03-23 8 Polish complete. golangci-lint, clockwork, e2e test, doc updates.
2026-03-23 README, goreleaser config, version command, Nix flake, homebrew formula, release pipeline validated (v0.1.0v0.1.2).
2026-03-23 v1.0.0 released. Docs updated for release.
2026-03-23 9 Proto definitions: 5 RPCs (Push/Pull manifest+blobs, Prune), generated sgardpb, Makefile, deps added.
2026-03-23 10 Garden accessor methods: GetManifest, BlobExists, ReadBlob, WriteBlob, ReplaceManifest. 5 tests.
2026-03-23 11 Proto-manifest conversion: ManifestToProto/ProtoToManifest with round-trip tests.
2026-03-23 12 gRPC server: 5 RPC handlers (push/pull manifest+blobs, prune), bufconn tests, store.List.
2026-03-23 12b Directory recursion in Add, mirror up/down commands, 7 tests.
2026-03-23 13 Client library: Push, Pull, Prune with chunked blob streaming. 6 integration tests.
2026-03-23 14 SSH key auth: server interceptor (authorized_keys, signature verification), client PerRPCCredentials (ssh-agent/key file). 8 tests including auth integration.
2026-03-24 15 CLI wiring: push, pull, prune commands, sgardd daemon binary, --remote/--ssh-key flags, local prune with 2 tests.
2026-03-24 16 Polish: updated all docs, flake.nix (sgardd + vendorHash), goreleaser (both binaries), e2e push/pull test with auth.
2026-03-24 JWT token auth implemented (transparent auto-renewal, XDG token cache, ReauthChallenge fast path).
2026-03-24 Phase 3 encryption design: selective per-file encryption, KEK slots (passphrase + fido2/label), manifest-embedded config.
2026-03-24 17 Encryption core: Argon2id KEK, XChaCha20 DEK wrap/unwrap, selective per-file encrypt in Add/Checkpoint/Restore/Diff/Status. 10 tests.
2026-03-24 18 FIDO2: FIDO2Device interface, AddFIDO2Slot, unlock resolution (fido2 first → passphrase fallback), mock device, 6 tests.
2026-03-24 19 Encryption CLI: encrypt init/add-fido2/remove-slot/list-slots/change-passphrase, --encrypt on add, proto + convert updates.
2026-03-24 20 Polish: encryption e2e test, all docs updated, flake vendorHash updated.
Reference in New Issue View Git Blame Copy Permalink