vestige/crates/vestige-core/src
Sam Valladares b8212feb15 feat(cloud-sync): zero-knowledge client-side encryption (XChaCha20-Poly1305)
The portable archive is encrypted on the client before upload and decrypted
after download, so the hosted service only ever stores ciphertext — true
zero-knowledge. The passphrase (VESTIGE_CLOUD_ENCRYPTION_KEY) is independent
of the bearer sync key and never leaves the device.

- new cloud_crypto module: Argon2id KDF + XChaCha20-Poly1305 AEAD, self-
  describing envelope (MAGIC|version|salt|nonce|ciphertext+tag)
- HttpPortableSyncBackend encrypts on write / decrypts on read; transparent
  upgrade of legacy plaintext archives; clear error if remote is encrypted
  but no passphrase is set
- sync_portable_archive_cloud takes optional encryption_key
- CLI surfaces encryption status (on/off) on sync
- 6 crypto tests (roundtrip, wrong-key, tamper detection, non-determinism,
  envelope detection); E2E verified: server blob is ciphertext, passphrase
  device recovers, no-passphrase device cannot decrypt

491 core tests green, clippy -D warnings clean.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-19 21:19:16 -05:00
..
advanced fix: make windows release build and add manual rerun path 2026-06-18 23:39:38 -05:00
codebase fix(clippy): Rust 1.95 compatibility — sort_by_key + collapsible_match 2026-04-19 21:11:49 -05:00
connectors feat(connectors): add Redmine and source filters (#57) 2026-06-19 02:21:25 -05:00
consolidation feat(connectors): external-source connector layer + GitHub Issues (#57) 2026-06-19 01:21:59 -05:00
embedder Make fastembed smoke tests tolerate unavailable model 2026-06-18 20:29:02 -05:00
embeddings Harden old CPU fallback paths (#71) 2026-06-18 21:54:04 -05:00
fsrs feat(v2.0.5): Intentional Amnesia — active forgetting via top-down inhibitory control 2026-04-14 17:30:30 -05:00
memory feat(connectors): external-source connector layer + GitHub Issues (#57) 2026-06-19 01:21:59 -05:00
neuroscience chore: remove 3,091 LOC of orphan code + fix ghost env-var docs 2026-04-23 03:18:53 -05:00
search feat(v2.0.5): Intentional Amnesia — active forgetting via top-down inhibitory control 2026-04-14 17:30:30 -05:00
storage feat(cloud-sync): zero-knowledge client-side encryption (XChaCha20-Poly1305) 2026-06-19 21:19:16 -05:00
config.rs fix: make windows release build and add manual rerun path 2026-06-18 23:39:38 -05:00
fts.rs v2.1.2 Honest Memory 2026-05-06 02:22:24 -05:00
lib.rs feat(cloud-sync): HTTP managed-sync backend + vestige sync --cloud 2026-06-19 20:35:01 -05:00