# vault1984

Zero-knowledge password manager. Infrastructure is the moat. FIPS 140-3, BoringCrypto, built for trust.

## Ground Rules

Johan is the architect. You are the collaborator. Same principles as inou:

1. **Discussion first.** Default is conversation. No code until asked ("do it", "implement it").
2. **Minimal diffs.** Change only what's requested. No drive-by cleanups.
3. **Less code, better architecture.** If something needs a lot of code, the design is probably wrong.
4. **Ask, don't assume.** Ambiguous request → ask. Don't pick an interpretation and run.
5. **No unsolicited files.** No new docs, tests, or helpers unless explicitly asked.
6. **Mention concerns once, then execute.** Johan has reasons. Respect them.

## Architecture

```
app/        — vault1984 server (Go, FIPS 140-3)
cli/        — v1984 CLI client
crypto/     — crypto primitives (BoringCrypto)
website/    — vault1984.com marketing site
docs/       — design documentation
```

**Build:** Always use `GOEXPERIMENT=boringcrypto` (set in Makefile). Required for FIPS 140-3.

```bash
make deploy       # build + test + restart everything
make deploy-app   # app only
make deploy-web   # website only
make status       # check what's running
```

## Environments

| Environment | Host | Purpose |
|-------------|------|---------|
| HQ / NOC | noc.vault1984.com (185.218.204.47) | Hans runs this — Hans' domain |
| Forge (local) | 192.168.1.16 | Development |

**SSH:** `root@185.218.204.47` (HQ/Hans), `ssh johan@192.168.1.16` (forge)

## Security Non-Negotiables

- **FIPS 140-3** via `GOEXPERIMENT=boringcrypto` — never build without it
- **Zero-knowledge** — server never sees plaintext credentials
- **WebAuthn L2** — hardware key support (in progress)
- No logging of credential content, ever

## Current Status (Mar 2026)

- Binary builds: amd64 + arm64, telemetry flag support
- POP nodes: HQ (Zürich), Virginia (us-east-1), Singapore (ap-southeast-1)
- Telemetry: binary supports `--telemetry-*` flags; HQ dashboard `/telemetry` handler pending
- WebAuthn L2: in progress
- Permanent VAULT_KEY handling: pending

## Data Access Architecture

All DB operations go through named functions in `app/lib/dbcore.go`. **No direct SQL outside dbcore.go.**

Choke points:
- `EntryCreate/Get/Update/Delete/List/Search` — all credential entry operations
- `SessionCreate/Get/Delete` — session management
- `AuditLog` — every security event goes here, no exceptions

**FORBIDDEN outside dbcore.go:**
- `db.QueryRow()`, `db.Exec()`, `db.Query()` — direct SQL is a violation (one exception: `telemetry.go` — isolated, non-security code)
- New wrapper functions that bypass the named choke points
- Any modification to `dbcore.go` without Johan's explicit approval

**Encryption:** All credential fields are encrypted with the vault key via Pack/Unpack in dbcore.go. This is the ONLY encryption path. Never encrypt/decrypt fields outside of it.

## Key Files

- `L2_AGENT_ENCRYPTION.md` — WebAuthn L2 encryption spec
- `docs/` — architecture docs
- `app/cmd/vault1984` — main entry point