feat: add vault export, recovery tool, and export format documentation (Phase 10)#98
Merged
Conversation
Phase 10: Data Portability - Implementation decisions documented - Phase boundary established Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 10: Data Portability - Standard stack identified (no new deps for export, CDN noble-*/fflate for recovery tool) - Architecture patterns documented (API endpoint, settings UI, standalone HTML recovery) - eciesjs v0.4.16 binary format verified from installed source (16-byte nonce, specific HKDF params) - Pitfalls catalogued (ECIES format, HKDF salt/info, AES-GCM tag handling, IPNS gateway) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Phase 10: Data Portability - 3 plans in 2 waves - Wave 1: API export + web UI (10-01), standalone recovery HTML (10-02) [parallel] - Wave 2: Technical documentation with test vectors (10-03) - Ready for execution Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create VaultExportDto with format/version/exportedAt fields - Add getExportData to VaultService with User join - Add GET /vault/export endpoint to VaultController - Register User entity in VaultModule - Regenerate API client with export function Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Create VaultExport component with export button and dialog - Reuse ConfirmDialog for security warning before export - Download vault as cipherbox-vault-export.json via Blob URL - Add terminal-aesthetic CSS for export section - Integrate VaultExport into SettingsPage below LinkedMethods Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Self-contained recovery tool with embedded CSS and JavaScript - 4-step guided walkthrough: load export, provide key, configure gateway, recover - ECIES decrypt matching eciesjs@0.4.16 format (65-byte ephemeral PK, 16-byte nonce, 16-byte tag) - AES-256-GCM decrypt for folder metadata (12-byte IV, hex+base64 format) and files - IPNS resolution via public delegated routing with ipfs.io fallback - Recursive folder traversal with per-file error handling - Zip download preserving folder structure via fflate - CDN imports only: @noble/curves, @noble/hashes, fflate - Dark terminal aesthetic, responsive layout, no CipherBox server dependencies Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tasks completed: 1/1 - Standalone recovery HTML page with ECIES/AES-GCM crypto SUMMARY: .planning/phases/10-data-portability/10-02-SUMMARY.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Tasks completed: 2/2 - API export endpoint and DTO - Web app VaultExport component on Settings page SUMMARY: .planning/phases/10-data-portability/10-01-SUMMARY.md Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
- Complete specification covering export JSON schema, ECIES binary format, AES-256-GCM parameters, encrypted folder metadata format - Step-by-step recovery procedure with pseudocode - ECIES byte offsets: ephemeralPK(65) + nonce(16) + tag(16) + ciphertext(N) - Documents 16-byte AES-GCM nonce in ECIES (non-standard, eciesjs specific) - HKDF-SHA256 with undefined salt/info matching eciesjs@0.4.16 - IPNS resolution methods for infrastructure-independent recovery - Security considerations and compatibility notes Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
…SM1/cipher-box into feat/phase-10-data-portability
Phase 10 verified: 7/7 must-haves pass. PORT-01, PORT-02, PORT-03 requirements complete. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The VaultService gained a User repository dependency in phase 10 but the spec was never updated, causing all 31 existing tests to fail during module compilation and vault.service.ts coverage to drop to 19%. Adds the User repository mock to the test module and 5 tests covering getExportData: social login, external wallet, missing user, missing vault, and timestamp format. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
WalkthroughThe deep-link desktop schemes configuration in the Tauri app settings was reformatted from a multi-line array to an inline array representation. No functional changes were introduced; only the JSON formatting was modified. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes 🚥 Pre-merge checks | ✅ 2 | ❌ 1❌ Failed checks (1 warning)
✅ Passed checks (2 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing touches🧪 Generate unit tests (beta)
No actionable comments were generated in the recent review. 🎉 Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
This was referenced Feb 14, 2026
Closed
This was referenced Mar 24, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
GET /vault/export) returns encrypted vault keys and folder structure as JSONrecovery.html) enables infrastructure-independent vault recovery using only a browserdocs/VAULT_EXPORT_FORMAT.md) with test vector generation scriptSatisfies requirements PORT-01, PORT-02, PORT-03.
Test plan
GET /vault/exportreturns valid JSON with all vault fieldsrecovery.htmlloads standalone and can decrypt a test export🤖 Generated with Claude Code
Summary by CodeRabbit