Skip to content

README.md

Latest commit

 

History

History
165 lines (126 loc) · 3.72 KB

README.md

File metadata and controls

165 lines (126 loc) · 3.72 KB

Sec // Encrypted Vault Terminal

A zero-trust, offline-first encrypted vault for storing immutable logic snapshots with cryptographic integrity verification.

🔒 Security Features

  • Network Disabled: All network APIs (fetch, XHR, WebSocket) permanently blocked
  • AES-256-GCM Encryption: Military-grade encryption for all stored data
  • SHA-256 Integrity: Cryptographic checksums for tamper detection
  • Zero-Knowledge: Master password never stored, only derived keys
  • Offline-First: Works completely offline, no external dependencies
  • Browser-Based: Runs locally in IndexedDB, no server required

🚀 Quick Start

  1. Clone the repository

    git clone https://github.com/yourusername/sec.git
cd sec

  2. Open the app

    • Open public/index.html in your browser
    • Or use a local server: 
      python3 -m http.server 8000
# Visit http://localhost:8000/public/

  3. Initialize your vault

    init YourSecurePassword123

  4. Start using commands (see Usage section)

📖 Usage

First Time Setup

# Create vault with master password (8+ characters)
init MySecurePassword123

# You'll see: "VAULT INITIALIZED. PASSWORD SET."

Login

# Just type your password and press Enter
MySecurePassword123

# You'll see: "ACCESS GRANTED."

Managing Rules

# Create a new rule
rule new MyRule "if x > 10 then alert"

# List all rules
rule list

# View specific rule (use ID from list)
rule show a1b2c3d4

# Lock vault when done
lock

Export & Backup

# Export encrypted backup (JSON)
export backup

# Generate printable PDF document
export msd

Testing

# Test deterministic random generation
test myseed123

# Run full test suite
run tests

📁 Project Structure

Sec/
├── public/
│   └── index.html          # Entry point
├── src/
│   ├── core/
│   │   ├── main.js         # Command processor
│   │   └── tests.js        # Test suite
│   ├── data/
│   │   ├── storage.js      # IndexedDB vault
│   │   ├── rules.js        # Rule management
│   │   └── export.js       # Backup & PDF export
│   ├── security/
│   │   └── crypto-core.js  # Encryption engine
│   └── ui/
│       ├── ui.js           # Terminal interface
│       └── style.css       # Styling
└── vendor/
    └── pdf-lib.js          # PDF generation

🛡️ Security Architecture

  1. Key Derivation: PBKDF2 with 100,000 iterations
  2. Encryption: AES-256-GCM with random IVs
  3. Integrity: SHA-256 checksums for all rules
  4. Storage: Encrypted blobs only, no plaintext
  5. Network: All network APIs disabled at runtime

🔧 Development

Prerequisites

  • Modern browser (Chrome, Firefox, Edge, Safari)
  • No build tools required (vanilla JavaScript)

Code Style

# ESLint & Prettier configs included
npm install
npm run lint
npm run format

Testing

Open the app and run:

run tests

📝 License

MIT License - See LICENSE file for details

⚠️ Disclaimer

This is a security-focused tool. Always:

  • Use strong passwords (16+ characters recommended)
  • Keep backups in secure locations
  • Never share your master password
  • Test recovery procedures regularly

🤝 Contributing

  1. Fork the repository
  2. Create feature branch (git checkout -b feature/amazing)
  3. Commit changes (git commit -m 'Add amazing feature')
  4. Push to branch (git push origin feature/amazing)
  5. Open Pull Request

📧 Support

For issues and questions, please use GitHub Issues.

Built with security and privacy in mind. No telemetry. No tracking. No network.