murk_cli/types.rs
1use std::collections::{BTreeMap, HashMap};
2
3use serde::{Deserialize, Serialize};
4
5/// Current vault format version.
6pub const VAULT_VERSION: &str = "2.0";
7
8/// Default vault filename.
9pub const DEFAULT_VAULT_NAME: &str = ".murk";
10
11// -- Vault (on-disk format, v2) --
12// The entire .murk file is a single JSON document with per-value encryption.
13// Key names and schema are plaintext. Values are individually age-encrypted.
14
15#[derive(Debug, Clone, Serialize, Deserialize)]
16pub struct Vault {
17 pub version: String,
18 pub created: String,
19 pub vault_name: String,
20 /// Repository URL, auto-detected from git remote during init.
21 #[serde(default, skip_serializing_if = "String::is_empty")]
22 pub repo: String,
23 /// Public keys only — no names. Name mappings live in the encrypted meta blob.
24 pub recipients: Vec<String>,
25 /// Key metadata — public, readable without decryption.
26 pub schema: BTreeMap<String, SchemaEntry>,
27 /// Per-value encrypted secrets. Each value is a separate age ciphertext.
28 pub secrets: BTreeMap<String, SecretEntry>,
29 /// Encrypted metadata blob: recipient names and integrity MAC.
30 pub meta: String,
31}
32
33#[derive(Debug, Clone, Default, PartialEq, Eq, Serialize, Deserialize)]
34pub struct SchemaEntry {
35 pub description: String,
36 #[serde(skip_serializing_if = "Option::is_none")]
37 pub example: Option<String>,
38 #[serde(default, skip_serializing_if = "Vec::is_empty")]
39 pub tags: Vec<String>,
40 /// When the key was first added.
41 #[serde(default, skip_serializing_if = "Option::is_none")]
42 pub created: Option<String>,
43 /// When the value was last updated.
44 #[serde(default, skip_serializing_if = "Option::is_none")]
45 pub updated: Option<String>,
46}
47
48#[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)]
49pub struct SecretEntry {
50 /// Shared value encrypted to all recipients.
51 pub shared: String,
52 /// Scoped overrides: pubkey → encrypted value (encrypted to that pubkey only).
53 #[serde(default, skip_serializing_if = "BTreeMap::is_empty")]
54 pub scoped: BTreeMap<String, String>,
55}
56
57// -- Meta (encrypted, stored in vault.meta) --
58// Contains metadata only visible to recipients.
59
60#[derive(Debug, Clone, Serialize, Deserialize)]
61pub struct Meta {
62 /// Maps pubkey → display name. The only place names are stored.
63 pub recipients: HashMap<String, String>,
64 /// Integrity MAC over secrets + schema.
65 pub mac: String,
66 /// BLAKE3 keyed MAC key (hex-encoded, 32 bytes). Generated at init, stored encrypted.
67 #[serde(default, skip_serializing_if = "Option::is_none", alias = "hmac_key")]
68 pub mac_key: Option<String>,
69 /// Pinned GitHub key fingerprints: username → [SHA256:...].
70 /// Used for TOFU (Trust On First Use) verification on `authorize github:user`.
71 #[serde(default, skip_serializing_if = "HashMap::is_empty")]
72 pub github_pins: HashMap<String, Vec<String>>,
73}
74
75// -- Murk (decrypted in-memory state) --
76// The working representation after decryption. Commands read/modify this,
77// then save_vault compares against the original to minimize re-encryption.
78
79#[derive(Debug, Clone)]
80pub struct Murk {
81 /// Decrypted shared values.
82 pub values: HashMap<String, String>,
83 /// Pubkey → display name (from meta).
84 pub recipients: HashMap<String, String>,
85 /// Scoped overrides: key → { pubkey → decrypted value }.
86 /// Only contains entries decryptable by the current identity.
87 pub scoped: HashMap<String, HashMap<String, String>>,
88 /// True if the vault uses a legacy unkeyed MAC (sha256/sha256v2).
89 pub legacy_mac: bool,
90 /// Pinned GitHub key fingerprints (carried from meta).
91 pub github_pins: HashMap<String, Vec<String>>,
92}