Expand description
Checkpoint serialization and deserialization for VectorCollection.
§On-disk framing
Plaintext checkpoints are raw MessagePack bytes (existing format).
The first 4 bytes are never SEGV, so detection is unambiguous.
Encrypted checkpoints use the following layout:
[SEGV (4B)] [version_u16_le (2B)] [cipher_alg_u8 (1B)] [kid_u8 (1B)]
[epoch (4B)] [reserved (4B)] [AES-256-GCM ciphertext of msgpack payload]The first 16 bytes form a SegmentPreamble (reusing the existing preamble
layout with a distinct SEGV magic). These 16 bytes are included as AAD,
preventing preamble-swap attacks. The nonce is (epoch, lsn=0) — epoch
provides per-write uniqueness even without an LSN.