Vault manifest operations: entry types, load/save, ID generation.
Types
VaultEntry = tuple[id, path, hash: string]
Procs
proc expandHome(p: string): string {....raises: [], tags: [ReadEnvEffect, ReadIOEffect], forbids: [].}
- Expand ~ to $HOME in path strings.
proc genId(): string {....raises: [], tags: [], forbids: [].}
- 16-char random hex via cryptographic randomness.
proc isPathSafe(cfg: GpgConfig; manifestPath: string): bool {....raises: [], tags: [ReadEnvEffect, ReadIOEffect], forbids: [].}
- Validate that a manifest path resolves within expected boundaries. Returns false for directory traversal attempts (e.g. ../../etc/passwd).
proc loadManifest(repo: string; verifySig = false): seq[VaultEntry] {. ...raises: [OSError, IOError, ValueError], tags: [ReadDirEffect, ExecIOEffect, ReadEnvEffect, RootEffect, ReadIOEffect, TimeEffect, WriteIOEffect], forbids: [].}
- Decrypt and parse the vault manifest. Returns empty seq if no manifest exists. Supports both v1 (idtpath) and v2 (idtpaththash) formats.
proc resolvePath(cfg: GpgConfig; path: string): string {....raises: [], tags: [ReadEnvEffect, ReadIOEffect], forbids: [].}
- Resolve a manifest path to an absolute filesystem path. When cfg.root is set, paths are relative to root. Otherwise, ~/... paths are expanded via expandHome.
proc saveManifest(repo: string; entries: seq[VaultEntry]; cfg: GpgConfig) {. ...raises: [IOError, OSError, ValueError], tags: [WriteIOEffect, ExecIOEffect, ReadEnvEffect, RootEffect, ReadIOEffect, TimeEffect, WriteDirEffect], forbids: [].}
- Serialize entries (v2 format with hashes) and encrypt as the vault manifest.
proc storePath(cfg: GpgConfig; absPath: string; repo: string): string {. ...raises: [Exception], tags: [RootEffect, ReadEnvEffect, ReadIOEffect], forbids: [].}
- Convert an absolute path to the stored manifest format. When cfg.root is set, stores relative to root. Otherwise, stores with ~/ prefix if under HOME.
proc vaultDir(repo: string): string {....raises: [], tags: [], forbids: [].}
- Path to the .vault directory within a repo.