Expand description
coven — end-to-end encrypted, multi-writer, bring-your-own-storage SQLite sync, with an encrypted blob store and a cryptographic membership model.
The host app owns its SQLite schema and domain. coven owns the sync layer:
changesets captured via the SQLite session extension, HLC-stamped
and signed per author, encrypted and pushed/pulled through a pluggable
CloudHome, conflict-resolved by row-level last-writer-wins on _updated_at.
An append-only Ed25519-signed membership chain wraps the per-library
symmetric key to each member.
Integration contract for the host:
- Every synced table has an
idtext primary key at column 0 and an_updated_at TEXT NOT NULLcolumn (the HLC/LWW timestamp). - The host applies
db::MIGRATION_SQLto create coven’s bookkeeping tables and implementsdb::SyncBookkeeping+db::RawDbHandle. - The host supplies the synced-table list, a
blob::BlobPlan, and an optionalblob::BlobUploadObserver.
Modules§
- blob
- Blob plumbing for sync.
- changeset
- Changeset walking: the single primitive for inspecting SQLite changesets.
- clock
- Wall-clock source, injected so consumers read “now” deterministically in tests.
- config
- Sync + storage configuration.
- db
- Host database integration for sync bookkeeping.
- encryption
- id_
provider - Identifier source, injected so tests get a deterministic — but still unique — id sequence.
- join_
code - keys
- library_
dir - oauth
- OAuth 2.0 helper for consumer cloud provider authentication.
- storage
- sync