A zero-trust, offline-first encrypted vault for storing immutable logic snapshots with cryptographic integrity verification.

• Network Disabled: All network APIs (fetch, XHR, WebSocket) permanently blocked
• AES-256-GCM Encryption: Military-grade encryption for all stored data
• SHA-256 Integrity: Cryptographic checksums for tamper detection
• Zero-Knowledge: Master password never stored, only derived keys
• Offline-First: Works completely offline, no external dependencies
• Browser-Based: Runs locally in IndexedDB, no server required

1. Clone the repository

   git clone https://github.com/yourusername/sec.git
   cd sec

2. Open the app

   • Open public/index.html in your browser
   • Or use a local server:

     python3 -m http.server 8000
     # Visit http://localhost:8000/public/

3. Initialize your vault

   init YourSecurePassword123
   

4. Start using commands (see Usage section)

# Create vault with master password (8+ characters)
init MySecurePassword123

# You'll see: "VAULT INITIALIZED. PASSWORD SET."

# Just type your password and press Enter
MySecurePassword123

# You'll see: "ACCESS GRANTED."

# Create a new rule
rule new MyRule "if x > 10 then alert"

# List all rules
rule list

# View specific rule (use ID from list)
rule show a1b2c3d4

# Lock vault when done
lock

# Export encrypted backup (JSON)
export backup

# Generate printable PDF document
export msd

# Test deterministic random generation
test myseed123

# Run full test suite
run tests

Sec/
├── public/
│   └── index.html          # Entry point
├── src/
│   ├── core/
│   │   ├── main.js         # Command processor
│   │   └── tests.js        # Test suite
│   ├── data/
│   │   ├── storage.js      # IndexedDB vault
│   │   ├── rules.js        # Rule management
│   │   └── export.js       # Backup & PDF export
│   ├── security/
│   │   └── crypto-core.js  # Encryption engine
│   └── ui/
│       ├── ui.js           # Terminal interface
│       └── style.css       # Styling
└── vendor/
    └── pdf-lib.js          # PDF generation

1. Key Derivation: PBKDF2 with 100,000 iterations
2. Encryption: AES-256-GCM with random IVs
3. Integrity: SHA-256 checksums for all rules
4. Storage: Encrypted blobs only, no plaintext
5. Network: All network APIs disabled at runtime

• Modern browser (Chrome, Firefox, Edge, Safari)
• No build tools required (vanilla JavaScript)

# ESLint & Prettier configs included
npm install
npm run lint
npm run format

Open the app and run:

run tests

MIT License - See LICENSE file for details

This is a security-focused tool. Always:

• Use strong passwords (16+ characters recommended)
• Keep backups in secure locations
• Never share your master password
• Test recovery procedures regularly

1. Fork the repository
2. Create feature branch (git checkout -b feature/amazing)
3. Commit changes (git commit -m 'Add amazing feature')
4. Push to branch (git push origin feature/amazing)
5. Open Pull Request

For issues and questions, please use GitHub Issues.

Built with security and privacy in mind. No telemetry. No tracking. No network.