- Server-side prune via per-repo operator master key (restic key add at provision time)
- Auto-download restic on first run (packwiz-installer-bootstrap pattern)
- Nightly prune at 04:00 UTC via in-process time.Ticker
- Per-caller provisioning tokens (CLOUD_PROVISIONING_TOKENS_<NAME>) for audit attribution; NOT shared
Earlier draft archived cloud-svc entirely. Better shape: keep it as a
control plane for the restic backend. Two listeners in one process:
- provisioning :9091 on automc-net (called by discord-bot)
- operator :9092 on 127.0.0.1 (called by automc-setup wizard)
Players still hit restic-rest-server (data plane) directly with their
per-user password. cloud-svc never sits in the player data path —
limits its public exposure to zero.
cloud-svc was a worse re-implementation of what restic-rest-server
already does (--private-repos + --append-only + native retention +
chunk-level dedup). Pivoting before either ships in production.
cloud-sync.jar becomes a restic CLI wrapper. ~200 LOC instead of
~2000+ in the custom-server path. Server-side prune via operator
master password (option 1 — multi-key per repo).
Open questions flagged at end of doc for confirmation.
claude-timemachine