cloud-sync

Timemachine/cloud-sync

Fork 0

Commit Graph

Author	SHA1	Message	Date
claude-timemachine	7c9d33f952	feat(sync): wire state.json + divergence detection + dialogs CI / test (3.10) (push) Successful in 3m16s Details CI / test (3.11) (push) Failing after 3m25s Details CI / test (3.12) (push) Failing after 3m25s Details CI / build-pyz (push) Has been skipped Details CI / release (push) Has been skipped Details state.py: per-instance sync state. <pack>/.cloud-sync/state.json (mode 600) records last_pulled_snapshot_id + last_pulled_at + host_tag. Versioned schema. clear() on remote-empty. sync.pull decision tree (replaces the unconditional restore): no token file → prompt_login_qt; on Skip return 0 (don't block launch) no state + remote empty → no-op no state + remote non-empty → restore (first-run on this machine) state.id == remote.id → skip restore (up to date) state.id != remote.id, no in-scope local edits since state.at → restore (fast-forward) state.id != remote.id, in-scope local edits since state.at → prompt_conflict_qt keep_local → don't restore; push will overwrite cloud use_remote → restore + update state cancel → exit 1 sync.push: --json output parsed for snapshot_id; state.json updated to that id after a successful backup. Skips silently if no token. _find_modified_in_scope: walks include roots, filters via _matches_any (restic-style globs: dir/, /dir/, /*.glob). Stops at 50 hits; we only need 'any' + a sample for the dialog. _format_dt: hand-rolled (no GNU-vs-Windows strftime quirks) → 'Thursday, October 21, 2021 at 7:12 PM'. Restic JSON parsing helpers: _parse_snapshots, _parse_restic_time (handles nanosecond precision), _parse_backup_summary. tests/test_state.py: 19 new tests covering state read/write, scope- aware mtime walk, exclude glob matching, restic output parsers. Total: 52 green.	2026-06-05 00:20:40 +02:00
claude-timemachine	49d1cb3280	drop restic repo encryption; rely on TLS + append-only + LUKS CI / test (3.10) (push) Successful in 8s Details CI / test (3.11) (push) Successful in 8s Details CI / test (3.12) (push) Successful in 7s Details CI / build-pyz (push) Successful in 4s Details CI / release (push) Has been skipped Details User credentials now serve HTTP basic auth only. Repos init with --insecure-no-password. Removes: - RESTIC_PASSWORD env in client subprocess - Per-repo password coordination story - Multi-key restic setup (user key + operator-master key) - Two-password recovery edge cases Operator-side prune now runs over the filesystem path (-r /srv/.../<user>/) which bypasses rest-server's HTTP-layer append-only enforcement. No password needed at all. Protection model stays: - TLS in transit (reverse proxy) - HTTP basic per-user (htpasswd) for read/write authorization - --private-repos for per-user URL isolation - --append-only for client-side delete protection - LUKS / disk-level for at-rest encryption (operator's responsibility) Verified end-to-end on john: pull → push → restore round-trip works, DELETE on bogus snapshot still returns 403 (append-only intact), operator can read repo via filesystem path (prune-mode access works). 33 pytest still green.	2026-06-04 22:23:40 +02:00
claude-timemachine	ffdfb1f9b6	pivot to Python: replace Kotlin/JVM with stdlib zipapp CI / test (3.10) (push) Successful in 40s Details CI / test (3.11) (push) Successful in 19s Details CI / test (3.12) (push) Successful in 23s Details CI / build-pyz (push) Successful in 4s Details CI / release (push) Has been skipped Details Reasons stacked up: - AV: unsigned JARs that auto-download binaries + upload files trigger Windows Defender false-positives more often than Python scripts invoked by code-signed python.exe. - Qt UI option: PySide6 opens a path to a real Qt UI (matching Prism's look) if needed later. JVM Qt bindings are abandoned. - frazclient already needs Python; inlining as 'import cloud_sync' is zero overhead vs the launcher always shelling out to java. Implementation: - cloud_sync package: cli.py (argparse), creds.py, scope.py, restic.py (binary discovery + auto-download + sha256 verify), sync.py (pull/push subprocess restic). - pyproject.toml with hatchling backend; pip-installable. - Makefile builds cloud-sync.pyz via python -m zipapp (~53 KB). - 33 pytest tests, stdlib only on runtime. - CI workflow runs pytest matrix (3.10/3.11/3.12) + builds pyz. - DESIGN.md + README.md updated to reflect Python. E2E verified against local restic-rest-server: pull empty → push initial → rm -rf local → pull restores → modify+push creates second snapshot → client forget --prune blocked by --append-only. Throws away ~565 LOC of Kotlin (and 18 jar tests) committed earlier in this same session. Net result is ~250 LOC Python + 33 tests = smaller and more aligned with the rest of the stack.	2026-06-03 01:11:47 +02:00

Author

SHA1

Message

Date

claude-timemachine

7c9d33f952

feat(sync): wire state.json + divergence detection + dialogs

CI / test (3.10) (push) Successful in 3m16s

Details

CI / test (3.11) (push) Failing after 3m25s

Details

CI / test (3.12) (push) Failing after 3m25s

Details

CI / build-pyz (push) Has been skipped

Details

CI / release (push) Has been skipped

Details

state.py: per-instance sync state. <pack>/.cloud-sync/state.json
(mode 600) records last_pulled_snapshot_id + last_pulled_at +
host_tag. Versioned schema. clear() on remote-empty.

sync.pull decision tree (replaces the unconditional restore):

  no token file
    → prompt_login_qt; on Skip return 0 (don't block launch)
  no state + remote empty
    → no-op
  no state + remote non-empty
    → restore (first-run on this machine)
  state.id == remote.id
    → skip restore (up to date)
  state.id != remote.id, no in-scope local edits since state.at
    → restore (fast-forward)
  state.id != remote.id, in-scope local edits since state.at
    → prompt_conflict_qt
      keep_local  → don't restore; push will overwrite cloud
      use_remote  → restore + update state
      cancel      → exit 1

sync.push: --json output parsed for snapshot_id; state.json updated
to that id after a successful backup. Skips silently if no token.

_find_modified_in_scope: walks include roots, filters via
_matches_any (restic-style globs: dir/, **/dir/, **/*.glob).
Stops at 50 hits; we only need 'any' + a sample for the dialog.

_format_dt: hand-rolled (no GNU-vs-Windows strftime quirks) →
'Thursday, October 21, 2021 at 7:12 PM'.

Restic JSON parsing helpers: _parse_snapshots, _parse_restic_time
(handles nanosecond precision), _parse_backup_summary.

tests/test_state.py: 19 new tests covering state read/write, scope-
aware mtime walk, exclude glob matching, restic output parsers.
Total: 52 green.

2026-06-05 00:20:40 +02:00

claude-timemachine

49d1cb3280

drop restic repo encryption; rely on TLS + append-only + LUKS

CI / test (3.10) (push) Successful in 8s

Details

CI / test (3.11) (push) Successful in 8s

Details

CI / test (3.12) (push) Successful in 7s

Details

CI / build-pyz (push) Successful in 4s

Details

CI / release (push) Has been skipped

Details

User credentials now serve HTTP basic auth only. Repos init with
--insecure-no-password. Removes:
  - RESTIC_PASSWORD env in client subprocess
  - Per-repo password coordination story
  - Multi-key restic setup (user key + operator-master key)
  - Two-password recovery edge cases

Operator-side prune now runs over the filesystem path (-r /srv/.../<user>/)
which bypasses rest-server's HTTP-layer append-only enforcement. No
password needed at all.

Protection model stays:
  - TLS in transit (reverse proxy)
  - HTTP basic per-user (htpasswd) for read/write authorization
  - --private-repos for per-user URL isolation
  - --append-only for client-side delete protection
  - LUKS / disk-level for at-rest encryption (operator's responsibility)

Verified end-to-end on john: pull → push → restore round-trip works,
DELETE on bogus snapshot still returns 403 (append-only intact),
operator can read repo via filesystem path (prune-mode access works).

33 pytest still green.

2026-06-04 22:23:40 +02:00

claude-timemachine

ffdfb1f9b6

pivot to Python: replace Kotlin/JVM with stdlib zipapp

CI / test (3.10) (push) Successful in 40s

Details

CI / test (3.11) (push) Successful in 19s

Details

CI / test (3.12) (push) Successful in 23s

Details

CI / build-pyz (push) Successful in 4s

Details

CI / release (push) Has been skipped

Details

Reasons stacked up:
  - AV: unsigned JARs that auto-download binaries + upload files trigger
    Windows Defender false-positives more often than Python scripts
    invoked by code-signed python.exe.
  - Qt UI option: PySide6 opens a path to a real Qt UI (matching Prism's
    look) if needed later. JVM Qt bindings are abandoned.
  - frazclient already needs Python; inlining as 'import cloud_sync' is
    zero overhead vs the launcher always shelling out to java.

Implementation:
  - cloud_sync package: cli.py (argparse), creds.py, scope.py,
    restic.py (binary discovery + auto-download + sha256 verify),
    sync.py (pull/push subprocess restic).
  - pyproject.toml with hatchling backend; pip-installable.
  - Makefile builds cloud-sync.pyz via python -m zipapp (~53 KB).
  - 33 pytest tests, stdlib only on runtime.
  - CI workflow runs pytest matrix (3.10/3.11/3.12) + builds pyz.
  - DESIGN.md + README.md updated to reflect Python.

E2E verified against local restic-rest-server:
  pull empty → push initial → rm -rf local → pull restores → modify+push
  creates second snapshot → client forget --prune blocked by --append-only.

Throws away ~565 LOC of Kotlin (and 18 jar tests) committed earlier in
this same session. Net result is ~250 LOC Python + 33 tests = smaller
and more aligned with the rest of the stack.

2026-06-03 01:11:47 +02:00

3 Commits