Repo Vault Lane

Safe archive, Git remote, or repo rescue agent. ๐Ÿ›Ÿ

For handoff packages, the repo snapshot command builds one vault-ready archive, runs a local secret scan, uploads through the same R2 receipt flow, and keeps the proof in the ledger. For active dev work, the autosync agent runs the encrypted source-custody lane on repeat.

npm run vault:agent:start -- --env-file=env.txt --mode=full --interval-seconds=600 npm run vault:agent:status npm run vault:dry-run npm run vault:push npm run vault:repo -- status --dir=. npm run vault:secrets:manifest npm run vault:cli clone app ./app

Safety Behavior

Archive safety and Git-level recovery stay separate.

The archive package skips local secrets, generated dependency folders, backup data, database files, private keys, old archives, and text files flagged by the credential scanner.

  • Use dry run first to inspect the sanitized archive.
  • Use push when the archive is ready for the vault ledger.
  • Use the Git remote when the dev needs clone, fetch, and push behavior.
  • Use the repo workspace helper for status, diff, commit, sync, and push receipts.
  • Use the secret manifest before deleting or handing off a local workspace.

Repo rescue posture ๐Ÿงพ

ShYT may crash, but Skye keeps the sKache.

No perfect-tech promises. Just proof receipts, recovery prompts, checkpoints, and rollback-aware workflows built to keep your last clean move from disappearing.

ShYT happens, and noo tech is perfect, so despite our extreme stress test and live testing with the owner's own codebase, we will not make the guarantee.

Install agent ๐Ÿง  View proof ๐Ÿงพ

Full Workspace Restore

Encrypted artifact plus restore kit.

A .zip.enc or .tar.zst.enc file means encrypted by design. It is not the final repo archive yet; it is the protected wrapper that keeps the repo locked until the control material unlocks it.

  • Download the large encrypted artifact.
  • Download the matching direct restore kit or SkyeSecure control pack.
  • Run the helper from the restore kit.
  • Open the decrypted archive or extracted repo folder after decrypt finishes.

One Command Shape

The helper does the decrypt, verify, and unzip steps.

unzip direct-restore-kit.zip -d restore-kit node restore-kit/skyevault-restore-encrypted-zip.mjs --artifact=repo.zip.enc --key-file=restore-kit/artifact-key-material.txt --out-dir=./restore-repo --force

If a file still ends in `.zip.enc` or `.tar.zst.enc`, it has not been unlocked yet. The decrypted repo archive appears only after the restore material decrypts it.

Archive Receipt-backed snapshot

Best for project handoff, release proof, disaster recovery, and client-safe downloads.

Git Bare repo remote

Best when a developer needs normal clone, fetch, push, tags, and branch policy.

Workspace Working folder receipts

Best when a vault folder needs status, diff, commit, sync, and push proof.

Boundary Local-only recovery list

Best for secrets, databases, private keys, dependency folders, and generated state.

AI Install One-page setup lane

Best when a dev or coding agent needs the exact commands, env names, auth rule, plans, and receipts.