ppassctl

ppassctl.Commands: {
  shape: class

  init
  ls
  grep
  find
  show
  insert
  edit
  generate
  rm
  mv
  cp
  git
  help
  version
}

ppassctl -- ppassd: control via unix socket

ppassd
ppassd.Host: {
  shape: class

  PeerId: "libp2p.ID"
  PublicKey: "libp2p.PubKey"
  PrivateKey: "libp2p.PrivKey"
}

ppassd.Config: {
  shape: class

  +VaultCfgs: "[]VaultCfg"
}

ppassd.VaultCfg {
  shape: class

  peers: "[]Peer"
  VaultId: "string" #PubSub Topic
}

ppassd.Peer {
  shape: class

  PeerId: "libp2p.ID"
  PublicKey: "string"
}

ppassd.Vault: {
  shape: class

  Id: "string"
  Keys: "[]Peer.PublicKey"

  Put(p Password): "error"
  Get(k string): "(Password, error)"
  Modify(p Password):  "error"
  Remove(k string):  "(bool, error)"
  OnUpdate(handler func()): "error"

  ctx: "context.Context"
  ps: "*pubsub.PubSub"
  topic: "*pubsub.Topic"
  sub: "*pubsub.Subscription"
}

ppassd.PasswordStore: {
  shape: class

  Init(): "error"
  Put(p Password): "error"
  Get(k string): "(Password, error)"
  Modify(p Password):  "error"
  Remove(k string):  "(bool, error)"
  Has(k string):  "(bool)"
  GetSize(k string): "(int, error)"
  Query(q Query): "(query.Result, error)"
  Exists(k string):  "(bool)"

  NewVault(id string): "(Vault, error)"

  Cfg: "Config"
  Vaults: "[]Vaults"
  Passwords: "[]Password"
  Secrets: "[]GnuPGKey"
  host: "Host"
}

ppassd.Password: {
  shape: class

  Key: "string"
  Password: "string"
  Vaults: "[]*Vault"
}

ppassd.PasswordStore -> PPassd.Host
ppassd.PasswordStore -> PPassd.Config
ppassd.Config -> PPassd.VaultCfg
ppassd.VaultCfg -> PPassd.Peer
ppassd.PasswordStore -> PPassd.Vault
ppassd.PasswordStore -> PPassd.Password: Load on Init()

Thoughts
Thoughts.explanation: |md
  # Architecture
  - The host is a libp2p node. It connects with Peers of the given VaultCfgs.  
  - The Vaults itself a basically pubsub topics that each hosts subscribes and publishes to.
  - Vaults internally are just abstractions of the PasswordStore
    - they are like a "view" onto certain passwords
    - there they can modify, add, delete passwords too
    - if a password is in multiple vaults, it should be updated too
  - hosts do not have to be able to decrypt stored passwords
    - for example it would be nice to have a dummy node that is always online, storing passwords
    - but not able to decrypt them

|