Cloak

I improved the security architecture by removing the “keychain singularity” and implemented project-scope identity instead to prevent collisions across multiple repositories. I also introduced process lifecycle guards using Pdeathsig that makes sure secrets are removed from ram immediately if the process is unexpectedly terminated. I also shipped the teleport command which is a PAKE-encrypted feature that uses the Magic Wormhole to tranasmit Master keys peer to peer, which bypasses the need for centralized “dead drop” servers entirely

I have successfully built the core of Cloak, a secure environment injector. The cryptographic foundation and the file storage are fully working at this point, and it allows users to init a vault and set encrypted secrets. The ghost engine (cloak run) is working too, and it’s able to inject these secrets into child processes in memory while preserving any interactive TTY signals. I’ve also implemented a semantic merge tool for binary conflicts and scaffolded a cyber punk themed TUI (cloak edit) for managing keys, which is basically the groundwork for a secure, developer centric secrets manager that never writes plaintext to disk.