Skip to content

feat: encrypted data + credential vaults, and the private-data onboarding architecture (ADRs 045–049)#1

Merged
ruvnet merged 4 commits into
ruvnet:mainfrom
stuinfla:feat/vaults-and-acquisition-spec
Jul 1, 2026
Merged

feat: encrypted data + credential vaults, and the private-data onboarding architecture (ADRs 045–049)#1
ruvnet merged 4 commits into
ruvnet:mainfrom
stuinfla:feat/vaults-and-acquisition-spec

Conversation

@stuinfla

@stuinfla stuinfla commented Jul 1, 2026

Copy link
Copy Markdown
Contributor

Summary

This PR lays the secure, tested foundation that turns Helix from a stateless analyzer into a platform that can safely hold a person's health data and pull it in automatically — while keeping the local-first, user-owned promise of ADR-001.

It adds two encrypted vaults, the full architecture for automated multi-source data acquisition (5 new ADRs), the delivery spec, and completes the product-spec figure integration.

Zero blast radius: every new storage/crypto dependency is behind a non-default persist feature. The default build and the WASM build are byte-for-byte unaffected (helix-wasm does not depend on helix-vault; verified via cargo tree).


What's included

🔐 helix-vault — two encrypted stores (feature-gated, fully tested)

Store What it does
PersistentVaultStore Seals ProvRecords with XChaCha20-Poly1305, persists via redb — data survives a process restart. Closes the "everything evaporates on close" gap.
CredentialVault Seals account logins under a master passphrase → Argon2id key. Wrong passphrase is rejected cleanly (no panic), Debug is redacted, and there is zero plaintext on disk — proven by reading the raw file bytes in-test.

Proof — all green:

cargo test  -p helix-vault                                   # default: unit + property pass; redb/argon2 NOT compiled
cargo test  -p helix-vault --features persist                # persistence round-trip + credential round-trip
                                                             #  + wrong-passphrase reject + encrypt-at-rest — all pass
cargo clippy -p helix-vault --features persist --all-targets -- -D warnings   # clean, 0 warnings

📐 Architecture — ADRs 045–049 (the automated-onboarding design)

  • ADR-045 — Encrypted credential vault (zero-knowledge; never a plaintext .env)
  • ADR-046 — Agentic-browser acquisition for no-API sources (local, session-persisted, treats scraped content as untrusted)
  • ADR-047 — Single-tenant, local-first topology (each user runs their own instance → no central breach target)
  • ADR-048 — AIMDS/AIDefence guardrails on the ingest + LLM surface (prompt-injection + PII gating)
  • ADR-049 — Scheduled per-source pull cadences with auto-refresh (the "organic flow" of fresh data)

📄 Docs & figures

  • docs/Helix-Build-Spec.md — the onboarding + proactive-analyst delivery plan (phased, with verifiable milestones).
  • Product spec: the six architecture/concept diagrams migrated from bloated inline SVG → clean PNG figures, now numbered Figure 1–5 with captions and in-text cross-references (−546 lines of inline SVG, +6 committed images that render cleanly on GitHub).

Why this is safe to merge

  • Tested and green — no todo!()/unimplemented!(); clippy -D warnings clean.
  • Additive — builds on existing crates; no public API changed, no existing test touched.
  • Feature-gatedargon2/redb compile only under persist; default + WASM builds unchanged.
  • Security-first — encryption at rest proven by test; no credentials or PHI anywhere in the diff (verified with git log --name-only + git add -A --dry-run).
  • Documented — 5 ADRs + a delivery spec explain every decision.

How to verify locally

git fetch && git checkout feat/vaults-and-acquisition-spec
cargo test  -p helix-vault --features persist
cargo clippy -p helix-vault --features persist --all-targets -- -D warnings

What's next (separate PRs on this foundation)

Source connectors (Apple Health, RENPHO, Quest, pharmacy, EMR, Lose It), the per-source scheduler, the helix creds intake CLI, and a full synthetic demo persona — each will land as its own reviewed PR.


🤖 Generated with Claude Code

https://claude.ai/code/session_01NsEPAr9R7jXAJcEYFN4acb

stuinfla and others added 3 commits July 1, 2026 00:20
Robust ignore rules for 'Stu Health Data/', PHI file types, and /private/
so real health data and credentials can never be staged in this public
repo. Verified via git check-ignore + git add -A --dry-run.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NsEPAr9R7jXAJcEYFN4acb
PersistentVaultStore (redb-backed) seals ProvRecords with XChaCha20-
Poly1305 so they survive a restart. CredentialVault derives a key from a
master passphrase via Argon2id and seals per-source logins; wrong
passphrase is rejected, Debug is redacted. Both behind a non-default
'persist' feature so default/WASM builds stay redb/argon2-free.
Proven: round-trip across reopen, wrong-key/tamper reject, zero plaintext
on disk; cargo test + clippy -D warnings green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NsEPAr9R7jXAJcEYFN4acb
Helix-Build-Spec.md (onboarding + proactive analyst delivery plan);
product spec figures numbered with captions + cross-refs; ADR-045..049
(credential vault, agentic-browser acquisition, single-tenant local-first
topology, AIMDS guardrails, scheduled per-source pulls).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NsEPAr9R7jXAJcEYFN4acb
@ruvnet ruvnet merged commit 6ff1baa into ruvnet:main Jul 1, 2026
2 checks passed
ruvnet added a commit that referenced this pull request Jul 1, 2026
…erience (#2)

* chore(security): gitignore private health data & secrets

Robust ignore rules for 'Stu Health Data/', PHI file types, and /private/
so real health data and credentials can never be staged in this public
repo. Verified via git check-ignore + git add -A --dry-run.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NsEPAr9R7jXAJcEYFN4acb

* feat(helix-vault): persistent + credential vaults, encrypted at rest

PersistentVaultStore (redb-backed) seals ProvRecords with XChaCha20-
Poly1305 so they survive a restart. CredentialVault derives a key from a
master passphrase via Argon2id and seals per-source logins; wrong
passphrase is rejected, Debug is redacted. Both behind a non-default
'persist' feature so default/WASM builds stay redb/argon2-free.
Proven: round-trip across reopen, wrong-key/tamper reject, zero plaintext
on disk; cargo test + clippy -D warnings green.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NsEPAr9R7jXAJcEYFN4acb

* docs: build spec, numbered figures, ADRs 045-049

Helix-Build-Spec.md (onboarding + proactive analyst delivery plan);
product spec figures numbered with captions + cross-refs; ADR-045..049
(credential vault, agentic-browser acquisition, single-tenant local-first
topology, AIMDS guardrails, scheduled per-source pulls).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NsEPAr9R7jXAJcEYFN4acb

* feat(helix-demo): full synthetic demo persona across all 6 domains

New helix-demo crate: a deterministic generator for the fictional persona
'Alex Rivera' (clearly labeled SAMPLE) with 2,650 records + 3 meds + 2
clinician notes across Apple Watch, Lose It, RENPHO (~50-metric panel),
Quest labs, pharmacy, and EMR -- one coherent, grounded story (mild iron
deficiency + sleep + improving body-comp + borderline lipids; no false
alarms). Wired into the UI (ui/demo-dossier.json) so the app boots a rich
dossier through the REAL pipeline. cargo test -p helix-demo 13 passed;
workspace green; clippy clean; verified live in headless Chrome.

Stacks on #1; diff reduces to just the demo once #1 merges.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01NsEPAr9R7jXAJcEYFN4acb

* style: apply cargo fmt to helix-demo (CI fmt gate)

---------

Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Co-authored-by: ruv <ruv@ruv.net>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants