From db0ab1d82e545360d23348192d0794bfeec29b1b Mon Sep 17 00:00:00 2001 From: adlee-was-taken Date: Sat, 20 Jun 2026 18:10:15 -0400 Subject: [PATCH] docs(formats): org collection-scoped attachment layout + default cap Document the attachments///.enc layout (exactly 3 segments, slug-authorized by the pre-receive hook, never decrypted server-side) and DEFAULT_ORG_ATTACHMENT_MAX_BYTES = 10 MiB, citing org_session.rs:24 and the mirrored personal default settings.rs:116. --- docs/FORMATS.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/FORMATS.md b/docs/FORMATS.md index a8387a0..2890ec2 100644 --- a/docs/FORMATS.md +++ b/docs/FORMATS.md @@ -82,6 +82,7 @@ collections.json # collection definitions keys/.enc # org master key wrapped to that member's device key manifest.enc # OrgManifest (schema_version 1, per-member-filtered) items//.enc # collection-scoped item blobs +attachments///.enc # Document attachment blobs (collection-scoped) ``` ### `org.json` — OrgMeta @@ -123,7 +124,13 @@ Standard `.enc` blob (see **Encrypted blob** above), encrypted under the org mas These blobs are written and read by the `relicario org` item commands (`org add` / `get` / `list` / `edit` / `rm` / `restore` / `purge`), all collection-scoped and grant-enforced. `org add` currently creates Login / SecureNote / Identity items; `get` / `list` display any item type present. -**TODO (extension follow-up):** extension UI for browsing and editing org vault items. **Deferred:** `org add` / `edit` parity for Card / Key / Document / Totp item types. +### `attachments///.enc` + +Standard `.enc` blob (see **Encrypted blob** above), encrypted under the org master key — the encrypted file payload of a Document item. As with item blobs, the blob does **not** name its collection; the leading `` path segment carries it, so the pre-receive hook (`relicario-server`, `classify_path`) authorizes the write by slug without decrypting — reusing the same grant + slug-existence check as the `items/` branch. The path is **exactly three segments** after `attachments/` (`//.enc`); the hook rejects any other shape (segment-count and `.`-free slug guards). `` is the content-addressed `AttachmentId` (see **Item IDs and Field IDs** below). + +Per-attachment size is capped at `DEFAULT_ORG_ATTACHMENT_MAX_BYTES = 10 * 1024 * 1024` (10 MiB) (`org_session.rs:24`), mirroring the personal-vault default `AttachmentCaps::per_attachment_max_bytes` (`settings.rs:116`). Org vaults have no `settings.enc`, so this cap is a fixed default rather than per-org configurable. Blobs are persisted / read / removed by `UnlockedOrgVault::save_attachment` / `load_attachment` / `remove_item_attachments` (`org_session.rs:137`, `:147`, `:156`). The storage primitives back the org **Document** item type; the `org add document` / Document-edit commands that produce these blobs land in v0.8.1 (see the item-type-parity note below). + +**TODO (extension follow-up):** extension UI for browsing and editing org vault items. **Deferred:** `org add` / `edit` parity for Card / Key / Document / Totp item types (landing in v0.8.1; Document file payloads use the attachment layout above). ## Item IDs and Field IDs