mirror of
https://github.com/Memo-2023/mana-monorepo.git
synced 2026-05-16 09:39:39 +02:00
c875b4e966
Flips three coordinated registry entries to enabled:true at once:
- tasks: title, description, subtasks, metadata
- events (calendar): title, description, location
- timeBlocks: title, description (NEW entry)
These three tables have to move together because the consumer modules
(todo, calendar) denormalize their title/description into a TimeBlock
for cheap calendar rendering. Encrypting only the source records would
still leak the same fields through the timeBlocks hub. Indexed columns
(startDate, endDate, kind, type, sourceModule/sourceId, parentBlockId,
recurrenceDate, isLive, isCompleted, dueDate, priority) all stay
plaintext — the calendar query layer needs them for range scans.
Service layer
-------------
- time-blocks/service.ts: createBlock + updateBlock now route through
encryptRecord before the Dexie write. startFromScheduled decrypts the
scheduled block first so the new logged block carries plaintext
forward instead of an already-encrypted blob (encryptRecord is
idempotent so this is also defence-in-depth). New decryptBlock helper
for callers that need plaintext outside a liveQuery.
- todo/stores/tasks.svelte.ts: createTask snapshots the plaintext task
before encryptRecord mutates it, returns the snapshot to the UI.
updateTask decrypts the existing row before forwarding task.title as
a fallback into updateBlock (would otherwise leak ciphertext to the
linked TimeBlock). updateLabels + updateSubtasks decrypt-merge-encrypt
so structured fields don't get spliced into a ciphertext blob.
- calendar/stores/events.svelte.ts: encryptRecord wrapped around all
four event-write paths (create, update, updateSingleInstance,
updateAllFuture).
Read paths
----------
Every liveQuery / one-shot read that surfaces title/description/
location through the UI now decrypts after the plaintext-metadata
filter:
- time-blocks/queries.ts: useAllTimeBlocks, timeBlocksInRange$,
timeBlocksBySource$, useLiveTimeBlock
- todo/queries.ts: useAllTasks
- calendar/queries.ts: useAllCalendarItems (decrypts both the blocks
and the joined events)
- cross-app-queries.ts: useOpenTasks, useTodayTasks, useUpcomingTasks,
useUpcomingEvents
- dashboard widgets: DayTimelineWidget, ActivityFeedWidget,
TasksTodayWidget, UpcomingEventsWidget
- search providers: todo + calendar (substring scoring needs
plaintext)
- quick-input adapters: todo + calendar (search-as-you-type)
- calendar/components/ConflictWarning, CalendarHeader (iCal export
embeds title in the file)
- calendar/views/DetailView, todo/views/DetailView (inline editor)
- api/services/qr-export (the QR snapshot would otherwise ship
ciphertext)
- triggers/suggestions (cross-matches habit titles against task /
event titles)
- todo/reminder-source (notification body uses task title)
Habits is implicitly covered: it only writes through createBlock /
updateBlock and only reads block.startDate from the timeBlock side, so
no per-store changes were needed for habits to participate.
Why
---
This closes the last big plaintext gap on the dashboard. tasks +
events + the timeBlocks hub were the highest-value targets after chat
+ contacts because they're the surfaces a casual observer of an
unlocked DB would scan first ("what's this person doing today?"). With
Phase 7.1, the answer to that query is opaque without the master key.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
|
||
|---|---|---|
| .. | ||
| api | ||
| calc/packages/shared | ||
| calendar | ||
| cards | ||
| chat | ||
| citycorners | ||
| contacts | ||
| context | ||
| docs | ||
| guides | ||
| inventar | ||
| mana | ||
| manacore/apps/web/src/lib | ||
| manavoxel | ||
| matrix | ||
| memoro | ||
| moodlit | ||
| mukke | ||
| news | ||
| nutriphi | ||
| photos | ||
| picture | ||
| planta | ||
| presi | ||
| questions | ||
| skilltree | ||
| storage | ||
| times | ||
| todo | ||
| traces | ||
| uload | ||
| zitare/packages/content | ||