feat(users): UserManager with per-user SQLCipher, and extract skald-core crate

Two changes developed together in one session; they share the same module
structure (db/mod.rs, the core lib root) and only compile together, so they
land as one commit.

## UserManager + per-user encryption (§9/§11)

New `users::UserManager`: owns the system.db pool plus a map
`userid -> SqlitePool` of unlocked databases. The pool *is* the unlock token —
its connect options carry the DEK as SQLCipher's raw key, so an open pool means
the key is in RAM until restart and dropping it re-locks (§9). Knows nothing
about cookies.

New `crypto` module: envelope encryption. A random 256-bit DEK encrypts
`{userid}.db`; `users.database_password` holds it sealed with AES-256-GCM under
`Argon2id(password, salt)`. The AEAD tag is the password verifier — one
derivation both authenticates and yields the key, so encrypted users store no
second hash. Cleartext users store the Argon2id output directly, compared in
constant time. Argon2 runs in spawn_blocking behind a 2-permit semaphore
(256 MiB per derivation).

- SQLCipher via `libsqlite3-sys` `bundled-sqlcipher-vendored-openssl`, pinned
  <0.38 so it unifies with the one sqlx-sqlite links (a newer copy would apply
  the feature to a SQLite sqlx never uses). OpenSSL is vendored and static, so
  the binary stays self-contained.
- Schema split into `create_registry_tables` (instance-wide, no user key) and
  `create_owner_tables` (one owner's content, identical in every file). No FK in
  the owner bucket may reach the registry — enforced by a standalone test.
  Dropped `chat_history.model_db_id` (write-only, and the only registry-crossing
  key); moved `projects`/`project_tickets` into the owner bucket.
- Provisioning invariant: the file is written before the row, deleted after it,
  so a crash leaves an orphan file, never a user without a database. `open_db`
  never creates: a missing file is an error, not a silent empty database.

Not consumed yet: no login, call sites still use the shared system.db pool.

## Extract crates/skald-core

The headless core moves out of `src/` into its own crate; `skald` (server) and
the coming `skald-setup` are shells around it. Two dependencies on the shell
were inverted rather than dragged along, so the core names neither Tauri nor any
concrete plugin:

- `Plugin::tools(self: Arc<Self>)` — plugins contribute tools through this hook
  (sibling of `http_router`), so the core no longer downcasts to
  `MobileConnectorPlugin`.
- `tools::restart::set_restart_handler` — the desktop shell installs its
  teardown-and-respawn; the core defaults to the supervisor exit code. The core
  loses its `desktop` feature.
- `boot`'s stdout formatter moves to the binary (`src/boot_format.rs`); the core
  only emits tracing events.

All 79 core tests pass; the binary boots and serves in a clean directory, and
the mobile-connector tools still register through the new hook.
This commit is contained in:
2026-07-10 16:48:51 +01:00
parent 38494a85a9
commit 178a38357e
173 changed files with 2650 additions and 1106 deletions
+11 -33
View File
@@ -1,6 +1,7 @@
[workspace]
members = [
".",
"crates/skald-core",
"crates/honcho-client",
"crates/llm-client",
"crates/core-api",
@@ -45,6 +46,8 @@ embedded-tailscale = ["plugin-tailscale-remote/remote-tailscale"]
tauri-build = { version = "2", optional = true , features = [] }
[dependencies]
skald-core = { path = "crates/skald-core" }
axum = { version = "0.8", features = ["ws", "multipart"] }
tokio = { version = "1.52.3", features = ["full"] }
tokio-util = { version = "0.7", features = ["rt"] }
@@ -57,10 +60,14 @@ anyhow = "1"
sqlx = { version = "0.9.0", features = ["runtime-tokio", "sqlite"] }
reqwest = { version = "0.13.4", default-features = false, features = ["rustls-no-provider", "charset", "http2", "system-proxy", "json", "multipart"] }
# rustls is pinned as a direct dependency solely to select the crypto provider:
# `ring` instead of the default `aws-lc-rs`. This keeps TLS off OpenSSL/aws-lc
# (no libssl link, no cmake/NASM build), which is what makes a fully static musl
# binary practical. Every reqwest client uses `rustls-no-provider`, so exactly
# one process-wide provider is installed in main() before any TLS handshake.
# `ring` instead of the default `aws-lc-rs`, avoiding aws-lc's cmake/NASM build.
# Every reqwest client uses `rustls-no-provider`, so exactly one process-wide
# provider is installed in main() before any TLS handshake.
#
# TLS therefore never touches OpenSSL. libcrypto is nonetheless in the tree now,
# vendored and statically linked for SQLCipher (see `libsqlite3-sys` in
# crates/skald-core) — so the binary stays self-contained, but "no OpenSSL
# anywhere" is no longer true.
rustls = { version = "0.23", default-features = false, features = ["ring", "std", "tls12", "logging"] }
async-trait = "0.1"
serde_json = "1"
@@ -69,36 +76,7 @@ tracing = "0.1"
tracing-subscriber = { version = "0.3", features = ["env-filter"] }
tracing-appender = "0.2"
chrono = { version = "0.4", default-features = false, features = ["clock", "std"] }
chrono-tz = "0.10"
iana-time-zone = "0.1"
os_info = "3"
cron = "0.16"
rand = "0.10.1"
syn = { version = "2", features = ["full"] }
quote = "1"
proc-macro2 = { version = "1", features = ["span-locations"] }
tree-sitter = "0.26"
tree-sitter-python = "0.25"
tree-sitter-javascript = "0.25"
tree-sitter-typescript = "0.23"
tree-sitter-go = "0.25"
tree-sitter-java = "0.23"
tree-sitter-c = "0.24"
tree-sitter-cpp = "0.23"
tree-sitter-swift = "0.7"
tree-sitter-lua = "0.5"
tree-sitter-ruby = "0.23"
tree-sitter-bash = "0.25"
tree-sitter-elixir = "0.3"
tree-sitter-json = "0.24"
tree-sitter-yaml = "0.7"
tree-sitter-html = "0.23"
tree-sitter-css = "0.25"
regex = "1"
glob = "0.3"
libc = "0.2"
base64 = "0.22"
sha2 = "0.10"
notify = "8"
honcho-client = { path = "crates/honcho-client" }
llm-client = { path = "crates/llm-client" }