+15

README.md

··· 1 1 + # Cistern 2 2 + 3 3 + Cistern is an attempt at implementing a private, personal quick-capture system 4 4 + on AT Protocol. Cistern "items" are encrypted, so that they are only readable 5 5 + by the holder of the correct secret key—stored off-protocol. These items are 6 6 + intended to be ephemeral, and to be deleted after they've been read. 7 7 + 8 8 + The intention is for Cistern to bridge the gap between where ideas are had and 9 9 + where they can be stored long-term. For example, let's say you have an idea 10 10 + while at a restaurant. You create an item using your phone, and once you're 11 11 + back at your desk and you open Obsidian, that item is automatically pulled from 12 12 + your PDS, decrypted, and deleted from your PDS. If your notebook was open at 13 13 + the time you created your item, the Cistern Obsidian plugin would have been 14 14 + notified of the new item via the Jetstream, and so you would find your memo 15 15 + waiting for you once you got home.

+5

deno.jsonc

··· 1 1 + { 2 2 + "workspace": [ 3 3 + "packages/*" 4 4 + ] 5 5 + }

+57

deno.lock

··· 1 1 + { 2 2 + "version": "5", 3 3 + "specifiers": { 4 4 + "npm:@atproto/lexicon@~0.5.1": "0.5.1" 5 5 + }, 6 6 + "npm": { 7 7 + "@atproto/common-web@0.4.3": { 8 8 + "integrity": "sha512-nRDINmSe4VycJzPo6fP/hEltBcULFxt9Kw7fQk6405FyAWZiTluYHlXOnU7GkQfeUK44OENG1qFTBcmCJ7e8pg==", 9 9 + "dependencies": [ 10 10 + "graphemer", 11 11 + "multiformats", 12 12 + "uint8arrays", 13 13 + "zod" 14 14 + ] 15 15 + }, 16 16 + "@atproto/lexicon@0.5.1": { 17 17 + "integrity": "sha512-y8AEtYmfgVl4fqFxqXAeGvhesiGkxiy3CWoJIfsFDDdTlZUC8DFnZrYhcqkIop3OlCkkljvpSJi1hbeC1tbi8A==", 18 18 + "dependencies": [ 19 19 + "@atproto/common-web", 20 20 + "@atproto/syntax", 21 21 + "iso-datestring-validator", 22 22 + "multiformats", 23 23 + "zod" 24 24 + ] 25 25 + }, 26 26 + "@atproto/syntax@0.4.1": { 27 27 + "integrity": "sha512-CJdImtLAiFO+0z3BWTtxwk6aY5w4t8orHTMVJgkf++QRJWTxPbIFko/0hrkADB7n2EruDxDSeAgfUGehpH6ngw==" 28 28 + }, 29 29 + "graphemer@1.4.0": { 30 30 + "integrity": "sha512-EtKwoO6kxCL9WO5xipiHTZlSzBm7WLT627TqC/uVRd0HKmq8NXyebnNYxDoBi7wt8eTWrUrKXCOVaFq9x1kgag==" 31 31 + }, 32 32 + "iso-datestring-validator@2.2.2": { 33 33 + "integrity": "sha512-yLEMkBbLZTlVQqOnQ4FiMujR6T4DEcCb1xizmvXS+OxuhwcbtynoosRzdMA69zZCShCNAbi+gJ71FxZBBXx1SA==" 34 34 + }, 35 35 + "multiformats@9.9.0": { 36 36 + "integrity": "sha512-HoMUjhH9T8DDBNT+6xzkrd9ga/XiBI4xLr58LJACwK6G3HTOPeMz4nB4KJs33L2BelrIJa7P0VuNaVF3hMYfjg==" 37 37 + }, 38 38 + "uint8arrays@3.0.0": { 39 39 + "integrity": "sha512-HRCx0q6O9Bfbp+HHSfQQKD7wU70+lydKVt4EghkdOvlK/NlrF90z+eXV34mUd48rNvVJXwkrMSPpCATkct8fJA==", 40 40 + "dependencies": [ 41 41 + "multiformats" 42 42 + ] 43 43 + }, 44 44 + "zod@3.25.76": { 45 45 + "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==" 46 46 + } 47 47 + }, 48 48 + "workspace": { 49 49 + "members": { 50 50 + "packages/lexicon": { 51 51 + "dependencies": [ 52 52 + "npm:@atproto/lexicon@~0.5.1" 53 53 + ] 54 54 + } 55 55 + } 56 56 + } 57 57 + }

+9

packages/lexicon/deno.jsonc

··· 1 1 + { 2 2 + "name": "@cistern/lexicon", 3 3 + "exports": { 4 4 + ".": "mod.ts" 5 5 + }, 6 6 + "imports": { 7 7 + "@atproto/lexicon": "npm:@atproto/lexicon@^0.5.1" 8 8 + } 9 9 + }

+11

packages/lexicon/mod.ts

··· 1 1 + import item from "./schemas/item.json" with { type: "json" }; 2 2 + import pubkey from "./schemas/pubkey.json" with { type: "json" }; 3 3 + 4 4 + import { Lexicons } from "@atproto/lexicon"; 5 5 + 6 6 + const lexicons = new Lexicons(); 7 7 + 8 8 + lexicons.add(item); 9 9 + lexicons.add(pubkey); 10 10 + 11 11 + export { item, lexicons, pubkey };

+101

packages/lexicon/schemas/item.json

··· 1 1 + { 2 2 + "version": 1, 3 3 + "id": "app.cistern.lexicon.item", 4 4 + "description": "An encrypted value meant to be accessed and deleted later.", 5 5 + "defs": { 6 6 + "encryptedField": { 7 7 + "type": "object", 8 8 + "description": "An inline-encrypted property", 9 9 + "required": ["value", "nonce"], 10 10 + "properties": { 11 11 + "value": { 12 12 + "type": "string", 13 13 + "description": "Encrypted field value" 14 14 + }, 15 15 + "nonce": { 16 16 + "type": "string", 17 17 + "description": "Nonce used to encrypt field value" 18 18 + } 19 19 + } 20 20 + }, 21 21 + "main": { 22 22 + "type": "record", 23 23 + "description": "A manifest representing an encrypted note or binary file", 24 24 + "record": { 25 25 + "type": "object", 26 26 + "required": [ 27 27 + "tid", 28 28 + "ciphertext", 29 29 + "nonce", 30 30 + "algorithm", 31 31 + "pubkey", 32 32 + "chunks", 33 33 + "metadata" 34 34 + ], 35 35 + "properties": { 36 36 + "tid": { 37 37 + "type": "string", 38 38 + "description": "TID representing when this item was created", 39 39 + "format": "tid" 40 40 + } 41 41 + "ciphertext": { 42 42 + "type": "string", 43 43 + "description": "Encapsulated shared ciphertext" 44 44 + }, 45 45 + "nonce": { 46 46 + "type": "string", 47 47 + "description": "Nonce used for content encryption", 48 48 + "maxLength": 64, 49 49 + }, 50 50 + "algorithm": { 51 51 + "type": "string", 52 52 + "description": "Algorithm used for encryption, in <kem>-<cipher>-<hash> format.", 53 53 + "knownValues": ["x_wing-xchacha20_poly1305-sha3_512"] 54 54 + }, 55 55 + "pubkey": { 56 56 + "type": "string", 57 57 + "description": "URI to the public key used to encrypt this item", 58 58 + "format": "at-uri" 59 59 + }, 60 60 + "chunks": { 61 61 + "type": "array", 62 62 + "description": "Encrypted blobs that compose the encrypted contents of the item" 63 63 + "items": { 64 64 + "type": "blob", 65 65 + "accept": "application/octet-stream", 66 66 + "maxSize": 50000000 67 67 + }, 68 68 + "minLength": 1 69 69 + }, 70 70 + "metadata": { 71 71 + "type": "object", 72 72 + "description": "Information about the encrypted content.", 73 73 + "required": ["format", "length", "hash"], 74 74 + "properties": { 75 75 + "format": { 76 76 + "type": "string", 77 77 + "description": "Original contents format", 78 78 + "knownValues": ["text", "file"] 79 79 + }, 80 80 + "length": { 81 81 + "type": "ref", 82 82 + "description": "Original content length in bytes", 83 83 + "ref": "app.cistern.lexicon.item#encryptedField" 84 84 + }, 85 85 + "hash": { 86 86 + "type": "string", 87 87 + "description": "SHA-256 hash of the original file", 88 88 + "maxLength": 64, 89 89 + }, 90 90 + "mimetype": { 91 91 + "type": "ref", 92 92 + "description": "Mimetype of original contents, if a file", 93 93 + "ref": "app.cistern.lexicon.item#encryptedField" 94 94 + } 95 95 + } 96 96 + } 97 97 + } 98 98 + } 99 99 + } 100 100 + } 101 101 + }

+35

packages/lexicon/schemas/pubkey.json

··· 1 1 + { 2 2 + "version": 1, 3 3 + "id": "app.cistern.lexicon.pubkey", 4 4 + "description": "A public key used to encrypt Cistern items", 5 5 + "defs": { 6 6 + "main": { 7 7 + "type": "record", 8 8 + "description": "A public key used to encrypt Cistern items", 9 9 + "record": { 10 10 + "type": "object", 11 11 + "required": ["name", "algorithm", "content", "createdAt"], 12 12 + "properties": { 13 13 + "name": { 14 14 + "type": "string", 15 15 + "minGraphemes": 1, 16 16 + "description": "A memorable name for this public key. Avoid using revealing names, such as \"Graham's Macbook\"" 17 17 + }, 18 18 + "algorithm": { 19 19 + "type": "string", 20 20 + "knownValues": ["x_wing"], 21 21 + "description": "KEM algorithm used to generate this key" 22 22 + }, 23 23 + "content": { 24 24 + "type": "string", 25 25 + "description": "Contents of the public key, encoded in base64" 26 26 + }, 27 27 + "createdAt": { 28 28 + "type": "string", 29 29 + "format": "datetime" 30 30 + } 31 31 + } 32 32 + } 33 33 + } 34 34 + } 35 35 + }