cloud-vault M1

Distributed encrypted shard vault. Owners encrypt + erasure-code client-side; the server only ever sees ciphertext shards.

How it works

• Owner generates a master key and AES-GCM encrypts the file locally.
• Ciphertext is split into N Reed-Solomon shards (default 10 of 16).
• Shards are scattered across peers (this anchor + opt-in phones).
• Owner reconstitutes from any K shards using the master key. Server can't decrypt.

Closed system — access is by invitation. The first-party clients (CLI + Flutter APK) handle all upload, fetch, and reconstitution flows. There is no public API surface.