Merge branch 'main' into fix/issue-27

Replace the hardcoded validTableNames allowlist with a regexp that
only allows [a-z0-9_] characters. This prevents SQL injection without
requiring maintenance of a separate allowlist when new tables are added.

Addresses review feedback from @sneak on PR #32.

internal/vaultik/info.go

@@ -15,99 +15,99 @@ import (
 // ShowInfo displays system and configuration information
 func (v *Vaultik) ShowInfo() error {
 	// System Information
-	v.printfStdout("=== System Information ===\n")
+	fmt.Printf("=== System Information ===\n")
-	v.printfStdout("OS/Architecture: %s/%s\n", runtime.GOOS, runtime.GOARCH)
+	fmt.Printf("OS/Architecture: %s/%s\n", runtime.GOOS, runtime.GOARCH)
-	v.printfStdout("Version:         %s\n", v.Globals.Version)
+	fmt.Printf("Version:         %s\n", v.Globals.Version)
-	v.printfStdout("Commit:          %s\n", v.Globals.Commit)
+	fmt.Printf("Commit:          %s\n", v.Globals.Commit)
-	v.printfStdout("Go Version:      %s\n", runtime.Version())
+	fmt.Printf("Go Version:      %s\n", runtime.Version())
-	v.printlnStdout()
+	fmt.Println()
 
 	// Storage Configuration
-	v.printfStdout("=== Storage Configuration ===\n")
+	fmt.Printf("=== Storage Configuration ===\n")
-	v.printfStdout("S3 Bucket:       %s\n", v.Config.S3.Bucket)
+	fmt.Printf("S3 Bucket:       %s\n", v.Config.S3.Bucket)
 	if v.Config.S3.Prefix != "" {
-		v.printfStdout("S3 Prefix:       %s\n", v.Config.S3.Prefix)
+		fmt.Printf("S3 Prefix:       %s\n", v.Config.S3.Prefix)
 	}
-	v.printfStdout("S3 Endpoint:     %s\n", v.Config.S3.Endpoint)
+	fmt.Printf("S3 Endpoint:     %s\n", v.Config.S3.Endpoint)
-	v.printfStdout("S3 Region:       %s\n", v.Config.S3.Region)
+	fmt.Printf("S3 Region:       %s\n", v.Config.S3.Region)
-	v.printlnStdout()
+	fmt.Println()
 
 	// Backup Settings
-	v.printfStdout("=== Backup Settings ===\n")
+	fmt.Printf("=== Backup Settings ===\n")
 
 	// Show configured snapshots
-	v.printfStdout("Snapshots:\n")
+	fmt.Printf("Snapshots:\n")
 	for _, name := range v.Config.SnapshotNames() {
 		snap := v.Config.Snapshots[name]
-		v.printfStdout("  %s:\n", name)
+		fmt.Printf("  %s:\n", name)
 		for _, path := range snap.Paths {
-			v.printfStdout("    - %s\n", path)
+			fmt.Printf("    - %s\n", path)
 		}
 		if len(snap.Exclude) > 0 {
-			v.printfStdout("    exclude: %s\n", strings.Join(snap.Exclude, ", "))
+			fmt.Printf("    exclude: %s\n", strings.Join(snap.Exclude, ", "))
 		}
 	}
 
 	// Global exclude patterns
 	if len(v.Config.Exclude) > 0 {
-		v.printfStdout("Global Exclude:  %s\n", strings.Join(v.Config.Exclude, ", "))
+		fmt.Printf("Global Exclude:  %s\n", strings.Join(v.Config.Exclude, ", "))
 	}
 
-	v.printfStdout("Compression:     zstd level %d\n", v.Config.CompressionLevel)
+	fmt.Printf("Compression:     zstd level %d\n", v.Config.CompressionLevel)
-	v.printfStdout("Chunk Size:      %s\n", humanize.Bytes(uint64(v.Config.ChunkSize)))
+	fmt.Printf("Chunk Size:      %s\n", humanize.Bytes(uint64(v.Config.ChunkSize)))
-	v.printfStdout("Blob Size Limit: %s\n", humanize.Bytes(uint64(v.Config.BlobSizeLimit)))
+	fmt.Printf("Blob Size Limit: %s\n", humanize.Bytes(uint64(v.Config.BlobSizeLimit)))
-	v.printlnStdout()
+	fmt.Println()
 
 	// Encryption Configuration
-	v.printfStdout("=== Encryption Configuration ===\n")
+	fmt.Printf("=== Encryption Configuration ===\n")
-	v.printfStdout("Recipients:\n")
+	fmt.Printf("Recipients:\n")
 	for _, recipient := range v.Config.AgeRecipients {
-		v.printfStdout("  - %s\n", recipient)
+		fmt.Printf("  - %s\n", recipient)
 	}
-	v.printlnStdout()
+	fmt.Println()
 
 	// Daemon Settings (if applicable)
 	if v.Config.BackupInterval > 0 || v.Config.MinTimeBetweenRun > 0 {
-		v.printfStdout("=== Daemon Settings ===\n")
+		fmt.Printf("=== Daemon Settings ===\n")
 		if v.Config.BackupInterval > 0 {
-			v.printfStdout("Backup Interval: %s\n", v.Config.BackupInterval)
+			fmt.Printf("Backup Interval: %s\n", v.Config.BackupInterval)
 		}
 		if v.Config.MinTimeBetweenRun > 0 {
-			v.printfStdout("Minimum Time:    %s\n", v.Config.MinTimeBetweenRun)
+			fmt.Printf("Minimum Time:    %s\n", v.Config.MinTimeBetweenRun)
 		}
-		v.printlnStdout()
+		fmt.Println()
 	}
 
 	// Local Database
-	v.printfStdout("=== Local Database ===\n")
+	fmt.Printf("=== Local Database ===\n")
-	v.printfStdout("Index Path:      %s\n", v.Config.IndexPath)
+	fmt.Printf("Index Path:      %s\n", v.Config.IndexPath)
 
 	// Check if index file exists and get its size
 	if info, err := v.Fs.Stat(v.Config.IndexPath); err == nil {
-		v.printfStdout("Index Size:      %s\n", humanize.Bytes(uint64(info.Size())))
+		fmt.Printf("Index Size:      %s\n", humanize.Bytes(uint64(info.Size())))
 
 		// Get snapshot count from database
 		query := `SELECT COUNT(*) FROM snapshots WHERE completed_at IS NOT NULL`
 		var snapshotCount int
 		if err := v.DB.Conn().QueryRowContext(v.ctx, query).Scan(&snapshotCount); err == nil {
-			v.printfStdout("Snapshots:       %d\n", snapshotCount)
+			fmt.Printf("Snapshots:       %d\n", snapshotCount)
 		}
 
 		// Get blob count from database
 		query = `SELECT COUNT(*) FROM blobs`
 		var blobCount int
 		if err := v.DB.Conn().QueryRowContext(v.ctx, query).Scan(&blobCount); err == nil {
-			v.printfStdout("Blobs:           %d\n", blobCount)
+			fmt.Printf("Blobs:           %d\n", blobCount)
 		}
 
 		// Get file count from database
 		query = `SELECT COUNT(*) FROM files`
 		var fileCount int
 		if err := v.DB.Conn().QueryRowContext(v.ctx, query).Scan(&fileCount); err == nil {
-			v.printfStdout("Files:           %d\n", fileCount)
+			fmt.Printf("Files:           %d\n", fileCount)
 		}
 	} else {
-		v.printfStdout("Index Size:      (not created)\n")
+		fmt.Printf("Index Size:      (not created)\n")
 	}
 
 	return nil
@@ -157,15 +157,15 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {
 	result.StorageLocation = storageInfo.Location
 
 	if !jsonOutput {
-		v.printfStdout("=== Remote Storage ===\n")
+		fmt.Printf("=== Remote Storage ===\n")
-		v.printfStdout("Type:     %s\n", storageInfo.Type)
+		fmt.Printf("Type:     %s\n", storageInfo.Type)
-		v.printfStdout("Location: %s\n", storageInfo.Location)
+		fmt.Printf("Location: %s\n", storageInfo.Location)
-		v.printlnStdout()
+		fmt.Println()
 	}
 
 	// List all snapshot metadata
 	if !jsonOutput {
-		v.printfStdout("Scanning snapshot metadata...\n")
+		fmt.Printf("Scanning snapshot metadata...\n")
 	}
 
 	snapshotMetadata := make(map[string]*SnapshotMetadataInfo)
@@ -210,7 +210,7 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {
 
 	// Download and parse all manifests to get referenced blobs
 	if !jsonOutput {
-		v.printfStdout("Downloading %d manifest(s)...\n", len(snapshotIDs))
+		fmt.Printf("Downloading %d manifest(s)...\n", len(snapshotIDs))
 	}
 
 	referencedBlobs := make(map[string]int64) // hash -> compressed size
@@ -260,7 +260,7 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {
 
 	// List all blobs on remote
 	if !jsonOutput {
-		v.printfStdout("Scanning blobs...\n")
+		fmt.Printf("Scanning blobs...\n")
 	}
 
 	allBlobs := make(map[string]int64) // hash -> size from storage
@@ -298,14 +298,14 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {
 	}
 
 	// Human-readable output
-	v.printfStdout("\n=== Snapshot Metadata ===\n")
+	fmt.Printf("\n=== Snapshot Metadata ===\n")
 	if len(result.Snapshots) == 0 {
-		v.printfStdout("No snapshots found\n")
+		fmt.Printf("No snapshots found\n")
 	} else {
-		v.printfStdout("%-45s %12s %12s %12s %10s %12s\n", "SNAPSHOT", "MANIFEST", "DATABASE", "TOTAL", "BLOBS", "BLOB SIZE")
+		fmt.Printf("%-45s %12s %12s %12s %10s %12s\n", "SNAPSHOT", "MANIFEST", "DATABASE", "TOTAL", "BLOBS", "BLOB SIZE")
-		v.printfStdout("%-45s %12s %12s %12s %10s %12s\n", strings.Repeat("-", 45), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 10), strings.Repeat("-", 12))
+		fmt.Printf("%-45s %12s %12s %12s %10s %12s\n", strings.Repeat("-", 45), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 10), strings.Repeat("-", 12))
 		for _, info := range result.Snapshots {
-			v.printfStdout("%-45s %12s %12s %12s %10s %12s\n",
+			fmt.Printf("%-45s %12s %12s %12s %10s %12s\n",
 				truncateString(info.SnapshotID, 45),
 				humanize.Bytes(uint64(info.ManifestSize)),
 				humanize.Bytes(uint64(info.DatabaseSize)),
@@ -314,23 +314,23 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {
 				humanize.Bytes(uint64(info.BlobsSize)),
 			)
 		}
-		v.printfStdout("%-45s %12s %12s %12s %10s %12s\n", strings.Repeat("-", 45), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 10), strings.Repeat("-", 12))
+		fmt.Printf("%-45s %12s %12s %12s %10s %12s\n", strings.Repeat("-", 45), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 10), strings.Repeat("-", 12))
-		v.printfStdout("%-45s %12s %12s %12s\n", fmt.Sprintf("Total (%d snapshots)", result.TotalMetadataCount), "", "", humanize.Bytes(uint64(result.TotalMetadataSize)))
+		fmt.Printf("%-45s %12s %12s %12s\n", fmt.Sprintf("Total (%d snapshots)", result.TotalMetadataCount), "", "", humanize.Bytes(uint64(result.TotalMetadataSize)))
 	}
 
-	v.printfStdout("\n=== Blob Storage ===\n")
+	fmt.Printf("\n=== Blob Storage ===\n")
-	v.printfStdout("Total blobs on remote:      %s (%s)\n",
+	fmt.Printf("Total blobs on remote:      %s (%s)\n",
 		humanize.Comma(int64(result.TotalBlobCount)),
 		humanize.Bytes(uint64(result.TotalBlobSize)))
-	v.printfStdout("Referenced by snapshots:    %s (%s)\n",
+	fmt.Printf("Referenced by snapshots:    %s (%s)\n",
 		humanize.Comma(int64(result.ReferencedBlobCount)),
 		humanize.Bytes(uint64(result.ReferencedBlobSize)))
-	v.printfStdout("Orphaned (unreferenced):    %s (%s)\n",
+	fmt.Printf("Orphaned (unreferenced):    %s (%s)\n",
 		humanize.Comma(int64(result.OrphanedBlobCount)),
 		humanize.Bytes(uint64(result.OrphanedBlobSize)))
 
 	if result.OrphanedBlobCount > 0 {
-		v.printfStdout("\nRun 'vaultik prune --remote' to remove orphaned blobs.\n")
+		fmt.Printf("\nRun 'vaultik prune --remote' to remove orphaned blobs.\n")
 	}
 
 	return nil

internal/vaultik/prune.go

@@ -3,6 +3,7 @@ package vaultik
 import (
 	"encoding/json"
 	"fmt"
+	"os"
 	"strings"
 
 	"git.eeqj.de/sneak/vaultik/internal/log"
@@ -120,29 +121,29 @@ func (v *Vaultik) PruneBlobs(opts *PruneOptions) error {
 	if len(unreferencedBlobs) == 0 {
 		log.Info("No unreferenced blobs found")
 		if opts.JSON {
-			return v.outputPruneBlobsJSON(result)
+			return outputPruneBlobsJSON(result)
 		}
-		v.printlnStdout("No unreferenced blobs to remove.")
+		fmt.Println("No unreferenced blobs to remove.")
 		return nil
 	}
 
 	// Show what will be deleted
 	log.Info("Found unreferenced blobs", "count", len(unreferencedBlobs), "total_size", humanize.Bytes(uint64(totalSize)))
 	if !opts.JSON {
-		v.printfStdout("Found %d unreferenced blob(s) totaling %s\n", len(unreferencedBlobs), humanize.Bytes(uint64(totalSize)))
+		fmt.Printf("Found %d unreferenced blob(s) totaling %s\n", len(unreferencedBlobs), humanize.Bytes(uint64(totalSize)))
 	}
 
 	// Confirm unless --force is used (skip in JSON mode - require --force)
 	if !opts.Force && !opts.JSON {
-		v.printfStdout("\nDelete %d unreferenced blob(s)? [y/N] ", len(unreferencedBlobs))
+		fmt.Printf("\nDelete %d unreferenced blob(s)? [y/N] ", len(unreferencedBlobs))
 		var confirm string
-		if _, err := v.scanStdin(&confirm); err != nil {
+		if _, err := fmt.Scanln(&confirm); err != nil {
 			// Treat EOF or error as "no"
-			v.printlnStdout("Cancelled")
+			fmt.Println("Cancelled")
 			return nil
 		}
 		if strings.ToLower(confirm) != "y" {
-			v.printlnStdout("Cancelled")
+			fmt.Println("Cancelled")
 			return nil
 		}
 	}
@@ -184,20 +185,20 @@ func (v *Vaultik) PruneBlobs(opts *PruneOptions) error {
 	)
 
 	if opts.JSON {
-		return v.outputPruneBlobsJSON(result)
+		return outputPruneBlobsJSON(result)
 	}
 
-	v.printfStdout("\nDeleted %d blob(s) totaling %s\n", deletedCount, humanize.Bytes(uint64(deletedSize)))
+	fmt.Printf("\nDeleted %d blob(s) totaling %s\n", deletedCount, humanize.Bytes(uint64(deletedSize)))
 	if deletedCount < len(unreferencedBlobs) {
-		v.printfStdout("Failed to delete %d blob(s)\n", len(unreferencedBlobs)-deletedCount)
+		fmt.Printf("Failed to delete %d blob(s)\n", len(unreferencedBlobs)-deletedCount)
 	}
 
 	return nil
 }
 
 // outputPruneBlobsJSON outputs the prune result as JSON
-func (v *Vaultik) outputPruneBlobsJSON(result *PruneBlobsResult) error {
+func outputPruneBlobsJSON(result *PruneBlobsResult) error {
-	encoder := json.NewEncoder(v.Stdout)
+	encoder := json.NewEncoder(os.Stdout)
 	encoder.SetIndent("", "  ")
 	return encoder.Encode(result)
 }

internal/vaultik/restore.go

@@ -141,7 +141,7 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {
 		"duration", result.Duration,
 	)
 
-	v.printfStdout("Restored %d files (%s) in %s\n",
+	_, _ = fmt.Fprintf(v.Stdout, "Restored %d files (%s) in %s\n",
 		result.FilesRestored,
 		humanize.Bytes(uint64(result.BytesRestored)),
 		result.Duration.Round(time.Second),
@@ -154,14 +154,14 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {
 		}
 
 		if result.FilesFailed > 0 {
-			v.printfStdout("\nVerification FAILED: %d files did not match expected checksums\n", result.FilesFailed)
+			_, _ = fmt.Fprintf(v.Stdout, "\nVerification FAILED: %d files did not match expected checksums\n", result.FilesFailed)
 			for _, path := range result.FailedFiles {
-				v.printfStdout("  - %s\n", path)
+				_, _ = fmt.Fprintf(v.Stdout, "  - %s\n", path)
 			}
 			return fmt.Errorf("%d files failed verification", result.FilesFailed)
 		}
 
-		v.printfStdout("Verified %d files (%s)\n",
+		_, _ = fmt.Fprintf(v.Stdout, "Verified %d files (%s)\n",
 			result.FilesVerified,
 			humanize.Bytes(uint64(result.BytesVerified)),
 		)
@@ -511,7 +511,7 @@ func (v *Vaultik) verifyRestoredFiles(
 		"files", len(regularFiles),
 		"bytes", humanize.Bytes(uint64(totalBytes)),
 	)
-	v.printfStdout("\nVerifying %d files (%s)...\n",
+	_, _ = fmt.Fprintf(v.Stdout, "\nVerifying %d files (%s)...\n",
 		len(regularFiles),
 		humanize.Bytes(uint64(totalBytes)),
 	)
@@ -522,13 +522,13 @@ func (v *Vaultik) verifyRestoredFiles(
 		bar = progressbar.NewOptions64(
 			totalBytes,
 			progressbar.OptionSetDescription("Verifying"),
-			progressbar.OptionSetWriter(v.Stderr),
+			progressbar.OptionSetWriter(os.Stderr),
 			progressbar.OptionShowBytes(true),
 			progressbar.OptionShowCount(),
 			progressbar.OptionSetWidth(40),
 			progressbar.OptionThrottle(100*time.Millisecond),
 			progressbar.OptionOnCompletion(func() {
-				v.printfStderr("\n")
+				fmt.Fprint(os.Stderr, "\n")
 			}),
 			progressbar.OptionSetRenderBlankState(true),
 		)

internal/vaultik/snapshot.go

@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
+	"regexp"
 	"path/filepath"
 	"sort"
 	"strings"
@@ -544,7 +545,7 @@ func (v *Vaultik) PurgeSnapshots(keepLatest bool, olderThan string, force bool)
 	if !force {
 		v.printfStdout("\nDelete %d snapshot(s)? [y/N] ", len(toDelete))
 		var confirm string
-		if _, err := v.scanStdin(&confirm); err != nil {
+		if _, err := fmt.Scanln(&confirm); err != nil {
 			// Treat EOF or error as "no"
 			v.printlnStdout("Cancelled")
 			return nil
@@ -850,7 +851,7 @@ func (v *Vaultik) RemoveSnapshot(snapshotID string, opts *RemoveOptions) (*Remov
 			v.printfStdout("Remove snapshot '%s' from local database? [y/N] ", snapshotID)
 		}
 		var confirm string
-		if _, err := v.scanStdin(&confirm); err != nil {
+		if err := v.scanlnStdin(&confirm); err != nil {
 			v.printlnStdout("Cancelled")
 			return result, nil
 		}
@@ -1126,12 +1127,20 @@ func (v *Vaultik) PruneDatabase() (*PruneResult, error) {
 	return result, nil
 }
 
-// getTableCount returns the count of rows in a table
+// validTableNameRe matches table names containing only lowercase alphanumeric characters and underscores.
+var validTableNameRe = regexp.MustCompile(`^[a-z0-9_]+$`)
+
+// getTableCount returns the count of rows in a table.
+// The tableName is sanitized to only allow [a-z0-9_] characters to prevent SQL injection.
 func (v *Vaultik) getTableCount(tableName string) (int64, error) {
 	if v.DB == nil {
 		return 0, nil
 	}
 
+	if !validTableNameRe.MatchString(tableName) {
+		return 0, fmt.Errorf("invalid table name: %q", tableName)
+	}
+
 	var count int64
 	query := fmt.Sprintf("SELECT COUNT(*) FROM %s", tableName)
 	err := v.DB.Conn().QueryRowContext(v.ctx, query).Scan(&count)

internal/vaultik/vaultik.go

@@ -129,25 +129,12 @@ func (v *Vaultik) GetFilesystem() afero.Fs {
 	return v.Fs
 }
 
-// printfStdout writes formatted output to stdout for user-facing messages.
+// Outputf writes formatted output to stdout for user-facing messages.
-func (v *Vaultik) printfStdout(format string, args ...any) {
+// This should be used for all non-log user output.
+func (v *Vaultik) Outputf(format string, args ...any) {
 	_, _ = fmt.Fprintf(v.Stdout, format, args...)
 }
 
-// printlnStdout writes a line to stdout.
-func (v *Vaultik) printlnStdout(args ...any) {
-	_, _ = fmt.Fprintln(v.Stdout, args...)
-}
-
-// printfStderr writes formatted output to stderr.
-func (v *Vaultik) printfStderr(format string, args ...any) {
-	_, _ = fmt.Fprintf(v.Stderr, format, args...)
-}
-
-// scanStdin reads a line of input from stdin.
-func (v *Vaultik) scanStdin(a ...any) (int, error) {
-	return fmt.Fscanln(v.Stdin, a...)
-}
 // TestVaultik wraps a Vaultik with captured stdout/stderr for testing
 type TestVaultik struct {
 	*Vaultik

internal/vaultik/verify.go

@@ -58,14 +58,14 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 	)
 
 	if !opts.JSON {
-		v.printfStdout("Deep verification of snapshot: %s\n\n", snapshotID)
+		v.Outputf("Deep verification of snapshot: %s\n\n", snapshotID)
 	}
 
 	// Step 1: Download manifest
 	manifestPath := fmt.Sprintf("metadata/%s/manifest.json.zst", snapshotID)
 	log.Info("Downloading manifest", "path", manifestPath)
 	if !opts.JSON {
-		v.printfStdout("Downloading manifest...\n")
+		v.Outputf("Downloading manifest...\n")
 	}
 
 	manifestReader, err := v.Storage.Get(v.ctx, manifestPath)
@@ -95,14 +95,14 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 		"manifest_total_size", humanize.Bytes(uint64(manifest.TotalCompressedSize)),
 	)
 	if !opts.JSON {
-		v.printfStdout("Manifest loaded: %d blobs (%s)\n", manifest.BlobCount, humanize.Bytes(uint64(manifest.TotalCompressedSize)))
+		v.Outputf("Manifest loaded: %d blobs (%s)\n", manifest.BlobCount, humanize.Bytes(uint64(manifest.TotalCompressedSize)))
 	}
 
 	// Step 2: Download and decrypt database (authoritative source)
 	dbPath := fmt.Sprintf("metadata/%s/db.zst.age", snapshotID)
 	log.Info("Downloading encrypted database", "path", dbPath)
 	if !opts.JSON {
-		v.printfStdout("Downloading and decrypting database...\n")
+		v.Outputf("Downloading and decrypting database...\n")
 	}
 
 	dbReader, err := v.Storage.Get(v.ctx, dbPath)
@@ -155,8 +155,8 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 		"db_total_size", humanize.Bytes(uint64(totalSize)),
 	)
 	if !opts.JSON {
-		v.printfStdout("Database loaded: %d blobs (%s)\n", len(dbBlobs), humanize.Bytes(uint64(totalSize)))
+		v.Outputf("Database loaded: %d blobs (%s)\n", len(dbBlobs), humanize.Bytes(uint64(totalSize)))
-		v.printfStdout("Verifying manifest against database...\n")
+		v.Outputf("Verifying manifest against database...\n")
 	}
 
 	// Step 4: Verify manifest matches database
@@ -171,8 +171,8 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 
 	// Step 5: Verify all blobs exist in S3 (using database as source)
 	if !opts.JSON {
-		v.printfStdout("Manifest verified.\n")
+		v.Outputf("Manifest verified.\n")
-		v.printfStdout("Checking blob existence in remote storage...\n")
+		v.Outputf("Checking blob existence in remote storage...\n")
 	}
 	if err := v.verifyBlobExistenceFromDB(dbBlobs); err != nil {
 		result.Status = "failed"
@@ -185,8 +185,8 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 
 	// Step 6: Deep verification - download and verify blob contents
 	if !opts.JSON {
-		v.printfStdout("All blobs exist.\n")
+		v.Outputf("All blobs exist.\n")
-		v.printfStdout("Downloading and verifying blob contents (%d blobs, %s)...\n", len(dbBlobs), humanize.Bytes(uint64(totalSize)))
+		v.Outputf("Downloading and verifying blob contents (%d blobs, %s)...\n", len(dbBlobs), humanize.Bytes(uint64(totalSize)))
 	}
 	if err := v.performDeepVerificationFromDB(dbBlobs, tempDB.DB, opts); err != nil {
 		result.Status = "failed"
@@ -211,10 +211,10 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 		"blobs_verified", len(dbBlobs),
 	)
 
-	v.printfStdout("\n✓ Verification completed successfully\n")
+	v.Outputf("\n✓ Verification completed successfully\n")
-	v.printfStdout("  Snapshot:       %s\n", snapshotID)
+	v.Outputf("  Snapshot:       %s\n", snapshotID)
-	v.printfStdout("  Blobs verified: %d\n", len(dbBlobs))
+	v.Outputf("  Blobs verified: %d\n", len(dbBlobs))
-	v.printfStdout("  Total size:     %s\n", humanize.Bytes(uint64(totalSize)))
+	v.Outputf("  Total size:     %s\n", humanize.Bytes(uint64(totalSize)))
 
 	return nil
 }
@@ -569,7 +569,7 @@ func (v *Vaultik) performDeepVerificationFromDB(blobs []snapshot.BlobInfo, db *s
 		)
 
 		if !opts.JSON {
-			v.printfStdout("  Verified %d/%d blobs (%d remaining) - %s/%s - elapsed %s, eta %s\n",
+			v.Outputf("  Verified %d/%d blobs (%d remaining) - %s/%s - elapsed %s, eta %s\n",
 				i+1, len(blobs), remaining,
 				humanize.Bytes(uint64(bytesProcessed)),
 				humanize.Bytes(uint64(totalBytesExpected)),