feat: concurrent manifest downloads in ListSnapshots

Replace serial getManifestSize() calls with bounded concurrent downloads using errgroup. For each remote snapshot not in the local DB, manifest downloads now run in parallel (up to 10 concurrent) instead of one at a time. Changes: - Use errgroup with SetLimit(10) for bounded concurrency - Collect remote-only snapshot IDs first, pre-add entries with zero size - Download manifests concurrently, patch sizes from results - Remove now-unused getManifestSize helper (logic inlined into goroutines) - Promote golang.org/x/sync from indirect to direct dependency closes #8
Add make check target and CI workflow (#42 )
2026-03-17 21:51:52 -07:00 · 2026-03-17 12:39:44 +01:00 · 2026-03-17 11:18:18 +01:00 · 2026-02-20 11:22:12 +01:00 · 2026-02-20 11:20:52 +01:00 · 2026-02-20 11:19:40 +01:00
16 changed files with 931 additions and 181 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -0,0 +1,8 @@
+.git
+.gitea
+*.md
+LICENSE
+vaultik
+coverage.out
+coverage.html
+.DS_Store
--- a/.gitea/workflows/check.yml
+++ b/.gitea/workflows/check.yml
@@ -0,0 +1,14 @@
+name: check
+on:
+  push:
+    branches: [main]
+  pull_request:
+    branches: [main]
+jobs:
+  check:
+    runs-on: ubuntu-latest
+    steps:
+      # actions/checkout v4, 2024-09-16
+      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
+      - name: Build and check
+        run: docker build .
--- a/61
+++ b/61
@@ -0,0 +1,61 @@
+# Lint stage
+# golangci/golangci-lint:v2.11.3-alpine, 2026-03-17
+FROM golangci/golangci-lint:v2.11.3-alpine@sha256:b1c3de5862ad0a95b4e45a993b0f00415835d687e4f12c845c7493b86c13414e AS lint
+
+RUN apk add --no-cache make build-base
+
+WORKDIR /src
+
+# Copy go mod files first for better layer caching
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Run formatting check and linter
+RUN make fmt-check
+RUN make lint
+
+# Build stage
+# golang:1.26.1-alpine, 2026-03-17
+FROM golang:1.26.1-alpine@sha256:2389ebfa5b7f43eeafbd6be0c3700cc46690ef842ad962f6c5bd6be49ed82039 AS builder
+
+# Depend on lint stage passing
+COPY --from=lint /src/go.sum /dev/null
+
+ARG VERSION=dev
+
+# Install build dependencies for CGO (mattn/go-sqlite3) and sqlite3 CLI (tests)
+RUN apk add --no-cache make build-base sqlite
+
+WORKDIR /src
+
+# Copy go mod files first for better layer caching
+COPY go.mod go.sum ./
+RUN go mod download
+
+# Copy source code
+COPY . .
+
+# Run tests
+RUN make test
+
+# Build with CGO enabled (required for mattn/go-sqlite3)
+RUN CGO_ENABLED=1 go build -ldflags "-X 'git.eeqj.de/sneak/vaultik/internal/globals.Version=${VERSION}' -X 'git.eeqj.de/sneak/vaultik/internal/globals.Commit=$(git rev-parse HEAD 2>/dev/null || echo unknown)'" -o /vaultik ./cmd/vaultik
+
+# Runtime stage
+# alpine:3.21, 2026-02-25
+FROM alpine:3.21@sha256:c3f8e73fdb79deaebaa2037150150191b9dcbfba68b4a46d70103204c53f4709
+
+RUN apk add --no-cache ca-certificates sqlite
+
+# Copy binary from builder
+COPY --from=builder /vaultik /usr/local/bin/vaultik
+
+# Create non-root user
+RUN adduser -D -H -s /sbin/nologin vaultik
+
+USER vaultik
+
+ENTRYPOINT ["/usr/local/bin/vaultik"]
--- a/40
+++ b/40
@@ -1,4 +1,4 @@
-.PHONY: test fmt lint build clean all
+.PHONY: test fmt lint fmt-check check build clean all docker hooks

 # Version number
 VERSION := 0.0.1
@@ -14,21 +14,12 @@ LDFLAGS := -X 'git.eeqj.de/sneak/vaultik/internal/globals.Version=$(VERSION)' \
 all: vaultik

 # Run tests
-test: lint fmt-check
-	@echo "Running tests..."
-	@if ! go test -v -timeout 10s ./... 2>&1; then \
-		echo ""; \
-		echo "TEST FAILURES DETECTED"; \
-		echo "Run 'go test -v ./internal/database' to see database test details"; \
-		exit 1; \
-	fi
+test:
+	go test -race -timeout 30s ./...

-# Check if code is formatted
+# Check if code is formatted (read-only)
 fmt-check:
-	@if [ -n "$$(go fmt ./...)" ]; then \
-		echo "Error: Code is not formatted. Run 'make fmt' to fix."; \
-		exit 1; \
-	fi
+	@test -z "$$(gofmt -l .)" || (echo "Files not formatted:" && gofmt -l . && exit 1)

 # Format code
 fmt:
@@ -36,7 +27,7 @@ fmt:

 # Run linter
 lint:
-	golangci-lint run
+	golangci-lint run ./...

 # Build binary
 vaultik: internal/*/*.go cmd/vaultik/*.go
@@ -47,11 +38,6 @@ clean:
 	rm -f vaultik
 	go clean

-# Install dependencies
-deps:
-	go mod download
-	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
-
 # Run tests with coverage
 test-coverage:
 	go test -v -coverprofile=coverage.out ./...
@@ -67,3 +53,17 @@ local:

 install: vaultik
 	cp ./vaultik $(HOME)/bin/
+
+# Run all checks (formatting, linting, tests) without modifying files
+check: fmt-check lint test
+
+# Build Docker image
+docker:
+	docker build -t vaultik .
+
+# Install pre-commit hook
+hooks:
+	@printf '#!/bin/sh\nset -e\n' > .git/hooks/pre-commit
+	@printf 'go mod tidy\ngo fmt ./...\ngit diff --exit-code -- go.mod go.sum || { echo "go mod tidy changed files; please stage and retry"; exit 1; }\n' >> .git/hooks/pre-commit
+	@printf 'make check\n' >> .git/hooks/pre-commit
+	@chmod +x .git/hooks/pre-commit
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,6 @@
 module git.eeqj.de/sneak/vaultik

-go 1.24.4
+go 1.26.1

 require (
 	filippo.io/age v1.2.1
@@ -24,6 +24,7 @@ require (
 	github.com/spf13/cobra v1.10.1
 	github.com/stretchr/testify v1.11.1
 	go.uber.org/fx v1.24.0
+	golang.org/x/sync v0.18.0
 	golang.org/x/term v0.37.0
 	gopkg.in/yaml.v3 v3.0.1
 	modernc.org/sqlite v1.38.0
@@ -266,7 +267,6 @@ require (
 	golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
 	golang.org/x/net v0.47.0 // indirect
 	golang.org/x/oauth2 v0.33.0 // indirect
-	golang.org/x/sync v0.18.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
 	golang.org/x/time v0.14.0 // indirect
--- a/internal/blobgen/compress_test.go
+++ b/internal/blobgen/compress_test.go
@@ -0,0 +1,64 @@
+package blobgen
+
+import (
+	"bytes"
+	"crypto/rand"
+	"strings"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+	"github.com/stretchr/testify/require"
+)
+
+// testRecipient is a static age recipient for tests.
+const testRecipient = "age1cplgrwj77ta54dnmydvvmzn64ltk83ankxl5sww04mrtmu62kv3s89gmvv"
+
+// TestCompressStreamNoDoubleClose is a regression test for issue #28.
+// It verifies that CompressStream does not panic or return an error due to
+// double-closing the underlying blobgen.Writer. Before the fix in PR #33,
+// the explicit Close() on the happy path combined with defer Close() would
+// cause a double close.
+func TestCompressStreamNoDoubleClose(t *testing.T) {
+	input := []byte("regression test data for issue #28 double-close fix")
+	var buf bytes.Buffer
+
+	written, hash, err := CompressStream(&buf, bytes.NewReader(input), 3, []string{testRecipient})
+	require.NoError(t, err, "CompressStream should not return an error")
+	assert.True(t, written > 0, "expected bytes written > 0")
+	assert.NotEmpty(t, hash, "expected non-empty hash")
+	assert.True(t, buf.Len() > 0, "expected non-empty output")
+}
+
+// TestCompressStreamLargeInput exercises CompressStream with a larger payload
+// to ensure no double-close issues surface under heavier I/O.
+func TestCompressStreamLargeInput(t *testing.T) {
+	data := make([]byte, 512*1024) // 512 KB
+	_, err := rand.Read(data)
+	require.NoError(t, err)
+
+	var buf bytes.Buffer
+	written, hash, err := CompressStream(&buf, bytes.NewReader(data), 3, []string{testRecipient})
+	require.NoError(t, err)
+	assert.True(t, written > 0)
+	assert.NotEmpty(t, hash)
+}
+
+// TestCompressStreamEmptyInput verifies CompressStream handles empty input
+// without double-close issues.
+func TestCompressStreamEmptyInput(t *testing.T) {
+	var buf bytes.Buffer
+	_, hash, err := CompressStream(&buf, strings.NewReader(""), 3, []string{testRecipient})
+	require.NoError(t, err)
+	assert.NotEmpty(t, hash)
+}
+
+// TestCompressDataNoDoubleClose mirrors the stream test for CompressData,
+// ensuring the explicit Close + error-path Close pattern is also safe.
+func TestCompressDataNoDoubleClose(t *testing.T) {
+	input := []byte("CompressData regression test for double-close")
+	result, err := CompressData(input, 3, []string{testRecipient})
+	require.NoError(t, err)
+	assert.True(t, result.CompressedSize > 0)
+	assert.True(t, result.UncompressedSize == int64(len(input)))
+	assert.NotEmpty(t, result.SHA256)
+}
--- a/internal/vaultik/blob_fetch_stub.go
+++ b/internal/vaultik/blob_fetch_stub.go
@@ -0,0 +1,55 @@
+package vaultik
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"filippo.io/age"
+	"git.eeqj.de/sneak/vaultik/internal/blobgen"
+)
+
+// FetchAndDecryptBlobResult holds the result of fetching and decrypting a blob.
+type FetchAndDecryptBlobResult struct {
+	Data []byte
+}
+
+// FetchAndDecryptBlob downloads a blob, decrypts it, and returns the plaintext data.
+func (v *Vaultik) FetchAndDecryptBlob(ctx context.Context, blobHash string, expectedSize int64, identity age.Identity) (*FetchAndDecryptBlobResult, error) {
+	rc, _, err := v.FetchBlob(ctx, blobHash, expectedSize)
+	if err != nil {
+		return nil, err
+	}
+	defer func() { _ = rc.Close() }()
+
+	reader, err := blobgen.NewReader(rc, identity)
+	if err != nil {
+		return nil, fmt.Errorf("creating blob reader: %w", err)
+	}
+	defer func() { _ = reader.Close() }()
+
+	data, err := io.ReadAll(reader)
+	if err != nil {
+		return nil, fmt.Errorf("reading blob data: %w", err)
+	}
+
+	return &FetchAndDecryptBlobResult{Data: data}, nil
+}
+
+// FetchBlob downloads a blob and returns a reader for the encrypted data.
+func (v *Vaultik) FetchBlob(ctx context.Context, blobHash string, expectedSize int64) (io.ReadCloser, int64, error) {
+	blobPath := fmt.Sprintf("blobs/%s/%s/%s", blobHash[:2], blobHash[2:4], blobHash)
+
+	rc, err := v.Storage.Get(ctx, blobPath)
+	if err != nil {
+		return nil, 0, fmt.Errorf("downloading blob %s: %w", blobHash[:16], err)
+	}
+
+	info, err := v.Storage.Stat(ctx, blobPath)
+	if err != nil {
+		_ = rc.Close()
+		return nil, 0, fmt.Errorf("stat blob %s: %w", blobHash[:16], err)
+	}
+
+	return rc, info.Size, nil
+}
--- a/internal/vaultik/blobcache.go
+++ b/internal/vaultik/blobcache.go
@@ -0,0 +1,207 @@
+package vaultik
+
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"sync"
+)
+
+// blobDiskCacheEntry tracks a cached blob on disk.
+type blobDiskCacheEntry struct {
+	key  string
+	size int64
+	prev *blobDiskCacheEntry
+	next *blobDiskCacheEntry
+}
+
+// blobDiskCache is an LRU cache that stores blobs on disk instead of in memory.
+// Blobs are written to a temp directory keyed by their hash. When total size
+// exceeds maxBytes, the least-recently-used entries are evicted (deleted from disk).
+type blobDiskCache struct {
+	mu       sync.Mutex
+	dir      string
+	maxBytes int64
+	curBytes int64
+	items    map[string]*blobDiskCacheEntry
+	head     *blobDiskCacheEntry // most recent
+	tail     *blobDiskCacheEntry // least recent
+}
+
+// newBlobDiskCache creates a new disk-based blob cache with the given max size.
+func newBlobDiskCache(maxBytes int64) (*blobDiskCache, error) {
+	dir, err := os.MkdirTemp("", "vaultik-blobcache-*")
+	if err != nil {
+		return nil, fmt.Errorf("creating blob cache dir: %w", err)
+	}
+	return &blobDiskCache{
+		dir:      dir,
+		maxBytes: maxBytes,
+		items:    make(map[string]*blobDiskCacheEntry),
+	}, nil
+}
+
+func (c *blobDiskCache) path(key string) string {
+	return filepath.Join(c.dir, key)
+}
+
+func (c *blobDiskCache) unlink(e *blobDiskCacheEntry) {
+	if e.prev != nil {
+		e.prev.next = e.next
+	} else {
+		c.head = e.next
+	}
+	if e.next != nil {
+		e.next.prev = e.prev
+	} else {
+		c.tail = e.prev
+	}
+	e.prev = nil
+	e.next = nil
+}
+
+func (c *blobDiskCache) pushFront(e *blobDiskCacheEntry) {
+	e.prev = nil
+	e.next = c.head
+	if c.head != nil {
+		c.head.prev = e
+	}
+	c.head = e
+	if c.tail == nil {
+		c.tail = e
+	}
+}
+
+func (c *blobDiskCache) evictLRU() {
+	if c.tail == nil {
+		return
+	}
+	victim := c.tail
+	c.unlink(victim)
+	delete(c.items, victim.key)
+	c.curBytes -= victim.size
+	_ = os.Remove(c.path(victim.key))
+}
+
+// Put writes blob data to disk cache. Entries larger than maxBytes are silently skipped.
+func (c *blobDiskCache) Put(key string, data []byte) error {
+	entrySize := int64(len(data))
+
+	c.mu.Lock()
+	defer c.mu.Unlock()
+
+	if entrySize > c.maxBytes {
+		return nil
+	}
+
+	// Remove old entry if updating
+	if e, ok := c.items[key]; ok {
+		c.unlink(e)
+		c.curBytes -= e.size
+		_ = os.Remove(c.path(key))
+		delete(c.items, key)
+	}
+
+	if err := os.WriteFile(c.path(key), data, 0600); err != nil {
+		return fmt.Errorf("writing blob to cache: %w", err)
+	}
+
+	e := &blobDiskCacheEntry{key: key, size: entrySize}
+	c.pushFront(e)
+	c.items[key] = e
+	c.curBytes += entrySize
+
+	for c.curBytes > c.maxBytes && c.tail != nil {
+		c.evictLRU()
+	}
+
+	return nil
+}
+
+// Get reads a cached blob from disk. Returns data and true on hit.
+func (c *blobDiskCache) Get(key string) ([]byte, bool) {
+	c.mu.Lock()
+	e, ok := c.items[key]
+	if !ok {
+		c.mu.Unlock()
+		return nil, false
+	}
+	c.unlink(e)
+	c.pushFront(e)
+	c.mu.Unlock()
+
+	data, err := os.ReadFile(c.path(key))
+	if err != nil {
+		c.mu.Lock()
+		if e2, ok2 := c.items[key]; ok2 && e2 == e {
+			c.unlink(e)
+			delete(c.items, key)
+			c.curBytes -= e.size
+		}
+		c.mu.Unlock()
+		return nil, false
+	}
+	return data, true
+}
+
+// ReadAt reads a slice of a cached blob without loading the entire blob into memory.
+func (c *blobDiskCache) ReadAt(key string, offset, length int64) ([]byte, error) {
+	c.mu.Lock()
+	e, ok := c.items[key]
+	if !ok {
+		c.mu.Unlock()
+		return nil, fmt.Errorf("key %q not in cache", key)
+	}
+	if offset+length > e.size {
+		c.mu.Unlock()
+		return nil, fmt.Errorf("read beyond blob size: offset=%d length=%d size=%d", offset, length, e.size)
+	}
+	c.unlink(e)
+	c.pushFront(e)
+	c.mu.Unlock()
+
+	f, err := os.Open(c.path(key))
+	if err != nil {
+		return nil, err
+	}
+	defer func() { _ = f.Close() }()
+
+	buf := make([]byte, length)
+	if _, err := f.ReadAt(buf, offset); err != nil {
+		return nil, err
+	}
+	return buf, nil
+}
+
+// Has returns whether a key exists in the cache.
+func (c *blobDiskCache) Has(key string) bool {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	_, ok := c.items[key]
+	return ok
+}
+
+// Size returns current total cached bytes.
+func (c *blobDiskCache) Size() int64 {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	return c.curBytes
+}
+
+// Len returns number of cached entries.
+func (c *blobDiskCache) Len() int {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	return len(c.items)
+}
+
+// Close removes the cache directory and all cached blobs.
+func (c *blobDiskCache) Close() error {
+	c.mu.Lock()
+	defer c.mu.Unlock()
+	c.items = nil
+	c.head = nil
+	c.tail = nil
+	c.curBytes = 0
+	return os.RemoveAll(c.dir)
+}
--- a/internal/vaultik/blobcache_test.go
+++ b/internal/vaultik/blobcache_test.go
@@ -0,0 +1,189 @@
+package vaultik
+
+import (
+	"bytes"
+	"crypto/rand"
+	"fmt"
+	"testing"
+)
+
+func TestBlobDiskCache_BasicGetPut(t *testing.T) {
+	cache, err := newBlobDiskCache(1 << 20)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() { _ = cache.Close() }()
+
+	data := []byte("hello world")
+	if err := cache.Put("key1", data); err != nil {
+		t.Fatal(err)
+	}
+
+	got, ok := cache.Get("key1")
+	if !ok {
+		t.Fatal("expected cache hit")
+	}
+	if !bytes.Equal(got, data) {
+		t.Fatalf("got %q, want %q", got, data)
+	}
+
+	_, ok = cache.Get("nonexistent")
+	if ok {
+		t.Fatal("expected cache miss")
+	}
+}
+
+func TestBlobDiskCache_EvictionUnderPressure(t *testing.T) {
+	maxBytes := int64(1000)
+	cache, err := newBlobDiskCache(maxBytes)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() { _ = cache.Close() }()
+
+	for i := 0; i < 5; i++ {
+		data := make([]byte, 300)
+		if err := cache.Put(fmt.Sprintf("key%d", i), data); err != nil {
+			t.Fatal(err)
+		}
+	}
+
+	if cache.Size() > maxBytes {
+		t.Fatalf("cache size %d exceeds max %d", cache.Size(), maxBytes)
+	}
+
+	if !cache.Has("key4") {
+		t.Fatal("expected key4 to be cached")
+	}
+	if cache.Has("key0") {
+		t.Fatal("expected key0 to be evicted")
+	}
+}
+
+func TestBlobDiskCache_OversizedEntryRejected(t *testing.T) {
+	cache, err := newBlobDiskCache(100)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() { _ = cache.Close() }()
+
+	data := make([]byte, 200)
+	if err := cache.Put("big", data); err != nil {
+		t.Fatal(err)
+	}
+
+	if cache.Has("big") {
+		t.Fatal("oversized entry should not be cached")
+	}
+}
+
+func TestBlobDiskCache_UpdateInPlace(t *testing.T) {
+	cache, err := newBlobDiskCache(1 << 20)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() { _ = cache.Close() }()
+
+	if err := cache.Put("key1", []byte("v1")); err != nil {
+		t.Fatal(err)
+	}
+	if err := cache.Put("key1", []byte("version2")); err != nil {
+		t.Fatal(err)
+	}
+
+	got, ok := cache.Get("key1")
+	if !ok {
+		t.Fatal("expected hit")
+	}
+	if string(got) != "version2" {
+		t.Fatalf("got %q, want %q", got, "version2")
+	}
+	if cache.Len() != 1 {
+		t.Fatalf("expected 1 entry, got %d", cache.Len())
+	}
+	if cache.Size() != int64(len("version2")) {
+		t.Fatalf("expected size %d, got %d", len("version2"), cache.Size())
+	}
+}
+
+func TestBlobDiskCache_ReadAt(t *testing.T) {
+	cache, err := newBlobDiskCache(1 << 20)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() { _ = cache.Close() }()
+
+	data := make([]byte, 1024)
+	if _, err := rand.Read(data); err != nil {
+		t.Fatal(err)
+	}
+	if err := cache.Put("blob1", data); err != nil {
+		t.Fatal(err)
+	}
+
+	chunk, err := cache.ReadAt("blob1", 100, 200)
+	if err != nil {
+		t.Fatal(err)
+	}
+	if !bytes.Equal(chunk, data[100:300]) {
+		t.Fatal("ReadAt returned wrong data")
+	}
+
+	_, err = cache.ReadAt("blob1", 900, 200)
+	if err == nil {
+		t.Fatal("expected error for out-of-bounds read")
+	}
+
+	_, err = cache.ReadAt("missing", 0, 10)
+	if err == nil {
+		t.Fatal("expected error for missing key")
+	}
+}
+
+func TestBlobDiskCache_Close(t *testing.T) {
+	cache, err := newBlobDiskCache(1 << 20)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	if err := cache.Put("key1", []byte("data")); err != nil {
+		t.Fatal(err)
+	}
+	if err := cache.Close(); err != nil {
+		t.Fatal(err)
+	}
+}
+
+func TestBlobDiskCache_LRUOrder(t *testing.T) {
+	cache, err := newBlobDiskCache(200)
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer func() { _ = cache.Close() }()
+
+	d := make([]byte, 100)
+	if err := cache.Put("a", d); err != nil {
+		t.Fatal(err)
+	}
+	if err := cache.Put("b", d); err != nil {
+		t.Fatal(err)
+	}
+
+	// Access "a" to make it most recently used
+	cache.Get("a")
+
+	// Adding "c" should evict "b" (LRU), not "a"
+	if err := cache.Put("c", d); err != nil {
+		t.Fatal(err)
+	}
+
+	if !cache.Has("a") {
+		t.Fatal("expected 'a' to survive")
+	}
+	if !cache.Has("c") {
+		t.Fatal("expected 'c' to be present")
+	}
+	if cache.Has("b") {
+		t.Fatal("expected 'b' to be evicted")
+	}
+}
--- a/internal/vaultik/info.go
+++ b/internal/vaultik/info.go
@@ -15,99 +15,99 @@ import (
 // ShowInfo displays system and configuration information
 func (v *Vaultik) ShowInfo() error {
 	// System Information
-	fmt.Printf("=== System Information ===\n")
-	fmt.Printf("OS/Architecture: %s/%s\n", runtime.GOOS, runtime.GOARCH)
-	fmt.Printf("Version:         %s\n", v.Globals.Version)
-	fmt.Printf("Commit:          %s\n", v.Globals.Commit)
-	fmt.Printf("Go Version:      %s\n", runtime.Version())
-	fmt.Println()
+	v.printfStdout("=== System Information ===\n")
+	v.printfStdout("OS/Architecture: %s/%s\n", runtime.GOOS, runtime.GOARCH)
+	v.printfStdout("Version:         %s\n", v.Globals.Version)
+	v.printfStdout("Commit:          %s\n", v.Globals.Commit)
+	v.printfStdout("Go Version:      %s\n", runtime.Version())
+	v.printlnStdout()

 	// Storage Configuration
-	fmt.Printf("=== Storage Configuration ===\n")
-	fmt.Printf("S3 Bucket:       %s\n", v.Config.S3.Bucket)
+	v.printfStdout("=== Storage Configuration ===\n")
+	v.printfStdout("S3 Bucket:       %s\n", v.Config.S3.Bucket)
 	if v.Config.S3.Prefix != "" {
-		fmt.Printf("S3 Prefix:       %s\n", v.Config.S3.Prefix)
+		v.printfStdout("S3 Prefix:       %s\n", v.Config.S3.Prefix)
 	}
-	fmt.Printf("S3 Endpoint:     %s\n", v.Config.S3.Endpoint)
-	fmt.Printf("S3 Region:       %s\n", v.Config.S3.Region)
-	fmt.Println()
+	v.printfStdout("S3 Endpoint:     %s\n", v.Config.S3.Endpoint)
+	v.printfStdout("S3 Region:       %s\n", v.Config.S3.Region)
+	v.printlnStdout()

 	// Backup Settings
-	fmt.Printf("=== Backup Settings ===\n")
+	v.printfStdout("=== Backup Settings ===\n")

 	// Show configured snapshots
-	fmt.Printf("Snapshots:\n")
+	v.printfStdout("Snapshots:\n")
 	for _, name := range v.Config.SnapshotNames() {
 		snap := v.Config.Snapshots[name]
-		fmt.Printf("  %s:\n", name)
+		v.printfStdout("  %s:\n", name)
 		for _, path := range snap.Paths {
-			fmt.Printf("    - %s\n", path)
+			v.printfStdout("    - %s\n", path)
 		}
 		if len(snap.Exclude) > 0 {
-			fmt.Printf("    exclude: %s\n", strings.Join(snap.Exclude, ", "))
+			v.printfStdout("    exclude: %s\n", strings.Join(snap.Exclude, ", "))
 		}
 	}

 	// Global exclude patterns
 	if len(v.Config.Exclude) > 0 {
-		fmt.Printf("Global Exclude:  %s\n", strings.Join(v.Config.Exclude, ", "))
+		v.printfStdout("Global Exclude:  %s\n", strings.Join(v.Config.Exclude, ", "))
 	}

-	fmt.Printf("Compression:     zstd level %d\n", v.Config.CompressionLevel)
-	fmt.Printf("Chunk Size:      %s\n", humanize.Bytes(uint64(v.Config.ChunkSize)))
-	fmt.Printf("Blob Size Limit: %s\n", humanize.Bytes(uint64(v.Config.BlobSizeLimit)))
-	fmt.Println()
+	v.printfStdout("Compression:     zstd level %d\n", v.Config.CompressionLevel)
+	v.printfStdout("Chunk Size:      %s\n", humanize.Bytes(uint64(v.Config.ChunkSize)))
+	v.printfStdout("Blob Size Limit: %s\n", humanize.Bytes(uint64(v.Config.BlobSizeLimit)))
+	v.printlnStdout()

 	// Encryption Configuration
-	fmt.Printf("=== Encryption Configuration ===\n")
-	fmt.Printf("Recipients:\n")
+	v.printfStdout("=== Encryption Configuration ===\n")
+	v.printfStdout("Recipients:\n")
 	for _, recipient := range v.Config.AgeRecipients {
-		fmt.Printf("  - %s\n", recipient)
+		v.printfStdout("  - %s\n", recipient)
 	}
-	fmt.Println()
+	v.printlnStdout()

 	// Daemon Settings (if applicable)
 	if v.Config.BackupInterval > 0 || v.Config.MinTimeBetweenRun > 0 {
-		fmt.Printf("=== Daemon Settings ===\n")
+		v.printfStdout("=== Daemon Settings ===\n")
 		if v.Config.BackupInterval > 0 {
-			fmt.Printf("Backup Interval: %s\n", v.Config.BackupInterval)
+			v.printfStdout("Backup Interval: %s\n", v.Config.BackupInterval)
 		}
 		if v.Config.MinTimeBetweenRun > 0 {
-			fmt.Printf("Minimum Time:    %s\n", v.Config.MinTimeBetweenRun)
+			v.printfStdout("Minimum Time:    %s\n", v.Config.MinTimeBetweenRun)
 		}
-		fmt.Println()
+		v.printlnStdout()
 	}

 	// Local Database
-	fmt.Printf("=== Local Database ===\n")
-	fmt.Printf("Index Path:      %s\n", v.Config.IndexPath)
+	v.printfStdout("=== Local Database ===\n")
+	v.printfStdout("Index Path:      %s\n", v.Config.IndexPath)

 	// Check if index file exists and get its size
 	if info, err := v.Fs.Stat(v.Config.IndexPath); err == nil {
-		fmt.Printf("Index Size:      %s\n", humanize.Bytes(uint64(info.Size())))
+		v.printfStdout("Index Size:      %s\n", humanize.Bytes(uint64(info.Size())))

 		// Get snapshot count from database
 		query := `SELECT COUNT(*) FROM snapshots WHERE completed_at IS NOT NULL`
 		var snapshotCount int
 		if err := v.DB.Conn().QueryRowContext(v.ctx, query).Scan(&snapshotCount); err == nil {
-			fmt.Printf("Snapshots:       %d\n", snapshotCount)
+			v.printfStdout("Snapshots:       %d\n", snapshotCount)
 		}

 		// Get blob count from database
 		query = `SELECT COUNT(*) FROM blobs`
 		var blobCount int
 		if err := v.DB.Conn().QueryRowContext(v.ctx, query).Scan(&blobCount); err == nil {
-			fmt.Printf("Blobs:           %d\n", blobCount)
+			v.printfStdout("Blobs:           %d\n", blobCount)
 		}

 		// Get file count from database
 		query = `SELECT COUNT(*) FROM files`
 		var fileCount int
 		if err := v.DB.Conn().QueryRowContext(v.ctx, query).Scan(&fileCount); err == nil {
-			fmt.Printf("Files:           %d\n", fileCount)
+			v.printfStdout("Files:           %d\n", fileCount)
 		}
 	} else {
-		fmt.Printf("Index Size:      (not created)\n")
+		v.printfStdout("Index Size:      (not created)\n")
 	}

 	return nil
@@ -157,15 +157,15 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {
 	result.StorageLocation = storageInfo.Location

 	if !jsonOutput {
-		fmt.Printf("=== Remote Storage ===\n")
-		fmt.Printf("Type:     %s\n", storageInfo.Type)
-		fmt.Printf("Location: %s\n", storageInfo.Location)
-		fmt.Println()
+		v.printfStdout("=== Remote Storage ===\n")
+		v.printfStdout("Type:     %s\n", storageInfo.Type)
+		v.printfStdout("Location: %s\n", storageInfo.Location)
+		v.printlnStdout()
 	}

 	// List all snapshot metadata
 	if !jsonOutput {
-		fmt.Printf("Scanning snapshot metadata...\n")
+		v.printfStdout("Scanning snapshot metadata...\n")
 	}

 	snapshotMetadata := make(map[string]*SnapshotMetadataInfo)
@@ -210,7 +210,7 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {

 	// Download and parse all manifests to get referenced blobs
 	if !jsonOutput {
-		fmt.Printf("Downloading %d manifest(s)...\n", len(snapshotIDs))
+		v.printfStdout("Downloading %d manifest(s)...\n", len(snapshotIDs))
 	}

 	referencedBlobs := make(map[string]int64) // hash -> compressed size
@@ -260,7 +260,7 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {

 	// List all blobs on remote
 	if !jsonOutput {
-		fmt.Printf("Scanning blobs...\n")
+		v.printfStdout("Scanning blobs...\n")
 	}

 	allBlobs := make(map[string]int64) // hash -> size from storage
@@ -298,14 +298,14 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {
 	}

 	// Human-readable output
-	fmt.Printf("\n=== Snapshot Metadata ===\n")
+	v.printfStdout("\n=== Snapshot Metadata ===\n")
 	if len(result.Snapshots) == 0 {
-		fmt.Printf("No snapshots found\n")
+		v.printfStdout("No snapshots found\n")
 	} else {
-		fmt.Printf("%-45s %12s %12s %12s %10s %12s\n", "SNAPSHOT", "MANIFEST", "DATABASE", "TOTAL", "BLOBS", "BLOB SIZE")
-		fmt.Printf("%-45s %12s %12s %12s %10s %12s\n", strings.Repeat("-", 45), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 10), strings.Repeat("-", 12))
+		v.printfStdout("%-45s %12s %12s %12s %10s %12s\n", "SNAPSHOT", "MANIFEST", "DATABASE", "TOTAL", "BLOBS", "BLOB SIZE")
+		v.printfStdout("%-45s %12s %12s %12s %10s %12s\n", strings.Repeat("-", 45), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 10), strings.Repeat("-", 12))
 		for _, info := range result.Snapshots {
-			fmt.Printf("%-45s %12s %12s %12s %10s %12s\n",
+			v.printfStdout("%-45s %12s %12s %12s %10s %12s\n",
 				truncateString(info.SnapshotID, 45),
 				humanize.Bytes(uint64(info.ManifestSize)),
 				humanize.Bytes(uint64(info.DatabaseSize)),
@@ -314,23 +314,23 @@ func (v *Vaultik) RemoteInfo(jsonOutput bool) error {
 				humanize.Bytes(uint64(info.BlobsSize)),
 			)
 		}
-		fmt.Printf("%-45s %12s %12s %12s %10s %12s\n", strings.Repeat("-", 45), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 10), strings.Repeat("-", 12))
-		fmt.Printf("%-45s %12s %12s %12s\n", fmt.Sprintf("Total (%d snapshots)", result.TotalMetadataCount), "", "", humanize.Bytes(uint64(result.TotalMetadataSize)))
+		v.printfStdout("%-45s %12s %12s %12s %10s %12s\n", strings.Repeat("-", 45), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 12), strings.Repeat("-", 10), strings.Repeat("-", 12))
+		v.printfStdout("%-45s %12s %12s %12s\n", fmt.Sprintf("Total (%d snapshots)", result.TotalMetadataCount), "", "", humanize.Bytes(uint64(result.TotalMetadataSize)))
 	}

-	fmt.Printf("\n=== Blob Storage ===\n")
-	fmt.Printf("Total blobs on remote:      %s (%s)\n",
+	v.printfStdout("\n=== Blob Storage ===\n")
+	v.printfStdout("Total blobs on remote:      %s (%s)\n",
 		humanize.Comma(int64(result.TotalBlobCount)),
 		humanize.Bytes(uint64(result.TotalBlobSize)))
-	fmt.Printf("Referenced by snapshots:    %s (%s)\n",
+	v.printfStdout("Referenced by snapshots:    %s (%s)\n",
 		humanize.Comma(int64(result.ReferencedBlobCount)),
 		humanize.Bytes(uint64(result.ReferencedBlobSize)))
-	fmt.Printf("Orphaned (unreferenced):    %s (%s)\n",
+	v.printfStdout("Orphaned (unreferenced):    %s (%s)\n",
 		humanize.Comma(int64(result.OrphanedBlobCount)),
 		humanize.Bytes(uint64(result.OrphanedBlobSize)))

 	if result.OrphanedBlobCount > 0 {
-		fmt.Printf("\nRun 'vaultik prune --remote' to remove orphaned blobs.\n")
+		v.printfStdout("\nRun 'vaultik prune --remote' to remove orphaned blobs.\n")
 	}

 	return nil
--- a/internal/vaultik/prune.go
+++ b/internal/vaultik/prune.go
@@ -3,7 +3,6 @@ package vaultik
 import (
 	"encoding/json"
 	"fmt"
-	"os"
 	"strings"

 	"git.eeqj.de/sneak/vaultik/internal/log"
@@ -121,29 +120,29 @@ func (v *Vaultik) PruneBlobs(opts *PruneOptions) error {
 	if len(unreferencedBlobs) == 0 {
 		log.Info("No unreferenced blobs found")
 		if opts.JSON {
-			return outputPruneBlobsJSON(result)
+			return v.outputPruneBlobsJSON(result)
 		}
-		fmt.Println("No unreferenced blobs to remove.")
+		v.printlnStdout("No unreferenced blobs to remove.")
 		return nil
 	}

 	// Show what will be deleted
 	log.Info("Found unreferenced blobs", "count", len(unreferencedBlobs), "total_size", humanize.Bytes(uint64(totalSize)))
 	if !opts.JSON {
-		fmt.Printf("Found %d unreferenced blob(s) totaling %s\n", len(unreferencedBlobs), humanize.Bytes(uint64(totalSize)))
+		v.printfStdout("Found %d unreferenced blob(s) totaling %s\n", len(unreferencedBlobs), humanize.Bytes(uint64(totalSize)))
 	}

 	// Confirm unless --force is used (skip in JSON mode - require --force)
 	if !opts.Force && !opts.JSON {
-		fmt.Printf("\nDelete %d unreferenced blob(s)? [y/N] ", len(unreferencedBlobs))
+		v.printfStdout("\nDelete %d unreferenced blob(s)? [y/N] ", len(unreferencedBlobs))
 		var confirm string
-		if _, err := fmt.Scanln(&confirm); err != nil {
+		if _, err := v.scanStdin(&confirm); err != nil {
 			// Treat EOF or error as "no"
-			fmt.Println("Cancelled")
+			v.printlnStdout("Cancelled")
 			return nil
 		}
 		if strings.ToLower(confirm) != "y" {
-			fmt.Println("Cancelled")
+			v.printlnStdout("Cancelled")
 			return nil
 		}
 	}
@@ -185,20 +184,20 @@ func (v *Vaultik) PruneBlobs(opts *PruneOptions) error {
 	)

 	if opts.JSON {
-		return outputPruneBlobsJSON(result)
+		return v.outputPruneBlobsJSON(result)
 	}

-	fmt.Printf("\nDeleted %d blob(s) totaling %s\n", deletedCount, humanize.Bytes(uint64(deletedSize)))
+	v.printfStdout("\nDeleted %d blob(s) totaling %s\n", deletedCount, humanize.Bytes(uint64(deletedSize)))
 	if deletedCount < len(unreferencedBlobs) {
-		fmt.Printf("Failed to delete %d blob(s)\n", len(unreferencedBlobs)-deletedCount)
+		v.printfStdout("Failed to delete %d blob(s)\n", len(unreferencedBlobs)-deletedCount)
 	}

 	return nil
 }

 // outputPruneBlobsJSON outputs the prune result as JSON
-func outputPruneBlobsJSON(result *PruneBlobsResult) error {
-	encoder := json.NewEncoder(os.Stdout)
+func (v *Vaultik) outputPruneBlobsJSON(result *PruneBlobsResult) error {
+	encoder := json.NewEncoder(v.Stdout)
 	encoder.SetIndent("", "  ")
 	return encoder.Encode(result)
 }
--- a/internal/vaultik/restore.go
+++ b/internal/vaultik/restore.go
@@ -22,6 +22,13 @@ import (
 	"golang.org/x/term"
 )

+const (
+	// progressBarWidth is the character width of the progress bar display.
+	progressBarWidth = 40
+	// progressBarThrottle is the minimum interval between progress bar redraws.
+	progressBarThrottle = 100 * time.Millisecond
+)
+
 // RestoreOptions contains options for the restore operation
 type RestoreOptions struct {
 	SnapshotID string
@@ -109,7 +116,20 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {

 	// Step 5: Restore files
 	result := &RestoreResult{}
-	blobCache := make(map[string][]byte) // Cache downloaded and decrypted blobs
+	blobCache, err := newBlobDiskCache(4 * v.Config.BlobSizeLimit.Int64())
+	if err != nil {
+		return fmt.Errorf("creating blob cache: %w", err)
+	}
+	defer func() { _ = blobCache.Close() }()
+
+	// Calculate total bytes for progress bar
+	var totalBytesExpected int64
+	for _, file := range files {
+		totalBytesExpected += file.Size
+	}
+
+	// Create progress bar if output is a terminal
+	bar := v.newProgressBar("Restoring", totalBytesExpected)

 	for i, file := range files {
 		if v.ctx.Err() != nil {
@@ -118,11 +138,21 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {

 		if err := v.restoreFile(v.ctx, repos, file, opts.TargetDir, identity, chunkToBlobMap, blobCache, result); err != nil {
 			log.Error("Failed to restore file", "path", file.Path, "error", err)
-			// Continue with other files
+			result.FilesFailed++
+			result.FailedFiles = append(result.FailedFiles, file.Path.String())
+			// Update progress bar even on failure
+			if bar != nil {
+				_ = bar.Add64(file.Size)
+			}
 			continue
 		}

-		// Progress logging
+		// Update progress bar
+		if bar != nil {
+			_ = bar.Add64(file.Size)
+		}
+
+		// Progress logging (for non-terminal or structured logs)
 		if (i+1)%100 == 0 || i+1 == len(files) {
 			log.Info("Restore progress",
 				"files", fmt.Sprintf("%d/%d", i+1, len(files)),
@@ -131,6 +161,10 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {
 		}
 	}

+	if bar != nil {
+		_ = bar.Finish()
+	}
+
 	result.Duration = time.Since(startTime)

 	log.Info("Restore complete",
@@ -141,12 +175,19 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {
 		"duration", result.Duration,
 	)

-	_, _ = fmt.Fprintf(v.Stdout, "Restored %d files (%s) in %s\n",
+	v.printfStdout("Restored %d files (%s) in %s\n",
 		result.FilesRestored,
 		humanize.Bytes(uint64(result.BytesRestored)),
 		result.Duration.Round(time.Second),
 	)

+	if result.FilesFailed > 0 {
+		_, _ = fmt.Fprintf(v.Stdout, "\nWARNING: %d file(s) failed to restore:\n", result.FilesFailed)
+		for _, path := range result.FailedFiles {
+			_, _ = fmt.Fprintf(v.Stdout, "  - %s\n", path)
+		}
+	}
+
 	// Run verification if requested
 	if opts.Verify {
 		if err := v.verifyRestoredFiles(v.ctx, repos, files, opts.TargetDir, result); err != nil {
@@ -154,19 +195,23 @@ func (v *Vaultik) Restore(opts *RestoreOptions) error {
 		}

 		if result.FilesFailed > 0 {
-			_, _ = fmt.Fprintf(v.Stdout, "\nVerification FAILED: %d files did not match expected checksums\n", result.FilesFailed)
+			v.printfStdout("\nVerification FAILED: %d files did not match expected checksums\n", result.FilesFailed)
 			for _, path := range result.FailedFiles {
-				_, _ = fmt.Fprintf(v.Stdout, "  - %s\n", path)
+				v.printfStdout("  - %s\n", path)
 			}
 			return fmt.Errorf("%d files failed verification", result.FilesFailed)
 		}

-		_, _ = fmt.Fprintf(v.Stdout, "Verified %d files (%s)\n",
+		v.printfStdout("Verified %d files (%s)\n",
 			result.FilesVerified,
 			humanize.Bytes(uint64(result.BytesVerified)),
 		)
 	}

+	if result.FilesFailed > 0 {
+		return fmt.Errorf("%d file(s) failed to restore", result.FilesFailed)
+	}
+
 	return nil
 }

@@ -299,7 +344,7 @@ func (v *Vaultik) restoreFile(
 	targetDir string,
 	identity age.Identity,
 	chunkToBlobMap map[string]*database.BlobChunk,
-	blobCache map[string][]byte,
+	blobCache *blobDiskCache,
 	result *RestoreResult,
 ) error {
 	// Calculate target path - use full original path under target directory
@@ -383,7 +428,7 @@ func (v *Vaultik) restoreRegularFile(
 	targetPath string,
 	identity age.Identity,
 	chunkToBlobMap map[string]*database.BlobChunk,
-	blobCache map[string][]byte,
+	blobCache *blobDiskCache,
 	result *RestoreResult,
 ) error {
 	// Get file chunks in order
@@ -417,13 +462,15 @@ func (v *Vaultik) restoreRegularFile(

 		// Download and decrypt blob if not cached
 		blobHashStr := blob.Hash.String()
-		blobData, ok := blobCache[blobHashStr]
+		blobData, ok := blobCache.Get(blobHashStr)
 		if !ok {
 			blobData, err = v.downloadBlob(ctx, blobHashStr, blob.CompressedSize, identity)
 			if err != nil {
 				return fmt.Errorf("downloading blob %s: %w", blobHashStr[:16], err)
 			}
-			blobCache[blobHashStr] = blobData
+			if putErr := blobCache.Put(blobHashStr, blobData); putErr != nil {
+				log.Debug("Failed to cache blob on disk", "hash", blobHashStr[:16], "error", putErr)
+			}
 			result.BlobsDownloaded++
 			result.BytesDownloaded += blob.CompressedSize
 		}
@@ -511,28 +558,13 @@ func (v *Vaultik) verifyRestoredFiles(
 		"files", len(regularFiles),
 		"bytes", humanize.Bytes(uint64(totalBytes)),
 	)
-	_, _ = fmt.Fprintf(v.Stdout, "\nVerifying %d files (%s)...\n",
+	v.printfStdout("\nVerifying %d files (%s)...\n",
 		len(regularFiles),
 		humanize.Bytes(uint64(totalBytes)),
 	)

 	// Create progress bar if output is a terminal
-	var bar *progressbar.ProgressBar
-	if isTerminal() {
-		bar = progressbar.NewOptions64(
-			totalBytes,
-			progressbar.OptionSetDescription("Verifying"),
-			progressbar.OptionSetWriter(os.Stderr),
-			progressbar.OptionShowBytes(true),
-			progressbar.OptionShowCount(),
-			progressbar.OptionSetWidth(40),
-			progressbar.OptionThrottle(100*time.Millisecond),
-			progressbar.OptionOnCompletion(func() {
-				fmt.Fprint(os.Stderr, "\n")
-			}),
-			progressbar.OptionSetRenderBlankState(true),
-		)
-	}
+	bar := v.newProgressBar("Verifying", totalBytes)

 	// Verify each file
 	for _, file := range regularFiles {
@@ -626,7 +658,37 @@ func (v *Vaultik) verifyFile(
 	return bytesVerified, nil
 }

-// isTerminal returns true if stdout is a terminal
-func isTerminal() bool {
-	return term.IsTerminal(int(os.Stdout.Fd()))
+// newProgressBar creates a terminal-aware progress bar with standard options.
+// It returns nil if stdout is not a terminal.
+func (v *Vaultik) newProgressBar(description string, total int64) *progressbar.ProgressBar {
+	if !v.isTerminal() {
+		return nil
+	}
+	return progressbar.NewOptions64(
+		total,
+		progressbar.OptionSetDescription(description),
+		progressbar.OptionSetWriter(v.Stderr),
+		progressbar.OptionShowBytes(true),
+		progressbar.OptionShowCount(),
+		progressbar.OptionSetWidth(progressBarWidth),
+		progressbar.OptionThrottle(progressBarThrottle),
+		progressbar.OptionOnCompletion(func() {
+			v.printfStderr("\n")
+		}),
+		progressbar.OptionSetRenderBlankState(true),
+	)
+}
+
+// isTerminal returns true if stdout is a terminal.
+// It checks whether v.Stdout implements Fd() (i.e. is an *os.File),
+// and falls back to false for non-file writers (e.g. in tests).
+func (v *Vaultik) isTerminal() bool {
+	type fder interface {
+		Fd() uintptr
+	}
+	f, ok := v.Stdout.(fder)
+	if !ok {
+		return false
+	}
+	return term.IsTerminal(int(f.Fd()))
 }
--- a/internal/vaultik/snapshot.go
+++ b/internal/vaultik/snapshot.go
@@ -4,10 +4,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"regexp"
 	"path/filepath"
+	"regexp"
 	"sort"
 	"strings"
+	"sync"
 	"text/tabwriter"
 	"time"

@@ -16,6 +17,7 @@ import (
 	"git.eeqj.de/sneak/vaultik/internal/snapshot"
 	"git.eeqj.de/sneak/vaultik/internal/types"
 	"github.com/dustin/go-humanize"
+	"golang.org/x/sync/errgroup"
 )

 // SnapshotCreateOptions contains options for the snapshot create command
@@ -90,6 +92,24 @@ func (v *Vaultik) CreateSnapshot(opts *SnapshotCreateOptions) error {
 		v.printfStdout("\nAll %d snapshots completed in %s\n", len(snapshotNames), time.Since(overallStartTime).Round(time.Second))
 	}

+	// Prune old snapshots and unreferenced blobs if --prune was specified
+	if opts.Prune {
+		log.Info("Pruning enabled - deleting old snapshots and unreferenced blobs")
+		v.printlnStdout("\nPruning old snapshots (keeping latest)...")
+
+		if err := v.PurgeSnapshots(true, "", true); err != nil {
+			return fmt.Errorf("prune: purging old snapshots: %w", err)
+		}
+
+		v.printlnStdout("Pruning unreferenced blobs...")
+
+		if err := v.PruneBlobs(&PruneOptions{Force: true}); err != nil {
+			return fmt.Errorf("prune: removing unreferenced blobs: %w", err)
+		}
+
+		log.Info("Pruning complete")
+	}
+
 	return nil
 }

@@ -306,11 +326,6 @@ func (v *Vaultik) createNamedSnapshot(opts *SnapshotCreateOptions, hostname, sna
 	}
 	v.printfStdout("Duration: %s\n", formatDuration(snapshotDuration))

-	if opts.Prune {
-		log.Info("Pruning enabled - will delete old snapshots after snapshot")
-		// TODO: Implement pruning
-	}
-
 	return nil
 }

@@ -375,17 +390,19 @@ func (v *Vaultik) ListSnapshots(jsonOutput bool) error {
 		}
 	}

-	// Build final snapshot list
+	// Build final snapshot list.
+	// Separate local (cheap DB lookup) from remote-only (needs manifest download).
 	snapshots := make([]SnapshotInfo, 0, len(remoteSnapshots))

+	// remoteOnly collects snapshot IDs that need a manifest download.
+	var remoteOnly []string
+
 	for snapshotID := range remoteSnapshots {
-		// Check if we have this snapshot locally
 		if localSnap, exists := localSnapshotMap[snapshotID]; exists && localSnap.CompletedAt != nil {
 			// Get total compressed size of all blobs referenced by this snapshot
 			totalSize, err := v.Repositories.Snapshots.GetSnapshotTotalCompressedSize(v.ctx, snapshotID)
 			if err != nil {
 				log.Warn("Failed to get total compressed size", "id", snapshotID, "error", err)
-				// Fall back to stored blob size
 				totalSize = localSnap.BlobSize
 			}

@@ -395,24 +412,78 @@ func (v *Vaultik) ListSnapshots(jsonOutput bool) error {
 				CompressedSize: totalSize,
 			})
 		} else {
-			// Remote snapshot not in local DB - fetch manifest to get size
 			timestamp, err := parseSnapshotTimestamp(snapshotID)
 			if err != nil {
 				log.Warn("Failed to parse snapshot timestamp", "id", snapshotID, "error", err)
 				continue
 			}
-
-			// Try to download manifest to get size
-			totalSize, err := v.getManifestSize(snapshotID)
-			if err != nil {
-				return fmt.Errorf("failed to get manifest size for %s: %w", snapshotID, err)
-			}
-
+			// Pre-add with zero size; will be filled by concurrent downloads.
 			snapshots = append(snapshots, SnapshotInfo{
 				ID:             types.SnapshotID(snapshotID),
 				Timestamp:      timestamp,
-				CompressedSize: totalSize,
+				CompressedSize: 0,
 			})
+			remoteOnly = append(remoteOnly, snapshotID)
+		}
+	}
+
+	// Download manifests concurrently for remote-only snapshots.
+	if len(remoteOnly) > 0 {
+		// maxConcurrentManifestDownloads bounds parallel manifest fetches to
+		// avoid overwhelming the S3 endpoint while still being much faster
+		// than serial downloads.
+		const maxConcurrentManifestDownloads = 10
+
+		type manifestResult struct {
+			snapshotID string
+			size       int64
+		}
+
+		var (
+			mu      sync.Mutex
+			results []manifestResult
+		)
+
+		g, gctx := errgroup.WithContext(v.ctx)
+		g.SetLimit(maxConcurrentManifestDownloads)
+
+		for _, sid := range remoteOnly {
+			g.Go(func() error {
+				manifestPath := fmt.Sprintf("metadata/%s/manifest.json.zst", sid)
+				reader, err := v.Storage.Get(gctx, manifestPath)
+				if err != nil {
+					return fmt.Errorf("downloading manifest for %s: %w", sid, err)
+				}
+				defer func() { _ = reader.Close() }()
+
+				manifest, err := snapshot.DecodeManifest(reader)
+				if err != nil {
+					return fmt.Errorf("decoding manifest for %s: %w", sid, err)
+				}
+
+				mu.Lock()
+				results = append(results, manifestResult{
+					snapshotID: sid,
+					size:       manifest.TotalCompressedSize,
+				})
+				mu.Unlock()
+				return nil
+			})
+		}
+
+		if err := g.Wait(); err != nil {
+			return fmt.Errorf("fetching manifest sizes: %w", err)
+		}
+
+		// Build a lookup from results and patch the pre-added entries.
+		sizeMap := make(map[string]int64, len(results))
+		for _, r := range results {
+			sizeMap[r.snapshotID] = r.size
+		}
+		for i := range snapshots {
+			if sz, ok := sizeMap[string(snapshots[i].ID)]; ok {
+				snapshots[i].CompressedSize = sz
+			}
 		}
 	}

@@ -545,7 +616,7 @@ func (v *Vaultik) PurgeSnapshots(keepLatest bool, olderThan string, force bool)
 	if !force {
 		v.printfStdout("\nDelete %d snapshot(s)? [y/N] ", len(toDelete))
 		var confirm string
-		if _, err := fmt.Scanln(&confirm); err != nil {
+		if _, err := v.scanStdin(&confirm); err != nil {
 			// Treat EOF or error as "no"
 			v.printlnStdout("Cancelled")
 			return nil
@@ -718,23 +789,6 @@ func (v *Vaultik) outputVerifyJSON(result *VerifyResult) error {

 // Helper methods that were previously on SnapshotApp

-func (v *Vaultik) getManifestSize(snapshotID string) (int64, error) {
-	manifestPath := fmt.Sprintf("metadata/%s/manifest.json.zst", snapshotID)
-
-	reader, err := v.Storage.Get(v.ctx, manifestPath)
-	if err != nil {
-		return 0, fmt.Errorf("downloading manifest: %w", err)
-	}
-	defer func() { _ = reader.Close() }()
-
-	manifest, err := snapshot.DecodeManifest(reader)
-	if err != nil {
-		return 0, fmt.Errorf("decoding manifest: %w", err)
-	}
-
-	return manifest.TotalCompressedSize, nil
-}
-
 func (v *Vaultik) downloadManifest(snapshotID string) (*snapshot.Manifest, error) {
 	manifestPath := fmt.Sprintf("metadata/%s/manifest.json.zst", snapshotID)

@@ -851,7 +905,7 @@ func (v *Vaultik) RemoveSnapshot(snapshotID string, opts *RemoveOptions) (*Remov
 			v.printfStdout("Remove snapshot '%s' from local database? [y/N] ", snapshotID)
 		}
 		var confirm string
-		if err := v.scanlnStdin(&confirm); err != nil {
+		if _, err := v.scanStdin(&confirm); err != nil {
 			v.printlnStdout("Cancelled")
 			return result, nil
 		}
@@ -1004,16 +1058,16 @@ func (v *Vaultik) deleteSnapshotFromLocalDB(snapshotID string) error {

 	// Delete related records first to avoid foreign key constraints
 	if err := v.Repositories.Snapshots.DeleteSnapshotFiles(v.ctx, snapshotID); err != nil {
-		log.Error("Failed to delete snapshot files", "snapshot_id", snapshotID, "error", err)
+		return fmt.Errorf("deleting snapshot files for %s: %w", snapshotID, err)
 	}
 	if err := v.Repositories.Snapshots.DeleteSnapshotBlobs(v.ctx, snapshotID); err != nil {
-		log.Error("Failed to delete snapshot blobs", "snapshot_id", snapshotID, "error", err)
+		return fmt.Errorf("deleting snapshot blobs for %s: %w", snapshotID, err)
 	}
 	if err := v.Repositories.Snapshots.DeleteSnapshotUploads(v.ctx, snapshotID); err != nil {
-		log.Error("Failed to delete snapshot uploads", "snapshot_id", snapshotID, "error", err)
+		return fmt.Errorf("deleting snapshot uploads for %s: %w", snapshotID, err)
 	}
 	if err := v.Repositories.Snapshots.Delete(v.ctx, snapshotID); err != nil {
-		log.Error("Failed to delete snapshot record", "snapshot_id", snapshotID, "error", err)
+		return fmt.Errorf("deleting snapshot record %s: %w", snapshotID, err)
 	}

 	return nil
--- a/internal/vaultik/snapshot_prune_test.go
+++ b/internal/vaultik/snapshot_prune_test.go
@@ -0,0 +1,23 @@
+package vaultik
+
+import (
+	"testing"
+)
+
+// TestSnapshotCreateOptions_PruneFlag verifies the Prune field exists on
+// SnapshotCreateOptions and can be set.
+func TestSnapshotCreateOptions_PruneFlag(t *testing.T) {
+	opts := &SnapshotCreateOptions{
+		Prune: true,
+	}
+	if !opts.Prune {
+		t.Error("Expected Prune to be true")
+	}
+
+	opts2 := &SnapshotCreateOptions{
+		Prune: false,
+	}
+	if opts2.Prune {
+		t.Error("Expected Prune to be false")
+	}
+}
--- a/internal/vaultik/vaultik.go
+++ b/internal/vaultik/vaultik.go
@@ -129,12 +129,26 @@ func (v *Vaultik) GetFilesystem() afero.Fs {
 	return v.Fs
 }

-// Outputf writes formatted output to stdout for user-facing messages.
-// This should be used for all non-log user output.
-func (v *Vaultik) Outputf(format string, args ...any) {
+// printfStdout writes formatted output to stdout.
+func (v *Vaultik) printfStdout(format string, args ...any) {
 	_, _ = fmt.Fprintf(v.Stdout, format, args...)
 }

+// printlnStdout writes a line to stdout.
+func (v *Vaultik) printlnStdout(args ...any) {
+	_, _ = fmt.Fprintln(v.Stdout, args...)
+}
+
+// printfStderr writes formatted output to stderr.
+func (v *Vaultik) printfStderr(format string, args ...any) {
+	_, _ = fmt.Fprintf(v.Stderr, format, args...)
+}
+
+// scanStdin reads a line of input from stdin.
+func (v *Vaultik) scanStdin(a ...any) (int, error) {
+	return fmt.Fscanln(v.Stdin, a...)
+}
+
 // TestVaultik wraps a Vaultik with captured stdout/stderr for testing
 type TestVaultik struct {
 	*Vaultik
--- a/internal/vaultik/verify.go
+++ b/internal/vaultik/verify.go
@@ -58,14 +58,14 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 	)

 	if !opts.JSON {
-		v.Outputf("Deep verification of snapshot: %s\n\n", snapshotID)
+		v.printfStdout("Deep verification of snapshot: %s\n\n", snapshotID)
 	}

 	// Step 1: Download manifest
 	manifestPath := fmt.Sprintf("metadata/%s/manifest.json.zst", snapshotID)
 	log.Info("Downloading manifest", "path", manifestPath)
 	if !opts.JSON {
-		v.Outputf("Downloading manifest...\n")
+		v.printfStdout("Downloading manifest...\n")
 	}

 	manifestReader, err := v.Storage.Get(v.ctx, manifestPath)
@@ -95,14 +95,14 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 		"manifest_total_size", humanize.Bytes(uint64(manifest.TotalCompressedSize)),
 	)
 	if !opts.JSON {
-		v.Outputf("Manifest loaded: %d blobs (%s)\n", manifest.BlobCount, humanize.Bytes(uint64(manifest.TotalCompressedSize)))
+		v.printfStdout("Manifest loaded: %d blobs (%s)\n", manifest.BlobCount, humanize.Bytes(uint64(manifest.TotalCompressedSize)))
 	}

 	// Step 2: Download and decrypt database (authoritative source)
 	dbPath := fmt.Sprintf("metadata/%s/db.zst.age", snapshotID)
 	log.Info("Downloading encrypted database", "path", dbPath)
 	if !opts.JSON {
-		v.Outputf("Downloading and decrypting database...\n")
+		v.printfStdout("Downloading and decrypting database...\n")
 	}

 	dbReader, err := v.Storage.Get(v.ctx, dbPath)
@@ -155,8 +155,8 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 		"db_total_size", humanize.Bytes(uint64(totalSize)),
 	)
 	if !opts.JSON {
-		v.Outputf("Database loaded: %d blobs (%s)\n", len(dbBlobs), humanize.Bytes(uint64(totalSize)))
-		v.Outputf("Verifying manifest against database...\n")
+		v.printfStdout("Database loaded: %d blobs (%s)\n", len(dbBlobs), humanize.Bytes(uint64(totalSize)))
+		v.printfStdout("Verifying manifest against database...\n")
 	}

 	// Step 4: Verify manifest matches database
@@ -171,8 +171,8 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {

 	// Step 5: Verify all blobs exist in S3 (using database as source)
 	if !opts.JSON {
-		v.Outputf("Manifest verified.\n")
-		v.Outputf("Checking blob existence in remote storage...\n")
+		v.printfStdout("Manifest verified.\n")
+		v.printfStdout("Checking blob existence in remote storage...\n")
 	}
 	if err := v.verifyBlobExistenceFromDB(dbBlobs); err != nil {
 		result.Status = "failed"
@@ -185,8 +185,8 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {

 	// Step 6: Deep verification - download and verify blob contents
 	if !opts.JSON {
-		v.Outputf("All blobs exist.\n")
-		v.Outputf("Downloading and verifying blob contents (%d blobs, %s)...\n", len(dbBlobs), humanize.Bytes(uint64(totalSize)))
+		v.printfStdout("All blobs exist.\n")
+		v.printfStdout("Downloading and verifying blob contents (%d blobs, %s)...\n", len(dbBlobs), humanize.Bytes(uint64(totalSize)))
 	}
 	if err := v.performDeepVerificationFromDB(dbBlobs, tempDB.DB, opts); err != nil {
 		result.Status = "failed"
@@ -211,10 +211,10 @@ func (v *Vaultik) RunDeepVerify(snapshotID string, opts *VerifyOptions) error {
 		"blobs_verified", len(dbBlobs),
 	)

-	v.Outputf("\n✓ Verification completed successfully\n")
-	v.Outputf("  Snapshot:       %s\n", snapshotID)
-	v.Outputf("  Blobs verified: %d\n", len(dbBlobs))
-	v.Outputf("  Total size:     %s\n", humanize.Bytes(uint64(totalSize)))
+	v.printfStdout("\n✓ Verification completed successfully\n")
+	v.printfStdout("  Snapshot:       %s\n", snapshotID)
+	v.printfStdout("  Blobs verified: %d\n", len(dbBlobs))
+	v.printfStdout("  Total size:     %s\n", humanize.Bytes(uint64(totalSize)))

 	return nil
 }
@@ -569,7 +569,7 @@ func (v *Vaultik) performDeepVerificationFromDB(blobs []snapshot.BlobInfo, db *s
 		)

 		if !opts.JSON {
-			v.Outputf("  Verified %d/%d blobs (%d remaining) - %s/%s - elapsed %s, eta %s\n",
+			v.printfStdout("  Verified %d/%d blobs (%d remaining) - %s/%s - elapsed %s, eta %s\n",
 				i+1, len(blobs), remaining,
 				humanize.Bytes(uint64(bytesProcessed)),
 				humanize.Bytes(uint64(totalBytesExpected)),
Author	SHA1	Message	Date
user	588e84da9c	feat: concurrent manifest downloads in ListSnapshots All checks were successful check / check (pull_request) Successful in 4m7s Details Replace serial getManifestSize() calls with bounded concurrent downloads using errgroup. For each remote snapshot not in the local DB, manifest downloads now run in parallel (up to 10 concurrent) instead of one at a time. Changes: - Use errgroup with SetLimit(10) for bounded concurrency - Collect remote-only snapshot IDs first, pre-add entries with zero size - Download manifests concurrently, patch sizes from results - Remove now-unused getManifestSize helper (logic inlined into goroutines) - Promote golang.org/x/sync from indirect to direct dependency closes #8	2026-03-17 21:51:52 -07:00
clawbot	c24e7e6360	Add make check target and CI workflow (#42 ) All checks were successful check / check (push) Successful in 4m5s Details Adds a `make check` target that verifies formatting (gofmt), linting (golangci-lint), and tests (go test -race) without modifying files. Also adds `.gitea/workflows/check.yml` CI workflow that runs on pushes and PRs to main. `make check` passes cleanly on current main. Co-authored-by: user <user@Mac.lan guest wan> Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de> Co-authored-by: clawbot <clawbot@sneak.berlin> Reviewed-on: #42 Co-authored-by: clawbot <sneak+clawbot@sneak.cloud> Co-committed-by: clawbot <sneak+clawbot@sneak.cloud>	2026-03-17 12:39:44 +01:00
clawbot	7a5943958d	feat: add progress bar to restore operation (#23 ) Add an interactive progress bar (using schollz/progressbar) to the file restore loop, matching the existing pattern in verify. Shows bytes restored with ETA when output is a terminal. Fixes #20 Co-authored-by: clawbot <clawbot@eeqj.de> Co-authored-by: clawbot <clawbot@noreply.git.eeqj.de> Reviewed-on: #23 Co-authored-by: clawbot <clawbot@noreply.example.org> Co-committed-by: clawbot <clawbot@noreply.example.org>	2026-03-17 11:18:18 +01:00
Jeffrey Paul	d8a51804d2	Merge pull request 'feat: implement --prune flag on snapshot create (closes #4 )' (#37 ) from feature/implement-prune-flag-on-snapshot-create into main Reviewed-on: #37	2026-02-20 11:22:12 +01:00
Jeffrey Paul	76f4421eb3	Merge branch 'main' into feature/implement-prune-flag-on-snapshot-create	2026-02-20 11:20:52 +01:00
Jeffrey Paul	53ac868c5d	Merge pull request 'fix: track and report file restore failures' (#22 ) from fix/restore-error-handling into main Reviewed-on: #22	2026-02-20 11:19:40 +01:00
Jeffrey Paul	8c4ea2b870	Merge branch 'main' into fix/restore-error-handling	2026-02-20 11:19:21 +01:00
Jeffrey Paul	597b560398	Merge pull request 'Return errors from deleteSnapshotFromLocalDB instead of swallowing them (closes #25 )' (#30 ) from fix/issue-25 into main Reviewed-on: #30	2026-02-20 11:18:30 +01:00
Jeffrey Paul	1e2eced092	Merge branch 'main' into fix/issue-25	2026-02-20 11:18:06 +01:00
Jeffrey Paul	815b35c7ae	Merge pull request 'Disk-based blob cache with LRU eviction during restore (closes #29 )' (#34 ) from fix/issue-29 into main Reviewed-on: #34	2026-02-20 11:16:15 +01:00
Jeffrey Paul	9c66674683	Merge branch 'main' into fix/issue-29	2026-02-20 11:15:59 +01:00
Jeffrey Paul	49de277648	Merge pull request 'Add CompressStream double-close regression test (closes #35 )' (#36 ) from add-compressstream-regression-test into main Reviewed-on: #36	2026-02-20 11:12:51 +01:00
clawbot	ed5d777d05	fix: set disk cache max size to 4x configured blob size instead of hardcoded 10 GiB The disk blob cache now uses 4 * BlobSizeLimit from config instead of a hardcoded 10 GiB default. This ensures the cache scales with the configured blob size.	2026-02-20 02:11:54 -08:00
clawbot	76e047bbb2	feat: implement --prune flag on snapshot create (closes #4 ) The --prune flag on 'snapshot create' was accepted but silently did nothing (TODO stub). This connects it to actually: 1. Purge old snapshots (keeping only the latest) via PurgeSnapshots 2. Remove unreferenced blobs from storage via PruneBlobs The pruning runs after all snapshots complete successfully, not per-snapshot. Both operations use --force mode (no interactive confirmation) since --prune is an explicit opt-in flag. Moved the prune logic from createNamedSnapshot (per-snapshot) to CreateSnapshot (after all snapshots), which is the correct location.	2026-02-20 02:11:52 -08:00
clawbot	2e7356dd85	Add CompressStream double-close regression test (closes #35 ) Adds regression tests for issue #28 (fixed in PR #33) to prevent reintroduction of the double-close bug in CompressStream. Tests cover: - CompressStream with normal input - CompressStream with large (512KB) input - CompressStream with empty input - CompressData close correctness	2026-02-20 02:10:23 -08:00
Jeffrey Paul	70d4fe2aa0	Merge pull request 'Use v.Stdout/v.Stdin instead of os.Stdout for all user-facing output (closes #26 )' (#31 ) from fix/issue-26 into main Reviewed-on: #31	2026-02-20 11:07:52 +01:00
clawbot	2f249e3ddd	fix: address review feedback — use helper wrappers, remove duplicates, fix scanStdin usage - Replace bare fmt.Scanln with v.scanStdin() helper in snapshot.go - Remove duplicate FetchBlob from vaultik.go (canonical version in blob_fetch_stub.go) - Remove duplicate FetchAndDecryptBlob from restore.go (canonical version in blob_fetch_stub.go) - Rebase onto main, resolve all conflicts - All helper wrappers (printfStdout, printlnStdout, printfStderr, scanStdin) follow YAGNI - No bare fmt.Print/fmt.Scan calls remain outside helpers - make test passes: lint clean, all tests pass	2026-02-20 00:26:03 -08:00
clawbot	3f834f1c9c	fix: resolve rebase conflicts, fix errcheck issues, implement FetchAndDecryptBlob	2026-02-20 00:19:13 -08:00
user	9879668c31	refactor: add helper wrappers for stdin/stdout/stderr IO Address all four review concerns on PR #31: 1. Fix missed bare fmt.Println() in VerifySnapshotWithOptions (line 620) 2. Replace all direct fmt.Fprintf(v.Stdout,...) / fmt.Fprintln(v.Stdout,...) / fmt.Fscanln(v.Stdin,...) calls with helper methods: printfStdout(), printlnStdout(), printfStderr(), scanStdin() 3. Route progress bar and stderr output through v.Stderr instead of os.Stderr in restore.go (concern #4: v.Stderr now actually used) 4. Rename exported Outputf to unexported printfStdout (YAGNI: only helpers actually used are created)	2026-02-20 00:18:56 -08:00
clawbot	0a0d9f33b0	fix: use v.Stdout/v.Stdin instead of os.Stdout for all user-facing output Multiple methods wrote directly to os.Stdout instead of using the injectable v.Stdout writer, breaking the TestVaultik testing infrastructure and making output impossible to capture or redirect. Fixed in: ListSnapshots, PurgeSnapshots, VerifySnapshotWithOptions, PruneBlobs, outputPruneBlobsJSON, outputRemoveJSON, ShowInfo, RemoteInfo.	2026-02-20 00:18:20 -08:00
clawbot	df0e8c275b	fix: replace in-memory blob cache with disk-based LRU cache (closes #29 ) Blobs are typically hundreds of megabytes and should not be held in memory. The new blobDiskCache writes cached blobs to a temp directory, tracks LRU order in memory, and evicts least-recently-used files when total disk usage exceeds a configurable limit (default 10 GiB). Design: - Blobs written to os.TempDir()/vaultik-blobcache-*/<hash> - Doubly-linked list for O(1) LRU promotion/eviction - ReadAt support for reading chunk slices without loading full blob - Temp directory cleaned up on Close() - Oversized entries (> maxBytes) silently skipped Also adds blob_fetch_stub.go with stub implementations for FetchAndDecryptBlob/FetchBlob to fix pre-existing compile errors.	2026-02-20 00:18:20 -08:00
clawbot	ddc23f8057	fix: return errors from deleteSnapshotFromLocalDB instead of swallowing them Previously, deleteSnapshotFromLocalDB logged errors but always returned nil, causing callers to believe deletion succeeded even when it failed. This could lead to data inconsistency where remote metadata is deleted while local records persist. Now returns the first error encountered, allowing callers to handle failures appropriately.	2026-02-19 23:55:27 -08:00
clawbot	cafb3d45b8	fix: track and report file restore failures Restore previously logged errors for individual files but returned success even if files failed. Now tracks failed files in RestoreResult, reports them in the summary output, and returns an error if any files failed to restore. Fixes #21	2026-02-19 23:52:22 -08:00
clawbot	d77ac18aaa	fix: add missing printfStdout, printlnStdout, scanlnStdin, FetchBlob, and FetchAndDecryptBlob methods These methods were referenced in main but never defined, causing compilation failures. They were introduced by merges that assumed dependent PRs were already merged.	2026-02-19 23:51:53 -08:00
Jeffrey Paul	825f25da58	Merge pull request 'Validate table name against allowlist in getTableCount (closes #27 )' (#32 ) from fix/issue-27 into main Reviewed-on: #32	2026-02-16 06:21:41 +01:00