refactor: break up remaining oversized methods into smaller helpers

Restore four log.Info messages removed during refactor in verify.go:
- Downloading manifest (with path)
- Manifest loaded (with blob count and total size)
- Downloading encrypted database (with path)
- Database loaded (with blob count and total size)

Also replaced IIFE for totalSize computation with a local variable.

Add info-level logging at key operational milestones:
- info.go: log start and completion of remote info gathering
- snapshot.go: log snapshot completion with key stats
- snapshot.go: log start of ListSnapshots operation

.dockerignore

@@ -1,8 +0,0 @@
-.git
-.gitea
-*.md
-LICENSE
-vaultik
-coverage.out
-coverage.html
-.DS_Store

.gitea/workflows/check.yml

@@ -1,14 +0,0 @@
-name: check
-on:
-  push:
-    branches: [main]
-  pull_request:
-    branches: [main]
-jobs:
-  check:
-    runs-on: ubuntu-latest
-    steps:
-      # actions/checkout v4, 2024-09-16
-      - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5
-      - name: Build and check
-        run: docker build .

ARCHITECTURE.md

@@ -54,7 +54,7 @@ The database tracks five primary entities and their relationships:
 
 #### File (`database.File`)
 Represents a file or directory in the backup system. Stores metadata needed for restoration:
-- Path, mtime
+- Path, timestamps (mtime, ctime)
 - Size, mode, ownership (uid, gid)
 - Symlink target (if applicable)
 

Dockerfile

@@ -1,61 +0,0 @@
-# Lint stage
-# golangci/golangci-lint:v2.11.3-alpine, 2026-03-17
-FROM golangci/golangci-lint:v2.11.3-alpine@sha256:b1c3de5862ad0a95b4e45a993b0f00415835d687e4f12c845c7493b86c13414e AS lint
-
-RUN apk add --no-cache make build-base
-
-WORKDIR /src
-
-# Copy go mod files first for better layer caching
-COPY go.mod go.sum ./
-RUN go mod download
-
-# Copy source code
-COPY . .
-
-# Run formatting check and linter
-RUN make fmt-check
-RUN make lint
-
-# Build stage
-# golang:1.26.1-alpine, 2026-03-17
-FROM golang:1.26.1-alpine@sha256:2389ebfa5b7f43eeafbd6be0c3700cc46690ef842ad962f6c5bd6be49ed82039 AS builder
-
-# Depend on lint stage passing
-COPY --from=lint /src/go.sum /dev/null
-
-ARG VERSION=dev
-
-# Install build dependencies for CGO (mattn/go-sqlite3) and sqlite3 CLI (tests)
-RUN apk add --no-cache make build-base sqlite
-
-WORKDIR /src
-
-# Copy go mod files first for better layer caching
-COPY go.mod go.sum ./
-RUN go mod download
-
-# Copy source code
-COPY . .
-
-# Run tests
-RUN make test
-
-# Build with CGO enabled (required for mattn/go-sqlite3)
-RUN CGO_ENABLED=1 go build -ldflags "-X 'git.eeqj.de/sneak/vaultik/internal/globals.Version=${VERSION}' -X 'git.eeqj.de/sneak/vaultik/internal/globals.Commit=$(git rev-parse HEAD 2>/dev/null || echo unknown)'" -o /vaultik ./cmd/vaultik
-
-# Runtime stage
-# alpine:3.21, 2026-02-25
-FROM alpine:3.21@sha256:c3f8e73fdb79deaebaa2037150150191b9dcbfba68b4a46d70103204c53f4709
-
-RUN apk add --no-cache ca-certificates sqlite
-
-# Copy binary from builder
-COPY --from=builder /vaultik /usr/local/bin/vaultik
-
-# Create non-root user
-RUN adduser -D -H -s /sbin/nologin vaultik
-
-USER vaultik
-
-ENTRYPOINT ["/usr/local/bin/vaultik"]

Makefile

@@ -1,4 +1,4 @@
-.PHONY: test fmt lint fmt-check check build clean all docker hooks
+.PHONY: test fmt lint build clean all
 
 # Version number
 VERSION := 0.0.1
@@ -14,12 +14,21 @@ LDFLAGS := -X 'git.eeqj.de/sneak/vaultik/internal/globals.Version=$(VERSION)' \
 all: vaultik
 
 # Run tests
-test:
-	go test -race -timeout 30s ./...
+test: lint fmt-check
+	@echo "Running tests..."
+	@if ! go test -v -timeout 10s ./... 2>&1; then \
+		echo ""; \
+		echo "TEST FAILURES DETECTED"; \
+		echo "Run 'go test -v ./internal/database' to see database test details"; \
+		exit 1; \
+	fi
 
-# Check if code is formatted (read-only)
+# Check if code is formatted
 fmt-check:
-	@test -z "$$(gofmt -l .)" || (echo "Files not formatted:" && gofmt -l . && exit 1)
+	@if [ -n "$$(go fmt ./...)" ]; then \
+		echo "Error: Code is not formatted. Run 'make fmt' to fix."; \
+		exit 1; \
+	fi
 
 # Format code
 fmt:
@@ -27,7 +36,7 @@ fmt:
 
 # Run linter
 lint:
-	golangci-lint run ./...
+	golangci-lint run
 
 # Build binary
 vaultik: internal/*/*.go cmd/vaultik/*.go
@@ -38,6 +47,11 @@ clean:
 	rm -f vaultik
 	go clean
 
+# Install dependencies
+deps:
+	go mod download
+	go install github.com/golangci/golangci-lint/cmd/golangci-lint@latest
+
 # Run tests with coverage
 test-coverage:
 	go test -v -coverprofile=coverage.out ./...
@@ -53,17 +67,3 @@ local:
 
 install: vaultik
 	cp ./vaultik $(HOME)/bin/
-
-# Run all checks (formatting, linting, tests) without modifying files
-check: fmt-check lint test
-
-# Build Docker image
-docker:
-	docker build -t vaultik .
-
-# Install pre-commit hook
-hooks:
-	@printf '#!/bin/sh\nset -e\n' > .git/hooks/pre-commit
-	@printf 'go mod tidy\ngo fmt ./...\ngit diff --exit-code -- go.mod go.sum || { echo "go mod tidy changed files; please stage and retry"; exit 1; }\n' >> .git/hooks/pre-commit
-	@printf 'make check\n' >> .git/hooks/pre-commit
-	@chmod +x .git/hooks/pre-commit

README.md

@@ -150,7 +150,7 @@ passphrase is needed or stored locally.
 vaultik [--config <path>] snapshot create [snapshot-names...] [--cron] [--daemon] [--prune]
 vaultik [--config <path>] snapshot list [--json]
 vaultik [--config <path>] snapshot verify <snapshot-id> [--deep]
-vaultik [--config <path>] snapshot purge [--keep-latest | --older-than <duration>] [--name <name>] [--force]
+vaultik [--config <path>] snapshot purge [--keep-latest | --older-than <duration>] [--force]
 vaultik [--config <path>] snapshot remove <snapshot-id> [--dry-run] [--force]
 vaultik [--config <path>] snapshot prune
 vaultik [--config <path>] restore <snapshot-id> <target-dir> [paths...]
@@ -180,9 +180,8 @@ vaultik [--config <path>] store info
 * `--deep`: Download and verify blob contents (not just existence)
 
 **snapshot purge**: Remove old snapshots based on criteria
-* `--keep-latest`: Keep the most recent snapshot per snapshot name
+* `--keep-latest`: Keep only the most recent snapshot
 * `--older-than`: Remove snapshots older than duration (e.g., 30d, 6mo, 1y)
-* `--name`: Filter purge to a specific snapshot name
 * `--force`: Skip confirmation prompt
 
 **snapshot remove**: Remove a specific snapshot

docs/DATAMODEL.md

@@ -17,6 +17,7 @@ Stores metadata about files in the filesystem being backed up.
 - `id` (TEXT PRIMARY KEY) - UUID for the file record
 - `path` (TEXT NOT NULL UNIQUE) - Absolute file path
 - `mtime` (INTEGER NOT NULL) - Modification time as Unix timestamp
+- `ctime` (INTEGER NOT NULL) - Change time as Unix timestamp  
 - `size` (INTEGER NOT NULL) - File size in bytes
 - `mode` (INTEGER NOT NULL) - Unix file permissions and type
 - `uid` (INTEGER NOT NULL) - User ID of file owner

go.mod

@@ -1,6 +1,6 @@
 module git.eeqj.de/sneak/vaultik
 
-go 1.26.1
+go 1.24.4
 
 require (
 	filippo.io/age v1.2.1
@@ -24,7 +24,6 @@ require (
 	github.com/spf13/cobra v1.10.1
 	github.com/stretchr/testify v1.11.1
 	go.uber.org/fx v1.24.0
-	golang.org/x/sync v0.18.0
 	golang.org/x/term v0.37.0
 	gopkg.in/yaml.v3 v3.0.1
 	modernc.org/sqlite v1.38.0
@@ -267,6 +266,7 @@ require (
 	golang.org/x/exp v0.0.0-20251023183803-a4bb9ffd2546 // indirect
 	golang.org/x/net v0.47.0 // indirect
 	golang.org/x/oauth2 v0.33.0 // indirect
+	golang.org/x/sync v0.18.0 // indirect
 	golang.org/x/sys v0.38.0 // indirect
 	golang.org/x/text v0.31.0 // indirect
 	golang.org/x/time v0.14.0 // indirect

internal/cli/purge.go

@@ -11,9 +11,16 @@ import (
 	"go.uber.org/fx"
 )
 
+// PurgeOptions contains options for the purge command
+type PurgeOptions struct {
+	KeepLatest bool
+	OlderThan  string
+	Force      bool
+}
+
 // NewPurgeCommand creates the purge command
 func NewPurgeCommand() *cobra.Command {
-	opts := &vaultik.SnapshotPurgeOptions{}
+	opts := &PurgeOptions{}
 
 	cmd := &cobra.Command{
 		Use:   "purge",
@@ -21,15 +28,8 @@ func NewPurgeCommand() *cobra.Command {
 		Long: `Removes snapshots based on age or count criteria.
 
 This command allows you to:
-- Keep only the latest snapshot per name (--keep-latest)
+- Keep only the latest snapshot (--keep-latest)
 - Remove snapshots older than a specific duration (--older-than)
-- Filter to a specific snapshot name (--name)
-
-When --keep-latest is used, retention is applied per snapshot name. For example,
-if you have snapshots named "home" and "system", --keep-latest keeps the most
-recent of each.
-
-Use --name to restrict the purge to a single snapshot name.
 
 Config is located at /etc/vaultik/config.yml by default, but can be overridden by 
 specifying a path using --config or by setting VAULTIK_CONFIG to a path.`,
@@ -66,7 +66,7 @@ specifying a path using --config or by setting VAULTIK_CONFIG to a path.`,
 								// Start the purge operation in a goroutine
 								go func() {
 									// Run the purge operation
-									if err := v.PurgeSnapshotsWithOptions(opts); err != nil {
+									if err := v.PurgeSnapshots(opts.KeepLatest, opts.OlderThan, opts.Force); err != nil {
 										if err != context.Canceled {
 											log.Error("Purge operation failed", "error", err)
 											os.Exit(1)
@@ -92,10 +92,9 @@ specifying a path using --config or by setting VAULTIK_CONFIG to a path.`,
 		},
 	}
 
-	cmd.Flags().BoolVar(&opts.KeepLatest, "keep-latest", false, "Keep only the latest snapshot per name")
+	cmd.Flags().BoolVar(&opts.KeepLatest, "keep-latest", false, "Keep only the latest snapshot")
 	cmd.Flags().StringVar(&opts.OlderThan, "older-than", "", "Remove snapshots older than duration (e.g. 30d, 6m, 1y)")
 	cmd.Flags().BoolVar(&opts.Force, "force", false, "Skip confirmation prompts")
-	cmd.Flags().StringVar(&opts.Name, "name", "", "Filter purge to a specific snapshot name")
 
 	return cmd
 }

internal/cli/snapshot.go

@@ -167,25 +167,21 @@ func newSnapshotListCommand() *cobra.Command {
 
 // newSnapshotPurgeCommand creates the 'snapshot purge' subcommand
 func newSnapshotPurgeCommand() *cobra.Command {
-	opts := &vaultik.SnapshotPurgeOptions{}
+	var keepLatest bool
+	var olderThan string
+	var force bool
 
 	cmd := &cobra.Command{
 		Use:   "purge",
 		Short: "Purge old snapshots",
-		Long: `Removes snapshots based on age or count criteria.
-
-When --keep-latest is used, retention is applied per snapshot name. For example,
-if you have snapshots named "home" and "system", --keep-latest keeps the most
-recent of each.
-
-Use --name to restrict the purge to a single snapshot name.`,
-		Args: cobra.NoArgs,
+		Long:  "Removes snapshots based on age or count criteria",
+		Args:  cobra.NoArgs,
 		RunE: func(cmd *cobra.Command, args []string) error {
 			// Validate flags
-			if !opts.KeepLatest && opts.OlderThan == "" {
+			if !keepLatest && olderThan == "" {
 				return fmt.Errorf("must specify either --keep-latest or --older-than")
 			}
-			if opts.KeepLatest && opts.OlderThan != "" {
+			if keepLatest && olderThan != "" {
 				return fmt.Errorf("cannot specify both --keep-latest and --older-than")
 			}
 
@@ -209,7 +205,7 @@ Use --name to restrict the purge to a single snapshot name.`,
 						lc.Append(fx.Hook{
 							OnStart: func(ctx context.Context) error {
 								go func() {
-									if err := v.PurgeSnapshotsWithOptions(opts); err != nil {
+									if err := v.PurgeSnapshots(keepLatest, olderThan, force); err != nil {
 										if err != context.Canceled {
 											log.Error("Failed to purge snapshots", "error", err)
 											os.Exit(1)
@@ -232,10 +228,9 @@ Use --name to restrict the purge to a single snapshot name.`,
 		},
 	}
 
-	cmd.Flags().BoolVar(&opts.KeepLatest, "keep-latest", false, "Keep only the latest snapshot per name")
-	cmd.Flags().StringVar(&opts.OlderThan, "older-than", "", "Remove snapshots older than duration (e.g., 30d, 6m, 1y)")
-	cmd.Flags().BoolVar(&opts.Force, "force", false, "Skip confirmation prompt")
-	cmd.Flags().StringVar(&opts.Name, "name", "", "Filter purge to a specific snapshot name")
+	cmd.Flags().BoolVar(&keepLatest, "keep-latest", false, "Keep only the latest snapshot")
+	cmd.Flags().StringVar(&olderThan, "older-than", "", "Remove snapshots older than duration (e.g., 30d, 6m, 1y)")
+	cmd.Flags().BoolVar(&force, "force", false, "Skip confirmation prompt")
 
 	return cmd
 }

internal/database/cascade_debug_test.go

@@ -29,6 +29,7 @@ func TestCascadeDeleteDebug(t *testing.T) {
 	file := &File{
 		Path:  "/cascade-test.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,

internal/database/chunk_files_test.go

@@ -22,6 +22,7 @@ func TestChunkFileRepository(t *testing.T) {
 	file1 := &File{
 		Path:       "/file1.txt",
 		MTime:      testTime,
+		CTime:      testTime,
 		Size:       1024,
 		Mode:       0644,
 		UID:        1000,
@@ -36,6 +37,7 @@ func TestChunkFileRepository(t *testing.T) {
 	file2 := &File{
 		Path:       "/file2.txt",
 		MTime:      testTime,
+		CTime:      testTime,
 		Size:       1024,
 		Mode:       0644,
 		UID:        1000,
@@ -136,9 +138,9 @@ func TestChunkFileRepositoryComplexDeduplication(t *testing.T) {
 
 	// Create test files
 	testTime := time.Now().Truncate(time.Second)
-	file1 := &File{Path: "/file1.txt", MTime: testTime, Size: 3072, Mode: 0644, UID: 1000, GID: 1000}
-	file2 := &File{Path: "/file2.txt", MTime: testTime, Size: 3072, Mode: 0644, UID: 1000, GID: 1000}
-	file3 := &File{Path: "/file3.txt", MTime: testTime, Size: 2048, Mode: 0644, UID: 1000, GID: 1000}
+	file1 := &File{Path: "/file1.txt", MTime: testTime, CTime: testTime, Size: 3072, Mode: 0644, UID: 1000, GID: 1000}
+	file2 := &File{Path: "/file2.txt", MTime: testTime, CTime: testTime, Size: 3072, Mode: 0644, UID: 1000, GID: 1000}
+	file3 := &File{Path: "/file3.txt", MTime: testTime, CTime: testTime, Size: 2048, Mode: 0644, UID: 1000, GID: 1000}
 
 	if err := fileRepo.Create(ctx, nil, file1); err != nil {
 		t.Fatalf("failed to create file1: %v", err)

internal/database/database.go

@@ -6,32 +6,24 @@
 // multiple source files. Blobs are content-addressed, meaning their filename
 // is derived from their SHA256 hash after compression and encryption.
 //
-// Schema is managed via numbered SQL migrations embedded in the schema/
-// directory. Migration 000.sql bootstraps the schema_migrations tracking
-// table; subsequent migrations (001, 002, …) are applied in order.
+// The database does not support migrations. If the schema changes, delete
+// the local database and perform a full backup to recreate it.
 package database
 
 import (
 	"context"
 	"database/sql"
-	"embed"
+	_ "embed"
 	"fmt"
 	"os"
-	"path/filepath"
-	"sort"
-	"strconv"
 	"strings"
 
 	"git.eeqj.de/sneak/vaultik/internal/log"
 	_ "modernc.org/sqlite"
 )
 
-//go:embed schema/*.sql
-var schemaFS embed.FS
-
-// bootstrapVersion is the migration that creates the schema_migrations
-// table itself. It is applied before the normal migration loop.
-const bootstrapVersion = 0
+//go:embed schema.sql
+var schemaSQL string
 
 // DB represents the Vaultik local index database connection.
 // It uses SQLite to track file metadata, content-defined chunks, and blob associations.
@@ -43,46 +35,6 @@ type DB struct {
 	path string
 }
 
-// ParseMigrationVersion extracts the numeric version prefix from a migration
-// filename. Filenames must follow the pattern "<version>.sql" or
-// "<version>_<description>.sql", where version is a zero-padded numeric
-// string (e.g. "001", "002"). Returns the version as an integer and an
-// error if the filename does not match the expected pattern.
-func ParseMigrationVersion(filename string) (int, error) {
-	name := strings.TrimSuffix(filename, filepath.Ext(filename))
-	if name == "" {
-		return 0, fmt.Errorf("invalid migration filename %q: empty name", filename)
-	}
-
-	// Split on underscore to separate version from description.
-	// If there's no underscore, the entire stem is the version.
-	versionStr := name
-	if idx := strings.IndexByte(name, '_'); idx >= 0 {
-		versionStr = name[:idx]
-	}
-
-	if versionStr == "" {
-		return 0, fmt.Errorf("invalid migration filename %q: empty version prefix", filename)
-	}
-
-	// Validate the version is purely numeric.
-	for _, ch := range versionStr {
-		if ch < '0' || ch > '9' {
-			return 0, fmt.Errorf(
-				"invalid migration filename %q: version %q contains non-numeric character %q",
-				filename, versionStr, string(ch),
-			)
-		}
-	}
-
-	version, err := strconv.Atoi(versionStr)
-	if err != nil {
-		return 0, fmt.Errorf("invalid migration filename %q: %w", filename, err)
-	}
-
-	return version, nil
-}
-
 // New creates a new database connection at the specified path.
 // It creates the schema if needed and configures SQLite with WAL mode for
 // better concurrency. SQLite handles crash recovery automatically when
@@ -120,9 +72,9 @@ func New(ctx context.Context, path string) (*DB, error) {
 			}
 
 			db := &DB{conn: conn, path: path}
-			if err := applyMigrations(ctx, conn); err != nil {
+			if err := db.createSchema(ctx); err != nil {
 				_ = conn.Close()
-				return nil, fmt.Errorf("applying migrations: %w", err)
+				return nil, fmt.Errorf("creating schema: %w", err)
 			}
 			return db, nil
 		}
@@ -173,9 +125,9 @@ func New(ctx context.Context, path string) (*DB, error) {
 	}
 
 	db := &DB{conn: conn, path: path}
-	if err := applyMigrations(ctx, conn); err != nil {
+	if err := db.createSchema(ctx); err != nil {
 		_ = conn.Close()
-		return nil, fmt.Errorf("applying migrations: %w", err)
+		return nil, fmt.Errorf("creating schema: %w", err)
 	}
 
 	log.Debug("Database connection established successfully", "path", path)
@@ -246,120 +198,9 @@ func (db *DB) QueryRowWithLog(
 	return db.conn.QueryRowContext(ctx, query, args...)
 }
 
-// collectMigrations reads the embedded schema directory and returns
-// migration filenames sorted lexicographically.
-func collectMigrations() ([]string, error) {
-	entries, err := schemaFS.ReadDir("schema")
-	if err != nil {
-		return nil, fmt.Errorf("failed to read schema directory: %w", err)
-	}
-
-	var migrations []string
-
-	for _, entry := range entries {
-		if !entry.IsDir() && strings.HasSuffix(entry.Name(), ".sql") {
-			migrations = append(migrations, entry.Name())
-		}
-	}
-
-	sort.Strings(migrations)
-
-	return migrations, nil
-}
-
-// bootstrapMigrationsTable ensures the schema_migrations table exists
-// by applying 000.sql if the table is missing.
-func bootstrapMigrationsTable(ctx context.Context, db *sql.DB) error {
-	var tableExists int
-
-	err := db.QueryRowContext(ctx,
-		"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'",
-	).Scan(&tableExists)
-	if err != nil {
-		return fmt.Errorf("failed to check for migrations table: %w", err)
-	}
-
-	if tableExists > 0 {
-		return nil
-	}
-
-	content, err := schemaFS.ReadFile("schema/000.sql")
-	if err != nil {
-		return fmt.Errorf("failed to read bootstrap migration 000.sql: %w", err)
-	}
-
-	log.Info("applying bootstrap migration", "version", bootstrapVersion)
-
-	_, err = db.ExecContext(ctx, string(content))
-	if err != nil {
-		return fmt.Errorf("failed to apply bootstrap migration: %w", err)
-	}
-
-	return nil
-}
-
-// applyMigrations applies all pending migrations to db. It first bootstraps
-// the schema_migrations table via 000.sql, then iterates through remaining
-// migration files in order.
-func applyMigrations(ctx context.Context, db *sql.DB) error {
-	if err := bootstrapMigrationsTable(ctx, db); err != nil {
-		return err
-	}
-
-	migrations, err := collectMigrations()
-	if err != nil {
-		return err
-	}
-
-	for _, migration := range migrations {
-		version, parseErr := ParseMigrationVersion(migration)
-		if parseErr != nil {
-			return parseErr
-		}
-
-		// Check if already applied.
-		var count int
-
-		err := db.QueryRowContext(ctx,
-			"SELECT COUNT(*) FROM schema_migrations WHERE version = ?",
-			version,
-		).Scan(&count)
-		if err != nil {
-			return fmt.Errorf("failed to check migration status: %w", err)
-		}
-
-		if count > 0 {
-			log.Debug("migration already applied", "version", version)
-
-			continue
-		}
-
-		// Read and apply migration.
-		content, readErr := schemaFS.ReadFile(filepath.Join("schema", migration))
-		if readErr != nil {
-			return fmt.Errorf("failed to read migration %s: %w", migration, readErr)
-		}
-
-		log.Info("applying migration", "version", version)
-
-		_, execErr := db.ExecContext(ctx, string(content))
-		if execErr != nil {
-			return fmt.Errorf("failed to apply migration %s: %w", migration, execErr)
-		}
-
-		// Record migration as applied.
-		_, recErr := db.ExecContext(ctx,
-			"INSERT INTO schema_migrations (version) VALUES (?)",
-			version,
-		)
-		if recErr != nil {
-			return fmt.Errorf("failed to record migration %s: %w", migration, recErr)
-		}
-
-		log.Info("migration applied successfully", "version", version)
-	}
-
-	return nil
+func (db *DB) createSchema(ctx context.Context) error {
+	_, err := db.conn.ExecContext(ctx, schemaSQL)
+	return err
 }
 
 // NewTestDB creates an in-memory SQLite database for testing purposes.

internal/database/database_test.go

@@ -2,7 +2,6 @@ package database
 
 import (
 	"context"
-	"database/sql"
 	"fmt"
 	"path/filepath"
 	"testing"
@@ -27,10 +26,9 @@ func TestDatabase(t *testing.T) {
 		t.Fatal("database connection is nil")
 	}
 
-	// Test schema creation (already done in New via migrations)
+	// Test schema creation (already done in New)
 	// Verify tables exist
 	tables := []string{
-		"schema_migrations",
 		"files", "file_chunks", "chunks", "blobs",
 		"blob_chunks", "chunk_files", "snapshots",
 	}
@@ -101,139 +99,3 @@ func TestDatabaseConcurrentAccess(t *testing.T) {
 		t.Errorf("expected 10 chunks, got %d", count)
 	}
 }
-
-func TestParseMigrationVersion(t *testing.T) {
-	tests := []struct {
-		name      string
-		filename  string
-		wantVer   int
-		wantError bool
-	}{
-		{name: "valid 000.sql", filename: "000.sql", wantVer: 0, wantError: false},
-		{name: "valid 001.sql", filename: "001.sql", wantVer: 1, wantError: false},
-		{name: "valid 099.sql", filename: "099.sql", wantVer: 99, wantError: false},
-		{name: "valid with description", filename: "001_initial_schema.sql", wantVer: 1, wantError: false},
-		{name: "valid large version", filename: "123_big_migration.sql", wantVer: 123, wantError: false},
-		{name: "invalid alpha version", filename: "abc.sql", wantVer: 0, wantError: true},
-		{name: "invalid mixed chars", filename: "12a.sql", wantVer: 0, wantError: true},
-		{name: "invalid no extension", filename: "schema.sql", wantVer: 0, wantError: true},
-		{name: "empty string", filename: "", wantVer: 0, wantError: true},
-	}
-
-	for _, tc := range tests {
-		t.Run(tc.name, func(t *testing.T) {
-			got, err := ParseMigrationVersion(tc.filename)
-			if tc.wantError {
-				if err == nil {
-					t.Errorf("ParseMigrationVersion(%q) = %d, nil; want error", tc.filename, got)
-				}
-				return
-			}
-			if err != nil {
-				t.Errorf("ParseMigrationVersion(%q) unexpected error: %v", tc.filename, err)
-				return
-			}
-			if got != tc.wantVer {
-				t.Errorf("ParseMigrationVersion(%q) = %d; want %d", tc.filename, got, tc.wantVer)
-			}
-		})
-	}
-}
-
-func TestApplyMigrations_Idempotent(t *testing.T) {
-	ctx := context.Background()
-
-	conn, err := sql.Open("sqlite", ":memory:?_foreign_keys=ON")
-	if err != nil {
-		t.Fatalf("failed to open database: %v", err)
-	}
-	defer func() {
-		if err := conn.Close(); err != nil {
-			t.Errorf("failed to close database: %v", err)
-		}
-	}()
-
-	conn.SetMaxOpenConns(1)
-	conn.SetMaxIdleConns(1)
-
-	// First run: apply all migrations.
-	if err := applyMigrations(ctx, conn); err != nil {
-		t.Fatalf("first applyMigrations failed: %v", err)
-	}
-
-	// Count rows in schema_migrations after first run.
-	var countBefore int
-	if err := conn.QueryRowContext(ctx, "SELECT COUNT(*) FROM schema_migrations").Scan(&countBefore); err != nil {
-		t.Fatalf("failed to count schema_migrations after first run: %v", err)
-	}
-
-	// Second run: must be a no-op.
-	if err := applyMigrations(ctx, conn); err != nil {
-		t.Fatalf("second applyMigrations failed: %v", err)
-	}
-
-	// Count rows in schema_migrations after second run — must be unchanged.
-	var countAfter int
-	if err := conn.QueryRowContext(ctx, "SELECT COUNT(*) FROM schema_migrations").Scan(&countAfter); err != nil {
-		t.Fatalf("failed to count schema_migrations after second run: %v", err)
-	}
-
-	if countBefore != countAfter {
-		t.Errorf("schema_migrations row count changed: before=%d, after=%d", countBefore, countAfter)
-	}
-}
-
-func TestBootstrapMigrationsTable_FreshDatabase(t *testing.T) {
-	ctx := context.Background()
-
-	conn, err := sql.Open("sqlite", ":memory:?_foreign_keys=ON")
-	if err != nil {
-		t.Fatalf("failed to open database: %v", err)
-	}
-	defer func() {
-		if err := conn.Close(); err != nil {
-			t.Errorf("failed to close database: %v", err)
-		}
-	}()
-
-	conn.SetMaxOpenConns(1)
-	conn.SetMaxIdleConns(1)
-
-	// Verify schema_migrations does NOT exist yet.
-	var tableBefore int
-	if err := conn.QueryRowContext(ctx,
-		"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'",
-	).Scan(&tableBefore); err != nil {
-		t.Fatalf("failed to check for table before bootstrap: %v", err)
-	}
-	if tableBefore != 0 {
-		t.Fatal("schema_migrations table should not exist before bootstrap")
-	}
-
-	// Run bootstrap.
-	if err := bootstrapMigrationsTable(ctx, conn); err != nil {
-		t.Fatalf("bootstrapMigrationsTable failed: %v", err)
-	}
-
-	// Verify schema_migrations now exists.
-	var tableAfter int
-	if err := conn.QueryRowContext(ctx,
-		"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'",
-	).Scan(&tableAfter); err != nil {
-		t.Fatalf("failed to check for table after bootstrap: %v", err)
-	}
-	if tableAfter != 1 {
-		t.Fatalf("schema_migrations table should exist after bootstrap, got count=%d", tableAfter)
-	}
-
-	// Verify version 0 row exists.
-	var version int
-	if err := conn.QueryRowContext(ctx,
-		"SELECT version FROM schema_migrations WHERE version = 0",
-	).Scan(&version); err != nil {
-		t.Fatalf("version 0 row not found in schema_migrations: %v", err)
-	}
-	if version != 0 {
-		t.Errorf("expected version 0, got %d", version)
-	}
-}

internal/database/file_chunks_test.go

@@ -22,6 +22,7 @@ func TestFileChunkRepository(t *testing.T) {
 	file := &File{
 		Path:       "/test/file.txt",
 		MTime:      testTime,
+		CTime:      testTime,
 		Size:       3072,
 		Mode:       0644,
 		UID:        1000,
@@ -134,6 +135,7 @@ func TestFileChunkRepositoryMultipleFiles(t *testing.T) {
 		file := &File{
 			Path:       types.FilePath(path),
 			MTime:      testTime,
+			CTime:      testTime,
 			Size:       2048,
 			Mode:       0644,
 			UID:        1000,

internal/database/files.go

@@ -25,11 +25,12 @@ func (r *FileRepository) Create(ctx context.Context, tx *sql.Tx, file *File) err
 	}
 
 	query := `
-		INSERT INTO files (id, path, source_path, mtime, size, mode, uid, gid, link_target)
-		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
+		INSERT INTO files (id, path, source_path, mtime, ctime, size, mode, uid, gid, link_target)
+		VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
 		ON CONFLICT(path) DO UPDATE SET
 			source_path = excluded.source_path,
 			mtime = excluded.mtime,
+			ctime = excluded.ctime,
 			size = excluded.size,
 			mode = excluded.mode,
 			uid = excluded.uid,
@@ -41,10 +42,10 @@ func (r *FileRepository) Create(ctx context.Context, tx *sql.Tx, file *File) err
 	var idStr string
 	var err error
 	if tx != nil {
-		LogSQL("Execute", query, file.ID.String(), file.Path.String(), file.SourcePath.String(), file.MTime.Unix(), file.Size, file.Mode, file.UID, file.GID, file.LinkTarget.String())
-		err = tx.QueryRowContext(ctx, query, file.ID.String(), file.Path.String(), file.SourcePath.String(), file.MTime.Unix(), file.Size, file.Mode, file.UID, file.GID, file.LinkTarget.String()).Scan(&idStr)
+		LogSQL("Execute", query, file.ID.String(), file.Path.String(), file.SourcePath.String(), file.MTime.Unix(), file.CTime.Unix(), file.Size, file.Mode, file.UID, file.GID, file.LinkTarget.String())
+		err = tx.QueryRowContext(ctx, query, file.ID.String(), file.Path.String(), file.SourcePath.String(), file.MTime.Unix(), file.CTime.Unix(), file.Size, file.Mode, file.UID, file.GID, file.LinkTarget.String()).Scan(&idStr)
 	} else {
-		err = r.db.QueryRowWithLog(ctx, query, file.ID.String(), file.Path.String(), file.SourcePath.String(), file.MTime.Unix(), file.Size, file.Mode, file.UID, file.GID, file.LinkTarget.String()).Scan(&idStr)
+		err = r.db.QueryRowWithLog(ctx, query, file.ID.String(), file.Path.String(), file.SourcePath.String(), file.MTime.Unix(), file.CTime.Unix(), file.Size, file.Mode, file.UID, file.GID, file.LinkTarget.String()).Scan(&idStr)
 	}
 
 	if err != nil {
@@ -62,7 +63,7 @@ func (r *FileRepository) Create(ctx context.Context, tx *sql.Tx, file *File) err
 
 func (r *FileRepository) GetByPath(ctx context.Context, path string) (*File, error) {
 	query := `
-		SELECT id, path, source_path, mtime, size, mode, uid, gid, link_target
+		SELECT id, path, source_path, mtime, ctime, size, mode, uid, gid, link_target
 		FROM files
 		WHERE path = ?
 	`
@@ -81,7 +82,7 @@ func (r *FileRepository) GetByPath(ctx context.Context, path string) (*File, err
 // GetByID retrieves a file by its UUID
 func (r *FileRepository) GetByID(ctx context.Context, id types.FileID) (*File, error) {
 	query := `
-		SELECT id, path, source_path, mtime, size, mode, uid, gid, link_target
+		SELECT id, path, source_path, mtime, ctime, size, mode, uid, gid, link_target
 		FROM files
 		WHERE id = ?
 	`
@@ -99,7 +100,7 @@ func (r *FileRepository) GetByID(ctx context.Context, id types.FileID) (*File, e
 
 func (r *FileRepository) GetByPathTx(ctx context.Context, tx *sql.Tx, path string) (*File, error) {
 	query := `
-		SELECT id, path, source_path, mtime, size, mode, uid, gid, link_target
+		SELECT id, path, source_path, mtime, ctime, size, mode, uid, gid, link_target
 		FROM files
 		WHERE path = ?
 	`
@@ -122,7 +123,7 @@ func (r *FileRepository) GetByPathTx(ctx context.Context, tx *sql.Tx, path strin
 func (r *FileRepository) scanFile(row *sql.Row) (*File, error) {
 	var file File
 	var idStr, pathStr, sourcePathStr string
-	var mtimeUnix int64
+	var mtimeUnix, ctimeUnix int64
 	var linkTarget sql.NullString
 
 	err := row.Scan(
@@ -130,6 +131,7 @@ func (r *FileRepository) scanFile(row *sql.Row) (*File, error) {
 		&pathStr,
 		&sourcePathStr,
 		&mtimeUnix,
+		&ctimeUnix,
 		&file.Size,
 		&file.Mode,
 		&file.UID,
@@ -147,6 +149,7 @@ func (r *FileRepository) scanFile(row *sql.Row) (*File, error) {
 	file.Path = types.FilePath(pathStr)
 	file.SourcePath = types.SourcePath(sourcePathStr)
 	file.MTime = time.Unix(mtimeUnix, 0).UTC()
+	file.CTime = time.Unix(ctimeUnix, 0).UTC()
 	if linkTarget.Valid {
 		file.LinkTarget = types.FilePath(linkTarget.String)
 	}
@@ -158,7 +161,7 @@ func (r *FileRepository) scanFile(row *sql.Row) (*File, error) {
 func (r *FileRepository) scanFileRows(rows *sql.Rows) (*File, error) {
 	var file File
 	var idStr, pathStr, sourcePathStr string
-	var mtimeUnix int64
+	var mtimeUnix, ctimeUnix int64
 	var linkTarget sql.NullString
 
 	err := rows.Scan(
@@ -166,6 +169,7 @@ func (r *FileRepository) scanFileRows(rows *sql.Rows) (*File, error) {
 		&pathStr,
 		&sourcePathStr,
 		&mtimeUnix,
+		&ctimeUnix,
 		&file.Size,
 		&file.Mode,
 		&file.UID,
@@ -183,6 +187,7 @@ func (r *FileRepository) scanFileRows(rows *sql.Rows) (*File, error) {
 	file.Path = types.FilePath(pathStr)
 	file.SourcePath = types.SourcePath(sourcePathStr)
 	file.MTime = time.Unix(mtimeUnix, 0).UTC()
+	file.CTime = time.Unix(ctimeUnix, 0).UTC()
 	if linkTarget.Valid {
 		file.LinkTarget = types.FilePath(linkTarget.String)
 	}
@@ -192,7 +197,7 @@ func (r *FileRepository) scanFileRows(rows *sql.Rows) (*File, error) {
 
 func (r *FileRepository) ListModifiedSince(ctx context.Context, since time.Time) ([]*File, error) {
 	query := `
-		SELECT id, path, source_path, mtime, size, mode, uid, gid, link_target
+		SELECT id, path, source_path, mtime, ctime, size, mode, uid, gid, link_target
 		FROM files
 		WHERE mtime >= ?
 		ORDER BY path
@@ -253,7 +258,7 @@ func (r *FileRepository) DeleteByID(ctx context.Context, tx *sql.Tx, id types.Fi
 
 func (r *FileRepository) ListByPrefix(ctx context.Context, prefix string) ([]*File, error) {
 	query := `
-		SELECT id, path, source_path, mtime, size, mode, uid, gid, link_target
+		SELECT id, path, source_path, mtime, ctime, size, mode, uid, gid, link_target
 		FROM files
 		WHERE path LIKE ? || '%'
 		ORDER BY path
@@ -280,7 +285,7 @@ func (r *FileRepository) ListByPrefix(ctx context.Context, prefix string) ([]*Fi
 // ListAll returns all files in the database
 func (r *FileRepository) ListAll(ctx context.Context) ([]*File, error) {
 	query := `
-		SELECT id, path, source_path, mtime, size, mode, uid, gid, link_target
+		SELECT id, path, source_path, mtime, ctime, size, mode, uid, gid, link_target
 		FROM files
 		ORDER BY path
 	`
@@ -310,7 +315,7 @@ func (r *FileRepository) CreateBatch(ctx context.Context, tx *sql.Tx, files []*F
 		return nil
 	}
 
-	// Each File has 9 values, so batch at 100 to be safe with SQLite's variable limit
+	// Each File has 10 values, so batch at 100 to be safe with SQLite's variable limit
 	const batchSize = 100
 
 	for i := 0; i < len(files); i += batchSize {
@@ -320,18 +325,19 @@ func (r *FileRepository) CreateBatch(ctx context.Context, tx *sql.Tx, files []*F
 		}
 		batch := files[i:end]
 
-		query := `INSERT INTO files (id, path, source_path, mtime, size, mode, uid, gid, link_target) VALUES `
-		args := make([]interface{}, 0, len(batch)*9)
+		query := `INSERT INTO files (id, path, source_path, mtime, ctime, size, mode, uid, gid, link_target) VALUES `
+		args := make([]interface{}, 0, len(batch)*10)
 		for j, f := range batch {
 			if j > 0 {
 				query += ", "
 			}
-			query += "(?, ?, ?, ?, ?, ?, ?, ?, ?)"
-			args = append(args, f.ID.String(), f.Path.String(), f.SourcePath.String(), f.MTime.Unix(), f.Size, f.Mode, f.UID, f.GID, f.LinkTarget.String())
+			query += "(?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"
+			args = append(args, f.ID.String(), f.Path.String(), f.SourcePath.String(), f.MTime.Unix(), f.CTime.Unix(), f.Size, f.Mode, f.UID, f.GID, f.LinkTarget.String())
 		}
 		query += ` ON CONFLICT(path) DO UPDATE SET
 			source_path = excluded.source_path,
 			mtime = excluded.mtime,
+			ctime = excluded.ctime,
 			size = excluded.size,
 			mode = excluded.mode,
 			uid = excluded.uid,

internal/database/files_test.go

@@ -39,6 +39,7 @@ func TestFileRepository(t *testing.T) {
 	file := &File{
 		Path:       "/test/file.txt",
 		MTime:      time.Now().Truncate(time.Second),
+		CTime:      time.Now().Truncate(time.Second),
 		Size:       1024,
 		Mode:       0644,
 		UID:        1000,
@@ -123,6 +124,7 @@ func TestFileRepositorySymlink(t *testing.T) {
 	symlink := &File{
 		Path:       "/test/link",
 		MTime:      time.Now().Truncate(time.Second),
+		CTime:      time.Now().Truncate(time.Second),
 		Size:       0,
 		Mode:       uint32(0777 | os.ModeSymlink),
 		UID:        1000,
@@ -159,6 +161,7 @@ func TestFileRepositoryTransaction(t *testing.T) {
 		file := &File{
 			Path:  "/test/tx_file.txt",
 			MTime: time.Now().Truncate(time.Second),
+			CTime: time.Now().Truncate(time.Second),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,

internal/database/models.go

@@ -17,6 +17,7 @@ type File struct {
 	Path       types.FilePath   // Absolute path of the file
 	SourcePath types.SourcePath // The source directory this file came from (for restore path stripping)
 	MTime      time.Time
+	CTime      time.Time
 	Size       int64
 	Mode       uint32
 	UID        uint32

internal/database/repositories_test.go

@@ -23,6 +23,7 @@ func TestRepositoriesTransaction(t *testing.T) {
 		file := &File{
 			Path:  "/test/tx_file.txt",
 			MTime: time.Now().Truncate(time.Second),
+			CTime: time.Now().Truncate(time.Second),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,
@@ -145,6 +146,7 @@ func TestRepositoriesTransactionRollback(t *testing.T) {
 		file := &File{
 			Path:  "/test/rollback_file.txt",
 			MTime: time.Now().Truncate(time.Second),
+			CTime: time.Now().Truncate(time.Second),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,
@@ -200,6 +202,7 @@ func TestRepositoriesReadTransaction(t *testing.T) {
 	file := &File{
 		Path:  "/test/read_file.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,
@@ -223,6 +226,7 @@ func TestRepositoriesReadTransaction(t *testing.T) {
 		_ = repos.Files.Create(ctx, tx, &File{
 			Path:  "/test/should_fail.txt",
 			MTime: time.Now(),
+			CTime: time.Now(),
 			Size:  0,
 			Mode:  0644,
 			UID:   1000,

internal/database/repository_comprehensive_test.go

@@ -23,6 +23,7 @@ func TestFileRepositoryUUIDGeneration(t *testing.T) {
 		{
 			Path:  "/file1.txt",
 			MTime: time.Now().Truncate(time.Second),
+			CTime: time.Now().Truncate(time.Second),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,
@@ -31,6 +32,7 @@ func TestFileRepositoryUUIDGeneration(t *testing.T) {
 		{
 			Path:  "/file2.txt",
 			MTime: time.Now().Truncate(time.Second),
+			CTime: time.Now().Truncate(time.Second),
 			Size:  2048,
 			Mode:  0644,
 			UID:   1000,
@@ -70,6 +72,7 @@ func TestFileRepositoryGetByID(t *testing.T) {
 	file := &File{
 		Path:  "/test.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,
@@ -117,6 +120,7 @@ func TestOrphanedFileCleanup(t *testing.T) {
 	file1 := &File{
 		Path:  "/orphaned.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,
@@ -125,6 +129,7 @@ func TestOrphanedFileCleanup(t *testing.T) {
 	file2 := &File{
 		Path:  "/referenced.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  2048,
 		Mode:  0644,
 		UID:   1000,
@@ -213,6 +218,7 @@ func TestOrphanedChunkCleanup(t *testing.T) {
 	file := &File{
 		Path:  "/test.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,
@@ -342,6 +348,7 @@ func TestFileChunkRepositoryWithUUIDs(t *testing.T) {
 	file := &File{
 		Path:  "/test.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  3072,
 		Mode:  0644,
 		UID:   1000,
@@ -412,6 +419,7 @@ func TestChunkFileRepositoryWithUUIDs(t *testing.T) {
 	file1 := &File{
 		Path:  "/file1.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,
@@ -420,6 +428,7 @@ func TestChunkFileRepositoryWithUUIDs(t *testing.T) {
 	file2 := &File{
 		Path:  "/file2.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,
@@ -577,6 +586,7 @@ func TestComplexOrphanedDataScenario(t *testing.T) {
 		files[i] = &File{
 			Path:  types.FilePath(fmt.Sprintf("/file%d.txt", i)),
 			MTime: time.Now().Truncate(time.Second),
+			CTime: time.Now().Truncate(time.Second),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,
@@ -668,6 +678,7 @@ func TestCascadeDelete(t *testing.T) {
 	file := &File{
 		Path:  "/cascade-test.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,
@@ -739,6 +750,7 @@ func TestTransactionIsolation(t *testing.T) {
 		file := &File{
 			Path:  "/tx-test.txt",
 			MTime: time.Now().Truncate(time.Second),
+			CTime: time.Now().Truncate(time.Second),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,
@@ -800,6 +812,7 @@ func TestConcurrentOrphanedCleanup(t *testing.T) {
 		file := &File{
 			Path:  types.FilePath(fmt.Sprintf("/concurrent-%d.txt", i)),
 			MTime: time.Now().Truncate(time.Second),
+			CTime: time.Now().Truncate(time.Second),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,

internal/database/repository_debug_test.go

@@ -18,6 +18,7 @@ func TestOrphanedFileCleanupDebug(t *testing.T) {
 	file1 := &File{
 		Path:  "/orphaned.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,
@@ -26,6 +27,7 @@ func TestOrphanedFileCleanupDebug(t *testing.T) {
 	file2 := &File{
 		Path:  "/referenced.txt",
 		MTime: time.Now().Truncate(time.Second),
+		CTime: time.Now().Truncate(time.Second),
 		Size:  2048,
 		Mode:  0644,
 		UID:   1000,

internal/database/repository_edge_cases_test.go

@@ -29,6 +29,7 @@ func TestFileRepositoryEdgeCases(t *testing.T) {
 			file: &File{
 				Path:  "",
 				MTime: time.Now(),
+				CTime: time.Now(),
 				Size:  1024,
 				Mode:  0644,
 				UID:   1000,
@@ -41,6 +42,7 @@ func TestFileRepositoryEdgeCases(t *testing.T) {
 			file: &File{
 				Path:  types.FilePath("/" + strings.Repeat("a", 4096)),
 				MTime: time.Now(),
+				CTime: time.Now(),
 				Size:  1024,
 				Mode:  0644,
 				UID:   1000,
@@ -53,6 +55,7 @@ func TestFileRepositoryEdgeCases(t *testing.T) {
 			file: &File{
 				Path:  "/test/file with spaces and 特殊文字.txt",
 				MTime: time.Now(),
+				CTime: time.Now(),
 				Size:  1024,
 				Mode:  0644,
 				UID:   1000,
@@ -65,6 +68,7 @@ func TestFileRepositoryEdgeCases(t *testing.T) {
 			file: &File{
 				Path:  "/empty.txt",
 				MTime: time.Now(),
+				CTime: time.Now(),
 				Size:  0,
 				Mode:  0644,
 				UID:   1000,
@@ -77,6 +81,7 @@ func TestFileRepositoryEdgeCases(t *testing.T) {
 			file: &File{
 				Path:       "/link",
 				MTime:      time.Now(),
+				CTime:      time.Now(),
 				Size:       0,
 				Mode:       0777 | 0120000, // symlink mode
 				UID:        1000,
@@ -118,6 +123,7 @@ func TestDuplicateHandling(t *testing.T) {
 		file1 := &File{
 			Path:  "/duplicate.txt",
 			MTime: time.Now(),
+			CTime: time.Now(),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,
@@ -126,6 +132,7 @@ func TestDuplicateHandling(t *testing.T) {
 		file2 := &File{
 			Path:  "/duplicate.txt", // Same path
 			MTime: time.Now().Add(time.Hour),
+			CTime: time.Now().Add(time.Hour),
 			Size:  2048,
 			Mode:  0644,
 			UID:   1000,
@@ -185,6 +192,7 @@ func TestDuplicateHandling(t *testing.T) {
 		file := &File{
 			Path:  "/test-dup-fc.txt",
 			MTime: time.Now(),
+			CTime: time.Now(),
 			Size:  1024,
 			Mode:  0644,
 			UID:   1000,
@@ -236,6 +244,7 @@ func TestNullHandling(t *testing.T) {
 		file := &File{
 			Path:       "/regular.txt",
 			MTime:      time.Now(),
+			CTime:      time.Now(),
 			Size:       1024,
 			Mode:       0644,
 			UID:        1000,
@@ -340,6 +349,7 @@ func TestLargeDatasets(t *testing.T) {
 			file := &File{
 				Path:  types.FilePath(fmt.Sprintf("/large/file%05d.txt", i)),
 				MTime: time.Now(),
+				CTime: time.Now(),
 				Size:  int64(i * 1024),
 				Mode:  0644,
 				UID:   uint32(1000 + (i % 10)),
@@ -464,6 +474,7 @@ func TestQueryInjection(t *testing.T) {
 			file := &File{
 				Path:  types.FilePath(injection),
 				MTime: time.Now(),
+				CTime: time.Now(),
 				Size:  1024,
 				Mode:  0644,
 				UID:   1000,
@@ -502,6 +513,7 @@ func TestTimezoneHandling(t *testing.T) {
 	file := &File{
 		Path:  "/timezone-test.txt",
 		MTime: nyTime,
+		CTime: nyTime,
 		Size:  1024,
 		Mode:  0644,
 		UID:   1000,

internal/database/schema.sql

@@ -1,5 +1,6 @@
--- Migration 001: Initial Vaultik schema
--- All core tables for tracking files, chunks, blobs, snapshots, and uploads.
+-- Vaultik Database Schema
+-- Note: This database does not support migrations. If the schema changes,
+-- delete the local database and perform a full backup to recreate it.
 
 -- Files table: stores metadata about files in the filesystem
 CREATE TABLE IF NOT EXISTS files (
@@ -7,6 +8,7 @@ CREATE TABLE IF NOT EXISTS files (
     path TEXT NOT NULL UNIQUE,
     source_path TEXT NOT NULL DEFAULT '',  -- The source directory this file came from (for restore path stripping)
     mtime INTEGER NOT NULL,
+    ctime INTEGER NOT NULL,
     size INTEGER NOT NULL,
     mode INTEGER NOT NULL,
     uid INTEGER NOT NULL,
@@ -101,7 +103,7 @@ CREATE TABLE IF NOT EXISTS snapshot_files (
     file_id TEXT NOT NULL,
     PRIMARY KEY (snapshot_id, file_id),
     FOREIGN KEY (snapshot_id) REFERENCES snapshots(id) ON DELETE CASCADE,
-    FOREIGN KEY (file_id) REFERENCES files(id) ON DELETE CASCADE
+    FOREIGN KEY (file_id) REFERENCES files(id)
 );
 
 -- Index for efficient file lookups (used in orphan detection)
@@ -114,7 +116,7 @@ CREATE TABLE IF NOT EXISTS snapshot_blobs (
     blob_hash TEXT NOT NULL,
     PRIMARY KEY (snapshot_id, blob_id),
     FOREIGN KEY (snapshot_id) REFERENCES snapshots(id) ON DELETE CASCADE,
-    FOREIGN KEY (blob_id) REFERENCES blobs(id) ON DELETE CASCADE
+    FOREIGN KEY (blob_id) REFERENCES blobs(id)
 );
 
 -- Index for efficient blob lookups (used in orphan detection)
@@ -128,8 +130,8 @@ CREATE TABLE IF NOT EXISTS uploads (
     size INTEGER NOT NULL,
     duration_ms INTEGER NOT NULL,
     FOREIGN KEY (blob_hash) REFERENCES blobs(blob_hash),
-    FOREIGN KEY (snapshot_id) REFERENCES snapshots(id) ON DELETE CASCADE
+    FOREIGN KEY (snapshot_id) REFERENCES snapshots(id)
 );
 
 -- Index for efficient snapshot lookups
-CREATE INDEX IF NOT EXISTS idx_uploads_snapshot_id ON uploads(snapshot_id);
+CREATE INDEX IF NOT EXISTS idx_uploads_snapshot_id ON uploads(snapshot_id);

internal/database/schema/000.sql

@@ -1,9 +0,0 @@
--- Migration 000: Schema migrations tracking table
--- Applied as a bootstrap step before the normal migration loop.
-
-CREATE TABLE IF NOT EXISTS schema_migrations (
-    version INTEGER PRIMARY KEY,
-    applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
-);
-
-INSERT OR IGNORE INTO schema_migrations (version) VALUES (0);

internal/database/schema/008_uploads.sql

@@ -0,0 +1,11 @@
+-- Track blob upload metrics
+CREATE TABLE IF NOT EXISTS uploads (
+    blob_hash TEXT PRIMARY KEY,
+    uploaded_at TIMESTAMP NOT NULL,
+    size INTEGER NOT NULL,
+    duration_ms INTEGER NOT NULL,
+    FOREIGN KEY (blob_hash) REFERENCES blobs(blob_hash)
+);
+
+CREATE INDEX idx_uploads_uploaded_at ON uploads(uploaded_at);
+CREATE INDEX idx_uploads_duration ON uploads(duration_ms);

internal/snapshot/backup_test.go

@@ -345,8 +345,9 @@ func (b *BackupEngine) Backup(ctx context.Context, fsys fs.FS, root string) (str
 			Size:  info.Size(),
 			Mode:  uint32(info.Mode()),
 			MTime: info.ModTime(),
-			UID:   1000, // Default UID for test
-			GID:   1000, // Default GID for test
+			CTime: info.ModTime(), // Use mtime as ctime for test
+			UID:   1000,           // Default UID for test
+			GID:   1000,           // Default GID for test
 		}
 		err = b.repos.WithTx(ctx, func(ctx context.Context, tx *sql.Tx) error {
 			return b.repos.Files.Create(ctx, tx, file)

internal/snapshot/scanner.go

@@ -785,6 +785,7 @@ func (s *Scanner) checkFileInMemory(path string, info os.FileInfo, knownFiles ma
 		Path:       types.FilePath(path),
 		SourcePath: types.SourcePath(s.currentSourcePath), // Store source directory for restore path stripping
 		MTime:      info.ModTime(),
+		CTime:      info.ModTime(), // afero doesn't provide ctime
 		Size:       info.Size(),
 		Mode:       uint32(info.Mode()),
 		UID:        uid,

internal/vaultik/blob_fetch.go

@@ -1,93 +0,0 @@
-package vaultik
-
-import (
-	"context"
-	"crypto/sha256"
-	"encoding/hex"
-	"fmt"
-	"io"
-
-	"filippo.io/age"
-	"git.eeqj.de/sneak/vaultik/internal/blobgen"
-)
-
-// hashVerifyReader wraps a blobgen.Reader and verifies the double-SHA-256 hash
-// of decrypted plaintext when Close is called. It reuses the hash that
-// blobgen.Reader already computes internally via its TeeReader, avoiding
-// redundant SHA-256 computation.
-type hashVerifyReader struct {
-	reader   *blobgen.Reader // underlying decrypted blob reader (has internal hasher)
-	fetcher  io.ReadCloser   // raw fetched stream (closed on Close)
-	blobHash string          // expected double-SHA-256 hex
-	done     bool            // EOF reached
-}
-
-func (h *hashVerifyReader) Read(p []byte) (int, error) {
-	n, err := h.reader.Read(p)
-	if err == io.EOF {
-		h.done = true
-	}
-	return n, err
-}
-
-// Close verifies the hash (if the stream was fully read) and closes underlying readers.
-func (h *hashVerifyReader) Close() error {
-	readerErr := h.reader.Close()
-	fetcherErr := h.fetcher.Close()
-
-	if h.done {
-		firstHash := h.reader.Sum256()
-		secondHasher := sha256.New()
-		secondHasher.Write(firstHash)
-		actualHashHex := hex.EncodeToString(secondHasher.Sum(nil))
-		if actualHashHex != h.blobHash {
-			return fmt.Errorf("blob hash mismatch: expected %s, got %s", h.blobHash[:16], actualHashHex[:16])
-		}
-	}
-
-	if readerErr != nil {
-		return readerErr
-	}
-	return fetcherErr
-}
-
-// FetchAndDecryptBlob downloads a blob, decrypts and decompresses it, and
-// returns a streaming reader that computes the double-SHA-256 hash on the fly.
-// The hash is verified when the returned reader is closed (after fully reading).
-// This avoids buffering the entire blob in memory.
-func (v *Vaultik) FetchAndDecryptBlob(ctx context.Context, blobHash string, expectedSize int64, identity age.Identity) (io.ReadCloser, error) {
-	rc, _, err := v.FetchBlob(ctx, blobHash, expectedSize)
-	if err != nil {
-		return nil, err
-	}
-
-	reader, err := blobgen.NewReader(rc, identity)
-	if err != nil {
-		_ = rc.Close()
-		return nil, fmt.Errorf("creating blob reader: %w", err)
-	}
-
-	return &hashVerifyReader{
-		reader:   reader,
-		fetcher:  rc,
-		blobHash: blobHash,
-	}, nil
-}
-
-// FetchBlob downloads a blob and returns a reader for the encrypted data.
-func (v *Vaultik) FetchBlob(ctx context.Context, blobHash string, expectedSize int64) (io.ReadCloser, int64, error) {
-	blobPath := fmt.Sprintf("blobs/%s/%s/%s", blobHash[:2], blobHash[2:4], blobHash)
-
-	rc, err := v.Storage.Get(ctx, blobPath)
-	if err != nil {
-		return nil, 0, fmt.Errorf("downloading blob %s: %w", blobHash[:16], err)
-	}
-
-	info, err := v.Storage.Stat(ctx, blobPath)
-	if err != nil {
-		_ = rc.Close()
-		return nil, 0, fmt.Errorf("stat blob %s: %w", blobHash[:16], err)
-	}
-
-	return rc, info.Size, nil
-}

internal/vaultik/blob_fetch_hash_test.go

@@ -1,100 +0,0 @@
-package vaultik_test
-
-import (
-	"bytes"
-	"context"
-	"crypto/sha256"
-	"encoding/hex"
-	"io"
-	"strings"
-	"testing"
-
-	"filippo.io/age"
-	"git.eeqj.de/sneak/vaultik/internal/blobgen"
-	"git.eeqj.de/sneak/vaultik/internal/vaultik"
-)
-
-// TestFetchAndDecryptBlobVerifiesHash verifies that FetchAndDecryptBlob checks
-// the double-SHA-256 hash of the decrypted plaintext against the expected blob hash.
-func TestFetchAndDecryptBlobVerifiesHash(t *testing.T) {
-	identity, err := age.GenerateX25519Identity()
-	if err != nil {
-		t.Fatalf("generating identity: %v", err)
-	}
-
-	// Create test data and encrypt it using blobgen.Writer
-	plaintext := []byte("hello world test data for blob hash verification")
-	var encBuf bytes.Buffer
-	writer, err := blobgen.NewWriter(&encBuf, 1, []string{identity.Recipient().String()})
-	if err != nil {
-		t.Fatalf("creating blobgen writer: %v", err)
-	}
-	if _, err := writer.Write(plaintext); err != nil {
-		t.Fatalf("writing plaintext: %v", err)
-	}
-	if err := writer.Close(); err != nil {
-		t.Fatalf("closing writer: %v", err)
-	}
-	encryptedData := encBuf.Bytes()
-
-	// Compute correct double-SHA-256 hash of the plaintext (matches blobgen.Writer.Sum256)
-	firstHash := sha256.Sum256(plaintext)
-	secondHash := sha256.Sum256(firstHash[:])
-	correctHash := hex.EncodeToString(secondHash[:])
-
-	// Verify our hash matches what blobgen.Writer produces
-	writerHash := hex.EncodeToString(writer.Sum256())
-	if correctHash != writerHash {
-		t.Fatalf("hash computation mismatch: manual=%s, writer=%s", correctHash, writerHash)
-	}
-
-	// Set up mock storage with the blob at the correct path
-	mockStorage := NewMockStorer()
-	blobPath := "blobs/" + correctHash[:2] + "/" + correctHash[2:4] + "/" + correctHash
-	mockStorage.mu.Lock()
-	mockStorage.data[blobPath] = encryptedData
-	mockStorage.mu.Unlock()
-
-	tv := vaultik.NewForTesting(mockStorage)
-	ctx := context.Background()
-
-	t.Run("correct hash succeeds", func(t *testing.T) {
-		rc, err := tv.FetchAndDecryptBlob(ctx, correctHash, int64(len(encryptedData)), identity)
-		if err != nil {
-			t.Fatalf("expected success, got error: %v", err)
-		}
-		data, err := io.ReadAll(rc)
-		if err != nil {
-			t.Fatalf("reading stream: %v", err)
-		}
-		if err := rc.Close(); err != nil {
-			t.Fatalf("close (hash verification) failed: %v", err)
-		}
-		if !bytes.Equal(data, plaintext) {
-			t.Fatalf("decrypted data mismatch: got %q, want %q", data, plaintext)
-		}
-	})
-
-	t.Run("wrong hash fails", func(t *testing.T) {
-		// Use a fake hash that doesn't match the actual plaintext
-		fakeHash := strings.Repeat("ab", 32) // 64 hex chars
-		fakePath := "blobs/" + fakeHash[:2] + "/" + fakeHash[2:4] + "/" + fakeHash
-		mockStorage.mu.Lock()
-		mockStorage.data[fakePath] = encryptedData
-		mockStorage.mu.Unlock()
-
-		rc, err := tv.FetchAndDecryptBlob(ctx, fakeHash, int64(len(encryptedData)), identity)
-		if err != nil {
-			t.Fatalf("unexpected error opening stream: %v", err)
-		}
-		// Read all data — hash is verified on Close
-		_, _ = io.ReadAll(rc)
-		err = rc.Close()
-		if err == nil {
-			t.Fatal("expected error for mismatched hash, got nil")
-		}
-		if !strings.Contains(err.Error(), "hash mismatch") {
-			t.Fatalf("expected hash mismatch error, got: %v", err)
-		}
-	})
-}

internal/vaultik/blob_fetch_stub.go

@@ -0,0 +1,55 @@
+package vaultik
+
+import (
+	"context"
+	"fmt"
+	"io"
+
+	"filippo.io/age"
+	"git.eeqj.de/sneak/vaultik/internal/blobgen"
+)
+
+// FetchAndDecryptBlobResult holds the result of fetching and decrypting a blob.
+type FetchAndDecryptBlobResult struct {
+	Data []byte
+}
+
+// FetchAndDecryptBlob downloads a blob, decrypts it, and returns the plaintext data.
+func (v *Vaultik) FetchAndDecryptBlob(ctx context.Context, blobHash string, expectedSize int64, identity age.Identity) (*FetchAndDecryptBlobResult, error) {
+	rc, _, err := v.FetchBlob(ctx, blobHash, expectedSize)
+	if err != nil {
+		return nil, err
+	}
+	defer func() { _ = rc.Close() }()
+
+	reader, err := blobgen.NewReader(rc, identity)
+	if err != nil {
+		return nil, fmt.Errorf("creating blob reader: %w", err)
+	}
+	defer func() { _ = reader.Close() }()
+
+	data, err := io.ReadAll(reader)
+	if err != nil {
+		return nil, fmt.Errorf("reading blob data: %w", err)
+	}
+
+	return &FetchAndDecryptBlobResult{Data: data}, nil
+}
+
+// FetchBlob downloads a blob and returns a reader for the encrypted data.
+func (v *Vaultik) FetchBlob(ctx context.Context, blobHash string, expectedSize int64) (io.ReadCloser, int64, error) {
+	blobPath := fmt.Sprintf("blobs/%s/%s/%s", blobHash[:2], blobHash[2:4], blobHash)
+
+	rc, err := v.Storage.Get(ctx, blobPath)
+	if err != nil {
+		return nil, 0, fmt.Errorf("downloading blob %s: %w", blobHash[:16], err)
+	}
+
+	info, err := v.Storage.Stat(ctx, blobPath)
+	if err != nil {
+		_ = rc.Close()
+		return nil, 0, fmt.Errorf("stat blob %s: %w", blobHash[:16], err)
+	}
+
+	return rc, info.Size, nil
+}

internal/vaultik/helpers.go

@@ -79,22 +79,6 @@ func parseSnapshotTimestamp(snapshotID string) (time.Time, error) {
 	return timestamp.UTC(), nil
 }
 
-// parseSnapshotName extracts the snapshot name from a snapshot ID.
-// Format: hostname_snapshotname_timestamp — the middle part(s) between hostname
-// and the RFC3339 timestamp are the snapshot name (may contain underscores).
-// Returns the snapshot name, or empty string if the ID is malformed.
-func parseSnapshotName(snapshotID string) string {
-	parts := strings.Split(snapshotID, "_")
-	if len(parts) < 3 {
-		// Format: hostname_timestamp — no snapshot name
-		return ""
-	}
-	// Format: hostname_name_timestamp — middle parts are the name.
-	// The last part is the RFC3339 timestamp, the first part is the hostname,
-	// everything in between is the snapshot name (which may itself contain underscores).
-	return strings.Join(parts[1:len(parts)-1], "_")
-}
-
 // parseDuration parses a duration string with support for days
 func parseDuration(s string) (time.Duration, error) {
 	// Check for days suffix

internal/vaultik/helpers_test.go

@@ -1,76 +0,0 @@
-package vaultik
-
-import (
-	"testing"
-)
-
-func TestParseSnapshotName(t *testing.T) {
-	tests := []struct {
-		name       string
-		snapshotID string
-		want       string
-	}{
-		{
-			name:       "standard format with name",
-			snapshotID: "myhost_home_2026-01-12T14:41:15Z",
-			want:       "home",
-		},
-		{
-			name:       "standard format with different name",
-			snapshotID: "server1_system_2026-02-15T09:30:00Z",
-			want:       "system",
-		},
-		{
-			name:       "name with underscores",
-			snapshotID: "myhost_my_special_backup_2026-03-01T00:00:00Z",
-			want:       "my_special_backup",
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			got := parseSnapshotName(tt.snapshotID)
-			if got != tt.want {
-				t.Errorf("parseSnapshotName(%q) = %q, want %q", tt.snapshotID, got, tt.want)
-			}
-		})
-	}
-}
-
-func TestParseSnapshotTimestamp(t *testing.T) {
-	tests := []struct {
-		name       string
-		snapshotID string
-		wantErr    bool
-	}{
-		{
-			name:       "valid with name",
-			snapshotID: "myhost_home_2026-01-12T14:41:15Z",
-			wantErr:    false,
-		},
-		{
-			name:       "valid without name",
-			snapshotID: "myhost_2026-01-12T14:41:15Z",
-			wantErr:    false,
-		},
-		{
-			name:       "invalid - single part",
-			snapshotID: "nounderscore",
-			wantErr:    true,
-		},
-		{
-			name:       "invalid - bad timestamp",
-			snapshotID: "myhost_home_notadate",
-			wantErr:    true,
-		},
-	}
-
-	for _, tt := range tests {
-		t.Run(tt.name, func(t *testing.T) {
-			_, err := parseSnapshotTimestamp(tt.snapshotID)
-			if (err != nil) != tt.wantErr {
-				t.Errorf("parseSnapshotTimestamp(%q) error = %v, wantErr %v", tt.snapshotID, err, tt.wantErr)
-			}
-		})
-	}
-}

internal/vaultik/purge_per_name_test.go

@@ -1,256 +0,0 @@
-package vaultik_test
-
-import (
-	"bytes"
-	"context"
-	"database/sql"
-	"strings"
-	"testing"
-	"time"
-
-	"git.eeqj.de/sneak/vaultik/internal/database"
-	"git.eeqj.de/sneak/vaultik/internal/log"
-	"git.eeqj.de/sneak/vaultik/internal/types"
-	"git.eeqj.de/sneak/vaultik/internal/vaultik"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-)
-
-// setupPurgeTest creates a Vaultik instance with an in-memory database and mock
-// storage pre-populated with the given snapshot IDs. Each snapshot is marked as
-// completed. Remote metadata stubs are created so syncWithRemote keeps them.
-func setupPurgeTest(t *testing.T, snapshotIDs []string) *vaultik.Vaultik {
-	t.Helper()
-	log.Initialize(log.Config{})
-
-	ctx := context.Background()
-	db, err := database.New(ctx, ":memory:")
-	require.NoError(t, err)
-	t.Cleanup(func() { _ = db.Close() })
-
-	repos := database.NewRepositories(db)
-	mockStorage := NewMockStorer()
-
-	// Insert each snapshot into the DB and create remote metadata stubs.
-	// Use timestamps parsed from snapshot IDs for realistic ordering.
-	for _, id := range snapshotIDs {
-		// Parse timestamp from the snapshot ID
-		parts := strings.Split(id, "_")
-		timestampStr := parts[len(parts)-1]
-		startedAt, err := time.Parse(time.RFC3339, timestampStr)
-		require.NoError(t, err, "parsing timestamp from snapshot ID %q", id)
-
-		completedAt := startedAt.Add(5 * time.Minute)
-		snap := &database.Snapshot{
-			ID:             types.SnapshotID(id),
-			Hostname:       "testhost",
-			VaultikVersion: "test",
-			StartedAt:      startedAt,
-			CompletedAt:    &completedAt,
-		}
-		err = repos.WithTx(ctx, func(ctx context.Context, tx *sql.Tx) error {
-			return repos.Snapshots.Create(ctx, tx, snap)
-		})
-		require.NoError(t, err, "creating snapshot %s", id)
-
-		// Create remote metadata stub so syncWithRemote keeps it
-		metadataKey := "metadata/" + id + "/manifest.json.zst"
-		err = mockStorage.Put(ctx, metadataKey, strings.NewReader("stub"))
-		require.NoError(t, err)
-	}
-
-	stdout := &bytes.Buffer{}
-	stderr := &bytes.Buffer{}
-	stdin := &bytes.Buffer{}
-
-	v := &vaultik.Vaultik{
-		Storage:      mockStorage,
-		Repositories: repos,
-		DB:           db,
-		Stdout:       stdout,
-		Stderr:       stderr,
-		Stdin:        stdin,
-	}
-	v.SetContext(ctx)
-
-	return v
-}
-
-// listRemainingSnapshots returns IDs of all completed snapshots in the database.
-func listRemainingSnapshots(t *testing.T, v *vaultik.Vaultik) []string {
-	t.Helper()
-	ctx := context.Background()
-	dbSnaps, err := v.Repositories.Snapshots.ListRecent(ctx, 10000)
-	require.NoError(t, err)
-
-	var ids []string
-	for _, s := range dbSnaps {
-		if s.CompletedAt != nil {
-			ids = append(ids, s.ID.String())
-		}
-	}
-	return ids
-}
-
-func TestPurgeKeepLatest_PerName(t *testing.T) {
-	// Create snapshots for two different names: "home" and "system".
-	// With per-name --keep-latest, the latest of each should be kept.
-	snapshotIDs := []string{
-		"testhost_system_2026-01-01T00:00:00Z",
-		"testhost_home_2026-01-01T01:00:00Z",
-		"testhost_system_2026-01-01T02:00:00Z",
-		"testhost_home_2026-01-01T03:00:00Z",
-		"testhost_system_2026-01-01T04:00:00Z",
-	}
-
-	v := setupPurgeTest(t, snapshotIDs)
-
-	err := v.PurgeSnapshotsWithOptions(&vaultik.SnapshotPurgeOptions{
-		KeepLatest: true,
-		Force:      true,
-	})
-	require.NoError(t, err)
-
-	remaining := listRemainingSnapshots(t, v)
-
-	// Should keep the latest of each name
-	assert.Len(t, remaining, 2, "should keep exactly 2 snapshots (one per name)")
-	assert.Contains(t, remaining, "testhost_system_2026-01-01T04:00:00Z", "should keep latest system")
-	assert.Contains(t, remaining, "testhost_home_2026-01-01T03:00:00Z", "should keep latest home")
-}
-
-func TestPurgeKeepLatest_SingleName(t *testing.T) {
-	// All snapshots have the same name — keep-latest should keep exactly one.
-	snapshotIDs := []string{
-		"testhost_home_2026-01-01T00:00:00Z",
-		"testhost_home_2026-01-01T01:00:00Z",
-		"testhost_home_2026-01-01T02:00:00Z",
-	}
-
-	v := setupPurgeTest(t, snapshotIDs)
-
-	err := v.PurgeSnapshotsWithOptions(&vaultik.SnapshotPurgeOptions{
-		KeepLatest: true,
-		Force:      true,
-	})
-	require.NoError(t, err)
-
-	remaining := listRemainingSnapshots(t, v)
-	assert.Len(t, remaining, 1)
-	assert.Contains(t, remaining, "testhost_home_2026-01-01T02:00:00Z", "should keep the newest")
-}
-
-func TestPurgeKeepLatest_WithNameFilter(t *testing.T) {
-	// Use --name to filter purge to only "home" snapshots.
-	// "system" snapshots should be untouched.
-	snapshotIDs := []string{
-		"testhost_system_2026-01-01T00:00:00Z",
-		"testhost_home_2026-01-01T01:00:00Z",
-		"testhost_system_2026-01-01T02:00:00Z",
-		"testhost_home_2026-01-01T03:00:00Z",
-		"testhost_home_2026-01-01T04:00:00Z",
-	}
-
-	v := setupPurgeTest(t, snapshotIDs)
-
-	err := v.PurgeSnapshotsWithOptions(&vaultik.SnapshotPurgeOptions{
-		KeepLatest: true,
-		Force:      true,
-		Name:       "home",
-	})
-	require.NoError(t, err)
-
-	remaining := listRemainingSnapshots(t, v)
-
-	// 2 system snapshots untouched + 1 latest home = 3
-	assert.Len(t, remaining, 3)
-	assert.Contains(t, remaining, "testhost_system_2026-01-01T00:00:00Z")
-	assert.Contains(t, remaining, "testhost_system_2026-01-01T02:00:00Z")
-	assert.Contains(t, remaining, "testhost_home_2026-01-01T04:00:00Z")
-}
-
-func TestPurgeKeepLatest_NoSnapshots(t *testing.T) {
-	v := setupPurgeTest(t, nil)
-
-	err := v.PurgeSnapshotsWithOptions(&vaultik.SnapshotPurgeOptions{
-		KeepLatest: true,
-		Force:      true,
-	})
-	require.NoError(t, err)
-}
-
-func TestPurgeKeepLatest_NameFilterNoMatch(t *testing.T) {
-	snapshotIDs := []string{
-		"testhost_system_2026-01-01T00:00:00Z",
-		"testhost_system_2026-01-01T01:00:00Z",
-	}
-
-	v := setupPurgeTest(t, snapshotIDs)
-
-	err := v.PurgeSnapshotsWithOptions(&vaultik.SnapshotPurgeOptions{
-		KeepLatest: true,
-		Force:      true,
-		Name:       "nonexistent",
-	})
-	require.NoError(t, err)
-
-	// All snapshots should remain — the name filter matched nothing
-	remaining := listRemainingSnapshots(t, v)
-	assert.Len(t, remaining, 2)
-}
-
-func TestPurgeOlderThan_WithNameFilter(t *testing.T) {
-	// Snapshots with different names and timestamps.
-	// --older-than should apply only to the named subset when --name is used.
-	snapshotIDs := []string{
-		"testhost_system_2020-01-01T00:00:00Z",
-		"testhost_home_2020-01-01T00:00:00Z",
-		"testhost_system_2026-01-01T00:00:00Z",
-		"testhost_home_2026-01-01T00:00:00Z",
-	}
-
-	v := setupPurgeTest(t, snapshotIDs)
-
-	// Purge only "home" snapshots older than 365 days
-	err := v.PurgeSnapshotsWithOptions(&vaultik.SnapshotPurgeOptions{
-		OlderThan: "365d",
-		Force:     true,
-		Name:      "home",
-	})
-	require.NoError(t, err)
-
-	remaining := listRemainingSnapshots(t, v)
-
-	// Old system stays (not filtered by name), old home deleted, recent ones stay
-	assert.Len(t, remaining, 3)
-	assert.Contains(t, remaining, "testhost_system_2020-01-01T00:00:00Z")
-	assert.Contains(t, remaining, "testhost_system_2026-01-01T00:00:00Z")
-	assert.Contains(t, remaining, "testhost_home_2026-01-01T00:00:00Z")
-}
-
-func TestPurgeKeepLatest_ThreeNames(t *testing.T) {
-	// Three different snapshot names with multiple snapshots each.
-	snapshotIDs := []string{
-		"testhost_home_2026-01-01T00:00:00Z",
-		"testhost_system_2026-01-01T01:00:00Z",
-		"testhost_media_2026-01-01T02:00:00Z",
-		"testhost_home_2026-01-01T03:00:00Z",
-		"testhost_system_2026-01-01T04:00:00Z",
-		"testhost_media_2026-01-01T05:00:00Z",
-		"testhost_home_2026-01-01T06:00:00Z",
-	}
-
-	v := setupPurgeTest(t, snapshotIDs)
-
-	err := v.PurgeSnapshotsWithOptions(&vaultik.SnapshotPurgeOptions{
-		KeepLatest: true,
-		Force:      true,
-	})
-	require.NoError(t, err)
-
-	remaining := listRemainingSnapshots(t, v)
-	assert.Len(t, remaining, 3, "should keep one per name")
-	assert.Contains(t, remaining, "testhost_home_2026-01-01T06:00:00Z")
-	assert.Contains(t, remaining, "testhost_system_2026-01-01T04:00:00Z")
-	assert.Contains(t, remaining, "testhost_media_2026-01-01T05:00:00Z")
-}

internal/vaultik/restore.go

@@ -22,13 +22,6 @@ import (
 	"golang.org/x/term"
 )
 
-const (
-	// progressBarWidth is the character width of the progress bar display.
-	progressBarWidth = 40
-	// progressBarThrottle is the minimum interval between progress bar redraws.
-	progressBarThrottle = 100 * time.Millisecond
-)
-
 // RestoreOptions contains options for the restore operation
 type RestoreOptions struct {
 	SnapshotID string
@@ -179,15 +172,6 @@ func (v *Vaultik) restoreAllFiles(
 	}
 	defer func() { _ = blobCache.Close() }()
 
-	// Calculate total bytes for progress bar
-	var totalBytesExpected int64
-	for _, file := range files {
-		totalBytesExpected += file.Size
-	}
-
-	// Create progress bar if output is a terminal
-	bar := v.newProgressBar("Restoring", totalBytesExpected)
-
 	for i, file := range files {
 		if v.ctx.Err() != nil {
 			return nil, v.ctx.Err()
@@ -197,19 +181,11 @@ func (v *Vaultik) restoreAllFiles(
 			log.Error("Failed to restore file", "path", file.Path, "error", err)
 			result.FilesFailed++
 			result.FailedFiles = append(result.FailedFiles, file.Path.String())
-			// Update progress bar even on failure
-			if bar != nil {
-				_ = bar.Add64(file.Size)
-			}
+			// Continue with other files
 			continue
 		}
 
-		// Update progress bar
-		if bar != nil {
-			_ = bar.Add64(file.Size)
-		}
-
-		// Progress logging (for non-terminal or structured logs)
+		// Progress logging
 		if (i+1)%100 == 0 || i+1 == len(files) {
 			log.Info("Restore progress",
 				"files", fmt.Sprintf("%d/%d", i+1, len(files)),
@@ -218,10 +194,6 @@ func (v *Vaultik) restoreAllFiles(
 		}
 	}
 
-	if bar != nil {
-		_ = bar.Finish()
-	}
-
 	return result, nil
 }
 
@@ -558,23 +530,11 @@ func (v *Vaultik) restoreRegularFile(
 
 // downloadBlob downloads and decrypts a blob
 func (v *Vaultik) downloadBlob(ctx context.Context, blobHash string, expectedSize int64, identity age.Identity) ([]byte, error) {
-	rc, err := v.FetchAndDecryptBlob(ctx, blobHash, expectedSize, identity)
+	result, err := v.FetchAndDecryptBlob(ctx, blobHash, expectedSize, identity)
 	if err != nil {
 		return nil, err
 	}
-
-	data, err := io.ReadAll(rc)
-	if err != nil {
-		_ = rc.Close()
-		return nil, fmt.Errorf("reading blob data: %w", err)
-	}
-
-	// Close triggers hash verification
-	if err := rc.Close(); err != nil {
-		return nil, err
-	}
-
-	return data, nil
+	return result.Data, nil
 }
 
 // verifyRestoredFiles verifies that all restored files match their expected chunk hashes
@@ -612,7 +572,22 @@ func (v *Vaultik) verifyRestoredFiles(
 	)
 
 	// Create progress bar if output is a terminal
-	bar := v.newProgressBar("Verifying", totalBytes)
+	var bar *progressbar.ProgressBar
+	if isTerminal() {
+		bar = progressbar.NewOptions64(
+			totalBytes,
+			progressbar.OptionSetDescription("Verifying"),
+			progressbar.OptionSetWriter(v.Stderr),
+			progressbar.OptionShowBytes(true),
+			progressbar.OptionShowCount(),
+			progressbar.OptionSetWidth(40),
+			progressbar.OptionThrottle(100*time.Millisecond),
+			progressbar.OptionOnCompletion(func() {
+				v.printfStderr("\n")
+			}),
+			progressbar.OptionSetRenderBlankState(true),
+		)
+	}
 
 	// Verify each file
 	for _, file := range regularFiles {
@@ -706,37 +681,7 @@ func (v *Vaultik) verifyFile(
 	return bytesVerified, nil
 }
 
-// newProgressBar creates a terminal-aware progress bar with standard options.
-// It returns nil if stdout is not a terminal.
-func (v *Vaultik) newProgressBar(description string, total int64) *progressbar.ProgressBar {
-	if !v.isTerminal() {
-		return nil
-	}
-	return progressbar.NewOptions64(
-		total,
-		progressbar.OptionSetDescription(description),
-		progressbar.OptionSetWriter(v.Stderr),
-		progressbar.OptionShowBytes(true),
-		progressbar.OptionShowCount(),
-		progressbar.OptionSetWidth(progressBarWidth),
-		progressbar.OptionThrottle(progressBarThrottle),
-		progressbar.OptionOnCompletion(func() {
-			v.printfStderr("\n")
-		}),
-		progressbar.OptionSetRenderBlankState(true),
-	)
-}
-
-// isTerminal returns true if stdout is a terminal.
-// It checks whether v.Stdout implements Fd() (i.e. is an *os.File),
-// and falls back to false for non-file writers (e.g. in tests).
-func (v *Vaultik) isTerminal() bool {
-	type fder interface {
-		Fd() uintptr
-	}
-	f, ok := v.Stdout.(fder)
-	if !ok {
-		return false
-	}
-	return term.IsTerminal(int(f.Fd()))
+// isTerminal returns true if stdout is a terminal
+func isTerminal() bool {
+	return term.IsTerminal(int(os.Stdout.Fd()))
 }

internal/vaultik/snapshot.go

@@ -8,7 +8,6 @@ import (
 	"regexp"
 	"sort"
 	"strings"
-	"sync"
 	"text/tabwriter"
 	"time"
 
@@ -17,7 +16,6 @@ import (
 	"git.eeqj.de/sneak/vaultik/internal/snapshot"
 	"git.eeqj.de/sneak/vaultik/internal/types"
 	"github.com/dustin/go-humanize"
-	"golang.org/x/sync/errgroup"
 )
 
 // SnapshotCreateOptions contains options for the snapshot create command
@@ -97,10 +95,7 @@ func (v *Vaultik) CreateSnapshot(opts *SnapshotCreateOptions) error {
 		log.Info("Pruning enabled - deleting old snapshots and unreferenced blobs")
 		v.printlnStdout("\nPruning old snapshots (keeping latest)...")
 
-		if err := v.PurgeSnapshotsWithOptions(&SnapshotPurgeOptions{
-			KeepLatest: true,
-			Force:      true,
-		}); err != nil {
+		if err := v.PurgeSnapshots(true, "", true); err != nil {
 			return fmt.Errorf("prune: purging old snapshots: %w", err)
 		}
 
@@ -424,7 +419,7 @@ func (v *Vaultik) listRemoteSnapshotIDs() (map[string]bool, error) {
 	return remoteSnapshots, nil
 }
 
-// reconcileLocalWithRemote builds a map of local snapshots keyed by ID for cross-referencing with remote
+// reconcileLocalWithRemote removes local snapshots not in remote and returns the surviving local map
 func (v *Vaultik) reconcileLocalWithRemote(remoteSnapshots map[string]bool) (map[string]*database.Snapshot, error) {
 	localSnapshots, err := v.Repositories.Snapshots.ListRecent(v.ctx, 10000)
 	if err != nil {
@@ -436,6 +431,19 @@ func (v *Vaultik) reconcileLocalWithRemote(remoteSnapshots map[string]bool) (map
 		localSnapshotMap[s.ID.String()] = s
 	}
 
+	for _, snap := range localSnapshots {
+		snapshotIDStr := snap.ID.String()
+		if !remoteSnapshots[snapshotIDStr] {
+			log.Info("Removing local snapshot not found in remote", "snapshot_id", snap.ID)
+			if err := v.deleteSnapshotFromLocalDB(snapshotIDStr); err != nil {
+				log.Error("Failed to delete local snapshot", "snapshot_id", snap.ID, "error", err)
+			} else {
+				log.Info("Deleted local snapshot not found in remote", "snapshot_id", snap.ID)
+				delete(localSnapshotMap, snapshotIDStr)
+			}
+		}
+	}
+
 	return localSnapshotMap, nil
 }
 
@@ -443,9 +451,6 @@ func (v *Vaultik) reconcileLocalWithRemote(remoteSnapshots map[string]bool) (map
 func (v *Vaultik) buildSnapshotInfoList(remoteSnapshots map[string]bool, localSnapshotMap map[string]*database.Snapshot) ([]SnapshotInfo, error) {
 	snapshots := make([]SnapshotInfo, 0, len(remoteSnapshots))
 
-	// remoteOnly collects snapshot IDs that need a manifest download.
-	var remoteOnly []string
-
 	for snapshotID := range remoteSnapshots {
 		if localSnap, exists := localSnapshotMap[snapshotID]; exists && localSnap.CompletedAt != nil {
 			totalSize, err := v.Repositories.Snapshots.GetSnapshotTotalCompressedSize(v.ctx, snapshotID)
@@ -466,73 +471,16 @@ func (v *Vaultik) buildSnapshotInfoList(remoteSnapshots map[string]bool, localSn
 				continue
 			}
 
-			// Pre-add with zero size; will be filled by concurrent downloads.
+			totalSize, err := v.getManifestSize(snapshotID)
+			if err != nil {
+				return nil, fmt.Errorf("failed to get manifest size for %s: %w", snapshotID, err)
+			}
+
 			snapshots = append(snapshots, SnapshotInfo{
 				ID:             types.SnapshotID(snapshotID),
 				Timestamp:      timestamp,
-				CompressedSize: 0,
+				CompressedSize: totalSize,
 			})
-			remoteOnly = append(remoteOnly, snapshotID)
-		}
-	}
-
-	// Download manifests concurrently for remote-only snapshots.
-	if len(remoteOnly) > 0 {
-		// maxConcurrentManifestDownloads bounds parallel manifest fetches to
-		// avoid overwhelming the S3 endpoint while still being much faster
-		// than serial downloads.
-		const maxConcurrentManifestDownloads = 10
-
-		type manifestResult struct {
-			snapshotID string
-			size       int64
-		}
-
-		var (
-			mu      sync.Mutex
-			results []manifestResult
-		)
-
-		g, gctx := errgroup.WithContext(v.ctx)
-		g.SetLimit(maxConcurrentManifestDownloads)
-
-		for _, sid := range remoteOnly {
-			g.Go(func() error {
-				manifestPath := fmt.Sprintf("metadata/%s/manifest.json.zst", sid)
-				reader, err := v.Storage.Get(gctx, manifestPath)
-				if err != nil {
-					return fmt.Errorf("downloading manifest for %s: %w", sid, err)
-				}
-				defer func() { _ = reader.Close() }()
-
-				manifest, err := snapshot.DecodeManifest(reader)
-				if err != nil {
-					return fmt.Errorf("decoding manifest for %s: %w", sid, err)
-				}
-
-				mu.Lock()
-				results = append(results, manifestResult{
-					snapshotID: sid,
-					size:       manifest.TotalCompressedSize,
-				})
-				mu.Unlock()
-				return nil
-			})
-		}
-
-		if err := g.Wait(); err != nil {
-			return nil, fmt.Errorf("fetching manifest sizes: %w", err)
-		}
-
-		// Build a lookup from results and patch the pre-added entries.
-		sizeMap := make(map[string]int64, len(results))
-		for _, r := range results {
-			sizeMap[r.snapshotID] = r.size
-		}
-		for i := range snapshots {
-			if sz, ok := sizeMap[string(snapshots[i].ID)]; ok {
-				snapshots[i].CompressedSize = sz
-			}
 		}
 	}
 
@@ -585,19 +533,8 @@ func (v *Vaultik) printSnapshotTable(snapshots []SnapshotInfo) error {
 	return w.Flush()
 }
 
-// SnapshotPurgeOptions contains options for the snapshot purge command
-type SnapshotPurgeOptions struct {
-	KeepLatest bool
-	OlderThan  string
-	Force      bool
-	Name       string // Filter purge to a specific snapshot name
-}
-
-// PurgeSnapshotsWithOptions removes old snapshots based on criteria.
-// When KeepLatest is true, retention is applied per snapshot name — the latest
-// snapshot for each distinct name is kept. If Name is non-empty, only snapshots
-// matching that name are considered for purge.
-func (v *Vaultik) PurgeSnapshotsWithOptions(opts *SnapshotPurgeOptions) error {
+// PurgeSnapshots removes old snapshots based on criteria
+func (v *Vaultik) PurgeSnapshots(keepLatest bool, olderThan string, force bool) error {
 	// Sync with remote first
 	if err := v.syncWithRemote(); err != nil {
 		return fmt.Errorf("syncing with remote: %w", err)
@@ -621,51 +558,14 @@ func (v *Vaultik) PurgeSnapshotsWithOptions(opts *SnapshotPurgeOptions) error {
 		}
 	}
 
-	// If --name is specified, filter to only snapshots matching that name
-	if opts.Name != "" {
-		filtered := make([]SnapshotInfo, 0, len(snapshots))
-		for _, snap := range snapshots {
-			if parseSnapshotName(snap.ID.String()) == opts.Name {
-				filtered = append(filtered, snap)
-			}
-		}
-		snapshots = filtered
-	}
-
 	// Sort by timestamp (newest first)
 	sort.Slice(snapshots, func(i, j int) bool {
 		return snapshots[i].Timestamp.After(snapshots[j].Timestamp)
 	})
 
-	var toDelete []SnapshotInfo
-
-	if opts.KeepLatest {
-		// Keep the latest snapshot per snapshot name
-		// Group snapshots by name, then mark all but the newest in each group
-		latestByName := make(map[string]bool) // tracks whether we've seen the latest for each name
-		for _, snap := range snapshots {
-			name := parseSnapshotName(snap.ID.String())
-			if latestByName[name] {
-				// Already kept the latest for this name — delete this one
-				toDelete = append(toDelete, snap)
-			} else {
-				// This is the latest (sorted newest-first) — keep it
-				latestByName[name] = true
-			}
-		}
-	} else if opts.OlderThan != "" {
-		// Parse duration
-		duration, err := parseDuration(opts.OlderThan)
-		if err != nil {
-			return fmt.Errorf("invalid duration: %w", err)
-		}
-
-		cutoff := time.Now().UTC().Add(-duration)
-		for _, snap := range snapshots {
-			if snap.Timestamp.Before(cutoff) {
-				toDelete = append(toDelete, snap)
-			}
-		}
+	toDelete, err := v.collectSnapshotsToPurge(snapshots, keepLatest, olderThan)
+	if err != nil {
+		return err
 	}
 
 	if len(toDelete) == 0 {
@@ -673,7 +573,37 @@ func (v *Vaultik) PurgeSnapshotsWithOptions(opts *SnapshotPurgeOptions) error {
 		return nil
 	}
 
-	return v.confirmAndExecutePurge(toDelete, opts.Force)
+	return v.confirmAndExecutePurge(toDelete, force)
+}
+
+// collectSnapshotsToPurge determines which snapshots to delete based on retention criteria
+func (v *Vaultik) collectSnapshotsToPurge(snapshots []SnapshotInfo, keepLatest bool, olderThan string) ([]SnapshotInfo, error) {
+	if keepLatest {
+		// Keep only the most recent snapshot
+		if len(snapshots) > 1 {
+			return snapshots[1:], nil
+		}
+		return nil, nil
+	}
+
+	if olderThan != "" {
+		// Parse duration
+		duration, err := parseDuration(olderThan)
+		if err != nil {
+			return nil, fmt.Errorf("invalid duration: %w", err)
+		}
+
+		cutoff := time.Now().UTC().Add(-duration)
+		var toDelete []SnapshotInfo
+		for _, snap := range snapshots {
+			if snap.Timestamp.Before(cutoff) {
+				toDelete = append(toDelete, snap)
+			}
+		}
+		return toDelete, nil
+	}
+
+	return nil, nil
 }
 
 // confirmAndExecutePurge shows deletion candidates, confirms with user, and deletes snapshots
@@ -871,6 +801,23 @@ func (v *Vaultik) outputVerifyJSON(result *VerifyResult) error {
 
 // Helper methods that were previously on SnapshotApp
 
+func (v *Vaultik) getManifestSize(snapshotID string) (int64, error) {
+	manifestPath := fmt.Sprintf("metadata/%s/manifest.json.zst", snapshotID)
+
+	reader, err := v.Storage.Get(v.ctx, manifestPath)
+	if err != nil {
+		return 0, fmt.Errorf("downloading manifest: %w", err)
+	}
+	defer func() { _ = reader.Close() }()
+
+	manifest, err := snapshot.DecodeManifest(reader)
+	if err != nil {
+		return 0, fmt.Errorf("decoding manifest: %w", err)
+	}
+
+	return manifest.TotalCompressedSize, nil
+}
+
 func (v *Vaultik) downloadManifest(snapshotID string) (*snapshot.Manifest, error) {
 	manifestPath := fmt.Sprintf("metadata/%s/manifest.json.zst", snapshotID)
 
@@ -925,7 +872,7 @@ func (v *Vaultik) syncWithRemote() error {
 		snapshotIDStr := snapshot.ID.String()
 		if !remoteSnapshots[snapshotIDStr] {
 			log.Info("Removing local snapshot not found in remote", "snapshot_id", snapshot.ID)
-			if err := v.deleteSnapshotFromLocalDB(snapshotIDStr); err != nil {
+			if err := v.Repositories.Snapshots.Delete(v.ctx, snapshotIDStr); err != nil {
 				log.Error("Failed to delete local snapshot", "snapshot_id", snapshot.ID, "error", err)
 			} else {
 				removedCount++
@@ -1054,7 +1001,6 @@ func (v *Vaultik) listAllRemoteSnapshotIDs() ([]string, error) {
 	log.Info("Listing all snapshots")
 	objectCh := v.Storage.ListStream(v.ctx, "metadata/")
 
-	seen := make(map[string]bool)
 	var snapshotIDs []string
 	for object := range objectCh {
 		if object.Err != nil {
@@ -1069,8 +1015,14 @@ func (v *Vaultik) listAllRemoteSnapshotIDs() ([]string, error) {
 			}
 			if strings.HasSuffix(object.Key, "/") || strings.Contains(object.Key, "/manifest.json.zst") {
 				sid := parts[1]
-				if !seen[sid] {
-					seen[sid] = true
+				found := false
+				for _, id := range snapshotIDs {
+					if id == sid {
+						found = true
+						break
+					}
+				}
+				if !found {
 					snapshotIDs = append(snapshotIDs, sid)
 				}
 			}