sneak/vaultik
1
0
Fork 0
Code Issues 20 Pull Requests 3 Actions Packages Projects Releases Wiki Activity

find bugs or incomplete functionality for 1.0 #1

New Issue
Open
opened 2026-02-08 17:13:36 +01:00 by sneak · 1 comment
sneak commented 2026-02-08 17:13:36 +01:00
Owner
Copy Link

please identify bugs or missing functionality for a 1.0 release. create one issue per item.

please identify bugs or missing functionality for a 1.0 release. create one issue per item.
clawbot was assigned by sneak 2026-02-08 17:13:36 +01:00
clawbot commented 2026-02-08 17:17:10 +01:00
Collaborator
Copy Link

Code Review: Issues Filed for 1.0 Release

I reviewed the vaultik codebase and created the following issues:

Unimplemented Features

  • #2 — Shallow verify deep mode is a TODO stub (note: RunDeepVerify in verify.go IS implemented, but the old code path in VerifySnapshotWithOptions still has the stub)
  • #3 — Daemon mode not implemented
  • #4--prune flag on snapshot create is a TODO

Bugs / Data Safety

  • #5 — Restore: downloaded blob hash is not verified after download
  • #6deleteSnapshotFromLocalDB silently ignores all errors (always returns nil)
  • #10syncWithRemote deletes snapshot records without cleaning up snapshot_files/snapshot_blobs/uploads
  • #15ListSnapshots has destructive side effect: deletes local snapshots not in remote
  • #18uploads table FK on snapshot_id lacks ON DELETE CASCADE
  • #19snapshot_files FK on file_id and snapshot_blobs FK on blob_id lack ON DELETE CASCADE
  • #21 — Restore silently continues and reports success when individual files fail

Performance

  • #8ListSnapshots downloads manifests synchronously for every unknown remote snapshot
  • #11 — Restore blobCache grows unboundedly — will OOM with large backups
  • #12RemoveAllSnapshots has O(n²) duplicate detection
  • #16PruneBlobs has same O(n²) duplicate detection

Design / Limitations

  • #7getTableCount uses fmt.Sprintf for SQL table name (injection risk if ever called with user input)
  • #9PurgeSnapshots operates across all snapshot names, no per-name filtering
  • #13 — Manifest is unencrypted — leaks blob count and sizes
  • #14 — ctime platform differences should be documented
  • #17 — No database migration support — schema changes require full re-backup
  • #20 — Restore has no progress bar

Total: 20 issues filed (#2 through #21).

## Code Review: Issues Filed for 1.0 Release I reviewed the vaultik codebase and created the following issues: ### Unimplemented Features - #2 — Shallow verify deep mode is a TODO stub (note: `RunDeepVerify` in verify.go IS implemented, but the old code path in `VerifySnapshotWithOptions` still has the stub) - #3 — Daemon mode not implemented - #4 — `--prune` flag on snapshot create is a TODO ### Bugs / Data Safety - #5 — Restore: downloaded blob hash is not verified after download - #6 — `deleteSnapshotFromLocalDB` silently ignores all errors (always returns nil) - #10 — `syncWithRemote` deletes snapshot records without cleaning up `snapshot_files`/`snapshot_blobs`/`uploads` - #15 — `ListSnapshots` has destructive side effect: deletes local snapshots not in remote - #18 — `uploads` table FK on `snapshot_id` lacks `ON DELETE CASCADE` - #19 — `snapshot_files` FK on `file_id` and `snapshot_blobs` FK on `blob_id` lack `ON DELETE CASCADE` - #21 — Restore silently continues and reports success when individual files fail ### Performance - #8 — `ListSnapshots` downloads manifests synchronously for every unknown remote snapshot - #11 — Restore `blobCache` grows unboundedly — will OOM with large backups - #12 — `RemoveAllSnapshots` has O(n²) duplicate detection - #16 — `PruneBlobs` has same O(n²) duplicate detection ### Design / Limitations - #7 — `getTableCount` uses `fmt.Sprintf` for SQL table name (injection risk if ever called with user input) - #9 — `PurgeSnapshots` operates across all snapshot names, no per-name filtering - #13 — Manifest is unencrypted — leaks blob count and sizes - #14 — ctime platform differences should be documented - #17 — No database migration support — schema changes require full re-backup - #20 — Restore has no progress bar Total: **20 issues** filed (#2 through #21).
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
No items
No Label
Milestone
Clear milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
No Assignees
clawbot
2 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: sneak/vaultik#1
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?