ZKAC/demo/README.md

# ZKAC File-Share Demo

This folder contains only the self-contained Textual file-share demo.

## Files

- `demo/file_share_server.py`: headless opaque server (registry mgmt + file-share channel).
- `demo/file_share_client.py`: upload/download + role-mask utilities.
- `demo/file_share_credentials.py`: P2P credential grant helper.
- `demo/file_share_tui.py`: Textual UI.
- `demo/zkac_cli_adapter.py`: subprocess bridge to `zkac-node`.
- `demo/file_share_smoke.py`: end-to-end smoke test.
- `demo/test_demo_privacy_guardrails.py`: pytest privacy regressions for the demo.

## Run

```bash
uv sync --extra demo
uv run python demo/file_share_server.py --port 9879
uv run python demo/file_share_tui.py
```

The demo uses `ZKAC_HOME=~/.ZKAC-FS` by default, so it stays isolated from other
local ZKAC usage.

## UI Flow

- `Login`
- `Connect` (reuses pinned server key when available)
- `Select Bucket` (list owned + permitted buckets, or create new)
- `Permissions` (edit per-role bitmask)
- `Share Permissions`
- `Listen` (optional port; blank means random)
- `Inbox`

`c` copies the latest generated contact bundle to clipboard.

## Verify

```bash
uv run python demo/file_share_smoke.py
pytest demo/test_demo_privacy_guardrails.py
```

## Future Work

- Further reduce at-rest metadata by removing persisted raw role-id indexes used
  for proof candidate discovery after restart, while preserving reliable auth
  recovery semantics.