fe68752cc7
Harden fs auth and storage for a trustless-server model: proof-only hello, opaque tagged bucket metadata, safer connection logging, and inbox UI without raw ids. Add demo/test_demo_privacy_guardrails.py and README notes. Stop tracking demo __pycache__ and fs_data artifacts. Co-authored-by: Cursor <cursoragent@cursor.com>
ZKAC File-Share Demo
This folder contains only the self-contained Textual file-share demo.
Files
demo/file_share_server.py: headless opaque server (registry mgmt + file-share channel).demo/file_share_client.py: upload/download + role-mask utilities.demo/file_share_credentials.py: P2P credential grant helper.demo/file_share_tui.py: Textual UI.demo/zkac_cli_adapter.py: subprocess bridge tozkac-node.demo/file_share_smoke.py: end-to-end smoke test.demo/test_demo_privacy_guardrails.py: pytest privacy regressions for the demo.
Run
uv sync --extra demo
uv run python demo/file_share_server.py --port 9879
uv run python demo/file_share_tui.py
The demo uses ZKAC_HOME=~/.ZKAC-FS by default, so it stays isolated from other
local ZKAC usage.
UI Flow
LoginConnect(reuses pinned server key when available)Select Bucket(list owned + permitted buckets, or create new)Permissions(edit per-role bitmask)Share PermissionsListen(optional port; blank means random)Inbox
c copies the latest generated contact bundle to clipboard.
Verify
uv run python demo/file_share_smoke.py
pytest demo/test_demo_privacy_guardrails.py
Future Work
- Further reduce at-rest metadata by removing persisted raw role-id indexes used for proof candidate discovery after restart, while preserving reliable auth recovery semantics.