1.3 KiB
1.3 KiB
| id | title | status | assignee | created_date | labels | dependencies | priority | ||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| task-020 | Implement Google Data Sovereignty (Local-First Encrypted Storage) | To Do | 2025-12-04 12:32 |
|
high |
Description
Implement secure, local-first storage for Google Workspace data (Gmail, Drive, Photos, Calendar) with client-side encryption, selective sharing to canvas boards, and optional R2 encrypted backup. See docs/GOOGLE_DATA_SOVEREIGNTY.md for full architecture.
Acceptance Criteria
- #1 IndexedDB schema created for encrypted Google data
- #2 Key derivation from existing WebCrypto auth keys
- #3 Google OAuth 2.0 with PKCE implemented
- #4 Gmail messages can be imported and encrypted locally
- #5 Drive documents can be imported and encrypted locally
- #6 Photos thumbnails can be imported and encrypted locally
- #7 Calendar events can be imported and encrypted locally
- #8 Data can be selectively shared to canvas board (Automerge sync)
- #9 Encrypted R2 backup and restore working
- #10 Safari 7-day eviction mitigations in place
- #11 Storage quota warnings implemented