36 lines
1.3 KiB
Markdown
36 lines
1.3 KiB
Markdown
---
|
|
id: task-020
|
|
title: Implement Google Data Sovereignty (Local-First Encrypted Storage)
|
|
status: To Do
|
|
assignee: []
|
|
created_date: '2025-12-04 12:32'
|
|
labels:
|
|
- feature
|
|
- security
|
|
- google-integration
|
|
- offline-storage
|
|
dependencies: []
|
|
priority: high
|
|
---
|
|
|
|
## Description
|
|
|
|
<!-- SECTION:DESCRIPTION:BEGIN -->
|
|
Implement secure, local-first storage for Google Workspace data (Gmail, Drive, Photos, Calendar) with client-side encryption, selective sharing to canvas boards, and optional R2 encrypted backup. See docs/GOOGLE_DATA_SOVEREIGNTY.md for full architecture.
|
|
<!-- SECTION:DESCRIPTION:END -->
|
|
|
|
## Acceptance Criteria
|
|
<!-- AC:BEGIN -->
|
|
- [ ] #1 IndexedDB schema created for encrypted Google data
|
|
- [ ] #2 Key derivation from existing WebCrypto auth keys
|
|
- [ ] #3 Google OAuth 2.0 with PKCE implemented
|
|
- [ ] #4 Gmail messages can be imported and encrypted locally
|
|
- [ ] #5 Drive documents can be imported and encrypted locally
|
|
- [ ] #6 Photos thumbnails can be imported and encrypted locally
|
|
- [ ] #7 Calendar events can be imported and encrypted locally
|
|
- [ ] #8 Data can be selectively shared to canvas board (Automerge sync)
|
|
- [ ] #9 Encrypted R2 backup and restore working
|
|
- [ ] #10 Safari 7-day eviction mitigations in place
|
|
- [ ] #11 Storage quota warnings implemented
|
|
<!-- AC:END -->
|