Hybrid-signed, parity-hardened archives for real backups.
TX streams your data through Zstandard, slices it into fixed blocks, and adds Reed–Solomon parity. Archives survive missing or corrupted shards without re-running the pack job.
Every manifest and shard carries both Ed25519 and Dilithium signatures. A trust store gates tx pack, tx verify, and tx unpack, so unsigned data never lands in production.
The manifest tracks [startShard, endShard, shardOffset, length] for every file. tx unpack --path foo/bar only fetches the shards it needs—perfect for remote or cold storage restores.
A per-shard journal records “written → compressed → parity → uploaded” so tx pack --resume avoids redoing work after interruptions.
JSONL telemetry feeds dashboards while tx stats --json reports shard sizes, parity ratios, signature coverage, and padding, making capacity planning trivial.
An included Python battery mutates archives (hash swaps, trust-store tampering, parity exhaustion, inventory corruption) to ensure tx verify screams before data is touched.
# build
make build
# pack a directory
./bin/tx pack /srv/data backups/home.tx
# verify with your trust store
./bin/tx verify --trust-store ~/.config/tx/trusted_keys.json backups/home.tx
# selective restore
./bin/tx unpack --path photos/2024 backups/home.tx ./restore
Generate keys once via tx gen-key (writes both Ed25519 and Dilithium).
Add public keys to your trust store with tx trust --add,
then sign every archive with
tx pack --sign-key ... --sign-dilithium-key ... --trust-store ....
scripts/aggressive_test.py --tx ./bin/tx --loops 5 --shuffle --seed 1337
It mutates manifests, shards, trust stores, and inventory metadata to ensure
both tx verify and selective tx unpack fail fast.