Project Name: Vup Vault - Personal Backup, Sync & Archive with indexd
Name of the organization or individual submitting the proposal: redsolver
Duration: 5 months
Introduction
Describe your project
Vup Vault is a personal backup, sync, and archive tool built on S5 and powered by Sia’s indexd. This grant revitalizes the Vup ecosystem with a modern CLI and refreshed Vup Web interface, building on the completed s5-rs foundation.
Vup Vault enables users to:
-
Index their devices into a unified FS5 filesystem
-
Back up selected directories to Sia (via indexd) or any S5-compatible storage
-
Sync between multiple devices, even when not simultaneously online
-
Share files and folders via secure links (native apps or web with client-side E2EE)
The core technical deliverable is s5_store_indexd, a new S5 storage backend that integrates with the indexd SDK (sia-sdk-rs). This unlocks Sia storage for all S5-based applications without requiring users to run renterd - eliminating the infrastructure complexity that has been a major barrier to adoption.
A key goal of this grant is to polish the user experience. While s5-rs provides powerful low-level primitives, it requires technical knowledge to use effectively. Vup Vault wraps these capabilities in an intuitive CLI inspired by tools like restic and rclone, making common backup and sync workflows accessible to power users and developers. Building a solid Rust core also enables future expansion: a cross-platform desktop UI (via Tauri) could be added in a follow-up grant, bringing the same capabilities to less technical users.
What makes this different from restic/borg/Arq?
Unlike traditional backup tools that support only a single backend per repository, Vup Vault uses multiple backends simultaneously (local cache + Sia + others). It natively supports multi-device sync via FS5 snapshots, lets you share files from backups with E2EE links, and provides web browsing through Vup Web. Common use cases include syncing photos across devices (a frequently requested feature in the Sia community), backing up documents, and archiving media libraries.
Example backup usage:
# Interactive flow for configuring and authenticating with an indexd backend (alternative: edit config.toml)
vup config
# Add directories to the vault (tracked for backup and sync)
vup add ~/Documents ~/Photos
# Create a backup snapshot of all added files
vup backup --target sia # name of the configured indexd backend
# Create a backup snapshot of a specific path (once) to all configured stores
vup backup --path ~/Music
# Share a file or folder (generates E2EE link)
vup share ~/Music/favorites
# https://vup.app/s/...#key=...
# Browse backups locally via FUSE mount
vup mount /mnt/backup
# Check vault status
vup status
Technical approach:
Vup Vault is built on three layers:
-
vup CLI: User-facing commands with progress reporting, resume support, and watch mode.
-
s5_fs (FS5): The encrypted filesystem layer. All data is encrypted client-side before leaving this layer. FS5 provides content-addressed storage, deduplication, and snapshots.
-
Storage backends: FS5 writes to multiple stores simultaneously: a local cache for fast access, plus remote stores (indexd, S3, etc.) for durability. The primary deliverable is
s5_store_indexd, a new crate implementing the S5 Store trait using sia-sdk-rs.
Multi-device sync:
FS5 snapshots are Merkle trees of encrypted metadata, lightweight (a few KB) regardless of how many files they reference. File blobs are fetched on-demand. Because every snapshot is versioned, Vup Vault provides both sync (latest state across devices) and backup (point-in-time recovery) from a single unified model.
Realtime sync (existing): When devices are online together, Iroh P2P connects them directly via push_snapshot/pull_snapshot.
Async sync (this grant): When devices are online at different times, they use a remote store as an E2EE relay. Device A pushes its encrypted snapshot to the relay, then Device B pulls and merges when it comes online. The relay only sees encrypted blobs.
Who benefits from your project?
-
End users: Simple backup with web access, multi-device sync, and secure sharing
-
S5 developers:
s5_store_indexdenables any S5 app to use Sia via indexd -
Sia ecosystem: A backup tool demonstrating indexd’s real-world utility
-
Privacy-conscious users: Full E2EE with user-controlled keys
How does the project serve the Foundation’s mission of user-owned data?
Vup Vault embodies user-owned data: you own your keys (client-side encryption), your storage (Sia’s decentralized network), your access (browse backups from anywhere), and your sharing (no third-party services). No vendor lock-in with standard S5/FS5 formats.
The indexd integration advances Foundation goals by providing a reference implementation for indexd + S5 integration that other developers can learn from.
Jurisdiction Compliance
- Are you a resident of any jurisdiction on that list? No
- Will your payment bank account be located in any jurisdiction on that list? No
Grant Specifics
Amount of money requested and justification with a comprehensive breakdown of expenses
Total Amount Requested: $44,500 USD
| Category | Amount | Description |
|---|---|---|
| Developer fees | $40,000 | Full-time development for 5 months |
| UI/UX design | $3,000 | Vup Web: mobile-responsive layout, icon system, modal dialogs, onboarding wizard |
| Infrastructure | $1,500 | Public Iroh relays for improved P2P connectivity and browser support ($1,000), public S5 nodes for bootstrap and registry sync ($500) |
Same EUR-equivalent rate as my previous S5 grant. Builds on substantial prior work (s5-rs v1.0 complete).
Timeline with measurable objectives and goals
Total Duration: 5 months
Milestone Strategy: Milestones 1-3 are indexd-independent, allowing productive work regardless of indexd public availability timing. Milestone 4 is then focused on completing the indexd integration, but if it’s available earlier it will of course be tested and added as soon as possible.
Milestone 1: FS5 Enhancements & CLI Foundation (Month 1)
Due: 2026-02-25 (No indexd dependency)
| Task | Deliverable |
|---|---|
| Add zstd compression to blob import pipeline | BlobStore::import_with_compression() in s5_core |
Extend DirV1 with backup metadata fields |
Track backup state, last backup time, tags per directory |
Implement vup CLI scaffold with clap |
vup config, vup add, vup status commands |
| Config file format and storage | ~/.config/vup/config.toml with vault state |
Validation: E2E test that creates a vault, adds directories, and verifies config persistence. Compression test showing >30% size reduction on mixed file corpus.
Milestone 2: Backup & Restore (Month 2)
Due: 2026-03-25 (No indexd dependency)
| Task | Deliverable |
|---|---|
vup backup command |
Scan added dirs, create FS5 snapshot, upload to configured store. Supports --target <store> to select backend and --path <dir> for one-off backups |
vup snapshots command |
List snapshots with metadata (date, paths, size) |
vup restore command |
Restore full snapshot or filtered subset to target path |
| Progress reporting with indicatif | Upload/download progress bars, ETA, throughput |
| Resume support for interrupted backups | Track uploaded blobs, skip already-uploaded on retry |
Validation: E2E test: backup 1000 files, interrupt mid-backup, resume, restore to new location, verify SHA256 of all files match originals. Works with LocalStore and S3Store.
Milestone 3: Multi-Device Sync & Sharing (Month 3)
Due: 2026-04-25 (Works with any S5 store as relay)
| Task | Deliverable |
|---|---|
vup sync push/pull commands |
Wrap existing push_snapshot/pull_snapshot with UX |
| Async relay mode via remote store | Configure remote S5 store as sync relay (not just Iroh P2P) |
vup share command |
Generate FS5 share links with embedded encryption key |
vup mount command |
FUSE mount for browsing snapshots (uses existing s5_fuse) |
--watch flag for vup add |
inotify/FSEvents watcher, debounced auto-backup |
Validation: E2E test modeled on existing fs_sync_complete test: Device A creates files, pushes to relay store, Device A goes offline, Device B pulls and verifies data matches. FUSE mount displays correct directory structure. Share link opens correctly in Vup Web.
Milestone 4: s5_store_indexd Integration (Month 4)
Due: 2026-05-25
| Task | Deliverable |
|---|---|
Implement S5 Store trait for indexd |
s5_store_indexd crate implementing all 11 trait methods |
| Map S5 blob paths to indexd Object keys | Consistent key derivation from content hash |
| App registration flow | Browser-based OAuth, store credentials in OS keychain |
BlobLocation::IndexdObject variant |
Enable direct RHP4 downloads from Sia hosts |
Validation: E2E test: full backup/restore cycle using indexd backend against Foundation indexd nodes.
Milestone 5: Polish, Daemon & Release (Month 5)
Due: 2026-06-25
| Task | Deliverable |
|---|---|
Background daemon (vupd) |
Systemd/launchd service, socket for CLI |
| Scheduled backups | Cron-like schedule in config, daemon executes |
| Performance optimization | Faster blob uploads, improved streaming |
| Vup Web improvements | Mobile-responsive layout, icon system for files/actions, modal dialogs replacing browser prompts, first-run onboarding wizard for indexd |
| Comprehensive documentation | User guide, architecture docs |
| Publish crates | s5_store_indexd, updated s5_fs, vup on crates.io |
Validation: E2E test: daemon watches directory, file created, backup triggered automatically within 30s, sync to second device succeeds. A new user can set up a vault following the docs in <15 minutes.
High-level architecture overview and security best practices
Components:
vupCLI /vupddaemon (Rust) - user-facing tools- s5_fs (FS5) - E2EE filesystem with snapshots, sharding, GC
- s5_store_indexd - new Store implementation using sia-sdk-rs
- Iroh - P2P sync when devices are online together
- Existing stores - LocalStore, S3Store, SiaStore (renterd) for fallback/testing
Security practices:
- E2EE: All data encrypted client-side (XChaCha20-Poly1305) before leaving the device
- Minimal Trust: indexd stores only encrypted blobs; cannot access plaintext
- Secure sharing: Encryption keys embedded in URL fragment (not sent to server)
- Credentials: indexd app keys stored in OS keychain (keyring crate); never in config files
- Memory safety: Rust; minimal dependencies; regular
cargo audit - Verification: Every blob verified against Blake3 hash on download
Potential risks that will affect the outcome of the project
| Risk | Mitigation |
|---|---|
| indexd SDK changes during development | Design Store adapter with existing S5 abstraction layer to isolate API changes; M1-M3 are fully functional without indexd |
| File watcher cross-platform issues | Use notify crate (battle-tested); graceful degradation to manual backup on failure |
| Large file handling (>10GB) | Streaming upload/download without full memory load; chunked progress tracking |
| Credential storage across platforms | Use keyring crate with fallback to encrypted config file and warning on unsupported systems |
| User adoption of new CLI patterns | Follow established conventions (restic, rclone); comprehensive --help and examples |
Development Information
Will all of your project’s code be open-source?
Yes, libraries and protocol dual-licensed under MIT+Apache and user-facing apps under EUPL.
Leave a link where code will be accessible for review
- s5_store_indexd & vup: GitHub - s5-dev/s5-rs (new crates in monorepo)
- Documentation: https://docs.s5.pro
Do you agree to submit monthly progress reports?
Yes, following Foundation format with PR links per task.
Do you agree to designate a point of contact for committee questions and concerns?
Yes, myself (redsolver).
Provide links to previous work or code from all team members
- GitHub - s5-dev/s5-rs (S5 v1.0 - just completed, includes s5_store_sia as reference)
- GitHub - s5-dev/s5.js: TypeScript/JS Library for S5
- GitHub - vup-app/vup-web
- skyfeed-dev · GitHub
- redsolver · GitHub
Have you developed a proof of concept for this idea already?
Yes, the foundation is complete:
- s5-rs v1.0: Full S5 protocol with FS5 (released to crates.io)
- s5_store_sia: Existing renterd backend as reference for Sia internals
- FS5 sync:
push_snapshot/pull_snapshotalready implemented in s5_node fs_sync_completetest: E2E test validating encrypted sync via untrusted relay (214 lines)- Vup Web: Web UI for FS5 browsing exists
Do you agree to participate in a demo at our monthly community call at significant milestones or after the grant’s completion?
Yes.
Contact info
-
Discord: @redsolver
-
Email: [email protected]