sgraph-ai-app-send 0.3.0

SGraph-AI__App__Send

SGraph Send

Zero-knowledge encrypted file sharing. The server never sees your files.

send.sgraph.ai | Currently in private beta

---

How It Works

A complete walkthrough of the upload-to-download flow. The server never sees your plaintext, your file name, or your decryption key at any point.

Step 1: Select a file

Drop a file into the upload zone or click to browse. No account required.

Step 2: Encrypt and upload

Your file is shown with its size. Click "Encrypt & Upload" -- encryption happens entirely in your browser using AES-256-GCM before anything leaves your device.

Step 3: Share the link and key separately

After upload, you get two things: a download link and a decryption key, each with its own copy button. The security tip reminds you to share these through different channels. The transparency panel proves what was stored (encrypted file, size) and what was NOT stored (file name, decryption key, raw IP).

Step 4: Recipient opens the download link

The recipient sees the encrypted file metadata and a field to paste the decryption key. The server never sees the key -- it is shared out-of-band between sender and recipient.

Step 5: File decrypted locally

The file is decrypted in the recipient's browser. The transparency panel confirms: file content was encrypted (the server could not read it), the decryption key was NOT stored (only you have it), and the file name was never sent to the server.

Step 6: Original file, intact

The downloaded file is identical to the original. The server only ever had encrypted bytes -- it could not read, modify, or inspect the contents at any point.

---

Why This Exists

Most file sharing services require you to trust the provider with your unencrypted data. SGraph Send takes a different approach: the server is architecturally unable to read what you share.

• No accounts required
• No tracking, no cookies, no local storage
• The server stores only encrypted bytes it cannot decrypt
• IP addresses are hashed with a daily rotating salt — stored as one-way hashes, never in the clear

---

Architecture

Component	Detail
Two Lambda functions	User-facing (transfers, health, static UI) and Admin (tokens, stats)
Endpoints	Lambda Function URLs — direct HTTPS, no API Gateway
Storage	S3 via Memory-FS abstraction (pluggable: memory, disk, S3)
Encryption	Web Crypto API, AES-256-GCM, client-side only
Frontend	IFD Web Components — vanilla JS, zero framework dependencies
Backend	FastAPI + Mangum via osbot-fast-api
Type system	Type_Safe from osbot-utils (no Pydantic)

Three UIs serve different audiences: the user workflow, power user tools, and an admin console.

---

The Agentic Team

This project is built and maintained by a 15-role AI agentic team coordinated through Claude Code, with a human stakeholder (Dinis Cruz) providing direction through written briefs.

Roles: Architect, Dev, QA, DevOps, AppSec, GRC, DPO, Advocate, Sherpa, Ambassador, Journalist, Historian, Cartographer, Librarian, and Conductor.

Each role produces structured review documents, tracks decisions, and operates within defined boundaries. The team's work is fully visible in the repo:

• team/roles/ — all role definitions and review documents
• team/humans/dinis_cruz/briefs/ — stakeholder briefs driving priorities
• .claude/CLAUDE.md — agent guidance, stack rules, and project conventions

---

Key Documents

Document	Path
Project brief	library/docs/_to_process/project - Secure Send Service brief.md
Phase roadmap	library/roadmap/phases/v0.1.1__phase-overview.md
Agent guidance	.claude/CLAUDE.md
Development guides	library/guides/
Issue tracking	.issues/

---

Project Structure

sgraph_ai_app_send/              # Application code
  lambda__admin/                 # Admin Lambda (FastAPI + Mangum)
  lambda__user/                  # User Lambda (FastAPI + Mangum)

sgraph_ai_app_send__ui__admin/   # Admin UI (static assets)
sgraph_ai_app_send__ui__user/    # User UI (static assets)

tests/unit/                      # Tests (no mocks, real in-memory stack)

.issues/                         # File-based issue tracking
library/                         # Specs, guides, roadmap, dependencies
team/                            # Agentic team roles, reviews, briefs

---

Development

Requires Python 3.12.

# Install dependencies
poetry install

# Run tests
poetry run pytest tests/unit/ -v

All tests use real implementations with an in-memory storage backend. No mocks, no patches. The full stack starts in under 3 seconds.

---

Stack

Layer	Technology
Runtime	Python 3.12 / arm64
Web framework	FastAPI via osbot-fast-api / osbot-fast-api-serverless
Lambda adapter	Mangum
Storage	Memory-FS (pluggable: memory, disk, S3)
AWS operations	osbot-aws
Type system	Type_Safe (osbot-utils)
Frontend	Vanilla JS + Web Components (IFD)
Encryption	Web Crypto API (AES-256-GCM)
Testing	pytest, in-memory stack, no mocks
CI/CD	GitHub Actions (test, tag, deploy)

---

Status

v0.2.21 — S3 persistent storage live. End-to-end encryption working. CI/CD pipeline deploying automatically. 56 tests passing. Private beta phase.

---

License

Apache 2.0