Database & Schema
Nest uses PostgreSQL with Drizzle ORM for its persistence layer. The schema is meticulously designed to balance relational querying speed with absolute zero-knowledge privacy.
Core Schema Definitions
usersIdentity & BillingHandles authentication state and storage quotas. Passwords are never stored here.
| Column | Type | Purpose |
|---|---|---|
| id | serial | Primary Key |
| varchar | Unique login identifier | |
| auth_hash | varchar | Bcrypt hash of the client-derived AuthHash |
| storage_quota_bytes | bigint | Maximum bytes allowed based on billing tier |
user_cryptoZK CoreStores the pre-derivation salts and the encrypted master keys required to bootstrap a zero-knowledge session.
| Column | Type | Purpose |
|---|---|---|
| user_id | integer | Foreign Key to `users.id` |
| salt | text | Base64 random bytes for Argon2id |
| encrypted_master_key | text | XChaCha20 ciphertext of the Master Key |
| encrypted_metadata | text | Encrypted JSON blob containing folder/file names |
filesCloud PointersStores pointers to the distributed storage network. Does NOT store filenames.
| Column | Type | Purpose |
|---|---|---|
| id | serial | Primary Key |
| user_id | integer | Owner of the file |
| jackal_fid | varchar | File ID on the Obsideo Storage Network (Note: Database column retains legacy name `jackal_fid`) |
| encrypted_file_key | text | Wrapped key needed to decrypt the file blob |
| file_size | bigint | Size in bytes (used for quota calculations) |
The Graveyard Protocol
To support secure deletion and enterprise auditing, Nest utilizes a specialized "Graveyard" schema (graveyard and graveyard_chunks). When a user permanently deletes a file, its metadata is moved from the active files table to the graveyard. This preserves historical records of storage network IDs without cluttering the active filesystem indices or exposing metadata to the client.