@harry-kp/vortix 0.2.2 → 0.3.0

package/CHANGELOG.md

@@ -2,322 +2,52 @@
 
 All notable changes to this project will be documented in this file.
 
-The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
-and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
+## [0.3.0] - 2026-05-24
 
-## [Unreleased]
+### Architecture
 
-## [0.2.2] - 2026-04-23
-
-### Miscellaneous
-
-- Update Cargo.lock dependencies
-
-
-
-## [0.2.1] - 2026-04-04
-
-### Fixed
-
-- Detect missing `resolvconf` before WireGuard connect on Linux ([#186](https://github.com/Harry-kp/vortix/issues/186), [#187](https://github.com/Harry-kp/vortix/pull/187)) — Vortix now shows clear install instructions instead of cryptic wg-quick errors when DNS is configured but resolvconf isn't available on Arch/Fedora
-- Add CLI dependency check to catch missing tools before connection attempts
-
-### Documentation
-
-- Add comprehensive Arch Linux troubleshooting FAQ and distribution-specific guidance in README
-- Add WireGuard configuration guide explaining AllowedIPs, cloud provider limitations, and routing best practices
-- Add quick error reference table for common connection issues
-
-
-
-## [0.2.0] - 2026-03-31
+- **Cargo workspace split.** Codebase restructured into 12 internal crates under `crates/` (vortix-core, vortix-process, vortix-config, vortix-platform-{linux,macos,windows}, vortix-protocol-{wireguard,openvpn}, xtask). Single published binary remains `vortix`.
+- **Capability ports.** 7 trait-based ports (Tunnel, Killswitch, DNS, Interface, NetworkStats, RouteTable, CommandRunner) in `vortix-core` with per-OS implementations behind them. Adding new protocols or platforms is now mechanical.
+- **Engine FSM.** Internal connection state is now a typed 5-variant state machine (`Disconnected`, `Connecting`, `Connected`, `Disconnecting`, `AwaitingUserInput`) with compile-time transition enforcement.
+- **CI boundary lints.** Three `cargo xtask` lints enforce that `Command::new` only appears in `vortix-process`, `cfg(target_os)` only in platform crates, and protocol strings only in protocol crates.
 
 ### Added
 
-- Add a CLI-first headless mode with structured JSON output for scripting, automation, and AI-agent workflows, including `vortix status` for scriptable connection and kill-switch visibility ([#156](https://github.com/Harry-kp/vortix/issues/156), [#176](https://github.com/Harry-kp/vortix/pull/176)).
-- Add the new flip-panel dashboard interaction with animated card transitions ([#165](https://github.com/Harry-kp/vortix/pull/165)).
-
-### Changed
-
-- VPN sessions can now keep running after the TUI or CLI exits, so leaving the interface no longer tears down an active connection unexpectedly ([#155](https://github.com/Harry-kp/vortix/issues/155), [#176](https://github.com/Harry-kp/vortix/pull/176)).
-- Make `vortix down` wait for the OpenVPN daemon to fully exit before reporting success ([#176](https://github.com/Harry-kp/vortix/pull/176)).
+- **Session journal.** Every session writes a JSONL event log to `${XDG_DATA_HOME}/vortix/sessions/*.jsonl` with 30-day / 30-file retention. Path surfaced via `vortix info`.
+- **`vortix secrets {set,get,delete}`** -- Layered secret store backed by OS keyring (Keychain / Secret Service) with AES-256-GCM + argon2id on-disk fallback. Opt-in; existing `.auth` files keep working.
+- **`vortix audit`** -- Per-process socket snapshot for VPN leak detection. `--pid <N>` filters to one process, `--vpn-only` to tunnel sockets, `--json` for structured output. Linux (`/proc/net`) + macOS (`lsof`) implementations.
+- **`vortix daemon`** -- IPC server skeleton with Unix socket (mode 0600) and length-prefixed JSON framing. Engine routing through daemon completes in v0.3.x.
+- **`vortix show --raw --inline-secrets`** -- Streams profile config to stdout with stored credentials appended as `# vortix-secret:<base64>` trailing comment.
+- **CI integration tests.** Privileged Docker container with network namespaces running real `wg-quick` + killswitch engage/release end-to-end.
+- **`settings.toml`** -- Figment-layered config (defaults -> system -> user -> env). Not required; runtime defaults match v0.2.x behavior.
+- **JSON `schema_version`.** Every `--json` envelope now includes `"schema_version": 1`.
+- **Windows stub crate.** `vortix-platform-windows` compiles on Windows; every port returns `PlatformUnsupported`.
+- **Startup orphan scan.** Warn-only detection of leftover `wg-quick`/`openvpn` processes from previous runs.
+- **Cold-start performance test.** CI ceiling on `vortix --version` startup time.
 
 ### Fixed
 
-- Remove the stale quit confirmation now that active connections can continue independently of the UI process ([#179](https://github.com/Harry-kp/vortix/issues/179), [#182](https://github.com/Harry-kp/vortix/pull/182)).
-- Fix help overlay scrolling edge cases, including opening before the first resize and clamping scroll correctly after keyboard and mouse input ([#180](https://github.com/Harry-kp/vortix/issues/180), [#182](https://github.com/Harry-kp/vortix/pull/182)).
-- Harden CLI lifecycle handling around disconnect flow, error paths, and config isolation ([#176](https://github.com/Harry-kp/vortix/pull/176)).
-
-### Documentation
-
-- Clarify current Linux support expectations and improve Linux bug-reporting guidance for distro-specific issues ([#185](https://github.com/Harry-kp/vortix/pull/185)).
-
-### CI
-
-- Add Fedora 41 CI coverage for `cargo check`, `cargo clippy`, `cargo test`, and `cargo doc`, including unprivileged test execution for Linux-specific validation ([#160](https://github.com/Harry-kp/vortix/issues/160), [#183](https://github.com/Harry-kp/vortix/pull/183)).
-
-
-
-## [0.1.8] - 2026-03-19
-
-### Features
-
-- Add centralized theming system — all colors now flow through `theme.rs`, replacing hardcoded `Color::Rgb` across 13 UI files ([#109](https://github.com/Harry-kp/vortix/issues/109), [#147](https://github.com/Harry-kp/vortix/issues/147))
-- Add mouse click-to-select for profiles in the sidebar ([#139](https://github.com/Harry-kp/vortix/issues/139))
-- Add Wayland clipboard support via `wl-copy`, with `xclip`/`xsel` fallback on X11 ([#107](https://github.com/Harry-kp/vortix/issues/107))
-- Add word-wrapped log messages with accurate scroll using `Paragraph::line_count()` — long OpenVPN errors no longer truncate
-
-### Bug Fixes
-
-- Fix OpenVPN error messages not shown in UI — vortix now reads the daemon log file when stderr is empty due to `--daemon --log` ([#154](https://github.com/Harry-kp/vortix/issues/154))
-- Fix footer truncating Help and Quit hints first on narrow terminals — critical hints now have priority, with unicode-aware width calculation ([#134](https://github.com/Harry-kp/vortix/issues/134))
-- Fix cursor style inconsistent across overlays — all text fields now use the same blinking block cursor ([#135](https://github.com/Harry-kp/vortix/issues/135))
-- Fix URL import leaving temp files behind in system temp directory ([#136](https://github.com/Harry-kp/vortix/issues/136))
-- Fix race condition where temp file could be deleted before import completes on TUI URL import
-- Fix clipboard copy reporting success without checking the tool's exit status
-- Fix toast messages logged at wrong severity level (e.g., connection failures logged as INFO instead of ERROR)
-
-### Refactor
-
-- Generalize `centered_rect` helper to support both percentage-based and fixed-size centering, removing duplicate code ([#123](https://github.com/Harry-kp/vortix/issues/123))
-- Eliminate per-frame `String` allocations in footer hint rendering
-
-### Testing
-
-- Add unit tests for rename-profile path traversal validation with rejection assertions ([#137](https://github.com/Harry-kp/vortix/issues/137))
-- Add unit tests for `cleanup_temp_download`, footer hint width calculations, `centered_rect` variants, and theme alias consistency
-
-### Miscellaneous
-
-- **deps:** Bump the rust-minor group with 2 updates ([#152](https://github.com/Harry-kp/vortix/pull/152))
-
-
-
-## [0.1.7] - 2026-03-11
-
-### Bug Fixes
-
-- Fix Escape/CloseOverlay resetting zoomed panel back to normal layout ([#105](https://github.com/Harry-kp/vortix/issues/105))
-- Fix sidebar "Reconnect" action disconnecting instead of reconnecting the selected profile ([#106](https://github.com/Harry-kp/vortix/issues/106), [#145](https://github.com/Harry-kp/vortix/issues/145))
-- Fix exponential backoff overflow causing infinite retry delays at high attempt counts ([#110](https://github.com/Harry-kp/vortix/issues/110))
-- Fix renaming a profile breaking reconnect by not updating `last_connected_profile` ([#111](https://github.com/Harry-kp/vortix/issues/111))
-- Fix deleting a profile during Connecting or Disconnecting state causing state corruption ([#112](https://github.com/Harry-kp/vortix/issues/112))
-- Fix "IP unchanged" warning flooding logs every telemetry poll cycle while connected ([#113](https://github.com/Harry-kp/vortix/issues/113))
-- Fix 0ms latency falsely showing EXCELLENT quality instead of UNKNOWN ([#146](https://github.com/Harry-kp/vortix/issues/146))
-
-### Features
-
-- Add `ConnectSelected` action: sidebar `r` key now connects the highlighted profile rather than the last-used one
-- Add `Unknown` quality state when no metrics have arrived yet, displayed as "─────" in header and "UNKNOWN" in details
-- Include latency in connection quality scoring (Poor ≥ 300ms, Fair ≥ 100ms)
-- Cap retry backoff at configurable `connect_retry_max_delay_secs` (default 300s)
-
-### Documentation
-
-- Rewrite ROADMAP as a product journey with themed releases and user stories
-
-### Miscellaneous
-
-- **deps:** Bump the rust-minor group with 3 updates ([#149](https://github.com/Harry-kp/vortix/pull/149))
-
-
-
-## [0.1.6] - 2026-03-08
-
-### Bug Fixes
-
-- Fix `pkill openvpn` killing all system OpenVPN processes instead of only Vortix-managed ones ([#95](https://github.com/Harry-kp/vortix/issues/95))
-- Fix kill switch state file written to world-readable `/tmp/` ([#96](https://github.com/Harry-kp/vortix/issues/96))
-- Fix kill switch displaying "Blocking" without root, giving a false sense of security ([#97](https://github.com/Harry-kp/vortix/issues/97))
-- Fix Unicode text input causing panic in text field handlers ([#98](https://github.com/Harry-kp/vortix/issues/98))
-- Add `Drop` impl on `App` to clean up kill switch rules and VPN processes on panic ([#99](https://github.com/Harry-kp/vortix/issues/99))
-- Fix disconnect failure leaving app in "Disconnected" state while VPN process may still be running ([#100](https://github.com/Harry-kp/vortix/issues/100))
-- Fix spurious "VPN dropped" auto-reconnect triggered by force-kill
-- Fix config viewer overlay not loading file contents on open
-- Fix minimum terminal size check causing blank screen on small terminals
-- Fix search and rename cursor position on multi-byte UTF-8 input
-- Fix mouse events passing through overlays to background panels
-- Fix help overlay not being scrollable
-- Fix ISP and location text truncated too aggressively on narrow terminals ([#104](https://github.com/Harry-kp/vortix/issues/104))
-- Fix connection details panel mostly empty when disconnected ([#102](https://github.com/Harry-kp/vortix/issues/102))
-- Fix import overlay closing immediately on URL import or empty directory
-- Fix `g`/`G`/Home/End keys not routing correctly when logs panel is focused
-- Fix mouse scroll not working on hovered panel (only worked on focused panel)
-- Fix profile names overflowing sidebar column when names are long
-- Fix password mask using byte count instead of character count for multi-byte input
-- Enable config viewer overlay to be scrollable with mouse
-- Fix action menus not listing all available panel actions (Sort, Rename, Filter, Kill Switch)
-
-### Features
-
-- Add human-readable connection duration format (e.g., "2h 15m" instead of seconds)
-- Add throughput chart with upload/download speed labels and color legend ([#103](https://github.com/Harry-kp/vortix/issues/103))
-- Add active connection badge (checkmark) next to connected profile in sidebar
-- Clear stale telemetry data on disconnect to avoid showing previous session info
-- Add keyboard accessibility for all panels with Tab/Shift+Tab cycling
-- Add panel-specific keyboard shortcuts displayed in context footer
-- Add log level filtering (Error/Warn/Info) with `f` key
-- Show protocol tag (WG/OVPN) in cockpit header bar when connected
-- Show DNS server provider name (Cloudflare, Google, Quad9) in security panel
-- Add confirmation dialog when switching profiles while connected
-- Add confirmation dialog when quitting with an active VPN connection
-- Add profile sorting (name, protocol, last used) with `s` key
-- Add connection quality thresholds (Poor/Fair/Excellent) based on latency, jitter, and packet loss
-- Move toast notifications from bottom-right to top-right for better visibility
-
-### Refactor
-
-- Split 2081-line `dashboard.rs` into 13 focused per-panel modules ([#114](https://github.com/Harry-kp/vortix/issues/114))
-- Extract shared confirmation dialog component to reduce code duplication
-- Adopt `tempfile` crate for panic-safe test cleanup across all 31 test sites ([#116](https://github.com/Harry-kp/vortix/issues/116))
-- Sanitize profile names with strict ASCII-only validation for process management
-- Consolidate confirmation dialog input handling into shared `handle_confirm_keys`
-- Route inline key handlers (rename, search, help, log filter) through Message dispatch for TEA consistency
+- **WireGuard shows Connected with no handshake on invalid server address** ([#31](https://github.com/Harry-kp/vortix/issues/31)). FSM now requires a real `TunnelUp` event before entering `Connected` state.
+- **CLI hardening** ([#177](https://github.com/Harry-kp/vortix/issues/177)). Typed errors via `thiserror` at every port boundary, config value masking in output.
 
-### Testing
-
-- Enable 6 previously-ignored auth tests to run without root privileges
-- Add 19 new tests covering confirm dialog keys, Home/End panel awareness, profile name sanitization, truncation edge cases, and import overlay behavior
-- Migrate all test temp file creation to `tempfile` crate for automatic cleanup on panic
-
-### CI
-
-- Pin Rust 1.91.0 in CI and fix remaining lint issues
-
-
-
-## [0.1.5] - 2026-02-16
-
-### Bug Fixes
-
-- Address PR review feedback for bug report feature
-
-### Documentation
-
-- Add roadmap and feature voting links to README
-- Add vortix report and Nix installation to README
-- Rearrange badges, add Nix flake and npm downloads badges
-
-### Features
-
-- Add `vortix report` bug report command
-
-### Miscellaneous
-
-- **deps:** Bump the rust-minor group with 2 updates ([#40](https://github.com/Harry-kp/vortix/pull/40))
-
-
-
-## [0.1.4] - 2026-02-12
-
-### Documentation
-
-- Add sudo PATH troubleshooting for cargo install on Linux
-- Restructure README for clarity and fix misleading info
-- Move sudo PATH fix to prominent section after installation
-
-### Features
-
-- Add Homebrew and npm package manager support
-
-
-
-## [0.1.3] - 2026-02-11
-
-### Bug Fixes
-
-- Prevent TUI freeze when no network connection is available
-- **ci:** Gate macOS-only symbols behind cfg to resolve Linux dead_code errors
-- Prevent UTF-8 panic when truncating log messages in TUI
-
-### Documentation
-
-- **readme:** Add installation for arch linux ([#27](https://github.com/Harry-kp/vortix/pull/27))
-- Add directory structure and configuration guide to README
-- Clarify file ownership and permissions in README
-- Update configuration reference with all configurable settings
-
-### Features
-
-- Configurable config directory with settings, migration, and sudo ownership
-- Harden VPN lifecycle, structured logging, and configurable settings
-- Startup dependency check with toast warning for missing tools
-
-
-
-## [0.1.2] - 2026-02-07
-
-### Bug Fixes
+### Changed
 
-- Resolve clippy errors on Linux CI (Rust 1.93)
+- Profile sidecar backfill runs automatically at first launch. A `<name>.meta.toml` appears next to each `.conf`/`.ovpn`. Idempotent; v0.2.x ignores these files.
+- Killswitch state and active VPN sessions survive the binary upgrade unchanged.
 
 ### Documentation
 
-- Add star history graph to README
-- Add ROADMAP and GitHub Sponsors funding
-- Add downloads and stars badges to README
-- Add Terminal Trove feature mention
-- Fix roadmap links to point to feature requests
-- Add comparison table, CONTRIBUTING.md, and issue/PR templates
-- Add macOS, Rust, Sponsors, and PRs Welcome badges
-
-### Features
-
-- Add Linux platform support with cross-platform abstraction layer
-- Robust VPN state machine and strict config import validation
-- OpenVPN credential management and UX improvements
-
-### Miscellaneous
-
-- **deps:** Bump clap from 4.5.54 to 4.5.56 in the rust-minor group ([#23](https://github.com/Harry-kp/vortix/pull/23))
-
-
-
-## [0.1.1] - 2026-01-14
-
-### Bug Fixes
-
-- Address Clippy and Copilot review comments
-
-### Miscellaneous
-
-- **deps:** Bump nix from 0.29.0 to 0.30.1 ([#7](https://github.com/Harry-kp/vortix/pull/7))
-- **deps:** Bump libc from 0.2.179 to 0.2.180 in the rust-minor group ([#9](https://github.com/Harry-kp/vortix/pull/9))
-
-### Refactor
-
-- Centralized logging, optimized deps, improved UI
-
-
-
-## [0.1.0] - 2026-01-02
-
-### Added
-- Initial release of Vortix VPN Manager
-- TUI dashboard with real-time network telemetry
-- WireGuard profile support (.conf files)
-- OpenVPN profile support (.ovpn files)
-- Quick slots (1-5) for favorite connections
-- Profile import via TUI (`i` key) and CLI (`vortix import`)
-- Self-update command (`vortix update`)
-- IPv6 leak detection
-- DNS leak detection
-- Insecure protocol detection (HTTP, FTP, Telnet)
-- Live throughput monitoring (upload/download speeds)
-- Connection uptime tracking
-- Nordic Frost color theme
-- Keyboard-driven interface with help overlay (`?` key)
+- `docs/MIGRATION.md` -- upgrade guide from v0.2.x
+- `docs/v0.3.0-RELEASE-NOTES.md` -- full release notes
+- `docs/v0.3.0-FAQ.md` -- common upgrade questions
+- `docs/architecture-migration-v1.md` -- technical surface map
+- `docs/RELEASE-PLAYBOOK-v0.3.0.md` -- maintainer runbook
+- `SECURITY.md` updated with daemon authentication model
+- 15 plan documents in `docs/plans/` (001-015)
 
-### Security
-- Config files stored with 600 permissions
-- Root privilege requirement for network interface management
+### Not in v0.3.0 (deferred)
 
-[Unreleased]: https://github.com/Harry-kp/vortix/compare/v0.1.7...HEAD
-[0.1.7]: https://github.com/Harry-kp/vortix/compare/v0.1.6...v0.1.7
-[0.1.6]: https://github.com/Harry-kp/vortix/compare/v0.1.5...v0.1.6
-[0.1.5]: https://github.com/Harry-kp/vortix/compare/v0.1.4...v0.1.5
-[0.1.4]: https://github.com/Harry-kp/vortix/compare/v0.1.3...v0.1.4
-[0.1.3]: https://github.com/Harry-kp/vortix/compare/v0.1.2...v0.1.3
-[0.1.2]: https://github.com/Harry-kp/vortix/compare/v0.1.1...v0.1.2
-[0.1.1]: https://github.com/Harry-kp/vortix/compare/v0.1.0...v0.1.1
-[0.1.0]: https://github.com/Harry-kp/vortix/releases/tag/v0.1.0
+- No Windows binary (stub only, [#17](https://github.com/Harry-kp/vortix/issues/17))
+- Daemon engine routing (skeleton only, [#16](https://github.com/Harry-kp/vortix/issues/16))
+- Privilege separation / no-sudo ([#153](https://github.com/Harry-kp/vortix/issues/153))
+- Lifecycle hooks (backed out after UX iteration, [#36](https://github.com/Harry-kp/vortix/issues/36))

package/README.md

@@ -17,6 +17,12 @@
 
 Terminal UI for WireGuard and OpenVPN with real-time telemetry and leak guarding.
 
+> **New in v0.3.0 — architectural migration v1.** Engine FSM (internal), session journal, encrypted secret store. One new top-level subcommand (`vortix secrets`); existing CLI unchanged. Upgrade is automatic.
+>
+> - [Release notes](docs/v0.3.0-RELEASE-NOTES.md) — what changed (60s read)
+> - [Upgrade guide](docs/MIGRATION.md) — for v0.2.x users
+> - [FAQ](docs/v0.3.0-FAQ.md) — common upgrade questions
+
 ![Vortix Demo](assets/demo.gif)
 
 ## Why Vortix?
@@ -45,6 +51,10 @@ Existing options (`wg show`, NetworkManager, Tunnelblick) either lack real-time
 - **Geo-Location** — Instant detection of your exit IP's city and country
 - **Leak detection** — Monitors for IPv6 leaks and DNS leaks in real-time
 - **Kill Switch** — Built-in firewall management for maximum security
+- **Encrypted credential store** *(new in v0.3.0)* — OS keyring (Keychain / Secret Service) with AES-256-GCM + argon2id encrypted-file fallback for headless installs
+- **Session event journal** *(new in v0.3.0)* — JSONL event log per session under `${XDG_DATA_HOME}/vortix/sessions/`, 30-day retention; useful for diagnostics and scripting
+- **Per-process socket audit** *(new in v0.3.0)* — `vortix audit` answers "is this traffic actually routing through the tunnel?" with per-PID socket inventory; Linux + macOS supported
+- **Versioned structured output** *(new in v0.3.0)* — every `--json` envelope carries `schema_version: 1` so consumers can detect breaking changes instead of finding them at runtime
 - **Interactive Import** — Easily add new profiles directly within the TUI
 - **Config Viewer** — Inspect profile configurations directly within the TUI
 - **Keyboard-driven** — No mouse required
@@ -226,6 +236,43 @@ vortix completions bash >> ~/.bashrc      # Shell completions
 vortix completions zsh > ~/.zfunc/_vortix
 ```
 
+**New in v0.3.0 — secrets store, socket audit, daemon skeleton, profile-export flag (additive):**
+
+```bash
+# Encrypted secret store — OS keyring (Keychain / Secret Service) with
+# AES-256-GCM + argon2id fallback. Opt-in; existing .auth files keep
+# working unchanged.
+echo -n 'user:pass' | vortix secrets set creds/work-vpn
+vortix secrets get creds/work-vpn
+vortix secrets delete creds/work-vpn
+
+# Per-process socket audit — "is this traffic actually routing
+# through the tunnel?" Pull-based snapshots; Linux + macOS supported.
+vortix audit                                  # tabular
+vortix audit --json                           # structured envelope
+vortix audit --pid 12345                      # filter to one process
+vortix audit --vpn-only                       # only sockets on the tunnel
+
+# Daemon IPC skeleton — host the engine as a long-running process.
+# v0.3.0 ships the wire contract + socket binding; engine routing
+# through the daemon completes in v0.3.x.
+vortix daemon                                 # default socket path
+vortix daemon --socket /tmp/vortix.sock       # custom path
+
+# Share a profile with credentials inlined (for the recipient to
+# re-import). The output gets a trailing `# vortix-secret:<base64>`
+# comment that v0.3.x picks up on import.
+vortix show work-vpn --raw --inline-secrets > /tmp/work-with-creds.ovpn
+```
+
+The Engine FSM, JSONL session journal, layered settings, and sidecar
+migration all live behind existing commands — the journal path
+surfaces in `vortix info` output, the migration runs at startup, and
+`settings.toml` works whether or not you ever create one.
+
+See [`docs/MIGRATION.md`](docs/MIGRATION.md) for the upgrade guide and
+opt-in details on the secret store, journal, and daemon.
+
 **JSON output for AI agents / scripts:**
 ```bash
 # Structured JSON envelope on every command
@@ -294,7 +341,9 @@ When running with `sudo`, vortix automatically resolves the invoking user's home
 ~/.config/vortix/
 ├── profiles/                 VPN configuration files
 │   ├── work.conf             WireGuard profile
-│   └── office.ovpn           OpenVPN profile
+│   ├── work.meta.toml        Sidecar metadata (new in v0.3.0; auto-generated)
+│   ├── office.ovpn           OpenVPN profile
+│   └── office.meta.toml      Sidecar metadata (new in v0.3.0; auto-generated)
 ├── auth/                     Saved OpenVPN credentials
 │   └── office                Username + password for "office" profile
 ├── run/                      OpenVPN runtime files (temporary)
@@ -303,19 +352,38 @@ When running with `sudo`, vortix automatically resolves the invoking user's home
 ├── logs/                     Application logs (daily rotation)
 │   └── 2026-02-09.log        Same content as the TUI Logs panel
 ├── config.toml               User settings (optional, see below)
+├── settings.toml             Figment-layered settings (optional, new in v0.3.0)
+├── secrets.enc               Encrypted secret store, fallback when no OS keyring (new in v0.3.0)
 ├── metadata.json             Profile metadata (last used, sort order)
 └── killswitch.state          Kill switch state for crash recovery
 ```
 
-All files and directories are owned by your user account, even when vortix runs under `sudo`. You can read, modify, or delete anything here without elevated privileges.
+Session event journals live in a separate XDG directory because they're observability data, not user config:
+
+```
+${XDG_DATA_HOME}/vortix/sessions/                   (new in v0.3.0)
+├── 2026-...-pid.jsonl        JSONL event log per session
+└── ...                       30-day / 30-file retention
+```
+
+Resolved paths by platform:
+
+- **Linux:** `~/.local/share/vortix/sessions/`
+- **macOS:** `~/Library/Application Support/vortix/sessions/`
+
+Find the current session's path with `vortix info`.
+
+All files and directories under the config dir are owned by your user account, even when vortix runs under `sudo`. You can read, modify, or delete anything here without elevated privileges.
 
 | Path | Mode | Description |
 |------|:----:|-------------|
-| `profiles/` | `600` | Your `.conf` and `.ovpn` files. Added via `vortix import` or the TUI. |
-| `auth/` | `600` | Saved OpenVPN username/password pairs. One file per profile. |
+| `profiles/` | `600` | Your `.conf` and `.ovpn` files plus the auto-generated `.meta.toml` sidecars (new in v0.3.0). Sidecars are idempotent — delete and they regenerate. |
+| `auth/` | `600` | Saved OpenVPN username/password pairs. One file per profile. Still honored in v0.3.0 — credentials can optionally move to the encrypted store via `vortix secrets set creds/<profile>`. |
 | `run/` | `644` | **OpenVPN only.** PID and log files created during a VPN session. The `.pid` file identifies which daemon to kill; the `.log` is polled for success/failure. Cleaned up on disconnect. WireGuard doesn't use this. |
 | `logs/` | `644` | Application session logs (daily rotation, configurable size/retention). Not the raw OpenVPN output in `run/`. |
-| `config.toml` | `644` | Optional user settings. Only exists if you create it manually (see below). |
+| `config.toml` | `644` | Optional user settings (legacy). Only exists if you create it manually (see below). |
+| `settings.toml` | `644` | Optional figment-layered settings (new in v0.3.0): defaults → system file → this user file → `VORTIX_*` env vars. Not auto-created. |
+| `secrets.enc` | `600` | Encrypted-file fallback for the SecretStore (new in v0.3.0). Only created if you use `vortix secrets set` without a working OS keyring. |
 | `metadata.json` | `644` | Internal bookkeeping (last used, sort order). Auto-managed. |
 | `killswitch.state` | `644` | Persists kill switch mode across crashes. Auto-managed. |
 

package/npm-shrinkwrap.json

@@ -23,7 +23,7 @@
       "hasInstallScript": true,
       "license": "MIT",
       "name": "@harry-kp/vortix",
-      "version": "0.2.2"
+      "version": "0.3.0"
     },
     "node_modules/@isaacs/balanced-match": {
       "engines": {
@@ -515,5 +515,5 @@
     }
   },
   "requires": true,
-  "version": "0.2.2"
+  "version": "0.3.0"
 }

package/package.json

@@ -1,5 +1,5 @@
 {
-  "artifactDownloadUrl": "https://github.com/Harry-kp/vortix/releases/download/v0.2.2",
+  "artifactDownloadUrl": "https://github.com/Harry-kp/vortix/releases/download/v0.3.0",
   "author": "Harry KP <harrykp@users.noreply.github.com>",
   "bin": {
     "vortix": "run-vortix.js"
@@ -100,7 +100,7 @@
       "zipExt": ".tar.xz"
     }
   },
-  "version": "0.2.2",
+  "version": "0.3.0",
   "volta": {
     "node": "18.14.1",
     "npm": "9.5.0"