SqlCipherProvider - Meander Platform - Likeperson App

Description

Bootstraps the SQLCipher extension and manages the encryption key lifecycle for the local database. It derives a per-device key from secure storage, rotates keys on credential changes, and ensures the database file is never readable without the correct key material.

Feature: Offline Data Support

sql-cipher-provider

Sources & reasoning

Lines 302-303 explicitly define the offline-first architecture including SQLCipher, mutation outbox, conflict resolver, and optimistic mutations. The mobile app architecture section lists this as a core shared capability with no toggle, confirming MVP scope. The blueprint assigns this feature [MVP], consistent with Phase 1 foundational requirements.

docs/source/likeperson.md · line 302

Offline-first persistence (Drift + SQLCipher encrypted local DB, mutation outbox, sync queue with retry/backoff, ID mapping for offline-created entities, conflict resolver)
docs/source/likeperson.md · line 303

Optimistic mutations with automatic rollback on failure (contact edits and paginated list updates)

Responsibilities

Derive and store the database encryption key in the device secure enclave or keychain
Open and authenticate the SQLCipher database connection on application start
Rotate the encryption key when the user changes their PIN or biometric credential
Wipe the local key material and close the database on remote-wipe commands
Validate database integrity on open to detect tampering or corruption

Interfaces

deriveKey(credential: string): Promise<CipherKey>

openEncrypted(path: string, key: CipherKey): Promise<SQLiteConnection>

rotateKey(oldKey: CipherKey, newKey: CipherKey): Promise<void>

wipe(): Promise<void>

verifyIntegrity(connection: SQLiteConnection): Promise<boolean>