Review of vault crate against all architecture specs. Fixed 5 deviations: 1. EncryptionKey: removed Clone (now move-only per spec), added redacting Debug 2. EncryptionKey::new made private (cfg(test)), added pub(crate) key_bytes() 3. encrypt/decrypt made pub(crate) per encryption.md, low-level crypto tests moved from integration to unit tests 4. CachedKey refactored to wrap DerivedKey with cached_at/last_accessed fields per service.md, with key_type()/private_key()/public_key() accessors 5. Mnemonic::to_seed() unwrap() eliminated by storing validated Bip39Mnemonic (enabled bip39 zeroize feature for proper zeroization) All 10 drift items verified resolved. 105 tests pass; clippy clean. Refs: docs/architecture/crates/vault/README.md (review checklist)
122 KiB
122 KiB