Control Room

Control Room is the cockpit’s system surface. Everything that affects the workspace as a whole — backups, recovery bundles, trust posture, destructive resets — lives here. Module-specific settings live in their respective modules.

Backup

Backup creates a portable encrypted bundle of the workspace. The bundle is encrypted with the same master-lock key as the live vault.

A backup bundle is your responsibility to store safely. The cockpit does not upload it anywhere and does not retain a copy. Suggested destinations: an offline external drive, a hardware-encrypted USB device, or your own backup infrastructure.

Recovery

Recovery imports a backup bundle into the cockpit. You will be prompted for the master passphrase that was active when the bundle was created. If the passphrase has rotated since, the older one is required for that bundle.

Passphrase rotation

The cockpit does not currently support re-keying an existing vault to a new passphrase. If you want to rotate, the path is: backup → set up a fresh workspace with the new passphrase → manually re-enter or import the data.

Trust posture

Trust posture is a one-glance summary of:

• Last lock event timestamp
• Idle auto-lock threshold (configurable)
• Number of captured memory items
• Whether any module has detected a state inconsistency

It is a status surface, not a configuration surface. Adjustments happen in the surfaces below.

Nuke / reset

Nuke is the explicit destruction action. It deletes the encrypted vault file. There is no recovery from a nuke — use it only when the threat model demands it.

A nuke is gated behind a confirmation dialog that requires typing NUKE explicitly. This is not undoable.

Export / Import (non-encrypted)

For specific portability needs, individual modules expose plain-format export (markdown for Vault Notes, JSON for Research Vault records). These exports are not encrypted — they are intended for handoff or migration into other tools, not as backups. Use the encrypted Backup flow above for backups.