SPEC-004: Distributed Sync

Proposes distributed vault synchronization using a Spritely Goblins sidecar. See Distributed Sync Future for the decision record.

Status: Proposed — not yet implemented.

Core insight

zetl stays pure Rust for local operations. A Guile Scheme Goblins sidecar handles networking, capability-based access control, and sync. Files remain the source of truth.

Architecture

┌─────────┐  JSON-RPC   ┌──────────────┐  OCapN/CapTP  ┌──────────┐
│  zetl   │ ──────────> │   Goblins    │ ────────────> │  Remote  │
│  (Rust) │  Unix sock  │  (Guile)     │   Tor/TCP     │  Peers   │
└─────────┘             └──────────────┘               └──────────┘

Capability model

Access controlled via sturdyrefs (cryptographic capability tokens)
Folder-based scopes: read, write, admin
Capabilities can be created, delegated, attenuated, and revoked

Sync protocol

Delta-based file transfer (not full vault sync)
Conflict detection via vector clocks
Explicit merge — never silent overwrite
Initially: conflict staging (always ask user)

User profiles

Solo researcher with multiple machines
Research team sharing a knowledge base
Agent-to-agent handoff between LLM sessions

Why a sidecar?

Keeps zetl’s core free of networking dependencies
Goblins provides battle-tested capability security
The sidecar is optional — zetl works fully offline
Aligns with decisions/Local-first Design

Research spikes needed

Syrup serialization in Rust
Goblins sidecar prototype
Conflict detection accuracy testing

Rationale

Trust — users adopt CLI tools more readily when they can’t cause data loss

Composability — read-only access means zetl works alongside Obsidian, Logseq, Foam, Dendron, or any editor without conflict

Simplicity — no write path means no write bugs, no file locking, no corruption recovery

Disposability — the cache is derived data; losing it costs only a re-index

Design overview

zetl stays pure Rust for all local operations

A Guile Scheme Goblins sidecar handles networking, capability-based access control, and sync

Communication between zetl and the sidecar uses JSON-RPC over Unix domain sockets

Files remain the source of truth — sync is delta-based with explicit merge

Capabilities (not passwords) control access via sturdyrefs

Specifications

Spec

Title

Status

Primary Feature

SPEC-001 Link Graph CLI

Bi-directional Link Graph CLI

Implemented

Wikilinks, graph queries, SimHash, cache

SPEC-002 Full-Text Search

Full-Text Content Search

Implemented

zetl search

SPEC-003 Agent Ergonomics

Agent Ergonomics & Robustness

Implemented

JSON errors, dedup, list/export

SPEC-004 Distributed Sync

Distributed Vault Sync

Proposed

Goblins sidecar, OCapN

SPEC-005 Defeasible Reasoning

Defeasible Logic over Markdown

Implemented

zetl reason (8 subcommands)

SPEC-006 Merkle Tree

Content-Addressed Merkle Tree

Implemented

BLAKE3 hashing, grounding, drift

SPEC-007 Graph Diff

Git-Backed Graph Diff

Implemented

zetl diff

SPEC-008 Watch Mode

Vault Watch with Event Stream

Implemented

zetl watch

SPEC-009 Xanadu View

Xanadu-Inspired Transclusion TUI

Implemented

zetl view

How specs relate

SPEC-001 (foundation) ├── SPEC-002 (search) ├── SPEC-003 (agent ergonomics) ├── SPEC-004 (future sync) ├── SPEC-005 (reasoning) ──── SPEC-006 (merkle/grounding) ├── SPEC-007 (diff) ├── SPEC-008 (watch) └── SPEC-009 (view)

SPEC-001 defines the foundation (scanner, graph, cache, CLI). Each subsequent spec builds on it. SPEC-006 extends SPEC-005 with content-addressed grounding.

SPEC-004: Distributed Sync

Core insight

Architecture

Capability model

Sync protocol

User profiles

Why a sidecar?

Research spikes needed

Backlinks