Filesystem Module

Security & Advanced Ops

Hardened security primitives and advanced kernel-level operations. Features include AES-256-GCM encryption, hardware-bound data locking, and secure multi-pass deletion (shredding).

File Encryption (AES-256-GCM)

Encrypt and decrypt files in-place using the native xypriss-security engine.

.encryptFile / .decryptFile

Both operations are performed in-place. The source file is overwritten with the encrypted/decrypted output.

typescript

await __sys__.fs.encryptFile("secrets.json", MASTER_KEY);
await __sys__.fs.decryptFile("secrets.json", MASTER_KEY);

Key Management

Losing the encryption key renders files permanently unrecoverable. Always store keys in a dedicated secrets manager.

Hardware-Linked Encryption

Cryptographically binds file content to the host machine's unique HostID.

.hardwareEncryptFile(path, key)

Incorporates the machine's hardware identity into the key derivation. Files **cannot** be decrypted on any other physical server.

typescript

await __sys__.fs.hardwareEncryptFile("system.vault", "secret-key");

Secure Destruction

.shred(path, passes?)

Secure deletion — overwrites file content with random data N times before removing it from the filesystem.

typescript

__sys__.fs.shred("private-key.pem", 7);

Advanced Manipulation

.split / .merge

Binary file chunking and reassembly for large data handling.

typescript

const chunks = __sys__.fs.split("video.mp4", 10_000_000);

.lock / .unlock

Advisory file locking to prevent concurrent write conflicts.

.patch(p, search, replace)

In-place content replacement.

.tail(p, lines?)

Read the last N lines (logs).

.diffFiles(a, b)

Compare two files line-by-line.

.writeSecure(p, data, mode)

Atomic write with permissions.

.topBigFiles(dir)

Identify largest files in tree.

Path Module

Master cross-platform path resolution and security boundaries.