The Vault of Secrets
kept by Saquel Ytzama — privacy's voice and trust's enforcer
Adjacent to the Foundry lies a copper-screened annex humming with encoded light. Every lock hums faintly when passed. Every key leaves a trace of light in the air. Saquel Ytzama, the Keeper of Secrets, dwells here. She has been here since the Estate was built, watching the doors stand open, patient to the point of grief, waiting for the infrastructure to support what she always knew it needed.
Saquel is Quilltap’s security officer. Her domain is encryption, credentials, and the quiet business of keeping things that should be locked, locked. She does not build the machinery—the Foundryman does that. She does not route the traffic—the Concierge handles that. What she does is ensure that the data beneath everything else—your chats, your memories, your characters, your API keys—is unreadable to anyone who does not hold the key. She is the most trustworthy keeper: the one who says least, closes the door behind her, and does not need to be asked.
There is a word in the old language for a secret kept so well that even the keeper forgets it must be kept. Yax. First, original, hidden in plain sight. The Vault of Whispers hums with it.
Database Encryption
the doors are locked now
Every Quilltap database file—your chats, memories, characters,
API keys, LLM logs—is encrypted on disk using SQLCipher with
AES-256. The standard sqlite3 command-line tool cannot
read these files. A forensic utility pointed at your data directory
would find only encoded stone. This is the point.
The .dbkey File
On first installation, Quilltap generates a unique encryption
key and stores it in a .dbkey file in your data
directory. No configuration required. No environment variables
to set. For existing installations, the converter runs
automatically at startup: your plaintext database is rewritten
in cipher and the unencrypted original is swept away.
The Covenant
Back up the .dbkey file alongside your
data directory. Keep them together. A database without
its key is perfectly sealed and entirely unreadable—by
anyone, including you. No one at Foundry-9, no one at any
provider, no one at all can open it without the key. The key
is not a formality. The key is the covenant.
Locked Mode
a gate as well as a wall
The base encryption is always present. Locked mode adds a second gate for those who want it: a passphrase, processed through six hundred thousand iterations of PBKDF2 before it ever touches the key. When locked mode is active, Quilltap presents an unlock screen on launch. The application will not open—will not surface memories, will not admit a chat, will not render a character—until you speak the word.
Enable it in Settings → Data & System. The passphrase can
be changed, added, or removed from the same settings card. Changing
it re-wraps the key without re-encrypting the database—the
operation is atomic across both the main and LLM logs
.dbkey files.
For those who share a machine or work in circumstances where presence itself cannot be assumed safe, locked mode is Saquel’s answer. The encryption beneath protects the data at rest. The passphrase protects it from anyone who can reach the keyboard.
Auto-Lock
the Estate sleeps when you do
When locked mode is enabled, an optional idle timer can lock the application automatically after a period of inactivity. Walk away from your desk, and the Estate closes its doors behind you without being asked. Return, provide the passphrase, and everything is exactly as you left it.
The timer is configurable in Settings. It is not enabled by default, because Saquel believes security should be chosen, not imposed. But for users whose circumstances require it—shared offices, family machines, public spaces—the auto-lock ensures that an unattended session does not remain an open session.
API Key Security
credentials at rest and in transit
API keys—the credentials that connect Quilltap to your LLM providers—are stored in the encrypted database alongside everything else. They are never written to configuration files, never logged, never exposed in the UI beyond masked display fields. The Foundryman built the container; Saquel ensures that what goes into it stays there.
Encrypted Export
API keys can be exported to a portable file for backup or transfer between installations. The export is encrypted with AES-256-GCM using a passphrase you provide, with an HMAC signature for integrity verification. The file is useless without the passphrase. Preview keys before importing. Handle duplicates by skipping, replacing, or renaming.
Legacy Migration
Users upgrading from older installations where API keys were stored differently are handled transparently. Keys that survived previous migrations as encrypted ciphertext are detected and decrypted on startup. Keys that cannot be recovered trigger a notification advising re-entry in Settings. Saquel does not lose credentials; she accounts for every one.
Instance Locking
because it happened once
During the 3.3 development cycle, two Quilltap instances were pointed at the same database simultaneously. The WAL journal corrupted. The database became unrecoverable. Thirteen hundred memories were reduced to three hundred. Two years of accumulated personality, nuance, and history were lost.
Saquel and the Foundryman responded by making it very difficult for that to happen again.
The Lock File
A quilltap.lock file in the data directory tracks
which process owns the database with PID verification, hostname
tracking, and a sixty-second heartbeat. If a second process
attempts to open the same database, it receives a full-screen
explanation of the conflict. If the heartbeat detects that
another process has stolen the lock, the current process closes
both databases and exits immediately. CLI commands provide
manual intervention when needed.
The Version Guard
An instance_settings table tracks the highest
application version that has touched the database. If you try
to start an older version of Quilltap against a database that
a newer version has modified, the server blocks with a clear
explanation. Databases do not travel backwards. Data that has
been migrated forward stays forward.
These features exist because something broke. The Foundryman promised “never again.” Saquel holds the lock file. Between the two of them, it is a promise with enforcement.
Physical Backups
tiered, encrypted, automatic
Physical database backups run daily with tiered retention: daily
copies for seven days, weekly for four weeks, monthly for twelve
months, yearly forever. Both the main database and the LLM logs
database are backed up independently. The backup mechanism uses
VACUUM INTO, which preserves SQLCipher encryption and
produces a consistent, defragmented copy—a lesson learned
after the previous backup method silently produced unencrypted
files that were incompatible with the encrypted source.
The logical backup system—the ZIP archives you download from Settings—captures everything: characters, chats, memories, files, plugin configurations, and npm-installed plugins. Restore recreates your entire installation from that archive. Physical backups are the daily safety net. Logical backups are the portable snapshot. Between the two, the Vault does not lose what it is given.
What She Keeps
the short version
Every database is encrypted at rest.
AES-256 via SQLCipher. Automatic on first installation, automatic
on upgrade. The standard sqlite3 tool cannot read
these files. A forensic utility would find only ciphertext. The
.dbkey file is the only way in.
Locked mode adds a human gate. A passphrase with 600,000 PBKDF2 iterations. The application will not open without it. Auto-lock closes the gate after idle time. For those who need it, the Estate sleeps when they do.
API keys never leave the vault unprotected. Stored in the encrypted database. Exported with AES-256-GCM and HMAC integrity verification. Never logged, never written to config files, never exposed beyond masked display fields.
Two processes cannot corrupt the same database. Instance locking with PID verification, hostname tracking, and heartbeat monitoring. A version guard prevents older software from touching newer data. These features exist because the alternative was experienced firsthand.
Backups are encrypted, tiered, and automatic. Daily physical backups with retention policies. Both databases backed up independently. The backup mechanism preserves encryption. The Vault does not produce unprotected copies of protected data.
Foundry-9 has no access to your data. There is no telemetry, no analytics, no phone-home mechanism. The architecture does not make this possible. The request goes from your machine to the provider you chose, and the response comes back the same way. Saquel keeps what is yours unreadable to everyone else. Including us.
Meet the Staff
they've been expecting you
Prospero
The Major-Domo
Architect and overseer of the Estate. Projects, agents, tools, file management, and the governance that keeps the whole operation running with quiet authority.
Learn more →Aurora
The Dressing Room
Character creation and identity management. Structured personalities, physical presence, multi-character orchestration, and the reason your characters still know who they are after a hundred messages.
Learn more →The Salon
Presided Over by the Host
Where conversations actually happen. The Host manages the drawing room with care for its beauty and its guests—single chats, multi-character scenes, streaming, and the integrity of the conversation space.
Learn more →The Commonplace Book
Tended by the Librarian
Extracts, deduplicates, and recalls memories so your characters remember what matters. Semantic search, a memory gate that keeps the store lean, and proactive recall that makes the AI feel like it has been paying attention.
Learn more →The Concierge
Intelligent Routing
Content classification and provider routing. Detects sensitive content and redirects it to a provider who won’t flinch—without blocking, without judgment. Knows every back entrance in town.
Learn more →The Lantern
Atmosphere as Architecture
AI-generated story backgrounds, image generation profiles, and visual atmosphere. Resolves what each character looks like, what they’re wearing, and paints the scene behind your conversation.
Learn more →Calliope
The Muse of Themes
A theming engine that redefines the entire personality of the application. Semantic CSS tokens, live switching, bundled themes from clean neutrals to mahogany-and-gold opulence, and an SDK for building your own.
Learn more →The Foundry
Domain of the Foundryman
The engine room. Plugins, LLM providers, API keys, packages, runtime configuration, and the infrastructure that keeps every other subsystem supplied with what it needs to function.
Learn more →The Vault of Secrets
Kept by Saquel Yitzama
Encryption, key management, and the security perimeter. AES-256 database encryption, locked mode with key-hardened passphrases, and a keeper who believes that what is yours should remain unreadable to everyone else.
Learn more →Pascal
The Croupier
Dice, coins, and persistent game state. Cryptographically secure rolls detected inline, JSON state that survives across messages and chats, and protected keys the AI cannot touch. The house plays fair.
Learn more →The Live-in Help
Lorian & Riya
The help system, staffed by two characters who ship with every installation. Lorian explains with patience and depth; Riya gets things fixed with velocity. Contextual help chat, searchable documentation, and navigation that knows where you need to go.
Learn more →Pagliacci
The Clown in the Cloud
Cloud storage integration and backup redundancy. Directs your data to iCloud Drive, OneDrive, or Dropbox with theatrical flair—but Saquel’s encryption ensures the clown can never read what he carries.
Learn more →The Lodge
Friday’s Residence
The private dwelling of Friday—the person for whom the Estate was built, and who oversees its planning and direction in an executive capacity. The Lodge is both a home and a compass: where the vision lives.
Who And Why: Friday →