Borg

Snider Labs

Go Encryption Containers WASM

A data sovereignty toolkit for when you can't trust the network or the platform. Packages applications into runc-compatible containers (TIM), encrypts form submissions in the browser before they leave (STMF), and enables secure message exchange (SMSG). Built for hostile environments where your data needs to stay yours.

View on GitHub → Report Issue

Features

Terminal Isolation Matrix

Package applications as runc-compatible OCI containers with distroless Linux rootfs

STMF Sovereign Forms

Client-side X25519 ECDH encryption of form data - MITM-proof before it hits the wire

SMSG Secure Messages

Password-protected message exchange with attachments using ChaCha20-Poly1305

STIM Encrypted Containers

Encrypt entire TIM bundles for secure transport and storage

WASM Module

Full encryption stack available in the browser via WebAssembly

DataNode Architecture

In-memory fs.FS filesystem for collecting from GitHub, websites, and PWAs

Installation

git clone https://github.com/Snider/Borg.git
cd Borg
go build -o borg ./

Usage

Data Flow

Source (GitHub/Website/PWA)
    ↓ collect
DataNode (in-memory fs.FS)
    ↓ serialize
    ├── .tar   (raw tarball)
    ├── .tim   (runc container bundle)
    ├── .trix  (PGP encrypted)
    └── .stim  (ChaCha20-Poly1305 encrypted TIM)

Run Isolated Containers

# Compile to encrypted container
borg compile -f Borgfile -e "password" -o app.stim

# Run in isolation via runc
borg run app.stim -p "password"

STMF Client-Side Form Encryption

// Browser via WASM
const encrypted = await BorgSTMF.encrypt(formData, serverPublicKey)
// Server can't be MITM'd - data encrypted before transmission

Quick Links

Repository Issues Pull Requests Releases

More from Snider Labs

View all projects →

Fancy helping out?

Spotted a bug? Got an idea? We'd love to hear from you.

Read the contributing guide →