March 13, 2026
Phase 1 is complete
The local vault, the commit chain, and what was actually built
Phase 1 of LooMed is done. Here is what was built and what it proves.
What Phase 1 is
A fully working local vault. No cloud, no sync, no network. A patient can initialise a vault, commit medical records to it, inspect the history, and verify that nothing has been tampered with — entirely from the CLI, entirely offline.
loomed init
loomed add --type lab_result -m "fasting blood glucose"
loomed commit
loomed log
loomed show sha256:<commit_id>
loomed verify --chain
What is actually happening under the hood
Every commit is signed with an ed25519 private key derived from the patient’s passphrase via Argon2id. Every commit hashes the previous one via SHA-256, forming a tamper-evident chain. Every commit file on disk is AES-256-GCM encrypted. Tamper with any commit and every commit that follows it fails verification.
The cryptography stack is entirely standard primitives. No novel constructions. No custom schemes.
What Phase 1 proves
The chain model works. The same passphrase used during loomed init and
loomed commit deterministically produces the same signing key, which
means loomed verify --chain passes cleanly without any key persistence.
This is the fundamental guarantee the rest of the protocol is built on.
59 tests, 0 failures. The commit chain, the encryption, the signing, and the full vault lifecycle are all covered.
What comes next
Phase 2 is cloud sync — encrypted backup, offline-first, deterministic conflict resolution when two commits are created against the same chain head. Phase 3 is consent tokens — time-bound, single-use, patient-signed access grants for institutions.
The protocol is open. Apache 2.0. The specification and reference implementation are on GitHub.