Why I Built It ๐ง
I did not build SkyeVault because I wanted another backup button. I built it because a serious developer can do everything "right" by normal Git standards and still lose the exact files that mattered: the untracked scratch module, the local worker patch, the root env notes, the generated prompt receipt, the script that has not been committed yet, the one-off migration, the thing sitting in a Codespace while the IDE hops from browser to desktop.
Git is excellent at versioned history after you stage and commit. GitHub is excellent at shared remote history after you push. Neither one is designed to be a sovereign encrypted repo-custody vault for every local file, every untracked file, every secret-like operator file, and every active workspace artifact before you decide whether it belongs in public source control.
That difference matters. My 0S repo is not a toy repo. It has Workers, Pages projects, brain files, proof receipts, legal surfaces, app lanes, and deployment scripts that evolved through months of real production work. I needed a lane where the repo could be protected as a whole workspace, not only as a sanitized public Git shape.
So the architecture became clear: Git still exists. Git-style vault pushes still exist. Clean client handoffs still exist. But the owner repo-custody lane has to be encrypted, receipt-backed, and allowed to carry the workspace state for recovery. That includes tracked and untracked work, plus private operator material inside the owner-only encrypted lane. The sellable customer lane is different on purpose: customers get the Reape0r runtime package and their own workspace mirror, not my full platform source.
What Reape0r Is Now โ๏ธ
A daemon is just a background process. It is not magic, and it is not a cloud ghost living forever after your computer disappears. In this setup, Reape0r is a long-running local agent that wakes up on the customer's paid plan cadence, scans the repo, updates the encrypted mutable-current mirror, writes receipts, and gives the user terminal-visible links for status, verify, and restore.
The current plan table matters. Starter wakes on a 30-minute lane, Pro on 10 minutes, Command on 5 minutes, and Sovereign can be configured down to a custom 1-5 minute posture. That means the agent is designed so the normal loss window is the work created after the last completed mirror pass. If Reape0r finishes at 12:00 and your workspace dies at 12:07, the 12:00 receipt is the clean recovery target. If a scan is actively streaming when the machine dies, you recover from the last completed receipt, not from a half-written object.
This is why I keep using the word "receipt." A backup you cannot prove is a hope. A Reape0r mirror with a digest, byte count, timestamp, current manifest, restore kit, and upload state is evidence. I want the system to show what it captured, when it captured it, what changed, which plan governed the wake cycle, and how to get back to it.
VS Code Closing Is Not The Same As Workspace Death ๐ฅ๏ธ
This part matters because developers use the word "workspace" loosely. Closing the VS Code window usually means the editor UI is gone. It does not automatically mean the machine, Codespace, VM, dev container, or file system disappeared. If the underlying workspace is still alive, the daemon can keep running and keep scanning.
But if the actual workspace stops, gets deleted, loses disk, or the container is killed before the daemon has completed its next artifact, no local process can keep reading files from a file system that is no longer there. That is not weakness in the vault architecture. That is physics in software clothing.
The point of the autosync lane is to keep narrowing the blast radius. It turns "I lost half my repo" into "I should have a recent encrypted receipt." It turns "I forgot to commit" into "the vault captured the uncommitted source state if the daemon finished." It turns IDE switching from browser Codespaces to local VS Code into a workflow with a background repo-custody net under it.
My practical rule
If I am about to do a major risky move, I can still force a manual SkyeVault push. The daemon is the always-on habit. Manual push is the deliberate checkpoint. Git commit is the public or team history move. These lanes are related, but they do not replace each other.
Why The Current Mirror Is Not GitHub ๐
Public Git hygiene says do not push secrets. That rule still matters for GitHub, GitLab, public remotes, open-source repos, and client source deliveries. But my owner vault is not a public Git remote. It is an encrypted full-repo custody wrapper. The design goal is different: recover the workspace as it actually existed, including the private operator files that should never be exposed in a public repo.
That is why SkyeVault keeps multiple lanes. A sanitized Git-shaped handoff is useful when I need to share a clean repo. A Git bundle lane is useful when I want Git parity. The owner living-current lane is useful when I never want to lose the active repo state again. The customer Reape0r lane is useful when a buyer needs their repo protected without getting access to my internal source.
Archive format is not the security boundary. A zip, a tar, or a tar compressed with zstd are containers. The security boundary is the encrypted wrapper, the workspace entitlement, and the unlock model. Reape0r can feel simple in the terminal while the transport stays strong enough for serious repos.
In plain language: the vault should feel easy to a human, but the transport should be strong enough for the repo. I do not need the storage layer to understand my files. I need it to hold encrypted current custody with receipts.
The Paid Runtime Boundary Is Not Optional ๐ณ
This was one of the commercial lessons. Reape0r cannot be a free trial where somebody downloads the agent, uses it, and then claims it did not work. That is not a sustainable trust model. The live SkyePay offers now show trial_days: 0 and zero_upfront_trial: false for the Reape0r plans. The customer has to pay before the runtime package delivery unlocks.
The source boundary is just as important. A buyer should not be able to download my full platform source, copy the agent, resell it, and disappear. The customer-facing offer exposes a Reape0r install center and runtime package. It does not expose the 0S internal source. Live offer proof shows source_download_available: false for Starter, Pro, Command, and Sovereign.
The SkyeMerit Sale Is A Money-Lane Proof, Not Decoration โจ
The Pro-and-up SkyeMerit sale is now wired through SkyePay as SKYEMERIT-PRO-UP-50X3. Eligible Pro+ account subscriptions get 50% off the recurring subscription for the first three months. The setup fee stays separate. The merit links to the buyer account metadata instead of acting like a loose public coupon floating around the internet.
That matters for valuation because it proves the 0S is not only listing products. It is shaping buyer economics inside the payment lane, issuing account-linked discounts, preventing outside promo-code stacking, and letting the offer catalog express a real sales motion. The live checkout smoke created a Stripe Checkout session with the SkyeMerit coupon attached, payment status unpaid, provider runtime executed, and provider_call_made: true. No payment was captured in proof; the point was proving the checkout path.
The Revision Rounds Were The Point ๐ ๏ธ
This did not start as one perfect script. It became stronger through pressure. Every time the 0S exposed a weak assumption, I tightened the lane.
The early lane focused on repo-like pushes, Git bundles, clone/fetch/push patterns, and developer-friendly recovery thinking.
Then came clean delivery paths for client or public movement, where secrets and private operator material stay out of the shared source lane.
The owner lane became explicit: tracked, untracked, local-only, generated, dependency, and secret-like repo material belong in the encrypted vault artifact when the purpose is recovery. Source-custody remains an explicit smaller filtered mode, not the meaning of full.
The upload path moved toward faster direct streaming, better large-artifact behavior, and receipts that show the vault actually received the object.
The repo-custody lane became a sellable paid agent with entitlement plans, CLI install, auto-install add-on, terminal receipts, status/verify/restore commands, no-free-trial checkout, and runtime-only delivery.
Pro-and-up SkyePay accounts now receive the first-three-month 50% SkyeMerit sale through account-linked checkout metadata and provider coupon proof.
The marketing and legal surfaces now explain the no-guarantee boundary without hiding the proof: the founder's own 0S repo is the stress test and live demonstration, while customer packages stay protected from full-source leakage.
That is how real infrastructure grows. Not by pretending failure never happens. By noticing the failure mode, reducing the recovery window, adding receipts, making the next recovery easier, and refusing to let "that was local only" be the reason source disappears.
Why This Moved The Valuation Baseline ๐
My valuation method changed. I am not only counting component replacement cost anymore. The current model counts full-repo engineering replacement, productized platform value, operating-company context, high-ticket SkyePay catalog capacity, public credibility proof, private/internal tooling lineage, and ARR as additive upside instead of the gate on today's value.
The current source of truth puts MetrAIyux 0S at $23M-$38M full-repo engineering replacement, $35M-$95M founder/operator range, $45M-$125M operating-company platform range, and $95M-$225M strategic integrated-OS ceiling. Reape0r belongs in that model because it is not just a script. It is paid repo custody, source-protection, account entitlements, checkout proof, restore proof, and public founder narrative all tied to the same operating company.
The fresh valuation deep scan on June 3 counted 61,273 scanned workspace files, 50,990 source-like files, 23,022 proof/test files, 1,149 pricing or sales files, and 391 valuation files. The current SkyePay catalog proof shows 165 live offers, 185 Stripe price records, $1,446,912 in one-time catalog surface, and $42,747/month one-of-each recurring proxy. That is why the baseline moved.
The Boundary: No Perfect-Tech Promise ๐ง
Despite the stress testing, live owner usage, encrypted current-mirror custody, plan wake intervals, proof receipts, paid entitlement checks, and runtime-only customer delivery, this is not a guarantee that no data can ever be lost. It is an infrastructure answer built to reduce loss, prove what was captured, and make recovery real without handing customers the full 0S source.
If the workspace dies before the first successful artifact, there is nothing for the vault to restore. If the machine stops while a new stream is in progress, the restore target is the last completed receipt. If a user disables notifications, the upload can still work, but they will not receive every email. If the passphrase/control material is lost, encryption did its job and recovery becomes a custody problem, not a storage problem.
That honesty is part of the product. I would rather say the real boundary out loud than sell fake certainty. The claim is not "nothing can ever go wrong." The claim is: when ShYT happens, SkyeVault is built so the last clean move has a better chance of still existing, still being provable, and still being recoverable.
Proof Surfaces And Recovery Links ๐งพ
The live 0S proof endpoints stay gate-owned because repo-custody proof can point at private operational metadata. Public readers get the architecture story, the paid access lane, the install prompt, valuation context, and the proof-safe links. Owners and operators use the shared FS27/SkyGate/Free99 credential lane to see gated proof details.