#19650: [AI-assisted] feat: add encrypted S3-compatible backup system

- Adds backup system with client-side AES-256-GCM encryption - Supports S3-compatible storage (R2, AWS S3, B2, MinIO, DO Spaces) - CLI commands: backup now|list|restore|status|prune - Configurable scheduling (duration strings like '6h', '1d') - Retention policies with automatic pruning - Missing test dependency aws-sdk-client-mock added ## Summary Describe the problem and fix in 2–5 bullets: - Problem: - Why it matters: - What changed: - What did NOT change (scope boundary): ## Change Type (select all) - [ ] Bug fix - [x] Feature - [ ] Refactor - [x] Docs - [ ] Security hardening - [ ] Chore/infra ## Scope (select all touched areas) - [ ] Gateway / orchestration - [ ] Skills / tool execution - [ ] Auth / tokens - [x] Memory / storage - [ ] Integrations - [ ] API / contracts - [ ] UI / DX - [ ] CI/CD / infra ## Linked Issue/PR - Closes # - Related # ## User-visible / Behavior Changes List user-visible changes (including defaults/config). If none, write `None`. ## Security Impact (required) - New permissions/capabilities? (`Yes/No`) - Secrets/tokens handling changed? (`Yes/No`) - New/changed network calls? (`Yes/No`) - Command/tool execution surface changed? (`Yes/No`) - Data access scope changed? (`Yes/No`) - If any `Yes`, explain risk + mitigation: ## Repro + Verification ### Environment - OS: - Runtime/container: - Model/provider: - Integration/channel (if any): - Relevant config (redacted): ### Steps 1. 2. 3. ### Expected - ### Actual - ## Evidence Attach at least one: - [ ] Failing test/log before + passing after - [ ] Trace/log snippets - [ ] Screenshot/recording - [ ] Perf numbers (if relevant) ## Human Verification (required) What you personally verified (not just CI), and how: - Verified scenarios: - Edge cases checked: - What you did **not** verify: ## Compatibility / Migration - Backward compatible? (`Yes/No`) - Config/env changes? (`Yes/No`) - Migration needed? (`Yes/No`) - If yes, exact upgrade steps: ## Failure Recovery (if this breaks) - How to disable/revert this change quickly: - Files/config to restore: - Known bad symptoms reviewers should watch for: ## Risks and Mitigations List only real risks for this PR. Add/remove entries as needed. If none, write `None`. - Risk: - Mitigation: <!-- greptile_comment --> <h3>Greptile Summary</h3> This PR adds an encrypted backup system with S3-compatible storage support. The implementation includes AES-256-GCM encryption, configurable scheduling, retention policies, and CLI commands for backup management. **Critical issues found:** - Missing import for `Upload` class from `@aws-sdk/lib-storage` in backup-core.ts:354 - Missing export for `registerBackupCommands` function in backup.ts (imported but not defined) - Multiple undefined variable references in catch blocks throughout backup-core.ts (missing catch parameters) - Variable naming inconsistencies in backup.ts causing runtime errors (`result` vs `_result`, `size` vs `sizeBytes`) - Return type mismatch in `createBackupTarball()` - tests expect `fileCount` property but function doesn't return it **Additional concerns:** - S3 error handling accesses properties on `unknown` type without proper type checking - Empty string passed to `createBackupTarball` when `stateDir` config is false may cause issues The backup logic and encryption implementation appear sound, but the code has multiple syntax errors and type issues that will prevent it from running. <h3>Confidence Score: 1/5</h3> - This PR contains multiple critical syntax and logic errors that will cause runtime failures - Score reflects critical blocking issues: missing imports will cause module load failures, missing function exports will break CLI integration, undefined variables in catch blocks will cause compilation errors, and variable naming mismatches will cause runtime crashes. These are not edge cases but core functionality errors that will prevent the feature from working at all. - Critical attention needed on src/infra/backup-core.ts (missing imports, undefined variables in catch blocks) and src/commands/backup.ts (missing function export, variable naming issues) _{Last reviewed commit: 83b9d58} <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->