DataMoat Download macOS DMG
v0.1.12New: Windows ZIP + DataMoat.exe downloads, plus signed macOS DMG.

Back up your AI workflows before they disappear.

Encrypted, local history for Claude, Codex, OpenClaw, Cursor, and attachments: prompts, transcripts, tool output, locally available reasoning content, metadata, and files.

Download macOS DMGAuto-selects for this computer Quick Install macOS and Linux
macOS 12+ Apple Silicon DMG Linux source install Windows ZIP + DataMoat.exe downloads 
# Quick install
$ git clone https://github.com/max-ng/datamoat.git
$ cd datamoat
$ bash install.sh
$ datamoat
macOS DMG Signed and notarized Apple Silicon build Download Windows x64 ZIP + DataMoat.exe for Windows 11 x64 Download Windows ARM64 ZIP + DataMoat.exe for Windows 11 on Arm

Windows ZIP + DataMoat.exe packages are full app folders. Unzip the package and run DataMoat.exe from inside the extracted folder; this is not a standalone installer yet.

SearchFilters
refactor auth middleware

127 resultsSort: Newest

Refactor auth middleware to use async/await Claude - 2h ago Let's refactor the authentication middleware to improve error handling...
Implement session refresh with rotation Codex CLI - 5h ago Added rotation of refresh tokens and invalidation of old sessions...
Fix rate limiting for API endpoints OpenClaw - Yesterday Investigated 429s under load and adjusted the rate limiter window...
Add organization role checks to routes Cursor - 2d ago Checked admin and billing roles before privileged route access...

Refactor auth middleware to use async/await

Claude - May 13, 2026 at 9:41 AM
session_017a92c6...
HumanCan you refactor the authentication middleware to use async/await and improve error handling?
ClaudeI'll refactor the middleware to use async/await and better error handling. Here's the updated implementation:
authMiddleware.tsverified
import { verifyToken } from "./verify";

export async function auth(req, res, next) {
  try {
    const token = req.headers.authorization;
    const user = await verifyToken(token);
    req.user = user;
    return next();
  } catch (error) {
    return res.status(401).json({ error: "Unauthorized" });
  }
}
auth-middleware.tsv24 - 17 KB
test-output.log104 KB

Supported sources and platforms

Claude
Claude Desktop
Codex CLI
Codex app
OpenClaw
Cursor
macOS
Linux

Why individuals and companies need it

Searchable history

Search across prompts, transcripts, reasoning-visible blocks, tool output, metadata, and attachments without depending on a live app view.

Local attachment capture

Capture files, diffs, logs, images, and supported PDF blocks referenced or produced during AI coding sessions.

Auditability

Tamper-evident audit entries help prove integrity for reviews, restores, incident follow-up, and project handoffs.

Encrypted recovery

AES-256-GCM vault storage with password, optional TOTP, 24-word recovery phrase, one-time codes, and Touch ID on supported Macs.

Security model

Capture

Data captured from supported local AI tools.

Encrypt

AES-256-GCM encryption at rest.

Unlock

Password, TOTP, recovery, or Touch ID.

Search

Everything stays on your device.

AES-256-GCMAuthenticated encryption
scryptPassword key derivation
Optional TOTPAuthenticator apps
24-word recoveryBIP-39 compatible
One-time codesEmergency recovery
Secure EnclaveTouch ID on supported Macs
Tamper-evident audit log - verify integrity with datamoat audit verify

Supported sources

Claude

Full local transcript capture, including locally written thinking blocks when present.

Codex CLI

Terminal sessions, transcript text, tool output, timestamps, metadata, and stable attachments.

Codex app

Supported local app sessions, tool output, metadata, and stable image attachments.

Claude Desktop

Supported local-agent sessions on macOS when Claude writes them to disk.

OpenClaw

Supported local OpenClaw transcripts plus provider, model, and cost metadata when present.

Cursor

Readable local agent-transcripts JSONL records, including text and tool blocks when present.

Claude attachments

Encrypted image and supported file/PDF blocks.

+

More coming soon

Additional local sources on the roadmap.

Commands you'll use

datamoat

$ datamoat

Open the DataMoat UI.

datamoat status

$ datamoat status

Check vault and system status.

Vault:      Locked
Items:      3,246
Index:      Up to date
Encryption: AES-256-GCM

datamoat scan

$ datamoat scan

Scan for new data to capture.

Sources scanned: 3
New items:       54
Attachments:     6
Duration:        1.23s

datamoat audit verify

$ datamoat audit verify

Verify the audit log integrity.

Entries: 1,842
Status:  Verified

All good.

datamoat unlock

$ datamoat unlock

Unlock your vault locally.

Vault unlocked.
Welcome back.

For individuals and teams

Personal knowledge vault

Never lose important context, decisions, or code again. Your AI work history stays organized and available.

Better handoffs

Share relevant sessions, diffs, and artifacts with teammates for smoother reviews and faster collaboration.

Continuity you can trust

Maintain long-term continuity across projects and machines with an encrypted, verifiable local history.

Protect your AI work. Own your history.

Download DataMoat v0.1.12 and start backing up today.

Download links verify the newest macOS and Windows assets from GitHub Releases.

Download macOS DMG
macOS DMGLinux sourceWindows ZIP + DataMoat.exe

FAQ

Is my AI work ever uploaded to DataMoat?No. The vault, index, attachments, and search flow stay on your own machine.

The landing page may call GitHub Releases to keep the download button current, but DataMoat does not upload your prompts, transcripts, tool output, files, attachments, or search history to a DataMoat cloud service.

How does it save work before compaction or cleanup?A local watcher processes new source records as they are written and stores them into the encrypted vault.

For supported sources, DataMoat watches local transcript files and tracks byte offsets so new records can be captured quickly before compaction, retention cleanup, app format changes, device loss, or server moves make the original history harder to recover.

What exactly is captured today?Claude, Codex CLI, Codex app, Claude Desktop local-agent sessions, OpenClaw, Cursor, and Claude attachments.

DataMoat preserves locally available transcript text, prompts, tool output, timestamps, source metadata, stable image attachments, supported file/PDF blocks, and reasoning-visible content when the source application writes that content to disk.

Why are Claude and Codex reasoning records different?Claude can write full local thinking blocks; Codex often writes metadata without raw reasoning text.

DataMoat backs up what is locally available. Claude local session records can include full thinking text, while newer Codex records often keep reasoning content unavailable or encrypted by the source app, so DataMoat preserves transcript, tool output, timestamps, metadata, and attachments instead.

What makes it safer than a normal export folder?The saved copy is encrypted, searchable, versioned, and backed by a local audit chain.

A plaintext export is easy to leak, modify, lose, or misread later. DataMoat keeps the protected vault as the source of truth, encrypts state and attachment blobs, and lets you verify the hash-chained audit log with datamoat audit verify.

What if somebody copies my DataMoat folder?They get encrypted vault files, not readable transcripts.

Vault records, attachments, offsets, and session index state are encrypted at rest with AES-256-GCM. Passwords are stored as scrypt verifiers, not plaintext, and the UI still requires an approved unlock path before old records can be read or searched.

How do password, TOTP, Touch ID, and recovery fit together?Password and optional TOTP protect normal unlock; recovery material exists for account recovery.

Source installs support password, optional TOTP, a 24-word BIP-39 recovery phrase, and one-time recovery codes. The packaged macOS app adds Touch ID and Secure Enclave-backed daily unlock on supported Macs.

What happens if I forget my password or lose my authenticator?Use the 24-word recovery phrase or one of the one-time recovery codes.

Recovery is designed so you can regain access without storing your password in plaintext or relying on a cloud account. Recovery material is shown locally during setup and should be kept offline by the human user.

Can Claude, Codex, or OpenClaw install it for me?They can start the install, but final setup should happen on the protected desktop.

An AI agent can clone the repo, run install.sh, and launch datamoat. Password setup, TOTP enrollment, the 24-word phrase, and recovery codes should be completed by the human user on the machine being protected, not relayed through chat screenshots or remote messages.

Will the download button find the latest version?Yes. It shows the current version number and checks GitHub Releases for the newest release assets.

The page starts with v0.1.12 in the HTML for clarity and then asks GitHub Releases for the current latest release. If the API is blocked, the buttons still open the latest release page or the current known release assets instead of showing an old version.

Is DataMoat open source?The repository is source-available under BUSL-1.1 with an Additional Use Grant.

Personal use and internal company use are allowed by the grant. It is not an OSI-approved open source license, so production, resale, hosting, or other uses outside the grant should be checked against LICENSE.md.