docs(02-01): complete project foundation plan

- Create 02-01-SUMMARY.md with execution results and deviations
- Update STATE.md: Phase 2 in progress, plan 1/2 complete
- Update ROADMAP.md: Phase 2 progress 1/2
- Mark 13 requirements complete: FMT-01..04, ENC-01..05, CMP-01..02, INT-01, CLI-01

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

.planning/phases/02-core-archiver/02-01-SUMMARY.md

@@ -0,0 +1,134 @@
+---
+phase: 02-core-archiver
+plan: 01
+subsystem: crypto, format, cli
+tags: [aes-256-cbc, hmac-sha256, gzip, clap, flate2, pkcs7, binary-format]
+
+# Dependency graph
+requires:
+  - phase: 01-format-spec
+    provides: "FORMAT.md binary format specification (byte-level field definitions)"
+provides:
+  - "Rust project with Cargo.toml and all crypto/compression/format dependencies"
+  - "CLI skeleton with pack/unpack/inspect subcommands (clap derive)"
+  - "Binary format types (Header, TocEntry) with serialize/deserialize matching FORMAT.md"
+  - "AES-256-CBC encrypt/decrypt pipeline with PKCS7 padding"
+  - "HMAC-SHA-256 compute/verify (encrypt-then-MAC over IV||ciphertext)"
+  - "SHA-256 hash for file integrity verification"
+  - "Gzip compress/decompress with deterministic mtime(0)"
+  - "Compression heuristic for known compressed file extensions"
+  - "Hardcoded 32-byte AES key constant"
+affects: [02-core-archiver, 03-round-trip-verification]
+
+# Tech tracking
+tech-stack:
+  added: [aes 0.8, cbc 0.1, hmac 0.12, sha2 0.10, flate2 1.1, clap 4.5, rand 0.9, anyhow 1.0]
+  patterns: [manual binary serialization with to_le_bytes/from_le_bytes, RustCrypto type aliases for cipher modes, GzBuilder mtime(0) for reproducibility]
+
+key-files:
+  created:
+    - Cargo.toml
+    - src/main.rs
+    - src/cli.rs
+    - src/key.rs
+    - src/format.rs
+    - src/crypto.rs
+    - src/compression.rs
+    - src/archive.rs
+  modified: []
+
+key-decisions:
+  - "Used rand::Fill::fill() instead of try_fill() for IV generation (correct rand 0.9 API)"
+  - "Edition 2021 to match plan specification"
+  - "Dead-code warnings expected and acceptable until pack/unpack/inspect wire up modules in Plan 02-02"
+
+patterns-established:
+  - "Type aliases for cipher modes: type Aes256CbcEnc = cbc::Encryptor<aes::Aes256>"
+  - "Manual binary serialization: to_le_bytes()/from_le_bytes() for all multi-byte fields"
+  - "HMAC-SHA-256 scope: IV (16 bytes) || ciphertext (encrypted_size bytes)"
+  - "Compression heuristic: extension-based auto-detection + CLI override via --no-compress"
+  - "GzBuilder::new().mtime(0) for deterministic gzip output"
+
+requirements-completed: [FMT-01, FMT-02, FMT-03, FMT-04, ENC-01, ENC-02, ENC-03, ENC-04, ENC-05, CMP-01, CMP-02, INT-01, CLI-01]
+
+# Metrics
+duration: 4min
+completed: 2026-02-24
+---
+
+# Phase 2 Plan 1: Project Foundation Summary
+
+**Rust project with AES-256-CBC/HMAC-SHA-256 crypto pipeline, binary format serialization matching FORMAT.md, gzip compression, and clap CLI skeleton**
+
+## Performance
+
+- **Duration:** 4 min
+- **Started:** 2026-02-24T20:54:36Z
+- **Completed:** 2026-02-24T20:58:28Z
+- **Tasks:** 2
+- **Files modified:** 8
+
+## Accomplishments
+- Complete Rust project structure with 7 source modules and all dependencies
+- Binary format types (Header: 40 bytes, TocEntry: 101+N bytes) with byte-accurate serialization matching FORMAT.md Sections 4 and 5
+- Full crypto pipeline: AES-256-CBC encrypt/decrypt, HMAC-SHA-256 compute/verify, SHA-256 hash, random IV generation
+- Gzip compression/decompression with reproducible output and smart compression heuristic
+
+## Task Commits
+
+Each task was committed atomically:
+
+1. **Task 1: Project scaffolding with Cargo, CLI skeleton, and key module** - `c647f3a` (feat)
+2. **Task 2: Format types, crypto pipeline, and compression module** - `6292b41` (feat)
+
+## Files Created/Modified
+- `Cargo.toml` - Project manifest with aes, cbc, hmac, sha2, flate2, clap, rand, anyhow
+- `src/main.rs` - CLI entry point with clap parse and dispatch to pack/unpack/inspect
+- `src/cli.rs` - Clap derive structs: Cli, Commands enum (Pack/Unpack/Inspect)
+- `src/key.rs` - Hardcoded 32-byte AES-256 key constant
+- `src/format.rs` - Header and TocEntry structs with write/read serialization, entry_size, compute_toc_size
+- `src/crypto.rs` - encrypt_data, decrypt_data, compute_hmac, verify_hmac, sha256_hash, generate_iv
+- `src/compression.rs` - compress, decompress, should_compress
+- `src/archive.rs` - Stub module for pack/unpack/inspect orchestration (Plan 02-02)
+
+## Decisions Made
+- Used `rand::Fill::fill()` instead of `try_fill()` for IV generation (correct rand 0.9 API for array fill)
+- Kept edition 2021 as specified in the plan for broad compatibility
+- Dead-code warnings are expected and acceptable -- modules are not yet called from main; they will be wired in Plan 02-02
+
+## Deviations from Plan
+
+### Auto-fixed Issues
+
+**1. [Rule 3 - Blocking] Fixed rand 0.9 API for IV generation**
+- **Found during:** Task 2 (crypto.rs implementation)
+- **Issue:** `try_fill()` method does not exist on `[u8; 16]` in rand 0.9. The `Fill` trait provides `fill()`, not `try_fill()`.
+- **Fix:** Changed from `iv.try_fill(&mut rand::rng())` to `rand::Fill::fill(&mut iv, &mut rand::rng())`
+- **Files modified:** src/crypto.rs
+- **Verification:** cargo build succeeds
+- **Committed in:** 6292b41 (Task 2 commit)
+
+---
+
+**Total deviations:** 1 auto-fixed (1 blocking)
+**Impact on plan:** Minor API correction for rand 0.9. No scope creep.
+
+## Issues Encountered
+None beyond the rand API correction noted above.
+
+## User Setup Required
+None - no external service configuration required.
+
+## Next Phase Readiness
+- All building-block modules are implemented and compile successfully
+- Ready for Plan 02-02: Pack, inspect, and unpack commands with full archive orchestration
+- The archive.rs module is a stub awaiting the orchestration logic
+- 25 dead-code warnings will be resolved when modules are wired into commands
+
+## Self-Check: PASSED
+
+All 8 created files verified present. Both task commits (c647f3a, 6292b41) verified in git log.
+
+---
+*Phase: 02-core-archiver*
+*Completed: 2026-02-24*