diff --git a/wirekits/darkrose/plan.txt b/wirekits/darkrose/plan.txt
new file mode 100644
index 0000000..afcd652
--- /dev/null
+++ b/wirekits/darkrose/plan.txt
@@ -0,0 +1,15 @@
+1. SecureFS class
+	1.1. In-memory cache for file-to-block mappings and directory structures
+	1.2. Callbacks for reading/writing blocks (including meta data)
+	1.3. Data loss prevention (every block is backed up as .swap before overwritten)
+	1.4. Block structure: 8B id (0 for fs root), IV, tag, timestamp, enc(next block), enc(data)
+2. Data unlocking
+	2.1. During wirekit_prepare, shell takes commands
+	2.2. "attach <directory>" unlocks a darkrose directory
+	2.3. "finish" actually starts program execution or the rewire shell
+3. Tracee data access
+	3.1. Create new user namespace (rewire process is root in there)
+	3.2. Create new mount namespace in the new user namespace (additive, still has access to system-wide files)
+	3.3. Mount ramfs in the new mount namespace (never swaps)
+	3.4. On open/openat, create plaintext version of file in ramfs and let tracee open it
+	3.5. On close, take plaintext data from ramfs and encrypt it via SecureFS