This commit introduces a comprehensive performance audit of the Enchantrix codebase, culminating in the creation of the `AUDIT-PERFORMANCE.md` report.
The audit includes:
- An analysis of the `trix` CLI's memory usage and single-threaded nature.
- An evaluation of the project's build and deploy performance.
- The addition of benchmarks for the `trix`, `crypt`, and `enchantrix` packages to establish a performance baseline.
In addition, this commit addresses feedback from the code review by:
- Removing binary artifacts (`.prof`, `.test`) from the commit.
- Updating the `.gitignore` file to prevent these artifacts from being committed in the future.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit introduces a new file, `AUDIT-DX.md`, which contains a comprehensive audit of the developer experience for the Enchantrix project.
The audit covers the following areas:
- Onboarding: Time to first build, dependencies, and documentation.
- Development Workflow: Local development, testing, build system, and tooling.
- CLI/Interface: Help text, error messages, and configuration.
The report identifies several areas for improvement and provides concrete suggestions to enhance the developer experience for contributors.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
A data race was identified in the lazy initialization of the RSA and PGP services within the `crypt` package. The non-thread-safe `if s.service == nil` check could lead to multiple initializations when accessed concurrently.
This commit resolves the race condition by using `sync.Once` to ensure that the initialization for each service is performed exactly once, making the `Service` struct safe for concurrent use.
Additionally, a new test file, `race_test.go`, has been added to provide a regression test for this specific scenario.
A new file, `AUDIT-CONCURRENCY.md`, has been created to document the findings of the concurrency audit, the remediation steps taken, and the verification process.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit addresses several gaps identified in a comprehensive documentation audit.
- Adds `AUDIT-DOCUMENTATION.md` with the full audit report.
- Adds a `CONTRIBUTING.md` to guide new contributors.
- Adds a `CHANGELOG.md` to track version history.
- Adds `docs/faq.md` and `docs/troubleshooting.md` to improve user support.
- Updates `mkdocs.yml` to include the new documentation pages.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This change introduces a new file, `AUDIT-API.md`, which contains a
comprehensive audit of the Go library and CLI APIs. The audit covers
API design, consistency, and best practices, and provides
recommendations for improvement.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit introduces a comprehensive test audit report for the Enchantrix project. The report, `AUDIT-TESTING.md`, provides a detailed analysis of the current state of testing, including:
- **Coverage Analysis:** A breakdown of line and branch coverage, highlighting untested code paths.
- **Test Quality:** An evaluation of test independence, clarity, and reliability.
- **Missing Tests:** Identification of gaps in edge case, error path, and performance testing.
- **Anti-Patterns:** A review of common anti-patterns found in the test suite.
- **Suggested Tests:** A list of actionable recommendations for improving test coverage and quality.
This audit serves as a baseline for future improvements to the project's test suite and overall code quality.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
- Updated Go version to 1.25.3 in go.mod and go.work to patch standard library vulnerabilities.
- Explicitly required github.com/cloudflare/circl v1.6.1 in go.mod to resolve a transitive dependency vulnerability.
- Created AUDIT-DEPENDENCIES.md to document the audit findings and remediation steps.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit introduces a new file, AUDIT-COMPLEXITY.md, which contains a detailed audit of the codebase for code complexity and maintainability issues.
The audit identifies the following issues:
- Code duplication in cmd/trix/main.go
- Long methods in pkg/trix/trix.go
- High cognitive complexity in pkg/crypt/crypt.go
- Encapsulation issues in pkg/crypt/std/lthn/lthn.go
For each issue, the audit provides a detailed explanation, a recommended refactoring approach with code examples, and the design pattern to be applied.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit adds a new file, AUDIT-OWASP.md, which contains a comprehensive security audit of the codebase based on the OWASP Top 10 vulnerabilities. The audit identifies several critical and high-risk issues, including the use of weak hashing algorithms, vulnerable dependencies, and insecure deserialization in the .trix file format.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit adds a security audit report that analyzes the input validation and sanitization of the application. The report identifies several potential vulnerabilities, including a lack of JSON schema validation, a potential decompression bomb, and insufficient path validation. It also provides specific remediation recommendations with code examples.
The report is saved in AUDIT-INPUT-VALIDATION.md.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit adds a new file, AUDIT-ERROR-HANDLING.md, to the root of the repository.
This report contains a comprehensive audit of the project's error handling and logging practices, following the checklist provided in the original request. It analyzes the current state of error propagation, user-facing error messages, and the complete lack of a logging framework.
The audit concludes with recommendations to:
- Implement a structured logging library in the `trix` CLI.
- Improve user-facing error messages to be more helpful and less revealing of internal implementation details.
- Use error wrapping more consistently to provide better context for debugging.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit adds a security audit report to the repository. The report summarizes the findings of a security audit that was conducted on the codebase.
The audit involved both manual review and automated scanning of the entire repository. No exposed secrets or configuration vulnerabilities were found.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
This commit adds the AUDIT-AUTH.md file, which contains the results of a security audit focused on authentication and authorization.
The audit found that the Enchantrix codebase, being a data transformation and encryption library, does not contain any user authentication or authorization mechanisms. Therefore, the report concludes that the audit scope is not applicable.
Co-authored-by: Snider <631881+Snider@users.noreply.github.com>
Implements ChaChaPolySigil that applies pre-obfuscation before sending
data to CPU encryption routines. This ensures raw plaintext is never
passed directly to encryption functions.
Key improvements:
- XORObfuscator and ShuffleMaskObfuscator for pre-encryption transforms
- Nonce is now properly embedded in ciphertext, not stored separately
in headers (production-ready, not demo-style)
- Trix crypto integration with EncryptPayload/DecryptPayload methods
- Comprehensive test coverage following Good/Bad/Ugly pattern
- Add `SymmetricallyDecrypt` to `pkg/crypt/std/pgp`.
- Add validation for empty passphrases in `SymmetricallyEncrypt` and `SymmetricallyDecrypt`.
- Refactor `pkg/crypt/std/pgp/pgp.go` to use package-level variables for `openpgp` functions to enable mocking.
- Add comprehensive tests in `pkg/crypt/std/pgp/pgp_test.go` to cover error paths using mocks, achieving 100% coverage.
- Remove practically unreachable error check in `GenerateKeyPair` for `SignUserId` (as `NewEntity` guarantees validity).
Adds comprehensive docstrings and runnable examples to all public APIs in the `crypt`, `enchantrix`, and `trix` packages. This change is intended to bring the project's documentation to a production-ready standard and to provide high-quality, verifiable examples for the official Go documentation website.
This commit refactors the test suites for the `crypt` and `enchantrix` packages to follow the "Good, Bad, Ugly" testing methodology.
- `_Good` tests cover the ideal "happy path" scenarios.
- `_Bad` tests cover expected failure scenarios with well-formed but invalid inputs.
- `_Ugly` tests cover malicious or malformed inputs designed to cause crashes or panics.
This change improves test coverage and ensures that the codebase is more robust and resilient to unexpected inputs.
Increases the test coverage of the project to over 90%.
- Increases the test coverage of the `cmd/trix` package from 82.3% to 83.3%.
- Increases the test coverage of the `pkg/crypt/std/pgp` package from 84.0% to over 90%.
- Adds tests for error paths and edge cases in `cmd/trix` and `pkg/crypt/std/pgp`.
Increases the test coverage of the project.
- Increases the test coverage of the `cmd/trix` package from 78.1% to 82.3%.
- Increases the test coverage of the `pkg/crypt/std/pgp` package from 76.5% to 84.0%.
- Adds tests for error paths and edge cases in `cmd/trix` and `pkg/crypt/std/pgp`.
Improves the test coverage of the project and adds examples for coverage reports.
- Increases the test coverage of the `cmd/trix` package from 67.7% to 78.1%.
- Increases the test coverage of the `pkg/crypt` package from 96.2% to 98.7%.
- Adds tests for the `examples` to ensure they run without errors.
- Adds a new example that demonstrates how to generate and interpret a coverage report.
Adds a comprehensive set of examples to demonstrate the library's features.
- Breaks out the existing `examples/main.go` into separate, well-named files.
- Adds new examples for hashing, checksums, RSA, and PGP.
- The PGP examples cover key generation, encryption/decryption, signing/verification, and symmetric encryption.
- Removes the old `examples/main.go` file and formats the new example files.
Increases the test coverage of the project from 85.5% to 89.2%.
- Adds tests for the `IsHashAlgo` function and PGP functions in `pkg/crypt`.
- Adds tests for the `main` function and command handlers in `cmd/trix`.
- Improves the overall test coverage of the `cmd/trix` package from 26.0% to 67.7%.
- Improves the overall test coverage of the `pkg/crypt` package from 78.2% to 96.2%.
