core/go-crypt
8
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions 2
57 commits 4 branches 18 tags 294 KiB
Commit graph

13 commits

Author SHA1 Message Date
Virgil
c9a7a6fb4b fix(trust): enforce scoped repository defaults
Some checks failed
Security Scan / security (push) Failing after 9s
Details
Test / test (push) Failing after 33s
Details
2026-03-30 10:42:05 +00:00
Virgil
86c68ad1c9 Merge pull request '[agent/codex:gpt-5.3-codex-spark] Read .core/reference/RFC-CORE-008-AGENT-EXPERIENCE.md (the A...' (#14) from main into dev
Some checks failed
Security Scan / security (push) Failing after 15s
Details
Test / test (push) Successful in 10m52s
Details
2026-03-29 15:26:33 +00:00
Virgil
e80ef94552 fix(crypt): align AX error handling and cleanup checks
Some checks failed
Security Scan / security (push) Failing after 10s
Details
Test / test (push) Failing after 9m7s
Details 
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-29 15:25:12 +00:00
Snider
62482c7dc9 refactor: migrate imports to dappco.re/go/core/* paths
Some checks failed
Security Scan / security (pull_request) Failing after 9s
Details
Test / test (pull_request) Failing after 8m29s
Details 
Update module path from forge.lthn.ai/core/go-crypt to
dappco.re/go/core/crypt. Migrate go-log, go-io, go-i18n imports to
their new dappco.re/go/core/* paths with updated versions (core v0.5.0,
log v0.1.0, io v0.2.0, i18n v0.2.0). Un-migrated modules (cli,
go-store, go-inference) remain at forge.lthn.ai paths.

Also fixes merge conflict marker and duplicate imports in
crypt/openpgp/service.go, and updates CLAUDE.md to reflect new paths.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-22 01:43:27 +00:00
Snider
36bf16b06e fix(coderabbit): address review findings
Some checks failed
Security Scan / security (pull_request) Failing after 8s
Details
Test / test (pull_request) Failing after 4m46s
Details 
- auth: prevent legacy .lthn fallback when .hash file exists but is
  unreadable or has unexpected format (security fix in verifyPassword
  and Login)
- chachapoly: wrap raw error returns in Decrypt with coreerr.E()
- trust: reject trailing data in LoadPolicies JSON decoder

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 13:32:21 +00:00
Snider
60de3e1943 refactor: replace remaining fmt.Errorf/os.* with go-io/go-log conventions
Some checks failed
Security Scan / security (push) Failing after 6s
Details
Test / test (push) Failing after 6m13s
Details 
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-16 20:50:38 +00:00
Snider
39643ddba0 fix: replace fmt.Errorf and errors.New with coreerr.E()
Some checks failed
Security Scan / security (push) Failing after 8s
Details
Test / test (push) Failing after 6m20s
Details 
Replace all fmt.Errorf/errors.New calls in auth/auth.go,
crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go,
and trust/trust.go with coreerr.E(op, msg, err) from go-log.
No stale pkg/framework imports found.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-16 18:19:51 +00:00
Claude
9e7a19243f
chore: fmt.Errorf(static) → errors.New
Some checks failed
Security Scan / security (pull_request) Failing after 15s
Details
Test / test (pull_request) Failing after 10m43s
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-24 16:30:08 +00:00
Snider
ee58e790a0 feat: modernise to Go 1.26 iterators and stdlib helpers
Some checks failed
Security Scan / security (push) Failing after 11s
Details
Test / test (push) Failing after 29s
Details 
Add iter.Seq iterators for trust registry (ListSeq), audit log
(EventsSeq, QuerySeq), and approval store (PendingSeq). Use
slices.DeleteFunc in session store, slices.SortFunc in testcmd,
range-over-int in benchmarks.

Co-Authored-By: Gemini <noreply@google.com>
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-23 05:47:13 +00:00
Snider
d6aa25c5bf refactor: apply go fix modernizers for Go 1.26 
Automated fixes: interface{} → any, range-over-int, t.Context(),
wg.Go(), strings.SplitSeq, strings.Builder, slices.Contains,
maps helpers, min/max builtins.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-22 21:00:16 +00:00
Snider
9b65defdd8 feat(trust): Phase 3 — approval workflow, audit log, dynamic policies, scope wildcards 
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-20 04:02:47 +00:00
Snider
9331fc6eac test(phase0): expand test coverage, security audit, and benchmarks 
Add 29 new tests across auth/, crypt/, and trust/ packages:
- auth: concurrent sessions, token uniqueness, challenge expiry boundary,
  empty password, long/unicode usernames, air-gapped round-trip, expired refresh
- crypt: wrong passphrase, empty/large plaintext, KDF determinism, HKDF info
  separation, checksum edge cases
- trust: concurrent registry operations, tier validation, token expiry boundary,
  empty ScopedRepos behaviour, unknown capabilities

Add benchmark suites:
- crypt: Argon2, ChaCha20, AES-GCM, HMAC (1KB/1MB payloads)
- trust: PolicyEvaluate (100 agents), RegistryGet, RegistryRegister

Security audit documented in FINDINGS.md:
- F1: LTHN hash used for password verification (medium)
- F2: PGP private keys not zeroed after use (low, upstream limitation)
- F3: Empty ScopedRepos bypasses repo scope check (medium)
- F4: go vet clean, no math/rand, no secrets in error messages

All tests pass with -race. go vet clean.

Co-Authored-By: Virgil <virgil@lethean.io>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 01:14:41 +00:00
Claude
8498ecf890
feat: extract crypto/security packages from core/go 
ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP
challenge-response auth, and trust tier policy engine.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 15:25:54 +00:00