core/go-crypt
8
0
Fork 0
Code Issues 5 Pull requests 1 Projects Releases Packages Wiki Activity Actions
49 commits 4 branches 18 tags 294 KiB
Commit graph

12 commits

Author SHA1 Message Date
Snider
703dd4588c refactor: standardise coreerr import alias and fix shortenPackageName
Some checks failed
Security Scan / security (pull_request) Failing after 7s
Details
Test / test (pull_request) Successful in 11m55s
Details 
- CLAUDE.md: update error convention from core.E() to coreerr.E() to
  match actual codebase usage
- Standardise go-log import alias from `core` to `coreerr` across 6
  files (crypt/symmetric.go, crypt/kdf.go, crypt/crypt.go, crypt/hash.go,
  crypt/checksum.go, crypt/openpgp/service.go) for consistency with the
  11 files already using `coreerr`
- Fix shortenPackageName to handle all forge.lthn.ai/core/* module
  prefixes instead of only cli/ and gui/, fixing TestShortenPackageName

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-17 07:22:34 +00:00
Snider
eacbb025b3 fix(rsa): update test for Go 1.26 GenerateKey resilience
Some checks failed
Security Scan / security (push) Failing after 7s
Details
Test / test (push) Failing after 6m11s
Details 
Go 1.26 rsa.GenerateKey recovers from reader errors internally.
Test now verifies no panic instead of expecting an error.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-16 18:41:47 +00:00
Snider
39643ddba0 fix: replace fmt.Errorf and errors.New with coreerr.E()
Some checks failed
Security Scan / security (push) Failing after 8s
Details
Test / test (push) Failing after 6m20s
Details 
Replace all fmt.Errorf/errors.New calls in auth/auth.go,
crypt/pgp/pgp.go, crypt/rsa/rsa.go, crypt/chachapoly/chachapoly.go,
and trust/trust.go with coreerr.E(op, msg, err) from go-log.
No stale pkg/framework imports found.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-16 18:19:51 +00:00
Snider
e561e1ee1f security: use constant-time comparison for auth credentials
Some checks failed
Security Scan / security (push) Failing after 8s
Details
Test / test (push) Failing after 21s
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-09 08:27:38 +00:00
Snider
c7959ecfef refactor: swap pkg/framework imports to pkg/core
Some checks failed
Security Scan / security (push) Failing after 7s
Details
Test / test (push) Failing after 19s
Details 
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-06 14:11:09 +00:00
Snider
7468c38906 refactor: swap pkg/{io,log,i18n} imports to go-io/go-log/go-i18n
Some checks failed
Security Scan / security (push) Failing after 6s
Details
Test / test (push) Failing after 15s
Details 
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-03-06 12:35:41 +00:00
Claude
9e7a19243f
chore: fmt.Errorf(static) → errors.New
Some checks failed
Security Scan / security (pull_request) Failing after 15s
Details
Test / test (pull_request) Failing after 10m43s
Details 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-24 16:30:08 +00:00
Snider
ee58e790a0 feat: modernise to Go 1.26 iterators and stdlib helpers
Some checks failed
Security Scan / security (push) Failing after 11s
Details
Test / test (push) Failing after 29s
Details 
Add iter.Seq iterators for trust registry (ListSeq), audit log
(EventsSeq, QuerySeq), and approval store (PendingSeq). Use
slices.DeleteFunc in session store, slices.SortFunc in testcmd,
range-over-int in benchmarks.

Co-Authored-By: Gemini <noreply@google.com>
Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-23 05:47:13 +00:00
Claude
5ea42689d3
chore: migrate Snider deps from github.com to forge.lthn.ai 
Update Enchantrix reference in comment and dependency versions.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-22 21:41:49 +00:00
Snider
d6aa25c5bf refactor: apply go fix modernizers for Go 1.26 
Automated fixes: interface{} → any, range-over-int, t.Context(),
wg.Go(), strings.SplitSeq, strings.Builder, slices.Contains,
maps helpers, min/max builtins.

Co-Authored-By: Virgil <virgil@lethean.io>
 2026-02-22 21:00:16 +00:00
Snider
9331fc6eac test(phase0): expand test coverage, security audit, and benchmarks 
Add 29 new tests across auth/, crypt/, and trust/ packages:
- auth: concurrent sessions, token uniqueness, challenge expiry boundary,
  empty password, long/unicode usernames, air-gapped round-trip, expired refresh
- crypt: wrong passphrase, empty/large plaintext, KDF determinism, HKDF info
  separation, checksum edge cases
- trust: concurrent registry operations, tier validation, token expiry boundary,
  empty ScopedRepos behaviour, unknown capabilities

Add benchmark suites:
- crypt: Argon2, ChaCha20, AES-GCM, HMAC (1KB/1MB payloads)
- trust: PolicyEvaluate (100 agents), RegistryGet, RegistryRegister

Security audit documented in FINDINGS.md:
- F1: LTHN hash used for password verification (medium)
- F2: PGP private keys not zeroed after use (low, upstream limitation)
- F3: Empty ScopedRepos bypasses repo scope check (medium)
- F4: go vet clean, no math/rand, no secrets in error messages

All tests pass with -race. go vet clean.

Co-Authored-By: Virgil <virgil@lethean.io>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-20 01:14:41 +00:00
Claude
8498ecf890
feat: extract crypto/security packages from core/go 
ChaCha20-Poly1305, AES-256-GCM, Argon2 key derivation, OpenPGP
challenge-response auth, and trust tier policy engine.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-02-16 15:25:54 +00:00