go-crypt

No description

Find a file

Snider 9331fc6eac test(phase0): expand test coverage, security audit, and benchmarks Add 29 new tests across auth/, crypt/, and trust/ packages: - auth: concurrent sessions, token uniqueness, challenge expiry boundary, empty password, long/unicode usernames, air-gapped round-trip, expired refresh - crypt: wrong passphrase, empty/large plaintext, KDF determinism, HKDF info separation, checksum edge cases - trust: concurrent registry operations, tier validation, token expiry boundary, empty ScopedRepos behaviour, unknown capabilities Add benchmark suites: - crypt: Argon2, ChaCha20, AES-GCM, HMAC (1KB/1MB payloads) - trust: PolicyEvaluate (100 agents), RegistryGet, RegistryRegister Security audit documented in FINDINGS.md: - F1: LTHN hash used for password verification (medium) - F2: PGP private keys not zeroed after use (low, upstream limitation) - F3: Empty ScopedRepos bypasses repo scope check (medium) - F4: go vet clean, no math/rand, no secrets in error messages All tests pass with -race. go vet clean. Co-Authored-By: Virgil <virgil@lethean.io> Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>		2026-02-20 01:14:41 +00:00
auth	test(phase0): expand test coverage, security audit, and benchmarks	2026-02-20 01:14:41 +00:00
crypt	test(phase0): expand test coverage, security audit, and benchmarks	2026-02-20 01:14:41 +00:00
trust	test(phase0): expand test coverage, security audit, and benchmarks	2026-02-20 01:14:41 +00:00
CLAUDE.md	docs: add domain expert guide, task queue, and research notes	2026-02-20 00:58:58 +00:00
FINDINGS.md	test(phase0): expand test coverage, security audit, and benchmarks	2026-02-20 01:14:41 +00:00
go.mod	feat: extract crypto/security packages from core/go	2026-02-16 15:25:54 +00:00
go.sum	feat: extract crypto/security packages from core/go	2026-02-16 15:25:54 +00:00
TODO.md	test(phase0): expand test coverage, security audit, and benchmarks	2026-02-20 01:14:41 +00:00