docs: M-Hard 9-11 — README, examples, CI, benchmarks, migration guide
M-Hard 9: Documentation + examples
- README.md, SECURITY.md, THREAT-MODEL.md
- 5 runnable examples: basic conversation, prekey server,
WebSocket tunnel, identity verification, Dokploy deployment
M-Hard 10: CI + publishing + benchmarks
- GitHub Actions: test workflow with PostgreSQL service container
- GitHub Actions: publish workflow for npm releases on git tags
- Benchmark suite (bench/run.ts) with markdown output
- LICENSE (MIT), CHANGELOG.md, CONTRIBUTING.md
M-Hard 11: Migration guide
- MIGRATION.md with three-phase rollout strategy
- Concrete examples for replacing static AES tunnels
- Concrete examples for per-device push notification migration
- Sections for Orchestrator and Nova migrations
Benchmark highlights:
- AES-256-GCM: ~100K ops/sec
- Encrypt+decrypt roundtrip: ~17K ops/sec
- X3DH handshake: ~165 ops/sec (hardware acceleration limited)
- Compute fingerprint: ~76K ops/sec
All 11 M-Hard milestones complete. 193 tests passing, 0 failures.
Shade is production-ready.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 17:58:30 +02:00
# Shade
End-to-end encryption library implementing the Signal Protocol (X3DH + Double Ratchet) for TypeScript/Bun. Drop into any project — frontend, backend, mobile — to get forward secrecy, post-compromise recovery, and self-healing security.
## What you get
- **X3DH** initial key agreement (works asynchronously via prekey bundles)
- **Double Ratchet** for per-message forward secrecy and post-compromise security
- **Self-authenticated prekey server** (Hono, Docker-ready) with rate limiting, metrics, health checks
- **Persistent storage backends**: SQLite (zero-config) and PostgreSQL (Drizzle)
- **Identity rotation** with grace period for old sessions
- **Safety numbers** (Signal-style fingerprints) for out-of-band verification
- **Constant-time comparisons** and **memory zeroization ** for hardened operation
- **Binary wire format** that's significantly smaller than JSON
- **Crash-safe** — sessions survive container restarts, power outages, SIGKILL
feat(observer): M-Obs 4-7 — widgets, dashboard, docs, integration example
M-Obs 4: @shade/widgets React library
- ShadeProvider context with observer URL + token + theme
- useShadeState (polling) + useShadeEvents (SSE) hooks
- 7 widgets: IdentityCard, SessionList, PrekeyStock, RecentActivity,
ServerStatus, FingerprintCompare, WidgetCatalog (meta-widget for
user-selectable layout with localStorage persistence)
- Self-contained CSS via inline styles, no external CSS conflicts
- Light/dark/auto theme via tokens
M-Obs 5: @shade/dashboard standalone SPA
- Vite + React app composing all widgets into a full debugger layout
- Login screen with token persistence to localStorage
- Build script copies dist/ to @shade/observer/dist/ for embedded serving
- 211 KB JS bundle (66 KB gzipped)
M-Obs 6: Documentation + integration example
- READMEs for @shade/observer and @shade/widgets
- examples/06-observer-dashboard runnable demo: spins up prekey server +
observer, runs Alice ↔ Bob conversation loop, dashboard at :3901
- Updated root README and docker-compose.yml with observer integration
M-Obs 7: End-to-end verification
- StateAggregator now drains buffered events on subscription, so
identity.initialized fires before observer construction are still seen
- Verified live: snapshot endpoint returns full state, dashboard serves,
401 without auth, sessions/messages/ratchet steps all tracked
220 tests passing, 0 failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 19:00:21 +02:00
- **Live observability** — bundled dashboard SPA + embeddable React widgets to see what's happening between every step
docs: M-Hard 9-11 — README, examples, CI, benchmarks, migration guide
M-Hard 9: Documentation + examples
- README.md, SECURITY.md, THREAT-MODEL.md
- 5 runnable examples: basic conversation, prekey server,
WebSocket tunnel, identity verification, Dokploy deployment
M-Hard 10: CI + publishing + benchmarks
- GitHub Actions: test workflow with PostgreSQL service container
- GitHub Actions: publish workflow for npm releases on git tags
- Benchmark suite (bench/run.ts) with markdown output
- LICENSE (MIT), CHANGELOG.md, CONTRIBUTING.md
M-Hard 11: Migration guide
- MIGRATION.md with three-phase rollout strategy
- Concrete examples for replacing static AES tunnels
- Concrete examples for per-device push notification migration
- Sections for Orchestrator and Nova migrations
Benchmark highlights:
- AES-256-GCM: ~100K ops/sec
- Encrypt+decrypt roundtrip: ~17K ops/sec
- X3DH handshake: ~165 ops/sec (hardware acceleration limited)
- Compute fingerprint: ~76K ops/sec
All 11 M-Hard milestones complete. 193 tests passing, 0 failures.
Shade is production-ready.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 17:58:30 +02:00
## Quick start
```bash
# In your project
bun add @shade/core @shade/crypto -web @shade/storage -sqlite
```
```ts
import { ShadeSessionManager } from '@shade/core ';
import { SubtleCryptoProvider } from '@shade/crypto -web';
import { SQLiteStorage } from '@shade/storage -sqlite';
const crypto = new SubtleCryptoProvider();
const storage = new SQLiteStorage('/data/shade-client.db');
const manager = new ShadeSessionManager(crypto, storage);
await manager.initialize();
// Establish a session with a peer (after fetching their bundle)
await manager.initSessionFromBundle('bob', bobBundle);
// Encrypt
const envelope = await manager.encrypt('bob', 'Hello, encrypted world!');
// Decrypt
const plaintext = await manager.decrypt('alice', incomingEnvelope);
```
## Architecture
```
Shade Prekey Server (Hono)
│
POST /v1/keys/register (signed)
GET /v1/keys/bundle/:address
POST /v1/keys/replenish (signed)
DELETE /v1/keys/:address (signed)
│
┌─────────────────────┴─────────────────────┐
│ │
[Client A] [Client B]
ShadeSessionManager ShadeSessionManager
│ │
├──── X3DH ────────────────────────────────►│
│ │
│◄──── Double Ratchet messages ────────────►│
│ │
SQLiteStorage / PostgresStorage SQLiteStorage / PostgresStorage
```
## Packages
| Package | Purpose |
|---------|---------|
feat(observer): M-Obs 4-7 — widgets, dashboard, docs, integration example
M-Obs 4: @shade/widgets React library
- ShadeProvider context with observer URL + token + theme
- useShadeState (polling) + useShadeEvents (SSE) hooks
- 7 widgets: IdentityCard, SessionList, PrekeyStock, RecentActivity,
ServerStatus, FingerprintCompare, WidgetCatalog (meta-widget for
user-selectable layout with localStorage persistence)
- Self-contained CSS via inline styles, no external CSS conflicts
- Light/dark/auto theme via tokens
M-Obs 5: @shade/dashboard standalone SPA
- Vite + React app composing all widgets into a full debugger layout
- Login screen with token persistence to localStorage
- Build script copies dist/ to @shade/observer/dist/ for embedded serving
- 211 KB JS bundle (66 KB gzipped)
M-Obs 6: Documentation + integration example
- READMEs for @shade/observer and @shade/widgets
- examples/06-observer-dashboard runnable demo: spins up prekey server +
observer, runs Alice ↔ Bob conversation loop, dashboard at :3901
- Updated root README and docker-compose.yml with observer integration
M-Obs 7: End-to-end verification
- StateAggregator now drains buffered events on subscription, so
identity.initialized fires before observer construction are still seen
- Verified live: snapshot endpoint returns full state, dashboard serves,
401 without auth, sessions/messages/ratchet steps all tracked
220 tests passing, 0 failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 19:00:21 +02:00
| `@shade/core` | Protocol logic (X3DH, Double Ratchet, session manager, errors, events) |
docs: M-Hard 9-11 — README, examples, CI, benchmarks, migration guide
M-Hard 9: Documentation + examples
- README.md, SECURITY.md, THREAT-MODEL.md
- 5 runnable examples: basic conversation, prekey server,
WebSocket tunnel, identity verification, Dokploy deployment
M-Hard 10: CI + publishing + benchmarks
- GitHub Actions: test workflow with PostgreSQL service container
- GitHub Actions: publish workflow for npm releases on git tags
- Benchmark suite (bench/run.ts) with markdown output
- LICENSE (MIT), CHANGELOG.md, CONTRIBUTING.md
M-Hard 11: Migration guide
- MIGRATION.md with three-phase rollout strategy
- Concrete examples for replacing static AES tunnels
- Concrete examples for per-device push notification migration
- Sections for Orchestrator and Nova migrations
Benchmark highlights:
- AES-256-GCM: ~100K ops/sec
- Encrypt+decrypt roundtrip: ~17K ops/sec
- X3DH handshake: ~165 ops/sec (hardware acceleration limited)
- Compute fingerprint: ~76K ops/sec
All 11 M-Hard milestones complete. 193 tests passing, 0 failures.
Shade is production-ready.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 17:58:30 +02:00
| `@shade/crypto-web` | SubtleCrypto + @noble/curves provider, in-memory storage |
| `@shade/storage-sqlite` | Persistent SQLite storage (zero-config, bun:sqlite) |
| `@shade/storage-postgres` | PostgreSQL storage with Drizzle for shared databases |
| `@shade/server` | Prekey server (Hono routes, auth, rate limit, health, metrics) |
| `@shade/transport` | HTTP + WebSocket transport wrappers with auto-encryption |
| `@shade/proto` | Compact binary wire format (smaller than JSON) |
feat(observer): M-Obs 4-7 — widgets, dashboard, docs, integration example
M-Obs 4: @shade/widgets React library
- ShadeProvider context with observer URL + token + theme
- useShadeState (polling) + useShadeEvents (SSE) hooks
- 7 widgets: IdentityCard, SessionList, PrekeyStock, RecentActivity,
ServerStatus, FingerprintCompare, WidgetCatalog (meta-widget for
user-selectable layout with localStorage persistence)
- Self-contained CSS via inline styles, no external CSS conflicts
- Light/dark/auto theme via tokens
M-Obs 5: @shade/dashboard standalone SPA
- Vite + React app composing all widgets into a full debugger layout
- Login screen with token persistence to localStorage
- Build script copies dist/ to @shade/observer/dist/ for embedded serving
- 211 KB JS bundle (66 KB gzipped)
M-Obs 6: Documentation + integration example
- READMEs for @shade/observer and @shade/widgets
- examples/06-observer-dashboard runnable demo: spins up prekey server +
observer, runs Alice ↔ Bob conversation loop, dashboard at :3901
- Updated root README and docker-compose.yml with observer integration
M-Obs 7: End-to-end verification
- StateAggregator now drains buffered events on subscription, so
identity.initialized fires before observer construction are still seen
- Verified live: snapshot endpoint returns full state, dashboard serves,
401 without auth, sessions/messages/ratchet steps all tracked
220 tests passing, 0 failures.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 19:00:21 +02:00
| `@shade/observer` | Live debugger backend (snapshot, SSE, dashboard) — see [README ](./packages/shade-observer/README.md ) |
| `@shade/widgets` | Embeddable React widgets — see [README ](./packages/shade-widgets/README.md ) |
| `@shade/dashboard` | Standalone dashboard SPA bundled into the observer |
docs: M-Hard 9-11 — README, examples, CI, benchmarks, migration guide
M-Hard 9: Documentation + examples
- README.md, SECURITY.md, THREAT-MODEL.md
- 5 runnable examples: basic conversation, prekey server,
WebSocket tunnel, identity verification, Dokploy deployment
M-Hard 10: CI + publishing + benchmarks
- GitHub Actions: test workflow with PostgreSQL service container
- GitHub Actions: publish workflow for npm releases on git tags
- Benchmark suite (bench/run.ts) with markdown output
- LICENSE (MIT), CHANGELOG.md, CONTRIBUTING.md
M-Hard 11: Migration guide
- MIGRATION.md with three-phase rollout strategy
- Concrete examples for replacing static AES tunnels
- Concrete examples for per-device push notification migration
- Sections for Orchestrator and Nova migrations
Benchmark highlights:
- AES-256-GCM: ~100K ops/sec
- Encrypt+decrypt roundtrip: ~17K ops/sec
- X3DH handshake: ~165 ops/sec (hardware acceleration limited)
- Compute fingerprint: ~76K ops/sec
All 11 M-Hard milestones complete. 193 tests passing, 0 failures.
Shade is production-ready.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 17:58:30 +02:00
## Security properties
| Property | Description |
|----------|-------------|
| **Forward secrecy ** | Compromising a key cannot decrypt past messages |
| **Post-compromise security ** | Self-heals after key compromise on next DH ratchet |
| **Authentication ** | Ed25519 identity signatures on prekey server writes |
| **Replay protection ** | ±5 minute timestamp window on signed requests |
| **Constant-time comparisons ** | Timing attacks on identity keys are blocked |
| **Memory zeroization ** | Key material is zeroed after use (best-effort in JS) |
| **Identity verification ** | Safety numbers (60 digits) for out-of-band comparison |
| **Identity rotation ** | 7-day grace period for old sessions during rotation |
## Documentation
- [SECURITY.md ](./SECURITY.md ) — Reporting vulnerabilities, security policy
- [THREAT-MODEL.md ](./THREAT-MODEL.md ) — Honest threat model and assumptions
- [examples/ ](./examples/ ) — Runnable example applications
- [MIGRATION.md ](./MIGRATION.md ) — How to replace existing crypto with Shade
## Deployment
For containerized deployment (Docker/Dokploy):
```yaml
services:
shade-prekey:
image: shade-prekey-server:latest
ports:
- "3900:3900"
volumes:
- shade-data:/data
environment:
- SHADE_PREKEY_DB_PATH=/data/shade-prekeys.db
volumes:
shade-data:
```
The SQLite database persists to a Docker volume so all keys and prekey bundles survive restarts.
## License
MIT
