Stian/Shade
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

release(v4.0.0): Shade GA — V3.x consolidation + audit prep
Some checks failed
Test / test (push) Has been cancelled
Details
Cross-platform vectors / TypeScript vectors (bun) (push) Has been cancelled
Details
Cross-platform vectors / Kotlin vectors (gradle) (push) Has been cancelled
Details
Docker build and publish / docker (push) Has been cancelled
Details
Publish / publish (push) Has been cancelled
Details

Browse Source 
V3.1 → V3.12 consolidated and tagged for the first GA release. Wire
format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers
byte-for-byte. The version bump is semantic: audit-cycle complete,
opt-in surface fully exposed, threat model refreshed for every new
surface.

Highlights:
- All 24 @shade/* packages bumped to 4.0.0 in lockstep.
- CHANGELOG 4.0.0 section is the canonical manifest of what landed.
- THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12
  Web-Worker boundary) + residual-risks table refreshed.
- OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox,
  bridge, observer, /metrics, /healthz, /ready.
- MIGRATION 0.3.x → 4.0 documented + smoke-tested against
  shade migrate-storage on a real SQLite DB.
- docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer.
- scripts/soak.ts harness for the GA-stable 2-week soak window.
- All V*.md plans archived under docs/archive/ with Status: Done.
- Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen
  non-realtime stack.

Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green.
Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports
  version 4.0.0 on /health.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Sterister
2026-05-03 18:35:35 +02:00
parent 8b055912b7
commit e6fdf31b49
298 changed files with 37909 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
test-vectors/group.json Normal file
View File

@@ -0,0 +1,28 @@
{
"version": 2,
"vectors": [
{
"description": "Sender header AAD: u16_be(gLen) || g || u16_be(sLen) || s || u32_be(iter)",
"groupId": "group:42",
"senderAddress": "alice@example.com",
"iteration": 5,
"aad": "000867726f75703a34320011616c696365406578616d706c652e636f6d00000005"
},
{
"description": "Sender-key step: kdfChainKey + deterministic AES-GCM + Ed25519 sign(aad || ct)",
"chainKey": "9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b9b",
"groupId": "group:42",
"senderAddress": "alice@example.com",
"iteration": 5,
"plaintext": "68656c6c6f2067726f7570",
"nonce": "7d7d7d7d7d7d7d7d7d7d7d7d",
"signingPrivateKey": "9d61b19deffd5a60ba844af492ec2cc44449c5697b326919703bac031cae7f60",
"signingPublicKey": "d75a980182b10ab7d54bfed3c964073a0ee172f3daa62325af021a68f707511a",
"newChainKey": "2c0682d93e1a4a746afc72507774ce592f9730e64435e8503fb8dff9f0372e11",
"messageKey": "dc53b8b0848902f22d548e84a7daf779ff3695f42ee6caa8c4ebac4d70907354",
"aad": "000867726f75703a34320011616c696365406578616d706c652e636f6d00000005",
"ciphertext": "415321ea34c712b032779852d8d834b9bd4d7bf7e982514f73031f",
"signature": "05a860496422e5267818a773e8ba74eac75e3ed0120f4fe2662b782888a74ceadcc57d77a68b7870ca5ad9cf66822e46598b527fc6428d4db11014adff18630a"
}
]
}