release(v4.0.0): Shade GA — V3.x consolidation + audit prep

V3.1 → V3.12 consolidated and tagged for the first GA release. Wire format unchanged from 0.4.x — 4.0 peers interoperate with 0.4.x peers byte-for-byte. The version bump is semantic: audit-cycle complete, opt-in surface fully exposed, threat model refreshed for every new surface. Highlights: - All 24 @shade/* packages bumped to 4.0.0 in lockstep. - CHANGELOG 4.0.0 section is the canonical manifest of what landed. - THREAT-MODEL extended (§10 fingerprint gates, §11 WebRTC P2P, §12 Web-Worker boundary) + residual-risks table refreshed. - OpenAPI now covers all 27 routes: prekey, transfer, KT, inbox, bridge, observer, /metrics, /healthz, /ready. - MIGRATION 0.3.x → 4.0 documented + smoke-tested against shade migrate-storage on a real SQLite DB. - docs/audit/REVIEW-BUNDLE.md + SCOPE.md ready for external reviewer. - scripts/soak.ts harness for the GA-stable 2-week soak window. - All V*.md plans archived under docs/archive/ with Status: Done. - Voice/Video carved out into V5.0; 4.0 audit focuses on the frozen non-realtime stack. Tests: TS 1000/1000 + Kotlin 11/11 cross-platform vectors green. Docker: gt.zyon.no/stian/shade-prekey:4.0.0 builds and reports version 4.0.0 on /health. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 18:35:35 +02:00
parent 8b055912b7
commit e6fdf31b49
298 changed files with 37909 additions and 256 deletions
--- a/test-vectors/storage-encryption.json
+++ b/test-vectors/storage-encryption.json
@@ -0,0 +1,60 @@
+{
+  "version": "shade-storage-v1",
+  "description": "At-rest storage encryption test vectors. Cross-implementation parity check for V3.2 (TS) and V3.5 (Android).",
+  "kdf": {
+    "scrypt": {
+      "passphrase": "correct-horse-battery-staple",
+      "salt_hex": "00112233445566778899aabbccddeeff",
+      "N": 1024,
+      "r": 8,
+      "p": 1,
+      "dkLen": 32,
+      "expected_master_key_hex": "aee2dc14f3a46c563f8906a9c8777f167c868dc06015a983fdf2dbba078a3597"
+    },
+    "hkdf_storage_key": {
+      "info": "shade-storage-v1",
+      "master_key_hex": "0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f20",
+      "expected_storage_key_hex": "059a250e15aa02952ab977f441e217cfcd4a6d9be8b51cf93d001a90eeb6accc"
+    },
+    "hkdf_field_key": {
+      "info_template": "shade-field-v1:{table}:{column}",
+      "storage_key_hex_filled_with": "ab",
+      "expected_field_key_hex_for_sessions_session": "cbe428b4e8be2d7c4cd707dbac7e02881f2da34ee5b00bdc9bc1ebf2f096087a",
+      "samples": [
+        { "table": "sessions",          "column": "session" },
+        { "table": "identity",          "column": "identity" },
+        { "table": "trusted_identities","column": "trusted_identity" }
+      ]
+    },
+    "deterministic_nonce": {
+      "info_template": "shade-row-nonce-v1:{table}:{pk}",
+      "row_key_hex_filled_with": "cd",
+      "expected_nonce_hex_for_sessions_alice": "f72f291a2d3cd0ba652b60c5",
+      "samples": [
+        { "table": "sessions", "pk": "alice" },
+        { "table": "sessions", "pk": "bob"   },
+        { "table": "identity", "pk": "1"     }
+      ]
+    }
+  },
+  "aead": {
+    "algorithm": "AES-256-GCM",
+    "wire_format": "nonce(12) || ciphertext || tag(16)",
+    "aad_template": "shade-aad-v1|{table}|{column}|{pk}",
+    "round_trips": [
+      {
+        "table": "sessions",
+        "column": "session",
+        "pk": "alice",
+        "plaintext_utf8": "{\"rootKey\":\"AAAA\"}"
+      },
+      {
+        "table": "identity",
+        "column": "identity",
+        "pk": "1",
+        "plaintext_utf8": "{\"signingPublicKey\":\"BBBB\"}"
+      }
+    ]
+  },
+  "_note": "Fields marked RUNTIME are computed by the test harness in packages/shade-storage-encrypted/tests/test-vectors.test.ts. Android (V3.5) consumes the same JSON and must produce byte-identical KDF outputs."
+}