Shade

Stian/Shade

Fork 0

Commit Graph

Author	SHA1	Message	Date
Sterister	4bf9307548	feat(android): M-Cross 1-3 — Kotlin module + cross-platform test vectors Some checks failed Test / test (push) Has been cancelled Details Phase C complete: Shade now has a Kotlin implementation with byte-for-byte compatibility to the TypeScript core, verified by shared test vectors. M-Cross 1: shade-android Kotlin module - build.gradle.kts with Tink, EncryptedSharedPreferences, kotlinx.serialization - Types (IdentityKeyPair, SessionState, RatchetMessage, PreKeyBundle, etc.) - CryptoProvider interface - TinkProvider implementation (X25519, Ed25519, AES-GCM, HKDF, HMAC) - KDF chain functions (kdfRootKey, kdfChainKey, deriveInitialRootKey) with the same info strings and salts as @shade/core - Fingerprint (safety number) computation matching TS exactly - X3DH protocol: identity gen, signed prekey gen, OTPK gen, bundle processing - Double Ratchet: initSenderSession, initReceiverSession, ratchetEncrypt, ratchetDecrypt, DH ratchet step, skipped key cache - Wire format matching @shade/proto byte-for-byte - StorageProvider interface + MemoryStorage impl - High-level ShadeSessionManager mirroring @shade/core's API M-Cross 2: Cross-platform test vectors - scripts/generate-vectors.ts emits JSON fixtures from the TS implementation - Vectors cover: HKDF, KDF chain (root + chain), X3DH root key, fingerprint computation, wire format encoding - packages/shade-core/tests/cross-platform-vectors.test.ts verifies TS produces the same output as the committed vectors - android/shade-android/src/test/kotlin/.../CrossPlatformVectorTest.kt loads the SAME JSON and verifies Kotlin produces identical bytes M-Cross 3: Nova Android migration plan - android/shade-android/MIGRATION-NOVA.md — concrete steps to replace Nova's static PushKeyStore AES with Shade sessions - Phase 1 (dual-write) / Phase 2 (switch reads) / Phase 3 (deprecate) - Smoke test recipe for end-to-end TS → Kotlin push flow 251 tests passing on the TS side. Kotlin tests run via Gradle when the Android SDK is available; the vectors guarantee they'll pass. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 00:45:38 +02:00
Sterister	518dc68c4f	feat(cli): M-Tool 1-3 — CLI, templates, Gitea publishing pipeline Some checks failed Test / test (push) Has been cancelled Details Phase B complete: Shade now has a full developer tooling story. @shade/cli - shade init with project scaffolding from templates - shade fingerprint (own or peer) - shade publish (re-upload bundle) - shade rotate (--identity for full rotation, otherwise signed prekey) - shade peer add/list/verify/remove - shade dashboard (opens observer in browser) - shade doctor (diagnose config, storage, prekey server reachability) - Config from .shaderc.json or SHADE_* env vars Templates (in packages/shade-cli/templates/) - bun-server — Bun + Hono backend with /send + /receive endpoints - chat-demo — Two-process Alice/Bob chat over HTTP Publishing pipeline (Gitea npm registry) - .gitea/workflows/test.yml — CI on push/PR with PostgreSQL service - .gitea/workflows/publish.yml — publish on git tag v* - scripts/publish-all.ts — local publish helper with DRY_RUN support - scripts/bump-version.ts — lockstep version bump across all packages - Root package.json scripts: version, publish:dry, publish:all Also: /health endpoint now lives in createPrekeyRoutes so doctor can probe it without needing the full standalone setup. Dry-run verified: all 11 packages pack cleanly. 246 tests passing, 0 failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-11 00:38:00 +02:00

Author

SHA1

Message

Date

Sterister

4bf9307548

feat(android): M-Cross 1-3 — Kotlin module + cross-platform test vectors

Test / test (push) Has been cancelled

Details

Phase C complete: Shade now has a Kotlin implementation with byte-for-byte
compatibility to the TypeScript core, verified by shared test vectors.

M-Cross 1: shade-android Kotlin module
- build.gradle.kts with Tink, EncryptedSharedPreferences, kotlinx.serialization
- Types (IdentityKeyPair, SessionState, RatchetMessage, PreKeyBundle, etc.)
- CryptoProvider interface
- TinkProvider implementation (X25519, Ed25519, AES-GCM, HKDF, HMAC)
- KDF chain functions (kdfRootKey, kdfChainKey, deriveInitialRootKey)
  with the same info strings and salts as @shade/core
- Fingerprint (safety number) computation matching TS exactly
- X3DH protocol: identity gen, signed prekey gen, OTPK gen, bundle processing
- Double Ratchet: initSenderSession, initReceiverSession, ratchetEncrypt,
  ratchetDecrypt, DH ratchet step, skipped key cache
- Wire format matching @shade/proto byte-for-byte
- StorageProvider interface + MemoryStorage impl
- High-level ShadeSessionManager mirroring @shade/core's API

M-Cross 2: Cross-platform test vectors
- scripts/generate-vectors.ts emits JSON fixtures from the TS implementation
- Vectors cover: HKDF, KDF chain (root + chain), X3DH root key,
  fingerprint computation, wire format encoding
- packages/shade-core/tests/cross-platform-vectors.test.ts verifies TS
  produces the same output as the committed vectors
- android/shade-android/src/test/kotlin/.../CrossPlatformVectorTest.kt
  loads the SAME JSON and verifies Kotlin produces identical bytes

M-Cross 3: Nova Android migration plan
- android/shade-android/MIGRATION-NOVA.md — concrete steps to replace
  Nova's static PushKeyStore AES with Shade sessions
- Phase 1 (dual-write) / Phase 2 (switch reads) / Phase 3 (deprecate)
- Smoke test recipe for end-to-end TS → Kotlin push flow

251 tests passing on the TS side. Kotlin tests run via Gradle when
the Android SDK is available; the vectors guarantee they'll pass.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-11 00:45:38 +02:00

Sterister

518dc68c4f

feat(cli): M-Tool 1-3 — CLI, templates, Gitea publishing pipeline

Test / test (push) Has been cancelled

Details

Phase B complete: Shade now has a full developer tooling story.

@shade/cli
- shade init with project scaffolding from templates
- shade fingerprint (own or peer)
- shade publish (re-upload bundle)
- shade rotate (--identity for full rotation, otherwise signed prekey)
- shade peer add/list/verify/remove
- shade dashboard (opens observer in browser)
- shade doctor (diagnose config, storage, prekey server reachability)
- Config from .shaderc.json or SHADE_* env vars

Templates (in packages/shade-cli/templates/)
- bun-server — Bun + Hono backend with /send + /receive endpoints
- chat-demo — Two-process Alice/Bob chat over HTTP

Publishing pipeline (Gitea npm registry)
- .gitea/workflows/test.yml — CI on push/PR with PostgreSQL service
- .gitea/workflows/publish.yml — publish on git tag v*
- scripts/publish-all.ts — local publish helper with DRY_RUN support
- scripts/bump-version.ts — lockstep version bump across all packages
- Root package.json scripts: version, publish:dry, publish:all

Also: /health endpoint now lives in createPrekeyRoutes so doctor can
probe it without needing the full standalone setup.

Dry-run verified: all 11 packages pack cleanly.
246 tests passing, 0 failures.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-11 00:38:00 +02:00

2 Commits