Sterister
96a8c210b2
M-Hard 1: Cryptographic Hardening - constantTimeEqual, zeroize, randomUint32 on CryptoProvider - Fix Math.random() → crypto.randomUint32() for registrationId - Zero message keys and chain keys after use in ratchet.ts - Constant-time trust comparison in MemoryStorage + SQLiteStorage - Timing variance test catches early-exit regressions M-Hard 2: Self-Authenticated Prekey Server - Ed25519 signature verification on all write routes - signPayload/verifyPayload with canonical JSON, ±5 min replay window - Address validation (NFKC, alphanumeric + :_-.) - Global ShadeError → HTTP status mapping - ShadeFetchTransport signs requests when signingPrivateKey provided - Anonymous bundle fetches still allowed (read-only) M-Hard 3: Rate Limiting + DoS Protection - Token bucket rate limiter with pluggable store - Per-route limits: register 5/h/IP, fetch 60/min/IP, replenish 10/min/id - 64KB body size limit on POST - Retry-After header on 429 responses M-Hard 4: Auto-replenish + Fingerprints + Session Reset - Safety numbers (12 groups × 5 digits, Signal-style) - ensurePreKeyStock, resetSession, acceptIdentityChange - verifyRemoteIdentity for out-of-band comparison M-Hard 5: Identity Rotation with Grace Period - rotateIdentity archives old identity, generates fresh signed prekey - RetiredIdentity storage with addRetired/getRetired/pruneRetired - 7-day default grace period for decrypting old sessions - pruneExpiredIdentities for cleanup M-Hard 8: Error Hierarchy - New error types: Network, Storage, Validation, Timeout, RateLimit, Configuration, Unauthorized, Replay, IdentityRotation - All errors have stable SHADE_* codes - errorToHttpStatus for consistent HTTP mapping - toJSON() for network serialization 188 tests passing, zero failures. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
95 lines
3.1 KiB
Plaintext
95 lines
3.1 KiB
Plaintext
{
|
|
"lockfileVersion": 1,
|
|
"configVersion": 1,
|
|
"workspaces": {
|
|
"": {
|
|
"name": "shade",
|
|
"dependencies": {
|
|
"@noble/curves": "^2.0.1",
|
|
"@noble/hashes": "^2.0.1",
|
|
},
|
|
"devDependencies": {
|
|
"bun-types": "^1.3.11",
|
|
},
|
|
},
|
|
"packages/shade-core": {
|
|
"name": "@shade/core",
|
|
"version": "0.1.0",
|
|
"peerDependencies": {
|
|
"@shade/crypto-web": "workspace:*",
|
|
},
|
|
},
|
|
"packages/shade-crypto-web": {
|
|
"name": "@shade/crypto-web",
|
|
"version": "0.1.0",
|
|
"dependencies": {
|
|
"@noble/curves": "^2.0.1",
|
|
"@noble/hashes": "^2.0.1",
|
|
"@shade/core": "workspace:*",
|
|
},
|
|
},
|
|
"packages/shade-proto": {
|
|
"name": "@shade/proto",
|
|
"version": "0.1.0",
|
|
"dependencies": {
|
|
"@shade/core": "workspace:*",
|
|
},
|
|
},
|
|
"packages/shade-server": {
|
|
"name": "@shade/server",
|
|
"version": "0.1.0",
|
|
"dependencies": {
|
|
"@shade/core": "workspace:*",
|
|
"hono": "^4.12.12",
|
|
},
|
|
"devDependencies": {
|
|
"@shade/crypto-web": "workspace:*",
|
|
},
|
|
},
|
|
"packages/shade-storage-sqlite": {
|
|
"name": "@shade/storage-sqlite",
|
|
"version": "0.1.0",
|
|
"dependencies": {
|
|
"@shade/core": "workspace:*",
|
|
"@shade/crypto-web": "workspace:*",
|
|
"@shade/server": "workspace:*",
|
|
},
|
|
},
|
|
"packages/shade-transport": {
|
|
"name": "@shade/transport",
|
|
"version": "0.1.0",
|
|
"dependencies": {
|
|
"@shade/core": "workspace:*",
|
|
"@shade/crypto-web": "workspace:*",
|
|
"@shade/proto": "workspace:*",
|
|
"@shade/server": "workspace:*",
|
|
},
|
|
},
|
|
},
|
|
"packages": {
|
|
"@noble/curves": ["@noble/curves@2.0.1", "", { "dependencies": { "@noble/hashes": "2.0.1" } }, "sha512-vs1Az2OOTBiP4q0pwjW5aF0xp9n4MxVrmkFBxc6EKZc6ddYx5gaZiAsZoq0uRRXWbi3AT/sBqn05eRPtn1JCPw=="],
|
|
|
|
"@noble/hashes": ["@noble/hashes@2.0.1", "", {}, "sha512-XlOlEbQcE9fmuXxrVTXCTlG2nlRXa9Rj3rr5Ue/+tX+nmkgbX720YHh0VR3hBF9xDvwnb8D2shVGOwNx+ulArw=="],
|
|
|
|
"@shade/core": ["@shade/core@workspace:packages/shade-core"],
|
|
|
|
"@shade/crypto-web": ["@shade/crypto-web@workspace:packages/shade-crypto-web"],
|
|
|
|
"@shade/proto": ["@shade/proto@workspace:packages/shade-proto"],
|
|
|
|
"@shade/server": ["@shade/server@workspace:packages/shade-server"],
|
|
|
|
"@shade/storage-sqlite": ["@shade/storage-sqlite@workspace:packages/shade-storage-sqlite"],
|
|
|
|
"@shade/transport": ["@shade/transport@workspace:packages/shade-transport"],
|
|
|
|
"@types/node": ["@types/node@25.5.2", "", { "dependencies": { "undici-types": "~7.18.0" } }, "sha512-tO4ZIRKNC+MDWV4qKVZe3Ql/woTnmHDr5JD8UI5hn2pwBrHEwOEMZK7WlNb5RKB6EoJ02gwmQS9OrjuFnZYdpg=="],
|
|
|
|
"bun-types": ["bun-types@1.3.11", "", { "dependencies": { "@types/node": "*" } }, "sha512-1KGPpoxQWl9f6wcZh57LvrPIInQMn2TQ7jsgxqpRzg+l0QPOFvJVH7HmvHo/AiPgwXy+/Thf6Ov3EdVn1vOabg=="],
|
|
|
|
"hono": ["hono@4.12.12", "", {}, "sha512-p1JfQMKaceuCbpJKAPKVqyqviZdS0eUxH9v82oWo1kb9xjQ5wA6iP3FNVAPDFlz5/p7d45lO+BpSk1tuSZMF4Q=="],
|
|
|
|
"undici-types": ["undici-types@7.18.2", "", {}, "sha512-AsuCzffGHJybSaRrmr5eHr81mwJU3kjw6M+uprWvCXiNeN9SOGwQ3Jn8jb8m3Z6izVgknn1R0FTCEAP2QrLY/w=="],
|
|
}
|
|
}
|