Resolves the tension between steganography (strip everything to
protect sources) and attestation (preserve evidence of provenance):
- New soosef.metadata module with extract_and_classify() and
extract_strip_pipeline() — classifies EXIF fields as evidentiary
(GPS, timestamp — valuable for proving provenance) vs dangerous
(device serial, firmware — could identify the source)
- Drop box now uses extract-then-strip: attests ORIGINAL bytes (hash
matches what source submitted), extracts evidentiary EXIF into
attestation metadata, strips dangerous fields, stores clean copy
- Attest route gains strip_device option: when enabled, includes
GPS/timestamp in attestation but excludes device serial/firmware
- Stego encode unchanged: still strips all metadata from carriers
(correct for steganography threat model)
The key insight: for stego, the carrier is a vessel (strip everything).
For attestation, EXIF is the evidence (extract, classify, preserve
selectively). Both hashes (original + stripped) are recorded so the
relationship between raw submission and stored copy is provable.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1. Source drop box: token-gated anonymous upload with auto-attestation,
EXIF stripping, receipt codes, and self-destructing URLs. New
/dropbox blueprint with admin panel for token management. CSRF
exempted for source-facing upload routes.
2. Investigation namespaces: attestation records tagged with
investigation label via metadata. Log view filters by investigation
with dropdown. Supports long-running multi-story workflows.
3. Scale fixes: replaced O(n) full-scan perceptual hash search with
LMDB find_similar_images() index lookup. Added incremental chain
verification (verify_incremental) with last_verified_index
checkpoint in ChainState.
4. Deep forensic purge: killswitch now scrubs __pycache__, pip
dist-info, pip cache, and shell history entries containing 'soosef'.
Runs before package uninstall for maximum trace removal.
5. Cross-org federation: new federation/exchange.py with
export_attestation_bundle() and import_attestation_bundle().
Bundles are self-authenticating JSON with investigation filter.
Import validates against trust store fingerprints.
6. Wrong-key diagnostics: enhanced decrypt error messages include
current channel key fingerprint hint. New carrier_tracker.py
tracks carrier SHA-256 hashes and warns on reuse (statistical
analysis risk).
7. Selective disclosure: ChainStore.selective_disclosure() produces
proof bundles with full selected records + hash-only redacted
records + complete hash chain for linkage verification. New
`soosef chain disclose -i 0,5,10 -o proof.json` CLI command
for court-ordered evidence production.
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
