fieldwitness

alee/fieldwitness

Fork 0

Commit Graph

Author	SHA1	Message	Date
Aaron D. Lee	51c9b0a99a	Fix 14 bugs and add features from power-user security audit Critical fixes: - Fix admin_delete_user missing current_user_id argument (TypeError on every delete) - Fix self-signed cert OOM: bytes(2130706433) → IPv4Address("127.0.0.1") - Add @login_required to attestation routes (attest, log); verify stays public - Add auth guards to fieldkit (@admin_required on killswitch) and keys blueprints - Fix cleanup_temp_files NameError in generate() route Security hardening: - Unify temp storage to ~/.soosef/temp/ so killswitch purge covers web uploads - Replace Path.unlink() with secure deletion (shred fallback) in temp_storage - Add structured audit log (audit.jsonl) for admin, key, and killswitch actions New features: - Dead man's switch background enforcement thread in serve + check-deadman CLI - Key rotation: soosef keys rotate-identity/rotate-channel with archiving - Batch attestation: soosef attest batch <dir> with progress and error handling - Geofence CLI: set/check/clear commands with config persistence - USB CLI: snapshot/check commands against device whitelist - Verification receipt download (/verify/receipt JSON endpoint + UI button) - IdentityInfo.created_at populated from sidecar meta.json (mtime fallback) Data layer: - ChainStore.get() now O(1) via byte-offset index built during state rebuild - Add federation module (chain, models, serialization, entropy) Includes 45+ new tests across chain, deadman, key rotation, killswitch, and serialization modules. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-01 17:06:33 -04:00
Aaron D. Lee	067c4073ee	Add Verisoo attest/verify web MVP — full attestation lifecycle Attest page (/attest): - Image upload with optional caption and location - EXIF auto-extraction toggle - Creates Ed25519-signed attestation record - Stores in verisoo append-only binary log + LMDB index - Displays: record ID, attestor fingerprint, timestamp, image hashes Verify page (/verify): - Image upload for verification against local attestation log - SHA-256 exact matching + perceptual hash matching (pHash, dHash) - Shows match type (exact/perceptual), hash distances, attestor info - Color-coded distance badges (green=0, info<5, warning<10, danger>=10) Attestation log (/attest/log): - Lists recent attestations with short ID, attestor, timestamp, SHA-256 - Shows total record count Verified: full lifecycle works — attest image → verify same image → exact match found Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 17:02:49 -04:00

Author

SHA1

Message

Date

Aaron D. Lee

51c9b0a99a

Fix 14 bugs and add features from power-user security audit

Critical fixes:
- Fix admin_delete_user missing current_user_id argument (TypeError on every delete)
- Fix self-signed cert OOM: bytes(2130706433) → IPv4Address("127.0.0.1")
- Add @login_required to attestation routes (attest, log); verify stays public
- Add auth guards to fieldkit (@admin_required on killswitch) and keys blueprints
- Fix cleanup_temp_files NameError in generate() route

Security hardening:
- Unify temp storage to ~/.soosef/temp/ so killswitch purge covers web uploads
- Replace Path.unlink() with secure deletion (shred fallback) in temp_storage
- Add structured audit log (audit.jsonl) for admin, key, and killswitch actions

New features:
- Dead man's switch background enforcement thread in serve + check-deadman CLI
- Key rotation: soosef keys rotate-identity/rotate-channel with archiving
- Batch attestation: soosef attest batch <dir> with progress and error handling
- Geofence CLI: set/check/clear commands with config persistence
- USB CLI: snapshot/check commands against device whitelist
- Verification receipt download (/verify/receipt JSON endpoint + UI button)
- IdentityInfo.created_at populated from sidecar meta.json (mtime fallback)

Data layer:
- ChainStore.get() now O(1) via byte-offset index built during state rebuild
- Add federation module (chain, models, serialization, entropy)

Includes 45+ new tests across chain, deadman, key rotation, killswitch, and
serialization modules.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-01 17:06:33 -04:00

Aaron D. Lee

067c4073ee

Add Verisoo attest/verify web MVP — full attestation lifecycle

Attest page (/attest):
- Image upload with optional caption and location
- EXIF auto-extraction toggle
- Creates Ed25519-signed attestation record
- Stores in verisoo append-only binary log + LMDB index
- Displays: record ID, attestor fingerprint, timestamp, image hashes

Verify page (/verify):
- Image upload for verification against local attestation log
- SHA-256 exact matching + perceptual hash matching (pHash, dHash)
- Shows match type (exact/perceptual), hash distances, attestor info
- Color-coded distance badges (green=0, info<5, warning<10, danger>=10)

Attestation log (/attest/log):
- Lists recent attestations with short ID, attestor, timestamp, SHA-256
- Shows total record count

Verified: full lifecycle works — attest image → verify same image → exact match found

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-31 17:02:49 -04:00

2 Commits