fieldwitness

alee/fieldwitness

Fork 0

Commit Graph

Author	SHA1	Message	Date
Aaron D. Lee	fb0cc3e39d	Implement 14 power-user feature requests for field deployment Critical: - FR-01: Chain verification now supports key rotation via signed rotation records (soosef/key-rotation-v1 content type). Old single-signer invariant replaced with authorized-signers set. - FR-02: Carrier images stripped of EXIF metadata by default before steganographic encoding (strip_metadata=True). Prevents source location/device leakage. High priority: - FR-03: Session timeout (default 15min) + secure cookie flags (HttpOnly, SameSite=Strict, Secure when HTTPS) - FR-04: CSRF protection via Flask-WTF on all POST forms. Killswitch now requires password re-authentication. - FR-05: Collaborator trust store — trust_key(), get_trusted_keys(), resolve_attestor_name(), untrust_key() in KeystoreManager. - FR-06: Production WSGI server (Waitress) by default, Flask dev server only with --debug flag. - FR-07: Dead man's switch sends warning during grace period via local file + optional webhook before auto-purge. Medium: - FR-08: Geofence get_current_location() via gpsd for --here support. - FR-09: Batch attestation endpoint (/attest/batch) with SHA-256 dedup and per-file status reporting. - FR-10: Key backup tracking with last_backup_info() and is_backup_overdue() + backup_reminder_days config. - FR-11: Verification receipts signed with instance Ed25519 key (schema_version bumped to 2). - FR-12: Login rate limiting with configurable lockout (5 attempts, 15 min default). Nice-to-have: - FR-13: Unified `soosef status` pre-flight command showing identity, channel key, deadman, geofence, chain, and backup status. - FR-14: `soosef chain export` produces ZIP with JSON manifest, public key, and raw chain.bin for legal discovery. Tests: 157 passed, 1 skipped, 1 pre-existing flaky test. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-04-01 19:35:36 -04:00
Aaron D. Lee	317ef0f2ae	Port encode/decode/tools/about routes from stegasoo (2,083 lines) New file stego_routes.py: - register_stego_routes() mounts all encode/decode routes on the Flask app - Async encode with ThreadPoolExecutor + progress polling - Subprocess isolation for crash-safe stegasoo operations - Image + audio encode/decode with full validation - Encode result display with download - Tools API routes (capacity, EXIF, rotate, compress, convert) - About page with crypto documentation Real templates (replacing stubs): - encode.html (889 lines): full form with carrier upload, passphrase, PIN, RSA key, embed mode selection, async progress bar - decode.html (681 lines): decode form with credential inputs - encode_result.html (242 lines): result display with download - about.html (602 lines): security documentation All routes verified working with auth flow. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 16:52:18 -04:00
Aaron D. Lee	b8d4eb5933	Add core modules, web frontend, CLI, keystore, and fieldkit Core: - paths.py: centralized ~/.soosef/ path constants - config.py: JSON config loader with dataclass defaults - exceptions.py: SoosefError hierarchy - cli.py: unified Click CLI wrapping stegasoo + verisoo + native commands Keystore: - manager.py: unified key management (Ed25519 identity + channel keys) - models.py: IdentityInfo, KeystoreStatus dataclasses - export.py: encrypted key bundle export/import for USB transfer Fieldkit: - killswitch.py: ordered emergency data destruction (keys first) - deadman.py: dead man's switch with check-in timer - tamper.py: SHA-256 file integrity baseline + checking - usb_monitor.py: pyudev USB whitelist enforcement - geofence.py: haversine-based GPS boundary checking Web frontend (Flask app factory + blueprints): - app.py: create_app() factory with context processor - blueprints: stego, attest, fieldkit, keys, admin - templates: base.html (dark theme, unified nav), dashboard, all section pages - static: CSS, favicon Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-31 14:30:13 -04:00

Author

SHA1

Message

Date

Aaron D. Lee

fb0cc3e39d

Implement 14 power-user feature requests for field deployment

Critical:
- FR-01: Chain verification now supports key rotation via signed rotation
  records (soosef/key-rotation-v1 content type). Old single-signer
  invariant replaced with authorized-signers set.
- FR-02: Carrier images stripped of EXIF metadata by default before
  steganographic encoding (strip_metadata=True). Prevents source
  location/device leakage.

High priority:
- FR-03: Session timeout (default 15min) + secure cookie flags
  (HttpOnly, SameSite=Strict, Secure when HTTPS)
- FR-04: CSRF protection via Flask-WTF on all POST forms. Killswitch
  now requires password re-authentication.
- FR-05: Collaborator trust store — trust_key(), get_trusted_keys(),
  resolve_attestor_name(), untrust_key() in KeystoreManager.
- FR-06: Production WSGI server (Waitress) by default, Flask dev
  server only with --debug flag.
- FR-07: Dead man's switch sends warning during grace period via
  local file + optional webhook before auto-purge.

Medium:
- FR-08: Geofence get_current_location() via gpsd for --here support.
- FR-09: Batch attestation endpoint (/attest/batch) with SHA-256
  dedup and per-file status reporting.
- FR-10: Key backup tracking with last_backup_info() and
  is_backup_overdue() + backup_reminder_days config.
- FR-11: Verification receipts signed with instance Ed25519 key
  (schema_version bumped to 2).
- FR-12: Login rate limiting with configurable lockout (5 attempts,
  15 min default).

Nice-to-have:
- FR-13: Unified `soosef status` pre-flight command showing identity,
  channel key, deadman, geofence, chain, and backup status.
- FR-14: `soosef chain export` produces ZIP with JSON manifest,
  public key, and raw chain.bin for legal discovery.

Tests: 157 passed, 1 skipped, 1 pre-existing flaky test.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-04-01 19:35:36 -04:00

Aaron D. Lee

317ef0f2ae

Port encode/decode/tools/about routes from stegasoo (2,083 lines)

New file stego_routes.py:
- register_stego_routes() mounts all encode/decode routes on the Flask app
- Async encode with ThreadPoolExecutor + progress polling
- Subprocess isolation for crash-safe stegasoo operations
- Image + audio encode/decode with full validation
- Encode result display with download
- Tools API routes (capacity, EXIF, rotate, compress, convert)
- About page with crypto documentation

Real templates (replacing stubs):
- encode.html (889 lines): full form with carrier upload, passphrase,
  PIN, RSA key, embed mode selection, async progress bar
- decode.html (681 lines): decode form with credential inputs
- encode_result.html (242 lines): result display with download
- about.html (602 lines): security documentation

All routes verified working with auth flow.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-31 16:52:18 -04:00

Aaron D. Lee

b8d4eb5933

Add core modules, web frontend, CLI, keystore, and fieldkit

Core:
- paths.py: centralized ~/.soosef/ path constants
- config.py: JSON config loader with dataclass defaults
- exceptions.py: SoosefError hierarchy
- cli.py: unified Click CLI wrapping stegasoo + verisoo + native commands

Keystore:
- manager.py: unified key management (Ed25519 identity + channel keys)
- models.py: IdentityInfo, KeystoreStatus dataclasses
- export.py: encrypted key bundle export/import for USB transfer

Fieldkit:
- killswitch.py: ordered emergency data destruction (keys first)
- deadman.py: dead man's switch with check-in timer
- tamper.py: SHA-256 file integrity baseline + checking
- usb_monitor.py: pyudev USB whitelist enforcement
- geofence.py: haversine-based GPS boundary checking

Web frontend (Flask app factory + blueprints):
- app.py: create_app() factory with context processor
- blueprints: stego, attest, fieldkit, keys, admin
- templates: base.html (dark theme, unified nav), dashboard, all section pages
- static: CSS, favicon

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-31 14:30:13 -04:00

3 Commits