alee/fieldwitness
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
586aa50c95
fieldwitness/pyproject.toml
Aaron D. Lee fb0cc3e39d Implement 14 power-user feature requests for field deployment 
Critical:
- FR-01: Chain verification now supports key rotation via signed rotation
  records (soosef/key-rotation-v1 content type). Old single-signer
  invariant replaced with authorized-signers set.
- FR-02: Carrier images stripped of EXIF metadata by default before
  steganographic encoding (strip_metadata=True). Prevents source
  location/device leakage.

High priority:
- FR-03: Session timeout (default 15min) + secure cookie flags
  (HttpOnly, SameSite=Strict, Secure when HTTPS)
- FR-04: CSRF protection via Flask-WTF on all POST forms. Killswitch
  now requires password re-authentication.
- FR-05: Collaborator trust store — trust_key(), get_trusted_keys(),
  resolve_attestor_name(), untrust_key() in KeystoreManager.
- FR-06: Production WSGI server (Waitress) by default, Flask dev
  server only with --debug flag.
- FR-07: Dead man's switch sends warning during grace period via
  local file + optional webhook before auto-purge.

Medium:
- FR-08: Geofence get_current_location() via gpsd for --here support.
- FR-09: Batch attestation endpoint (/attest/batch) with SHA-256
  dedup and per-file status reporting.
- FR-10: Key backup tracking with last_backup_info() and
  is_backup_overdue() + backup_reminder_days config.
- FR-11: Verification receipts signed with instance Ed25519 key
  (schema_version bumped to 2).
- FR-12: Login rate limiting with configurable lockout (5 attempts,
  15 min default).

Nice-to-have:
- FR-13: Unified `soosef status` pre-flight command showing identity,
  channel key, deadman, geofence, chain, and backup status.
- FR-14: `soosef chain export` produces ZIP with JSON manifest,
  public key, and raw chain.bin for legal discovery.

Tests: 157 passed, 1 skipped, 1 pre-existing flaky test.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-01 19:35:36 -04:00

169 lines
3.7 KiB
TOML
Raw Blame History

[build-system]
requires = ["hatchling"]
build-backend = "hatchling.build"
[project]
name = "soosef"
version = "0.1.0"
description = "Soo Security Fieldkit — offline-first security toolkit for journalists, NGOs, and at-risk organizations"
readme = "README.md"
license = "MIT"
requires-python = ">=3.11"
authors = [
{ name = "Aaron D. Lee" }
]
keywords = [
"steganography",
"provenance",
"attestation",
"security",
"privacy",
"fieldkit",
"airgap",
"offline",
]
classifiers = [
"Development Status :: 2 - Pre-Alpha",
"Environment :: Console",
"Environment :: Web Environment",
"Intended Audience :: Developers",
"Intended Audience :: End Users/Desktop",
"License :: OSI Approved :: MIT License",
"Operating System :: OS Independent",
"Programming Language :: Python :: 3",
"Programming Language :: Python :: 3.11",
"Programming Language :: Python :: 3.12",
"Programming Language :: Python :: 3.13",
"Programming Language :: Python :: 3.14",
"Topic :: Security :: Cryptography",
"Topic :: Multimedia :: Graphics",
]
dependencies = [
"pillow>=10.0.0",
"cryptography>=41.0.0",
"argon2-cffi>=23.0.0",
"zstandard>=0.22.0",
"cbor2>=5.6.0",
"uuid-utils>=0.9.0",
]
[project.optional-dependencies]
stego-dct = [
"numpy>=2.0.0",
"scipy>=1.10.0",
"jpeglib>=1.0.0",
"reedsolo>=1.7.0",
]
stego-audio = [
"pydub>=0.25.0",
"numpy>=2.0.0",
"scipy>=1.10.0",
"soundfile>=0.12.0",
"reedsolo>=1.7.0",
]
stego-compression = [
"lz4>=4.0.0",
]
attest = [
"imagehash>=4.3.0",
"lmdb>=1.4.0",
"exifread>=3.0.0",
]
cli = [
"click>=8.0.0",
"rich>=13.0.0",
"qrcode>=7.30",
"piexif>=1.1.0",
]
web = [
"flask>=3.0.0",
"flask-wtf>=1.2.0",
"waitress>=3.0.0",
"gunicorn>=21.0.0",
"qrcode>=7.3.0",
"pyzbar>=0.1.9",
"piexif>=1.1.0",
"soosef[attest,stego-dct]",
]
api = [
"fastapi>=0.109.0",
"uvicorn[standard]>=0.27.0",
"python-multipart>=0.0.6",
"soosef[stego-dct]",
]
fieldkit = [
"watchdog>=4.0.0",
"pyudev>=0.24.0",
]
federation = [
"aiohttp>=3.9.0",
]
rpi = [
"soosef[web,cli,fieldkit]",
"gpiozero>=2.0",
]
all = [
"soosef[stego-dct,stego-audio,stego-compression,attest,cli,web,api,fieldkit,federation]",
]
dev = [
"soosef[all]",
"pytest>=7.0.0",
"pytest-cov>=4.0.0",
"black>=23.0.0",
"ruff>=0.1.0",
"mypy>=1.0.0",
]
[project.scripts]
soosef = "soosef.cli:main"
[project.urls]
Homepage = "https://github.com/alee/soosef"
Repository = "https://github.com/alee/soosef"
[tool.hatch.build.targets.sdist]
include = [
"/src",
"/frontends",
]
[tool.hatch.build.targets.wheel]
packages = ["src/soosef", "frontends"]
[tool.hatch.build.targets.wheel.sources]
"src" = ""
[tool.hatch.build.targets.wheel.force-include]
"src/soosef/stegasoo/data/bip39-words.txt" = "soosef/stegasoo/data/bip39-words.txt"
[tool.pytest.ini_options]
testpaths = ["tests"]
python_files = ["test_*.py"]
addopts = "-v --cov=soosef --cov-report=term-missing"
[tool.black]
line-length = 100
target-version = ["py311", "py312", "py313"]
[tool.ruff]
line-length = 100
[tool.ruff.lint]
select = ["E", "F", "I", "N", "W", "UP"]
ignore = ["E501"]
[tool.ruff.lint.per-file-ignores]
# YCbCr colorspace variables (R, G, B, Y, Cb, Cr) are standard names
"src/soosef/stegasoo/dct_steganography.py" = ["N803", "N806"]
# MDCT transform variables (N, X) are standard mathematical names
"src/soosef/stegasoo/spread_steganography.py" = ["N803", "N806"]
# Package __init__.py has imports after try/except and aliases - intentional structure
"src/soosef/stegasoo/__init__.py" = ["E402"]
[tool.mypy]
python_version = "3.11"
warn_return_any = true
warn_unused_configs = true
ignore_missing_imports = true
Reference in New Issue View Git Blame Copy Permalink