Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 4 additions & 1 deletion .github/workflows/cargo-audit.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,10 @@ jobs:
runs-on: ubuntu-latest
timeout-minutes: 15
needs: audit
if: failure()
# Only file a tracking issue on push/schedule runs. On pull_request events
# GITHUB_TOKEN is forced read-only, so `gh issue create` 403s; guarding here
# keeps PR runs green (the audit job itself still gates the PR).
if: failure() && github.event_name != 'pull_request'
permissions:
issues: write
steps:
Expand Down
2 changes: 2 additions & 0 deletions .github/workflows/rust-ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -15,3 +15,5 @@ permissions:
jobs:
rust-ci:
uses: hyperpolymath/standards/.github/workflows/rust-ci-reusable.yml@d135b05bfc647d0c0fbfedc7e80f37ea50f49236
with:
toolchain: stable
4 changes: 2 additions & 2 deletions .machine_readable/6a2/STATE.a2ml
Original file line number Diff line number Diff line change
Expand Up @@ -53,8 +53,8 @@ compatibility = false

[blockers]
threat-model-signoff = "threat-model.a2ml status = draft-pending-human-review (since 2026-04-19); blocks any januskey-mcp cartridge"
homerolled-hmac = "attestation.rs SHA256(key||data) pattern flagged by threat model; must be replaced with a real HMAC primitive before MCP exposure (Trustfile no-homerolled-hmac)"
metadata-only-key-types = "Ed25519/X25519 enum entries lack real sign/DH implementations (threat-model flag)"
homerolled-hmac = "RESOLVED: attestation.rs now uses a real HMAC-SHA256 (hmac crate, RFC 2104) with a versioned domain separator, and hard-errors instead of the unwrap_or([0u8;32]) unkeyed fallback. Regression tests: test_attestation_refused_without_key, test_attestation_is_genuinely_keyed. Satisfies Trustfile no-homerolled-hmac."
metadata-only-key-types = "PARTIALLY MITIGATED: Ed25519/X25519 key generation is now refused at the CLI (was silently producing 32 random bytes mislabelled as an asymmetric key); enum variants retained only for backward-compatible deserialization. Real dalek-backed sign/DH still unimplemented."
claude-md-maintainer-edits = ".claude/CLAUDE.md is guardrail-blocked for agents: line 46 still says 'Julia/Rust/ReScript' (leftover from #49); package-management section still cites flake.nix, removed by the estate wave"
idris2-in-ci = "just test-proofs requires the idris2 binary; proof check not yet wired as a CI gate (READINESS D→C promotion item)"

Expand Down
58 changes: 40 additions & 18 deletions Cargo.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

16 changes: 14 additions & 2 deletions TESTING-REPORT.adoc
Original file line number Diff line number Diff line change
Expand Up @@ -2,15 +2,27 @@
// Copyright (c) Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
// SPDX-FileCopyrightText: 2025 Jonathan D.A. Jewell

= JanusKey Testing Report
= JanusKey Testing Report (ARCHIVED — 2025-12-29)
:toc: auto
:icons: font
:source-highlighter: rouge
:date: 2025-12-29

[WARNING]
====
*This report is a stale snapshot from 2025-12-29 and is retained for
history only.* It predates the 2026-04 readiness assessment, which graded
the project *D (Alpha, Unstable)*. Its "all tests passed / robust and
functional" framing overstates the current state (homerolled attestation
MAC, unimplemented asymmetric crypto, no fuzz/mutation/chaos testing).

*For the current, authoritative test status see `READINESS.md` and
`.machine_readable/6a2/STATE.a2ml`.*
====

== Executive Summary

This report documents the comprehensive testing of the JanusKey project, a reversible file operations system with cryptographic key management. All tests passed successfully, demonstrating a robust and functional implementation.
This report documents the testing of the JanusKey project as of 2025-12-29, a reversible file operations system with cryptographic key management. The tests recorded here passed at that time; see the archival warning above for why this no longer reflects project status.

|===
| Metric | Result
Expand Down
40 changes: 28 additions & 12 deletions TOPOLOGY.md
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ SPDX-License-Identifier: CC-BY-SA-4.0
Copyright (c) Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>
-->
<!-- TOPOLOGY.md — Project architecture map and completion dashboard -->
<!-- Last updated: 2026-02-19 -->
<!-- Last updated: 2026-07-02 (completion dashboard reconciled to STATE.a2ml / READINESS.md) -->

# JanusKey — Project Topology

Expand Down Expand Up @@ -53,27 +53,43 @@ Copyright (c) Jonathan D.A. Jewell <j.d.a.jewell@open.ac.uk>

## Completion Dashboard

> **Source of truth:** `.machine_readable/6a2/STATE.a2ml` (completion 60%,
> CRG grade **D**) and `READINESS.md` (Grade **D — Alpha, Unstable**). This
> dashboard is a human-readable summary of those files; if they disagree,
> they win. Percentages below are qualitative, not measured coverage.

```
COMPONENT STATUS NOTES
───────────────────────────────── ────────────────── ─────────────────────────────────
CORE ENGINE (RUST)
Operation Layer ██████████ 100% Delete/Modify/Move stable
Inverse Metadata Gen ██████████ 100% Perfect inversion verified
Transaction Manager ██████████ 100% Begin/Commit/Rollback active
Content-Addressed Storage ██████████ 100% SHA256 deduplication verified
Operation Layer ████████░░ ~85% Delete/Modify/Move implemented; unit-tested
Inverse Metadata Gen ████████░░ ~80% execute∘undo roundtrip property-tested (proptest)
Transaction Manager ████████░░ ~80% Begin/Commit/Rollback tested via P2P suite
Content-Addressed Storage ████████░░ ~85% Real SHA256 content store + dedup

SECURITY (honest)
Attestation / audit chain ███░░░░░░░ ~30% Homerolled SHA256(key||data||prev) MAC +
zero-key fallback — flagged by threat model
(STATE.a2ml homerolled-hmac); needs real HMAC
Asymmetric crypto █░░░░░░░░░ ~10% Ed25519/X25519 are enum labels, not implemented
Secure obliteration ████░░░░░░ ~40% Best-effort; NOT guaranteed on SSD/CoW (threat-
model dependent — see obliteration caveat)

INTERFACES & RESEARCH
CLI Interface (jk) ██████████ 100% Full command set verified
MPR Methodology ██████████ 100% Security by construction proven
Testing Report (SCM) ██████████ 100% Audit trail validated
CLI Interface (jk) ████████░░ ~85% Full command set; no user testing yet
MPR Methodology ████░░░░░░ ~40% Design documented; FORMAL PROOFS PENDING
(30 Idris2 proofs unchecked in CI; not linked
to the Rust)
Testing (READINESS matrix) ██████░░░░ ~60% 67 tests + 5 benches; missing fuzz, mutation,
chaos, compatibility (Grade D)

REPO INFRASTRUCTURE
Justfile Automation ██████████ 100% Standard build/lint tasks
.machine_readable/ ██████████ 100% STATE tracking active
0-AI-MANIFEST.a2ml ██████████ 100% AI entry point verified
Justfile Automation █████████░ ~90% Build/lint/test recipes present
.machine_readable/ █████████░ ~90% STATE tracking active
0-AI-MANIFEST.a2ml █████████░ ~90% AI entry point present

─────────────────────────────────────────────────────────────────────────────
OVERALL: ██████████ 100% v1.0 Production Ready
OVERALL: ██████░░░░ ~60% Grade D — Alpha, Unstable (not v1.0)
```

## Key Dependencies
Expand Down
3 changes: 2 additions & 1 deletion crates/januskey-cli/Cargo.toml
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ clap = { version = "4", features = ["derive"] }
serde = { version = "1", features = ["derive"] }
serde_json = "1"
sha2 = "0.10"
hmac = "0.12"
chrono = { version = "0.4", features = ["serde"] }
uuid = { version = "1", features = ["v4", "serde"] }
thiserror = "1"
Expand All @@ -28,7 +29,7 @@ dirs = "5"
walkdir = "2"
colored = "2"
dialoguer = "0.11"
indicatif = "0.17"
indicatif = "0.18"
glob = "0.3"
whoami = "1"

Expand Down
Loading
Loading