Carter Perez
e8fe3c18c1
Update README.md
2026-06-02 08:37:58 -04:00
Carter Perez
d57b17004b
Update README.md
2026-06-02 08:32:26 -04:00
Carter Perez
26166998ed
Merge pull request #265 from CarterPerez-dev/project/hsm-emulator
...
Project/hsm emulator
2026-06-02 08:29:01 -04:00
Carter Perez
da35993bd6
Merge pull request #264 from CarterPerez-dev/dependabot/npm_and_yarn/PROJECTS/advanced/bug-bounty-platform/frontend/axios-1.16.0
...
chore(deps): bump axios from 1.15.2 to 1.16.0 in /PROJECTS/advanced/bug-bounty-platform/frontend
2026-06-02 08:27:39 -04:00
dependabot[bot]
d0aa0b0e0b
chore(deps): bump axios
...
Bumps [axios](https://github.com/axios/axios ) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.16.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-06-02 12:19:18 +00:00
Carter Perez
2ea9e346a8
Merge pull request #263 from CarterPerez-dev/dependabot/npm_and_yarn/PROJECTS/advanced/encrypted-p2p-chat/frontend/vitest-4.1.0
...
chore(deps-dev): bump vitest from 2.1.9 to 4.1.0 in /PROJECTS/advanced/encrypted-p2p-chat/frontend
2026-06-02 08:17:53 -04:00
CarterPerez-dev
d03b9a37ad
fix(hsm-emulator): install.sh builds and validates the ReleaseSafe artifact
...
build_module printed (ReleaseSafe) but ran plain 'zig build', which is Debug here (preferred_optimize_mode only ships ReleaseSafe with --release). It left a 20M Debug .so labeled as the shipped build, and 'zig build smoke' would reinstall Debug over any ReleaseSafe artifact via its install-step dependency.
Run build + test + smoke with --release=safe so the script produces and validates the real 5.9M shipped artifact end to end. Kept check-only (no dependency auto-install): missing deps still hard-fail/warn with the exact apt command.
Verified: ./install.sh exits 0 on a clean tree, final zig-out/lib/libhsm.so is 5.9M ReleaseSafe, tests + smoke pass, pkcs11-tool loads it.
2026-06-02 08:01:48 -04:00
CarterPerez-dev
53fd886ed8
docs(hsm-emulator): M12 learn track + README flip
...
learn/: add 00-OVERVIEW, 01-CONCEPTS, 02-ARCHITECTURE, 03-IMPLEMENTATION, 04-CHALLENGES, and MECHANICS (the byte-by-byte crypto deep-dive). CONFORMANCE shipped in M11. Real-breach grounding, function/file code refs (no line numbers), no AI voice.
Project README: flip M0-stale to real M0-M11 (21 mechanisms, std.Io.randomSecure, roadmap done through M12, learn/ link table).
Root README: graduate HSM to a completed project (Full Source Code 32->33, C badge -> Zig, title + footer now link to source and learn/).
Verified docs-only: zig build test and zig build smoke both exit 0, smoke mechanisms=21, objdump -T shows only C_GetFunctionList. No source changed.
2026-06-02 07:28:08 -04:00
dependabot[bot]
86128cd1a1
chore(deps-dev): bump vitest
...
Bumps [vitest](https://github.com/vitest-dev/vitest/tree/HEAD/packages/vitest ) from 2.1.9 to 4.1.0.
- [Release notes](https://github.com/vitest-dev/vitest/releases )
- [Changelog](https://github.com/vitest-dev/vitest/blob/main/docs/releases.md )
- [Commits](https://github.com/vitest-dev/vitest/commits/v4.1.0/packages/vitest )
---
updated-dependencies:
- dependency-name: vitest
dependency-version: 4.1.0
dependency-type: direct:development
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-06-02 11:15:51 +00:00
Carter Perez
2a2296ccf2
Merge pull request #262 from CarterPerez-dev/dependabot/npm_and_yarn/PROJECTS/advanced/monitor-the-situation-dashboard/frontend/axios-1.16.0
...
chore(deps): bump axios from 1.15.2 to 1.16.0 in /PROJECTS/advanced/monitor-the-situation-dashboard/frontend
2026-06-02 07:14:17 -04:00
CarterPerez-dev
f70ca3f32c
feat(hsm-emulator): M10 crypto-surface, M11 conformance, deep-audit hardening
...
M10 (crypto-surface): RUP-safe buffered AES-GCM streaming (16 MiB cap),
DigestEncrypt/SignEncrypt/DecryptDigest/DecryptVerify dual functions
(decrypt-side CBC-only), RSA C_SignRecover/C_VerifyRecover (CKM_RSA_PKCS),
digest-only Get/SetOperationState.
M11 (conformance): spec-correct C_WaitForSlotEvent (DONT_BLOCK->CKR_NO_EVENT,
blocking->FUNCTION_NOT_SUPPORTED, pReserved->ARGUMENTS_BAD) + CKF_DONT_BLOCK;
public learn/CONFORMANCE.md documenting every deliberate N/A with its OASIS
v2.40 section and exact return code.
Deep project audit (5 read-only dimension agents, 0 Critical/High):
- fix: C_Finalize-vs-fast-path use-after-free race -- replace lockless
state.current() with state.acquire() (lock + verify-live atomically)
across all ~57 entry points
- fix: enforce CKR_PIN_LEN_RANGE on the new PIN in InitToken/InitPIN/SetPIN
- fix: clear a stale sealed flag on Object.set replace (login-unseal wedge)
- harden: zeroize CBC plaintext stack temporaries; Debug leak-assert at
C_Finalize turns smoke into an API-layer leak gate
- test: ABI layout-check PSS/OAEP param structs; +sealed-flag regression
Proven: 76/76 unit (Debug + ReleaseSafe), in-process smoke (with PIN-length
asserts), cross-process pkcs11-tool (init/pin/RSA keygen+sign/wrong-pin).
.so exports only C_GetFunctionList.
2026-06-02 06:48:25 -04:00
CarterPerez-dev
0b8f8df8a3
feat(hsm-emulator): M9 key management — wrap/unwrap, derive, digest-key
...
- C_WrapKey/C_UnwrapKey: CKM_AES_KEY_WRAP (RFC 3394) + CKM_RSA_PKCS_OAEP, secret keys only
- new AES-KEY-WRAP primitive in cipher.zig (RFC 3394 KAT-verified, fail-closed, zeroized temps)
- C_DeriveKey: factor shared secret-key-object builder; accept raw SEC1 or DER peer point
- C_DigestKey: secret-key class + sealed-guard (CKR_KEY_INDIGESTIBLE / CKR_USER_NOT_LOGGED_IN)
- advertise CKM_ECDH1_DERIVE + CKM_AES_KEY_WRAP; add WRAP/UNWRAP to RSA-PKCS-OAEP
- 9 OASIS-exact CKR_* wrap/unwrap/digest error codes
- 70/70 tests; proven via in-process smoke + cross-process pkcs11-tool (OpenSSL + RFC 3394 oracles)
2026-06-01 23:03:53 -04:00
CarterPerez-dev
ccb1b40a15
feat(hsm-emulator): PKCS#11 HSM emulator in Zig (M0–M7)
...
Software HSM that compiles to a real Cryptoki (PKCS#11) v2.40 shared
object, loadable by pkcs11-tool / OpenSSL like a smartcard. SoftHSM2-style
three-layer split: C-ABI facade -> typed core state -> crypto + persistence.
- M0 hand-written v2.40 ABI + build-time OASIS cross-check; exports only C_GetFunctionList
- M1 sessions, login, Argon2id PIN, lockout
- M2 objects + find, CKA_PRIVATE gating, persisted token store
- M3 RNG, SHA-2 digest, HMAC, AES-CBC/CBC-PAD/GCM
- M4 ECDSA P-256/P-384 keygen + sign/verify (std.crypto)
- M5 RSA 2048-4096 via libcrypto: PKCS#1 v1.5 / PSS sign-verify, PKCS#1 / OAEP enc-dec
- M6 encrypted-at-rest store: selective AES-256-GCM envelope, master key wrapped under Argon2id(User-PIN)
- M7 hardening (session-secret zeroization, fail-closed relock, heap-leak scrub, ubsan-free ABI) + Docker
Verified three ways: 65/65 unit tests, in-process dlopen smoke, and
cross-process OpenSC pkcs11-tool (token keys survive process restart).
Also excludes vendor/pkcs11 from the trailing-whitespace / end-of-file
pre-commit hooks so the vendored OASIS headers keep their documented
SHA-256 provenance.
2026-06-01 20:35:48 -04:00
dependabot[bot]
49b47185bd
chore(deps): bump axios
...
Bumps [axios](https://github.com/axios/axios ) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.16.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-06-01 16:48:39 +00:00
Carter Perez
789d4ebd82
Merge pull request #260 from CarterPerez-dev/dependabot/npm_and_yarn/PROJECTS/advanced/ai-threat-detection/frontend/axios-1.16.0
...
chore(deps): bump axios from 1.15.2 to 1.16.0 in /PROJECTS/advanced/ai-threat-detection/frontend
2026-06-01 12:46:33 -04:00
Carter Perez
c4f983817c
Merge pull request #259 from CarterPerez-dev/dependabot/npm_and_yarn/PROJECTS/intermediate/siem-dashboard/frontend/axios-1.16.0
...
chore(deps): bump axios from 1.15.2 to 1.16.0 in /PROJECTS/intermediate/siem-dashboard/frontend
2026-06-01 12:46:22 -04:00
Carter Perez
78a675b130
Merge pull request #261 from CarterPerez-dev/dependabot/npm_and_yarn/PROJECTS/advanced/honeypot-network/frontend/axios-1.16.0
...
chore(deps): bump axios from 1.15.2 to 1.16.0 in /PROJECTS/advanced/honeypot-network/frontend
2026-06-01 12:46:06 -04:00
dependabot[bot]
3a2fb4af85
chore(deps): bump axios in /PROJECTS/advanced/honeypot-network/frontend
...
Bumps [axios](https://github.com/axios/axios ) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.16.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-29 16:32:54 +00:00
dependabot[bot]
a455b78639
chore(deps): bump axios
...
Bumps [axios](https://github.com/axios/axios ) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.16.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-29 16:31:21 +00:00
dependabot[bot]
555efbb67b
chore(deps): bump axios
...
Bumps [axios](https://github.com/axios/axios ) from 1.15.2 to 1.16.0.
- [Release notes](https://github.com/axios/axios/releases )
- [Changelog](https://github.com/axios/axios/blob/v1.x/CHANGELOG.md )
- [Commits](https://github.com/axios/axios/compare/v1.15.2...v1.16.0 )
---
updated-dependencies:
- dependency-name: axios
dependency-version: 1.16.0
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-29 16:25:57 +00:00
Carter Perez
9e7246e417
Update README.md
2026-05-24 18:09:32 -04:00
CarterPerez-dev
8665b3f93a
cracked
2026-05-23 06:59:28 -04:00
Carter Perez
163d126655
Merge pull request #256 from CarterPerez-dev/chore/add-linting-to-yml-and-pre-commit
...
Chore/add linting to yml and pre commit
2026-05-23 06:43:38 -04:00
Carter Perez
540a1dfcd7
Merge pull request #246 from CarterPerez-dev/dependabot/go_modules/PROJECTS/intermediate/secrets-scanner/github.com/go-git/go-git/v5-5.19.1
...
chore(deps): bump github.com/go-git/go-git/v5 from 5.19.0 to 5.19.1 in /PROJECTS/intermediate/secrets-scanner
2026-05-23 06:43:21 -04:00
CarterPerez-dev
ec1eb3cc2d
ci(lint): mkdir bin before building ameba
2026-05-23 06:34:52 -04:00
CarterPerez-dev
e78b17aa8c
ci(lint): fix Crystal ameba bin + relax V fmt to advisory
...
- Crystal: shards install doesn't build dev-dep binaries. Build ameba
explicitly via crystal build lib/ameba/bin/ameba.cr -o bin/ameba so
the lint step finds it.
- V: vlang/setup-v installs a V build whose fmt rules drift from local
V 0.5.1 (same version string, different formatter behavior). Make
v fmt advisory and gate the job on v vet only.
2026-05-23 06:32:22 -04:00
CarterPerez-dev
2c5a80e80e
cracked
2026-05-23 05:16:34 -04:00
CarterPerez-dev
43a6899042
cracked
2026-05-23 05:05:36 -04:00
CarterPerez-dev
0006ddad3d
cracked
2026-05-23 05:01:01 -04:00
CarterPerez-dev
481e07bddd
fix api sec scanner
2026-05-22 15:13:18 -04:00
Carter Perez
6c2c40119f
Merge pull request #249 from CarterPerez-dev/dependabot/uv/PROJECTS/beginner/keylogger/idna-3.15
...
chore(deps): bump idna from 3.11 to 3.15 in /PROJECTS/beginner/keylogger
2026-05-22 14:19:22 -04:00
Carter Perez
871f18d9fe
Merge pull request #245 from CarterPerez-dev/dependabot/go_modules/PROJECTS/beginner/canary-token-generator/backend/github.com/redis/go-redis/v9-9.7.3
...
chore(deps): bump github.com/redis/go-redis/v9 from 9.7.0 to 9.7.3 in /PROJECTS/beginner/canary-token-generator/backend
2026-05-22 14:19:03 -04:00
Carter Perez
ac9ed2c0d4
Merge pull request #247 from CarterPerez-dev/dependabot/uv/PROJECTS/advanced/ai-threat-detection/backend/idna-3.15
...
chore(deps): bump idna from 3.11 to 3.15 in /PROJECTS/advanced/ai-threat-detection/backend
2026-05-22 14:18:49 -04:00
Carter Perez
2aa8efeb85
Merge pull request #248 from CarterPerez-dev/dependabot/uv/PROJECTS/advanced/api-rate-limiter/idna-3.15
...
chore(deps): bump idna from 3.11 to 3.15 in /PROJECTS/advanced/api-rate-limiter
2026-05-22 14:18:36 -04:00
Carter Perez
bab3440788
Merge pull request #250 from CarterPerez-dev/dependabot/uv/PROJECTS/advanced/bug-bounty-platform/backend/idna-3.15
...
chore(deps): bump idna from 3.11 to 3.15 in /PROJECTS/advanced/bug-bounty-platform/backend
2026-05-22 14:18:22 -04:00
Carter Perez
b5f3f726f4
Merge pull request #251 from CarterPerez-dev/dependabot/uv/PROJECTS/foundations/http-headers-scanner/idna-3.15
...
chore(deps): bump idna from 3.13 to 3.15 in /PROJECTS/foundations/http-headers-scanner
2026-05-22 14:18:08 -04:00
Carter Perez
46231c15ed
Merge pull request #252 from CarterPerez-dev/dependabot/uv/PROJECTS/advanced/encrypted-p2p-chat/backend/idna-3.15
...
chore(deps): bump idna from 3.11 to 3.15 in /PROJECTS/advanced/encrypted-p2p-chat/backend
2026-05-22 10:13:38 -04:00
Carter Perez
c1c4241638
Merge pull request #254 from CarterPerez-dev/dependabot/uv/PROJECTS/beginner/c2-beacon/backend/idna-3.15
...
chore(deps): bump idna from 3.11 to 3.15 in /PROJECTS/beginner/c2-beacon/backend
2026-05-22 10:13:20 -04:00
Carter Perez
688df30682
Merge pull request #255 from CarterPerez-dev/dependabot/uv/PROJECTS/advanced/ai-threat-detection/backend/mlflow-3.11.1
...
chore(deps): bump mlflow from 3.9.0 to 3.11.1 in /PROJECTS/advanced/ai-threat-detection/backend
2026-05-21 21:06:20 -04:00
dependabot[bot]
3474d7711b
chore(deps): bump mlflow
...
Bumps [mlflow](https://github.com/mlflow/mlflow ) from 3.9.0 to 3.11.1.
- [Release notes](https://github.com/mlflow/mlflow/releases )
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md )
- [Commits](https://github.com/mlflow/mlflow/compare/v3.9.0...v3.11.1 )
---
updated-dependencies:
- dependency-name: mlflow
dependency-version: 3.11.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-21 20:33:21 +00:00
dependabot[bot]
15a9429d0f
chore(deps): bump idna in /PROJECTS/beginner/c2-beacon/backend
...
Bumps [idna](https://github.com/kjd/idna ) from 3.11 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md )
- [Commits](https://github.com/kjd/idna/compare/v3.11...v3.15 )
---
updated-dependencies:
- dependency-name: idna
dependency-version: '3.15'
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-21 20:32:07 +00:00
dependabot[bot]
1e44bf6384
chore(deps): bump idna in /PROJECTS/advanced/encrypted-p2p-chat/backend
...
Bumps [idna](https://github.com/kjd/idna ) from 3.11 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md )
- [Commits](https://github.com/kjd/idna/compare/v3.11...v3.15 )
---
updated-dependencies:
- dependency-name: idna
dependency-version: '3.15'
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 16:30:52 +00:00
dependabot[bot]
d43054c523
chore(deps): bump idna in /PROJECTS/foundations/http-headers-scanner
...
Bumps [idna](https://github.com/kjd/idna ) from 3.13 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md )
- [Commits](https://github.com/kjd/idna/compare/v3.13...v3.15 )
---
updated-dependencies:
- dependency-name: idna
dependency-version: '3.15'
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 16:23:33 +00:00
dependabot[bot]
3897a542e6
chore(deps): bump idna in /PROJECTS/advanced/bug-bounty-platform/backend
...
Bumps [idna](https://github.com/kjd/idna ) from 3.11 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md )
- [Commits](https://github.com/kjd/idna/compare/v3.11...v3.15 )
---
updated-dependencies:
- dependency-name: idna
dependency-version: '3.15'
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 16:19:13 +00:00
dependabot[bot]
341d04a160
chore(deps): bump idna from 3.11 to 3.15 in /PROJECTS/beginner/keylogger
...
Bumps [idna](https://github.com/kjd/idna ) from 3.11 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md )
- [Commits](https://github.com/kjd/idna/compare/v3.11...v3.15 )
---
updated-dependencies:
- dependency-name: idna
dependency-version: '3.15'
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 16:08:43 +00:00
dependabot[bot]
360df54954
chore(deps): bump idna in /PROJECTS/advanced/api-rate-limiter
...
Bumps [idna](https://github.com/kjd/idna ) from 3.11 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md )
- [Commits](https://github.com/kjd/idna/compare/v3.11...v3.15 )
---
updated-dependencies:
- dependency-name: idna
dependency-version: '3.15'
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 15:59:27 +00:00
dependabot[bot]
9b4b6f7772
chore(deps): bump idna in /PROJECTS/advanced/ai-threat-detection/backend
...
Bumps [idna](https://github.com/kjd/idna ) from 3.11 to 3.15.
- [Release notes](https://github.com/kjd/idna/releases )
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.md )
- [Commits](https://github.com/kjd/idna/compare/v3.11...v3.15 )
---
updated-dependencies:
- dependency-name: idna
dependency-version: '3.15'
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 15:56:13 +00:00
dependabot[bot]
c9fda34256
chore(deps): bump github.com/go-git/go-git/v5
...
Bumps [github.com/go-git/go-git/v5](https://github.com/go-git/go-git ) from 5.19.0 to 5.19.1.
- [Release notes](https://github.com/go-git/go-git/releases )
- [Changelog](https://github.com/go-git/go-git/blob/main/HISTORY.md )
- [Commits](https://github.com/go-git/go-git/compare/v5.19.0...v5.19.1 )
---
updated-dependencies:
- dependency-name: github.com/go-git/go-git/v5
dependency-version: 5.19.1
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 15:38:06 +00:00
dependabot[bot]
3250ddbbe3
chore(deps): bump github.com/redis/go-redis/v9
...
Bumps [github.com/redis/go-redis/v9](https://github.com/redis/go-redis ) from 9.7.0 to 9.7.3.
- [Release notes](https://github.com/redis/go-redis/releases )
- [Changelog](https://github.com/redis/go-redis/blob/master/RELEASE-NOTES.md )
- [Commits](https://github.com/redis/go-redis/compare/v9.7.0...v9.7.3 )
---
updated-dependencies:
- dependency-name: github.com/redis/go-redis/v9
dependency-version: 9.7.3
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2026-05-19 14:18:33 +00:00
Carter Perez
b514050fac
Merge pull request #244 from CarterPerez-dev/dependabot/npm_and_yarn/PROJECTS/intermediate/api-security-scanner/frontend/ws-8.20.1
...
chore(deps): bump ws from 8.18.3 to 8.20.1 (via audit fix) in /PROJECTS/intermediate/api-security-scanner/frontend
2026-05-19 10:15:49 -04:00