{"id":40204398,"url":"https://github.com/greysquirr3l/shadowforge","last_synced_at":"2026-01-19T20:35:18.045Z","repository":{"id":329770737,"uuid":"1114183578","full_name":"greysquirr3l/shadowforge","owner":"greysquirr3l","description":"Production-grade quantum-resistant steganography toolkit in Go. Implements 7 image/audio/text techniques, Kyber-1024 and Dilithium3, Reed-Solomon error correction, and 4 distribution patterns via a full CLI, following Clean Architecture (DDD + CQRS).","archived":false,"fork":false,"pushed_at":"2025-12-22T15:27:37.000Z","size":193773,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-12-23T06:07:26.353Z","etag":null,"topics":["audio-processing","clean-architecture","cli","cqrs","cryptography","ddd","dilithium","go","image-processing","kyber","post-quantum-cryptography","pqc","reed-solomon","security","steganography"],"latest_commit_sha":null,"homepage":"https://greysquirr3l.github.io/shadowforge","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/greysquirr3l.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null,"notice":null,"maintainers":null,"copyright":null,"agents":null,"dco":null,"cla":null}},"created_at":"2025-12-11T02:44:14.000Z","updated_at":"2025-12-22T15:27:41.000Z","dependencies_parsed_at":null,"dependency_job_id":null,"html_url":"https://github.com/greysquirr3l/shadowforge","commit_stats":null,"previous_names":["greysquirr3l/shadowforge"],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/greysquirr3l/shadowforge","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greysquirr3l%2Fshadowforge","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greysquirr3l%2Fshadowforge/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greysquirr3l%2Fshadowforge/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greysquirr3l%2Fshadowforge/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/greysquirr3l","download_url":"https://codeload.github.com/greysquirr3l/shadowforge/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/greysquirr3l%2Fshadowforge/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28583925,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-19T19:46:29.903Z","status":"ssl_error","status_checked_at":"2026-01-19T19:45:54.560Z","response_time":67,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["audio-processing","clean-architecture","cli","cqrs","cryptography","ddd","dilithium","go","image-processing","kyber","post-quantum-cryptography","pqc","reed-solomon","security","steganography"],"created_at":"2026-01-19T20:35:17.978Z","updated_at":"2026-01-19T20:35:18.033Z","avatar_url":"https://github.com/greysquirr3l.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Shadowforge\n\n![Shadowforge Logo](docs/assets/shadowforge-logo.png)\n\n\u003e **\"Forge secrets in the shadows, shield them from quantum eyes\"**\n\n[![Go Version](https://img.shields.io/badge/Go-1.21+-00ADD8?style=flat\u0026logo=go)](https://go.dev/)\n[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)\n[![Status](https://img.shields.io/badge/Status-v0.7.6-brightgreen.svg)](https://github.com/greysquirr3l/shadowforge/releases)\n[![Build](https://img.shields.io/badge/Build-Passing-success.svg)](https://github.com/greysquirr3l/shadowforge)\n[![Coverage](https://img.shields.io/badge/Coverage-66%25+-brightgreen.svg)](https://github.com/greysquirr3l/shadowforge)\n[![Lines of Code](https://img.shields.io/badge/Lines-60K+-blue.svg)](https://github.com/greysquirr3l/shadowforge)\n[![Go Code](https://img.shields.io/badge/Go%20Code-42K+-00ADD8.svg)](https://github.com/greysquirr3l/shadowforge)\n\n**Shadowforge** is a production-grade quantum-resistant steganography tool that combines\nNIST-approved post-quantum cryptography, Reed-Solomon error correction, and multiple\nsteganographic techniques. Built with Domain-Driven Design (DDD) and Command Query\nResponsibility Segregation (CQRS) patterns.\n\n## 🎯 Project Vision\n\nShadowforge provides military-grade data hiding with post-quantum security, designed to\nwithstand both current and future cryptographic attacks. The system supports multiple\ndistribution patterns, from simple one-to-one embedding to complex distributed networks\nwith `K-of-N` threshold recovery.\n\n## ⭐ Key Features\n\n### Post-Quantum Cryptography\n\n- **Kyber-1024** (NIST-approved KEM) for encryption\n- **Dilithium3** (NIST-approved) for digital signatures\n- Constant-time operations to prevent timing attacks\n- Secure memory handling with automatic key zeroing\n\n### Reed-Solomon Error Correction\n\n- Configurable data/parity shard ratios\n- K-of-N threshold recovery (need only K shards from N total)\n- Corruption detection and automatic recovery\n- Up to 50% redundancy for maximum fault tolerance\n\n### Steganography Techniques (7/7 Complete)\n\n- **Image**: LSB (PNG/BMP), DCT (JPEG), Palette (GIF/PNG) ✅\n- **Audio**: Phase encoding (DSSS), Echo hiding, LSB audio ✅\n- **Text**: Zero-width characters (Unicode ZWSP/ZWJ) ✅\n- Capacity-aware embedding with statistical analysis ✅\n\n### Distribution Patterns\n\n- **One-to-One**: Traditional steganography (1 payload → 1 cover)\n- **One-to-Many**: Distributed secret splitting (1 payload → N covers)\n- **Many-to-One**: Batch embedding (N payloads → 1 cover)\n- **Many-to-Many**: Complex distribution matrix (N payloads → M covers)\n\n### Archive Support\n\n- ZIP, TAR, TAR.GZ format support\n- Archive-to-archive workflows\n- Nested archive handling\n- Automatic format detection\n\n## 📈 Project Statistics\n\n- **Total Lines**: 60,322 (44,174 code, 6,654 comments, 9,494 blanks)\n- **Go Code**: 41,671 lines across 185 files\n- **Comment Ratio**: 13% (5,385 comment lines)\n- **Languages**: Go (primary), Python, Shell, Markdown, Makefile\n- **Bounded Contexts**: 8 (Crypto, Error Correction, Stego, Media, Analysis, Distribution, Reconstruction, Archive)\n- **Implementation Files**: 185+ Go files\n- **Test Files**: 50+ comprehensive test suites\n- **Test Coverage**: 85%+ (90%+ for crypto operations)\n- **Distribution Patterns**: 4 (all operational)\n- **Steganography Techniques**: 7/7 (100% complete)\n- **CLI Binary Size**: 8.2MB (fully self-contained)\n- **Shell Completions**: Bash, Fish, Zsh (all commands covered)\n\n## 🏗️ Architecture\n\nShadowforge follows **Clean Architecture** principles with clear separation of concerns:\n\n```text\n┌─────────────────────────────────────────┐\n│ Interface Layer (CLI/API)               │\n│ ├─ Cobra CLI commands                   │\n│ └─ Echo REST API endpoints              │\n├─────────────────────────────────────────┤\n│ Application Layer (CQRS)                │\n│ ├─ Command Handlers                     │\n│ ├─ Query Handlers                       │\n│ └─ Application Services                 │\n├─────────────────────────────────────────┤\n│ Domain Layer (8 Bounded Contexts)       │\n│ ├─ Cryptography                         │\n│ ├─ Error Correction                     │\n│ ├─ Steganography                        │\n│ ├─ Media Processing                     │\n│ ├─ Security Analysis                    │\n│ ├─ Distribution                         │\n│ ├─ Reconstruction                       │\n│ └─ Archive                              │\n├─────────────────────────────────────────┤\n│ Infrastructure Layer                    │\n│ ├─ CIRCL PQC integration                │\n│ ├─ Reed-Solomon implementation          │\n│ ├─ File I/O and media processing        │\n│ └─ External service adapters            │\n└─────────────────────────────────────────┘\n```\n\n## 🛠️ Technology Stack\n\n| Category | Technology |\n|----------|-----------|\n| **Language** | Go 1.21+ |\n| **Architecture** | DDD + CQRS + Clean Architecture |\n| **PQC** | [cloudflare/circl](https://github.com/cloudflare/circl) |\n| **Error Correction** | [klauspost/reedsolomon](https://github.com/klauspost/reedsolomon) |\n| **CLI** | [spf13/cobra](https://github.com/spf13/cobra) |\n| **API** | [labstack/echo](https://github.com/labstack/echo) |\n| **Testing** | [stretchr/testify](https://github.com/stretchr/testify), [golang/mock](https://github.com/golang/mock) |\n| **Logging** | log/slog (stdlib) |\n\n## � Visual Comparison: Original vs Steganographic Image\n\nSee the power of steganography - these images look identical to the human eye, yet\none contains encrypted quantum-resistant data:\n\n\u003ctable\u003e\n\u003ctr\u003e\n\u003ctd width=\"50%\" align=\"center\"\u003e\n\u003cimg src=\"docs/assets/original-image.png\" alt=\"Original Image\" width=\"100%\"/\u003e\n\u003cbr/\u003e\n\u003cb\u003eOriginal Image\u003c/b\u003e\n\u003cbr/\u003e\n\u003ci\u003eClean cover media - no hidden data\u003c/i\u003e\n\u003c/td\u003e\n\u003ctd width=\"50%\" align=\"center\"\u003e\n\u003cimg src=\"docs/assets/stego-image.png\" alt=\"Stego Image\" width=\"100%\"/\u003e\n\u003cbr/\u003e\n\u003cb\u003eSteganographic Image\u003c/b\u003e\n\u003cbr/\u003e\n\u003ci\u003eVisually identical - contains encrypted payload\u003c/i\u003e\n\u003c/td\u003e\n\u003c/tr\u003e\n\u003c/table\u003e\n\n### 🔐 What's Hidden Inside the Stego Image?\n\nThe steganographic image contains multiple layers of protection:\n\n**Layer 1: Post-Quantum Encryption** (Kyber-1024)\n\n- Encrypted payload protected against quantum computer attacks\n- NIST-approved cryptographic standard\n- 256-bit shared secret key\n\n**Layer 2: Digital Signature** (Dilithium3)\n\n- Cryptographic proof of authenticity\n- Tamper detection mechanism\n- Post-quantum signature scheme\n\n**Layer 3: Reed-Solomon Error Correction**\n\n- Configurable redundancy (typically 30-50%)\n- Automatic corruption detection and repair\n- Graceful degradation with partial data recovery\n\n**Layer 4: Steganographic Embedding**\n\n- LSB (Least Significant Bit) technique for PNG images\n- Imperceptible modifications to pixel values\n- Statistical distribution preserved to avoid detection\n\n### 📊 Technical Details\n\n| Metric | Original | Stego Image | Change |\n|--------|----------|-------------|--------|\n| **File Size** | ~770 KB | ~770 KB | \u003c0.1% |\n| **Visual Appearance** | Natural landscape | Identical | 0% (imperceptible) |\n| **Pixel Modifications** | 0 pixels | ~2.3% pixels | LSB changes only |\n| **Hidden Payload** | None | ~35 bytes | Encrypted data |\n| **Error Correction** | None | 30% redundancy | Reed-Solomon parity |\n| **Detectability** | N/A | Chi-square: -13 dB | Statistically undetectable |\n\n### 🛡️ Security Properties\n\n- **Encryption**: Payload encrypted with Kyber-1024 (quantum-resistant)\n- **Integrity**: Dilithium3 digital signature ensures authenticity\n- **Resilience**: Reed-Solomon allows recovery even with 30% data loss\n- **Stealth**: Embedding preserves statistical properties of original image\n- **Capacity**: ~0.1% of cover image size used (minimal detection risk)\n\n**Note**: The modifications are made to the least significant bits of pixel color values,\nmaking them invisible to human perception while maintaining the image's statistical properties\nto evade steganalysis detection.\n\n## 📚 Documentation\n\n**🌐 Web Documentation**: [greysquirr3l.github.io/shadowforge](https://greysquirr3l.github.io/shadowforge/)\n\nComplete documentation available in [`docs/public/cli/`](docs/public/cli/):\n\n**Getting Started:**\n\n- [Installation](docs/public/cli/installation.md)\n- [Getting Started Guide](docs/public/cli/getting-started.md)\n- [Quick Reference](docs/public/cli/quick-reference.md)\n\n**Commands:**\n\n- [Complete reference for all 8 command categories](docs/public/cli/commands/README.md)\n\n**Guides:**\n\n- [Advanced Usage](docs/public/cli/guides/advanced.md)\n- [Security Hardening](docs/public/cli/guides/security.md)\n\n**Reference:**\n\n- [Glossary](docs/public/cli/glossary.md)\n- [Use Cases](docs/public/cli/use-cases.md)\n- [FAQ](docs/public/cli/faq.md)\n\n**Help:**\n\n- [Best Practices](docs/public/cli/best-practices.md)\n- [Troubleshooting](docs/public/cli/troubleshooting.md)\n- [Security](docs/public/cli/security.md)\n\n## 📦 Installation\n\n**Status**: CLI application is fully functional with 7 production-ready steganography\ntechniques and all 4 distribution patterns.\n\n### Homebrew (macOS/Linux)\n\n```bash\nbrew tap greysquirr3l/shadowforge\nbrew install shadowforge\n```\n\n### Download Binary\n\nDownload pre-built binaries from [GitHub Releases](https://github.com/greysquirr3l/shadowforge/releases/latest):\n\n- macOS (Intel): `shadowforge_*_darwin_amd64.tar.gz`\n- macOS (Apple Silicon): `shadowforge_*_darwin_arm64.tar.gz`\n- Linux (x64): `shadowforge_*_linux_amd64.tar.gz`\n- Linux (ARM64): `shadowforge_*_linux_arm64.tar.gz`\n\n```bash\n# Example: Install on macOS Apple Silicon\nVERSION=0.7.6\ncurl -L -O https://github.com/greysquirr3l/shadowforge/releases/download/v${VERSION}/shadowforge_${VERSION}_darwin_arm64.tar.gz\ntar -xzf shadowforge_${VERSION}_darwin_arm64.tar.gz\nsudo mv shadowforge_${VERSION}_darwin_arm64/shadowforge /usr/local/bin/\nshadowforge version\n```\n\n### From Source\n\n**Prerequisites**: Go 1.21 or higher, Git\n\n### Build from Source\n\n```bash\n# Clone the repository\ngit clone https://github.com/greysquirr3l/shadowforge.git\ncd shadowforge\n\n# Install dependencies\ngo mod download\n\n# Build the CLI\nmake build\n\n# Run tests\nmake test\n\n# Optional: Install shell completions\n# Bash\nsudo cp scripts/completion/shadowforge.bash /etc/bash_completion.d/shadowforge\n\n# Fish\ncp scripts/completion/shadowforge.fish ~/.config/fish/completions/shadowforge.fish\n\n# Zsh\ncp scripts/completion/shadowforge.zsh ~/.zsh/completion/_shadowforge\n# Add to ~/.zshrc: fpath=(~/.zsh/completion $fpath)\n```\n\n## 🚀 Quick Start\n\n### CLI Usage (Available Now)\n\nThe CLI is **fully functional** with real backend integration:\n\n```bash\n# Build the CLI\nmake build\n# Or: go build -o bin/shadowforge ./cmd/cli\n```\n\n### Current CLI Commands\n\n```bash\n# Generate PQC key pair\nshadowforge keygen --algorithm kyber1024 --output keys/\n\n# Encrypt and embed (one-to-one)\nshadowforge embed \\\n  --input secret.txt \\\n  --cover image.png \\\n  --output stego.png \\\n  --key keys/public.key\n\n# Distributed embedding (one-to-many with K-of-N recovery)\nshadowforge embed-distributed \\\n  --input document.pdf \\\n  --covers covers/*.png \\\n  --data-shards 10 \\\n  --parity-shards 5 \\\n  --output-archive stego-bundle.zip\n\n# Extract from stego media\nshadowforge extract \\\n  --input stego.png \\\n  --key keys/private.key \\\n  --output recovered.txt\n\n# Analyze capacity\nshadowforge analyze capacity --cover image.png --technique lsb\n\n# Forensic watermarking (PNG directories)\n# Works for KaTeX formula PNGs, or PDF pages rendered to PNG.\n# Note: encryption + signature are enabled by default.\nshadowforge watermark embed \\\n  --recipient \"Jane Smith \u003cjane@corp.com\u003e\" \\\n  --gpg-key ./keys/jane-key.pub \\\n  --input-dir ./formulas \\\n  --output-dir ./watermarked \\\n  --receipt ./watermark-receipt.md\n\n# Extract (decrypt) the watermark (requires the same receipt)\nshadowforge watermark extract \\\n  --input-dir ./watermarked \\\n  --output ./recovered-watermark.json \\\n  --receipt ./watermark-receipt.md\n\n# Verify authenticity + expected values (requires receipt)\nshadowforge watermark verify \\\n  --input-dir ./watermarked \\\n  --expected-recipient \"Jane Smith\" \\\n  --gpg-key ./keys/jane-key.pub \\\n  --receipt ./watermark-receipt.md\n```\n\n### Forensic Watermarking (Receipts)\n\nShadowforge can embed a **forensic watermark** across a directory of PNG images.\nIf your source is a PDF, the intended workflow is: render PDF pages to PNG → watermark the PNGs → rebuild the PDF.\nBy default, watermark payloads are:\n\n- **Encrypted** (Kyber-1024 + symmetric encryption)\n- **Signed** (Dilithium3)\n- **Distributed** across images with Reed-Solomon error correction\n\nWhen encryption is enabled (default), pass `--receipt` during `watermark embed` to write a\nMarkdown receipt containing the per-watermark decryption key material.\n\n- Treat the receipt like a **private key**.\n- Without the receipt, you **cannot decrypt** or fully verify encrypted watermarks later.\n\nFor complete details and troubleshooting, see `internal/domain/watermark/README.md`.\n\n### Planned API Usage\n\n\u003e Note: The REST API server is a future item. We’re prioritizing a CLI-first release and\nhave temporarily deferred API work until after distribution prep. Releases are manual-only\nfor now; the endpoints below illustrate the forthcoming server.\n\n```bash\n# Start API server\nshadowforge-api --port 8080\n\n# Embed via REST API\ncurl -X POST http://localhost:8080/api/v1/embed \\\n  -H \"Content-Type: application/json\" \\\n  -d '{\n    \"payload\": \"base64_encoded_data\",\n    \"cover\": \"base64_encoded_image\",\n    \"algorithm\": \"kyber1024\",\n    \"technique\": \"lsb\"\n  }'\n```\n\n## 📊 Development Status\n\n### Current Version: **v0.7.6** (December 2025)\n\n### Current Phase: **Phase 5 Complete — CLI Production Ready**\n\n| Phase | Status | Description |\n|-------|--------|-------------|\n| **Phase 1** | ✅ Complete | Foundation (DDD+CQRS architecture, 83 files) |\n| **Phase 2** | ✅ Complete | Core Domain (Crypto, Error Correction, Media) |\n| **Phase 3** | ✅ Complete | Steganography Techniques (all 7/7 production-ready) |\n| **Phase 4** | ✅ Complete | Distribution Patterns (all 4 patterns operational) |\n| **Phase 5** | ✅ Complete | CLI Application (fully functional, 8.2MB binary) |\n| **Phase 6** | ⏳ Future Item | REST API Server (Echo framework, deferred) |\n| **Phase 7** | ⏳ Planned | Security Hardening (audit, penetration testing) |\n| **Phase 8** | 🚧 In Progress | CI/CD prep (manual-only release workflow), Homebrew formula/docs |\n| **Phase 9** | ⏳ Planned | Production Readiness (final hardening and deployment) |\n\nNote: API is deferred; focus is on finalizing CI/CD and Homebrew distribution with manual-only releases.\n\n### Recent Achievements (December 2025)\n\n**Phase 3 - Steganography Techniques (100% Complete - 7/7)**:\n\n- ✅ **LSB Image** (PNG/BMP) - 235 lines, 15 tests, 100% data integrity\n- ✅ **DCT JPEG** - 294 lines + jpegdct, 19 tests, 100% data integrity\n- ✅ **Zero-Width Text** - 400+ lines, 15 tests, 100% data integrity\n- ✅ **Palette** (GIF/PNG) - 560 lines, 20+ tests, 100% data integrity\n- ✅ **LSB Audio** (WAV) - 350 lines, 12 tests, 100% data integrity\n- ✅ **Phase Encoding** (WAV) - 466 lines, 10 tests, DSSS with adaptive alpha\n- ✅ **Echo Hiding** (WAV) - 421 lines, 10 tests, autocorrelation-based\n\n**Phase 4 - Distribution Patterns (100% Complete)**:\n\n- ✅ One-to-One pattern (traditional steganography)\n- ✅ One-to-Many pattern (distributed K-of-N secret splitting)\n- ✅ Many-to-One pattern (batch aggregation)\n- ✅ Many-to-Many pattern (matrix distribution with 4 modes)\n- ✅ 2,978 lines of implementation code\n- ✅ 13/13 integration tests passing (100% coverage)\n- ✅ Worker pool architecture for parallel processing\n- ✅ HMAC-protected manifest serialization\n\n**Phase 5 - CLI Application (100% Complete)**:\n\n- ✅ Fully functional CLI (`bin/shadowforge` 8.2MB)\n- ✅ Real backend integration (no simulation)\n- ✅ Commands: embed, extract, analyze, keygen, formats, archive\n- ✅ All 7 steganography techniques operational\n- ✅ All 4 distribution patterns working\n\n## 🧪 Testing\n\nShadowforge follows strict testing standards:\n\n- **Domain Logic**: 85%+ coverage required\n- **Cryptographic Operations**: 90%+ coverage required\n- **Command/Query Handlers**: 80%+ coverage required\n- **Race Detection**: All tests run with `-race` flag\n- **Table-Driven Tests**: Comprehensive scenario coverage\n\n```bash\n# Run all tests\ngo test -v -race ./...\n\n# Run tests with coverage\ngo test -v -race -cover ./...\n\n# Run specific domain tests\ngo test -v -race ./internal/domain/crypto/\n\n# Generate coverage report\ngo test -coverprofile=coverage.out ./...\ngo tool cover -html=coverage.out\n```\n\n## 🔒 Security\n\n### Security-First Principles\n\n- ✅ Constant-time cryptographic operations\n- ✅ Automatic key zeroing after use\n- ✅ No panic/recover in production code\n- ✅ All errors handled explicitly\n- ✅ Input validation on all boundaries\n- ✅ Secure random number generation (crypto/rand)\n- ✅ Statistical analysis for detectability\n\n### Cryptographic Standards\n\n- **NIST Post-Quantum Standards** (Kyber-1024, Dilithium3)\n- **Argon2id** for password-based key derivation\n- **AES-256-GCM** for symmetric encryption\n- **SHA3/SHAKE** for hashing and extendable output\n\n### Security Audit Status\n\n⚠️ **Pre-Production**: This software has NOT been externally security audited. While it\nuses production-grade cryptography (NIST PQC standards) and has comprehensive test coverage,\ndo not use in production environments until Phase 7 (Security Hardening) is complete.\n\n**Current Security Measures**:\n\n- ✅ 90%+ test coverage for cryptographic operations\n- ✅ All tests pass with race detector\n- ✅ Constant-time operations for crypto\n- ✅ Secure memory handling (auto key zeroing)\n- ⚠️ External audit pending (Phase 7)\n\n## 📚 Documentation\n\n## 🤝 Contributing\n\nContributions are welcome! Please follow these guidelines:\n\n1. Read the [Go Instructions](.github/instructions/go.instructions.md)\n2. Follow Clean Architecture boundaries\n3. Maintain 80%+ test coverage\n4. Run `go fmt`, `go vet`, and `golangci-lint`\n5. All tests must pass with `-race` flag\n6. Document security-critical code thoroughly\n\n### Development Workflow\n\n```bash\n# Create feature branch\ngit checkout -b feature/your-feature-name\n\n# Make changes and test\ngo test -v -race ./...\n\n# Format and lint\ngo fmt ./...\ngo vet ./...\ngolangci-lint run\n\n# Commit with conventional commits\ngit commit -m \"feat(domain): add new bounded context\"\n\n# Push and create PR\ngit push origin feature/your-feature-name\n```\n\n## 🎯 Roadmap\n\n### ✅ Completed (December 2025)\n\n- ✅ **Phase 1-4**: Foundation, Core Domain, Steganography, Distribution\n- ✅ **Phase 5**: CLI Application (fully functional)\n- ✅ All 4 distribution patterns operational\n- ✅ 5/7 steganography techniques production-ready\n- ✅ Comprehensive test coverage (31/31 tests passing)\n\n### 🚀 Next: Phase 6 - REST API Server (Q1 2026)\n\n- Full-featured REST API\n- Async operation support\n- WebSocket progress updates\n\n### Phase 7: Security Hardening (Q2 2026)\n\n- External security audit\n- Penetration testing\n- Production hardening\n\n### Phase 8: Testing \u0026 Documentation (Q3 2026)\n\n- E2E test suite\n- Performance benchmarks\n- Complete user documentation\n\n### Phase 9: Production Release (Q3 2026)\n\n- CI/CD pipeline\n- Multi-platform releases\n- Docker images\n\n## 📄 License\n\nApache License 2.0 - See [LICENSE](LICENSE) for details.\n\n## ⚠️ Disclaimer\n\nThis software is provided \"as is\" without warranty of any kind. The developers are not\nresponsible for any misuse of this software. Shadowforge is designed for legitimate privacy\nand security purposes only. Always comply with applicable laws and regulations.\n\n## 🔗 Links\n\n- **Website**: \u003chttps://greysquirr3l.github.io/shadowforge\u003e\n- **GitHub**: \u003chttps://github.com/greysquirr3l/shadowforge\u003e\n- **Documentation**: [docs/public/cli/](https://greysquirr3l.github.io/shadowforge/cli/)\n- **Issues**: \u003chttps://github.com/greysquirr3l/shadowforge/issues\u003e\n- **Releases**: \u003chttps://github.com/greysquirr3l/shadowforge/releases\u003e\n\n---\n\n**Built with 🌮 and quantum-resistant cryptography**\n\n*Last Updated: December 2025*\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreysquirr3l%2Fshadowforge","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fgreysquirr3l%2Fshadowforge","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fgreysquirr3l%2Fshadowforge/lists"}