Test vectors and evidence
Public evidence plan for crypto vectors, CLI checks, route smokes, and release verification.
Current evidence
Shhhs publishes implementation docs, OpenAPI, CLI/MCP references, deterministic crypto test vectors, route smokes, private-room smokes, and security smokes. These are useful review signals, not a substitute for an independent audit.
- OpenAPI route contract
- CLI/MCP hardening smoke
- Private Rooms product smoke
- Crypto vectors: /crypto-test-vectors.json
Published vector set
The current vector set uses synthetic deterministic values for base64url encoding, SHA-256 encoding, AES-GCM payload encryption, PBKDF2 passphrase key wrapping, and token-room key wrapping. It is verified by npm run crypto:vectors.
- AES-GCM-256 payload vector
- PBKDF2-SHA-256 passphrase wrapping vector
- Token-room wrapping vector
- Public JSON: /crypto-test-vectors.json
Release evidence
A release packet should include git commit, build command, CLI checksums, public route inventory, compliance check output, and post-deploy smoke results. Reports must redact secrets, tokens, private URLs, fragments, API keys, recovery codes, and passphrases.
- Commit and build command
- Checksums
- Post-deploy smoke
- Redacted report