apptly-oss
diff --git a/‎.gitignore‎
Lines changed: 50 additions & 0 deletions b/‎.gitignore‎
Lines changed: 50 additions & 0 deletions
diff --git a/‎LICENSE‎
Lines changed: 21 additions & 0 deletions b/‎LICENSE‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎Makefile‎
Lines changed: 180 additions & 0 deletions b/‎Makefile‎
Lines changed: 180 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 74 additions & 0 deletions b/‎README.md‎
Lines changed: 74 additions & 0 deletions
@@ -0,0 +1,50 @@
+# Binaries for programs and plugins
+*.exe
+*.exe~
+*.dll
+*.so
+*.dylib
+
+# Test binary, built with `go test -c`
+*.test
+
+# Output of the go coverage tool
+*.out
+coverage.out
+coverage.html
+
+# Dependency directories
+vendor/
+
+# Go workspace file
+go.work
+
+# IDE specific files
+.vscode/
+.idea/
+*.swp
+*.swo
+*~
+
+# OS specific files
+.DS_Store
+Thumbs.db
+
+# Build artifacts
+securelog
+bin/
+dist/
+
+# Test data
+testdata/tmp*
+*.db
+*.dat
+*.idx
+
+# Logs
+*.log
+revive.log
+
+# Temporary files
+tmp/
+temp/
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Nagy Károly Gábriel <k@jpi.io>
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,180 @@
+# Makefile for SecureLog - Dual MAC Secure Logging System
+# https://github.com/karasz/securelog
+
+.PHONY: all build test lint fmt vet revive clean install help spell
+
+# Go parameters
+GOCMD=go
+GOBUILD=$(GOCMD) build
+GOTEST=$(GOCMD) test
+GOGET=$(GOCMD) get
+GOFMT=$(GOCMD) fmt
+GOVET=$(GOCMD) vet
+GOMOD=$(GOCMD) mod
+
+# Binary name
+BINARY_NAME=securelog
+
+# Build flags
+LDFLAGS=-ldflags "-s -w"
+
+# Default target
+all: fmt vet lint test build
+
+## help: Show this help message
+help:
+	@echo 'Usage:'
+	@echo '  make [target]'
+	@echo ''
+	@echo 'Targets:'
+	@sed -n 's/^##//p' ${MAKEFILE_LIST} | column -t -s ':' | sed -e 's/^/ /'
+
+## build: Build the project
+build:
+	@echo "Building..."
+	$(GOBUILD) $(LDFLAGS) -v ./...
+
+## test: Run tests
+test:
+	@echo "Running tests..."
+	$(GOTEST) -v -race -coverprofile=coverage.out ./...
+	@echo ""
+	@echo "Coverage summary:"
+	@$(GOCMD) tool cover -func=coverage.out | tail -1
+
+## test-short: Run tests without race detector (faster)
+test-short:
+	@echo "Running tests (short)..."
+	$(GOTEST) -v ./...
+
+## coverage: Run tests and show coverage report in browser
+coverage: test
+	@echo "Opening coverage report in browser..."
+	$(GOCMD) tool cover -html=coverage.out
+
+## bench: Run benchmarks
+bench:
+	@echo "Running benchmarks..."
+	$(GOTEST) -bench=. -benchmem ./...
+
+## fmt: Format Go code
+fmt:
+	@echo "Formatting code..."
+	@$(GOFMT) ./...
+	@echo "Code formatted successfully"
+
+## vet: Run go vet
+vet:
+	@echo "Running go vet..."
+	@$(GOVET) ./...
+	@echo "go vet passed"
+
+## lint: Run linters (revive + staticcheck)
+lint: revive staticcheck
+
+## revive: Run revive linter
+revive:
+	@echo "Running revive..."
+	@if ! command -v revive > /dev/null 2>&1; then \
+		if [ -f $(HOME)/go/bin/revive ]; then \
+			$(HOME)/go/bin/revive -config revive.toml -formatter friendly -exclude proto/... ./...; \
+		else \
+			echo "Installing revive..." && $(GOGET) github.com/mgechev/revive@latest && $(HOME)/go/bin/revive -config revive.toml -formatter friendly -exclude proto/... ./...; \
+		fi \
+	else \
+		revive -config revive.toml -formatter friendly -exclude proto/... ./...; \
+	fi
+
+## staticcheck: Run staticcheck
+staticcheck:
+	@echo "Running staticcheck..."
+	@if ! command -v staticcheck > /dev/null 2>&1; then \
+		if [ -f $(HOME)/go/bin/staticcheck ]; then \
+			$(HOME)/go/bin/staticcheck ./...; \
+		else \
+			echo "Installing staticcheck..." && $(GOGET) honnef.co/go/tools/cmd/staticcheck@latest && $(HOME)/go/bin/staticcheck ./...; \
+		fi \
+	else \
+		staticcheck ./...; \
+	fi
+
+## spell: Run spell checker (cspell)
+spell:
+	@echo "Running spell checker..."
+	@if ! command -v cspell > /dev/null 2>&1; then \
+		echo "cspell not found. Install with: npm install -g cspell"; \
+		echo "Or use: npx cspell"; \
+		exit 1; \
+	fi
+	@cspell --no-progress "**/*.{go,md,txt,toml,yml,yaml}" --exclude "vendor/**" --exclude "*.log"
+
+## check: Run all checks (fmt, vet, lint, spell, test)
+check: fmt vet lint spell test
+	@echo ""
+	@echo "✓ All checks passed!"
+
+## clean: Remove build artifacts and test files
+clean:
+	@echo "Cleaning..."
+	@rm -f $(BINARY_NAME)
+	@rm -f coverage.out
+	@rm -rf testdata/tmp*
+	@$(GOCMD) clean -testcache
+	@echo "Cleaned successfully"
+
+## deps: Download dependencies
+deps:
+	@echo "Downloading dependencies..."
+	@$(GOMOD) download
+	@$(GOMOD) tidy
+
+## deps-update: Update dependencies
+deps-update:
+	@echo "Updating dependencies..."
+	@$(GOGET) -u ./...
+	@$(GOMOD) tidy
+
+## install-tools: Install development tools
+install-tools:
+	@echo "Installing development tools..."
+	@$(GOGET) github.com/mgechev/revive@latest
+	@$(GOGET) honnef.co/go/tools/cmd/staticcheck@latest
+	@$(GOGET) github.com/securego/gosec/v2/cmd/gosec@latest
+	@echo ""
+	@echo "Go tools installed successfully"
+	@echo ""
+	@echo "To install cspell (spell checker), run:"
+	@echo "  npm install -g cspell"
+	@echo "Or use npx: npx cspell"
+
+## verify: Verify dependencies and check for issues
+verify:
+	@echo "Verifying dependencies..."
+	@$(GOMOD) verify
+	@echo "Dependencies verified"
+
+## security: Run security checks with gosec
+security:
+	@echo "Running security checks..."
+	@if ! command -v gosec > /dev/null 2>&1; then \
+		if [ -f $(HOME)/go/bin/gosec ]; then \
+			$(HOME)/go/bin/gosec -quiet ./...; \
+		else \
+			echo "Installing gosec..." && $(GOGET) github.com/securego/gosec/v2/cmd/gosec@latest && $(HOME)/go/bin/gosec -quiet ./...; \
+		fi \
+	else \
+		gosec -quiet ./...; \
+	fi
+
+## ci: Run CI pipeline (fmt, vet, lint, spell, test)
+ci: deps verify fmt vet lint spell test
+	@echo ""
+	@echo "✓ CI pipeline completed successfully!"
+
+## doc: Generate and serve documentation
+doc:
+	@echo "Starting documentation server at http://localhost:6060"
+	@which godoc > /dev/null || (echo "Installing godoc..." && $(GOGET) golang.org/x/tools/cmd/godoc@latest)
+	@godoc -http=:6060
+
+.DEFAULT_GOAL := help
@@ -0,0 +1,74 @@
+# securelog — Dual MAC Private-Verifiable Secure Logger (Go)
+
+[![Go Reference](https://pkg.go.dev/badge/github.com/karasz/securelog.svg)](https://pkg.go.dev/github.com/karasz/securelog)
+[![Go Report Card](https://goreportcard.com/badge/github.com/karasz/securelog)](https://goreportcard.com/report/github.com/karasz/securelog)
+[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
+
+SecureLog is a production-focused implementation of the Dual MAC private-verifiable logging protocol. It keeps audit trails append-only, forward-secure, and verifiable by both semi-trusted auditors and a trusted authority. For the full academic background, see [doc/ACADEMICS.md](doc/ACADEMICS.md).
+
+## Highlights
+- Dual MAC chains (`μ_V`, `μ_T`) to catch tampering by compromised verifiers.
+- Forward-secure key evolution with per-entry key rotation.
+- Pluggable transports (folder, HTTP, local) and storage backends (POSIX files, SQLite).
+- Pure Go, no CGO requirements in the default configuration.
+
+## Quick Start
+
+```go
+package main
+
+import (
+	"log"
+	"time"
+
+	"github.com/karasz/securelog"
+)
+
+func main() {
+	store, _ := securelog.OpenFileStore("/var/log/securelog")
+	logger, _ := securelog.New(securelog.Config{AnchorEvery: 100}, store)
+
+	commit, openMsg, _ := logger.InitProtocol("app-log-001")
+
+	// transmit commit/openMsg to the trusted server here
+	_ = commit
+	_ = openMsg
+
+	logger.Append([]byte("user login: alice"), time.Now())
+	logger.Append([]byte("file access: /etc/passwd"), time.Now())
+
+	closeMsg, _ := logger.CloseProtocol("app-log-001")
+	log.Printf("final tag: %x", closeMsg.FinalTagT)
+}
+```
+
+For end-to-end examples (including transports) check the `example_*.go` files.
+
+## Storage Backends
+- **File store (default)** — append-only binary format with POSIX locks; ideal for production.
+- **SQLite store** — ACID semantics and ad-hoc queries via SQLite (`modernc.org/sqlite`).
+
+Both implement the same `Store` interface, so swapping backends is a one-line change.
+
+## Transports
+- **Folder transport** for local/offline workflows.
+- **HTTP transport** for remote trusted servers.
+- **Local transport** for in-process testing.
+
+Detailed diagrams and usage notes live in [doc/TRANSPORT.md](doc/TRANSPORT.md).
+
+## Documentation
+- [doc/ACADEMICS.md](doc/ACADEMICS.md) — paper references and detailed research context.
+- [doc/TRANSPORT.md](doc/TRANSPORT.md) — transport layer protocol and folder layout.
+- `example_*.go` — runnable snippets that stitch storage, transports, and verifiers together.
+
+## Development
+
+```
+make fmt        # gofmt on the tree
+make lint       # revive + staticcheck + gosec
+make test       # go test -race -cover ./...
+make check      # run the full battery (fmt, vet, lint, spell, test)
+```
+
+Go 1.21 or newer is recommended.