johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: auto-commit uncommitted changes

This commit is contained in:
James 2026-03-23 06:01:43 -04:00
parent 6d79638ef3
commit db489c0dd1
402 changed files with 270 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

96
clovis/Makefile Normal file
View File

@ -0,0 +1,96 @@
# Clovis — build pipeline
# FIPS 140-3: BoringCrypto via GOEXPERIMENT=boringcrypto
# Requires Go 1.24+ (verified: go1.24.0)
#
# Usage:
# make deploy — build + test + restart vault
# make deploy-vault — build + test + restart vault only
# make cli — build CLI binary
# make status — check what's running
GOEXPERIMENT := boringcrypto
export GOEXPERIMENT
VAULT_DIR := clovis-vault
CLI_DIR := clovis-cli
CRYPTO_DIR := clovis-crypto
VAULT_BIN := $(VAULT_DIR)/clavitor
CLI_BIN := $(CLI_DIR)/clovis-cli
VAULT_ENTRY := ./cmd/clavitor
LDFLAGS := -s -w
GOFLAGS := -trimpath
.PHONY: all vault cli test clean deploy deploy-vault \
restart restart-vault stop stop-vault status verify-fips
# --- build ---
all: vault cli
vault:
cp $(CRYPTO_DIR)/*.js $(VAULT_DIR)/cmd/vault1984/web/ 2>/dev/null || true
sed -i 's/__BUILD_TIME__/$(shell date -u +%Y%m%d-%H%M%S)/' $(VAULT_DIR)/cmd/vault1984/web/index.html 2>/dev/null || true
cd $(VAULT_DIR) && go build $(GOFLAGS) -ldflags '$(LDFLAGS)' -o clavitor $(VAULT_ENTRY)
@echo "built $(VAULT_BIN) (FIPS)"
cli:
$(MAKE) -C $(CLI_DIR)
@strip $(CLI_BIN) 2>/dev/null || true
@echo "built $(CLI_BIN) ($$(wc -c < $(CLI_BIN)) bytes, stripped)"
# --- test ---
test:
cd $(VAULT_DIR) && go test ./api/... -v
# --- deploy ---
deploy: vault cli test verify-fips restart-vault
@echo "--- deployed ---"
deploy-vault: vault test verify-fips restart-vault
@echo "--- vault deployed ---"
# --- verify ---
verify-fips: verify-fips-vault
verify-fips-vault:
@go version -m $(VAULT_BIN) | grep -q 'GOEXPERIMENT=boringcrypto' && echo "vault: FIPS 140-3 (BoringCrypto) ✓" || { echo "vault: BoringCrypto NOT linked ✗"; exit 1; }
# --- process management ---
stop-vault:
@pkill -f './clavitor$$' 2>/dev/null || pkill -f 'clovis-vault/clavitor$$' 2>/dev/null || true
@sleep 0.5
stop: stop-vault
restart-vault: stop-vault
cd $(VAULT_DIR) && set -a && . ./.env && set +a && nohup ./clavitor > /tmp/clovis-vault.log 2>&1 &
@sleep 1
@ss -tlnp | grep -q ':1984' && echo "vault running on :1984 ✓" || { echo "vault failed to start ✗"; cat /tmp/clovis-vault.log; exit 1; }
restart: restart-vault
status:
@echo "--- processes ---"
@ps aux | grep -E '(clavitor|clovis)' | grep -v grep || echo "nothing running"
@echo "--- ports ---"
@ss -tlnp | grep -E ':1984' || echo "no vault port open"
@echo "--- fips ---"
@go version -m $(VAULT_BIN) 2>/dev/null | grep -q 'GOEXPERIMENT=boringcrypto' && echo "vault: FIPS ✓" || echo "vault: not built or no FIPS"
# --- logs ---
logs-vault:
@tail -f /tmp/clovis-vault.log
# --- clean ---
clean:
rm -f $(VAULT_BIN)
-$(MAKE) -C $(CLI_DIR) clean 2>/dev/null || true

54
clovis/README.md Normal file
View File

@ -0,0 +1,54 @@
# Clovis
Secure vault platform with multi-client support.
## Architecture
**Clovis is the vault server.** Everything else is a client that talks to it.
## Structure
### Active Development
| Directory | Purpose | Status |
|-----------|---------|--------|
| `clovis-vault/` | Vault server with embedded UI (Go, FIPS 140-3) | **Active** |
| `clovis-crypto/` | JavaScript crypto layer | **Active** |
| `clovis-cli/` | CLI for agents | **Active** |
| `clovis-chrome/` | Chrome browser extension | **Active** |
### Planned
| Directory | Purpose | Status |
|-----------|---------|--------|
| `clovis-firefox/` | Firefox browser extension | Announced |
| `clovis-safari/` | Safari browser extension | Announced |
| `clovis-ios/` | iOS native app | Announced |
| `clovis-android/` | Android native app | Announced |
## Build
```bash
make deploy # Build + test + restart everything
make deploy-vault # Build + test + restart vault only
make deploy-web # Build + restart website only
make status # Check running processes
make logs-vault # Tail vault logs
make logs-web # Tail web logs
```
## Clients
The vault supports multiple client types:
- **Web**: Built-in UI served by vault (`clovis-vault/`)
- **CLI**: Command-line tool for automation/agents (`clovis-cli/`)
- **Browser Extension**: Auto-fill and TOTP in Chrome (`clovis-chrome/`)
- **Mobile**: Native iOS/Android apps (planned)
## Security
- FIPS 140-3 validated crypto (BoringCrypto via GOEXPERIMENT)
- Zero-knowledge architecture
- Vault server is the single source of truth
## License
Proprietary — © Clavitor

10
clovis/clovis-android/README.md Normal file
View File

@ -0,0 +1,10 @@
# Clovis Android
Android application for Clovis vault.
**Status:** Planned, not yet implemented.
Will require native Kotlin development for:
- Autofill Framework integration
- Android Keystore access
- TOTP generation

5
clovis/clovis-chrome/README.md Normal file
View File

@ -0,0 +1,5 @@
# Clovis Chrome Extension
Browser extension for Chrome.
TODO: Add Chrome extension implementation.

2
oss/cli/Makefile → clovis/clovis-cli/Makefile
View File

@ -32,7 +32,7 @@ VENDOR_DIR := vendor
BEARSSL_DIR := $(VENDOR_DIR)/bearssl BEARSSL_DIR := $(VENDOR_DIR)/bearssl
QUICKJS_DIR := $(VENDOR_DIR)/quickjs QUICKJS_DIR := $(VENDOR_DIR)/quickjs
CJSON_DIR := $(VENDOR_DIR)/cjson CJSON_DIR := $(VENDOR_DIR)/cjson
CRYPTO_DIR := ../crypto CRYPTO_DIR := ../clovis-crypto
# Output binary # Output binary
BIN := clavitor-cli BIN := clavitor-cli

0
oss/cli/src/http.c → clovis/clovis-cli/src/http.c
View File

0
oss/cli/src/http.h → clovis/clovis-cli/src/http.h
View File

0
oss/cli/src/jsbridge.c → clovis/clovis-cli/src/jsbridge.c
View File

0
oss/cli/src/jsbridge.h → clovis/clovis-cli/src/jsbridge.h
View File

0
oss/cli/src/keystore.c → clovis/clovis-cli/src/keystore.c
View File

0
oss/cli/src/keystore.h → clovis/clovis-cli/src/keystore.h
View File

0
oss/cli/src/main.c → clovis/clovis-cli/src/main.c
View File

0
oss/cli/src/util.c → clovis/clovis-cli/src/util.c
View File

0
oss/cli/src/util.h → clovis/clovis-cli/src/util.h
View File

0
oss/cli/vendor/bearssl → clovis/clovis-cli/vendor/bearssl vendored
View File

0
oss/cli/vendor/cjson → clovis/clovis-cli/vendor/cjson vendored
View File

0
oss/cli/vendor/quickjs → clovis/clovis-cli/vendor/quickjs vendored
View File

5
clovis/clovis-crypto/README.md Normal file
View File

@ -0,0 +1,5 @@
# Clovis Crypto Layer
JavaScript cryptographic primitives for Clovis clients.
TODO: Add crypto implementation.

0
oss/crypto/crypto.js → clovis/clovis-crypto/crypto.js
View File

0
oss/crypto/test_crypto.js → clovis/clovis-crypto/test_crypto.js
View File

0
oss/crypto/totp.js → clovis/clovis-crypto/totp.js
View File

7
clovis/clovis-firefox/README.md Normal file
View File

@ -0,0 +1,7 @@
# Clovis Firefox Extension
Browser extension for Firefox.
**Status:** Planned, not yet implemented.
This extension will share the core logic with clovis-chrome.

10
clovis/clovis-ios/README.md Normal file
View File

@ -0,0 +1,10 @@
# Clovis iOS
iOS application for Clovis vault.
**Status:** Planned, not yet implemented.
Will require native Swift development for:
- Password AutoFill integration
- Secure Enclave/Keychain access
- TOTP generation

8
clovis/clovis-safari/README.md Normal file
View File

@ -0,0 +1,8 @@
# Clovis Safari Extension
Browser extension for Safari.
**Status:** Planned, not yet implemented.
Apple's Safari extension API differs significantly from Chrome/Firefox.
May require native app wrapper for full functionality.

0
oss/app/._README.md → clovis/clovis-vault/._README.md
View File

0
oss/app/.gitignore → clovis/clovis-vault/.gitignore vendored
View File

0
oss/app/LICENSE → clovis/clovis-vault/LICENSE
View File

5
oss/app/Makefile → clovis/clovis-vault/Makefile
View File

@ -4,7 +4,10 @@ REMOTE_PATH := /opt/clavitor/bin
export GOFIPS140 := latest export GOFIPS140 := latest
.PHONY: build deploy .PHONY: build deploy clean
clean:
rm -f $(BINARY)
build: build:
rm -f $(BINARY) rm -f $(BINARY)

0
oss/app/README.md → clovis/clovis-vault/README.md
View File

0
oss/app/SPEC.md → clovis/clovis-vault/SPEC.md
View File

0
oss/app/api/handlers.go → clovis/clovis-vault/api/handlers.go
View File

0
oss/app/api/integration_test.go → clovis/clovis-vault/api/integration_test.go
View File

0
oss/app/api/middleware.go → clovis/clovis-vault/api/middleware.go
View File

0
oss/app/api/routes.go → clovis/clovis-vault/api/routes.go
View File

4
oss/app/api/tier_test.go → clovis/clovis-vault/api/tier_test.go
View File

@ -261,8 +261,8 @@ func TestTierIsolationDB(t *testing.T) {
func TestCLICrypto(t *testing.T) { func TestCLICrypto(t *testing.T) {
// Find CLI binary via absolute path // Find CLI binary via absolute path
home := os.Getenv("HOME") home := os.Getenv("HOME")
cliBin := home + "/dev/clavitor/oss/cli/clavitor-cli" cliBin := home + "/dev/clavitor/clovis/clovis-cli/clovis-cli"
cliDir := home + "/dev/clavitor/oss/cli" cliDir := home + "/dev/clavitor/clovis/clovis-cli"
if _, err := os.Stat(cliBin); err != nil { if _, err := os.Stat(cliBin); err != nil {
t.Skip("clavitor-cli not found — run 'make cli' first") t.Skip("clavitor-cli not found — run 'make cli' first")
} }

0
oss/app/cmd/clavitor/main.go → clovis/clovis-vault/cmd/clavitor/main.go
View File

0
oss/app/cmd/clavitor/templates/base.html → clovis/clovis-vault/cmd/clavitor/templates/base.html
View File

0
oss/app/cmd/clavitor/templates/claude-code.html → clovis/clovis-vault/cmd/clavitor/templates/claude-code.html
View File

0
oss/app/cmd/clavitor/templates/codex.html → clovis/clovis-vault/cmd/clavitor/templates/codex.html
View File

0
oss/app/cmd/clavitor/templates/footer.html → clovis/clovis-vault/cmd/clavitor/templates/footer.html
View File

0
oss/app/cmd/clavitor/templates/geo-pops.html → clovis/clovis-vault/cmd/clavitor/templates/geo-pops.html
View File

0
oss/app/cmd/clavitor/templates/hosted.html → clovis/clovis-vault/cmd/clavitor/templates/hosted.html
View File

0
oss/app/cmd/clavitor/templates/index.html → clovis/clovis-vault/cmd/clavitor/templates/index.html
View File

0
oss/app/cmd/clavitor/templates/install.html → clovis/clovis-vault/cmd/clavitor/templates/install.html
View File

0
oss/app/cmd/clavitor/templates/landing.html → clovis/clovis-vault/cmd/clavitor/templates/landing.html
View File

0
oss/app/cmd/clavitor/templates/openclaw-cn.html → clovis/clovis-vault/cmd/clavitor/templates/openclaw-cn.html
View File

0
oss/app/cmd/clavitor/templates/openclaw.html → clovis/clovis-vault/cmd/clavitor/templates/openclaw.html
View File

0
oss/app/cmd/clavitor/templates/pricing.html → clovis/clovis-vault/cmd/clavitor/templates/pricing.html
View File

0
oss/app/cmd/clavitor/templates/privacy.html → clovis/clovis-vault/cmd/clavitor/templates/privacy.html
View File

0
oss/app/cmd/clavitor/templates/sources.html → clovis/clovis-vault/cmd/clavitor/templates/sources.html
View File

0
oss/app/cmd/clavitor/templates/terms.html → clovis/clovis-vault/cmd/clavitor/templates/terms.html
View File

0
oss/app/cmd/clavitor/web/agents.html → clovis/clovis-vault/cmd/clavitor/web/agents.html
View File

0
oss/app/cmd/clavitor/web/clavitor-app.css → clovis/clovis-vault/cmd/clavitor/web/clavitor-app.css
View File

0
oss/app/cmd/clavitor/web/clavitor.css → clovis/clovis-vault/cmd/clavitor/web/clavitor.css
View File

0
oss/app/cmd/clavitor/web/crypto.js → clovis/clovis-vault/cmd/clavitor/web/crypto.js
View File

0
oss/app/cmd/clavitor/web/design-system/styleguide.html → clovis/clovis-vault/cmd/clavitor/web/design-system/styleguide.html
View File

0
oss/app/cmd/clavitor/web/favicon.svg → clovis/clovis-vault/cmd/clavitor/web/favicon.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 355 B

After

Width:  |  Height:  |  Size: 355 B

0
oss/app/cmd/clavitor/web/homepage2.html → clovis/clovis-vault/cmd/clavitor/web/homepage2.html
View File

0
oss/app/cmd/clavitor/web/index.html → clovis/clovis-vault/cmd/clavitor/web/index.html
View File

0
oss/app/cmd/clavitor/web/jsqr.min.js → clovis/clovis-vault/cmd/clavitor/web/jsqr.min.js vendored
View File

0
oss/app/cmd/clavitor/web/security.html → clovis/clovis-vault/cmd/clavitor/web/security.html
View File

0
oss/app/cmd/clavitor/web/test_crypto.js → clovis/clovis-vault/cmd/clavitor/web/test_crypto.js
View File

0
oss/app/cmd/clavitor/web/tokens.html → clovis/clovis-vault/cmd/clavitor/web/tokens.html
View File

0
oss/app/cmd/clavitor/web/topbar.js → clovis/clovis-vault/cmd/clavitor/web/topbar.js
View File

0
oss/app/cmd/clavitor/web/totp.js → clovis/clovis-vault/cmd/clavitor/web/totp.js
View File

0
oss/app/cmd/clavitor/web/webauthn.js → clovis/clovis-vault/cmd/clavitor/web/webauthn.js
View File

0
oss/app/cmd/clavitor/web/worldmap.svg → clovis/clovis-vault/cmd/clavitor/web/worldmap.svg
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 130 KiB

After

Width:  |  Height:  |  Size: 130 KiB

0
oss/app/extension/background.js → clovis/clovis-vault/extension/background.js
View File

0
oss/app/extension/content.js → clovis/clovis-vault/extension/content.js
View File

0
oss/app/extension/icon128.png → clovis/clovis-vault/extension/icon128.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 118 B

After

Width:  |  Height:  |  Size: 118 B

0
oss/app/extension/icon16.png → clovis/clovis-vault/extension/icon16.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 87 B

After

Width:  |  Height:  |  Size: 87 B

0
oss/app/extension/icon48.png → clovis/clovis-vault/extension/icon48.png
View File

Side by Side Swipe Overlay

Before

Width:  |  Height:  |  Size: 100 B

After

Width:  |  Height:  |  Size: 100 B

0
oss/app/extension/manifest.json → clovis/clovis-vault/extension/manifest.json
View File

0
oss/app/extension/popup.html → clovis/clovis-vault/extension/popup.html
View File

0
oss/app/extension/popup.js → clovis/clovis-vault/extension/popup.js
View File

0
oss/app/go.mod → clovis/clovis-vault/go.mod
View File

0
oss/app/go.sum → clovis/clovis-vault/go.sum
View File

0
oss/app/lib/backup.go → clovis/clovis-vault/lib/backup.go
View File

0
oss/app/lib/config.go → clovis/clovis-vault/lib/config.go
View File

0
oss/app/lib/crypto.go → clovis/clovis-vault/lib/crypto.go
View File

0
oss/app/lib/dbcore.go → clovis/clovis-vault/lib/dbcore.go
View File

0
oss/app/lib/id.go → clovis/clovis-vault/lib/id.go
View File

0
oss/app/lib/importers.go → clovis/clovis-vault/lib/importers.go
View File

0
oss/app/lib/l2labels.go → clovis/clovis-vault/lib/l2labels.go
View File

0
oss/app/lib/telemetry.go → clovis/clovis-vault/lib/telemetry.go
View File

0
oss/app/lib/telemetry_test.go → clovis/clovis-vault/lib/telemetry_test.go
View File

0
oss/app/lib/tls.go → clovis/clovis-vault/lib/tls.go
View File

0
oss/app/lib/tokenmap.go → clovis/clovis-vault/lib/tokenmap.go
View File

0
oss/app/lib/types.go → clovis/clovis-vault/lib/types.go
View File

BIN
design-system/clavitor-logo.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 4.0 KiB

4
design-system/clavitor-logo.svg Normal file
View File

@ -0,0 +1,4 @@
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 100 100" width="80" height="80" role="img" aria-label="Clavitor">
<title>Clavitor</title>
<rect x="5" y="5" width="90" height="90" fill="#0A0A0A"/>
</svg>
Side by Side

After

Width:  |  Height:  |  Size: 212 B

69
design-system/styleguide.html
View File

@ -101,10 +101,10 @@
/* Logo Lockup — The Trinity */ /* Logo Lockup — The Trinity */
.logo-lockup { display: inline-flex; gap: 20px; align-items: stretch; } .logo-lockup { display: inline-flex; gap: 20px; align-items: stretch; }
.logo-lockup-square { width: 96px; height: 96px; background: var(--brand-black); flex-shrink: 0; } .logo-lockup-square { width: 80px; height: 80px; background: var(--brand-black); flex-shrink: 0; }
.logo-lockup-text { display: flex; flex-direction: column; justify-content: space-between; height: 96px; padding: 8px 0 10px; } .logo-lockup-text { display: flex; flex-direction: column; justify-content: space-between; height: 80px; }
.logo-lockup-wordmark { font-family: var(--font-family); font-size: 56px; font-weight: var(--wordmark-weight); letter-spacing: var(--wordmark-spacing); text-transform: uppercase; color: var(--brand-accent); line-height: 1; } .logo-lockup-wordmark { font-family: var(--font-family); font-size: 56px; font-weight: var(--wordmark-weight); letter-spacing: var(--wordmark-spacing); text-transform: uppercase; color: var(--brand-accent); line-height: 1; }
.logo-lockup-tagline { font-size: 12px; font-weight: 500; color: var(--text-tertiary); letter-spacing: 0.18em; text-transform: uppercase; line-height: 1; } .logo-lockup-tagline { font-size: 16px; font-weight: 500; color: var(--text-tertiary); letter-spacing: 0.22em; text-transform: uppercase; line-height: 1; margin-bottom: -2px; }
/* Colors */ /* Colors */
.color-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(140px, 1fr)); gap: 16px; } .color-grid { display: grid; grid-template-columns: repeat(auto-fill, minmax(140px, 1fr)); gap: 16px; }
@ -115,14 +115,15 @@
/* Layout Patterns (from vault1984.com) */ /* Layout Patterns (from vault1984.com) */
.max-width { max-width: 1200px; margin: 0 auto; padding: 0 24px; } .max-width { max-width: 1200px; margin: 0 auto; padding: 0 24px; }
.grid-2-equal { display: grid; grid-template-columns: 1fr 1fr; gap: 48px; align-items: center; } .grid-2-equal { display: grid; grid-template-columns: 1fr 1fr; gap: 48px; align-items: center; overflow: visible; }
.grid-3-equal { display: grid; grid-template-columns: repeat(3, 1fr); gap: 32px; } .grid-3-equal { display: grid; grid-template-columns: repeat(3, 1fr); gap: 32px; }
.grid-4-equal { display: grid; grid-template-columns: repeat(4, 1fr); gap: 24px; text-align: center; } .grid-4-equal { display: grid; grid-template-columns: repeat(4, 1fr); gap: 24px; text-align: center; }
.pill-row { display: flex; flex-wrap: wrap; gap: 12px; } .pill-row { display: flex; flex-wrap: wrap; gap: 12px; overflow: visible; }
.pill { .pill {
display: inline-flex; align-items: center; display: inline-flex; align-items: center;
height: 32px; padding: 0 16px; height: 32px; padding: 0 16px;
white-space: nowrap;
background: var(--bg-secondary); background: var(--bg-secondary);
border: 1px solid var(--border-default); border: 1px solid var(--border-default);
border-radius: 9999px; border-radius: 9999px;
@ -240,8 +241,61 @@
</div> </div>
</div> </div>
<p class="text-tertiary text-xs" style="margin-top: 16px;"> <p class="text-tertiary text-xs" style="margin-top: 16px;">
<strong>Spec:</strong> 72px black square, Figtree 700, 0.25em spacing, aligned left edge to left edge <strong>Spec:</strong> Square: 80×80px #0A0A0A (Black Square) · Wordmark: Figtree 700, 56px, 0.25em, #7C3AED (Violet) · Tagline: 16px, 0.22em, uppercase, #737373 (Text Tertiary)
</p> </p>
<p style="margin-top: 12px; display: flex; gap: 24px;">
<a href="clavitor-logo.svg" download="clavitor-logo.svg" style="font-size: 14px; color: var(--brand-accent); font-weight: 500;">↓ Download clavitor-logo.svg</a>
<a href="clavitor-logo.png" download="clavitor-logo.png" style="font-size: 14px; color: var(--brand-accent); font-weight: 500;">↓ Download clavitor-logo.png (800×800)</a>
</p>
</div>
<!-- Logo Lockup — Scale Variants -->
<div class="section">
<div class="section-title">Logo Lockup — Scale Variants</div>
<p class="text-tertiary text-xs" style="margin-bottom: 16px;">200%</p>
<div style="transform: scale(2); transform-origin: top left; margin-bottom: 180px; display: inline-block;">
<div class="logo-lockup">
<div class="logo-lockup-square"></div>
<div class="logo-lockup-text">
<div class="logo-lockup-wordmark">CLAVITOR</div>
<div class="logo-lockup-tagline">Black-box credential issuance</div>
</div>
</div>
</div>
<p class="text-tertiary text-xs" style="margin-bottom: 16px;">150%</p>
<div style="transform: scale(1.5); transform-origin: top left; margin-bottom: 80px; display: inline-block;">
<div class="logo-lockup">
<div class="logo-lockup-square"></div>
<div class="logo-lockup-text">
<div class="logo-lockup-wordmark">CLAVITOR</div>
<div class="logo-lockup-tagline">Black-box credential issuance</div>
</div>
</div>
</div>
<p class="text-tertiary text-xs" style="margin-bottom: 16px;">100%</p>
<div style="margin-bottom: 40px; display: inline-block;">
<div class="logo-lockup">
<div class="logo-lockup-square"></div>
<div class="logo-lockup-text">
<div class="logo-lockup-wordmark">CLAVITOR</div>
<div class="logo-lockup-tagline">Black-box credential issuance</div>
</div>
</div>
</div>
<p class="text-tertiary text-xs" style="margin-bottom: 16px;">50%</p>
<div style="transform: scale(0.5); transform-origin: top left; margin-bottom: -20px; display: inline-block;">
<div class="logo-lockup">
<div class="logo-lockup-square"></div>
<div class="logo-lockup-text">
<div class="logo-lockup-wordmark">CLAVITOR</div>
<div class="logo-lockup-tagline">Black-box credential issuance</div>
</div>
</div>
</div>
</div> </div>
<!-- Brand Colors --> <!-- Brand Colors -->
@ -367,3 +421,6 @@
</body> </body>
</html> </html>
> >
</html>
>

119
oss/Makefile
View File

@ -1,119 +0,0 @@
# clavitor — build pipeline
# FIPS 140-3: BoringCrypto via GOEXPERIMENT=boringcrypto
# Requires Go 1.24+ (verified: go1.24.0)
#
# Usage:
# make deploy — build + test + restart everything
# make deploy-app — build + test + restart app only
# make deploy-web — build + restart website only
# make status — check what's running
GOEXPERIMENT := boringcrypto
export GOEXPERIMENT
APP_DIR := app
WEB_DIR := website
CLI_DIR := cli
APP_BIN := $(APP_DIR)/clavitor
WEB_BIN := $(WEB_DIR)/clavitor-web
CLI_BIN := $(CLI_DIR)/clavitor-cli
APP_ENTRY := ./cmd/vault1984
WEB_ENTRY := .
LDFLAGS := -s -w
GOFLAGS := -trimpath
.PHONY: all app website cli test clean deploy deploy-app deploy-web \
restart restart-app restart-web stop stop-app stop-web status verify-fips
# --- build ---
all: app website
app:
cp crypto/*.js $(APP_DIR)/cmd/vault1984/web/
sed -i 's/__BUILD_TIME__/$(shell date -u +%Y%m%d-%H%M%S)/' $(APP_DIR)/cmd/vault1984/web/index.html
cd $(APP_DIR) && go build $(GOFLAGS) -ldflags '$(LDFLAGS)' -o clavitor $(APP_ENTRY)
@echo "built $(APP_BIN) (FIPS)"
website:
cd $(WEB_DIR) && go build $(GOFLAGS) -ldflags '$(LDFLAGS)' -o clavitor-web $(WEB_ENTRY)
@echo "built $(WEB_BIN) (FIPS)"
cli:
$(MAKE) -C $(CLI_DIR)
@strip $(CLI_BIN) 2>/dev/null || true
@echo "built $(CLI_BIN) ($$(wc -c < $(CLI_BIN)) bytes, stripped)"
# --- test ---
test:
cd $(APP_DIR) && go test ./api/... -v
# --- deploy ---
deploy: all test verify-fips restart
@echo "--- deployed ---"
deploy-app: app test verify-fips-app restart-app
@echo "--- app deployed ---"
deploy-web: website verify-fips-web restart-web
@echo "--- website deployed ---"
# --- verify ---
verify-fips: verify-fips-app verify-fips-web
verify-fips-app:
@go version -m $(APP_BIN) | grep -q 'GOEXPERIMENT=boringcrypto' && echo "app: FIPS 140-3 (BoringCrypto) ✓" || { echo "app: BoringCrypto NOT linked ✗"; exit 1; }
verify-fips-web:
@go version -m $(WEB_BIN) | grep -q 'GOEXPERIMENT=boringcrypto' && echo "web: FIPS 140-3 (BoringCrypto) ✓" || { echo "web: BoringCrypto NOT linked ✗"; exit 1; }
# --- process management ---
stop-app:
@pkill -f './clavitor$$' 2>/dev/null || pkill -f 'clavitor/clavitor$$' 2>/dev/null || true
@sleep 0.5
stop-web:
@pkill -f 'clavitor-web$$' 2>/dev/null || true
@sleep 0.5
stop: stop-app stop-web
restart-app: stop-app
cd $(APP_DIR) && set -a && . ./.env && set +a && nohup ./clavitor > /tmp/clavitor.log 2>&1 &
@sleep 1
@ss -tlnp | grep -q ':1984' && echo "app running on :1984 ✓" || { echo "app failed to start ✗"; cat /tmp/clavitor.log; exit 1; }
restart-web: stop-web
cd $(WEB_DIR) && nohup ./clavitor-web > /tmp/clavitor-web.log 2>&1 &
@sleep 1
@ss -tlnp | grep -q ':8099' && echo "website running on :8099 ✓" || { echo "website failed to start ✗"; cat /tmp/clavitor-web.log; exit 1; }
restart: restart-app restart-web
status:
@echo "--- processes ---"
@ps aux | grep -E 'clavitor(-web)?$$' | grep -v grep || echo "nothing running"
@echo "--- ports ---"
@ss -tlnp | grep -E ':1984|:8099' || echo "no ports open"
@echo "--- fips ---"
@go version -m $(APP_BIN) 2>/dev/null | grep -q 'GOEXPERIMENT=boringcrypto' && echo "app: FIPS ✓" || echo "app: not built or no FIPS"
@go version -m $(WEB_BIN) 2>/dev/null | grep -q 'GOEXPERIMENT=boringcrypto' && echo "web: FIPS ✓" || echo "web: not built or no FIPS"
# --- logs ---
logs-app:
@tail -f /tmp/clavitor.log
logs-web:
@tail -f /tmp/clavitor-web.log
# --- clean ---
clean:
rm -f $(APP_BIN) $(WEB_BIN)
$(MAKE) -C $(CLI_DIR) clean

BIN
oss/cli/build/src/http.o
View File

Binary file not shown.

BIN
oss/cli/build/src/jsbridge.o
View File

Binary file not shown.

BIN
oss/cli/build/src/keystore.o
View File

Binary file not shown.

BIN
oss/cli/build/src/main.o
View File

Binary file not shown.

BIN
oss/cli/build/src/util.o
View File

Binary file not shown.

BIN
oss/cli/build/vendor/bearssl/src/aead/ccm.o vendored
View File

Binary file not shown.

BIN
oss/cli/build/vendor/bearssl/src/aead/eax.o vendored
View File

Binary file not shown.

Some files were not shown because too many files have changed in this diff Show More