-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathMakefile
More file actions
402 lines (303 loc) · 12.2 KB
/
Makefile
File metadata and controls
402 lines (303 loc) · 12.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
.PHONY: all setup test check clean lint fmt \
rust-setup rust-test rust-check rust-clean rust-lint rust-bench rust-next \
python-setup python-test python-check python-clean python-lint python-fmt python-typecheck python-next python-uninstall \
c-setup c-test c-check c-clean c-lint c-bench c-next \
ts-setup ts-test ts-check ts-clean ts-lint ts-build ts-bench ts-next \
go-setup go-test go-check go-clean go-lint go-bench go-next \
sh-test sh-next \
next id stream do healthcheck start stop status sign verify otp otp-gen otp-verify crypto-demo \
mobile-arcade-fix-links mobile-arcade-zip \
conformance bench-matrix docker capabilities-check stream-conformance crypto-smoke signed-envelope-check security-matrix-check key-rotation-drill-check soak-check envelope-compat-check release-check \
wotp-parity-check \
hardening-check
.DEFAULT_GOAL := help
LANGS = rust python c ts go sh
# ─── Aggregate targets ───────────────────────────────────────────────
help:
@echo "WID Make Targets"
@echo ""
@echo "Default:"
@echo " make # shows this help"
@echo " make all # runs: setup + check"
@echo ""
@echo "Main:"
@echo " make install # install/build dependencies (alias: setup)"
@echo " make setup # build/install prerequisites for all implementations"
@echo " make test # run all test suites"
@echo " make check # run all check suites (lint/type/test by language)"
@echo " make quick-check # small cross-language gate + CLI smoke"
@echo " make doctor # verify required toolchain on PATH"
@echo " make clean # clean build artifacts"
@echo ""
@echo "Quick CLI:"
@echo " make next # one ID via sh/wid canonical mode"
@echo " make id # alias for make next"
@echo " make stream # stream IDs (set N=<count>, N=0 infinite)"
@echo " make do # infinite stream alias (N=0)"
@echo " make healthcheck # canonical healthcheck JSON"
@echo " make start # start canonical service daemon (A=start)"
@echo " make status # service daemon status (A=status)"
@echo " make stop # stop canonical service daemon (A=stop)"
@echo " make sign # sign WID (KEY=<priv.pem> [WID=<id>] [DATA=<path>])"
@echo " make verify # verify signature (KEY=<pub.pem> SIG=<sig> WID=<id>)"
@echo " make otp # alias for make otp-gen"
@echo " make otp-gen # generate WID-bound OTP"
@echo " make otp-verify # verify WID-bound OTP"
@echo " make crypto-demo # end-to-end sign/verify + OTP demo"
@echo " make mobile-arcade-fix-links # patch web demo links in flutter web bundle"
@echo " make mobile-arcade-zip # patch links + package build/pages/mobile-arcade"
@echo ""
@echo "QA:"
@echo " make release-check # capabilities + stream-conformance + check"
@echo " make hardening-check # release-check + strict crypto + path/package/SQL spot checks"
@echo " make capabilities-check"
@echo " make stream-conformance"
@echo " make signed-envelope-check"
@echo " make security-matrix-check"
@echo " make key-rotation-drill-check"
@echo " make envelope-compat-check"
@echo " make soak-check"
@echo " make crypto-smoke"
@echo " make wotp-parity-check # cross-language w-otp parity gate"
@echo ""
@echo "Bench:"
@echo " make bench-matrix # runs benches across implementations"
@echo " BENCH_N=200000 make rust-bench go-bench ts-bench c-bench"
@echo ""
@echo "Docker:"
@echo " make docker # build Docker image (Rust)"
all: setup check
install: setup
setup: $(addsuffix -setup,$(LANGS))
test: $(addsuffix -test,$(LANGS))
check: $(addsuffix -check,$(LANGS))
clean: $(addsuffix -clean,$(LANGS))
lint: rust-lint python-lint c-lint ts-lint go-lint
fmt: python-fmt
quick-check: python-test ts-check go-test next
doctor:
@tools="bash python3 cargo node npm go"; \
for tool in $$tools; do \
command -v $$tool >/dev/null 2>&1 || { \
echo "doctor: $$tool not found on PATH" >&2; \
exit 1; \
}; \
done; \
echo "doctor: required tooling available"
bench-matrix: rust-bench c-bench ts-bench go-bench
# ─── Rust ─────────────────────────────────────────────────────────────
rust-setup:
cargo build
rust-test:
cargo test
rust-lint:
cargo clippy -- -D warnings
rust-check: rust-lint rust-test
rust-clean:
cargo clean
rust-bench:
cargo run --release -- bench --count $(or $(BENCH_N),100000)
rust-next:
cargo run --release -- next
# ─── Python ───────────────────────────────────────────────────────────
PYTHON_ ?= python3
PYTHONPATH_LOCAL = PYTHONPATH=python
PYTHON ?= $(PYTHONPATH_LOCAL) $(PYTHON_)
PIP ?= $(PYTHON) -m pip
python-setup:
$(PIP) install -e ".[dev]"
python-test:
$(PYTHON) -m pytest python/tests -v
python-lint:
$(PYTHON) -m ruff check python/
python-fmt:
$(PYTHON) -m black python/
$(PYTHON) -m ruff format python/
python-typecheck:
$(PYTHON) -m mypy python/wid/
python-check: python-lint python-typecheck python-test
python-clean:
find python -type d -name __pycache__ -exec rm -rf {} + 2>/dev/null || true
rm -rf .mypy_cache .ruff_cache .coverage htmlcov
python-next:
$(PYTHON) -m wid next
python-uninstall:
@echo "Before uninstall:"
@command -v wid || true
-$(PYTHON) -m pip uninstall -y wid wid-py 2>/dev/null || true
-$(PIP) uninstall -y wid wid-py 2>/dev/null || true
@hash -r 2>/dev/null || true
@echo "After uninstall:"
@command -v wid || true
uninstall: python-uninstall
# ─── C ────────────────────────────────────────────────────────────────
c-setup:
$(MAKE) -C c setup
c-test:
$(MAKE) -C c test
c-lint:
$(MAKE) -C c lint
c-check:
$(MAKE) -C c check
c-clean:
$(MAKE) -C c clean
c-bench:
$(MAKE) -C c bench BENCH_N=$(or $(BENCH_N),50000)
c-next:
$(MAKE) -C c next
# ─── TypeScript ───────────────────────────────────────────────────────
ts-setup:
npm install
@if [ "$$(uname -s)" = "Linux" ]; then \
if [ "$$(uname -m)" = "aarch64" ]; then \
npm i --no-save @rollup/rollup-linux-arm64-gnu 2>/dev/null || true; \
elif [ "$$(uname -m)" = "x86_64" ]; then \
npm i --no-save @rollup/rollup-linux-x64-gnu 2>/dev/null || true; \
fi; \
fi
npm run build
ts-test:
npm test
ts-lint:
npm run lint
ts-build:
npm run build
ts-check: ts-lint ts-test
ts-clean:
rm -rf node_modules typescript/dist
ts-bench:
node typescript/dist/cli.js bench --count $(or $(BENCH_N),50000)
ts-next:
node typescript/dist/cli.js next
# ─── Go ───────────────────────────────────────────────────────────────
go-setup:
cd go && go build ./...
go-test:
cd go && go test -v ./...
go-lint:
@command -v golangci-lint >/dev/null 2>&1 && \
cd go && golangci-lint run || \
cd go && go vet ./...
go-check: go-lint go-test
go-clean:
rm -f go/cmd/wid/wid
go-bench:
cd go && go run ./cmd/wid bench --count $(or $(BENCH_N),100000)
go-next:
cd go && go run ./cmd/wid next
# ─── Shell ────────────────────────────────────────────────────────────
sh-setup:
@true
sh-test:
bash sh/wid selftest
sh-check: sh-test
sh-clean:
@true
sh-next:
bash sh/wid next
# ─── Quick CLI Wrappers (sh/wid) ─────────────────────────────────────
W ?= 4
Z ?= 6
T ?= sec
N ?= 10
D ?=
E ?= state
R ?= auto
I ?= auto
DIGITS ?= 6
MAX_AGE_SEC ?= 300
MAX_FUTURE_SEC ?= 5
MODE ?= gen
next:
bash sh/wid A=next W=$(W) Z=$(Z) T=$(T)
id: next
stream:
bash sh/wid A=stream W=$(W) Z=$(Z) T=$(T) N=$(N) L=0
do:
bash sh/wid A=stream W=$(W) Z=$(Z) T=$(T) N=0 L=0
healthcheck:
bash sh/wid A=healthcheck W=$(W) Z=$(Z) T=$(T)
start:
bash sh/wid A=start W=$(W) Z=$(Z) T=$(T) N=$(N) D="$(D)" E="$(E)" R="$(R)" I="$(I)"
status:
bash sh/wid A=status
stop:
bash sh/wid A=stop
sign:
@if [ -z "$(KEY)" ]; then echo "KEY=<private_key_path> is required"; exit 2; fi
@wid_val="$(WID)"; \
if [ -z "$$wid_val" ]; then wid_val="$$(bash sh/wid A=next W=$(W) Z=$(Z) T=$(T))"; fi; \
if [ -n "$(DATA)" ]; then \
bash sh/wid A=sign KEY="$(KEY)" WID="$$wid_val" DATA="$(DATA)" $(if $(OUT),OUT="$(OUT)"); \
else \
bash sh/wid A=sign KEY="$(KEY)" WID="$$wid_val" $(if $(OUT),OUT="$(OUT)"); \
fi
verify:
@if [ -z "$(KEY)" ]; then echo "KEY=<public_key_path> is required"; exit 2; fi
@if [ -z "$(SIG)" ]; then echo "SIG=<signature> is required"; exit 2; fi
@if [ -z "$(WID)" ]; then echo "WID=<wid_string> is required"; exit 2; fi
@if [ -n "$(DATA)" ]; then \
bash sh/wid A=verify KEY="$(KEY)" SIG="$(SIG)" WID="$(WID)" DATA="$(DATA)"; \
else \
bash sh/wid A=verify KEY="$(KEY)" SIG="$(SIG)" WID="$(WID)"; \
fi
otp-gen:
@if [ -z "$(KEY)" ]; then echo "KEY=<secret_or_path> is required"; exit 2; fi
@wid_val="$(WID)"; \
if [ -z "$$wid_val" ]; then wid_val="$$(bash sh/wid A=next W=$(W) Z=$(Z) T=$(T))"; fi; \
bash sh/wid A=w-otp MODE=gen KEY="$(KEY)" WID="$$wid_val" DIGITS="$(DIGITS)"
otp: otp-gen
otp-verify:
@if [ -z "$(KEY)" ]; then echo "KEY=<secret_or_path> is required"; exit 2; fi
@if [ -z "$(WID)" ]; then echo "WID=<wid_string> is required"; exit 2; fi
@if [ -z "$(CODE)" ]; then echo "CODE=<otp_code> is required"; exit 2; fi
bash sh/wid A=w-otp MODE=verify KEY="$(KEY)" WID="$(WID)" CODE="$(CODE)" DIGITS="$(DIGITS)" MAX_AGE_SEC="$(MAX_AGE_SEC)" MAX_FUTURE_SEC="$(MAX_FUTURE_SEC)"
crypto-demo:
@mkdir -p .local/crypto-demo
@PRIV=.local/crypto-demo/ed25519_priv.pem; \
PUB=.local/crypto-demo/ed25519_pub.pem; \
DATA=.local/crypto-demo/data.txt; \
printf 'wid crypto demo data\n' > $$DATA; \
if [ ! -f "$$PRIV" ]; then openssl genpkey -algorithm Ed25519 -out $$PRIV >/dev/null 2>&1; fi; \
openssl pkey -in $$PRIV -pubout -out $$PUB >/dev/null 2>&1; \
WID_VAL="$$(bash sh/wid A=next W=$(W) Z=$(Z) T=$(T))"; \
SIG_VAL="$$(bash sh/wid A=sign KEY=$$PRIV WID=$$WID_VAL DATA=$$DATA)"; \
echo "wid=$$WID_VAL"; \
echo "sig=$$SIG_VAL"; \
bash sh/wid A=verify KEY=$$PUB WID=$$WID_VAL SIG=$$SIG_VAL DATA=$$DATA; \
OTP_JSON="$$(bash sh/wid A=w-otp MODE=gen KEY='demo-secret' WID=$$WID_VAL DIGITS=$(DIGITS))"; \
OTP_CODE="$$(printf '%s\n' "$$OTP_JSON" | sed -nE 's/.*\"otp\":\"([0-9]+)\".*/\1/p')"; \
echo "$$OTP_JSON"; \
bash sh/wid A=w-otp MODE=verify KEY='demo-secret' WID=$$WID_VAL CODE=$$OTP_CODE DIGITS=$(DIGITS)
mobile-arcade-fix-links:
bash tools/patch_mobile_arcade_links.sh
mobile-arcade-zip: mobile-arcade-fix-links
@mkdir -p dist
@cd build/pages && zip -r ../../dist/mobile-arcade-web-$(shell date +%Y%m%d).zip mobile-arcade
# ─── Cross-cutting ───────────────────────────────────────────────────
conformance:
$(PYTHON) -m pytest python/tests -v -k conformance
docker:
docker build -t wid .
capabilities-check:
python3 tools/check_capabilities.py
stream-conformance:
python3 tools/check_stream_conformance.py
signed-envelope-check:
python3 tools/check_signed_envelope_spec.py
security-matrix-check:
python3 tools/check_security_matrix.py
key-rotation-drill-check:
python3 tools/check_key_rotation_drill.py
envelope-compat-check:
python3 tools/check_envelope_compat.py
soak-check:
python3 tools/soak_stream_sql.py --duration-sec $(or $(SOAK_SECONDS),30) --workers $(or $(SOAK_WORKERS),4)
crypto-smoke:
bash tools/smoke_crypto.sh
wotp-parity-check:
bash tools/check_wotp_parity.sh
release-check: capabilities-check stream-conformance check
npm run typecheck
hardening-check:
bash tools/hardening_check.sh