mstoeck3/trace
1
0
Fork 0
mirror of https://github.com/overcuriousity/trace.git synced 2025-12-20 13:02:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
52 Commits 1 Branch 11 Tags
06548df3730d37621ba5765961036fb6c992aa58
Commit Graph

7 Commits

Author SHA1 Message Date
Claude
90a82dc0d3 Refactor note signing: sign hash only + comprehensive documentation 
Changed the cryptographic signing approach to be more efficient and standard:

**Signing Logic Changes:**

1. **Note-level signing** (CLI & TUI):
   - Old: Sign "Hash: {hash}\nContent: {content}"
   - New: Sign only the SHA256 hash
   - Rationale: Hash already proves integrity (timestamp+content),
     signature proves authenticity. More efficient, standard approach.

2. **Export-level signing** (unchanged):
   - Entire markdown export is GPG-signed
   - Provides document-level integrity verification

**Implementation:**
- trace/cli.py: Updated quick_add_note() to sign hash only
- trace/tui_app.py: Updated note creation dialog to sign hash only
- Updated export format labels to clarify what's being signed:
  "SHA256 Hash (timestamp:content)" and "GPG Signature of Hash"

**Documentation (NEW):**

Added comprehensive "Cryptographic Integrity & Chain of Custody" section
to README.md explaining:
- Layer 1: Note-level integrity (hash + signature)
- Layer 2: Export-level integrity (document signature)
- First-run GPG setup wizard
- Internal verification workflow (TUI symbols: ✓/✗/?)
- External verification workflow (court/auditor use case)
- Step-by-step verification instructions
- Cryptographic trust model diagram
- Security considerations and limitations

Added "CRYPTOGRAPHIC INTEGRITY" section to in-app help (press ?):
- Explains dual-layer signing approach
- Shows verification symbol meanings
- Documents 'v' key for verification details
- External verification command

**Verification Workflow:**
1. Investigator: trace --export + gpg --armor --export
2. Recipient: gpg --import pubkey.asc
3. Document: gpg --verify export.md
4. Individual notes: Extract signature blocks and verify

Files modified:
- README.md: +175 lines of documentation
- trace/cli.py: Sign hash only, update labels
- trace/tui_app.py: Sign hash only, add help section
 2025-12-13 21:15:58 +00:00
Claude
e4976c81f9 Add optional ultra-fast alias setup for quick logging 2025-12-12 11:28:08 +00:00
Claude
b627f92172 Add installation instructions for latest release binaries 2025-12-12 11:24:52 +00:00
overcuriousity
4c99013426 disclaimer 
Added a disclaimer about the coding process and agents used.
 2025-12-12 10:21:12 +00:00
overcuriousity
f80a343610 clearer readme 
Updated README to reflect new project name and features.
 2025-12-12 10:13:41 +00:00
overcuriousity
aa0f67f1fc visual improvements, readme file update 2025-12-12 00:00:35 +01:00
google-labs-jules[bot]
be36cbd116 Move trace project to root and rebrand from fnote 
- Move all project files from `trace/` subdirectory to the repository root
- Rename directory structure from `fnote` to `trace`
- Update package references and imports (fnote -> trace)
- Update application branding and storage paths (~/.trace)
- Update build script and documentation
- Ensure __pycache__ is ignored
 2025-12-11 07:55:18 +00:00