Changelog

0.2.0 — unreleased

Added

Test suite — CLI integration (45 tests)

  • tests/unit/test_cli.py — full Click CliRunner test suite for both CLI tools

  • Covers qs-audit scan: clean→exit 0, classical→exit 1, --fail-on thresholds, JSON/SARIF/GitHub output formats, preset policies, --min-severity filtering, --exclude patterns, --output to file, --metadata key/value pairs, qs-audit compliance, qs-audit requirements, qs-audit sbom

  • Covers qs-migrate scan: directory scan, exclude patterns, SARIF output, qs-migrate upgrade-key, qs-migrate status

Test suite — statistical benchmark utilities (58 tests)

  • tests/unit/test_bench_stats.py — tests for all statistical analysis functions

  • Covers bootstrap CI monotonicity and containment, Welch’s t-test significance, Cohen’s d sign/magnitude, throughput curve formula, CoV threshold logic, LaTeX booktabs structure, describe_samples unit conversion

Benchmark harnesses — signatures

  • tests/bench/bench_signatures.py — signature benchmark harness with identical methodology to bench_kem.py (1000 iterations, 100 warmup, 1% trim)

  • Ed25519 sign/verify baselines, ML-DSA-65 standalone (liboqs), HybridSign (Ed25519+ML-DSA-65), X.509 hybrid certificate build and cosignature verify

Benchmark harnesses — KEM extensions

  • bench_hybrid_decomposition() — isolates X25519-only, ML-KEM-768-only, and combined HybridKEM costs to measure combiner overhead (HKDF + serialisation)

  • bench_concurrent_load_extended() — 1000 and 5000 simultaneous users added to the throughput curve (extends the 100/500-user baseline)

Statistical analysis utilities

  • tests/bench/bench_stats.py — research-grade statistical library (pure Python, no scipy dependency)

  • bootstrap_ci — Efron (1979) percentile bootstrap, 2000 resamples, seeded

  • welch_t_test — Welch’s t-test from scratch via regularised incomplete beta (Abramowitz & Stegun 26.5.27, Lentz continued fraction)

  • cohens_d — pooled standard deviation effect size

  • throughput_curve — ops/s per concurrency tier with scaling efficiency

  • cov_stability_report — CoV proxy summary for side-channel analysis

  • latex_table — ready-to-paste booktabs table generator for ACM/IEEE/USENIX

Bug fixes

  • audit/cli.py: --fail-on never now suppresses all process exits, including policy-level failures (report.passed check was unconditionally executed before)

  • migrate/scanner.py: --exclude patterns now match individual filenames via fnmatch, not only directory names

0.1.0 — unreleased

Added

Core type system

  • PublicKey, SecretKey, KeyPair with algorithm metadata and migration state

  • _ZeroizingBytes — best-effort secret material zeroization on deletion

  • CipherText, HybridCipherText, SharedSecret — distinct types prevent misuse

  • SignedMessage, HybridSignature — self-describing signed message format

  • Key serialization: PEM (with qs-version/qs-algo headers), CBOR, JWK

  • Cross-format round-trip: Python ↔ TypeScript ↔ Rust use the same envelope

KEM module

  • KEM — single-algorithm PQC KEM with backend dispatch

  • HybridKEM — X25519+ML-KEM combined KEM (default: X25519+ML-KEM-768)

  • HKDF-SHA256 hybrid combiner following draft-ietf-tls-hybrid-design

  • P-256 support as alternative classical companion

  • Algorithm registry: ML-KEM-512/768/1024, BIKE-L1, HQC-128

Signatures module

  • Sign — single-algorithm PQC signer with hedged mode

  • HybridSign — Ed25519+ML-DSA combined signer (default: Ed25519+ML-DSA-65)

  • Hedged mode (default on): random prefix prevents fault injection attacks

  • Context string support for domain separation (per FIPS 204 §5.2)

  • Algorithm registry: ML-DSA-44/65/87, SLH-DSA-SHAKE-128s/128f

Backends

  • liboqs backend — full algorithm set via liboqs-python

  • rustcrypto backend — stub (FIPS-subset, pending PyO3 crate publication)

  • Auto-selection: tries rustcrypto first, falls back to liboqs

  • list_available_backends() for diagnostics

Protocol helpers

  • Envelope.seal() / Envelope.open() — KEM + AES-256-GCM authenticated encryption

  • JWTSigner / JWTVerifier — PQC JWT (draft-ietf-jose-pqc-signatures identifiers)

  • HybridTLSConfig / configure_hybrid_context() — TLS hybrid key exchange

  • HybridCertificateBuilder — X.509 certs with PQC co-signature extension

Migration tooling

  • Scanner — AST-based classical crypto detector (14 rules, SARIF output)

  • MigrationStateManager — state machine for per-key migration tracking

  • Upgrader — upgrades classical keys to hybrid while preserving backward compat

  • FernetShim, JWTShim — drop-in shims with usage logging

  • qs-migrate CLI with scan, upgrade-key, status subcommands

Audit and compliance

  • Auditor — orchestrates scan + policy evaluation

  • AuditPolicy — configurable policy (presets: standard, strict, transition, permissive)

  • NISTComplianceChecker — maps findings to FIPS 203/204/205, SP 800-208, CISA checklist

  • SBOMEnricher — CycloneDX SBOM enrichment with PQC-readiness annotations

  • qs-audit CLI with scan, sbom, requirements, compliance subcommands

  • CI gate: Auditor.ci_gate() returns exit code 0/1 and writes SARIF/JSON

Internal

  • _internal.serialization — cbor2 (required) with JSON+base64 fallback for constrained environments

  • exceptions.py — full 3-level exception hierarchy with machine-readable code fields

Known limitations (v0.1.0)

  • RustCrypto backend is a stub — is_available() returns False until PyO3 crate ships

  • noble (JavaScript/WASM) backend is JS-only — not available in Python

  • TLS set_groups() requires OQS-patched OpenSSL — degrades gracefully without it

  • X.509 co-signature OID (1.3.6.1.4.1.99999.1) is a placeholder — register before production use

  • TypeScript/Rust scanner rules are planned for v0.2