pqcheck 0.13.0 → 0.13.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -10
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -22,7 +22,7 @@ Wire Cipherwake into your CI so every PR gets a Trust Diff comment when your dom
|
|
|
22
22
|
npx pqcheck onboard cipherwake.io
|
|
23
23
|
```
|
|
24
24
|
|
|
25
|
-
That runs in sequence: scan your domain → write the GitHub Action workflow → capture a vendor lockfile → generate a release checklist →
|
|
25
|
+
That runs in sequence: scan your domain → write the GitHub Action workflow → capture a vendor lockfile → generate a release checklist → commit + push. **No API key, no repo secret.** The scaffolded workflow uses GitHub Actions OIDC (`id-token: write`) to authenticate to Cipherwake — Free includes 30 Trust Diff calls/month per repo, no setup required.
|
|
26
26
|
|
|
27
27
|
**Or step-by-step if you prefer:**
|
|
28
28
|
|
|
@@ -30,20 +30,15 @@ That runs in sequence: scan your domain → write the GitHub Action workflow →
|
|
|
30
30
|
# 1. Scaffold a GitHub Actions workflow (interactive prompts)
|
|
31
31
|
npx pqcheck init
|
|
32
32
|
|
|
33
|
-
# 2.
|
|
34
|
-
# (Free tier: 30 Trust Diff calls/month)
|
|
35
|
-
|
|
36
|
-
# 3. Add the key as a repo secret:
|
|
37
|
-
# GitHub → Settings → Secrets → Actions → New secret
|
|
38
|
-
# Name: CIPHERWAKE_API_KEY Value: qpk_...
|
|
39
|
-
|
|
40
|
-
# 4. Commit + push
|
|
33
|
+
# 2. Commit + push
|
|
41
34
|
git add .github/workflows/cipherwake.yml
|
|
42
35
|
git commit -m "ci: add Cipherwake Trust Diff gate"
|
|
43
36
|
git push
|
|
44
37
|
```
|
|
45
38
|
|
|
46
|
-
That's it. Open a PR and Cipherwake comments inline when cert / SPKI / HSTS / CSP / DMARC / vendor scripts drift since your baseline.
|
|
39
|
+
That's it. The scaffolded workflow includes `permissions: id-token: write`, so the runner mints a signed OIDC token on each run and Cipherwake meters per repo — no secret to manage. Open a PR and Cipherwake comments inline when cert / SPKI / HSTS / CSP / DMARC / vendor scripts drift since your baseline.
|
|
40
|
+
|
|
41
|
+
**Need higher limits?** Paid tiers (Starter $29/mo · Growth $79/mo · Scale $199/mo) lift the per-repo quota to 1,000 / 10,000 / 50,000 calls/month. Generate an API key at [/account#api-keys](https://cipherwake.io/account#api-keys), then add it as the repo secret `CIPHERWAKE_API_KEY`. The Action uses the secret when present and falls back to OIDC when not — no code change needed to upgrade.
|
|
47
42
|
|
|
48
43
|
**Want more?**
|
|
49
44
|
- Pre-commit hook: `npx pqcheck deploy-check <domain>` before every deploy
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "pqcheck",
|
|
3
|
-
"version": "0.13.
|
|
3
|
+
"version": "0.13.1",
|
|
4
4
|
"description": "HTTPS posture scanner with Trust Diff for CI, vendor lockfile + drift alerts, cross-tenant key map, and HNDL/quantum-decryption risk scoring. Free, no signup.",
|
|
5
5
|
"keywords": [
|
|
6
6
|
"post-quantum",
|