filanti 1.0.0__tar.gz → 1.1.0__tar.gz

{filanti-1.0.0 → filanti-1.1.0}/PKG-INFO

@@ -1,6 +1,6 @@
 Metadata-Version: 2.4
 Name: filanti
-Version: 1.0.0
+Version: 1.1.0
 Summary: A modular, security-focused file framework for encryption, hashing, and integrity verification
 License: MIT
 License-File: LICENSE
@@ -48,7 +48,7 @@ Description-Content-Type: text/markdown
 
 ## Overview
 
-**Filanti** is a production-ready Python framework providing secure-by-default primitives for:
+**Filanti** is a Python framework providing secure-by-default primitives for:
 
 -  **File Encryption** - AES-256-GCM, ChaCha20-Poly1305 with password-based encryption
 -  **Asymmetric Encryption** - Hybrid encryption with X25519, RSA-OAEP for multi-recipient file exchange
@@ -359,6 +359,15 @@ with SecureString("my-password") as pwd:
 
 Secure secret injection for automation and CI/CD workflows. Avoid hardcoding passwords in scripts or command lines.
 
+**Supported Patterns:**
+
+| Pattern | Description | Example |
+|---------|-------------|---------|
+| `ENV:VAR` | Unix-style (original) | `ENV:MY_PASSWORD` |
+| `$env:VAR` | PowerShell-style | `$env:MY_PASSWORD` |
+| `${VAR}` | Shell variable expansion | `${MY_PASSWORD}` |
+| `env.VAR` | Dot notation (cross-platform) | `env.MY_PASSWORD` |
+
 ```python
 import os
 from filanti.api import Filanti
@@ -366,12 +375,23 @@ from filanti.api import Filanti
 # Set secret in environment (done by CI/CD, Docker, etc.)
 os.environ["ENCRYPT_PASSWORD"] = "my-secure-password"
 
-# Use ENV reference - secret is resolved at runtime
-Filanti.encrypt("secret.txt", password="ENV:ENCRYPT_PASSWORD")
-Filanti.decrypt("secret.txt.enc", password="ENV:ENCRYPT_PASSWORD")
+# All patterns are supported
+Filanti.encrypt("secret.txt", password="ENV:ENCRYPT_PASSWORD")      # Unix-style
+Filanti.encrypt("secret.txt", password="$env:ENCRYPT_PASSWORD")     # PowerShell
+Filanti.encrypt("secret.txt", password="${ENCRYPT_PASSWORD}")       # Shell-style
+Filanti.encrypt("secret.txt", password="env.ENCRYPT_PASSWORD")      # Dot notation
+
+# Load secrets from .env file
+Filanti.load_dotenv(".env")
+Filanti.encrypt("secret.txt", password="ENV:SECRET_FROM_DOTENV")
+
+# Or load during encryption
+Filanti.encrypt("secret.txt", password="ENV:MY_KEY", dotenv_path=".env")
 
 # Check if value is an ENV reference
-Filanti.is_env_reference("ENV:MY_SECRET")  # True
+Filanti.is_env_reference("ENV:MY_SECRET")     # True
+Filanti.is_env_reference("$env:MY_SECRET")    # True
+Filanti.is_env_reference("${MY_SECRET}")      # True
 
 # Resolve secret manually
 password = Filanti.resolve_secret("ENV:ENCRYPT_PASSWORD")
@@ -392,11 +412,25 @@ safe = Filanti.safe_json_output(data, secret_keys=["password"])
 # Set environment variable
 export ENCRYPT_PASSWORD="my-secure-password"
 
-# Use in CLI commands
+# All pattern formats work in --password
 filanti encrypt secret.txt --password ENV:ENCRYPT_PASSWORD
-filanti decrypt secret.txt.enc --password ENV:ENCRYPT_PASSWORD
-filanti mac file.txt --key ENV:HMAC_KEY
-filanti sign document.pdf --key mykey --password ENV:KEY_PASSWORD
+filanti encrypt secret.txt --password '$env:ENCRYPT_PASSWORD'  # PowerShell
+filanti encrypt secret.txt --password '${ENCRYPT_PASSWORD}'    # Shell-style
+filanti encrypt secret.txt --password env.ENCRYPT_PASSWORD     # Dot notation
+
+# PowerShell-friendly --env option (no special characters)
+filanti encrypt secret.txt --env ENCRYPT_PASSWORD
+filanti decrypt secret.txt.enc --env ENCRYPT_PASSWORD
+
+# Load from .env file
+filanti encrypt secret.txt --dotenv .env --env-key MY_PASSWORD
+filanti mac file.txt --dotenv secrets.env --env-key HMAC_KEY
+
+# All secret-accepting commands support these options:
+#   --password   Literal or ENV pattern
+#   --env        Variable name (PowerShell-friendly)
+#   --dotenv     Path to .env file
+#   --env-key    Variable name from .env file
 ```
 
 **Benefits:**
@@ -404,6 +438,43 @@ filanti sign document.pdf --key mykey --password ENV:KEY_PASSWORD
 -  Works with CI/CD (GitHub Actions, GitLab CI, Jenkins)
 -  Compatible with Docker/Kubernetes secrets
 -  12-factor app compliance
+-  PowerShell-native syntax support
+-  Cross-platform .env file loading
+
+###  Secure File Deletion
+
+Delete original files securely after encryption/decryption operations.
+
+```python
+from filanti.api import Filanti
+
+# Encrypt and securely delete original
+Filanti.encrypt("secret.txt", password="my-pass", remove_source=True)
+# Original file is securely overwritten before deletion
+
+# Decrypt and remove encrypted file
+Filanti.decrypt("secret.txt.enc", password="my-pass", remove_source=True)
+# Encrypted file is securely deleted after decryption
+
+# Use faster (non-secure) deletion
+Filanti.encrypt("secret.txt", password="my-pass", 
+                remove_source=True, secure_delete=False)
+```
+
+**CLI Support:**
+
+```bash
+# Encrypt and securely delete original
+filanti encrypt secret.txt --password mypass --remove-source
+
+# Decrypt and remove encrypted file
+filanti decrypt secret.txt.enc --password mypass --remove-source
+
+# Use faster (non-secure) deletion
+filanti encrypt secret.txt --password mypass --remove-source --no-secure-delete
+```
+
+> ⚠️ **Note:** Secure deletion provides defense-in-depth but has limitations on SSDs with wear-leveling, journaling filesystems, and cloud-synced folders. For maximum security, use full-disk encryption.
 
 ###  Asymmetric / Hybrid Encryption
 
@@ -834,40 +905,72 @@ safe_output = redact_secret("Password is secret123", "secret123")
 
 ---
 
-## Architecture
+[//]: # (## Architecture)
 
-```
-filanti/
-├── core/              
-│   ├── errors.py      
-│   ├── file_manager.py 
-│   ├── metadata.py    
-│   ├── plugins.py     
-│   ├── secrets.py     
-│   └── secure_memory.py 
-│
-├── crypto/            
-│   ├── encryption.py  
-│   ├── decryption.py  
-│   ├── key_management.py 
-│   ├── kdf.py         
-│   ├── streaming.py   
-│   └── asymmetric.py  
-│
-├── hashing/           
-│   └── crypto_hash.py 
-│
-├── integrity/        
-│   ├── checksum.py    
-│   ├── mac.py         
-│   └── signature.py   
-│
-├── cli/               
-│   └── main.py        
-│
-└── api/               
-    └── sdk.py         
-```
+[//]: # ()
+[//]: # (```)
+
+[//]: # (filanti/)
+
+[//]: # (├── core/              )
+
+[//]: # (│   ├── errors.py      )
+
+[//]: # (│   ├── file_manager.py )
+
+[//]: # (│   ├── metadata.py    )
+
+[//]: # (│   ├── plugins.py     )
+
+[//]: # (│   ├── secrets.py     )
+
+[//]: # (│   └── secure_memory.py )
+
+[//]: # (│)
+
+[//]: # (├── crypto/            )
+
+[//]: # (│   ├── encryption.py  )
+
+[//]: # (│   ├── decryption.py  )
+
+[//]: # (│   ├── key_management.py )
+
+[//]: # (│   ├── kdf.py         )
+
+[//]: # (│   ├── streaming.py   )
+
+[//]: # (│   └── asymmetric.py  )
+
+[//]: # (│)
+
+[//]: # (├── hashing/           )
+
+[//]: # (│   └── crypto_hash.py )
+
+[//]: # (│)
+
+[//]: # (├── integrity/        )
+
+[//]: # (│   ├── checksum.py    )
+
+[//]: # (│   ├── mac.py         )
+
+[//]: # (│   └── signature.py   )
+
+[//]: # (│)
+
+[//]: # (├── cli/               )
+
+[//]: # (│   └── main.py        )
+
+[//]: # (│)
+
+[//]: # (└── api/               )
+
+[//]: # (    └── sdk.py         )
+
+[//]: # (```)
 
 ### Module Dependencies
 
@@ -1128,7 +1231,8 @@ encrypt_stream_file(input_path, output_path, key, chunk_size=16*1024)   # 16 KB
 
 ---
 
-## Contributing
+## Contributors || Acknowledgements
+[@stephenlb](https://github.com/stephenlb) Thanks for the inspiration and guidance on encryption and security best practices.
 
 ### Development Setup
 
@@ -1159,15 +1263,21 @@ pip install -e ".[dev]"
 
 [//]: # (```)
 
-### Pull Request Guidelines
+[//]: # (### Pull Request Guidelines)
 
-1. Write tests for new features
-2. Update documentation
-3. Follow existing code style
-4. Add type hints
-5. Run full test suite before submitting
+[//]: # ()
+[//]: # (1. Write tests for new features)
 
----
+[//]: # (2. Update documentation)
+
+[//]: # (3. Follow existing code style)
+
+[//]: # (4. Add type hints)
+
+[//]: # (5. Run full test suite before submitting)
+
+[//]: # ()
+[//]: # (---)
 
 ## Changelog
 

{filanti-1.0.0 → filanti-1.1.0}/README.md

@@ -18,7 +18,7 @@
 
 ## Overview
 
-**Filanti** is a production-ready Python framework providing secure-by-default primitives for:
+**Filanti** is a Python framework providing secure-by-default primitives for:
 
 -  **File Encryption** - AES-256-GCM, ChaCha20-Poly1305 with password-based encryption
 -  **Asymmetric Encryption** - Hybrid encryption with X25519, RSA-OAEP for multi-recipient file exchange
@@ -329,6 +329,15 @@ with SecureString("my-password") as pwd:
 
 Secure secret injection for automation and CI/CD workflows. Avoid hardcoding passwords in scripts or command lines.
 
+**Supported Patterns:**
+
+| Pattern | Description | Example |
+|---------|-------------|---------|
+| `ENV:VAR` | Unix-style (original) | `ENV:MY_PASSWORD` |
+| `$env:VAR` | PowerShell-style | `$env:MY_PASSWORD` |
+| `${VAR}` | Shell variable expansion | `${MY_PASSWORD}` |
+| `env.VAR` | Dot notation (cross-platform) | `env.MY_PASSWORD` |
+
 ```python
 import os
 from filanti.api import Filanti
@@ -336,12 +345,23 @@ from filanti.api import Filanti
 # Set secret in environment (done by CI/CD, Docker, etc.)
 os.environ["ENCRYPT_PASSWORD"] = "my-secure-password"
 
-# Use ENV reference - secret is resolved at runtime
-Filanti.encrypt("secret.txt", password="ENV:ENCRYPT_PASSWORD")
-Filanti.decrypt("secret.txt.enc", password="ENV:ENCRYPT_PASSWORD")
+# All patterns are supported
+Filanti.encrypt("secret.txt", password="ENV:ENCRYPT_PASSWORD")      # Unix-style
+Filanti.encrypt("secret.txt", password="$env:ENCRYPT_PASSWORD")     # PowerShell
+Filanti.encrypt("secret.txt", password="${ENCRYPT_PASSWORD}")       # Shell-style
+Filanti.encrypt("secret.txt", password="env.ENCRYPT_PASSWORD")      # Dot notation
+
+# Load secrets from .env file
+Filanti.load_dotenv(".env")
+Filanti.encrypt("secret.txt", password="ENV:SECRET_FROM_DOTENV")
+
+# Or load during encryption
+Filanti.encrypt("secret.txt", password="ENV:MY_KEY", dotenv_path=".env")
 
 # Check if value is an ENV reference
-Filanti.is_env_reference("ENV:MY_SECRET")  # True
+Filanti.is_env_reference("ENV:MY_SECRET")     # True
+Filanti.is_env_reference("$env:MY_SECRET")    # True
+Filanti.is_env_reference("${MY_SECRET}")      # True
 
 # Resolve secret manually
 password = Filanti.resolve_secret("ENV:ENCRYPT_PASSWORD")
@@ -362,11 +382,25 @@ safe = Filanti.safe_json_output(data, secret_keys=["password"])
 # Set environment variable
 export ENCRYPT_PASSWORD="my-secure-password"
 
-# Use in CLI commands
+# All pattern formats work in --password
 filanti encrypt secret.txt --password ENV:ENCRYPT_PASSWORD
-filanti decrypt secret.txt.enc --password ENV:ENCRYPT_PASSWORD
-filanti mac file.txt --key ENV:HMAC_KEY
-filanti sign document.pdf --key mykey --password ENV:KEY_PASSWORD
+filanti encrypt secret.txt --password '$env:ENCRYPT_PASSWORD'  # PowerShell
+filanti encrypt secret.txt --password '${ENCRYPT_PASSWORD}'    # Shell-style
+filanti encrypt secret.txt --password env.ENCRYPT_PASSWORD     # Dot notation
+
+# PowerShell-friendly --env option (no special characters)
+filanti encrypt secret.txt --env ENCRYPT_PASSWORD
+filanti decrypt secret.txt.enc --env ENCRYPT_PASSWORD
+
+# Load from .env file
+filanti encrypt secret.txt --dotenv .env --env-key MY_PASSWORD
+filanti mac file.txt --dotenv secrets.env --env-key HMAC_KEY
+
+# All secret-accepting commands support these options:
+#   --password   Literal or ENV pattern
+#   --env        Variable name (PowerShell-friendly)
+#   --dotenv     Path to .env file
+#   --env-key    Variable name from .env file
 ```
 
 **Benefits:**
@@ -374,6 +408,43 @@ filanti sign document.pdf --key mykey --password ENV:KEY_PASSWORD
 -  Works with CI/CD (GitHub Actions, GitLab CI, Jenkins)
 -  Compatible with Docker/Kubernetes secrets
 -  12-factor app compliance
+-  PowerShell-native syntax support
+-  Cross-platform .env file loading
+
+###  Secure File Deletion
+
+Delete original files securely after encryption/decryption operations.
+
+```python
+from filanti.api import Filanti
+
+# Encrypt and securely delete original
+Filanti.encrypt("secret.txt", password="my-pass", remove_source=True)
+# Original file is securely overwritten before deletion
+
+# Decrypt and remove encrypted file
+Filanti.decrypt("secret.txt.enc", password="my-pass", remove_source=True)
+# Encrypted file is securely deleted after decryption
+
+# Use faster (non-secure) deletion
+Filanti.encrypt("secret.txt", password="my-pass", 
+                remove_source=True, secure_delete=False)
+```
+
+**CLI Support:**
+
+```bash
+# Encrypt and securely delete original
+filanti encrypt secret.txt --password mypass --remove-source
+
+# Decrypt and remove encrypted file
+filanti decrypt secret.txt.enc --password mypass --remove-source
+
+# Use faster (non-secure) deletion
+filanti encrypt secret.txt --password mypass --remove-source --no-secure-delete
+```
+
+> ⚠️ **Note:** Secure deletion provides defense-in-depth but has limitations on SSDs with wear-leveling, journaling filesystems, and cloud-synced folders. For maximum security, use full-disk encryption.
 
 ###  Asymmetric / Hybrid Encryption
 
@@ -804,40 +875,72 @@ safe_output = redact_secret("Password is secret123", "secret123")
 
 ---
 
-## Architecture
+[//]: # (## Architecture)
 
-```
-filanti/
-├── core/              
-│   ├── errors.py      
-│   ├── file_manager.py 
-│   ├── metadata.py    
-│   ├── plugins.py     
-│   ├── secrets.py     
-│   └── secure_memory.py 
-│
-├── crypto/            
-│   ├── encryption.py  
-│   ├── decryption.py  
-│   ├── key_management.py 
-│   ├── kdf.py         
-│   ├── streaming.py   
-│   └── asymmetric.py  
-│
-├── hashing/           
-│   └── crypto_hash.py 
-│
-├── integrity/        
-│   ├── checksum.py    
-│   ├── mac.py         
-│   └── signature.py   
-│
-├── cli/               
-│   └── main.py        
-│
-└── api/               
-    └── sdk.py         
-```
+[//]: # ()
+[//]: # (```)
+
+[//]: # (filanti/)
+
+[//]: # (├── core/              )
+
+[//]: # (│   ├── errors.py      )
+
+[//]: # (│   ├── file_manager.py )
+
+[//]: # (│   ├── metadata.py    )
+
+[//]: # (│   ├── plugins.py     )
+
+[//]: # (│   ├── secrets.py     )
+
+[//]: # (│   └── secure_memory.py )
+
+[//]: # (│)
+
+[//]: # (├── crypto/            )
+
+[//]: # (│   ├── encryption.py  )
+
+[//]: # (│   ├── decryption.py  )
+
+[//]: # (│   ├── key_management.py )
+
+[//]: # (│   ├── kdf.py         )
+
+[//]: # (│   ├── streaming.py   )
+
+[//]: # (│   └── asymmetric.py  )
+
+[//]: # (│)
+
+[//]: # (├── hashing/           )
+
+[//]: # (│   └── crypto_hash.py )
+
+[//]: # (│)
+
+[//]: # (├── integrity/        )
+
+[//]: # (│   ├── checksum.py    )
+
+[//]: # (│   ├── mac.py         )
+
+[//]: # (│   └── signature.py   )
+
+[//]: # (│)
+
+[//]: # (├── cli/               )
+
+[//]: # (│   └── main.py        )
+
+[//]: # (│)
+
+[//]: # (└── api/               )
+
+[//]: # (    └── sdk.py         )
+
+[//]: # (```)
 
 ### Module Dependencies
 
@@ -1098,7 +1201,8 @@ encrypt_stream_file(input_path, output_path, key, chunk_size=16*1024)   # 16 KB
 
 ---
 
-## Contributing
+## Contributors || Acknowledgements
+[@stephenlb](https://github.com/stephenlb) Thanks for the inspiration and guidance on encryption and security best practices.
 
 ### Development Setup
 
@@ -1129,15 +1233,21 @@ pip install -e ".[dev]"
 
 [//]: # (```)
 
-### Pull Request Guidelines
+[//]: # (### Pull Request Guidelines)
 
-1. Write tests for new features
-2. Update documentation
-3. Follow existing code style
-4. Add type hints
-5. Run full test suite before submitting
+[//]: # ()
+[//]: # (1. Write tests for new features)
 
----
+[//]: # (2. Update documentation)
+
+[//]: # (3. Follow existing code style)
+
+[//]: # (4. Add type hints)
+
+[//]: # (5. Run full test suite before submitting)
+
+[//]: # ()
+[//]: # (---)
 
 ## Changelog
 

{filanti-1.0.0 → filanti-1.1.0}/filanti/__init__.py

@@ -5,7 +5,7 @@ Provides secure-by-default primitives for file encryption, hashing,
 and integrity verification.
 """
 
-__version__ = "1.0.0"
+__version__ = "1.1.0"
 __author__ = "Decliqe"
 
 from filanti.core.errors import (