Version: v1.0.0-beta | License: Apache-2.0 | Conformance: 134/134 vectors (byte-identical)
⚠️ Beta Notice: This is v1.0.0-beta. Feature-complete but may undergo internal refinements. Not recommended for production-critical environments yet.
Request integrity and replay protection for modern applications.
ASH ensures that every request is:
- Authentic
- Unmodified
- Single-use
- Bound to its endpoint
HTTPS protects transport. Authentication verifies identity. Authorization controls access.
But requests themselves can still be replayed or reused.
ASH adds a dedicated integrity layer.
Client → Sign → Send → Verify → Consume
Each request includes a cryptographic proof that becomes invalid after use.
ASH is not authentication. ASH is not authorization. ASH is not a firewall.
It is an additional security layer.
| Language | Package | Install | License |
|---|---|---|---|
| Rust | ashcore |
cargo add ashcore |
Apache-2.0 |
| Node.js | @3maem/ash-node-sdk |
npm install @3maem/ash-node-sdk |
Apache-2.0 |
- Zero runtime dependencies — uses only Node.js built-in
crypto - 1370+ tests — conformance, PT, security audit, QA, fuzz, property-based
- Three proof modes — basic, scoped (field-level), unified (scoped + request chaining)
- Express middleware —
ashExpressMiddleware()drop-in server verification - Fastify plugin —
ashFastifyPlugin()async plugin with request decoration - Context stores —
AshMemoryStore(in-memory) +AshRedisStore(production) - Scope policy registry — route-level field enforcement (exact, param, wildcard)
- CLI tool —
ash build,ash verify,ash hash,ash inspectfrom the terminal - Debug trace — step-by-step pipeline inspection with timing
- CJS + ESM + DTS — dual build with full TypeScript declarations
| Framework | Language | Directory |
|---|---|---|
| Express | Node.js | examples/express/ |
| Node Express | Node.js | examples/node-express/ |
| Actix | Rust | examples/actix/ |
Node.js SDK also includes built-in examples at packages/ash-node-sdk/examples/.
All active SDKs pass 134/134 vectors (byte-identical). Vectors are locked. Any behavior change requires version bump + regenerated vectors.
All SDKs are tested against a single authoritative set of 134 conformance vectors generated from the Rust reference implementation.
| SDK | Status | Runner |
|---|---|---|
| Rust | 134/134 | packages/ashcore/tests/conformance_suite.rs |
| Node.js | 134/134 | packages/ash-node-sdk/tests/conformance.test.ts |
See tests/conformance/README.md for vector format and determinism rules.
- Security Guide
- Security Whitepaper
- Architecture
- Attack Scenarios
- Threat Model
- Error Codes
- API Reference — Node.js
- API Reference — Rust
- Middleware Reference
- Conformance Governance
- Troubleshooting
Apache-2.0
See LICENSE for full terms.
Developed by 3maem | عمائم