Skip to content

Consolidation#4

Merged
elementmerc merged 5 commits intodevfrom
consolidation
Apr 19, 2026
Merged

Consolidation#4
elementmerc merged 5 commits intodevfrom
consolidation

Conversation

@elementmerc
Copy link
Copy Markdown
Owner

@elementmerc elementmerc commented Apr 19, 2026

Flattens libstegcore submodule into crates/engine/, collapses dual licence to AGPL-3.0-or-later, switches copyright to The Malware Files, rewrites CLAUDE.md / ARCHITECTURE.md to monorepo reality, and purges internal scripts/tests from history.

(Supersedes auto-closed PR #3 — branch history was rewritten via git-filter-repo on both branches.)

What changed

  • Engine consolidation: libstegcore submodule replaced with a workspace crate at crates/engine/. FFI export layer removed; engine is now a pure Rust path dependency.
  • Licence: AGPL-3.0-or-later single licence. LICENSE-COMMERCIAL deleted. SPDX headers swept across ~64 source files.
  • Copyright: Attribution updated to The Malware Files.
  • Contact: ops@themalwarefiles.com replaces daniel@themalwarefiles.com.
  • CI/Docker: Submodule deploy-key dance removed.
  • Docs: CLAUDE.md and ARCHITECTURE.md rewritten.
  • History purge: scripts/ and tests/ directories removed from all commits via git-filter-repo. Repo size: 39 MB → 1.2 MB.
  • LSBSteg fingerprint: Added to engine as medium-confidence named-tool detector.
  • CI trigger widened: Now fires on PRs into dev, not just main.

Verification (local)

  • cargo build --workspace --release
  • cargo test --workspace → 151 pass, 0 fail, 1 ignored (Q-1, calibration-deferred)
  • cargo clippy --workspace --all-targets -- -D warnings
  • cargo fmt --check
  • Smoke test (embed/extract/analyse round-trip) ✅

Follow-ups (separate PRs)

  • Phase 8.4 per-detector calibration + apply thresholds to analysis.rs
  • Aletheia head-to-head benchmark
  • v4.0.0 release tag (not beta — build-in-public with real numbers)
  • GitHub org migration to The-Malware-Files
  • Private stegcore-lab repo (git-crypt) for internal scripts/tests

@elementmerc
Consolidation
4fa0c98
@elementmerc
docs: restyle Consolidation CHANGELOG entry
257b81e
@elementmerc
ci: trigger on PRs into dev too
f8ee837
@elementmerc
chore: restore /tools/ gitignore entry after filter-repo
0978927
@elementmerc
feat(engine): apply calibrated thresholds + fingerprint-led verdict
f5bb894 
- Per-detector thresholds set from Cassavia 2022 calibration (0% FPR).
- Fingerprint-led verdict: structural tool signatures override ensemble.
- OR-logic: any classical detector above its threshold raises to Suspicious.
- Drop fingerprint_by_statistics heuristic (imprecise tool attribution).
- Remove #[ignore] on sequential_embedded_scores_high.
@elementmerc elementmerc merged commit fd6b8be into dev Apr 19, 2026
6 checks passed
@elementmerc elementmerc deleted the consolidation branch April 19, 2026 20:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@elementmerc