-
Notifications
You must be signed in to change notification settings - Fork 3
Contributing
Turkana Nation edited this page Jun 6, 2026
·
1 revision
Contributions are welcome. pqcrypto is a cryptographic library, so correctness
and evidence are paramount — every change must keep the test gates green and must
not overstate what is claimed.
- Read CONTRIBUTING.md and the CODE_OF_CONDUCT.md.
- Read the Engineering Guide for setup, conventions, and security practices.
- Skim Architecture and Design Philosophy.
dart pub get
dart analyze # must exit 0
dart format --set-exit-if-changed . # formatting gate
dart test # full unit + KAT suite (VM)
dart test -p chrome # dart2js web gate
dart test -p chrome --compiler dart2wasm # dart2wasm web gate
dart test test/kat_evaluator_test.dart # ML-KEM KAT runner
dart test test/mldsa_kat_test.dart # ML-DSA KAT runner
npx markdownlint-cli2 "**/*.md" # docs lintOpenSSL interop (optional, needs OpenSSL ≥ 3.5) lives in
tool/openssl_interop/.
- Keep zero runtime dependencies. Vendor primitives in pure Dart rather than adding packages.
- No
print()inlib/. - Treat ML-KEM and ML-DSA separately — evidence for one does not imply the other.
-
Prefer repo-local fixtures under
test/data; no machine-local KAT paths. - Never claim CMVP/FIPS 140 validation. Keep wording within the evidence boundary.
- Update docs when the public API, validation evidence, or security posture changes.
- ROADMAP.md — release direction.
- PROGRESS_TRACKER.md — open work and gates.
- BUGS.md and IMPROVEMENTS.md.
Do not open a public issue for a vulnerability. Follow the coordinated disclosure process in SECURITY.md.
pqcrypto — pure Dart, zero-dependency post-quantum cryptography (ML-KEM FIPS 203 · ML-DSA FIPS 204) for Dart, Flutter, and the web · MIT License · pub.dev · Repository · Documentation Index
Algorithm/KAT-conformance and interoperability evidence — not a CMVP/FIPS 140 module validation.
pqcrypto Wiki
Getting started
Algorithms
Design & internals
Assurance
Integration
Project
Links