Name: Security Review
Author: cypherair

Review the current diff or specified files against CypherAir's security invariants.

Security Invariants Checklist

Zero network access — No HTTP, URLSession, NWConnection, no networked SDKs added.
No plaintext in logs — No print(), os_log(), or NSLog() of key material, passphrases, or decrypted content. Not even in DEBUG builds.
Memory zeroing — All sensitive Data buffers use resetBytes(in:). Rust side uses zeroize crate. Verify no early returns bypass zeroization.
AEAD hard-fail — Authentication failure during decryption must abort immediately. No partial plaintext returned.
SE wrapping scheme — HKDF info string ("CypherAir-SE-Wrap-v1:" + hexFingerprint) unchanged. Access control flags match the documented modes.
Permissions — Only NSFaceIDUsageDescription in Info.plist. No other usage descriptions added.
Secure random — Only SecRandomCopyBytes / CryptoKit (Swift) or (Rust). No , no .

Review the current diff or specified files against CypherAir's security invariants.

Zero network access — No HTTP, URLSession, NWConnection, no networked SDKs added.
No plaintext in logs — No print(), os_log(), or NSLog() of key material, passphrases, or decrypted content. Not even in DEBUG builds.
Memory zeroing — All sensitive Data buffers use resetBytes(in:). Rust side uses zeroize crate. Verify no early returns bypass zeroization.
AEAD hard-fail — Authentication failure during decryption must abort immediately. No partial plaintext returned.
SE wrapping scheme — HKDF info string ("CypherAir-SE-Wrap-v1:" + hexFingerprint) unchanged. Access control flags match the documented modes.
Permissions — Only NSFaceIDUsageDescription in Info.plist. No other usage descriptions added.
Secure random — Only SecRandomCopyBytes / CryptoKit (Swift) or (Rust). No , no .

Security Review