Skip to content

feat: public obfuscator #10

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

feat: public obfuscator #10

wants to merge 1 commit into from

Conversation

nekrich
Copy link

@nekrich nekrich commented Jul 29, 2025
edited
Loading

Summary

This PR extracts the core obfuscation functionality into a new library product ConfidentialObfuscator, enabling other CLI tools and Swift packages to use the obfuscation logic without depending on the swift-confidential CLI tool.

This change transforms the obfuscation functionality from a CLI-only tool into a reusable Swift library.

Why This Change?

The previous architecture tightly coupled the obfuscation logic with the CLI tool, making it difficult to:

  • Integrate obfuscation into other build tools or scripts
  • Use the functionality in Swift packages or frameworks
  • Create custom CLI tools with obfuscation capabilities
  • Test the obfuscation logic from a given config file to the resulting source file

What Changed

🆕 New Library Product

  • Added ConfidentialObfuscator library product with a clean public API
  • New public method: ConfidentialObfuscator.obfuscate(configurationData:) throws -> String
    • Takes YAML configuration file data as Data input
    • Returns obfuscated Swift source code as a String
    • Encapsulates the entire obfuscation pipeline internally

🔄 Some refactoring

  • Extracted obfuscation logic from CLI tool into reusable library component
  • Updated CLI tool (swift-confidential) to use the new ConfidentialObfuscator API
  • Simplified SourceFileText to return text via text() method instead of writing directly to files
  • Cleaner separation between core obfuscation logic and CLI concerns

Breaking Changes

None. This is purely additive:

  • The existing swift-confidential CLI tool continues to work exactly as before
  • All existing functionality and APIs remain unchanged

Usage Example

import ConfidentialObfuscator
import Foundation

let yamlConfig = """
algorithm:
  - encrypt using aes-128-gcm
defaultAccessModifier: public
secrets:
  - name: apiKey
    value: my-secret-api-key
"""

let obfuscatedCode = try ConfidentialObfuscator.obfuscate(
    configurationData: Data(yamlConfig.utf8)
)

// Use the generated Swift code in your project
print(obfuscatedCode)

Alternatives considered

Make ConfidentialCore and Parsing public (I actually did this in the first place; I thought it would be the easy way 😅).

I think this will not work well from the consumer perspective since Configuration, SourceFileSpec, and other types will become public. Consumers will need to know how to do the obfuscation correctly.

The current solution looks better, since it leaves the configuration parsing and obfuscation logic in a black box, as with the CLI.

@nekrich
Copy link
Author

nekrich commented Aug 26, 2025
edited
Loading

Hello, @mgutski!
Can you please review this PR? Separating the obfuscation logic from the CLI would really help us with our internal tooling.
If you see that something can be done differently just let me know.

Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nekrich