Part V · 3 — Discipline and posture
The Stack's cryptography is not correct by luck — it is correct because there is a single place where it lives, a posture that guides it, and the agility to swap whatever needs swapping. This is the close of the compendium: from the how to the how to keep it.
3.1 koder_kit: a single chokepoint
The central lesson of Part I — *work at the highest layer; never assemble primitives by hand* — becomes code in engines/sdk/koder_kit. All of the Stack's cryptography passes through it (policies/reuse-first.kmd); no module reimplements:
| SDK API | What it delivers |
|---|---|
crypto.aead |
ChaCha20-Poly1305 + AES-GCM, nonce managed safely |
crypto.sign |
Ed25519 (default) and ML-DSA-65 (PQC, planned) |
crypto.kex |
X25519 + X25519MLKEM768 hybrid |
crypto.hash |
SHA-256/384, BLAKE3 |
crypto.kdf |
HKDF, Argon2id |
crypto.random |
CSPRNG wrapper |
crypto.constant_time |
comparison without a side channel |
The decisive point is the misuse-resistant API: it exposes seal(key,
plaintext, ad) and open(key, ciphertext, ad) — and does not expose raw ECBCBCCTR, manual nonce choice, or "encrypt without authenticating". The most common mistake of Part II is made impossible by construction: there is no way to ask for the insecure path.
As a corollary, direct cryptographic dependencies are forbidden in production code: the module calls the SDK, not the low-level library. One single place to audit, update, and migrate.
3.2 Posture: self-hosted and multi-tenant
Two policies shape every decision:
- Self-hosted first (
policies/self-hosted-first.kmd) — no third-party SaaS ina crypto-critical path when there is a Koder or auditable OSS alternative. Trust is not outsourced.
- Multi-tenant by default (
policies/multi-tenant-by-default.kmd) — per-tenantisolation is a premise, not a feature added later.
3.3 Agility: ready for the next swap
Because the SDK is the single point, the Stack gets crypto-agility for free (Part IV): adding ML-DSA-65 to crypto.sign or the post-quantum hybrid to crypto.kex is a change in one place, propagated to all consumers. The PQC migration — which in hardwired systems is a rewrite — is configuration here. That is why X25519MLKEM768 is already in pilot in TLS and SSH.
3.4 The complete picture
The arc closes. Every Koder Stack engineering decision is a primitive chosen on purpose:
| Koder need | Primitive/protocol | Part |
|---|---|---|
| Prove identity (JWT, passkey) | Ed25519, WebAuthn | I, II |
| Protect the connection (web, git) | TLS 1.3, SSH — AEAD + KEX + signature | II, III |
| Resist quantum | X25519MLKEM768, ML-DSA-65 | IV |
| Encrypt files and backups | AEAD (kzip) | II |
| Store keys | HSM, HKDF, Shamir | II |
| Not err in implementation | koder_kit (misuse-resistant API) | I |
From intuition (Part I) to the primitives (II), to the protocols (III), to the post-quantum future (IV), all the way to the code that runs in production: Koder's cryptography is one single discipline, applied with consistency. For the dense detail of any point, Part VIII — Reference is the almanac.
End of the narrated arc of the Cryptography Compendium. The five parts cover from the why to the how to the how to keep it. The reference layer stays alive and dense for consultation. Next domain of the genre: Blockchain (stack#196).