agentic-research · jamestexas · Mar 10, 2026 · Mar 10, 2026 · Mar 10, 2026 · Mar 10, 2026
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -91,7 +91,7 @@ jobs:
     - name: Run gosec
       uses: securego/gosec@master
       with:
-        args: ./...
+        args: -exclude=G115 ./...
 
     - name: Run Trivy vulnerability scanner
       uses: aquasecurity/trivy-action@master

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 # 🛡️ go-cms
 
-[![Version](https://img.shields.io/badge/version-v0.0.1-blue.svg)](https://github.com/jamestexas/go-cms/releases/tag/v0.0.1)
+[![Version](https://img.shields.io/badge/version-v0.0.1-blue.svg)](https://github.com/agentic-research/go-cms/releases/tag/v0.0.1)
 
 **A personal Go library for CMS/PKCS#7 with Ed25519 support.**
 
@@ -30,7 +30,7 @@ The library is functional and the API is stable. All tests pass, including OpenS
 ## Installation
 
 ```bash
-go get github.com/jamestexas/go-cms
+go get github.com/agentic-research/go-cms
 ```
 
 ## Quick Start
@@ -53,7 +53,7 @@ import (
     "os"
     "time"
 
-    "github.com/jamestexas/go-cms/pkg/cms"
+    "github.com/agentic-research/go-cms/pkg/cms"
 )
 
 func main() {
@@ -141,7 +141,7 @@ The library provides two main functions:
 - `cms.SignData(data []byte, cert *x509.Certificate, privateKey ed25519.PrivateKey) ([]byte, error)` - Creates a CMS signature
 - `cms.Verify(cmsData, originalData []byte, opts VerifyOptions) ([]*x509.Certificate, error)` - Verifies a CMS signature
 
-For detailed API documentation, see [pkg.go.dev](https://pkg.go.dev/github.com/jamestexas/go-cms/pkg/cms).
+For detailed API documentation, see [pkg.go.dev](https://pkg.go.dev/github.com/agentic-research/go-cms/pkg/cms).
 
 ## Limits
 

diff --git a/cmd/cms-test-tool/main.go b/cmd/cms-test-tool/main.go
@@ -16,7 +16,7 @@ import (
 	"os"
 	"time"
 
-	"github.com/jamestexas/go-cms/pkg/cms"
+	"github.com/agentic-research/go-cms/pkg/cms"
 )
 
 func main() {

diff --git a/go.mod b/go.mod
@@ -1,3 +1,3 @@
-module github.com/jamestexas/go-cms
+module github.com/agentic-research/go-cms
 
 go 1.25.1
diff --git a/pkg/cms/signer.go b/pkg/cms/signer.go
@@ -34,7 +34,7 @@ import (
 	"sort"
 	"time"
 
-	"github.com/jamestexas/go-cms/pkg/cms/internal"
+	"github.com/agentic-research/go-cms/pkg/cms/internal"
 )
 
 // OID definitions for CMS/PKCS#7

diff --git a/pkg/cms/verifier.go b/pkg/cms/verifier.go
@@ -44,7 +44,7 @@ import (
 	"math/big"
 	"time"
 
-	"github.com/jamestexas/go-cms/pkg/cms/internal"
+	"github.com/agentic-research/go-cms/pkg/cms/internal"
 )
 
 // ASN.1 tag constants for better readability

diff --git a/pkg/cms/verifier_test.go b/pkg/cms/verifier_test.go
@@ -1493,12 +1493,14 @@ func testMakeSequenceHeader(length int) []byte {
 // This test uses a pre-generated signature to ensure we can correctly verify signatures
 // created by other tools, not just those created by our own signer.go.
 func TestVerifyGoldenVector(t *testing.T) {
-	// Golden vector: Ed25519 CMS signature generated by OpenSSL 3.0+
+	// Golden vector: Ed25519 CMS signature generated by OpenSSL 3.6+
 	// Command used: openssl cms -sign -binary -in data.txt -signer cert.pem -inkey key.pem -outform DER -out signature.der -md sha512
 	// Note: While Ed25519 has its own internal hashing, the CMS specification (RFC 5652) requires a digest algorithm to be specified in
 	// the SignerInfo structure. OpenSSL's `cms` command requires the `-md` flag to populate this field.
+	// Certificate generated with 100-year validity to avoid test breakage:
+	//   openssl req -new -x509 -key key.pem -out cert.pem -days 36500 -subj "/C=US/ST=Texas/L=Austin/O=Test Inc/CN=test.com"
 
-	goldenSignatureHex := "308203ce06092a864886f70d010702a08203bf308203bb020101310d300b0609608648016503040203300b06092a864886f70d010701a08201c1308201bd3082016fa00302010202147e853bb5a7d8abe2a8ae30cc05e36424c7cecb7e300506032b65703054310b3009060355040613025553310e300c06035504080c055465786173310f300d06035504070c0641757374696e3111300f060355040a0c085465737420496e633111300f06035504030c08746573742e636f6d301e170d3235313030383138333530345a170d3235313130373138333530345a3054310b3009060355040613025553310e300c06035504080c055465786173310f300d06035504070c0641757374696e3111300f060355040a0c085465737420496e633111300f06035504030c08746573742e636f6d302a300506032b6570032100baef537993a8ced502124eb0eaa34c63204acd331fab5b800729731c8d9bb9fca3533051301d0603551d0e0416041477fa8e0b66be14d46aba1ade7f113771b709bced301f0603551d2304183016801477fa8e0b66be14d46aba1ade7f113771b709bced300f0603551d130101ff040530030101ff300506032b657003410022f1423aec59020650a26a522787ed12dc13f13e11052d73e22515eb5ee4d93df4d2c9eaa96302c676f509de943c49b2ad131e7175323253b6a0280e013c1b0a318201d3308201cf020101306c3054310b3009060355040613025553310e300c06035504080c055465786173310f300d06035504070c0641757374696e3111300f060355040a0c085465737420496e633111300f06035504030c08746573742e636f6d02147e853bb5a7d8abe2a8ae30cc05e36424c7cecb7e300b0609608648016503040203a0820104301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3235313030383138333532325a304f06092a864886f70d01090431420440e13c3bc057b201cf52aad2b0abcb27f52ef3b852b67a8de2b801817274ed7b43ba36174ac0d03808e315cd9bb8cafe9dcddd1e2194cdfcabb688866735472bc8307906092a864886f70d01090f316c306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128300506032b65700440eded9479e2793080ad0367ecf216a3991eb5e3f72a4b7ed28bbdca55f85263d3e9885c4beefb64a0ad122d35dba7c0b5bd2d8c61219319a12639be0bb9321003"
+	goldenSignatureHex := "308203d006092a864886f70d010702a08203c1308203bd020101310d300b0609608648016503040203300b06092a864886f70d010701a08201c3308201bf30820171a0030201020214635f0e8aa05ed705c3024ffa6f16c9d4a3455ebe300506032b65703054310b3009060355040613025553310e300c06035504080c055465786173310f300d06035504070c0641757374696e3111300f060355040a0c085465737420496e633111300f06035504030c08746573742e636f6d3020170d3236303331303139343334325a180f32313236303231343139343334325a3054310b3009060355040613025553310e300c06035504080c055465786173310f300d06035504070c0641757374696e3111300f060355040a0c085465737420496e633111300f06035504030c08746573742e636f6d302a300506032b65700321009d5a257ae7ba072a07d26c425933820ec1e91762ef339890d7b92da077db6274a3533051301d0603551d0e0416041494820ca4e2e495d56e567ebe303dedb3617af11a301f0603551d2304183016801494820ca4e2e495d56e567ebe303dedb3617af11a300f0603551d130101ff040530030101ff300506032b657003410067a8591fab37d1577927e34a7f8072a1faf701c2db32dc7b142fb98cf0ae7ce851d49d7b652568dcec501c881dfbed52a4a4eb629da2b4775ad65d79de5cdd01318201d3308201cf020101306c3054310b3009060355040613025553310e300c06035504080c055465786173310f300d06035504070c0641757374696e3111300f060355040a0c085465737420496e633111300f06035504030c08746573742e636f6d0214635f0e8aa05ed705c3024ffa6f16c9d4a3455ebe300b0609608648016503040203a0820104301806092a864886f70d010903310b06092a864886f70d010701301c06092a864886f70d010905310f170d3236303331303230313230375a304f06092a864886f70d01090431420440e13c3bc057b201cf52aad2b0abcb27f52ef3b852b67a8de2b801817274ed7b43ba36174ac0d03808e315cd9bb8cafe9dcddd1e2194cdfcabb688866735472bc8307906092a864886f70d01090f316c306a300b060960864801650304012a300b0609608648016503040116300b0609608648016503040102300a06082a864886f70d0307300e06082a864886f70d030202020080300d06082a864886f70d0302020140300706052b0e030207300d06082a864886f70d0302020128300506032b65700440abb445d270a3882f3724d52748a31cfcf507c85fa221827f7aa65240b095a1544f82ddc1cf527934bba75864fd97a9ad0d9524a231d9572d3f3b72007a5deb0c"
 	goldenSignature, err := hex.DecodeString(goldenSignatureHex)
 	if err != nil {
 		t.Fatalf("Failed to decode golden signature: %v", err)
@@ -1507,16 +1509,16 @@ func TestVerifyGoldenVector(t *testing.T) {
 	goldenData := []byte("This is the data to be signed.")
 
 	goldenCertPEM := `-----BEGIN CERTIFICATE-----
-MIIBvTCCAW+gAwIBAgIUfoU7tafYq+KorjDMBeNkJMfOy34wBQYDK2VwMFQxCzAJ
+MIIBvzCCAXGgAwIBAgIUY18OiqBe1wXDAk/6bxbJ1KNFXr4wBQYDK2VwMFQxCzAJ
 BgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhhczEPMA0GA1UEBwwGQXVzdGluMREwDwYD
-VQQKDAhUZXN0IEluYzERMA8GA1UEAwwIdGVzdC5jb20wHhcNMjUxMDA4MTgzNTA0
-WhcNMjUxMTA3MTgzNTA0WjBUMQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
-DzANBgNVBAcMBkF1c3RpbjERMA8GA1UECgwIVGVzdCBJbmMxETAPBgNVBAMMCHRl
-c3QuY29tMCowBQYDK2VwAyEAuu9TeZOoztUCEk6w6qNMYyBKzTMfq1uABylzHI2b
-ufyjUzBRMB0GA1UdDgQWBBR3+o4LZr4U1Gq6Gt5/ETdxtwm87TAfBgNVHSMEGDAW
-gBR3+o4LZr4U1Gq6Gt5/ETdxtwm87TAPBgNVHRMBAf8EBTADAQH/MAUGAytlcANB
-ACLxQjrsWQIGUKJqUieH7RLcE/E+EQUtc+IlFete5Nk99NLJ6qljAsZ29QnelDxJ
-sq0THnF1MjJTtqAoDgE8Gwo=
+VQQKDAhUZXN0IEluYzERMA8GA1UEAwwIdGVzdC5jb20wIBcNMjYwMzEwMTk0MzQy
+WhgPMjEyNjAyMTQxOTQzNDJaMFQxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIDAVUZXhh
+czEPMA0GA1UEBwwGQXVzdGluMREwDwYDVQQKDAhUZXN0IEluYzERMA8GA1UEAwwI
+dGVzdC5jb20wKjAFBgMrZXADIQCdWiV657oHKgfSbEJZM4IOwekXYu8zmJDXuS2g
+d9tidKNTMFEwHQYDVR0OBBYEFJSCDKTi5JXVblZ+vjA97bNhevEaMB8GA1UdIwQY
+MBaAFJSCDKTi5JXVblZ+vjA97bNhevEaMA8GA1UdEwEB/wQFMAMBAf8wBQYDK2Vw
+A0EAZ6hZH6s30Vd5J+NKf4Byofr3AcLbMtx7FC+5jPCufOhR1J17ZSVo3OxQHIgd
+++1SpKTrYp2itHda1l153lzdAQ==
 -----END CERTIFICATE-----
 `
 	block, _ := pem.Decode([]byte(goldenCertPEM))
-Original file line number
+Diff line change
@@ Expand Up / @@ -16,7 +16,7 @@ import ( @@
     	"os"
     	"time"
-    	"github.com/jamestexas/go-cms/pkg/cms"
+    	"github.com/agentic-research/go-cms/pkg/cms"
     )
     func main() {
@@ Expand Down @@