From f0a9b0f32cc09c3a59ea65a5f25f8878fd229adf Mon Sep 17 00:00:00 2001
From: Daniel Togey <dannykosgei@gmail.com>
Date: Thu, 11 Dec 2025 20:40:41 +0300
Subject: [PATCH 1/2] add workflow for creating releases with binaries

---
 .github/workflows/release.yml | 93 +++++++++++++++++++++++++++++++++++
 1 file changed, 93 insertions(+)
 create mode 100644 .github/workflows/release.yml

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
new file mode 100644
index 0000000..62f45e7
--- /dev/null
+++ b/.github/workflows/release.yml
@@ -0,0 +1,93 @@
+name: Release
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+jobs:
+  release:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      
+      - name: Set up Go
+        uses: actions/setup-go@v4
+        with:
+          go-version: '1.23'
+      
+      - name: Run tests
+        run: go test -v ./...
+      
+      - name: Build binaries
+        run: |
+          # Linux AMD64
+          GOOS=linux GOARCH=amd64 go build -o bin/dg-linux-amd64 .
+          
+          # Linux ARM64
+          GOOS=linux GOARCH=arm64 go build -o bin/dg-linux-arm64 .
+          
+          # macOS AMD64 (Intel)
+          GOOS=darwin GOARCH=amd64 go build -o bin/dg-darwin-amd64 .
+          
+          # macOS ARM64 (Apple Silicon)
+          GOOS=darwin GOARCH=arm64 go build -o bin/dg-darwin-arm64 .
+          
+          # Windows AMD64
+          GOOS=windows GOARCH=amd64 go build -o bin/dg-windows-amd64.exe .
+      
+      - name: Create checksums
+        run: |
+          cd bin
+          sha256sum * > checksums.txt
+      
+      - name: Create Release
+        uses: softprops/action-gh-release@v1
+        with:
+          files: |
+            bin/dg-linux-amd64
+            bin/dg-linux-arm64
+            bin/dg-darwin-amd64
+            bin/dg-darwin-arm64
+            bin/dg-windows-amd64.exe
+            bin/checksums.txt
+          body: |
+            ## detergen ${{ github.ref_name }}
+            
+            Deterministic password generator with Argon2 hashing.
+            
+            ### Installation
+            
+            Download the binary for your platform:
+            - **Linux (x64)**: `dg-linux-amd64`
+            - **Linux (ARM64)**: `dg-linux-arm64`
+            - **macOS (Intel)**: `dg-darwin-amd64`
+            - **macOS (Apple Silicon)**: `dg-darwin-arm64`
+            - **Windows**: `dg-windows-amd64.exe`
+            
+            Make it executable (Linux/macOS):
+            ```bash
+            chmod +x dg-*
+            sudo mv dg-* /usr/local/bin/dg
+            ```
+            
+            ### Usage
+            
+            ```bash
+            # Generate password
+            dg generate myword -s facebook
+            
+            # Custom length
+            dg generate myword -s twitter -l 16
+            ```
+            
+            ### Checksums
+            
+            Verify your download with `checksums.txt`
+          draft: false
+          prerelease: false
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file

From c162269646a4adf9a618d374ac1aabe47a77835b Mon Sep 17 00:00:00 2001
From: Daniel Togey <dannykosgei@gmail.com>
Date: Thu, 11 Dec 2025 20:41:02 +0300
Subject: [PATCH 2/2] add readme.md

---
 README.md | 135 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 135 insertions(+)
 create mode 100644 README.md

diff --git a/README.md b/README.md
new file mode 100644
index 0000000..b9265fe
--- /dev/null
+++ b/README.md
@@ -0,0 +1,135 @@
+# detergen
+
+[![Go Version](https://img.shields.io/badge/Go-1.23+-00ADD8?logo=go&logoColor=white)](https://go.dev/)
+[![License](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](LICENSE)
+
+A deterministic password generator CLI tool that creates strong, reproducible passwords using Argon2id hashing.
+
+## Overview
+
+**detergen** (short for *deterministic generator*) solves a common problem: remembering unique, strong passwords for every service without relying on password managers that store your secrets. Instead of storing passwords, detergen *derives* them deterministically from a base word and salt combination using the memory-hard Argon2id algorithm.
+
+The same input will always produce the same output, meaning you can regenerate your password anytime—you just need to remember your base word and what salt you used (typically the service name).
+
+## Installation
+
+### From Releases (Recommended)
+
+Download the latest binary for your platform from the [Releases](https://github.com/danielkosgei/detergen/releases) page:
+
+| Platform              | Binary                   |
+|-----------------------|--------------------------|
+| Linux (x64)           | `dg-linux-amd64`         |
+| Linux (ARM64)         | `dg-linux-arm64`         |
+| macOS (Intel)         | `dg-darwin-amd64`        |
+| macOS (Apple Silicon) | `dg-darwin-arm64`        |
+| Windows               | `dg-windows-amd64.exe`   |
+
+**Linux/macOS:**
+
+```bash
+# Download (example for Linux x64)
+curl -LO https://github.com/danielkosgei/detergen/releases/latest/download/dg-linux-amd64
+
+# Make executable and move to PATH
+chmod +x dg-linux-amd64
+sudo mv dg-linux-amd64 /usr/local/bin/dg
+```
+
+**Windows:**
+
+Download `dg-windows-amd64.exe` and add it to your PATH, or run it directly.
+
+## Usage
+
+### Basic Usage
+
+```bash
+# Generate a password with a base word and salt
+dg generate mybaseword --salt facebook
+```
+
+### Custom Length
+
+```bash
+# Generate a 16-character password (default is 12, minimum is 8)
+dg generate mybaseword --salt twitter --length 16
+
+# Short flags work too
+dg generate mybaseword -s github -l 20
+```
+
+### Examples
+
+```bash
+# Social media
+dg generate mysecret -s facebook    # Always produces the same password
+dg generate mysecret -s twitter     # Different salt = different password
+dg generate mysecret -s instagram
+
+# Work accounts
+dg generate workpass -s slack -l 16
+dg generate workpass -s jira -l 16
+
+# Banking (use longer passwords)
+dg generate bankpass -s chase -l 24
+```
+
+### Command Reference
+
+```
+Usage:
+  dg generate [baseword] [flags]
+
+Flags:
+  -h, --help            help for generate
+  -l, --length int      Length of the generated password (default: 12, min: 8)
+  -s, --salt string     Salt/site name for unique passwords (e.g., facebook, twitter)
+```
+
+## How It Works
+
+detergen uses [Argon2id](https://en.wikipedia.org/wiki/Argon2), the winner of the 2015 Password Hashing Competition, to derive passwords. Argon2id combines the benefits of both Argon2d (resistant to GPU cracking) and Argon2i (resistant to side-channel attacks).
+
+**Parameters used:**
+- **Time cost:** 3 iterations
+- **Memory cost:** 256 MB
+- **Parallelism:** 4 threads
+- **Output:** 32 bytes
+
+**Password generation process:**
+1. Combine the base word and salt into a single input
+2. Hash the input using Argon2id with a fixed internal salt (`detergen-v1`)
+3. Use the hash bytes to select characters from the character set
+4. Guarantee at least one uppercase, one lowercase, one digit, and one special character
+5. Deterministically shuffle the result using additional hash bytes
+
+This ensures:
+- High computational cost for attackers trying to brute-force
+- Consistent output for the same inputs
+- Passwords that meet common complexity requirements
+
+## Development
+
+```bash
+# Format code
+make fmt
+
+# Run vet
+make vet
+
+# Build
+make build
+
+# Run tests
+make test
+
+# Clean build artifacts
+make clean
+```
+
+## License
+
+This project is licensed under the Apache License 2.0 - see the [LICENSE](LICENSE) file for details.
+
+---