Dilithium CodeSign WEB v1

```html

<!DOCTYPE html>

<html lang="en">

<head>

  <meta charset="UTF-8" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0"/>

  <title>Dilithium Code-Sign Web v1.0</title>

  <script src="https://cdn.jsdelivr.net/npm/@pq-crystals/dilithium@0.2.0/dist/dilithium.js"></script>

  <script src="https://cdn.jsdelivr.net/npm/crypto-js@4.1.1/crypto-js.js"></script>

  <style>

    body { font-family: system-ui; max-width: 600px; margin: 2rem auto; padding: 1rem; background: #f9f9fb; }

    h1 { text-align: center; }

    button { background: #007acc; color: white; border: none; padding: 0.8rem 1.2rem; margin: 0.5rem; border-radius: 6px; cursor: pointer; }

    input { padding: 0.5rem; margin: 0.5rem; width: 100%; }

    .status { margin-top: 1rem; font-weight: bold; }

  </style>

</head>

<body>

  <h1>Dilithium Code-Sign Web v1.0</h1>

  <p>Sign & verify git commits (browser-based)</p>

  <button onclick="initRepo()">Init Repo</button>

  <button onclick="signCommit()">Sign Current Commit</button>

  <input type="text" id="commit-sha" placeholder="Commit SHA" />

  <button onclick="verifyCommit()">Verify Commit</button>

  <button onclick="verifyChain()">Verify Chain</button>

  <div class="status" id="status"></div>

  <script>

    let pk, sk;

    const SIG_DIR = 'dilithium-sigs';

    async function sha3_256(data) {

      const buffer = await crypto.subtle.digest('SHA-256', data);

      return Array.from(new Uint8Array(buffer)).map(b => b.toString(16).padStart(2, '0')).join('');

    }

    async function initRepo() {

      const kp = await dilithium.keyPair();

      pk = kp.publicKey;

      sk = kp.privateKey;

      const pkHex = Array.from(pk).map(b => b.toString(16).padStart(2, '0')).join('');

      localStorage.setItem('dilithium_pk', pkHex);

      alert("Repo initialized. Public key saved.");

      setStatus("Initialized", "green");

    }

    async function signCommit() {

      if (!sk) return setStatus("Init repo first", "red");

      const commitData = prompt("Paste commit data (tree+parents+msg):");

      if (!commitData) return;

      const hash = await sha3_256(new TextEncoder().encode(commitData));

      const sig = await dilithium.sign(hash, sk);

      const sigHex = Array.from(sig).map(b => b.toString(16).padStart(2, '0')).join('');

      const commitId = prompt("Commit SHA:");

      const sigObj = { commit_id: commitId, signature: sigHex, public_key: localStorage.getItem('dilithium_pk'), timestamp: new Date().toISOString() };

      localStorage.setItem(`${SIG_DIR}/${commitId}`, JSON.stringify(sigObj));

      setStatus("Signed", "green");

    }

    async function verifyCommit() {

      const sha = document.getElementById('commit-sha').value;

      if (!sha) return setStatus("Enter SHA", "red");

      const sigJson = localStorage.getItem(`${SIG_DIR}/${sha}`);

      if (!sigJson) return setStatus("No sig", "red");

      const sigObj = JSON.parse(sigJson);

      const commitData = prompt("Paste same commit data:");

      const hash = await sha3_256(new TextEncoder().encode(commitData));

      const sig = hexToBytes(sigObj.signature);

      const pk = hexToBytes(sigObj.public_key);

      const valid = await dilithium.verify(hash, sig, pk);

      setStatus(valid ? "Verified" : "Failed", valid ? "green" : "red");

    }

    async function verifyChain() {

      setStatus("Chain verify not supported in browser", "red");

    }

    function hexToBytes(hex) {

      return Uint8Array.from(hex.match(/.{1,2}/g).map(b => parseInt(b, 16)));

    }

    function setStatus(msg, color) {

      const el = document.getElementById('status');

      el.textContent = msg;

      el.style.color = color;

    }

  </script>

</body>

</html>

```

---

**FINAL_Web_v1.0.html**  

- **Init Repo** → generate key  

- **Sign Current Commit** → paste data + SHA → save  

- **Verify Commit** → paste SHA + data → check  

---

**Next?**  

Say: **Make PWA**  

→ I’ll give you **FINAL_PWA_v1.0**

**Go.**