An open-source workshop of cryptography, authentication, and infrastructure libraries — by engineer Ned Wolpert.
Site: codeheadsystems.github.io — all projects released under Apache 2.0 or MIT.
A production-grade, passkeys-first authentication template for the JVM. Ships as a reusable library set that can be dropped into a Spring Boot, Dropwizard, or Micronaut application; the core is framework-neutral and the host's user/credential storage is a plug-in SPI.
An implementation of the OPAQUE password-authenticated key exchange (PAKE), written from its RFC specifications. The server never sees the password — strong mutual authentication is achieved without transmitting any private credential material. Built on OPRF and elliptic-curve cryptography.
Implemented RFCs:
- RFC 9380 — Hash-to-Elliptic-Curve
- RFC 9497 — OPRF (mode 0)
- RFC 9807 — OPAQUE-3DH
Java (Bouncy Castle) with a bundled TypeScript client library. Rust, Go, and C# implementations are on the roadmap, alongside a cross-language test suite.
Small, sharp Java utilities — extracted from real services so they stay practical rather than aspirational.
| Library | Description |
|---|---|
| Feature-Flag | Lightweight A/B testing & feature toggles, inspired by an internal Alexa tool. |
| Codehead Test | Test utilities for Jupiter, Immutables, and Jackson. Small, easy to consume. |
| Database Test | Test helpers for Cassandra and unique-string generation. |
| Metrics | Dropwizard / Micrometer integration with Dagger support and unit-test helpers. |
| OOP Mock | Out-of-process mocking for functional tests — a spiritual successor to Amazon's Chameleon. |
| State Machine Redux | A KISS state machine. Import/export, games and services. |
| Local Queue | In-process queueing primitives. |
- Mastodon: @CodeHead@hachyderm.io
- GitHub: @wolpert
- LinkedIn: in/wolpert
- Email: ned dot wolpert at gmail dot com