feat: enhance GitHub/Keybase encryption with smart prefixes and recip… #99
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ient groups Add comprehensive usability improvements for encrypting pastes to GitHub and Keybase users, including short prefix shortcuts, recipient groups, auto-PGP detection, and multi-recipient support. ## New Features ### Smart Prefix Shortcuts - Add `gh:` as short prefix for GitHub users (e.g., `gh:torvalds`) - Add `kb:` as short prefix for Keybase users (e.g., `kb:username`) - Maintain backward compatibility with `github:` and `keybase:` prefixes - Prefix normalization happens transparently in keyManager ### Recipient Groups - Create groups of recipients with `--group-create` - Add/remove members with `--group-add` and `--group-remove` - List all groups with `--group-list` - Delete groups with `--group-delete` - Groups stored persistently in keydb.json - Encrypt to entire group with single command ### Multi-Recipient Support - Support space-separated recipients in `--for` option - Handle mixed recipient types (GitHub, Keybase, PGP, groups) - Automatic deduplication of recipients - Groups expand to all members during encryption ### Auto-PGP Detection - Automatically detect PGP encryption based on key type - No more manual `--pgp` flag required for GitHub/Keybase keys - Simplifies user experience and reduces errors ### Smart Recipient Resolution - Centralized resolution logic in recipientResolver.ts - Auto-fetch GitHub/Keybase keys on first use (JIT loading) - Intelligent fallback chain with helpful error messages - Pattern detection for emails, fingerprints, and prefixes ## Implementation Details ### New Files - `cli/recipientResolver.ts` - Unified recipient parsing and resolution - `cli/groupManager.ts` - Group CRUD operations with persistence ### Modified Files - `cli/encryptionUtils.ts` - Integrate resolver, support multiple recipients - `cli/keyManager.ts` - Add prefix normalization and group initialization - `cli/index.ts` - Add variadic --for option and group commands - `src/types/index.ts` - Add groups to KeyDatabase, ResolvedRecipient interface ### Documentation Updates - `README.md` - Add GitHub integration, groups sections, update examples - `src/muiStyles.ts` - Update landing page with new features section ## Usage Examples ```bash # Short prefixes dedpaste send --encrypt --for gh:torvalds # Multiple recipients dedpaste send --encrypt --for gh:alice kb:bob charlie@example.com # Groups dedpaste keys --group-create team gh:alice kb:bob dedpaste send --encrypt --for team ``` ## Technical Notes - Lazy imports prevent circular dependencies - 24-hour cache for GitHub keys maintained - Backward compatible - all existing syntax still works - Type-safe with full TypeScript support - Auto-PGP detection eliminates manual flags 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
github-actions bot
added a commit
that referenced
this pull request
Oct 23, 2025
Version bump type: minor PR: #99 Title: feat: enhance GitHub/Keybase encryption with smart prefixes and recip…
There was a problem hiding this comment.
Pull Request Overview
This PR adds comprehensive usability improvements for encrypting pastes to GitHub and Keybase users, introducing smart prefix shortcuts (gh:, kb:), recipient groups, multi-recipient support, and auto-PGP detection. The implementation centralizes recipient resolution logic and adds group management capabilities with persistent storage.
Key Changes:
- Smart prefix shortcuts enable
gh:userandkb:useras alternatives togithub:userandkeybase:user - Recipient groups allow creating named sets of recipients for easy multi-recipient encryption
- Auto-PGP detection eliminates manual
--pgpflags by inferring encryption type from recipient keys
Reviewed Changes
Copilot reviewed 8 out of 8 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| src/types/index.ts | Added groups field to KeyDatabase and new ResolvedRecipient interface for unified recipient handling |
| src/muiStyles.ts | Updated landing page to showcase new features including GitHub integration, groups, and short prefixes |
| cli/recipientResolver.ts | New centralized recipient resolution with prefix normalization, auto-fetch, and group expansion |
| cli/groupManager.ts | New group management module with CRUD operations and persistent storage in keydb.json |
| cli/keyManager.ts | Added prefix normalization in getKey() to support short prefixes across all key lookups |
| cli/index.ts | Added variadic --for option, group management commands, and updated examples |
| cli/encryptionUtils.ts | Refactored to support multiple recipients using resolver, with backward compatibility for single recipients |
| README.md | Updated documentation with GitHub integration, groups sections, and short prefix examples |
Comments suppressed due to low confidence (1)
cli/keyManager.ts:1
- The
updateLastUsedfunction only updatesdb.keys.friends[name]but doesn't handle keys stored inpgp,keybase, orgithubcollections. When encrypting for GitHub/Keybase users with normalized identifiers, the lastUsed timestamp won't be updated. The function should be enhanced to check all key collections, similar to howgetKey('any', name)works.
// Key database structure and management functions
Comment on lines
+153
to
+154
| const { addKeybaseKey } = await import('./keybaseUtils.js'); | ||
| await addKeybaseKey(username, normalized); |
There was a problem hiding this comment.
The function addKeybaseKey expects a KeybaseKeyAddInfo object as its second parameter (containing fields like key, username, keyId, email), but here it's being called with normalized which is a string. This will cause a runtime error. The correct approach would be to fetch the Keybase key first, then pass the proper info object to addKeybaseKey.
Suggested change
| const { addKeybaseKey } = await import('./keybaseUtils.js'); | |
| await addKeybaseKey(username, normalized); | |
| const { addKeybaseKey, fetchKeybasePGPInfo } = await import('./keybaseUtils.js'); | |
| // Fetch the Keybase PGP key info (returns { key, username, keyId, email, ... }) | |
| const keybaseKeyInfo = await fetchKeybasePGPInfo(username); | |
| await addKeybaseKey(username, keybaseKeyInfo); |
| if (shouldUsePgp) { | ||
| // For PGP with multiple recipients, we currently encrypt separately for each | ||
| // (Future enhancement: use OpenPGP multi-recipient encryption) | ||
| console.warn('Note: Encrypting separately for each recipient. Content will be duplicated.'); |
There was a problem hiding this comment.
This warning message is misleading because the code doesn't actually encrypt for multiple recipients - it only encrypts for the first recipient (line 86). Either implement true multi-recipient encryption or update the warning to accurately reflect that only the first recipient will receive the encrypted content.
Suggested change
| console.warn('Note: Encrypting separately for each recipient. Content will be duplicated.'); | |
| console.warn('Warning: Only the first recipient will receive the encrypted content. Multi-recipient encryption is not yet implemented.'); |
| output?: boolean; | ||
| encrypt?: boolean; | ||
| for?: string; | ||
| for?: string[]; // Changed to string[] to support multiple recipients |
There was a problem hiding this comment.
This comment is misleading because it says "Changed to" but doesn't mention that the type is actually string[] | undefined to maintain backward compatibility with the optional nature of the field. The comment should clarify that it supports both single and multiple recipients or simply state "Array of recipients for encryption".
Suggested change
| for?: string[]; // Changed to string[] to support multiple recipients | |
| for?: string[]; // Array of recipients for encryption (optional; supports multiple recipients) |
| // PGP encryption requires a recipient | ||
| if (!recipientName) { | ||
| throw new Error('PGP encryption requires specifying a recipient with --for. Self-encryption is not supported for PGP.'); | ||
| if (!recipientName || Array.isArray(recipientName)) { |
There was a problem hiding this comment.
The condition Array.isArray(recipientName) in this check is unreachable because arrays are already handled earlier (lines 54-137), so this path would never execute for array inputs. The condition should just check !recipientName or include a comment explaining this is a defensive check.
Suggested change
| if (!recipientName || Array.isArray(recipientName)) { | |
| if (!recipientName) { |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
…ient groups
Add comprehensive usability improvements for encrypting pastes to GitHub and Keybase users, including short prefix shortcuts, recipient groups, auto-PGP detection, and multi-recipient support.
New Features
Smart Prefix Shortcuts
gh:as short prefix for GitHub users (e.g.,gh:torvalds)kb:as short prefix for Keybase users (e.g.,kb:username)github:andkeybase:prefixesRecipient Groups
--group-create--group-addand--group-remove--group-list--group-deleteMulti-Recipient Support
--foroptionAuto-PGP Detection
--pgpflag required for GitHub/Keybase keysSmart Recipient Resolution
Implementation Details
New Files
cli/recipientResolver.ts- Unified recipient parsing and resolutioncli/groupManager.ts- Group CRUD operations with persistenceModified Files
cli/encryptionUtils.ts- Integrate resolver, support multiple recipientscli/keyManager.ts- Add prefix normalization and group initializationcli/index.ts- Add variadic --for option and group commandssrc/types/index.ts- Add groups to KeyDatabase, ResolvedRecipient interfaceDocumentation Updates
README.md- Add GitHub integration, groups sections, update examplessrc/muiStyles.ts- Update landing page with new features sectionUsage Examples
Technical Notes
🤖 Generated with Claude Code