Join Nostr
2026-01-24 02:26:40 UTC
in reply to

zsub on Nostr: Rebased v0.4.0 RELEASED! - Rewrite of all remaining Python in pure Zig - Full ...

Rebased v0.4.0 RELEASED!

- Rewrite of all remaining Python in pure Zig
- Full isolation of keys in secure agent

You should even be able to run this under a split in QubesOS now.

-----

Unify dev cryptography with your npub

"git based" subcommand makes git, ssh and minisign Nostr-native and npub-based.

Unify your workflow — all driven by your Nostr identity(ies).

**Npub-based cryptographic unity**:

- Generate npub/nsec pairs (e.g. project keys) + claim your presence on Nostr
- Sign git commits and tags with your active npub
- SSH auth (clone, push, pull, ssh) via a drop-in ssh-agent replacement
- Minisign-compatible build signing, verification back to your npub
- Full dev life-cycle cryptography powered by your nsec

**Secure agent isolates your keys**:

- Key access requires an nsec encryption PIN — PIN cached in agent
- More sensitive ops re-prompt (get nsec or delete key)
- Keys stored encrypted on disk in ; easy switching
- All sensitive key material and operations isolated in the agent process
- Agent can be run split on Qubes, for further isolation
- Secrets decrypted only into mlock()’ed memory and zeroed immediately after use
- Sensitive user io (pin/nsec) are direct to user tty from your agent
- Secure, carefully crafted Zig 0.14 with zero deps, std lib only
- Tiny 1.8M binary means small attack surface

**Based Release**

- Linear release support—NO MERGE—will refuse if branch not ff on master.

**Nostr Broadcasts**

- Profile (kind 0)
- Repo card (kind 30617) — from
- Release (kind 30618) — from signed git tags
- Announcement / alert / RFC (kind 1)

https://codeberg.org/zsub/rebased
https://zsubmesh.net/downloads