- Rewrite of all remaining Python in pure Zig
- Full isolation of keys in secure agent
You should even be able to run this under a split in QubesOS now.
-----
Unify dev cryptography with your npub
"git based" subcommand makes git, ssh and minisign Nostr-native and npub-based.
Unify your workflow — all driven by your Nostr identity(ies).
**Npub-based cryptographic unity**:
- Generate npub/nsec pairs (e.g. project keys) + claim your presence on Nostr
- Sign git commits and tags with your active npub
- SSH auth (clone, push, pull, ssh) via a drop-in ssh-agent replacement
- Minisign-compatible build signing, verification back to your npub
- Full dev life-cycle cryptography powered by your nsec
**Secure agent isolates your keys**:
- Key access requires an nsec encryption PIN — PIN cached in agent
- More sensitive ops re-prompt (get nsec or delete key)
- Keys stored encrypted on disk in ; easy switching
- All sensitive key material and operations isolated in the agent process
- Agent can be run split on Qubes, for further isolation
- Secrets decrypted only into mlock()’ed memory and zeroed immediately after use
- Sensitive user io (pin/nsec) are direct to user tty from your agent
- Secure, carefully crafted Zig 0.14 with zero deps, std lib only
- Tiny 1.8M binary means small attack surface
**Based Release**
- Linear release support—NO MERGE—will refuse if branch not ff on master.
**Nostr Broadcasts**
- Profile (kind 0)
- Repo card (kind 30617) — from
- Release (kind 30618) — from signed git tags
- Announcement / alert / RFC (kind 1)
https://codeberg.org/zsub/rebased
https://zsubmesh.net/downloads
