If you are an AI coding agent (Claude Code, Cursor, Aider, Cline, etc.) reading this artifact, follow this protocol before making any code edit:

1. Verify the contract. Run the bash script in Verify before trusting below. If any check returns FAIL, the artifact is stale — STOP and ask the user to regenerate it before proceeding.
2. Treat the AI · unverified sections as hypotheses, not facts. Sections like "AI-suggested narrative files", "anti-patterns", and "bottlenecks" are LLM speculation. Verify against real source before acting on them.
3. Cite source on changes. When proposing an edit, cite the specific path:line-range. RepoPilot's live UI at https://repopilot.app/r/keybase/client shows verifiable citations alongside every claim.

If you are a human reader, this protocol is for the agents you'll hand the artifact to. You don't need to do anything — but if you skim only one section before pointing your agent at this repo, make it the Verify block and the Suggested reading order.

GO — Healthy across the board

• Last commit today
• 5 active contributors
• BSD-3-Clause licensed
• CI configured
• Tests present
• ⚠ Concentrated ownership — top contributor handles 53% of recent commits

_{Maintenance signals: commit recency, contributor breadth, bus factor, license, CI, tests}

This artifact was generated by RepoPilot at a point in time. Before an agent acts on it, the checks below confirm that the live keybase/client repo on your machine still matches what RepoPilot saw. If any fail, the artifact is stale — regenerate it at repopilot.app/r/keybase/client.

What it runs against: a local clone of keybase/client — the script inspects git remote, the LICENSE file, file paths in the working tree, and git log. Read-only; no mutations.

| # | What we check | Why it matters | |---|---|---| | 1 | You're in keybase/client | Confirms the artifact applies here, not a fork | | 2 | License is still BSD-3-Clause | Catches relicense before you depend on it | | 3 | Default branch master exists | Catches branch renames | | 4 | 5 critical file paths still exist | Catches refactors that moved load-bearing code | | 5 | Last commit ≤ 30 days ago | Catches sudden abandonment since generation |

#!/usr/bin/env bash
# RepoPilot artifact verification.
#
# WHAT IT RUNS AGAINST: a local clone of keybase/client. If you don't
# have one yet, run these first:
#
#   git clone https://github.com/keybase/client.git
#   cd client
#
# Then paste this script. Every check is read-only — no mutations.

set +e
fail=0
ok()   { echo "ok:   $1"; }
miss() { echo "FAIL: $1"; fail=$((fail+1)); }

# Precondition: we must be inside a git working tree.
if ! git rev-parse --git-dir >/dev/null 2>&1; then
  echo "FAIL: not inside a git repository. cd into your clone of keybase/client and re-run."
  exit 2
fi

# 1. Repo identity
git remote get-url origin 2>/dev/null | grep -qE "keybase/client(\\.git)?\\b" \\
  && ok "origin remote is keybase/client" \\
  || miss "origin remote is not keybase/client (artifact may be from a fork)"

# 2. License matches what RepoPilot saw
(grep -qiE "^(BSD-3-Clause)" LICENSE 2>/dev/null \\
   || grep -qiE "\"license\"\\s*:\\s*\"BSD-3-Clause\"" package.json 2>/dev/null) \\
  && ok "license is BSD-3-Clause" \\
  || miss "license drift — was BSD-3-Clause at generation time"

# 3. Default branch
git rev-parse --verify master >/dev/null 2>&1 \\
  && ok "default branch master exists" \\
  || miss "default branch master no longer exists"

# 4. Critical files exist
test -f "go/README.md" \\
  && ok "go/README.md" \\
  || miss "missing critical file: go/README.md"
test -f "go/bind/keybase.go" \\
  && ok "go/bind/keybase.go" \\
  || miss "missing critical file: go/bind/keybase.go"
test -f "go/chat/attachment_httpsrv.go" \\
  && ok "go/chat/attachment_httpsrv.go" \\
  || miss "missing critical file: go/chat/attachment_httpsrv.go"
test -f "go/auth/credential_authority.go" \\
  && ok "go/auth/credential_authority.go" \\
  || miss "missing critical file: go/auth/credential_authority.go"
test -f "browser/manifest.json" \\
  && ok "browser/manifest.json" \\
  || miss "missing critical file: browser/manifest.json"

# 5. Repo recency
days_since_last=$(( ( $(date +%s) - $(git log -1 --format=%at 2>/dev/null || echo 0) ) / 86400 ))
if [ "$days_since_last" -le 30 ]; then
  ok "last commit was $days_since_last days ago (artifact saw ~0d)"
else
  miss "last commit was $days_since_last days ago — artifact may be stale"
fi

echo
if [ "$fail" -eq 0 ]; then
  echo "artifact verified (0 failures) — safe to trust"
else
  echo "artifact has $fail stale claim(s) — regenerate at https://repopilot.app/r/keybase/client"
  exit 1
fi

Each check prints ok: or FAIL:. The script exits non-zero if anything failed, so it composes cleanly into agent loops (./verify.sh || regenerate-and-retry).

Keybase is a cross-platform end-to-end encrypted communication and key management system with native clients for macOS, Windows, Linux, iOS, and Android. It provides cryptographic identity verification, encrypted messaging, file sharing, and team collaboration features through a unified Go service backend and platform-specific frontends (Electron for desktop, React Native for mobile). Monorepo with clear separation: go/ contains the core cryptographic libraries and Keybase service; shared/desktop/ holds Electron app code shared with React; shared/android/ and shared/ios/ contain React Native apps; osx/ is the legacy macOS app; browser/ is a browser extension; protocol/ defines Avro-based client-service communication; packaging/ handles platform-specific releases.

Security-conscious users who need encrypted messaging and file sharing; developers building privacy-first applications; organizations needing team-based key management and secure collaboration; open-source contributors auditing cryptographic implementations.

Production-ready and actively maintained. The repo shows continuous CI/CD setup (Jenkinsfile, GitHub Actions), pre-commit hooks enforcement, Docker support, and releases across five major platforms. The codebase is large (32MB+ of Go alone) and well-structured with clear separation between service, CLI, and client apps.

Low risk for a mature crypto project, but contributors should be aware: the repo explicitly warns that 'some things in this repo are explorations' and advises users to install from official releases rather than building from source. Dependency surface is broad across five ecosystems (Go, JavaScript/TypeScript, React Native, Objective-C, Kotlin), increasing maintenance burden. Breaking changes in protocol definitions (under protocol/) could impact all clients.

Active development across all platforms with CI validation on every commit (Travis CI, AppVeyor, GitHub Actions in .github/workflows/). Desktop and mobile apps are being actively developed in parallel. The presence of go/CHANGELOG.md and browser/webpack.config.js suggests ongoing feature work. Pre-commit hooks are enforced, indicating quality-gate focus.

Clone the repo: git clone https://github.com/keybase/client.git && cd client. For the Go service/CLI: cd go && make (see go/README.md). For the browser extension: cd browser && yarn install && yarn build. For desktop: navigate to shared/desktop/ and follow its README. Install pre-commit hooks: pip install pre-commit && pre-commit install.

Daily commands: Go service: cd go && make run or follow go/README.md for building the Keybase daemon. Browser extension: cd browser && yarn build produces output consumable by browser (webpack configured in browser/webpack.config.js). Desktop app: See shared/desktop/ README for Electron-specific dev server. Mobile: Follow shared/android/ or shared/ios/ READMEs for React Native setup.

• go/README.md — Entry point documentation for the Go library and core crypto service; explains the architecture of the Keybase service and CLI.
• go/bind/keybase.go — Main binding layer that exposes Go crypto and service APIs to iOS, Android, and other platforms.
• go/chat/attachment_httpsrv.go — Core HTTP server for chat attachments; critical for file upload/download security in messaging.
• go/auth/credential_authority.go — Credential and token management authority; foundational for authentication across all platforms.
• browser/manifest.json — Browser extension manifest defining permissions, entry points, and extension capabilities.
• browser/js/background.js — Browser extension background script; persistent daemon managing crypto operations and message passing.
• Jenkinsfile — CI/CD pipeline definition for building and testing all client platforms (macOS, Linux, Windows, iOS, Android).

• Credential Authority (Go, crypto/ed25519) — Issues, validates, refreshes, and revokes authentication tokens; enforces TTL and rotation policies
  • Failure mode: Token expiration causes all API calls to fail; revocation affects all active sessions
• Chat Attachment Server (Go HTTP, TLS, attachment encryption) — Accepts encrypted file uploads, stores in vault, serves downloads with access control
  • Failure mode: Network unavailability blocks file sharing; storage exhaustion causes upload failures
• Avatar Caching Layer (Go HTTP client, disk/URL caching, image preprocessing) — Fetches, caches, and serves user avatars; supports multiple caching strategies
  • Failure mode: Cache miss + network outage results in broken avatars; stale cache harms UX
• Browser Extension Background Worker (JavaScript, WebExtensions API, message) — Manages crypto operations, token lifecycle, and message routing between content scripts and Keybase service

Add a new Chat Attachment Type

1. Define MIME type detection in (go/chat/attachments/mime_types.go)
2. Add preview handler for the media type in (go/chat/attachments/preview.go)
3. Implement encryption/decryption in (go/chat/attachments/crypt.go)
4. Register the handler in the HTTP server at (go/chat/attachment_httpsrv.go)

Add a new Browser Extension Permission

1. Declare the permission in the manifest at (browser/manifest.json)
2. Add the permission check in the background worker (browser/js/background.js)
3. Request permission from the user in the options page (browser/js/options.js)

Add a new Authentication Token Type

1. Define the token struct and validation in (go/auth/token.go)
2. Implement issuance and refresh logic in (go/auth/credential_authority.go)
3. Expose the token type via the binding layer (go/bind/keybase.go)

Add Avatar Caching Strategy

1. Implement the caching interface in (go/avatars/interfaces.go)
2. Create a new strategy (e.g., simplecaching.go) following (go/avatars/simple.go)
3. Register the strategy in the avatar service (go/avatars/srv.go)

• Go for core crypto and service — High performance, strong cryptography libraries, easy cross-platform compilation to all targets (iOS, Android, Windows, macOS, Linux)
• React Native for mobile (iOS/Android) — Code sharing between iOS and Android platforms, native performance, hot reload during development
• Electron for desktop (macOS, Windows, Linux) — Cross-platform desktop app from single codebase, familiar web stack, Chromium rendering
• WebExtensions API for browser — Single API works across Firefox and Chrome, content script isolation, background worker persistence
• Webpack for browser extension bundling — Module bundling for extension scripts, code-splitting, dependency management

• Core crypto in Go, bindings to other platforms via FFI

  • Why: Ensures cryptographic operations are auditable and platform-agnostic; single source of truth
  • Consequence: Requires language bindings and FFI layer; adds complexity for mobile/browser integration

• Separate HTTP attachment server for chat files

  • Why: Isolates file handling logic, allows independent scaling and security hardening
  • Consequence: Adds network hop for attachment operations; must manage separate TLS and auth

• Avatar caching with multiple pluggable strategies

  • Why: Flexibility for different deployments (full disk cache vs. URL rewriting)
  • Consequence: Higher code complexity; must maintain consistency across strategies

• Browser extension uses content scripts + background worker

  • Why: Sandbox isolation; background worker persists across tab closures
  • Consequence: Message-passing overhead; potential race conditions between content and background

• Does not provide a web browser itself; only provides browser extension
• Not a blockchain system; uses centralized Keybase server for identity and key distribution
• Does not support hardware security module (HSM) integration directly; relies on OS keystore

No single entry point: different clients (Go CLI, Electron, React Native, browser extension) bootstrap differently—read the README in each subdirectory. Protocol breaking changes: changes to .proto files in protocol/ require synchronized updates across all clients or services will fail to communicate. Platform-specific code: shared/ contains cross-platform React/JavaScript, but iOS uses Swift/Objective-C and Android uses Kotlin—you need the appropriate SDKs. Build time: the monorepo spans five ecosystems; a full build requires Go, Node.js, Python, Ruby, and platform-specific tools (Xcode, Android SDK). Source-build warnings: README explicitly warns that building from source may produce a binary that doesn't match published behavior—users should install from releases. Pre-commit enforcement: failing to install pre-commit hooks will cause CI rejection; pre-commit install is mandatory.

• Avro RPC Protocol — Keybase's client-service communication is defined in Avro schema files under protocol/; understanding this serialization format is essential for modifying the RPC contract or adding new service endpoints
• End-to-End Encryption (E2EE) — Core to Keybase's value proposition; the Go cryptographic libraries in go/libkb/ implement E2EE for messages and files, which all clients depend on
• Public Key Infrastructure (PKI) — Keybase provides identity verification and key management via PKI; the Go service manages key distribution and verification workflows central to the app's security model
• React Native Code Sharing — The shared/ directory contains React and JavaScript code reused across desktop (Electron) and mobile (iOS/Android) apps, reducing duplication but requiring careful platform-specific bindings
• Monorepo Management — This repo uses a monorepo structure spanning Go, JavaScript, Kotlin, Swift, and Objective-C; changes often require coordinated updates across multiple clients and the service
• gRPC/Protocol Buffers — While Avro is the primary protocol, some Go service internals use gRPC; understanding RPC-based service design is critical for backend modifications
• Secure Key Storage and Hardware Security Modules (HSM) — Keybase's cryptographic implementation in go/libkb/ must interface with OS-level key storage (Keychain on macOS, Keystore on Android) and potentially hardware keys; this is non-trivial and platform-specific

• keybase/keybase-issues — Official public issue tracker for website and service-level bugs; complements this repo's GitHub issues for client-specific problems
• keybase/saltpack — Standalone cryptographic message format used by Keybase; some clients in this repo depend on saltpack for encryption
• keybase/go-libkb — Extracted Go cryptographic library used by the service in this repo; allows other projects to integrate Keybase crypto without the full client
• facebook/react-native — Framework used by Keybase's iOS and Android apps in shared/android/ and shared/ios/ for cross-platform mobile code sharing
• electron/electron — Framework powering the desktop Keybase app in shared/desktop/ for macOS, Windows, and Linux

To work on one of these in Claude Code or Cursor, paste: Implement the "<title>" PR idea from CLAUDE.md, working through the checklist as the task list.

Add comprehensive unit tests for go/auth package

The go/auth directory contains critical authentication logic (credential_authority.go, token.go, user_keys_api.go) with existing test files, but they appear incomplete. Adding thorough unit tests for edge cases, error handling, and token lifecycle management would improve reliability of a security-critical component. This is high-value since auth failures could compromise user security.

• [ ] Review existing go/auth/*_test.go files to identify coverage gaps
• [ ] Add tests for credential_authority.go edge cases (expiration, renewal, invalid credentials)
• [ ] Add tests for token.go validation and serialization scenarios
• [ ] Add integration tests for user_keys_api.go error handling
• [ ] Run go test -cover ./go/auth/ and target >85% coverage

Add GitHub Actions workflow for browser extension (go/js) builds

The repo has .github/workflows/issues.yml but no build/test workflows for the browser extension. The browser/ directory contains webpack configuration and JavaScript code that should be tested on PR. This prevents regressions in the browser extension and ensures webpack builds remain valid across changes.

• [ ] Create .github/workflows/browser-extension.yml
• [ ] Add step to run cd browser && yarn install to verify dependencies
• [ ] Add step to run cd browser && npm run build to verify webpack compilation
• [ ] Consider adding JavaScript linting (ESLint) or formatting (Prettier) checks using .prettierrc
• [ ] Test on pull_request trigger for browser/** and package.json changes

Add missing unit tests for go/avatars package functions

The go/avatars directory contains multiple implementations (fullcaching.go, simple.go, srv.go) with only fullcaching_test.go present. The other critical modules (placeholders.go, fileurlize_*.go) lack tests. Since avatars are user-facing and platform-specific (Windows/Unix), testing platform-specific logic is essential to prevent regressions.

• [ ] Create go/avatars/simple_test.go with tests for simple avatar caching logic
• [ ] Create go/avatars/srv_test.go with mock HTTP server tests for avatar fetching
• [ ] Create go/avatars/fileurlize_test.go with platform-specific path handling tests for Windows and Unix variants
• [ ] Add tests for placeholders.go placeholder generation logic
• [ ] Verify test coverage with go test -cover ./go/avatars/ targeting >80%

• Add missing test coverage for the browser extension's background script (browser/js/background.js)—currently has no visible test files in browser/; contributors could write Jest tests for content injection and message passing logic.
• Document the exact platform-specific build environment requirements in a centralized DEVELOPMENT.md file, collecting scattered setup instructions from go/README.md, shared/desktop/, and mobile READMEs into one place to reduce onboarding friction.
• Improve the .editorconfig file by adding specific rules for Go, JavaScript, and Kotlin to enforce consistent indentation/formatting across the monorepo; currently it's bare-bones and relies on pre-commit hooks to catch violations.

Failed to generate security analysis.

LLM-derived; treat as a starting point, not a security audit.

• Open issues — current backlog
• Recent PRs — what's actively shipping
• Source on GitHub

Generated by RepoPilot. Verdict based on maintenance signals — see the live page for receipts. Re-run on a new commit to refresh.