NH:STA S01E02 OpenPGP.js
<p>This post is part of a series on our work for the <a href="https://www.sovereign.tech/" rel="noopener noreferrer">Sovereign Tech Agency</a> (STA). Our first post in the series explains why and how we are contributing to various open source projects. </p> <h2> About the project </h2> <p><a href="https://openpgpjs.org" rel="noopener noreferrer">OpenPGP.js</a> is a pure, Open Source <a href="https://en.wikipedia.org/wiki/Pretty_Good_Privacy#OpenPGP" rel="noopener noreferrer">OpenPGP</a> implementation written in JavaScript. Its main use-case is enabling PGP workflows in web-based email systems, but as JavaScript is available on almost all devices these days, its utility is universal.</p> <h2> Our contributions </h2> <p>We started out by <strong>introducing a fuzz testing suite</strong> to
This post is part of a series on our work for the Sovereign Tech Agency (STA). Our first post in the series explains why and how we are contributing to various open source projects.
About the project
OpenPGP.js is a pure, Open Source OpenPGP implementation written in JavaScript. Its main use-case is enabling PGP workflows in web-based email systems, but as JavaScript is available on almost all devices these days, its utility is universal.
Our contributions
We started out by introducing a fuzz testing suite to the project. Fuzz testing is a form of unit testing, but instead of relying on manually crafted input and comparing it to the desired output, fuzz testing generates a near infinite number of permutations for input data to find rare implementation bugs. For security-related software, this is an important aspect of a complete automated testing suite.
We then focussed on making the project more approachable for new contributors by:
-
improving the documentation for first-time contributors
-
adding a high-level description of the project’s architecture
-
and improving the general contribution guidelines.
Finally, we started work on migrating certain core modules from JavaScript to TypeScript, to make crucial parts of the project more type-safe.
Reflections from the team
Here’s a short interview with Neighbourhoodie developer Alba Herrerías Ramírez, who runs our STF programme and worked on OpenPGP.js:
What was the most surprising thing working on this project?
Alba: I’m not sure if it’s ‘surprising’ but something I found pleasant was their user documentation, it’s great, I would like to see more projects paying this detail to docs.
What was especially challenging about this project?
OpenPGP.js have been planning to release v6 for a long time and our work got stuck in the middle (since they requested us to base our work in the v6 branch). We needed to accommodate the project’s timelines.
Conclusion
In summary, we could play to our strengths here and help a web-based project and we could build upon our work with Sequoia-PGP. There is lots to be done on the OpenPGP.js project and we hope we get another chance at helping them along.
Find out more about the work we do by visiting the Neighbourhoodie Blog.
Sign in to highlight and annotate this article
Conversation starters
Daily AI Digest
Get the top 5 AI stories delivered to your inbox every morning.
More about
releaseavailableopen source
"You Have Not Been a Good User" (LessWrong's second album)
tldr: The Fooming Shoggoths are releasing their second album "You Have Not Been a Good User"! Available on Spotify , Youtube Music and (hopefully within a few days) Apple Music. We are also releasing a remastered version of the first album, available similarly on Spotify and Youtube Music . It took us quite a while but the Fooming Shoggoth's second album is finally complete! We had finished 9 out of the 13 songs on this album around a year ago, but I wasn't quite satisfied with where the whole album was at for me to release it on Spotify and other streaming platforms. This album was written with the (very ambitious) aim of making songs that in addition to being about things I care about (and making fun of things that I care about), are actually decently good on their own, just as songs. An
I Let an AI Agent Run My Freelance Life. It Almost Burned It Down.
<p>For the past few days I kept seeing OpenClaw everywhere. YouTube, Instagram, that one tech Discord I lurk in but never actually talk in. Everyone losing their minds over it.</p> <p><em>"It negotiated $4,200 off a car price." "It runs my entire inbox." "It's the future of computing."</em></p> <p>I had a rough idea what it was, some kind of AI agent. And the intern brain immediately went: if this is basically an automation tool, I can fix my entire chaotic freelance workflow with it.</p> <p>Classic. Give a sleep-deprived software intern a new shiny tool and watch what happens.</p> <p>I'm juggling a software internship by day and freelance client work on the side. My problems aren't glamorous. Client meetings clashing with job interview slots. Cold emails to recruiters I keep meaning to se
7 Patterns That Stop Your AI Agent From Going Rogue in Production
<p>Your AI agent works flawlessly in development. It passes every test, handles your demo scenarios perfectly, and impresses stakeholders in the sprint review. Then you deploy it. Within 48 hours, it burns $400 in API costs processing a recursive loop, emails a customer their neighbor's personal data, and confidently generates a SQL query that drops an index on your production database.</p> <p>This isn't hypothetical. It's a pattern playing out across the industry in 2026. The gap between "demo-ready" and "production-ready" AI agents is wider than most teams realize, and the failure modes are fundamentally different from traditional software. Your REST API doesn't decide to answer a different question than the one it was asked. Your database driver doesn't hallucinate a table name. But you
Knowledge Map
Connected Articles — Knowledge Graph
This article is connected to other articles through shared AI topics and tags.
More in Releases
"You Have Not Been a Good User" (LessWrong's second album)
tldr: The Fooming Shoggoths are releasing their second album "You Have Not Been a Good User"! Available on Spotify , Youtube Music and (hopefully within a few days) Apple Music. We are also releasing a remastered version of the first album, available similarly on Spotify and Youtube Music . It took us quite a while but the Fooming Shoggoth's second album is finally complete! We had finished 9 out of the 13 songs on this album around a year ago, but I wasn't quite satisfied with where the whole album was at for me to release it on Spotify and other streaming platforms. This album was written with the (very ambitious) aim of making songs that in addition to being about things I care about (and making fun of things that I care about), are actually decently good on their own, just as songs. An
VanityH – Elegant Hyperscript DSL for Frontend Render Functions
<p>I built <strong>VanityH</strong> to fix the pain of writing hyperscript in vanilla JS/TS, low‑code engines, and non‑JSX environments.</p> <p>It’s a <strong>tiny, zero‑dependency DSL</strong> built on Proxy & closure that turns messy nested <code>h(tag, props, children)</code> into clean, chainable code like SwiftUI/Flutter.</p> <h2> Why it matters </h2> <ul> <li> <strong>Escape nesting hell</strong>: Clear DOM structure at a glance</li> <li> <strong>Fully immutable</strong>: Copy‑on‑write, no accidental prop pollution</li> <li> <strong>Zero magic</strong>: Explicit, no hidden conversions</li> <li> <strong>Ultra‑light</strong>: ~600 bytes gzipped</li> <li> <strong>Works everywhere</strong>: Vue, React, Preact, Snabbdom, any hyperscript‑compatible renderer</li> </ul> <h2> Example (Vue
A Code Authorship Analysis on the Claude Code Leak. What Was Found Doesn't Match Human or AI Code.
<p>On March 31, 2026, Anthropic shipped a source map in their npm package, exposing 514,000 lines of TypeScript. Thousands of developers analyzed it. They found feature flags, a pet system, undercover mode, and a frustration regex.</p> <p>Nobody analyzed the <strong>authorship pattern</strong> of the code itself.</p> <p>Curia is an evidence-accumulating prediction system built for unrelated research. It turned out to be exactly the right tool to ask a question nobody was asking: does this code look like it was written by humans?</p> <p>The numbers are real. What they mean is up to you.</p> <h2> The Fingerprint </h2> <p>30+ metrics were extracted from every TypeScript file and compared across codebases spanning two eras:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Code
Stop Putting Everything in .env — Runtime Config for Django
<p>Hello all! 👋</p> <p>TL;DR I created a runtime configuration Django app called <a href="https://github.com/krishnamodepalli/django-sysconfig" rel="noopener noreferrer"><code>django-sysconfig</code></a>.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fkrishnamodepalli%2Fdjango-sysconfig%2Freleases%2Fdownload%2Fv0.3.0%2Fdjango-sysconfig.gif" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fgithub.com%2Fkrishnamodepalli%2Fdjango-sysconfig%2Freleases%2Fdownload%2Fv0.3.0%2Fdjango-sysconfig.gif" alt="Django Sysconfig app usage" width="760" height="381"></a></p> <p>Here's the problem that
Discussion
Sign in to join the discussion
No comments yet — be the first to share your thoughts!