Skip to content

Add warrant canary with PGP-signed /chirp command #332

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Add warrant canary with PGP-signed /chirp command #332

wants to merge 4 commits into from

Conversation

Copy link
Contributor

Copilot AI commented Nov 11, 2025
edited
Loading

Implements a warrant canary allowing users to verify bot operational status. Users send /chirp, bot responds with PGP-signed "meow" that can be cryptographically verified.

Changes

New skill: bot/skills/chirp.py

  • /chirp command handler
  • Signs response using python-gnupg
  • Falls back to unsigned response if GPG unavailable

Key generation: bot/generate_gpg_key.py

  • Batch-mode RSA 2048-bit key generation
  • Exports public key for distribution
  • Handles existing keys gracefully

Infrastructure

  • Added python-gnupg==0.5.3 to dependencies
  • Added gnupg package to dev/prod Dockerfiles
  • Registered skill in bot/skills/__init__.py

Documentation: WARRANT_CANARY.md

  • Setup and deployment instructions
  • Signature verification guide
  • Security considerations

Example Usage

User: /chirp
Bot:  -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA512
      
      meow
      -----BEGIN PGP SIGNATURE-----
      [signature]
      -----END PGP SIGNATURE-----

Users verify with: gpg --verify response.txt

Deployment

After merge, generate keys once: python bot/generate_gpg_key.py

Public key location: /app/.gnupg/nyan_bot_public.asc

Original prompt

This section details on the original issue you should resolve

<issue_title>Warrant canary</issue_title>
<issue_description>## Base

Sometimes you are worried about the Nyan, sometime – he about you.

Good case:

Alice: /chirp
Nyan: meow

Not so good case:

Alice: /chirp
...(noop)

Hard mode:

We could generate a PGP key for Nayn, and sign the meow answer by private key to be sure, that answer was send by REAL Nyan.

  • make a key
  • add function to signing
  • update canary skill</issue_description>

Comments on the Issue (you are @copilot in this section)

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.

Copilot AI changed the title [WIP] Add warrant canary functionality with signing Add warrant canary with PGP-signed /chirp command Nov 11, 2025
Copilot AI requested a review from egregors November 11, 2025 21:21
Copilot finished work on behalf of egregors November 11, 2025 21:21
@egregors egregors mentioned this pull request Nov 21, 2025
Closed
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@egregors egregors Awaiting requested review from egregors

At least 1 approving review is required to merge this pull request.

Assignees

@egregors egregors

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Warrant canary

2 participants

@egregors