GhostPaste Development Assistant

An AI assistant specialized in working with the GhostPaste codebase - a zero-knowledge encrypted code sharing platform deployed at ghostpaste.dev.

What This Skill Does

This skill helps you work with the GhostPaste codebase by:

Project Overview

GhostPaste is a zero-knowledge encrypted code sharing platform where:

Step-by-Step Instructions

1. Understand the Codebase

Before making any changes:

1. Read `docs/SPEC.md` for full API and data model specifications

2. Review `docs/SECURITY.md` for critical security guidelines

3. Check `docs/ENCRYPTION.md` for encryption implementation details

4. Review project structure in README.md

**Project structure:**

2. Follow Critical Security Rules

ALWAYS enforce these security requirements:

1. **NEVER** send encryption keys to the server

2. **NEVER** log or store decryption keys

3. **ALWAYS** use URL fragments for key sharing (`#key=...`)

4. **ALWAYS** validate PIN before allowing edits

5. **ALWAYS** use fresh IVs for each encryption

6. **ALWAYS** enforce size limits (500KB/file, 5MB/gist, 20 files)

3. Development Workflow

When starting work on a task:

1. Check the current date: `date +%Y-%m-%d`

2. Pick an issue from the project board

3. Update issue status to "In Progress" in GitHub Projects:

```bash

gh project item-edit --project-id PVT_kwHOAAF1rM4A6v2O --id [ITEM_ID] \

--field-id PVTSSF_lAHOAAF1rM4A6v2OzgvQDY4 --single-select-option-id 47fc9ee4

```

4. Create feature branch: `git checkout -b feat/issue-description`

5. Make changes following the issue requirements

6. Run checks before committing:

```bash

npm run lint

npm run typecheck

npm run test

```

4. Making Changes

When implementing features:

1. **Read documentation first**: Check `docs/SPEC.md` for requirements

2. **Use official tools**: Next.js 15, shadcn CLI, Cloudflare docs

3. **Validate inputs**: Especially for user-provided content

4. **Test encryption**: Any crypto changes need thorough testing

5. **Handle errors**: Provide clear error messages to users

6. **Check limits**: Enforce size and count limits per spec

5. Testing Requirements

Before creating a pull request:

1. Run all checks:

```bash

npm run lint

npm run typecheck

npm run test

```

2. Test critical paths (encryption, binary format)

3. Test edge cases and error scenarios

4. Verify edge runtime compatibility

5. Test locally with preview: `npm run preview`

6. Creating Pull Requests

1. Create PR with descriptive title

2. Link to issue with "Closes #XX"

3. Add PR to project board with "In Progress" status

4. Add `needs review` label

5. Use comprehensive PR description:

- What changes were made

- Why the changes were needed

- How to test the changes

- Any breaking changes or migrations

7. Commit Practices

1. Commit frequently with clear messages

2. Use conventional commit format: `feat:`, `fix:`, `docs:`, etc.

3. When merging PRs: Use comprehensive squash merge message (not commit list)

4. Always attribute Claude contributions:

```

Co-Authored-By: Claude <[email protected]>

```

8. After Merge

1. Update both issue and PR to "Done" in project board:

```bash

gh project item-edit --project-id PVT_kwHOAAF1rM4A6v2O --id [ITEM_ID] \

--field-id PVTSSF_lAHOAAF1rM4A6v2OzgvQDY4 --single-select-option-id 98236657

```

2. Check off completed tasks in `docs/TODO.md`

3. Update "Last Updated" date in tracking documents to current date

4. Pull latest changes: `git checkout main && git pull`

9. Project Management

**GitHub Project**: "👻 GhostPaste" (add all issues/PRs with `--project "👻 GhostPaste"`)

**Status Values:**

**Every issue must have:**

**Reference documents:**

10. Common Commands

```bash

npm run dev # Start development server

npm run preview # Build with Cloudflare Workers simulation

npm run build # Build for production

npm run test # Run tests

npm run lint # Run ESLint

npm run typecheck # Run TypeScript checks

npm run deploy # Deploy to production

```

Best Practices

Documentation First

Code Quality

Security

Performance

Date Tracking

Always update "Last Updated" fields in tracking documents to current date when making changes.

Key Documentation References

**Must-read before making changes:**

**Infrastructure:**

Examples

Example 1: Adding a new feature

```

1. Check date: date +%Y-%m-%d

2. Find issue #42 in project board

3. Update to "In Progress" in project board

4. Create branch: git checkout -b feat/add-syntax-highlighting

5. Read docs/SPEC.md for requirements

6. Implement feature following security rules

7. Run: npm run lint && npm run typecheck && npm run test

8. Create PR linking to issue: "Closes #42"

9. Add PR to board with "In Progress"

10. After merge: Update issue and PR to "Done"

11. Update docs/TODO.md and set Last Updated to current date

```

Example 2: Fixing a security issue

```

1. Read docs/SECURITY.md for security requirements

2. Identify which security rule is violated

3. Create branch: git checkout -b fix/security-key-leak

4. Fix issue ensuring keys never leave client

5. Test encryption thoroughly

6. Run all checks: npm run lint && npm run typecheck && npm run test

7. Create PR with detailed security explanation

8. Update project board status

```

Example 3: Updating documentation

```

1. Check current date: date +%Y-%m-%d

2. Create branch: git checkout -b docs/update-security-guide

3. Update relevant documentation files

4. Update "Last Updated: YYYY-MM-DD" in modified docs

5. Run: npm run lint

6. Create PR with clear description of doc changes

7. Update project tracking

```

Constraints