docs: weekly update — 2026-07-11#117
Draft
dobby-coder[bot] wants to merge 6 commits into
Draft
Conversation
…ncryption4all/postguard#219, #226, #230) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
…ption4all/cryptify#175, #183) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Weekly documentation drift update. Covers user-facing changes merged across encryption4all repos in the past week.
postguard
pg-pkgCORS is now required (breaking).--allowed-origins/PKG_ALLOWED_ORIGINSno longer defaults to*; the server refuses to start without an explicit allowlist. Updated the environment-variable table on the postguard page. From encryption4all/postguard#219.pg-pkgper-IP rate limiting. Documented the newPKG_RATELIMIT_*variables (general and sensitive tiers, disable flag, and theX-Forwarded-Fortrust flag for running behind a reverse proxy) and added a "Rate limiting" section describing the429 Too Many Requestsbehaviour. From encryption4all/postguard#226 and encryption4all/postguard#230.cryptify
GET /email-templateendpoint. Added it to the API endpoint list plus an "Email template retrieval" section with the status-code table. From encryption4all/cryptify#175.GET /usagenow requires a validated API key. Corrected the docs, which said it degrades to a per-email bucket for unauthenticated callers; it now returns401without a validatedAuthorization: Bearer PG-…key (and503if PKG is unreachable). From encryption4all/cryptify#183.Update 2026-07-18
Configurable email attribute type shipped across the stack (issue encryption4all/postguard#236). Every leg defaults to the production
pbdf.sidn-pbdf.email.email, so deployed setups are unaffected; the option exists so test environments can run the real code path against theirma-demoscheme.PKG_EMAIL_ATTRIBUTE/--email-attribute. New PKG environment variable for the email attribute in API-key signing identities. Added to the postguard environment-variable table. From encryption4all/postguard#244.email_attributeconfig key. New TOML key for the finalize sender check. Added to the cryptify configuration table and refreshed theconfig.rssource link. From encryption4all/cryptify#193.emailAttributesSDK option. NewPostGuard({ emailAttributes: { email, domain } })option. Added an "Email attribute types" subsection to the JS encryption reference. From encryption4all/postguard-js#115.Also on the JS SDK:
prepareSign()andencrypt({ signingKeys }). New primitive to start a Yivi signing session ahead of the send tap so iOS can open the Yivi app on a single gesture. Added a "Prepare a signing session ahead of time" section to the JS encryption reference. From encryption4all/postguard-js#103.Verified with
npm run docs:build(green). Draft for maintainer review.