mleku/plebeian-signer
1
0
Fork 0
Code Issues 2 Pull Requests Actions Packages Projects Releases Wiki Activity

Add extension store publishing documentation

Browse Source 
- Store description for Chrome Web Store and Firefox Add-ons
- Privacy policy (no data collection, local-only storage)
- Comprehensive publishing guide with checklists

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
woikos
2025-12-20 17:17:36 +01:00
parent b7bedf085a
commit b55a3f01b6
3 changed files with 493 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

112
docs/store/PRIVACY_POLICY.md Normal file
View File

@@ -0,0 +1,112 @@
# Plebeian Signer Privacy Policy
**Last Updated:** December 20, 2025
## Overview
Plebeian Signer is a browser extension for managing Nostr identities and signing cryptographic events. This privacy policy explains how we handle your data.
## Data Collection
**We do not collect any personal data.**
Plebeian Signer operates entirely locally within your browser. We do not:
- Collect analytics or telemetry
- Track your usage or behavior
- Send your data to any external servers
- Use cookies or tracking technologies
- Share any information with third parties
## Data Storage
All data is stored locally in your browser using the browser's built-in storage APIs:
### What We Store Locally
1. **Encrypted Vault Data**
- Your Nostr private keys (encrypted with Argon2id + AES-256-GCM)
- Identity nicknames and metadata
- Relay configurations
- Site permissions
2. **Session Data**
- Temporary decryption keys (cleared when browser closes or vault locks)
- Cached profile metadata
3. **Extension Settings**
- Sync preferences
- Reckless mode settings
- Whitelisted hosts
### Encryption
Your private keys are never stored in plaintext. The vault uses:
- **Argon2id** for password-based key derivation (256MB memory, 4 threads, 8 iterations)
- **AES-256-GCM** for authenticated encryption
- **Random salt and IV** generated for each vault
## Network Communications
Plebeian Signer makes the following network requests:
1. **Nostr Relay Connections**
- To fetch your profile metadata (kind 0 events)
- To fetch relay lists (kind 10002 events)
- Only connects to relays you have configured
2. **NIP-05 Verification**
- Fetches `.well-known/nostr.json` from domains in NIP-05 identifiers
- Used only to verify identity claims
**We do not operate any servers.** All relay connections are made directly to the Nostr network.
## Permissions Explained
The extension requests these browser permissions:
- **`storage`**: To save your encrypted vault and settings
- **`activeTab`**: To inject the NIP-07 interface into web pages
- **`scripting`**: To enable communication between pages and the extension
## Data Sharing
We do not share any data with third parties. The extension:
- Has no backend servers
- Does not use analytics services
- Does not include advertising
- Does not sell or monetize your data in any way
## Your Control
You have full control over your data:
- **Export**: You can export your encrypted vault at any time
- **Delete**: Use the "Reset Extension" feature to delete all local data
- **Lock**: Lock your vault to clear session data immediately
## Open Source
Plebeian Signer is open source software. You can audit the code yourself:
- Repository: https://git.mleku.dev/mleku/plebeian-signer
## Children's Privacy
This extension is not intended for children under 13 years of age. We do not knowingly collect any information from children.
## Changes to This Policy
If we make changes to this privacy policy, we will update the "Last Updated" date at the top of this document. Significant changes will be noted in the extension's release notes.
## Contact
For privacy-related questions or concerns, please open an issue on our repository:
https://git.mleku.dev/mleku/plebeian-signer/issues
---
## Summary
- All data stays in your browser
- Private keys are encrypted with strong cryptography
- No analytics, tracking, or data collection
- No external servers (except Nostr relays you configure)
- Fully open source and auditable

293
docs/store/PUBLISHING_GUIDE.md Normal file
View File

@@ -0,0 +1,293 @@
# Extension Store Publishing Guide
This guide walks you through publishing Plebeian Signer to the Chrome Web Store and Firefox Add-ons.
---
## Table of Contents
1. [Assets You Need to Create](#assets-you-need-to-create)
2. [Chrome Web Store](#chrome-web-store)
3. [Firefox Add-ons](#firefox-add-ons)
4. [Ongoing Maintenance](#ongoing-maintenance)
---
## Assets You Need to Create
Before submitting to either store, prepare these assets:
### Screenshots (Required for both stores)
Create 3-5 screenshots showing the extension in action:
1. **Main popup view** - Show the identity card with profile info
2. **Permission prompt** - Show a signing request popup
3. **Identity management** - Show the identity list/switching
4. **Permissions page** - Show the permissions management
5. **Settings page** - Show vault settings and options
**Specifications:**
- Chrome: 1280x800 or 640x400 pixels (PNG or JPEG)
- Firefox: 1280x800 recommended (PNG or JPEG)
**Tips:**
- Use a clean browser profile
- Show realistic data (not "test" or placeholder text)
- Capture the full popup or relevant UI area
- Consider adding captions/annotations
### Promotional Images (Chrome only)
Chrome Web Store uses promotional tiles:
| Size | Name | Required |
|------|------|----------|
| 440x280 | Small promo tile | Optional but recommended |
| 920x680 | Large promo tile | Optional |
| 1400x560 | Marquee promo tile | Optional |
**Design tips:**
- Include the extension icon/logo
- Add a tagline like "Secure Nostr Identity Manager"
- Use brand colors
- Keep text minimal and readable
### Icon (Already exists)
You already have icons in the extension:
- `icon-48.png` - 48x48
- `icon-128.png` - 128x128
Chrome also wants a 128x128 icon for the store listing (can use the same one).
### Privacy Policy URL
You need to host the privacy policy at a public URL. Options:
1. **GitHub/Gitea Pages** - Host `PRIVACY_POLICY.md` as a webpage
2. **Simple webpage** - Create a basic HTML page
3. **Gist** - Create a public GitHub gist
Example URL format: `https://git.mleku.dev/mleku/plebeian-signer/src/branch/main/docs/store/PRIVACY_POLICY.md`
---
## Chrome Web Store
### Step 1: Create Developer Account
1. Go to https://chrome.google.com/webstore/devconsole
2. Sign in with a Google account
3. Pay the one-time $5 USD registration fee
4. Accept the developer agreement
### Step 2: Create New Item
1. Click **"New Item"** button
2. Upload `releases/plebeian-signer-chrome-v1.0.5.zip`
3. Wait for the upload to process
### Step 3: Fill Store Listing
**Product Details:**
- **Name:** Plebeian Signer
- **Summary:** Copy from `STORE_DESCRIPTION.md` (short description, 132 chars max)
- **Description:** Copy from `STORE_DESCRIPTION.md` (full description)
- **Category:** Productivity
- **Language:** English
**Graphic Assets:**
- Upload your screenshots (at least 1 required, up to 5)
- Upload promotional tiles if you have them
**Additional Fields:**
- **Official URL:** `https://git.mleku.dev/mleku/plebeian-signer`
- **Support URL:** `https://git.mleku.dev/mleku/plebeian-signer/issues`
### Step 4: Privacy Tab
- **Single Purpose:** "Manage Nostr identities and sign cryptographic events for web applications"
- **Permission Justifications:**
- `storage`: "Store encrypted vault containing user's Nostr identities and extension settings"
- `activeTab`: "Inject NIP-07 interface into the active tab when user visits Nostr applications"
- `scripting`: "Enable communication between web pages and the extension for signing requests"
- **Data Usage:** Check "I do not sell or transfer user data to third parties"
- **Privacy Policy URL:** Your hosted privacy policy URL
### Step 5: Distribution
- **Visibility:** Public
- **Distribution:** All regions (or select specific ones)
### Step 6: Submit for Review
1. Review all sections show green checkmarks
2. Click **"Submit for Review"**
3. Wait 1-3 business days (can take longer for first submission)
### Chrome Review Notes
Google may ask about:
- Why you need each permission
- How you handle user data
- Your identity/organization
Be prepared to respond to reviewer questions via the dashboard.
---
## Firefox Add-ons
### Step 1: Create Developer Account
1. Go to https://addons.mozilla.org/developers/
2. Sign in with a Firefox account (create one if needed)
3. No fee required
### Step 2: Submit New Add-on
1. Click **"Submit a New Add-on"**
2. Select **"On this site"** for hosting
3. Upload `releases/plebeian-signer-firefox-v1.0.5.zip`
4. Wait for automated validation
### Step 3: Source Code Submission
Firefox may request source code because the extension uses bundled/minified JavaScript.
**If prompted:**
1. Create a source code zip (exclude `node_modules`):
```bash
cd /home/mleku/src/git.mleku.dev/mleku/plebeian-signer
zip -r plebeian-signer-source.zip . -x "node_modules/*" -x "dist/*" -x ".git/*"
```
2. Upload this zip when asked
3. Include build instructions (point to CLAUDE.md or add a note):
```
Build Instructions:
1. npm ci
2. npm run build:firefox
3. Output is in dist/firefox/
```
### Step 4: Fill Listing Details
**Basic Information:**
- **Name:** Plebeian Signer
- **Add-on URL:** `plebeian-signer` (creates addons.mozilla.org/addon/plebeian-signer)
- **Summary:** Copy short description from `STORE_DESCRIPTION.md`
- **Description:** Copy full description (supports some HTML/Markdown)
- **Categories:** Privacy & Security
**Additional Details:**
- **Homepage:** `https://git.mleku.dev/mleku/plebeian-signer`
- **Support URL:** `https://git.mleku.dev/mleku/plebeian-signer/issues`
- **License:** Select appropriate license
- **Privacy Policy:** Paste URL to hosted privacy policy
**Media:**
- **Icon:** Already in the extension manifest
- **Screenshots:** Upload your screenshots
### Step 5: Submit for Review
1. Ensure all required fields are complete
2. Click **"Submit Version"**
3. Wait for review (usually hours to a few days)
### Firefox Review Notes
Firefox reviewers are generally faster but thorough. They may:
- Ask for source code (see Step 3)
- Question specific code patterns
- Request changes for policy compliance
---
## Ongoing Maintenance
### Updating the Extension
**For new releases:**
1. Build new version: `/release patch` (or `minor`/`major`)
2. Upload the new zip to each store
3. Add release notes describing changes
4. Submit for review
**Chrome:**
- Go to Developer Dashboard → Your extension → Package → Upload new package
**Firefox:**
- Go to Developer Hub → Your extension → Upload a New Version
### Responding to Reviews
Both stores may contact you with:
- Policy violation notices
- User reports
- Review questions
Monitor your developer email and respond promptly.
### Version Numbering
Both stores extract the version from `manifest.json`. Your current setup with `v1.0.5` in `package.json` feeds into the manifests correctly.
---
## Checklist
### Before First Submission
- [ ] Create 3-5 screenshots
- [ ] Create promotional images (Chrome, optional but recommended)
- [ ] Host privacy policy at a public URL
- [ ] Test the extension zip by loading it unpacked
- [ ] Prepare source code zip for Firefox
### Chrome Web Store
- [ ] Register developer account ($5)
- [ ] Upload extension zip
- [ ] Fill all required listing fields
- [ ] Add screenshots
- [ ] Add privacy policy URL
- [ ] Justify all permissions
- [ ] Submit for review
### Firefox Add-ons
- [ ] Register developer account (free)
- [ ] Upload extension zip
- [ ] Upload source code if requested
- [ ] Fill all required listing fields
- [ ] Add screenshots
- [ ] Add privacy policy URL
- [ ] Submit for review
---
## Helpful Links
- Chrome Developer Dashboard: https://chrome.google.com/webstore/devconsole
- Chrome Publishing Docs: https://developer.chrome.com/docs/webstore/publish/
- Firefox Developer Hub: https://addons.mozilla.org/developers/
- Firefox Extension Workshop: https://extensionworkshop.com/documentation/publish/
---
## Estimated Timeline
| Task | Time |
|------|------|
| Create screenshots | 30 min - 1 hour |
| Create promotional images | 1-2 hours (optional) |
| Host privacy policy | 15 min |
| Chrome submission | 30 min |
| Chrome review | 1-3 business days |
| Firefox submission | 30 min |
| Firefox review | Hours to 2 days |
**Total:** You can have both submissions done in an afternoon, with approvals coming within a week.

88
docs/store/STORE_DESCRIPTION.md Normal file
View File

@@ -0,0 +1,88 @@
# Plebeian Signer - Store Description
Use this content for Chrome Web Store and Firefox Add-ons listings.
---
## Short Description (132 characters max for Chrome)
Secure Nostr identity manager. Sign events without exposing private keys. Multi-identity support with NIP-07 compatibility.
---
## Full Description
**Plebeian Signer** is a secure browser extension for managing your Nostr identities and signing events without exposing your private keys to web applications.
### Key Features
**Multi-Identity Management**
- Create and manage multiple Nostr identities from a single extension
- Easily switch between identities with one click
- Import existing keys or generate new ones
**Bank-Grade Security**
- Private keys never leave the extension
- Vault encrypted with Argon2id + AES-256-GCM (the same algorithms used by password managers)
- Automatic vault locking for protection
**NIP-07 Compatible**
- Works with all Nostr web applications that support NIP-07
- Supports NIP-04 and NIP-44 encryption/decryption
- Relay configuration per identity
**Permission Control**
- Fine-grained permission management per application
- Approve or deny signing requests on a per-site basis
- Optional "Reckless Mode" for trusted applications
- Whitelist trusted hosts for automatic approval
**User-Friendly Interface**
- Clean, intuitive design
- Profile metadata display with avatar and banner
- NIP-05 verification support
- Bookmark your favorite Nostr apps
### How It Works
1. Create a password-protected vault
2. Add your Nostr identities (import existing or generate new)
3. Visit any NIP-07 compatible Nostr application
4. Approve signing requests through the extension popup
### Privacy First
Plebeian Signer is open source and respects your privacy:
- No telemetry or analytics
- No external servers (except for profile metadata from Nostr relays)
- All cryptographic operations happen locally in your browser
- Your private keys are encrypted and never transmitted
### Supported NIPs
- NIP-07: Browser Extension for Nostr
- NIP-04: Encrypted Direct Messages
- NIP-44: Versioned Encryption
### Links
- Source Code: https://git.mleku.dev/mleku/plebeian-signer
- Report Issues: https://git.mleku.dev/mleku/plebeian-signer/issues
---
## Category Suggestions
**Chrome Web Store:**
- Primary: Productivity
- Secondary: Developer Tools
**Firefox Add-ons:**
- Primary: Privacy & Security
- Secondary: Other
---
## Tags/Keywords
nostr, nip-07, signing, identity, privacy, encryption, decentralized, keys, wallet, security