feat: Deploy paste service with end-to-end encryption (zero-knowledge)

Add AES-256-GCM client-side encryption to the short URL sharing flow.
Plans are encrypted in the browser before upload — the paste service
stores only ciphertext it cannot read. The decryption key lives only
in the URL fragment (#key=...) and never leaves the browser.

- New packages/shared/crypto.ts with encrypt/decrypt via Web Crypto API
- Encrypt before POST in createShortShareUrl, decrypt on load
- Parse #key= fragment in useSharing.ts for both direct and import URLs
- Deploy Cloudflare Worker with KV namespaces to workers.dev
- Add deploy-paste CI/CD job to deploy.yml
- Fix Cache-Control from public to private, no-store
- Update ExportModal strings with encryption messaging
- Update README, docs, and blog with zero-knowledge encryption details

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: backnotprop

.github/workflows/deploy.yml

@@ -7,6 +7,7 @@ on:
     paths:
       - 'apps/marketing/**'
       - 'apps/portal/**'
+      - 'apps/paste-service/**'
       - 'packages/**'
   workflow_dispatch:
     inputs:
@@ -19,6 +20,7 @@ on:
           - all
           - marketing
           - portal
+          - paste
 
 permissions:
   id-token: write
@@ -30,6 +32,7 @@ jobs:
     outputs:
       marketing: ${{ steps.changes.outputs.marketing }}
       portal: ${{ steps.changes.outputs.portal }}
+      paste: ${{ steps.changes.outputs.paste }}
     steps:
       - uses: actions/checkout@v4
 
@@ -47,12 +50,18 @@ jobs:
             else
               echo "portal=false" >> $GITHUB_OUTPUT
             fi
+            if [[ "${{ inputs.target }}" == "all" || "${{ inputs.target }}" == "paste" ]]; then
+              echo "paste=true" >> $GITHUB_OUTPUT
+            else
+              echo "paste=false" >> $GITHUB_OUTPUT
+            fi
           else
             # For push events, check what changed
             git fetch origin ${{ github.event.before }} --depth=1 2>/dev/null || true
 
             MARKETING_CHANGED=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} 2>/dev/null | grep -E '^(apps/marketing/|packages/)' || true)
             PORTAL_CHANGED=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} 2>/dev/null | grep -E '^(apps/portal/|packages/)' || true)
+            PASTE_CHANGED=$(git diff --name-only ${{ github.event.before }} ${{ github.sha }} 2>/dev/null | grep -E '^apps/paste-service/' || true)
 
             if [[ -n "$MARKETING_CHANGED" ]]; then
               echo "marketing=true" >> $GITHUB_OUTPUT
@@ -65,6 +74,12 @@ jobs:
             else
               echo "portal=false" >> $GITHUB_OUTPUT
             fi
+
+            if [[ -n "$PASTE_CHANGED" ]]; then
+              echo "paste=true" >> $GITHUB_OUTPUT
+            else
+              echo "paste=false" >> $GITHUB_OUTPUT
+            fi
           fi
 
   deploy-marketing:
@@ -132,3 +147,25 @@ jobs:
           aws cloudfront create-invalidation \
             --distribution-id EP0KB9EFUWYXR \
             --paths "/*"
+
+  deploy-paste:
+    needs: detect-changes
+    if: needs.detect-changes.outputs.paste == 'true'
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: oven-sh/setup-bun@v2
+        with:
+          bun-version: latest
+
+      - name: Install dependencies
+        run: bun install
+
+      - name: Deploy to Cloudflare
+        working-directory: apps/paste-service
+        run: npx wrangler deploy
+        env:
+          CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
+          CLOUDFLARE_ACCOUNT_ID: ${{ secrets.CLOUDFLARE_ACCOUNT_ID }}

CLAUDE.md

@@ -79,7 +79,7 @@ claude --plugin-dir ./apps/hook
 | `PLANNOTATOR_PORT` | Fixed port to use. Default: random locally, `19432` for remote sessions. |
 | `PLANNOTATOR_BROWSER` | Custom browser to open plans in. macOS: app name or path. Linux/Windows: executable path. |
 | `PLANNOTATOR_SHARE_URL` | Custom base URL for share links (self-hosted portal). Default: `https://share.plannotator.ai`. |
-| `PLANNOTATOR_PASTE_URL` | Base URL of the paste service API for short URL sharing. Default: `https://paste.plannotator.ai`. |
+| `PLANNOTATOR_PASTE_URL` | Base URL of the paste service API for short URL sharing. Default: `https://plannotator-paste.plannotator.workers.dev`. |
 
 **Legacy:** `SSH_TTY` and `SSH_CONNECTION` are still detected. Prefer `PLANNOTATOR_REMOTE=1` for explicit control.
 

README.md

@@ -39,14 +39,19 @@ Interactive Plan Review for AI Coding Agents. Mark up and refine your plans usin
 
 Plannotator lets you privately share plans, annotations, and feedback with colleagues. For example, a colleague can annotate a shared plan, and you can import their feedback to send directly back to the coding agent.
 
-Plans are shared via compressed URL through a static site: **share.plannotator.ai**
+**Small plans** are encoded entirely in the URL hash — no server involved, nothing stored anywhere. The data never leaves your browser.
 
-- No backend or database; nothing is stored
-- The site's deployment is open source
-- You can self-host your own share site and point Plannotator to it via an environment variable ([see docs](https://plannotator.ai/docs/guides/sharing-and-collaboration/))
+**Large plans** use a short link service with **end-to-end encryption**. Your plan is encrypted with AES-256-GCM in your browser before it's uploaded — the server stores only ciphertext it cannot read. The decryption key lives only in the URL you share and is never sent to the server. Pastes auto-delete after 7 days.
+
+- Zero-knowledge storage — not even the service operator can read stored plans (similar to [PrivateBin](https://privatebin.info/))
+- No accounts, no tracking, no cookies on the share portal
+- Fully open source and self-hostable ([see docs](https://plannotator.ai/docs/guides/sharing-and-collaboration/))
+
+> [!NOTE]
+> [share.plannotator.ai](https://share.plannotator.ai) uses a default fallback (demo) plan that is hard-coded into the site. This isn't a leaked plan — the site has no storage layer.
 
 > [!NOTE]
-> [share.plannotator.ai](https://share.plannotator.ai) uses a default fallback (demo) plan that is hard-coded into the site. This isn't a leaked plan—the site has no storage layer.
+> Short links are end-to-end encrypted. A single-use AES-256-GCM key is generated in your browser via the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey), used to encrypt the plan, and embedded in the URL fragment (`#key=...`). The key never leaves the browser — it is never sent to the paste service or any server. Only someone with the exact URL can decrypt the plan.
 
 ## Install
 

apps/marketing/src/content/blog/sharing-plans-with-your-team.md

@@ -108,7 +108,8 @@ The hash fragment of a URL is never sent to a server in HTTP requests — that's
 This means:
 
 - **No accounts.** No sign-ups, no OAuth, no tokens.
-- **No storage.** Nothing is persisted anywhere. Close the tab and the data exists only in the URL you copied.
+- **No storage (small plans).** Nothing is persisted anywhere. Close the tab and the data exists only in the URL you copied.
+- **End-to-end encrypted (large plans).** When a plan is too large for a URL, short links encrypt your plan with AES-256-GCM in your browser before uploading. The paste service stores only ciphertext it cannot read — the decryption key lives only in the URL you share. Pastes auto-delete after 7 days.
 - **No tracking.** The share portal has no analytics, no cookies, no telemetry.
 - **Self-hostable.** If even a static page hosted by someone else isn't acceptable, you can [self-host the portal](/docs/guides/self-hosting/) and point Plannotator at it with `PLANNOTATOR_SHARE_URL`.
 

apps/marketing/src/content/docs/guides/self-hosting.md

@@ -20,11 +20,11 @@ Plannotator has three components. Only the hook is required.
 
 Small plans are encoded entirely in the URL hash — the share portal reads the hash and renders the plan. No backend involved. The data remains private — it never leaves the URL.
 
-Large plans don't fit in a URL. **When a user explicitly confirms** short link creation, the compressed plan is sent to the paste service, which stores it and returns a short ID. A compressed plan goes in, a link to retrieve it comes out. The share URL becomes `share.plannotator.ai/p/aBcDeFgH` (or `your-portal.example.com/p/aBcDeFgH` if self-hosting). When someone opens that link, the portal fetches the compressed data from the paste service, decompresses it, and renders the plan.
+Large plans don't fit in a URL. **When a user explicitly confirms** short link creation, the plan is **encrypted in the browser** (AES-256-GCM) before being sent to the paste service, which stores only the ciphertext and returns a short ID. The decryption key is embedded in the URL fragment (`#key=...`) and never sent to the server — not even the paste service operator can read stored plans. When someone opens that link, the portal fetches the ciphertext, decrypts it client-side using the key from the URL, and renders the plan.
 
 **Without paste service:** Sharing still works for plans that fit in a URL. Those plans stay completely private — the data lives only in the URL hash and never touches a server. Large plans show a warning that the URL may be truncated by messaging apps.
 
-**With paste service:** Large plans get short, reliable URLs that work everywhere. Plannotator temporarily stores the compressed plan data — it auto-deletes after the configured TTL.
+**With paste service:** Large plans get short, reliable URLs that work everywhere. Data is end-to-end encrypted and auto-deletes after the configured TTL.
 
 ## 1. Install the Hook
 

apps/marketing/src/content/docs/guides/sharing-and-collaboration.md

@@ -70,10 +70,12 @@ When a plan is too large for a URL (~2KB+ compressed), messaging apps like Slack
 5. A short URL like `share.plannotator.ai/p/aBcDeFgH` is generated
 6. Both the short URL and the full hash URL are shown — the short URL is safe for messaging apps
 
-### Privacy
+### Privacy & encryption
 
+- Plans are **end-to-end encrypted** (AES-256-GCM) in your browser before upload — the paste service stores only ciphertext it cannot read
+- A single-use encryption key is generated in your browser via the [Web Crypto API](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/generateKey). The key **never leaves the browser** — it is never sent to the paste service or any server. It exists only in the URL fragment (`#key=...`), which browsers never include in HTTP requests per the HTTP specification. Not even the service operator can decrypt stored plans.
 - Plans are only uploaded when you explicitly click "Create short link" — no data leaves your machine until you confirm
-- Pastes auto-expire and are permanently deleted (hosted: a few days, self-hosted: configurable via `PASTE_TTL_DAYS`)
+- Pastes auto-expire and are permanently deleted (hosted: 7 days, self-hosted: configurable via `PASTE_TTL_DAYS`)
 - The paste service is fully open source — you can audit exactly what it does
 - Self-hosters can run their own paste service for complete control — see the [self-hosting guide](/docs/guides/self-hosting/)
 - If the paste service is unavailable, the full hash URL is always available as fallback
@@ -88,3 +90,4 @@ By default, share URLs point to `https://share.plannotator.ai`. You can self-hos
 - The share portal is a static page — it only reads the hash and renders client-side
 - No analytics, no tracking, no cookies on the share portal
 - Short URLs are opt-in — data is only uploaded when you explicitly click "Create short link" (see [Short URLs for large plans](#short-urls-for-large-plans) for details)
+- Short URLs use end-to-end encryption (AES-256-GCM) — the decryption key is embedded in the URL fragment and never sent to the server. The paste service stores only opaque ciphertext, similar to [PrivateBin](https://privatebin.info/)

apps/marketing/src/content/docs/reference/api-endpoints.md

@@ -138,7 +138,7 @@ Body:
 
 Stores compressed plan data for short URL sharing. Runs as a separate service from the plan/review/annotate servers.
 
-Default: `https://paste.plannotator.ai` (or self-hosted)
+Default: `https://plannotator-paste.plannotator.workers.dev` (or self-hosted)
 
 | Endpoint | Method | Purpose |
 |----------|--------|---------|

apps/marketing/src/content/docs/reference/environment-variables.md

@@ -23,7 +23,7 @@ All Plannotator environment variables and their defaults.
 
 | Variable | Default | Description |
 |----------|---------|-------------|
-| `PLANNOTATOR_PASTE_URL` | `https://paste.plannotator.ai` | Base URL of the paste service API. Set this when self-hosting the paste service. |
+| `PLANNOTATOR_PASTE_URL` | `https://plannotator-paste.plannotator.workers.dev` | Base URL of the paste service API. Set this when self-hosting the paste service. |
 
 ### Self-hosted paste service
 

apps/paste-service/core/handler.ts

@@ -131,7 +131,7 @@ export async function handleRequest(
       {
         headers: {
           ...cors,
-          "Cache-Control": "public, max-age=3600",
+          "Cache-Control": "private, no-store",
         },
       }
     );

apps/paste-service/wrangler.toml

@@ -5,8 +5,8 @@ compatibility_date = "2024-12-01"
 [[kv_namespaces]]
 binding = "PASTE_KV"
 # Run `wrangler kv:namespace create PASTE_KV` to get your IDs and fill them in.
-id = "REPLACE_WITH_KV_NAMESPACE_ID"
-preview_id = "REPLACE_WITH_PREVIEW_KV_NAMESPACE_ID"
+id = "9bc2647f6f5244499c26c90d87a743a0"
+preview_id = "6efae5ac33c4443ba8f0a0b83a2eb111"
 
 [vars]
 ALLOWED_ORIGINS = "https://share.plannotator.ai,http://localhost:3001"