feat: add decryption key to identity creation

[thepastaclaw]

Summary

Create identities with a default DECRYPTION key alongside the existing
ENCRYPTION key.

This also tightens the create/manage UI state handling so ENCRYPTION and
DECRYPTION keys cannot retain invalid security levels when edited.

Changes

• add a default DECRYPTION key to both default identity key-generation paths
• extend KeyPurpose typing and UI purpose options to include DECRYPTION
• constrain ENCRYPTION/DECRYPTION to MEDIUM security level in create/manage
  state transitions
• add tests covering default key layout, registration wiring, and
  security-level coercion

Validation

• npx vitest run
  • 3 test files passed
  • 18 tests passed
• npm run build
  • passed
• code-review PastaPastaPasta/dash-bridge origin/main \ tracker-946-auto-decryption-key ...
  • final verdict: ship

Summary by CodeRabbit

• New Features

  • Added DECRYPTION key purpose option to identity key management
  • Identity key generation now creates six default keys, including separate encryption and decryption keys

• Updates

  • DECRYPTION key purpose now available in key configuration UI
  • ENCRYPTION and DECRYPTION keys automatically restricted to MEDIUM security level

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 4867fce1-f817-4ce9-b028-20d3a5b096cc

📥 Commits

Reviewing files that changed from the base of the PR and between 04905eb and d651256.

📒 Files selected for processing (6)

• src/crypto/keys.test.ts
• src/crypto/keys.ts
• src/types.ts
• src/ui/components.ts
• src/ui/state.test.ts
• src/ui/state.ts

✅ Files skipped from review due to trivial changes (1)

• src/ui/state.ts

🚧 Files skipped from review as they are similar to previous changes (5)

• src/crypto/keys.ts
• src/types.ts
• src/ui/components.ts
• src/crypto/keys.test.ts
• src/ui/state.test.ts

---

📝 Walkthrough

Walkthrough

This PR adds support for a new DECRYPTION key purpose throughout the cryptographic key management system. Changes include extending default identity key generation from 5 to 6 keys, updating the KeyPurpose type to include 'DECRYPTION', modifying UI components to expose the new purpose, and constraining security levels to MEDIUM for encryption and decryption keys.

Changes

Cohort / File(s)	Summary
Type System src/types.ts	Extended KeyPurpose union type to include 'DECRYPTION' as a new valid purpose option.
Key Generation src/crypto/keys.ts, src/crypto/keys.test.ts	Updated key generation functions to produce 6 default identity keys instead of 5, adding a new decryption key with id=5. Added comprehensive test coverage validating both HD and non-HD key generation paths with the new 6-key layout.
UI Components & State Management src/ui/components.ts, src/ui/state.ts, src/ui/state.test.ts	Updated UI to include DECRYPTION in purpose dropdown options and restricted security levels to ['MEDIUM'] for both ENCRYPTION and DECRYPTION purposes. Extended state management functions to enforce medium security level constraints for these key purposes. Added tests validating state coercion behavior for keys with encryption/decryption purposes.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• Add ENCRYPTION to supported key purposes #5: Modifies supported key purposes in src/ui/components.ts similarly, suggesting parallel work on key purpose handling across projects.

Poem

🐰 A decryption key, so fine and true,
Six keys now dance where five once grew!
MEDIUM levels, secure and sound,
Cryptographic joy we've found! ✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'feat: add decryption key to identity creation' accurately and concisely summarizes the main change: adding a new DECRYPTION key to the identity key generation process.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[thepastaclaw]

@coderabbitai review

[coderabbitai]

✅ Actions performed

Review triggered.

Note: CodeRabbit is an incremental review system and does not re-review already reviewed commits. This command is applicable only when automatic reviews are paused.