Update README with noxkey.ai links and feature list

[JasperNoBoxDev]

Summary

• Add noxkey.ai as the primary link (SEO backlink from GitHub)
• Add quick start section with CLI examples
• Add key features list
• Link to docs, AI agents, and compare pages

Why

Part of NoxKey SEO strategy — GitHub README backlinks are valuable for search ranking.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Documentation
  • Enhanced README with clearer overview of NoxKey's capabilities and authentication features.
  • Added Quick Start section with example commands for storing and retrieving secrets.
  • Added Key Features list highlighting authentication, AI-agent safe sharing, process-tree detection, and local-only operation.
  • Expanded Links section with additional resources.

[gemini-code-assist]

Summary of Changes

Hello, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request significantly enhances the README.md file to improve user onboarding and search engine optimization for NoxKey. It updates the primary product link, introduces practical quick-start examples for CLI usage, and details key features, making the project's value proposition clearer. Additionally, it provides a more comprehensive set of links to relevant documentation and comparison pages on the noxkey.ai website.

Highlights

• Primary Link Update: The main link for NoxKey in the README has been updated to noxkey.ai, serving as a crucial SEO backlink.
• Quick Start Guide: A new "Quick start" section was added, providing clear CLI examples for storing, retrieving, and using secrets with AI agents.
• Key Features List: A detailed list of NoxKey's key features, including Touch ID authentication, AI-agent safe sharing, and process-tree detection, was introduced.
• Expanded Links Section: The "Links" section was significantly expanded to include direct links to NoxKey's homepage, documentation, AI agent security details, and a comparison page.

🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console.

Changelog

• README.md
  • Updated the main title to link to noxkey.ai and expanded the product description.
  • Added a "Quick start" section with CLI command examples.
  • Included a "Key features" list outlining NoxKey's functionalities.
  • Revised the "Links" section to point to various noxkey.ai pages for documentation and comparisons.

Activity

• No human activity has been recorded for this pull request yet.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated README.md to introduce NoxKey with a linked title, descriptive overview of functionality, new "Quick start" section with example commands, comprehensive "Key features" list detailing core capabilities, and expanded "Links" section with additional external resources.

Changes

Cohort / File(s)	Summary
Documentation README.md	Added linked title, descriptive paragraph explaining NoxKey's purpose, "Quick start" section with example commands for storing and retrieving secrets, "Key features" list highlighting 8 core capabilities, and expanded "Links" section with additional resources.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

🐰 A README refresh, clear and bright,
With features listed, Quick Start right,
Links expanded for those who explore,
NoxKey's secrets, now easier to adore! 🔐✨

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title directly and accurately describes the main changes: updating the README with noxkey.ai links and a feature list, which aligns with the primary objectives of adding SEO backlinks, quick start examples, and key features.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch update-readme-seo

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[gemini-code-assist]

Code Review

This pull request updates the README.md to improve its content for SEO purposes by adding more descriptive text, a quick start guide, a feature list, and updated links. The changes generally improve the README, but I've found a critical security concern in the new 'Quick start' section. The example command eval "$(noxkey get ...)" is vulnerable to command injection. I've provided a suggestion for a safer alternative.

[gemini-code-assist]

The use of eval with the output of noxkey get introduces a critical command injection vulnerability. If a secret contains shell metacharacters (e.g., $(reboot)), eval will execute it as a command. For a 'Quick start' guide that users will copy-paste, it's essential to provide secure examples. A safer pattern for making a secret available in the shell is to export it as an environment variable.

Suggested change

	# Use with AI agents — secret never enters conversation context
	eval "$(noxkey get myproject/API_KEY)"
	# Export the secret as an environment variable to use in your shell
	export MY_API_KEY="$(noxkey get myproject/API_KEY)"

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Around line 33-35: The README quick-start currently shows using eval with the
command `eval "$(noxkey get myproject/API_KEY)"` which is a command-injection
risk; update the example to remove eval and show a direct assignment/export of
the key instead (e.g., assign the output of `noxkey get myproject/API_KEY` to
API_KEY or export it) so the secret value is not executed as shell code; update
the example text around the `eval` usage to use the direct assignment/export
form and remove any mention of `eval`.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 785827dc-bb33-4b00-94ea-44bec787d3d8

📥 Commits

Reviewing files that changed from the base of the PR and between 770e8f8 and fea083f.

📒 Files selected for processing (1)

• README.md

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# Verify whether README still documents eval-based secret loading.
rg -n 'eval\s*"\$\(' README.md

Repository: No-Box-Dev/homebrew-noxkey

Length of output: 111

---

Avoid eval in the quick-start secret example.

Line 34 executes command output as shell code. If the value is not guaranteed to be a sanitized assignment expression, this is a command injection risk and unsafe as documentation guidance.

Use direct assignment instead: export API_KEY="$(noxkey get myproject/API_KEY)" or API_KEY="$(noxkey get myproject/API_KEY)" without eval.

Suggested doc fix

-# Use with AI agents — secret never enters conversation context
-eval "$(noxkey get myproject/API_KEY)"
+# Use with AI agents — secret never enters conversation context
+export API_KEY="$(noxkey get myproject/API_KEY)"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# Use with AI agents — secret never enters conversation context
	eval "$(noxkey get myproject/API_KEY)"
	```
	# Use with AI agents — secret never enters conversation context
	export API_KEY="$(noxkey get myproject/API_KEY)"

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@README.md` around lines 33 - 35, The README quick-start currently shows using
eval with the command `eval "$(noxkey get myproject/API_KEY)"` which is a
command-injection risk; update the example to remove eval and show a direct
assignment/export of the key instead (e.g., assign the output of `noxkey get
myproject/API_KEY` to API_KEY or export it) so the secret value is not executed
as shell code; update the example text around the `eval` usage to use the direct
assignment/export form and remove any mention of `eval`.