From 331378c7417dd9770700c51ab2b4bbeb04554970 Mon Sep 17 00:00:00 2001
From: Greg Bowler <greg@g105b.com>
Date: Sun, 19 Apr 2026 20:39:07 +0100
Subject: [PATCH 1/4] ci: code coverage

---
 .github/workflows/ci.yml | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8b2abef..e974b24 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -93,6 +93,9 @@ jobs:
 
       - name: Upload to Codecov
         uses: codecov/codecov-action@v5
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          slug: PhpGt/Cipher
 
   phpstan:
     runs-on: ubuntu-latest

From 9ef7a5b0a5e4fe58359208bf886687cf39a56c59 Mon Sep 17 00:00:00 2001
From: Greg Bowler <greg@g105b.com>
Date: Sun, 19 Apr 2026 20:41:21 +0100
Subject: [PATCH 2/4] ci: dynamic repo name

---
 .github/workflows/ci.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index e974b24..1034945 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -95,7 +95,7 @@ jobs:
         uses: codecov/codecov-action@v5
         with:
           token: ${{ secrets.CODECOV_TOKEN }}
-          slug: PhpGt/Cipher
+          slug: ${{ github.repository }}
 
   phpstan:
     runs-on: ubuntu-latest

From 536118d38adbc564274aaeeb2c093d1e39d76d92 Mon Sep 17 00:00:00 2001
From: Greg Bowler <greg@g105b.com>
Date: Sun, 19 Apr 2026 20:49:55 +0100
Subject: [PATCH 3/4] ci: upgrade workflow

---
 .github/workflows/ci.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 1034945..5d98c7e 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -1,11 +1,12 @@
 name: CI
 
-on: [push, pull_request]
+on:
+  push:
+  pull_request:
 
 permissions:
   contents: read
   actions: read
-  id-token: none
 
 jobs:
   composer:
@@ -15,10 +16,10 @@ jobs:
         php: [ 8.4, 8.5 ]
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
 
       - name: Cache Composer dependencies
-        uses: actions/cache@v4
+        uses: actions/cache@v5
         with:
           path: /tmp/composer-cache
           key: ${{ runner.os }}-${{ matrix.php }}-${{ hashFiles('**/composer.lock') }}
@@ -27,6 +28,7 @@ jobs:
         uses: php-actions/composer@v6
         with:
           php_version: ${{ matrix.php }}
+          php_extensions: pcntl
 
       - name: Archive build
         run: mkdir /tmp/github-actions/ && tar --exclude=".git" -cvf /tmp/github-actions/build.tar ./
@@ -118,6 +120,8 @@ jobs:
         with:
           php_version: ${{ matrix.php }}
           path: src/
+          level: 6
+          memory_limit: 256M
 
   phpmd:
     runs-on: ubuntu-latest

From 34ffd314393a816de81d5ccd57835450dea10d55 Mon Sep 17 00:00:00 2001
From: Greg Bowler <greg@g105b.com>
Date: Sun, 19 Apr 2026 20:55:16 +0100
Subject: [PATCH 4/4] docs: tweak readme

---
 README.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/README.md b/README.md
index ab76eb2..1ed56f9 100644
--- a/README.md
+++ b/README.md
@@ -1,13 +1,13 @@
 Two-way encryption of messages for secure plain text transmission.
 ==================================================================
 
-When messages are passed between two systems via a public network, encryption tools must be used to secure the communication channel. The process of encrypting and decrypting a message is complex and prone to errors, but is simplified in this repository by providing the `PlainTextMessage` and `EncryptedMessage` class abstractions.
+When messages are passed between two systems over a public network, encryption tools are needed to protect the content in transit. Encrypting and decrypting messages correctly can be fiddly and error-prone, so this library keeps the process small and explicit through the `PlainTextMessage`, `EncryptedMessage`, `CipherText`, `Key`, and `InitVector` abstractions.
 
-Pass your secret message to the `PlainTextMessage` constructor along with a private key, and you can call `encrypt()` to convert it into an `EncryptedMessage`. An `EncryptedMessage` is represented by a Cipher and IV value via the `getCipherText()` and `getIv()` functions. These two strings can be passed to the receiver by any communication mechanism, safe in the knowledge that the contents can not be read without the private key.
+Pass your secret message to the `PlainTextMessage` constructor, then call `encrypt()` with a shared `Key` to produce a `CipherText`. The encrypted payload is represented by the cipher text itself plus the IV returned by `getIv()`. Those values can then be passed to the receiver by any communication mechanism, with only the holder of the same shared key able to decrypt the original message.
 
-On the receiver, construct another `EncryptedMessage` with the incoming cipher and IV, and the original message can be read using `decrypt()` 
+On the receiving side, construct an `EncryptedMessage` with the incoming cipher text and IV, then call `decrypt()` with the same `Key` to recover the original plain text.
 
-The `CipherText` class also exposes a `getUri()` function, for creating a pre-encoded URI. A URI with `cipher` and `iv` querystring parameters can be passed to the `EncryptedUri` class to decrypt back into a `PlainTextMessage`.
+The `CipherText` class also provides a `getUri()` method for creating a pre-encoded URI. A URI containing `cipher` and `iv` query string parameters can then be passed to `EncryptedUri` and decrypted back into a `PlainTextMessage`.
 
 ***