#
#
# patch "cmd_key_cert.cc"
#  from [a295991d887633da167df1b623f3bab2c68dd3f7]
#    to [9b308c19ad1012ac1a75931cef8b873f594a4acd]
# 
# patch "cmd_list.cc"
#  from [24fdebca229af92b85d289ad4573a6a42a06897f]
#    to [c59927cb7fdabbd8bdac2df683280d830027d808]
# 
# patch "cmd_packet.cc"
#  from [73c51a305fbc999bbf4f6172f0511eb83fd261de]
#    to [b9baddc4733048ea95f417900addc66be75e2847]
# 
# patch "database.cc"
#  from [1103981d43546182769bfed0d10c0118457b4c91]
#    to [7f7410ae279a52ffa92618eb3498c91dd8581f0a]
# 
# patch "keys.cc"
#  from [c422791c7c491e8cd0360ddc4f93f2a59b8651ae]
#    to [c1ebaac64c7d6ac9211c7f90c3e4e470e4607a3a]
# 
# patch "lua_hooks.cc"
#  from [44c2ce923a29d281471f822908003d9848b46206]
#    to [46db866b3668f39fc76a95c2dee28538976ccc95]
# 
# patch "network/netsync_session.cc"
#  from [a2f4a48210709137a6c0ed3355a81e0e0384045b]
#    to [ac5089c8f8494ffc3f9d4bea537f9b5082af8b4c]
# 
# patch "network/session.cc"
#  from [e2a16733fef9dfa4ee37119e79076d1f3b8dee40]
#    to [b78d9d61b02d5efa9488272ac050b904f0e20cb3]
# 
# patch "project.cc"
#  from [54e9bba700b7fbb701408270624ebaeb1ef7e17d]
#    to [625e5f4bae7e6e050e8970ebea10b9dfc70fe7c0]
# 
# patch "project.hh"
#  from [ba427de548b87bf2525cdec6a1279e2ab61def87]
#    to [f4b5274a949c9ecf7f2a1d702b3dbb59fad48f34]
# 
# patch "tests/policy-keys/__driver__.lua"
#  from [da04753f2b7078f4454a0f151b09a05697b2fb89]
#    to [f43d4ef811d2a2f9eb5059148db2f8d0b47a7828]
#
============================================================
--- cmd_key_cert.cc	a295991d887633da167df1b623f3bab2c68dd3f7
+++ cmd_key_cert.cc	9b308c19ad1012ac1a75931cef8b873f594a4acd
@@ -71,7 +71,7 @@ CMD(dropkey, "dropkey", "", CMD_REF(key_
 
   key_identity_info identity;
   project_t project(db, app.lua, app.opts);
-  project.get_key_identity(keys, app.lua, idx(args, 0), identity);
+  project.get_key_identity(keys, app.lua, branch_name(), idx(args, 0), identity);
 
   if (db.database_specified())
     {
@@ -116,7 +116,7 @@ CMD(passphrase, "passphrase", "", CMD_RE
   project_t project(db, app.lua, app.opts);
   key_identity_info identity;
 
-  project.get_key_identity(keys, app.lua, idx(args, 0), identity);
+  project.get_key_identity(keys, app.lua, branch_name(), idx(args, 0), identity);
 
   keys.change_key_passphrase(identity.id);
   P(F("passphrase changed"));
@@ -232,7 +232,8 @@ CMD(trusted, "trusted", "", CMD_REF(key_
   for (unsigned int i = 3; i != args.size(); ++i)
     {
       key_identity_info identity;
-      project.get_key_identity(keys, app.lua, idx(args, i), identity);
+      project.get_key_identity(keys, app.lua, app.opts.branch,
+                               idx(args, i), identity);
       signers.insert(identity);
     }
 
============================================================
--- cmd_list.cc	24fdebca229af92b85d289ad4573a6a42a06897f
+++ cmd_list.cc	c59927cb7fdabbd8bdac2df683280d830027d808
@@ -189,7 +189,7 @@ CMD(certs, "certs", "", CMD_REF(list), "
 
       key_identity_info identity;
       identity.id = idx(certs, i).key;
-      project.complete_key_identity(keys, app.lua, identity);
+      project.complete_key_identity(keys, app.lua, branch_name(), identity);
 
       cout << string(guess_terminal_width(), '-') << '\n'
            << (i18n_format(str)
@@ -332,7 +332,7 @@ namespace {
             {
               key_identity_info identity;
               identity.id = *i;
-              project.complete_key_identity(lua, identity);
+              project.complete_key_identity(lua, branch_name(), identity);
               items[*i].identity = identity;
               items[*i].public_locations.push_back("database");
             }
@@ -346,7 +346,7 @@ namespace {
         {
           key_identity_info identity;
           identity.id = *i;
-          project.complete_key_identity(keys, lua, identity);
+          project.complete_key_identity(keys, lua, branch_name(), identity);
           items[*i].identity = identity;
           items[*i].public_locations.push_back("keystore");
           items[*i].private_locations.push_back("keystore");
@@ -570,7 +570,9 @@ CMD(tags, "tags", "", CMD_REF(list), "",
         {
           key_identity_info identity;
           identity.id = i->key;
-          project.complete_key_identity(app.lua, identity);
+          project.complete_key_identity(app.lua,
+                                        typecast_vocab<branch_name>(i->name),
+                                        identity);
           cout << ' ' << format_key(identity)  << '\n';
         }
       else
@@ -926,7 +928,7 @@ CMD_AUTOMATE(certs, N_("REV"),
 
       key_identity_info identity;
       identity.id = idx(certs, i).key;
-      project.complete_key_identity(app.lua, identity);
+      project.complete_key_identity(app.lua, branch_name(), identity);
       signers.insert(identity);
 
       bool trusted =
============================================================
--- cmd_packet.cc	73c51a305fbc999bbf4f6172f0511eb83fd261de
+++ cmd_packet.cc	b9baddc4733048ea95f417900addc66be75e2847
@@ -37,7 +37,8 @@ CMD(pubkey, "pubkey", "", CMD_REF(packet
   project_t project(db, app.lua, app.opts);
 
   key_identity_info identity;
-  project.get_key_identity(keys, app.lua, idx(args, 0), identity);
+  project.get_key_identity(keys, app.lua, app.opts.branch,
+                           idx(args, 0), identity);
   bool exists(false);
   rsa_pub_key key;
   if (db.database_specified() && db.public_key_exists(identity.id))
@@ -73,7 +74,7 @@ CMD(privkey, "privkey", "", CMD_REF(pack
 
   key_name name = typecast_vocab<key_name>(idx(args, 0));
   key_identity_info identity;
-  project.get_key_identity(app.lua, idx(args, 0), identity);
+  project.get_key_identity(app.lua, branch_name(), idx(args, 0), identity);
   E(keys.key_pair_exists(identity.id), origin::user,
     F("public and private key '%s' do not exist in keystore")
     % idx(args, 0)());
============================================================
--- database.cc	1103981d43546182769bfed0d10c0118457b4c91
+++ database.cc	7f7410ae279a52ffa92618eb3498c91dd8581f0a
@@ -3884,7 +3884,7 @@ namespace {
       {
         key_identity_info identity;
         identity.id = *i;
-        project->complete_key_identity(*lua, identity);
+        project->complete_key_identity(*lua, branch_name(), identity);
         signer_identities.insert(identity);
       }
 
============================================================
--- keys.cc	c422791c7c491e8cd0360ddc4f93f2a59b8651ae
+++ keys.cc	c1ebaac64c7d6ac9211c7f90c3e4e470e4607a3a
@@ -132,7 +132,8 @@ get_user_key(options const & opts, lua_h
       if (!opts.signing_key().empty())
         {
           key_identity_info identity;
-          project.get_key_identity(keys, lua, opts.signing_key, identity);
+          project.get_key_identity(keys, lua, opts.branch,
+                                   opts.signing_key, identity);
           key = identity.id;
         }
       else
@@ -178,7 +179,8 @@ cache_netsync_key(options const & opts,
       // maybe they specifically requested no key ("--key ''")
       if (!opts.signing_key().empty())
         {
-          project.get_key_identity(keys, lua, opts.signing_key, identity);
+          project.get_key_identity(keys, lua, opts.branch,
+                                   opts.signing_key, identity);
           key = identity.id;
           found_key = true;
         }
============================================================
--- lua_hooks.cc	44c2ce923a29d281471f822908003d9848b46206
+++ lua_hooks.cc	46db866b3668f39fc76a95c2dee28538976ccc95
@@ -333,7 +333,8 @@ lua_hooks::hook_get_branch_key(branch_na
   else
     {
       key_identity_info identity;
-      project.get_key_identity(keys, *this, arg_type(key, origin::user), identity);
+      project.get_key_identity(keys, *this, branch_name(),
+                               arg_type(key, origin::user), identity);
       k = identity.id;
       return true;
     }
@@ -753,7 +754,8 @@ lua_hooks::hook_get_netsync_key(utf8 con
   else
     {
       key_identity_info identity;
-      project.get_key_identity(keys, *this, arg_type(name, origin::user), identity);
+      project.get_key_identity(keys, *this, branch_name(),
+                               arg_type(name, origin::user), identity);
       k = identity.id;
       return true;
     }
============================================================
--- network/netsync_session.cc	a2f4a48210709137a6c0ed3355a81e0e0384045b
+++ network/netsync_session.cc	ac5089c8f8494ffc3f9d4bea537f9b5082af8b4c
@@ -106,7 +106,7 @@ netsync_session::netsync_session(session
        i != opts.keys_to_push.end(); ++i)
     {
       key_identity_info ident;
-      project.get_key_identity(keys, lua, *i, ident);
+      project.get_key_identity(keys, lua, branch_name(), *i, ident);
       keys_to_push.push_back(ident.id);
     }
 }
@@ -161,7 +161,7 @@ void netsync_session::on_end(size_t iden
         {
           key_identity_info identity;
           identity.id = *i;
-          project.complete_key_identity(keys, lua, identity);
+          project.complete_key_identity(keys, lua, branch_name(), identity);
           lua.hook_note_netsync_pubkey_received(identity, ident);
         }
 
@@ -176,7 +176,7 @@ void netsync_session::on_end(size_t iden
             {
               key_identity_info identity;
               identity.id = j->key;
-              project.complete_key_identity(keys, lua, identity);
+              project.complete_key_identity(keys, lua, branch_name(), identity);
               certs.insert(make_pair(identity, make_pair(j->name, j->value)));
             }
 
@@ -192,7 +192,7 @@ void netsync_session::on_end(size_t iden
         {
           key_identity_info identity;
           identity.id = i->key;
-          project.complete_key_identity(keys, lua, identity);
+          project.complete_key_identity(keys, lua, branch_name(), identity);
           lua.hook_note_netsync_cert_received(revision_id(i->ident), identity,
                                               i->name, i->value, ident);
         }
@@ -225,7 +225,7 @@ void netsync_session::on_end(size_t iden
         {
           key_identity_info identity;
           identity.id = *i;
-          project.complete_key_identity(keys, lua, identity);
+          project.complete_key_identity(keys, lua, branch_name(), identity);
           lua.hook_note_netsync_pubkey_sent(identity, ident);
         }
 
@@ -240,7 +240,7 @@ void netsync_session::on_end(size_t iden
             {
               key_identity_info identity;
               identity.id = j->key;
-              project.complete_key_identity(keys, lua, identity);
+              project.complete_key_identity(keys, lua, branch_name(), identity);
               certs.insert(make_pair(identity, make_pair(j->name, j->value)));
             }
 
@@ -256,7 +256,7 @@ void netsync_session::on_end(size_t iden
         {
           key_identity_info identity;
           identity.id = i->key;
-          project.complete_key_identity(keys, lua, identity);
+          project.complete_key_identity(keys, lua, branch_name(), identity);
           lua.hook_note_netsync_cert_sent(revision_id(i->ident), identity,
                                           i->name, i->value, ident);
         }
============================================================
--- network/session.cc	e2a16733fef9dfa4ee37119e79076d1f3b8dee40
+++ network/session.cc	b78d9d61b02d5efa9488272ac050b904f0e20cb3
@@ -415,7 +415,7 @@ session::request_netsync(protocol_role r
   key_identity_info remote_key;
   remote_key.id = remote_peer_key_id;
   if (!remote_key.id.inner()().empty())
-    project.complete_key_identity(keys, app.lua, remote_key);
+    project.complete_key_identity(keys, app.lua, branch_name(), remote_key);
 
   wrapped->on_begin(session_id, remote_key);
 }
@@ -446,7 +446,7 @@ session::request_automate()
   key_identity_info remote_key;
   remote_key.id = remote_peer_key_id;
   if (!remote_key.id.inner()().empty())
-    project.complete_key_identity(keys, app.lua, remote_key);
+    project.complete_key_identity(keys, app.lua, branch_name(), remote_key);
 
   wrapped->on_begin(session_id, remote_key);
 }
@@ -664,7 +664,7 @@ bool session::handle_service_request()
     {
       client_identity.id = client_id;
       if (!client_identity.id.inner()().empty())
-        project.complete_key_identity(keys, app.lua, client_identity);
+        project.complete_key_identity(keys, app.lua, branch_name(), client_identity);
     }
 
   wrapped->on_begin(session_id, client_identity);
============================================================
--- project.cc	54e9bba700b7fbb701408270624ebaeb1ef7e17d
+++ project.cc	625e5f4bae7e6e050e8970ebea10b9dfc70fe7c0
@@ -585,7 +585,9 @@ public:
     typedef key_lister::name_map::const_iterator it;
     for (it i = names.begin(); i != names.end(); ++i)
       {
-        if (i->second.first.has_prefix(where) && i->second.second == name)
+        if (i->second.second != name)
+          continue;
+        if (where.empty() || where.has_prefix(i->second.first))
           {
             branch_name name_as_branch = typecast_vocab<branch_name>(i->second.second);
             key_name official_name =
@@ -1311,7 +1313,7 @@ project_t::put_standard_certs_from_optio
     {
       key_identity_info key;
       get_user_key(opts, lua, db, keys, *this, key.id);
-      complete_key_identity(lua, key);
+      complete_key_identity(lua, branch, key);
 
       if (!lua.hook_get_author(branch, key, author))
         {
@@ -1377,6 +1379,7 @@ project_t::lookup_key_by_name(key_store 
 void
 project_t::lookup_key_by_name(key_store * const keys,
                               lua_hooks & lua,
+                              branch_name const & where,
                               key_name const & name,
                               key_id & id) const
 {
@@ -1405,7 +1408,7 @@ project_t::lookup_key_by_name(key_store 
         }
 
       map<key_name, key_id> results;
-      project_policy->find_keys_named(*this, name, branch_name(), results);
+      project_policy->find_keys_named(*this, name, where, results);
       E(results.size() <= 1, origin::user,
         F("there are %d keys named '%s'") % results.size() % name);
       E(results.size() > 0, origin::user,
@@ -1533,6 +1536,7 @@ project_t::complete_key_identity(key_sto
 void
 project_t::complete_key_identity(key_store * const keys,
                                  lua_hooks & lua,
+                                 branch_name const & where,
                                  key_identity_info & info) const
 {
   MM(info.id);
@@ -1552,7 +1556,7 @@ project_t::complete_key_identity(key_sto
     }
   else if (!info.official_name().empty())
     {
-      lookup_key_by_name(keys, lua, info.official_name, info.id);
+      lookup_key_by_name(keys, lua, where, info.official_name, info.id);
       get_canonical_name_of_key(keys, info.id, info.given_name);
     }
   //else if (!info.given_name().empty())
@@ -1567,21 +1571,24 @@ project_t::complete_key_identity(key_sto
 void
 project_t::complete_key_identity(key_store & keys,
                                  lua_hooks & lua,
+                                 branch_name const & where,
                                  key_identity_info & info) const
 {
-  complete_key_identity(&keys, lua, info);
+  complete_key_identity(&keys, lua, where, info);
 }
 
 void
 project_t::complete_key_identity(lua_hooks & lua,
+                                 branch_name const & where,
                                  key_identity_info & info) const
 {
-  complete_key_identity(0, lua, info);
+  complete_key_identity(0, lua, where, info);
 }
 
 void
 project_t::get_key_identity(key_store * const keys,
                             lua_hooks & lua,
+                            branch_name const & where,
                             external_key_name const & input,
                             key_identity_info & output) const
 {
@@ -1598,41 +1605,47 @@ project_t::get_key_identity(key_store * 
     {
       output.official_name = typecast_vocab<key_name>(input);
     }
-  complete_key_identity(keys, lua, output);
+  complete_key_identity(keys, lua, where, output);
 }
 
 void
 project_t::get_key_identity(key_store & keys,
                             lua_hooks & lua,
+                            branch_name const & where,
                             external_key_name const & input,
                             key_identity_info & output) const
 {
-  get_key_identity(&keys, lua, input, output);
+  get_key_identity(&keys, lua, where, input, output);
 }
 
 void
 project_t::get_key_identity(lua_hooks & lua,
+                            branch_name const & where,
                             external_key_name const & input,
                             key_identity_info & output) const
 {
-  get_key_identity(0, lua, input, output);
+  get_key_identity(0, lua, where, input, output);
 }
 
 void
 project_t::get_key_identity(key_store & keys,
                             lua_hooks & lua,
+                            branch_name const & where,
                             arg_type const & input,
                             key_identity_info & output) const
 {
-  get_key_identity(&keys, lua, typecast_vocab<external_key_name>(input), output);
+  get_key_identity(&keys, lua, where,
+                   typecast_vocab<external_key_name>(input), output);
 }
 
 void
 project_t::get_key_identity(lua_hooks & lua,
+                            branch_name const & where,
                             arg_type const & input,
                             key_identity_info & output) const
 {
-  get_key_identity(0, lua, typecast_vocab<external_key_name>(input), output);
+  get_key_identity(0, lua, where,
+                   typecast_vocab<external_key_name>(input), output);
 }
 
 
============================================================
--- project.hh	ba427de548b87bf2525cdec6a1279e2ab61def87
+++ project.hh	f4b5274a949c9ecf7f2a1d702b3dbb59fad48f34
@@ -232,6 +232,7 @@ private:
   // lookup the key ID associated with a particular key name
   void lookup_key_by_name(key_store * const keys,
                           lua_hooks & lua,
+                          branch_name const & where,
                           key_name const & name,
                           key_id & id) const;
   // get the name given when creating the key
@@ -240,29 +241,37 @@ private:
                                  key_name & name) const;
   void complete_key_identity(key_store * const keys,
                              lua_hooks & lua,
+                             branch_name const & where,
                              key_identity_info & info) const;
   void get_key_identity(key_store * const keys,
                         lua_hooks & lua,
+                        branch_name const & where,
                         external_key_name const & input,
                         key_identity_info & output) const;
 public:
   void complete_key_identity(key_store & keys,
                              lua_hooks & lua,
+                             branch_name const & where,
                              key_identity_info & info) const;
   void complete_key_identity(lua_hooks & lua,
+                             branch_name const & where,
                              key_identity_info & info) const;
   void get_key_identity(key_store & keys,
                         lua_hooks & lua,
+                        branch_name const & where,
                         external_key_name const & input,
                         key_identity_info & output) const;
   void get_key_identity(lua_hooks & lua,
+                        branch_name const & where,
                         external_key_name const & input,
                         key_identity_info & output) const;
   void get_key_identity(key_store & keys,
                         lua_hooks & lua,
+                        branch_name const & where,
                         arg_type const & input,
                         key_identity_info & output) const;
   void get_key_identity(lua_hooks & lua,
+                        branch_name const & where,
                         arg_type const & input,
                         key_identity_info & output) const;
 };
============================================================
--- tests/policy-keys/__driver__.lua	da04753f2b7078f4454a0f151b09a05697b2fb89
+++ tests/policy-keys/__driver__.lua	f43d4ef811d2a2f9eb5059148db2f8d0b47a7828
@@ -14,27 +14,36 @@ end
 for hash in readfile("stderr"):gmatch("'(" .. string.rep("%x", 40) .. ")'") do
    my_key = hash
 end
+check(mtn("genkey", "address@hidden"), 0, false, true,
+      string.rep("address@hidden", 2))
+for hash in readfile("stderr"):gmatch("'(" .. string.rep("%x", 40) .. ")'") do
+   other_key = hash
+end
 
-check(mtn("create_project", "test_project", "-k", "address@hidden"), 0, false, false)
+function init_policy(project, key, name, hash)
+   check(mtn("create_project", project, "-k", key), 0, false, false)
 
-check(mtn("setup", "-btest_project.__policy__", "policy_checkout"), 0, false, false)
+   check(mtn("setup", "-b", project .. ".__policy__", project),
+	 0, false, false)
 
-mkdir("policy_checkout/keys")
-writefile("policy_checkout/keys/my_key", my_key)
-check(indir("policy_checkout", mtn("add", "keys/my_key", "--no-respect-ignore")),
-   0, false, false)
-check(indir("policy_checkout",
-	    mtn("commit", "-m", "add key", "-k", "address@hidden")),
-      0, false, false)
+   mkdir(project .. "/keys")
+   writefile(project .. "/keys/" .. name, hash)
+   check(indir(project, mtn("add", "keys/" .. name, "--no-respect-ignore")),
+	 0, false, false)
+   check(indir(project, mtn("commit", "-m", "add key", "-k", key)),
+	 0, false, false)
+end
 
+init_policy("test_project", "address@hidden", "my_key", my_key)
+init_policy("other_project", "address@hidden", "other_key", other_key)
 
+
 --  use new key in delegation, branch, and branch under delegation
 
 check(mtn("ls", "keys"), 0, true)
 check(qgrep("test_project.my_key", "stdout"))
 
--- TODO: check that keys named in some other (unrelated) policy
--- don't work here unless the full path is given
+
 check(mtn("create_subpolicy", "test_project.delegated",
 	  "--no-workspace", "-k", "my_key"), 0, nil, false)
 
@@ -44,6 +53,9 @@ check(mtn("create_branch", "test_project
 check(mtn("create_branch", "test_project.delegated.otherbranch",
 	  "--no-workspace", "-k", "my_key"), 0, nil, false)
 
+-- unrelated keys don't work
+check(mtn("create_branch", "test_project.badbranch",
+	  "--no-workspace", "-k", "other_key"), 1, nil, false)
 
 -- drop private key (dropkey -d:memory:)
 check(mtn("-d", ":memory:", "--no-workspace", "dropkey", my_key), 0, nil, false)