docs: sync STATUS / ROADMAP with three weeks of stealth-shipped work
The 2026-05-30 sync commit (fa659eb) only covered the vault-tab management surfaces revamp. It missed three earlier merges that landed 2026-05-02..05-03 and have been on main since: - Phase 2B polish foundation + form layout (5da1e52, 2026-05-02) - v0.5.1 Stream A — 3-column vault layout + bottom sheet + toast + GLYPH_VAULT_TAB + emoji sweep (c16adc4, 2026-05-03) - v0.5.1 Stream B — left-nav settings (Autofill / Display / Security / Generator / Retention / Backup / Import) (bd6a301, 2026-05-03) - v0.5.1 Stream C — Recovery QR end-to-end (core + WASM + CLI + settings-security.ts + setup wizard banner) + setup wizard Style C redesign (934dfe0, 2026-05-03) Also missing: 1C-γ (attachments + Document type + device registration + trash + history), Plan B multi-stream refactor (Cycles 1+2), and the in-flight doc-structure redesign Tasks 1-4 (commits 36a59cd..bae3f7c since spec3209bfb). STATUS now lists each train with merge SHA, spec/plan pointers, and per-feature bullets. ROADMAP's "Up next" / "Medium-term" / "Long-term" sections retrimmed: the only genuinely outstanding work is doc-structure Task 5 verification, the lock-screen logo, the v0.5.x tag, and the three 2026-05-04 architecture-review specs (CLI restructure, extension restructure, security polish — none have plans yet). Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
adlee-was-taken
46
ROADMAP.md
46
ROADMAP.md
@@ -7,52 +7,38 @@
|
||||
|
||||
| Version | Highlights |
|
||||
|---|---|
|
||||
| v0.5.0 train *(on main, untagged)* | Security audit fixes, device auth, backup/restore, LastPass import, fullscreen UX phases 1+2A, vault-tab management surfaces revamp |
|
||||
| v0.5.x train *(on main, untagged — tag pending)* | Security audit fixes; device authentication; backup/restore + LastPass import; fullscreen UX Phases 1+2A+2B; v0.5.1 Streams A/B/C (3-column vault layout + bottom-sheet picker + toast system; left-nav settings; Recovery QR end-to-end + setup wizard Style C); 1C-γ (attachments + Document type + device registration + trash + field history); Plan B multi-stream refactor (commands/ split, prompt_or_flag, core/WASM seam); vault-tab management surfaces revamp (settings synced/local split, devices fingerprint, trash purge countdown, field-history polish, item-history-index, `#history/<id>` routing); doc-structure redesign (rename to DESIGN/CRYPTO/docs/FORMATS, scope headers + Next: footers) |
|
||||
| v0.2.0 | Last tagged release — typed-item rewrite (Plans 1A/1B/1C-α/β₁/β₂) |
|
||||
|
||||
Also shipped on main since the v0.5.0 version bump:
|
||||
See `CHANGELOG.md` for tagged-release detail and `STATUS.md` for the per-train commit list.
|
||||
|
||||
- **Vault-tab management surfaces revamp** (2026-05-24 → 2026-05-30) — settings synced/local split with session-timeout UI, devices fingerprint + inline two-step revoke, trash per-item purge countdown, field-history visual polish, new item-history-index pane, `#history/<id>` route normalization. Shared `relative-time.ts` + `ssh-fingerprint.ts` utilities.
|
||||
Spec: `docs/superpowers/specs/2026-05-23-vault-tab-management-surfaces-revamp-design.md`
|
||||
Plan: `docs/superpowers/plans/2026-05-24-vault-tab-management-surfaces-revamp.md`
|
||||
## Up next
|
||||
|
||||
See `CHANGELOG.md` for full details and `STATUS.md` for the current commit list.
|
||||
These are immediately queued:
|
||||
|
||||
## Up next (v0.5.x)
|
||||
|
||||
These are specced and either in progress or immediately queued:
|
||||
|
||||
- **Vault lock screen logo** — small `<img>` insertion in the lock-screen render *(in progress, uncommitted)*
|
||||
- **Phase 2B: form layout** — spacing, section headers, attachment previews in detail pane
|
||||
Spec: `docs/superpowers/specs/2026-05-02-phase-2b-form-layout-design.md`
|
||||
Plan: `docs/superpowers/plans/2026-05-02-phase-2b-polish-and-form-layout.md`
|
||||
- **1C-γ: attachments + Document type** — attachment UI in popup + vault tab; Document item add/view/edit/extract
|
||||
Specs: `docs/superpowers/specs/2026-04-24-relicario-extension-1c-gamma1-design.md`,
|
||||
`docs/superpowers/specs/2026-04-26-relicario-extension-1c-gamma2-design.md`
|
||||
- **v0.5.x UX polish** — recovery QR display in extension, password coloring refinements
|
||||
Spec: `docs/superpowers/specs/2026-05-03-v0.5.x-ux-polish-and-recovery-qr-design.md`
|
||||
- **Vault lock-screen logo** *(in progress, uncommitted)* — single `<img>` insertion in `vault.ts` lock-screen render
|
||||
- **Doc-structure redesign Task 5** — final verification gate (grep for stale paths, confirm link integrity)
|
||||
- **Cut a tag for the v0.5.x train** — version was bumped to 0.5.0 on 2026-05-04 but never tagged; scope now exceeds the original v0.5.0 plan. `v0.5.1` or `v0.6.0` depending on how you read the breadth.
|
||||
|
||||
## Medium-term
|
||||
|
||||
- **Phase 3: vault-tab shell** — fullscreen sidebar with nav sections, pane routing
|
||||
Spec: `docs/superpowers/specs/2026-04-27-relicario-vault-tab-design.md`
|
||||
- **Phase 4: command palette** — ⌘K global search + action dispatch across the vault tab
|
||||
- **CLI restructure** — subcommand reorganisation, interactive TUI mode
|
||||
Specced; no plan yet:
|
||||
|
||||
- **CLI restructure** — subcommand reorganization, interactive TUI mode
|
||||
Spec: `docs/superpowers/specs/2026-05-04-cli-restructure-design.md`
|
||||
- **Extension restructure** — bundle / message-routing cleanup
|
||||
- **Extension restructure** — bundle / message-routing cleanup
|
||||
Spec: `docs/superpowers/specs/2026-05-04-extension-restructure-design.md`
|
||||
- **Security polish**
|
||||
- **Security polish** — follow-up hardening from the architecture review
|
||||
Spec: `docs/superpowers/specs/2026-05-04-security-polish-design.md`
|
||||
- **Phase 4: command palette** — ⌘K global search + action dispatch across the vault tab (no spec yet)
|
||||
|
||||
## Long-term / backlog
|
||||
|
||||
- **Relay server** — encrypted WebSocket relay for multi-device sync without a shared git server
|
||||
- **Relay server** — encrypted WebSocket relay for multi-device sync without a shared git server
|
||||
Spec: `docs/superpowers/specs/2026-05-02-relay-server-design.md`
|
||||
- **Recovery QR** — QR code encoding of the reference-image secret for printed cold backup
|
||||
Spec: `docs/superpowers/specs/2026-05-01-recovery-qr-design.md`
|
||||
Plan: `docs/superpowers/plans/2026-05-02-relay-server.md` (`c0921b1`)
|
||||
Code skeleton: `crates/relicario-server/` exists but only houses the pre-receive hook today; the relay binary would either extend or replace it.
|
||||
- **Mobile** — Rust core compiles to ARM; JNI wrapper for Android, Swift wrapper for iOS
|
||||
- **Credential capture** — extension content-script form detection + autofill
|
||||
Spec: `docs/superpowers/specs/2026-04-12-relicario-credential-capture-design.md`
|
||||
|
||||
## Non-goals (explicitly deferred or cancelled)
|
||||
|
||||
|
||||
132
STATUS.md
132
STATUS.md
@@ -4,43 +4,93 @@
|
||||
|
||||
## Version
|
||||
|
||||
**Last release tagged:** v0.2.0 — v0.5.0 train (crate + extension versions bumped to 0.5.0 in `cf66bd9`, 2026-05-04) is on `main` but **untagged**. Tag when the v0.5.x polish slate clears.
|
||||
**Active track:** v0.5.x UX polish + Plan B refactor continuation
|
||||
**Last release tagged:** v0.2.0 — the v0.5.x train (crate + extension versions bumped to 0.5.0 in `cf66bd9`, 2026-05-04) is on `main` but **untagged**. The train has accumulated well past the original v0.5.0 scope; tag when the doc-structure redesign closes.
|
||||
**Active track:** doc-structure redesign final verification + roadmap planning
|
||||
|
||||
## What landed in the v0.5.0 train (2026-05-02 → 2026-05-04, untagged)
|
||||
## What landed on main since the v0.5.0 version bump
|
||||
|
||||
Three release trains merged into one tag:
|
||||
### Phase 2B — polish foundation + form layout (merged 2026-05-02, `5da1e52`)
|
||||
|
||||
**Security hardening (Plan A):**
|
||||
- Pre-receive hook actually verifies signatures now — device-auth was a no-op before (S1)
|
||||
- Backup-restore tar unpacking hardened against path traversal and zip-bomb (S2)
|
||||
- `RELICARIO_*` env-var surface audited; `RELICARIO_NO_GROUPS_CACHE` gated to debug builds (S3)
|
||||
Spec: `docs/superpowers/specs/2026-05-02-phase-2b-form-layout-design.md`
|
||||
Plan: `docs/superpowers/plans/2026-05-02-phase-2b-polish-and-form-layout.md`
|
||||
|
||||
**Bug fixes:**
|
||||
- Strength meter no longer goes stale after the regenerate button (B1)
|
||||
- Snake_case error codes no longer leak into the UI (B2)
|
||||
- Patina gold palette tokens (`--gold-base` `#a88a4a`, `--gold-mid`, `--gold-shadow`, etc.) replacing the bright amber `#d2ab43`
|
||||
- `.surface-backdrop` (radial top-glow + 18px grid texture) on popup body, setup body, vault body
|
||||
- `.glass` card class with `backdrop-filter: blur(8px)` for unlock card, setup steps, form columns
|
||||
- `.btn-primary` / `.btn-secondary` button hierarchy alongside existing `.btn`
|
||||
- `GLYPH_NEXT = '▸'` (U+25B8) replacing ASCII `→` in next/continue buttons
|
||||
- Unlock view restructure: logo-lockup (logo + brand + tagline) + glass card + primary "unlock vault" button + secondary open-vault/settings demoted
|
||||
- Setup wizard: backdrop + glass step cards + glass mode-picker cards + ▸ on next buttons
|
||||
- Two-column login form (`surface: 'popup' | 'fullscreen'` flag on `renderForm`)
|
||||
- Sticky save bar in fullscreen forms with `externalActions` flag
|
||||
- Form header with title + dirty-state subtitle + platform-aware save hint (⌘+S / Ctrl+S)
|
||||
|
||||
**Features (originally v0.3.0 + v0.4.0):**
|
||||
- `relicario backup export/restore` with `.relbak` format
|
||||
- `relicario import lastpass` (LastPass CSV importer)
|
||||
- Device authentication: ed25519 commit signing + Gitea deploy-key management
|
||||
- Fullscreen UX Phase 1: visual foundation (sidebar + pane shell, dark theme)
|
||||
- Fullscreen UX Phase 2A: smart inputs (password coloring, inline generator popover, custom-fields editor)
|
||||
### v0.5.1 Stream A — fullscreen + popup layout polish (merged 2026-05-03, `c16adc4`)
|
||||
|
||||
## Recent work (post-v0.5.0, landed on main)
|
||||
- 3-column vault tab: sidebar (200px) + list (flex) + detail drawer (440px)
|
||||
- Sidebar type-category nav replacing flat item list (All items + per-type counts)
|
||||
- Bottom sheet for "new item" type picker (pane-only scrim, sidebar stays interactive)
|
||||
- Shared toast system at `extension/src/shared/toast.ts` (`showToast(message, type, durationMs)`)
|
||||
- `GLYPH_VAULT_TAB = '⧉'` (U+29C9) replacing `⤴` pop-out button in popup
|
||||
- Per-type glyph icons in popup item rows
|
||||
- Empty-state treatments (popup list empty, popup search-empty, vault list section-empty)
|
||||
- Emoji sweep — all remaining UI emoji replaced with monochrome glyph constants
|
||||
|
||||
**Plan B multi-stream refactor (2026-05-09 to present):**
|
||||
- `prompt_or_flag<T>` + builder compression — compressed `build_*_item` helpers (Stream A)
|
||||
- `Vault::after_manifest_change` wrapper, single canonical `ParamsFile` in session (Stream B)
|
||||
- Core/WASM seam: `base32_decode_lenient`, `parse_month_year`, `guess_mime` added to WASM exports; CLI parsers migrated to `relicario-core::parse` (Stream C)
|
||||
### v0.5.1 Stream B — settings UX redesign (merged 2026-05-03, `bd6a301`)
|
||||
|
||||
- Unified left-nav settings page (Device / Vault grouping)
|
||||
- Sections: Autofill (Device), Display (Device — password coloring), Security (Vault — Recovery QR + trusted devices), Generator (Vault), Retention (Vault), Backup (Vault), Import (Vault)
|
||||
- `devices` standalone sidebar entry subsumed into Security section
|
||||
|
||||
### v0.5.1 Stream C — Recovery QR (merged 2026-05-03, `934dfe0`)
|
||||
|
||||
Spec: `docs/superpowers/specs/2026-05-01-recovery-qr-design.md`
|
||||
Plan: `docs/superpowers/plans/2026-05-01-recovery-qr-and-entropy-floor.md`
|
||||
|
||||
- Rust core: `relicario-core/src/recovery_qr.rs` — `generate_recovery_qr` / `unwrap_recovery_qr` / `recovery_qr_to_svg` (109-byte binary payload, never written to disk)
|
||||
- WASM bindings: `generate_recovery_qr` / `unwrap_recovery_qr` + session stores `image_secret` for regeneration
|
||||
- CLI: `relicario recovery-qr generate` / `recovery-qr unwrap` subcommands (TTY render)
|
||||
- Extension: three-state Security settings card; setup wizard "generate before you go" banner
|
||||
- Setup wizard Style C redesign — centered hero card + colored progress track + glyph mode icons (replacing the prior glass-card vertical wizard)
|
||||
|
||||
### 1C-γ — attachments + Document type + device registration + trash + history
|
||||
|
||||
Specs: `docs/superpowers/specs/2026-04-24-relicario-extension-1c-gamma1-design.md`, `docs/superpowers/specs/2026-04-26-relicario-extension-1c-gamma2-design.md`
|
||||
Plans: `docs/superpowers/plans/2026-04-24-relicario-extension-1c-gamma1.md`, `docs/superpowers/plans/2026-04-26-relicario-extension-1c-gamma2.md`
|
||||
|
||||
- Core: `relicario-core/src/item_types/document.rs` (DocumentCore — signature + signed-on date)
|
||||
- Extension: Document type form + signature-block detail (`extension/src/popup/components/types/document.ts`)
|
||||
- Attachments wired into 6 type forms via shared disclosure; 📎 indicator in item list
|
||||
- Attachment cap setting (per-vault bytes cap) in vault settings; CLI enforces cap on attach
|
||||
- Service worker: trash operations (listTrashed, restoreItem, purgeItem, purgeAllTrash); batched purge
|
||||
- Device registration from the popup (no setup-wizard detour)
|
||||
- Field history end-to-end (WASM `get_field_history`, popup viewer)
|
||||
- Attachment IDs expanded to 128 bits with `is_valid` check (audit I2)
|
||||
- Per-vault attachment bytes cap enforced (audit I3)
|
||||
- IDs validated on backup restore (audit B4)
|
||||
|
||||
### Plan B multi-stream refactor (2026-05-09 → 2026-05-25)
|
||||
|
||||
Cycle 1:
|
||||
- Stream A: security audit fixes + docs polish (`89090a8`)
|
||||
- Stream B: `main.rs` split into `commands/` modules + `git_run` helper (`b9bd152`)
|
||||
|
||||
Cycle 2:
|
||||
- Stream A: `prompt_or_flag<T>` + builder compression — compressed `build_*_item` helpers (`3dd1e1b`)
|
||||
- Stream B: `Vault::after_manifest_change` wrapper, single canonical `ParamsFile` in session (`3759f6a`)
|
||||
- Stream C: core/WASM seam — `base32_decode_lenient`, `parse_month_year`, `guess_mime` exported from WASM; CLI parsers migrated to `relicario-core::parse` (`e69b347`)
|
||||
|
||||
Misc:
|
||||
- CLI: `gen` alias for `generate`, `-l`/`-w` short flags, batched purge
|
||||
- `base32` module extracted from core, two duplicate RFC-4648 impls deduplicated
|
||||
- License switched to GPL-3.0-or-later
|
||||
|
||||
**Vault-tab management surfaces revamp (2026-05-24 → 2026-05-30):**
|
||||
Spec: `docs/superpowers/specs/2026-05-23-vault-tab-management-surfaces-revamp-design.md`
|
||||
### Vault-tab management surfaces revamp (2026-05-24 → 2026-05-30)
|
||||
|
||||
Spec: `docs/superpowers/specs/2026-05-23-vault-tab-management-surfaces-revamp-design.md`
|
||||
Plan: `docs/superpowers/plans/2026-05-24-vault-tab-management-surfaces-revamp.md`
|
||||
- Shared utilities first: `relative-time.ts` consolidating 5 duplicate inline copies (`9da45dd`, `a587965`), webcrypto `ssh-fingerprint.ts` (`1edfa67`), shared section-header / glyph-btn / kv-row / fingerprint CSS (`367adce`), history/revoke/restore glyph constants (`c943a06`)
|
||||
|
||||
- Shared utilities: `relative-time.ts` consolidating 5 duplicate inline copies (`9da45dd`, `a587965`), webcrypto `ssh-fingerprint.ts` (`1edfa67`), shared section-header / glyph-btn / kv-row / fingerprint CSS (`367adce`), history/revoke/restore glyph constants (`c943a06`)
|
||||
- Settings pane revamp — synced/local split + session timeout UI (`299e7db`)
|
||||
- Devices pane revamp — SHA256 fingerprint + added-by display + glyph revoke with inline two-step confirm (`047df6e`)
|
||||
- Trash pane revamp — per-item purge countdown via `daysUntilPurge` + glyph restore + bottom-right empty-trash (`ed6e218`)
|
||||
@@ -48,21 +98,29 @@ Plan: `docs/superpowers/plans/2026-05-24-vault-tab-management-surfaces-revamp.md
|
||||
- Item-history-index pane — top-level "items with history" list (`32e1632`)
|
||||
- Sidebar slot wiring + `#history/<id>` route with `#field-history/<id>` legacy normalization (`88d7228`)
|
||||
|
||||
### Doc-structure redesign (2026-05-30, in progress)
|
||||
|
||||
Spec: `docs/superpowers/specs/2026-05-30-doc-structure-redesign-design.md`
|
||||
Plan: `docs/superpowers/plans/2026-05-30-doc-structure-redesign.md`
|
||||
|
||||
- Task 1: Renamed `ARCHITECTURE.md` → `DESIGN.md`, `docs/ARCHITECTURE.md` → `docs/CRYPTO.md`, `FORMATS.md` → `docs/FORMATS.md` (`36a59cd`)
|
||||
- Task 2: Added scope headers + "Next:" footers to all tour docs (`5e7023f`)
|
||||
- Task 3: Fixed incoming links to renamed paths (`01377e7`)
|
||||
- Task 4: Updated CLAUDE.md living-docs table + added three discipline rules (`bae3f7c`)
|
||||
- Task 5: Final verification gate — **not yet run**
|
||||
|
||||
## In progress (uncommitted on main)
|
||||
|
||||
- Vault lock screen logo — 1-line `<img class="brand-logo">` insertion in `extension/src/vault/vault.ts` lock-screen render (verified via `git diff`)
|
||||
- Vault lock-screen logo — 1-line `<img class="brand-logo">` insertion in `extension/src/vault/vault.ts` lock-screen render (verified via `git diff`)
|
||||
- `.claude/settings.json` — harness config tweaks
|
||||
- Two superseded doc-plan/spec files showing modifications — `2026-04-22-relicario-extension-1c-beta1.md` and `2026-04-11-relicario-design.md`
|
||||
|
||||
## Up next
|
||||
|
||||
The vault-tab management surfaces revamp closes the trash / devices / history / settings gap that previously sat under "Up next". What's genuinely next, per `ROADMAP.md`:
|
||||
1. **Doc-structure redesign Task 5** — final verification gate (grep for old paths in renamed files, confirm no broken links remain). The four implementation tasks shipped without checking off the plan's checkboxes; the verification task may be redundant or may catch something.
|
||||
2. **Cut a tag for the v0.5.x train** — version bumped to 0.5.0 on 2026-05-04 but never tagged; scope now includes Phase 2B + v0.5.1 Streams A/B/C + 1C-γ + Plan B refactor + management-surfaces revamp + doc-structure redesign. Given the breadth, `v0.6.0` may fit better than `v0.5.1`; user decides.
|
||||
3. **CLI restructure** (spec `2026-05-04-cli-restructure-design.md`, no plan yet) — subcommand reorganization + interactive TUI mode.
|
||||
4. **Extension restructure** (spec `2026-05-04-extension-restructure-design.md`, no plan yet) — bundle / message-routing cleanup.
|
||||
5. **Security polish** (spec `2026-05-04-security-polish-design.md`, no plan yet) — follow-up security hardening from the architecture review.
|
||||
|
||||
1. **Phase 2B: form layout polish** — spacing, density, section headers, attachment previews
|
||||
Spec: `docs/superpowers/specs/2026-05-02-phase-2b-form-layout-design.md`
|
||||
Plan: `docs/superpowers/plans/2026-05-02-phase-2b-polish-and-form-layout.md`
|
||||
2. **1C-γ: attachments + Document type** — attachment UI in popup + vault tab; Document item add/view/edit
|
||||
Specs: `docs/superpowers/specs/2026-04-24-relicario-extension-1c-gamma1-design.md`, `2026-04-26-relicario-extension-1c-gamma2-design.md`
|
||||
3. **Phase 3: vault-tab shell** — sidebar nav + command palette stub
|
||||
Spec: `docs/superpowers/specs/2026-04-27-relicario-vault-tab-design.md`
|
||||
4. **v0.5.0 tag** — once the v0.5.x polish slate (lock-screen logo, Phase 2B) settles, cut the tag.
|
||||
|
||||
See `ROADMAP.md` for the longer arc.
|
||||
See `ROADMAP.md` for the longer arc and `CHANGELOG.md` for tagged-release history (current head: `v0.5.0` entry, dated 2026-05-02 — predates the v0.5.1 train work and will be revised when the next tag cuts).
|
||||
|
||||
Reference in New Issue
Block a user