From 8fd9a0587508d5a90ee8a0f72fc855ed0f9615bc Mon Sep 17 00:00:00 2001 From: adlee-was-taken Date: Sat, 2 May 2026 16:23:17 -0400 Subject: [PATCH] docs(claude): refresh project tree, IDs line, and roadmap (audit F2/F3/F4) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - F2: add relicario-server crate to the project-structure tree - F3: replace stale "Next: WASM + Chrome MV3 (Plan 2)" roadmap line with the v0.5.0/Phase-3/1C-γ/LastPass picture - F4: ItemIds and FieldIds are 16-char hex (64 bits) per audit M8; AttachmentIds are first 32 hex of SHA-256 (128 bits) per audit I2/B4 Co-Authored-By: Claude Opus 4.7 --- CLAUDE.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/CLAUDE.md b/CLAUDE.md index 768bff2..30a74de 100644 --- a/CLAUDE.md +++ b/CLAUDE.md @@ -48,9 +48,11 @@ crates/ │ ├── src/helpers.rs # vault_dir, git_command, iso8601 │ ├── src/session.rs # UnlockedVault (master key in Zeroizing) │ └── tests/ # basic_flows, edit_and_history, attachments, settings, vault_detection -└── relicario-wasm/ # WASM bindings for the extension - ├── src/lib.rs # #[wasm_bindgen] surface - └── src/session.rs # opaque SessionHandle → Zeroizing<[u8;32]> +├── relicario-wasm/ # WASM bindings for the extension +│ ├── src/lib.rs # #[wasm_bindgen] surface +│ └── src/session.rs # opaque SessionHandle → Zeroizing<[u8;32]> +└── relicario-server/ # `relicario-server` binary (pre-receive Git hook) + └── src/main.rs # verify-commit + generate-hook subcommands ``` ## Key design decisions @@ -76,7 +78,7 @@ passphrase (UTF-8 bytes) || image_secret (32 bytes from reference JPEG) - Tests use fast Argon2id params (m=256, t=1, p=1) so they don't take forever. - Test JPEGs are generated synthetically via `make_test_jpeg()` — no binary test fixtures. -- Item IDs are random 8-char hex strings. +- Item IDs and Field IDs are random 16-char hex strings (64 bits of OsRng entropy). AttachmentIds are content-addressed: first 32 hex chars of SHA-256 over the plaintext (128 bits). - Git history is preserved as an audit log — no squashing. - The CLI shells out to `git` for sync — no libgit2/gitoxide dependency. @@ -90,4 +92,4 @@ Full threat model, entropy analysis, and architecture: `docs/superpowers/specs/2 ## Roadmap -Next: WASM build + Chrome MV3 browser extension (Plan 2). Then mobile (Rust core compiles to ARM). +Next: v0.5.0 polish + harden (in progress). After that, Phases 3/4 of the fullscreen UX redesign (vault-tab shell + command palette), Plan 1C-γ (attachments + Document + trash/history/device UI), and the LastPass importer. Mobile (Rust core compiles to ARM) and recovery QR remain on the roadmap.