chore: release v0.6.0

Rolls up four weeks of post-v0.5.0 work into one tag:

- Phase 2B polish foundation + form layout (2026-05-02, 5da1e52)
- v0.5.1 Stream A — 3-column vault layout + toast + bottom sheet (2026-05-03, c16adc4)
- v0.5.1 Stream B — left-nav settings (2026-05-03, bd6a301)
- v0.5.1 Stream C — Recovery QR + setup wizard Style C (2026-05-03, 934dfe0)
- 1C-γ — Document item type + attachments + device registration + trash + history
- Plan B refactor (Cycles 1+2) — commands/ split, prompt_or_flag, core/WASM seam
- Vault-tab management surfaces revamp (2026-05-24..30) — settings split, devices fingerprint, trash countdown, history polish
- Doc-structure redesign (2026-05-30) — DESIGN/CRYPTO/docs/FORMATS rename + scope headers + Next: footers
- Lock-screen logo for parity with popup unlock
- 17 stale tests updated to match post-Stream-B / post-revamp components

Versions: relicario-{core,cli,wasm} → 0.6.0; extension/package.json → 0.6.0.
relicario-server stays at 0.1.0 (separate cadence).

Suite status at tag time: 371/371 extension + 281 Rust tests green.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>

CHANGELOG.md

@@ -1,5 +1,146 @@
 # Changelog
 
+## v0.6.0 — 2026-05-30
+
+Rolls up four weeks of post-v0.5.0 work into one tag: the Phase 2B
+polish foundation, the v0.5.1 train (Streams A/B/C — 3-column vault
+layout, left-nav settings, Recovery QR), the 1C-γ slice (Document
+type, attachments, device registration from popup, trash & history
+UI), the Plan B multi-stream refactor (Cycles 1+2), the vault-tab
+management surfaces revamp, and the doc-structure redesign. The
+in-flight scope outgrew the original v0.5.1 plan, so this cuts as a
+minor bump.
+
+### Added
+
+- **Recovery QR — 1-of-2 disaster-recovery path.** `image_secret` is
+  encrypted under an Argon2id-derived key from the passphrase, packed
+  into a 109-byte binary payload (magic `RREC` + version 0x01 + salt
+  + nonce + AEAD ciphertext), and rendered as a QR code that is never
+  written to disk. Surfaces:
+  - Rust core: `relicario-core/src/recovery_qr.rs` — `generate_recovery_qr` /
+    `unwrap_recovery_qr` / `recovery_qr_to_svg`. Production KDF
+    params (`m=64MiB, t=3, p=4`) live behind a private-fields type so
+    they cannot drift.
+  - WASM: `generate_recovery_qr` / `unwrap_recovery_qr` exported; the
+    session now stashes `image_secret` so the QR can be regenerated
+    without re-running steganography extraction.
+  - CLI: `relicario recovery-qr generate` (TTY render) and
+    `relicario recovery-qr unwrap` subcommands.
+  - Extension: three-state Security settings card (no QR → amber
+    warning; QR exists → green status + show/regenerate; explicit
+    view → modal with print).
+  - Setup wizard: skippable "generate before you go" banner on the
+    final step.
+- **Document item type.** New typed item for storing a signed document
+  with a primary attachment. Form takes signature + signed-on date;
+  detail view renders a signature-block layout. Wired into the popup
+  add/view/edit dispatchers. Refuses to drop its primary attachment
+  (use `purge` instead).
+- **Attachments end-to-end.** Service worker uploads attachments via
+  the GitHost putBlob path (GitHub + Gitea Git Data API with fallback);
+  popup attachments-disclosure component handles add/remove/download
+  inside all six item-type forms; `📎` indicator shows on item-list
+  rows that have attachments. Per-vault attachment bytes cap is
+  enforced both at attach-time and during backup restore.
+- **Device registration from the popup.** "Register this device"
+  triggers an inline name input + WASM keypair generation + persisted
+  device entry — no setup-wizard detour.
+- **Trash + field-history UI.** Trash view shows per-item purge
+  countdown with restore / per-item purge / empty-all actions.
+  Field-history view groups changes per field with reveal/copy
+  glyph buttons. New top-level item-history-index pane lists every
+  item that has captured history. `#history/<id>` route normalizes
+  the legacy `#field-history/<id>` URL form.
+- **3-column fullscreen vault tab.** Sidebar (200px, type-category
+  nav) + list (flex) + detail drawer (440px, slides in on row click).
+  Below 720px the drawer pushes the list full-pane. Bottom sheet for
+  "new item" type picker uses a pane-only scrim so the sidebar stays
+  interactive.
+- **Left-nav settings page.** Replaces the flat settings dump.
+  Sections grouped Device (Autofill, Display — password coloring)
+  vs Vault (Security — Recovery QR + trusted devices, Generator,
+  Retention, Backup, Import). The standalone Devices sidebar entry
+  is subsumed into Security.
+- **Two-column login form in fullscreen.** Identity (title / URL /
+  group) and Credentials (username / password / TOTP) render as
+  side-by-side glass cards above 720px viewport; single-column at
+  narrow widths. Notes / custom sections / attachments stay full-width
+  below the grid. Sticky save bar at the bottom of the form pane;
+  header shows title + dirty subtitle ("unsaved · esc to cancel" or
+  "no changes") + platform-aware save hint (⌘+S / Ctrl+S).
+- **Polish vocabulary.** Patina gold palette tokens
+  (`--gold-base` `#a88a4a` replacing the brighter `#d2ab43`),
+  `.surface-backdrop` (subtle radial top-glow + 18px grid texture)
+  applied to popup body / setup body / vault body, `.glass` card
+  class with `backdrop-filter: blur(8px)`, `.btn-primary` /
+  `.btn-secondary` button hierarchy, and `GLYPH_NEXT = '▸'` replacing
+  ASCII `→` in next/continue buttons.
+- **Vault lock-screen logo.** `<img class="brand-logo">` added to the
+  lock-screen render for parity with the popup unlock view and the
+  setup wizard.
+- **Setup wizard Style C.** Centered hero card + colored progress
+  track + glyph mode icons, replacing the prior vertical glass-card
+  wizard.
+- **Toast notification system.** Shared `showToast(message, type,
+  durationMs)` at `extension/src/shared/toast.ts`. Used for sync
+  success/failure, copy confirmation, device registration result.
+  Replaces the ad-hoc `sync-status` div.
+- **Empty-state treatments.** Popup item list (vault empty / search
+  returns nothing), vault list (section empty) — each gets a centered
+  glyph + headline + hint.
+- **Per-type glyph icons in popup item rows.** `◉ login`, `◫
+  secure_note`, `⊡ totp`, `▭ card`, `⌬ identity`, `⊹ key`,
+  `≡ document`.
+
+### Changed
+
+- **Vault-tab management surfaces revamp (2026-05-24..05-30).**
+  Settings pane splits synced (cross-device via Chrome storage) from
+  local (per-browser) controls and gains a session-timeout UI.
+  Devices pane shows SHA-256 fingerprint + added-by display + inline
+  two-step revoke confirm via glyph button. Trash pane shows per-item
+  purge countdown via `daysUntilPurge`. Field-history pane gets
+  section headers and reveal/copy glyph buttons. New shared
+  utilities: `relative-time.ts` (consolidating five duplicate inline
+  copies), webcrypto `ssh-fingerprint.ts`, shared
+  section-header / glyph-btn / kv-row / fingerprint CSS.
+- **Emoji sweep.** Every remaining UI emoji replaced with a
+  monochrome glyph constant from `shared/glyphs.ts`. The pop-out
+  button is now `⧉` (U+29C9, `GLYPH_VAULT_TAB`) instead of `&#x2934;`.
+- **License switched to GPL-3.0-or-later.** Was MIT for the early
+  prototype phase. License headers + `AUTHORS` + crate `Cargo.toml`
+  authors updated.
+- **AttachmentId expanded to 128 bits with `is_valid` check.**
+  Backup restore now validates IDs (audit I2 / B4).
+- **Per-vault attachment bytes cap enforced.** Both CLI attach and
+  backup restore (audit I3).
+
+### Internal
+
+- **Plan B multi-stream refactor (Cycles 1+2).** CLI `main.rs` split
+  into per-command modules under `crates/relicario-cli/src/commands/`
+  with a shared `git_run` helper. New `prompt_or_flag<T>` and
+  `prompt_or_flag_optional<T>` helpers compress all the `build_*_item`
+  helpers. `Vault::after_manifest_change` wrapper plus a single
+  canonical `ParamsFile` in the session avoid duplicated file-system
+  rebuilds. Core/WASM seam: `base32_decode_lenient`,
+  `parse_month_year`, `guess_mime` exported from WASM; CLI parsers
+  migrated to `relicario-core::parse`. Extracted `base32` module
+  from core, deduplicated two RFC-4648 implementations.
+- **Doc-structure redesign (2026-05-30).** Renamed `ARCHITECTURE.md`
+  → `DESIGN.md`, `docs/ARCHITECTURE.md` → `docs/CRYPTO.md`,
+  `FORMATS.md` → `docs/FORMATS.md`. Added scope headers and
+  "Next:" footers to all tour docs so the reading order is canonical.
+  `CLAUDE.md` gains a living-docs table and four discipline rules
+  (scope-boundary check, code-constant pinning, new-doc rule,
+  plan-state hygiene).
+- **CLI quality-of-life.** `gen` alias for `generate`, `-l`/`-w`
+  short flags, batched purge in `cmd_purge` and `cmd_trash_empty`.
+- **Workspace audit cycle.** Stale local branches and worktrees
+  pruned. Several plan files moved into `docs/superpowers/audits/`
+  for the record.
+
 ## v0.5.0 — 2026-05-02
 
 Three release trains roll into one tag — backup/restore + LastPass

Cargo.lock

@@ -2156,7 +2156,7 @@ checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
 
 [[package]]
 name = "relicario-cli"
-version = "0.5.0"
+version = "0.6.0"
 dependencies = [
  "anyhow",
  "arboard",
@@ -2185,7 +2185,7 @@ dependencies = [
 
 [[package]]
 name = "relicario-core"
-version = "0.5.0"
+version = "0.6.0"
 dependencies = [
  "argon2",
  "base64",
@@ -2231,7 +2231,7 @@ dependencies = [
 
 [[package]]
 name = "relicario-wasm"
-version = "0.5.0"
+version = "0.6.0"
 dependencies = [
  "base64",
  "ed25519-dalek",

ROADMAP.md

@@ -7,18 +7,14 @@
 
 | Version | Highlights |
 |---|---|
-| v0.5.x train *(on main, untagged — tag pending)* | Security audit fixes; device authentication; backup/restore + LastPass import; fullscreen UX Phases 1+2A+2B; v0.5.1 Streams A/B/C (3-column vault layout + bottom-sheet picker + toast system; left-nav settings; Recovery QR end-to-end + setup wizard Style C); 1C-γ (attachments + Document type + device registration + trash + field history); Plan B multi-stream refactor (commands/ split, prompt_or_flag, core/WASM seam); vault-tab management surfaces revamp (settings synced/local split, devices fingerprint, trash purge countdown, field-history polish, item-history-index, `#history/<id>` routing); doc-structure redesign (rename to DESIGN/CRYPTO/docs/FORMATS, scope headers + Next: footers) |
+| v0.6.0 *(2026-05-30)* | Security audit fixes; device authentication; backup/restore + LastPass import; fullscreen UX Phases 1+2A+2B; v0.5.1 Streams A/B/C (3-column vault layout + bottom-sheet picker + toast system; left-nav settings; Recovery QR end-to-end + setup wizard Style C); 1C-γ (attachments + Document type + device registration + trash + field history); Plan B multi-stream refactor (commands/ split, prompt_or_flag, core/WASM seam); vault-tab management surfaces revamp (settings synced/local split, devices fingerprint, trash purge countdown, field-history polish, item-history-index, `#history/<id>` routing); doc-structure redesign (rename to DESIGN/CRYPTO/docs/FORMATS, scope headers + Next: footers); GPL-3.0-or-later license |
-| v0.2.0 | Last tagged release — typed-item rewrite (Plans 1A/1B/1C-α/β₁/β₂) |
+| v0.2.0 | Typed-item rewrite (Plans 1A/1B/1C-α/β₁/β₂) |
 
 See `CHANGELOG.md` for tagged-release detail and `STATUS.md` for the per-train commit list.
 
 ## Up next
 
-- **Cut a tag for the v0.5.x train** — version was bumped to 0.5.0 on 2026-05-04 but never tagged; scope now exceeds the original v0.5.0 plan. `v0.5.1` or `v0.6.0` depending on how you read the breadth. Tag-cut needs a `CHANGELOG.md` entry covering Phase 2B + v0.5.1 Streams A/B/C + 1C-γ + Plan B refactor + management-surfaces revamp + doc-structure redesign.
+All three are specced but have no implementation plan yet. Writing a plan is the first move on any of them.
-
-## Medium-term
-
-Specced; no plan yet:
 
 - **CLI restructure** — subcommand reorganization, interactive TUI mode
   Spec: `docs/superpowers/specs/2026-05-04-cli-restructure-design.md`
@@ -26,6 +22,9 @@ Specced; no plan yet:
   Spec: `docs/superpowers/specs/2026-05-04-extension-restructure-design.md`
 - **Security polish** — follow-up hardening from the architecture review
   Spec: `docs/superpowers/specs/2026-05-04-security-polish-design.md`
+
+## Medium-term
+
 - **Phase 4: command palette** — ⌘K global search + action dispatch across the vault tab (no spec yet)
 
 ## Long-term / backlog

STATUS.md

@@ -4,8 +4,8 @@
 
 ## Version
 
-**Last release tagged:** v0.2.0 — the v0.5.x train (crate + extension versions bumped to 0.5.0 in `cf66bd9`, 2026-05-04) is on `main` but **untagged**. The train has accumulated well past the original v0.5.0 scope; ready to tag (`v0.5.1` or `v0.6.0` depending on how you read the breadth).
+**Last release tagged:** v0.6.0 — rolled up Phase 2B, v0.5.1 Streams A/B/C, 1C-γ, Plan B refactor (Cycles 1+2), management-surfaces revamp, and the doc-structure redesign into one tag.
-**Active track:** post-audit cleanup → ready to cut a tag
+**Active track:** picking the next initiative (CLI restructure / extension restructure / security polish all have specs, no plans yet)
 
 ## What landed on main since the v0.5.0 version bump
 
@@ -111,9 +111,11 @@ Plan: `docs/superpowers/plans/2026-05-30-doc-structure-redesign.md` (all 37 sub-
 
 ### Post-audit cleanup (2026-05-30)
 
-- `STATUS.md` + `ROADMAP.md` synced with three weeks of stealth-shipped work (`72a59c6`)
+- `STATUS.md` + `ROADMAP.md` synced with three weeks of stealth-shipped work (`72a59c6`, `0bde093`)
 - CLAUDE.md gains rule #4 (plan-state hygiene) + doc-structure plan checkboxes ticked retroactively (`cccb7d7`)
 - Vault lock-screen logo: `<img class="brand-logo">` added to `renderLockScreen` for parity with popup unlock view (`39ae629`)
+- Extension test-debt cleared: 17 stale tests (settings + devices + router) updated to match the post-Stream-B + post-revamp components — 371/371 extension + 281 Rust tests green (`797709b`, `c9802ef`, `361f3b4`)
+- v0.6.0 cut: version bumps + CHANGELOG entry covering the full v0.5.x train
 
 ## In progress (uncommitted on main)
 
@@ -122,9 +124,10 @@ Plan: `docs/superpowers/plans/2026-05-30-doc-structure-redesign.md` (all 37 sub-
 
 ## Up next
 
-1. **Cut a tag for the v0.5.x train.** Version bumped to 0.5.0 on 2026-05-04 but never tagged; scope now includes Phase 2B + v0.5.1 Streams A/B/C + 1C-γ + Plan B refactor + management-surfaces revamp + doc-structure redesign. Given the breadth, `v0.6.0` may fit better than `v0.5.1`; user decides. Tagging will also need a CHANGELOG entry covering the train.
+The "Up next" queue at v0.6.0 is the three 2026-05-04 architecture-review specs. Each is specced but has no implementation plan yet — writing a plan is the first move on any of them.
-2. **CLI restructure** (spec `2026-05-04-cli-restructure-design.md`, no plan yet) — subcommand reorganization + interactive TUI mode.
+
-3. **Extension restructure** (spec `2026-05-04-extension-restructure-design.md`, no plan yet) — bundle / message-routing cleanup.
+1. **CLI restructure** (spec `2026-05-04-cli-restructure-design.md`) — subcommand reorganization + interactive TUI mode.
-4. **Security polish** (spec `2026-05-04-security-polish-design.md`, no plan yet) — follow-up security hardening from the architecture review.
+2. **Extension restructure** (spec `2026-05-04-extension-restructure-design.md`) — bundle / message-routing cleanup.
+3. **Security polish** (spec `2026-05-04-security-polish-design.md`) — follow-up security hardening from the architecture review.
 
 See `ROADMAP.md` for the longer arc and `CHANGELOG.md` for tagged-release history (current head: `v0.5.0` entry, dated 2026-05-02 — predates the v0.5.1 train work and will be revised when the next tag cuts).

crates/relicario-cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "relicario-cli"
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
 description = "CLI for relicario password manager"
 license = "GPL-3.0-or-later"

crates/relicario-core/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "relicario-core"
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
 description = "Core library for relicario password manager"
 license = "GPL-3.0-or-later"

crates/relicario-wasm/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "relicario-wasm"
-version = "0.5.0"
+version = "0.6.0"
 edition = "2021"
 description = "WASM bindings for relicario password manager"
 license = "GPL-3.0-or-later"

extension/package.json

@@ -1,6 +1,6 @@
 {
   "name": "relicario-extension",
-  "version": "0.5.0",
+  "version": "0.6.0",
   "private": true,
   "scripts": {
     "build": "webpack --mode production",