alee/relicario
1
0
Fork 0
Code Issues Pull Requests 8 Actions Packages Projects Releases Wiki Activity

release: v0.8.1 — org item-type parity + collection-scoped attachments

Browse Source
This commit is contained in:
adlee-was-taken
2026-06-20 22:24:22 -04:00
parent 783e3493f0
commit c5e01c2093
5 changed files with 57 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
CHANGELOG.md
View File

@@ -1,5 +1,56 @@
# Changelog # Changelog
## v0.8.1 — 2026-06-20 — org item-type parity + collection-scoped attachments
Brings `relicario org add` / `relicario org edit` to **full item-type parity** with the
personal vault: the org surface now supports **all 7 item types** (previously Login /
SecureNote / Identity only), adds collection-scoped attachment storage for Document
items, and grant-scopes attachment write paths in the pre-receive hook — closing a latent
authorization gap. Secrets are entered via interactive prompts by default, with `--*-stdin`
escape hatches for non-interactive scripting. Tracked under
`docs/superpowers/plans/2026-06-20-relicario-v0.8.1-parity.md`.
> **⚠️ Coordinated server redeploy required.** The `relicario-server` pre-receive hook
> (now `0.1.1`) must be rebuilt and redeployed for attachment writes to be grant-scoped in
> production. Until the updated hook is installed, `attachments/…` pushes remain
> `Unrestricted` (gated only by the per-commit member-signature check).
### Added
- **Shared `item_build` CLI module** (`crates/relicario-cli/src/commands/item_build.rs`):
centralizes per-type secret resolution, item builders (`build_*`), and interactive edit
helpers (`edit_*`) consumed by **both** the personal and org command surfaces, eliminating
the prior personal↔org builder duplication.
- **Org `add` / `edit` parity for Card, Key, TOTP, and Document** — `relicario org add` now
creates all 7 item types; `relicario org edit` is interactive per-type ("blank to keep",
field-history capture) instead of flat flags.
- **`--*-stdin` secret flags** on personal and org `add` for non-interactive entry of
passwords, card number/CVV/PIN, key material, TOTP secrets, and note bodies.
- **Collection-scoped org attachment storage** (`crates/relicario-cli/src/org_session.rs`):
attachments stored at `attachments/<slug>/<item-id>/<att-id>.enc` with a default
per-attachment cap (10 MiB, mirroring the personal default at
`crates/relicario-core/src/settings.rs`). `org add document --file`, `org edit --file`
(replace), and `org purge` (removes the item's attachment directory) round-trip with
git-status-clean staging.
### Security
- **Grant-scoped attachment writes** (`relicario-server` `0.1.1`): `classify_path` now
recognizes `attachments/<slug>/<item-id>/<att-id>.enc` (exactly 3 path segments, `.`-free
slug guard) as `Item { collection }`, bringing attachment writes under the same grant +
slug-existence check as `items/` blobs. Previously such paths fell through to
`Unrestricted`. The Document source plaintext is read into a `Zeroizing` buffer and wiped
after encryption. See `docs/SECURITY.md`.
### Changed
- Personal `add secure-note` `--body-prompt` flag renamed to `--body-stdin` (unified
multiline-secret model).
### Docs
- Updated cli `ARCHITECTURE.md`, `docs/FORMATS.md` (org attachment layout + cap citation),
`docs/SECURITY.md`, `STATUS.md`, and `ROADMAP.md`. New
`docs/superpowers/specs/2026-06-20-extension-cli-parity-gap-analysis.md` is the forward
plan for extension↔CLI parity (org read/write plus a cluster of personal-side extension
gaps). End-user `user_docs/` guide lands as a fast-follow.
## v0.8.0 — 2026-06-20 — enterprise org vault ## v0.8.0 — 2026-06-20 — enterprise org vault
Git-native multi-user **org vaults**: a separate org git repository alongside each Git-native multi-user **org vaults**: a separate org git repository alongside each

6
Cargo.lock generated
View File

@@ -2156,7 +2156,7 @@ checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a"
[[package]] [[package]]
name = "relicario-cli" name = "relicario-cli"
version = "0.8.0" version = "0.8.1"
dependencies = [ dependencies = [
"anyhow", "anyhow",
"arboard", "arboard",
@@ -2188,7 +2188,7 @@ dependencies = [
[[package]] [[package]]
name = "relicario-core" name = "relicario-core"
version = "0.8.0" version = "0.8.1"
dependencies = [ dependencies = [
"argon2", "argon2",
"base64", "base64",
@@ -2235,7 +2235,7 @@ dependencies = [
[[package]] [[package]]
name = "relicario-wasm" name = "relicario-wasm"
version = "0.8.0" version = "0.8.1"
dependencies = [ dependencies = [
"base64", "base64",
"ed25519-dalek", "ed25519-dalek",

2
crates/relicario-cli/Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "relicario-cli" name = "relicario-cli"
version = "0.8.0" version = "0.8.1"
edition = "2021" edition = "2021"
description = "CLI for relicario password manager" description = "CLI for relicario password manager"
license = "GPL-3.0-or-later" license = "GPL-3.0-or-later"

2
crates/relicario-core/Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "relicario-core" name = "relicario-core"
version = "0.8.0" version = "0.8.1"
edition = "2021" edition = "2021"
description = "Core library for relicario password manager" description = "Core library for relicario password manager"
license = "GPL-3.0-or-later" license = "GPL-3.0-or-later"

2
crates/relicario-wasm/Cargo.toml
View File

@@ -1,6 +1,6 @@
[package] [package]
name = "relicario-wasm" name = "relicario-wasm"
version = "0.8.0" version = "0.8.1"
edition = "2021" edition = "2021"
description = "WASM bindings for relicario password manager" description = "WASM bindings for relicario password manager"
license = "GPL-3.0-or-later" license = "GPL-3.0-or-later"