diff --git a/CHANGELOG.md b/CHANGELOG.md index cc08dd1..2a78f9d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,146 @@ # Changelog +## v0.6.0 — 2026-05-30 + +Rolls up four weeks of post-v0.5.0 work into one tag: the Phase 2B +polish foundation, the v0.5.1 train (Streams A/B/C — 3-column vault +layout, left-nav settings, Recovery QR), the 1C-γ slice (Document +type, attachments, device registration from popup, trash & history +UI), the Plan B multi-stream refactor (Cycles 1+2), the vault-tab +management surfaces revamp, and the doc-structure redesign. The +in-flight scope outgrew the original v0.5.1 plan, so this cuts as a +minor bump. + +### Added + +- **Recovery QR — 1-of-2 disaster-recovery path.** `image_secret` is + encrypted under an Argon2id-derived key from the passphrase, packed + into a 109-byte binary payload (magic `RREC` + version 0x01 + salt + + nonce + AEAD ciphertext), and rendered as a QR code that is never + written to disk. Surfaces: + - Rust core: `relicario-core/src/recovery_qr.rs` — `generate_recovery_qr` / + `unwrap_recovery_qr` / `recovery_qr_to_svg`. Production KDF + params (`m=64MiB, t=3, p=4`) live behind a private-fields type so + they cannot drift. + - WASM: `generate_recovery_qr` / `unwrap_recovery_qr` exported; the + session now stashes `image_secret` so the QR can be regenerated + without re-running steganography extraction. + - CLI: `relicario recovery-qr generate` (TTY render) and + `relicario recovery-qr unwrap` subcommands. + - Extension: three-state Security settings card (no QR → amber + warning; QR exists → green status + show/regenerate; explicit + view → modal with print). + - Setup wizard: skippable "generate before you go" banner on the + final step. +- **Document item type.** New typed item for storing a signed document + with a primary attachment. Form takes signature + signed-on date; + detail view renders a signature-block layout. Wired into the popup + add/view/edit dispatchers. Refuses to drop its primary attachment + (use `purge` instead). +- **Attachments end-to-end.** Service worker uploads attachments via + the GitHost putBlob path (GitHub + Gitea Git Data API with fallback); + popup attachments-disclosure component handles add/remove/download + inside all six item-type forms; `📎` indicator shows on item-list + rows that have attachments. Per-vault attachment bytes cap is + enforced both at attach-time and during backup restore. +- **Device registration from the popup.** "Register this device" + triggers an inline name input + WASM keypair generation + persisted + device entry — no setup-wizard detour. +- **Trash + field-history UI.** Trash view shows per-item purge + countdown with restore / per-item purge / empty-all actions. + Field-history view groups changes per field with reveal/copy + glyph buttons. New top-level item-history-index pane lists every + item that has captured history. `#history/` route normalizes + the legacy `#field-history/` URL form. +- **3-column fullscreen vault tab.** Sidebar (200px, type-category + nav) + list (flex) + detail drawer (440px, slides in on row click). + Below 720px the drawer pushes the list full-pane. Bottom sheet for + "new item" type picker uses a pane-only scrim so the sidebar stays + interactive. +- **Left-nav settings page.** Replaces the flat settings dump. + Sections grouped Device (Autofill, Display — password coloring) + vs Vault (Security — Recovery QR + trusted devices, Generator, + Retention, Backup, Import). The standalone Devices sidebar entry + is subsumed into Security. +- **Two-column login form in fullscreen.** Identity (title / URL / + group) and Credentials (username / password / TOTP) render as + side-by-side glass cards above 720px viewport; single-column at + narrow widths. Notes / custom sections / attachments stay full-width + below the grid. Sticky save bar at the bottom of the form pane; + header shows title + dirty subtitle ("unsaved · esc to cancel" or + "no changes") + platform-aware save hint (⌘+S / Ctrl+S). +- **Polish vocabulary.** Patina gold palette tokens + (`--gold-base` `#a88a4a` replacing the brighter `#d2ab43`), + `.surface-backdrop` (subtle radial top-glow + 18px grid texture) + applied to popup body / setup body / vault body, `.glass` card + class with `backdrop-filter: blur(8px)`, `.btn-primary` / + `.btn-secondary` button hierarchy, and `GLYPH_NEXT = '▸'` replacing + ASCII `→` in next/continue buttons. +- **Vault lock-screen logo.** `` added to the + lock-screen render for parity with the popup unlock view and the + setup wizard. +- **Setup wizard Style C.** Centered hero card + colored progress + track + glyph mode icons, replacing the prior vertical glass-card + wizard. +- **Toast notification system.** Shared `showToast(message, type, + durationMs)` at `extension/src/shared/toast.ts`. Used for sync + success/failure, copy confirmation, device registration result. + Replaces the ad-hoc `sync-status` div. +- **Empty-state treatments.** Popup item list (vault empty / search + returns nothing), vault list (section empty) — each gets a centered + glyph + headline + hint. +- **Per-type glyph icons in popup item rows.** `◉ login`, `◫ + secure_note`, `⊡ totp`, `▭ card`, `⌬ identity`, `⊹ key`, + `≡ document`. + +### Changed + +- **Vault-tab management surfaces revamp (2026-05-24..05-30).** + Settings pane splits synced (cross-device via Chrome storage) from + local (per-browser) controls and gains a session-timeout UI. + Devices pane shows SHA-256 fingerprint + added-by display + inline + two-step revoke confirm via glyph button. Trash pane shows per-item + purge countdown via `daysUntilPurge`. Field-history pane gets + section headers and reveal/copy glyph buttons. New shared + utilities: `relative-time.ts` (consolidating five duplicate inline + copies), webcrypto `ssh-fingerprint.ts`, shared + section-header / glyph-btn / kv-row / fingerprint CSS. +- **Emoji sweep.** Every remaining UI emoji replaced with a + monochrome glyph constant from `shared/glyphs.ts`. The pop-out + button is now `⧉` (U+29C9, `GLYPH_VAULT_TAB`) instead of `⤴`. +- **License switched to GPL-3.0-or-later.** Was MIT for the early + prototype phase. License headers + `AUTHORS` + crate `Cargo.toml` + authors updated. +- **AttachmentId expanded to 128 bits with `is_valid` check.** + Backup restore now validates IDs (audit I2 / B4). +- **Per-vault attachment bytes cap enforced.** Both CLI attach and + backup restore (audit I3). + +### Internal + +- **Plan B multi-stream refactor (Cycles 1+2).** CLI `main.rs` split + into per-command modules under `crates/relicario-cli/src/commands/` + with a shared `git_run` helper. New `prompt_or_flag` and + `prompt_or_flag_optional` helpers compress all the `build_*_item` + helpers. `Vault::after_manifest_change` wrapper plus a single + canonical `ParamsFile` in the session avoid duplicated file-system + rebuilds. Core/WASM seam: `base32_decode_lenient`, + `parse_month_year`, `guess_mime` exported from WASM; CLI parsers + migrated to `relicario-core::parse`. Extracted `base32` module + from core, deduplicated two RFC-4648 implementations. +- **Doc-structure redesign (2026-05-30).** Renamed `ARCHITECTURE.md` + → `DESIGN.md`, `docs/ARCHITECTURE.md` → `docs/CRYPTO.md`, + `FORMATS.md` → `docs/FORMATS.md`. Added scope headers and + "Next:" footers to all tour docs so the reading order is canonical. + `CLAUDE.md` gains a living-docs table and four discipline rules + (scope-boundary check, code-constant pinning, new-doc rule, + plan-state hygiene). +- **CLI quality-of-life.** `gen` alias for `generate`, `-l`/`-w` + short flags, batched purge in `cmd_purge` and `cmd_trash_empty`. +- **Workspace audit cycle.** Stale local branches and worktrees + pruned. Several plan files moved into `docs/superpowers/audits/` + for the record. + ## v0.5.0 — 2026-05-02 Three release trains roll into one tag — backup/restore + LastPass diff --git a/Cargo.lock b/Cargo.lock index 31d6ba8..7fd0362 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -2156,7 +2156,7 @@ checksum = "dc897dd8d9e8bd1ed8cdad82b5966c3e0ecae09fb1907d58efaa013543185d0a" [[package]] name = "relicario-cli" -version = "0.5.0" +version = "0.6.0" dependencies = [ "anyhow", "arboard", @@ -2185,7 +2185,7 @@ dependencies = [ [[package]] name = "relicario-core" -version = "0.5.0" +version = "0.6.0" dependencies = [ "argon2", "base64", @@ -2231,7 +2231,7 @@ dependencies = [ [[package]] name = "relicario-wasm" -version = "0.5.0" +version = "0.6.0" dependencies = [ "base64", "ed25519-dalek", diff --git a/ROADMAP.md b/ROADMAP.md index 6723536..0fc9f93 100644 --- a/ROADMAP.md +++ b/ROADMAP.md @@ -7,18 +7,14 @@ | Version | Highlights | |---|---| -| v0.5.x train *(on main, untagged — tag pending)* | Security audit fixes; device authentication; backup/restore + LastPass import; fullscreen UX Phases 1+2A+2B; v0.5.1 Streams A/B/C (3-column vault layout + bottom-sheet picker + toast system; left-nav settings; Recovery QR end-to-end + setup wizard Style C); 1C-γ (attachments + Document type + device registration + trash + field history); Plan B multi-stream refactor (commands/ split, prompt_or_flag, core/WASM seam); vault-tab management surfaces revamp (settings synced/local split, devices fingerprint, trash purge countdown, field-history polish, item-history-index, `#history/` routing); doc-structure redesign (rename to DESIGN/CRYPTO/docs/FORMATS, scope headers + Next: footers) | -| v0.2.0 | Last tagged release — typed-item rewrite (Plans 1A/1B/1C-α/β₁/β₂) | +| v0.6.0 *(2026-05-30)* | Security audit fixes; device authentication; backup/restore + LastPass import; fullscreen UX Phases 1+2A+2B; v0.5.1 Streams A/B/C (3-column vault layout + bottom-sheet picker + toast system; left-nav settings; Recovery QR end-to-end + setup wizard Style C); 1C-γ (attachments + Document type + device registration + trash + field history); Plan B multi-stream refactor (commands/ split, prompt_or_flag, core/WASM seam); vault-tab management surfaces revamp (settings synced/local split, devices fingerprint, trash purge countdown, field-history polish, item-history-index, `#history/` routing); doc-structure redesign (rename to DESIGN/CRYPTO/docs/FORMATS, scope headers + Next: footers); GPL-3.0-or-later license | +| v0.2.0 | Typed-item rewrite (Plans 1A/1B/1C-α/β₁/β₂) | See `CHANGELOG.md` for tagged-release detail and `STATUS.md` for the per-train commit list. ## Up next -- **Cut a tag for the v0.5.x train** — version was bumped to 0.5.0 on 2026-05-04 but never tagged; scope now exceeds the original v0.5.0 plan. `v0.5.1` or `v0.6.0` depending on how you read the breadth. Tag-cut needs a `CHANGELOG.md` entry covering Phase 2B + v0.5.1 Streams A/B/C + 1C-γ + Plan B refactor + management-surfaces revamp + doc-structure redesign. - -## Medium-term - -Specced; no plan yet: +All three are specced but have no implementation plan yet. Writing a plan is the first move on any of them. - **CLI restructure** — subcommand reorganization, interactive TUI mode Spec: `docs/superpowers/specs/2026-05-04-cli-restructure-design.md` @@ -26,6 +22,9 @@ Specced; no plan yet: Spec: `docs/superpowers/specs/2026-05-04-extension-restructure-design.md` - **Security polish** — follow-up hardening from the architecture review Spec: `docs/superpowers/specs/2026-05-04-security-polish-design.md` + +## Medium-term + - **Phase 4: command palette** — ⌘K global search + action dispatch across the vault tab (no spec yet) ## Long-term / backlog diff --git a/STATUS.md b/STATUS.md index 063a419..cf932c7 100644 --- a/STATUS.md +++ b/STATUS.md @@ -4,8 +4,8 @@ ## Version -**Last release tagged:** v0.2.0 — the v0.5.x train (crate + extension versions bumped to 0.5.0 in `cf66bd9`, 2026-05-04) is on `main` but **untagged**. The train has accumulated well past the original v0.5.0 scope; ready to tag (`v0.5.1` or `v0.6.0` depending on how you read the breadth). -**Active track:** post-audit cleanup → ready to cut a tag +**Last release tagged:** v0.6.0 — rolled up Phase 2B, v0.5.1 Streams A/B/C, 1C-γ, Plan B refactor (Cycles 1+2), management-surfaces revamp, and the doc-structure redesign into one tag. +**Active track:** picking the next initiative (CLI restructure / extension restructure / security polish all have specs, no plans yet) ## What landed on main since the v0.5.0 version bump @@ -111,9 +111,11 @@ Plan: `docs/superpowers/plans/2026-05-30-doc-structure-redesign.md` (all 37 sub- ### Post-audit cleanup (2026-05-30) -- `STATUS.md` + `ROADMAP.md` synced with three weeks of stealth-shipped work (`72a59c6`) +- `STATUS.md` + `ROADMAP.md` synced with three weeks of stealth-shipped work (`72a59c6`, `0bde093`) - CLAUDE.md gains rule #4 (plan-state hygiene) + doc-structure plan checkboxes ticked retroactively (`cccb7d7`) - Vault lock-screen logo: `` added to `renderLockScreen` for parity with popup unlock view (`39ae629`) +- Extension test-debt cleared: 17 stale tests (settings + devices + router) updated to match the post-Stream-B + post-revamp components — 371/371 extension + 281 Rust tests green (`797709b`, `c9802ef`, `361f3b4`) +- v0.6.0 cut: version bumps + CHANGELOG entry covering the full v0.5.x train ## In progress (uncommitted on main) @@ -122,9 +124,10 @@ Plan: `docs/superpowers/plans/2026-05-30-doc-structure-redesign.md` (all 37 sub- ## Up next -1. **Cut a tag for the v0.5.x train.** Version bumped to 0.5.0 on 2026-05-04 but never tagged; scope now includes Phase 2B + v0.5.1 Streams A/B/C + 1C-γ + Plan B refactor + management-surfaces revamp + doc-structure redesign. Given the breadth, `v0.6.0` may fit better than `v0.5.1`; user decides. Tagging will also need a CHANGELOG entry covering the train. -2. **CLI restructure** (spec `2026-05-04-cli-restructure-design.md`, no plan yet) — subcommand reorganization + interactive TUI mode. -3. **Extension restructure** (spec `2026-05-04-extension-restructure-design.md`, no plan yet) — bundle / message-routing cleanup. -4. **Security polish** (spec `2026-05-04-security-polish-design.md`, no plan yet) — follow-up security hardening from the architecture review. +The "Up next" queue at v0.6.0 is the three 2026-05-04 architecture-review specs. Each is specced but has no implementation plan yet — writing a plan is the first move on any of them. + +1. **CLI restructure** (spec `2026-05-04-cli-restructure-design.md`) — subcommand reorganization + interactive TUI mode. +2. **Extension restructure** (spec `2026-05-04-extension-restructure-design.md`) — bundle / message-routing cleanup. +3. **Security polish** (spec `2026-05-04-security-polish-design.md`) — follow-up security hardening from the architecture review. See `ROADMAP.md` for the longer arc and `CHANGELOG.md` for tagged-release history (current head: `v0.5.0` entry, dated 2026-05-02 — predates the v0.5.1 train work and will be revised when the next tag cuts). diff --git a/crates/relicario-cli/Cargo.toml b/crates/relicario-cli/Cargo.toml index 99ce10e..7dfcd82 100644 --- a/crates/relicario-cli/Cargo.toml +++ b/crates/relicario-cli/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "relicario-cli" -version = "0.5.0" +version = "0.6.0" edition = "2021" description = "CLI for relicario password manager" license = "GPL-3.0-or-later" diff --git a/crates/relicario-core/Cargo.toml b/crates/relicario-core/Cargo.toml index ba6230d..273dd34 100644 --- a/crates/relicario-core/Cargo.toml +++ b/crates/relicario-core/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "relicario-core" -version = "0.5.0" +version = "0.6.0" edition = "2021" description = "Core library for relicario password manager" license = "GPL-3.0-or-later" diff --git a/crates/relicario-wasm/Cargo.toml b/crates/relicario-wasm/Cargo.toml index 727edf9..6fa49ef 100644 --- a/crates/relicario-wasm/Cargo.toml +++ b/crates/relicario-wasm/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "relicario-wasm" -version = "0.5.0" +version = "0.6.0" edition = "2021" description = "WASM bindings for relicario password manager" license = "GPL-3.0-or-later" diff --git a/extension/package.json b/extension/package.json index 6cfc50e..792d9b7 100644 --- a/extension/package.json +++ b/extension/package.json @@ -1,6 +1,6 @@ { "name": "relicario-extension", - "version": "0.5.0", + "version": "0.6.0", "private": true, "scripts": { "build": "webpack --mode production",