chore: release v0.6.0
Rolls up four weeks of post-v0.5.0 work into one tag: - Phase 2B polish foundation + form layout (2026-05-02,5da1e52) - v0.5.1 Stream A — 3-column vault layout + toast + bottom sheet (2026-05-03,c16adc4) - v0.5.1 Stream B — left-nav settings (2026-05-03,bd6a301) - v0.5.1 Stream C — Recovery QR + setup wizard Style C (2026-05-03,934dfe0) - 1C-γ — Document item type + attachments + device registration + trash + history - Plan B refactor (Cycles 1+2) — commands/ split, prompt_or_flag, core/WASM seam - Vault-tab management surfaces revamp (2026-05-24..30) — settings split, devices fingerprint, trash countdown, history polish - Doc-structure redesign (2026-05-30) — DESIGN/CRYPTO/docs/FORMATS rename + scope headers + Next: footers - Lock-screen logo for parity with popup unlock - 17 stale tests updated to match post-Stream-B / post-revamp components Versions: relicario-{core,cli,wasm} → 0.6.0; extension/package.json → 0.6.0. relicario-server stays at 0.1.0 (separate cadence). Suite status at tag time: 371/371 extension + 281 Rust tests green. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
adlee-was-taken
141
CHANGELOG.md
141
CHANGELOG.md
@@ -1,5 +1,146 @@
|
||||
# Changelog
|
||||
|
||||
## v0.6.0 — 2026-05-30
|
||||
|
||||
Rolls up four weeks of post-v0.5.0 work into one tag: the Phase 2B
|
||||
polish foundation, the v0.5.1 train (Streams A/B/C — 3-column vault
|
||||
layout, left-nav settings, Recovery QR), the 1C-γ slice (Document
|
||||
type, attachments, device registration from popup, trash & history
|
||||
UI), the Plan B multi-stream refactor (Cycles 1+2), the vault-tab
|
||||
management surfaces revamp, and the doc-structure redesign. The
|
||||
in-flight scope outgrew the original v0.5.1 plan, so this cuts as a
|
||||
minor bump.
|
||||
|
||||
### Added
|
||||
|
||||
- **Recovery QR — 1-of-2 disaster-recovery path.** `image_secret` is
|
||||
encrypted under an Argon2id-derived key from the passphrase, packed
|
||||
into a 109-byte binary payload (magic `RREC` + version 0x01 + salt
|
||||
+ nonce + AEAD ciphertext), and rendered as a QR code that is never
|
||||
written to disk. Surfaces:
|
||||
- Rust core: `relicario-core/src/recovery_qr.rs` — `generate_recovery_qr` /
|
||||
`unwrap_recovery_qr` / `recovery_qr_to_svg`. Production KDF
|
||||
params (`m=64MiB, t=3, p=4`) live behind a private-fields type so
|
||||
they cannot drift.
|
||||
- WASM: `generate_recovery_qr` / `unwrap_recovery_qr` exported; the
|
||||
session now stashes `image_secret` so the QR can be regenerated
|
||||
without re-running steganography extraction.
|
||||
- CLI: `relicario recovery-qr generate` (TTY render) and
|
||||
`relicario recovery-qr unwrap` subcommands.
|
||||
- Extension: three-state Security settings card (no QR → amber
|
||||
warning; QR exists → green status + show/regenerate; explicit
|
||||
view → modal with print).
|
||||
- Setup wizard: skippable "generate before you go" banner on the
|
||||
final step.
|
||||
- **Document item type.** New typed item for storing a signed document
|
||||
with a primary attachment. Form takes signature + signed-on date;
|
||||
detail view renders a signature-block layout. Wired into the popup
|
||||
add/view/edit dispatchers. Refuses to drop its primary attachment
|
||||
(use `purge` instead).
|
||||
- **Attachments end-to-end.** Service worker uploads attachments via
|
||||
the GitHost putBlob path (GitHub + Gitea Git Data API with fallback);
|
||||
popup attachments-disclosure component handles add/remove/download
|
||||
inside all six item-type forms; `📎` indicator shows on item-list
|
||||
rows that have attachments. Per-vault attachment bytes cap is
|
||||
enforced both at attach-time and during backup restore.
|
||||
- **Device registration from the popup.** "Register this device"
|
||||
triggers an inline name input + WASM keypair generation + persisted
|
||||
device entry — no setup-wizard detour.
|
||||
- **Trash + field-history UI.** Trash view shows per-item purge
|
||||
countdown with restore / per-item purge / empty-all actions.
|
||||
Field-history view groups changes per field with reveal/copy
|
||||
glyph buttons. New top-level item-history-index pane lists every
|
||||
item that has captured history. `#history/<id>` route normalizes
|
||||
the legacy `#field-history/<id>` URL form.
|
||||
- **3-column fullscreen vault tab.** Sidebar (200px, type-category
|
||||
nav) + list (flex) + detail drawer (440px, slides in on row click).
|
||||
Below 720px the drawer pushes the list full-pane. Bottom sheet for
|
||||
"new item" type picker uses a pane-only scrim so the sidebar stays
|
||||
interactive.
|
||||
- **Left-nav settings page.** Replaces the flat settings dump.
|
||||
Sections grouped Device (Autofill, Display — password coloring)
|
||||
vs Vault (Security — Recovery QR + trusted devices, Generator,
|
||||
Retention, Backup, Import). The standalone Devices sidebar entry
|
||||
is subsumed into Security.
|
||||
- **Two-column login form in fullscreen.** Identity (title / URL /
|
||||
group) and Credentials (username / password / TOTP) render as
|
||||
side-by-side glass cards above 720px viewport; single-column at
|
||||
narrow widths. Notes / custom sections / attachments stay full-width
|
||||
below the grid. Sticky save bar at the bottom of the form pane;
|
||||
header shows title + dirty subtitle ("unsaved · esc to cancel" or
|
||||
"no changes") + platform-aware save hint (⌘+S / Ctrl+S).
|
||||
- **Polish vocabulary.** Patina gold palette tokens
|
||||
(`--gold-base` `#a88a4a` replacing the brighter `#d2ab43`),
|
||||
`.surface-backdrop` (subtle radial top-glow + 18px grid texture)
|
||||
applied to popup body / setup body / vault body, `.glass` card
|
||||
class with `backdrop-filter: blur(8px)`, `.btn-primary` /
|
||||
`.btn-secondary` button hierarchy, and `GLYPH_NEXT = '▸'` replacing
|
||||
ASCII `→` in next/continue buttons.
|
||||
- **Vault lock-screen logo.** `<img class="brand-logo">` added to the
|
||||
lock-screen render for parity with the popup unlock view and the
|
||||
setup wizard.
|
||||
- **Setup wizard Style C.** Centered hero card + colored progress
|
||||
track + glyph mode icons, replacing the prior vertical glass-card
|
||||
wizard.
|
||||
- **Toast notification system.** Shared `showToast(message, type,
|
||||
durationMs)` at `extension/src/shared/toast.ts`. Used for sync
|
||||
success/failure, copy confirmation, device registration result.
|
||||
Replaces the ad-hoc `sync-status` div.
|
||||
- **Empty-state treatments.** Popup item list (vault empty / search
|
||||
returns nothing), vault list (section empty) — each gets a centered
|
||||
glyph + headline + hint.
|
||||
- **Per-type glyph icons in popup item rows.** `◉ login`, `◫
|
||||
secure_note`, `⊡ totp`, `▭ card`, `⌬ identity`, `⊹ key`,
|
||||
`≡ document`.
|
||||
|
||||
### Changed
|
||||
|
||||
- **Vault-tab management surfaces revamp (2026-05-24..05-30).**
|
||||
Settings pane splits synced (cross-device via Chrome storage) from
|
||||
local (per-browser) controls and gains a session-timeout UI.
|
||||
Devices pane shows SHA-256 fingerprint + added-by display + inline
|
||||
two-step revoke confirm via glyph button. Trash pane shows per-item
|
||||
purge countdown via `daysUntilPurge`. Field-history pane gets
|
||||
section headers and reveal/copy glyph buttons. New shared
|
||||
utilities: `relative-time.ts` (consolidating five duplicate inline
|
||||
copies), webcrypto `ssh-fingerprint.ts`, shared
|
||||
section-header / glyph-btn / kv-row / fingerprint CSS.
|
||||
- **Emoji sweep.** Every remaining UI emoji replaced with a
|
||||
monochrome glyph constant from `shared/glyphs.ts`. The pop-out
|
||||
button is now `⧉` (U+29C9, `GLYPH_VAULT_TAB`) instead of `⤴`.
|
||||
- **License switched to GPL-3.0-or-later.** Was MIT for the early
|
||||
prototype phase. License headers + `AUTHORS` + crate `Cargo.toml`
|
||||
authors updated.
|
||||
- **AttachmentId expanded to 128 bits with `is_valid` check.**
|
||||
Backup restore now validates IDs (audit I2 / B4).
|
||||
- **Per-vault attachment bytes cap enforced.** Both CLI attach and
|
||||
backup restore (audit I3).
|
||||
|
||||
### Internal
|
||||
|
||||
- **Plan B multi-stream refactor (Cycles 1+2).** CLI `main.rs` split
|
||||
into per-command modules under `crates/relicario-cli/src/commands/`
|
||||
with a shared `git_run` helper. New `prompt_or_flag<T>` and
|
||||
`prompt_or_flag_optional<T>` helpers compress all the `build_*_item`
|
||||
helpers. `Vault::after_manifest_change` wrapper plus a single
|
||||
canonical `ParamsFile` in the session avoid duplicated file-system
|
||||
rebuilds. Core/WASM seam: `base32_decode_lenient`,
|
||||
`parse_month_year`, `guess_mime` exported from WASM; CLI parsers
|
||||
migrated to `relicario-core::parse`. Extracted `base32` module
|
||||
from core, deduplicated two RFC-4648 implementations.
|
||||
- **Doc-structure redesign (2026-05-30).** Renamed `ARCHITECTURE.md`
|
||||
→ `DESIGN.md`, `docs/ARCHITECTURE.md` → `docs/CRYPTO.md`,
|
||||
`FORMATS.md` → `docs/FORMATS.md`. Added scope headers and
|
||||
"Next:" footers to all tour docs so the reading order is canonical.
|
||||
`CLAUDE.md` gains a living-docs table and four discipline rules
|
||||
(scope-boundary check, code-constant pinning, new-doc rule,
|
||||
plan-state hygiene).
|
||||
- **CLI quality-of-life.** `gen` alias for `generate`, `-l`/`-w`
|
||||
short flags, batched purge in `cmd_purge` and `cmd_trash_empty`.
|
||||
- **Workspace audit cycle.** Stale local branches and worktrees
|
||||
pruned. Several plan files moved into `docs/superpowers/audits/`
|
||||
for the record.
|
||||
|
||||
## v0.5.0 — 2026-05-02
|
||||
|
||||
Three release trains roll into one tag — backup/restore + LastPass
|
||||
|
||||
Reference in New Issue
Block a user