docs(cli): document v0.8.1 org item-type parity surface in ARCHITECTURE.md

- org.rs bullet: full Card/Key/Document/Totp org add/edit parity via the
  shared item_build builders + edit helpers; interactive per-type edit;
  --*-stdin secret convention; purge removes attachments. Replaces the stale
  'Login/SecureNote/Identity only' + flag-driven-edit + deferred text.
- org_session.rs bullet: collection-scoped attachment storage (attachment_path/
  save/load/remove + DEFAULT_ORG_ATTACHMENT_MAX_BYTES).
- main.rs bullet: OrgCommands + OrgAddKind clap surface.

Source-line citations pinned per the code-constant-pinning discipline.

Cargo.lock

@@ -2220,7 +2220,7 @@ dependencies = [
 
 [[package]]
 name = "relicario-server"
-version = "0.1.0"
+version = "0.1.1"
 dependencies = [
  "anyhow",
  "assert_cmd",

crates/relicario-cli/ARCHITECTURE.md

@@ -24,7 +24,10 @@ under `src/commands/`. Each source file has one job.
 - **`src/main.rs`** (`main.rs:1-492`) — clap surface and the flat dispatcher.
   Owns the top-level `Cli` / `Commands` enum and every subcommand enum
   (`AddKind`, `TrashAction`, `SettingsAction`, `BackupAction`, `ImportAction`,
-  `DeviceAction`, `RecoveryQrCmd`). `main()` is a single `match` that
+  `DeviceAction`, `RecoveryQrCmd`), plus the org clap surface `OrgCommands`
+  (`main.rs:448`) and `OrgAddKind` (`main.rs:556`) — the latter's Card / Key /
+  Document / Totp variants carry `--collection` and the `--*-stdin` secret flags.
+  `main()` is a single `match` that
   delegates each variant to `commands::<verb>::cmd_<verb>(...)`. Also owns the
   three test-only env-var hooks (`test_passphrase_override`,
   `test_item_secret_override`, `test_backup_passphrase_override`) — each is
@@ -94,7 +97,14 @@ under `src/commands/`. Each source file has one job.
   (`items/<collection-slug>/<id>.enc` — the leading slug is what the pre-receive
   hook authorizes against, never decrypting), fingerprint-based member matching
   (`relicario_core::fingerprint`, tolerant of OpenSSH whitespace/comment
-  differences), `atomic_write`, and `org_git_run`. Note `org_git_run` runs
+  differences), `atomic_write`, and `org_git_run`. As of v0.8.1 it also owns
+  **collection-scoped attachment storage** — `attachment_path` /
+  `save_attachment` / `load_attachment` / `remove_item_attachments`
+  (`org_session.rs:125-157`) at layout
+  `attachments/<collection-slug>/<item-id>/<att-id>.enc` (the same leading slug
+  the pre-receive hook authorizes against as for `item_path`), capped
+  per-attachment by `DEFAULT_ORG_ATTACHMENT_MAX_BYTES` (10 MiB,
+  `org_session.rs:20`). Note `org_git_run` runs
   **bare git** — unlike `helpers::git_run` it does NOT inject
   `commit.gpgsign=false`, because org commits MUST be signed (the hook verifies
   every commit's signature); signing config is established by
@@ -111,19 +121,38 @@ under `src/commands/`. Each source file has one job.
   concurrent-rotation abort), `transfer-ownership`, `delete-org`, `status` /
   `audit` (verified-signer attribution + `TAMPERED` flag).
 
-  *Item CRUD (7):* `org add` creates typed items via `OrgAddKind`
+  *Item CRUD (7):* full item-type parity with the personal vault (v0.8.1).
-  (`commands/org.rs:749`) — **Login / SecureNote / Identity only**; Card /
+  `org add` creates **all seven types** (Login / SecureNote / Identity / Card /
-  SshKey / Document / Totp creation is a deferred follow-up. `get` / `list` can
+  Key / Document / Totp) via `OrgAddKind` (`commands/org.rs:751`); each arm
-  display any item type if present. `org get <query> [--show]` masks secrets
+  delegates to the shared `item_build::build_*` builders through `build_org_item`
-  unless `--show`; `org list [--trashed]` filters by the caller's collection
+  (`commands/org.rs:799`), and `run_add` (`commands/org.rs:823`) sets tags
-  grants; `org edit <query>` is flag-driven (blank flags keep current values);
+  post-build. Document is special-cased in `run_add` (`commands/org.rs:839`): its
-  `org rm` soft-deletes, `org restore` undoes, `org purge` permanently removes
+  builder also yields an `EncryptedAttachment` that is written via
-  the encrypted blob. All item ops are collection-scoped and grant-enforced. The
+  `save_attachment` and git-staged before the signed commit. Single-line secrets
-  audit trail emits `item-create` / `item-update` / `item-delete` /
+  (card number/CVV/PIN, TOTP secret, login password) accept a `--*-stdin` flag;
-  `item-restore` / `item-purge`.
+  multiline secrets (Key material, SecureNote body) read stdin to EOF — the same
+  `resolve_secret_line` / `resolve_secret_multiline` convention as personal `add`
+  (`commands/item_build.rs`).
 
-  Deferred: Card / SshKey / Document / Totp `org add` / `edit` parity;
+  `org edit <query>` (`run_edit`, `commands/org.rs:1004`) is **interactive
-  extension org reads and writes (Dev-D).
+  per-type** as of v0.8.1 (it was flag-driven before): it prompts Title, then
+  dispatches on `&mut item.core` to the shared `item_build::edit_*` helpers
+  ("blank keeps current", field-history capture via `push_history`), mirroring
+  personal `cmd_edit`. `--totp-qr` sets a Login TOTP from a QR image; `--file`
+  replaces a Document's primary attachment (`commands/org.rs:1039`, rejected for
+  non-Document items at `commands/org.rs:1018`). The edit commit carries
+  `Relicario-Action: item-update`.
+
+  `org get <query> [--show]` masks every secret unless `--show`; `org list
+  [--trashed]` filters by the caller's collection grants; `org rm` soft-deletes,
+  `org restore` undoes, `org purge` (`run_purge`, `commands/org.rs:1164`)
+  permanently removes the encrypted blob **and** the item's attachment directory
+  (`remove_item_attachments`, `commands/org.rs:1173`). All item ops are
+  collection-scoped and grant-enforced (`filter_for_member` over the manifest +
+  `ensure_grant` before any load/mutate). The audit trail emits `item-create` /
+  `item-update` / `item-delete` / `item-restore` / `item-purge`.
+
+  Deferred: extension org reads and writes (Plan B-2 / phase 2).
 
 - **`src/helpers.rs`** (`helpers.rs:1-101`) — pure, no-state plumbing:
   `find_vault_dir_from` (`helpers.rs:14-28`) walks up parent directories

crates/relicario-cli/src/commands/org.rs

@@ -6,12 +6,13 @@ use std::path::Path;
 use anyhow::{Context, Result};
 use relicario_core::{
     generate_org_key, wrap_org_key,
-    CollectionDef, Item, ItemCore, MemberId, OrgCollections, OrgManifest, OrgMembers, OrgMeta,
+    CollectionDef, Item, MemberId, OrgCollections, OrgManifest, OrgMembers, OrgMeta,
     OrgRole, OrgMember,
     encrypt_org_manifest,
 };
 
 use crate::org_session::atomic_write;
+use crate::commands::item_build as ib;
 
 pub fn run_init(dir: &Path, name: &str) -> Result<()> {
     // Create directory structure
@@ -745,17 +746,20 @@ pub fn run_audit(
     Ok(())
 }
 
-/// Item kinds `org add` supports without interactive prompts.
+/// Item kinds `org add` supports. Secrets resolve via `--*-stdin` flags or an
+/// interactive prompt inside the shared `item_build` builders.
 pub enum OrgAddKind {
     Login {
         title: String,
         username: Option<String>,
         url: Option<String>,
         password: Option<String>,
+        password_stdin: bool,
     },
     SecureNote {
         title: String,
-        body: String,
+        body: Option<String>,
+        body_stdin: bool,
     },
     Identity {
         title: String,
@@ -763,43 +767,57 @@ pub enum OrgAddKind {
         email: Option<String>,
         phone: Option<String>,
     },
+    Card {
+        title: String,
+        holder: Option<String>,
+        expiry: Option<String>,
+        kind: String,
+        number_stdin: bool,
+        cvv_stdin: bool,
+        pin_stdin: bool,
+    },
+    Key {
+        title: String,
+        label: Option<String>,
+        algorithm: Option<String>,
+        public_key: Option<String>,
+        material_stdin: bool,
+    },
+    Totp {
+        title: String,
+        issuer: Option<String>,
+        label: Option<String>,
+        secret: Option<String>,
+        secret_stdin: bool,
+        period: u32,
+        digits: u8,
+        algorithm: String,
+    },
+    Document { title: String, file: std::path::PathBuf },
 }
 
-fn build_org_item(kind: OrgAddKind, tags: Vec<String>) -> Result<Item> {
+fn build_org_item(kind: OrgAddKind) -> Result<Item> {
-    use relicario_core::item_types::{IdentityCore, LoginCore, SecureNoteCore};
+    match kind {
-    use zeroize::Zeroizing;
+        OrgAddKind::Login { title, username, url, password, password_stdin } => {
-
+            ib::build_login(title, username, url, password, password_stdin, false, None)
-    let mut item = match kind {
-        OrgAddKind::Login { title, username, url, password } => {
-            let parsed_url = match url {
-                Some(s) => Some(url::Url::parse(&s).with_context(|| format!("invalid URL: {s}"))?),
-                None => None,
-            };
-            let password = password.map(Zeroizing::new);
-            Item::new(title, ItemCore::Login(LoginCore {
-                username,
-                password,
-                url: parsed_url,
-                totp: None,
-            }))
         }
-        OrgAddKind::SecureNote { title, body } => {
+        OrgAddKind::SecureNote { title, body, body_stdin } => {
-            Item::new(title, ItemCore::SecureNote(SecureNoteCore {
+            ib::build_secure_note(title, body, body_stdin)
-                body: Zeroizing::new(body),
-            }))
         }
         OrgAddKind::Identity { title, full_name, email, phone } => {
-            Item::new(title, ItemCore::Identity(IdentityCore {
+            ib::build_identity(title, full_name, email, phone, None)
-                full_name,
+        }
-                address: None,
+        OrgAddKind::Card { title, holder, expiry, kind, number_stdin, cvv_stdin, pin_stdin } => {
-                phone,
+            ib::build_card(title, holder, expiry, &kind, number_stdin, cvv_stdin, pin_stdin)
-                email,
+        }
-                date_of_birth: None,
+        OrgAddKind::Key { title, label, algorithm, public_key, material_stdin } => {
-            }))
+            ib::build_key(title, label, algorithm, public_key, material_stdin)
+        }
+        OrgAddKind::Totp { title, issuer, label, secret, secret_stdin, period, digits, algorithm } => {
+            ib::build_totp(title, issuer, label, secret, secret_stdin, period, digits, &algorithm)
+        }
+        OrgAddKind::Document { .. } => unreachable!("Document handled in run_add before build_org_item"),
     }
-    };
-    item.tags = tags;
-    Ok(item)
 }
 
 pub fn run_add(dir: &Path, collection: &str, kind: OrgAddKind, tags: Vec<String>) -> Result<()> {
@@ -816,7 +834,17 @@ pub fn run_add(dir: &Path, collection: &str, kind: OrgAddKind, tags: Vec<String>
     // …and the caller must hold a grant for it.
     UnlockedOrgVault::ensure_grant(&caller, collection)?;
 
-    let item = build_org_item(kind, tags)?;
+    // Build the item; Document additionally yields an encrypted attachment to persist.
+    let (mut item, attachment_rel): (relicario_core::Item, Option<String>) = match kind {
+        OrgAddKind::Document { title, file } => {
+            let (item, enc) = ib::build_document(
+                title, file, vault.key(), crate::org_session::DEFAULT_ORG_ATTACHMENT_MAX_BYTES)?;
+            let rel = vault.save_attachment(collection, &item.id, &enc)?;
+            (item, Some(rel))
+        }
+        other => (build_org_item(other)?, None),
+    };
+    item.tags = tags;
     let item_rel = vault.save_item(collection, &item)?;
 
     // Upsert the manifest entry (collection slug stored plaintext inside the
@@ -837,11 +865,11 @@ pub fn run_add(dir: &Path, collection: &str, kind: OrgAddKind, tags: Vec<String>
         collection,
         item.id.as_str()
     );
-    crate::org_session::org_git_run(
+    let mut add_args: Vec<&str> = vec!["add", &item_rel, "manifest.enc"];
-        &vault.root,
+    if let Some(ref rel) = attachment_rel {
-        &["add", &item_rel, "manifest.enc"],
+        add_args.insert(1, rel);
-        "org add: git add",
+    }
-    )?;
+    crate::org_session::org_git_run(&vault.root, &add_args, "org add: git add")?;
     crate::org_session::org_git_run(&vault.root, &["commit", "-m", &commit_msg], "org add: git commit")?;
 
     println!("Added {} ({}) to `{}`", item.title, item.id.as_str(), collection);
@@ -973,21 +1001,9 @@ fn resolve_org_query<'a>(
     }
 }
 
-pub fn run_edit(
+pub fn run_edit(dir: &Path, query: &str, totp_qr: Option<std::path::PathBuf>, file: Option<std::path::PathBuf>) -> Result<()> {
-    dir: &Path,
-    query: &str,
-    title: Option<String>,
-    username: Option<String>,
-    url: Option<String>,
-    password: Option<String>,
-    body: Option<String>,
-    email: Option<String>,
-    phone: Option<String>,
-    full_name: Option<String>,
-) -> Result<()> {
     use relicario_core::time::now_unix;
     use relicario_core::ItemCore;
-    use zeroize::Zeroizing;
 
     let vault = crate::org_session::open_org_vault(Some(dir))?;
     let caller = vault.current_member()?;
@@ -999,31 +1015,63 @@ pub fn run_edit(
     crate::org_session::UnlockedOrgVault::ensure_grant(&caller, &collection)?;
 
     let mut item = vault.load_item(&collection, &id)?;
+    if file.is_some() && !matches!(item.core, ItemCore::Document(_)) {
+        anyhow::bail!("--file is only valid when editing a Document item");
+    }
+    eprintln!(
+        "Editing: {} ({}) — leave a prompt blank to keep the current value.",
+        item.title,
+        item.id.as_str()
+    );
+    if let Some(v) = crate::prompt::prompt_keep("Title", &item.title)? {
+        item.title = v;
+    }
 
-    if let Some(t) = title { item.title = t; }
+    let history = &mut item.field_history;
-
+    let mut doc_attachment_rel: Option<String> = None;
+    let mut new_doc_attachments: Option<Vec<relicario_core::AttachmentRef>> = None;
     match &mut item.core {
-        ItemCore::Login(l) => {
+        ItemCore::Login(l) => ib::edit_login(l, history, totp_qr)?,
-            if let Some(u) = username { l.username = Some(u); }
+        ItemCore::SecureNote(n) => ib::edit_secure_note(n, history)?,
-            if let Some(u) = url {
+        ItemCore::Identity(i) => ib::edit_identity(i)?,
-                l.url = Some(url::Url::parse(&u).with_context(|| format!("invalid URL: {u}"))?);
+        ItemCore::Card(c) => ib::edit_card(c, history)?,
+        ItemCore::Key(k) => ib::edit_key(k, history)?,
+        ItemCore::Document(d) => {
+            if let Some(path) = &file {
+                let bytes = std::fs::read(path)
+                    .with_context(|| format!("read {}", path.display()))?;
+                let enc = relicario_core::encrypt_attachment(
+                    &bytes, vault.key(), crate::org_session::DEFAULT_ORG_ATTACHMENT_MAX_BYTES)?;
+                vault.remove_item_attachments(&collection, &id)?;
+                let rel = vault.save_attachment(&collection, &id, &enc)?;
+                let filename = path
+                    .file_name()
+                    .ok_or_else(|| anyhow::anyhow!("file path has no filename: {}", path.display()))?
+                    .to_string_lossy()
+                    .into_owned();
+                d.mime_type = crate::parse::guess_mime(&filename);
+                d.primary_attachment = enc.id.clone();
+                d.filename = filename.clone();
+                new_doc_attachments = Some(vec![relicario_core::AttachmentRef {
+                    id: enc.id,
+                    filename,
+                    mime_type: d.mime_type.clone(),
+                    size: bytes.len() as u64,
+                    created: now_unix(),
+                }]);
+                doc_attachment_rel = Some(rel);
+            } else {
+                ib::edit_document_message();
             }
-            if let Some(p) = password { l.password = Some(Zeroizing::new(p)); }
         }
-        ItemCore::SecureNote(n) => {
+        ItemCore::Totp(t) => ib::edit_totp(t, history)?,
-            if let Some(b) = body { n.body = Zeroizing::new(b); }
     }
-        ItemCore::Identity(i) => {
+    if let Some(atts) = new_doc_attachments {
-            if let Some(v) = full_name { i.full_name = Some(v); }
+        item.attachments = atts;
-            if let Some(v) = email { i.email = Some(v); }
-            if let Some(v) = phone { i.phone = Some(v); }
-        }
-        _ => anyhow::bail!("org edit currently supports login, secure-note, and identity items"),
     }
 
     item.modified = now_unix();
     let item_rel = vault.save_item(&collection, &item)?;
-
     let mut manifest = vault.load_manifest()?;
     upsert_org_entry(&mut manifest, &item, &collection);
     vault.save_manifest(&manifest)?;
@@ -1035,12 +1083,20 @@ pub fn run_edit(
     );
     let commit_msg = format!(
         "{subject}\n\nRelicario-Actor: {} {}\nRelicario-Action: item-update\nRelicario-Collection: {}\nRelicario-Item: {}",
-        caller.display_name, caller.member_id.as_str(), collection, item.id.as_str()
+        caller.display_name,
+        caller.member_id.as_str(),
+        collection,
+        item.id.as_str()
     );
-    crate::org_session::org_git_run(&vault.root, &["add", &item_rel, "manifest.enc"], "org edit: git add")?;
+    let mut add_args: Vec<&str> = vec!["add", &item_rel, "manifest.enc"];
+    let att_dir_rel;
+    if doc_attachment_rel.is_some() {
+        att_dir_rel = format!("attachments/{}/{}", collection, id.as_str());
+        add_args.push(&att_dir_rel);
+    }
+    crate::org_session::org_git_run(&vault.root, &add_args, "org edit: git add")?;
     crate::org_session::org_git_run(&vault.root, &["commit", "-m", &commit_msg], "org edit: git commit")?;
-
+    println!("Updated {} ({}) in `{}`", item.title, item.id.as_str(), collection);
-    println!("Updated {}", item.id.as_str());
     Ok(())
 }
 
@@ -1114,12 +1170,14 @@ pub fn run_purge(dir: &Path, query: &str) -> Result<()> {
 
     // Remove the blob from disk, drop the manifest entry, stage with git rm.
     vault.remove_item(&collection, &id)?;
+    vault.remove_item_attachments(&collection, &id)?;
     let mut manifest = vault.load_manifest()?;
     manifest.entries.retain(|e| e.id != id);
     vault.save_manifest(&manifest)?;
 
     let item_rel = format!("items/{}/{}.enc", collection, id.as_str());
-    crate::helpers::git_rm(&vault.root, &[item_rel], "org purge: git rm")?;
+    let att_dir_rel = format!("attachments/{}/{}", collection, id.as_str());
+    crate::helpers::git_rm(&vault.root, &[item_rel, att_dir_rel], "org purge: git rm")?;
     crate::org_session::org_git_run(&vault.root, &["add", "manifest.enc"], "org purge: git add manifest")?;
 
     let commit_msg = format!(

crates/relicario-cli/src/main.rs

@@ -535,18 +535,14 @@ pub(crate) enum OrgCommands {
     List {
         #[arg(long)] trashed: bool,
     },
-    /// Edit an org item's fields (flag-driven; blank flags keep current values).
+    /// Edit an org item interactively (per-type prompts; blank keeps current).
     Edit {
         /// Item id or case-insensitive title substring.
         query: String,
-        #[arg(long)] title: Option<String>,
+        /// Replace the login TOTP secret from a QR image.
-        #[arg(long)] username: Option<String>,
+        #[arg(long)] totp_qr: Option<std::path::PathBuf>,
-        #[arg(long)] url: Option<String>,
+        /// Replace a Document item's attachment file.
-        #[arg(long)] password: Option<String>,
+        #[arg(long)] file: Option<std::path::PathBuf>,
-        #[arg(long)] body: Option<String>,
-        #[arg(long)] email: Option<String>,
-        #[arg(long)] phone: Option<String>,
-        #[arg(long)] full_name: Option<String>,
     },
     /// Soft-delete an org item (reversible via `org restore`).
     Rm { query: String },
@@ -566,13 +562,15 @@ pub(crate) enum OrgAddKind {
         #[arg(long)] url: Option<String>,
         #[arg(long)] password: Option<String>,
         #[arg(long, value_delimiter = ',')] tags: Vec<String>,
+        #[arg(long)] password_stdin: bool,
     },
     /// A secure note.
     SecureNote {
         #[arg(long)] collection: String,
         #[arg(long)] title: String,
-        #[arg(long)] body: String,
+        #[arg(long)] body: Option<String>,
         #[arg(long, value_delimiter = ',')] tags: Vec<String>,
+        #[arg(long)] body_stdin: bool,
     },
     /// An identity record.
     Identity {
@@ -583,6 +581,48 @@ pub(crate) enum OrgAddKind {
         #[arg(long)] phone: Option<String>,
         #[arg(long, value_delimiter = ',')] tags: Vec<String>,
     },
+    /// A payment card (number / cvv / pin entered via --*-stdin or prompt).
+    Card {
+        #[arg(long)] collection: String,
+        #[arg(long)] title: String,
+        #[arg(long)] holder: Option<String>,
+        #[arg(long)] expiry: Option<String>,
+        #[arg(long, default_value = "credit")] kind: String,
+        #[arg(long, value_delimiter = ',')] tags: Vec<String>,
+        #[arg(long)] number_stdin: bool,
+        #[arg(long)] cvv_stdin: bool,
+        #[arg(long)] pin_stdin: bool,
+    },
+    /// A key / credential blob (material entered via --material-stdin or prompt).
+    Key {
+        #[arg(long)] collection: String,
+        #[arg(long)] title: String,
+        #[arg(long)] label: Option<String>,
+        #[arg(long)] algorithm: Option<String>,
+        #[arg(long)] public_key: Option<String>,
+        #[arg(long, value_delimiter = ',')] tags: Vec<String>,
+        #[arg(long)] material_stdin: bool,
+    },
+    /// A TOTP authenticator (base32 secret via --secret or --secret-stdin).
+    Totp {
+        #[arg(long)] collection: String,
+        #[arg(long)] title: String,
+        #[arg(long)] issuer: Option<String>,
+        #[arg(long)] label: Option<String>,
+        #[arg(long)] secret: Option<String>,
+        #[arg(long, default_value_t = 30)] period: u32,
+        #[arg(long, default_value_t = 6)] digits: u8,
+        #[arg(long, default_value = "sha1")] algorithm: String,
+        #[arg(long, value_delimiter = ',')] tags: Vec<String>,
+        #[arg(long)] secret_stdin: bool,
+    },
+    /// A document (file payload encrypted into a collection-scoped attachment).
+    Document {
+        #[arg(long)] collection: String,
+        #[arg(long)] title: String,
+        #[arg(long)] file: std::path::PathBuf,
+        #[arg(long, value_delimiter = ',')] tags: Vec<String>,
+    },
 }
 
 fn main() -> Result<()> {
@@ -676,14 +716,14 @@ fn main() -> Result<()> {
                 OrgCommands::Add { kind } => {
                     let d = crate::org_session::org_dir(dir_path)?;
                     let (collection, add_kind, tags) = match kind {
-                        OrgAddKind::Login { collection, title, username, url, password, tags } => (
+                        OrgAddKind::Login { collection, title, username, url, password, tags, password_stdin } => (
                             collection,
-                            commands::org::OrgAddKind::Login { title, username, url, password },
+                            commands::org::OrgAddKind::Login { title, username, url, password, password_stdin },
                             tags,
                         ),
-                        OrgAddKind::SecureNote { collection, title, body, tags } => (
+                        OrgAddKind::SecureNote { collection, title, body, tags, body_stdin } => (
                             collection,
-                            commands::org::OrgAddKind::SecureNote { title, body },
+                            commands::org::OrgAddKind::SecureNote { title, body, body_stdin },
                             tags,
                         ),
                         OrgAddKind::Identity { collection, title, full_name, email, phone, tags } => (
@@ -691,6 +731,26 @@ fn main() -> Result<()> {
                             commands::org::OrgAddKind::Identity { title, full_name, email, phone },
                             tags,
                         ),
+                        OrgAddKind::Card { collection, title, holder, expiry, kind, tags, number_stdin, cvv_stdin, pin_stdin } => (
+                            collection,
+                            commands::org::OrgAddKind::Card { title, holder, expiry, kind, number_stdin, cvv_stdin, pin_stdin },
+                            tags,
+                        ),
+                        OrgAddKind::Key { collection, title, label, algorithm, public_key, tags, material_stdin } => (
+                            collection,
+                            commands::org::OrgAddKind::Key { title, label, algorithm, public_key, material_stdin },
+                            tags,
+                        ),
+                        OrgAddKind::Totp { collection, title, issuer, label, secret, period, digits, algorithm, tags, secret_stdin } => (
+                            collection,
+                            commands::org::OrgAddKind::Totp { title, issuer, label, secret, secret_stdin, period, digits, algorithm },
+                            tags,
+                        ),
+                        OrgAddKind::Document { collection, title, file, tags } => (
+                            collection,
+                            commands::org::OrgAddKind::Document { title, file },
+                            tags,
+                        ),
                     };
                     commands::org::run_add(&d, &collection, add_kind, tags)?;
                 }
@@ -702,9 +762,9 @@ fn main() -> Result<()> {
                     let d = crate::org_session::org_dir(dir_path)?;
                     commands::org::run_list(&d, trashed)?;
                 }
-                OrgCommands::Edit { query, title, username, url, password, body, email, phone, full_name } => {
+                OrgCommands::Edit { query, totp_qr, file } => {
                     let d = crate::org_session::org_dir(dir_path)?;
-                    commands::org::run_edit(&d, &query, title, username, url, password, body, email, phone, full_name)?;
+                    commands::org::run_edit(&d, &query, totp_qr, file)?;
                 }
                 OrgCommands::Rm { query } => {
                     let d = crate::org_session::org_dir(dir_path)?;

crates/relicario-cli/src/org_session.rs

@@ -9,9 +9,16 @@ use zeroize::Zeroizing;
 
 use relicario_core::{
     decrypt_item, decrypt_org_manifest, encrypt_item, encrypt_org_manifest,
-    Item, ItemId, MemberId, OrgCollections, OrgManifest, OrgMember, OrgMembers, OrgMeta,
+    AttachmentId, EncryptedAttachment, Item, ItemId, MemberId, OrgCollections, OrgManifest,
+    OrgMember, OrgMembers, OrgMeta,
 };
 
+/// Default per-attachment cap for org vaults. Org vaults have no settings.enc,
+/// so this mirrors the personal-vault default
+/// `AttachmentCaps::per_attachment_max_bytes` at
+/// crates/relicario-core/src/settings.rs:116.
+pub const DEFAULT_ORG_ATTACHMENT_MAX_BYTES: u64 = 10 * 1024 * 1024;
+
 pub struct UnlockedOrgVault {
     pub root: PathBuf,
     pub org_key: Zeroizing<[u8; 32]>,
@@ -115,6 +122,40 @@ impl UnlockedOrgVault {
         }
     }
 
+    pub fn attachment_path(&self, collection_slug: &str, item_id: &ItemId, att_id: &AttachmentId) -> PathBuf {
+        self.root.join("attachments").join(collection_slug)
+            .join(item_id.as_str()).join(format!("{}.enc", att_id.as_str()))
+    }
+
+    /// Encrypt-already-done blob: persist it and return the repo-relative path for git staging.
+    pub fn save_attachment(&self, collection_slug: &str, item_id: &ItemId, enc: &EncryptedAttachment) -> Result<String> {
+        let path = self.attachment_path(collection_slug, item_id, &enc.id);
+        if let Some(parent) = path.parent() {
+            fs::create_dir_all(parent).with_context(|| format!("create {}", parent.display()))?;
+        }
+        atomic_write(&path, &enc.bytes)?;
+        Ok(format!("attachments/{}/{}/{}.enc", collection_slug, item_id.as_str(), enc.id.as_str()))
+    }
+
+    // Retained for a future `org document read/extract` command (mirrors `org_meta_path` convention).
+    #[allow(dead_code)]
+    pub fn load_attachment(&self, collection_slug: &str, item_id: &ItemId, att_id: &AttachmentId) -> Result<Zeroizing<Vec<u8>>> {
+        let path = self.attachment_path(collection_slug, item_id, att_id);
+        let bytes = fs::read(&path).with_context(|| format!("read attachment {}", path.display()))?;
+        Ok(relicario_core::decrypt_attachment(&bytes, &self.org_key)?)
+    }
+
+    /// Remove an item's whole attachment directory. Missing dir is NOT an error
+    /// (mirrors `remove_item`'s NotFound-tolerant behavior, for partial-write recovery).
+    pub fn remove_item_attachments(&self, collection_slug: &str, item_id: &ItemId) -> Result<()> {
+        let dir = self.root.join("attachments").join(collection_slug).join(item_id.as_str());
+        match fs::remove_dir_all(&dir) {
+            Ok(()) => Ok(()),
+            Err(e) if e.kind() == std::io::ErrorKind::NotFound => Ok(()),
+            Err(e) => Err(anyhow::Error::from(e).context(format!("remove {}", dir.display()))),
+        }
+    }
+
     /// Bail unless `member` has `slug` in their collection grants. The slug
     /// existence check is done separately by the caller against collections.json.
     pub fn ensure_grant(member: &OrgMember, slug: &str) -> Result<()> {
@@ -292,6 +333,22 @@ mod tests {
         assert_eq!(loaded.entries.len(), 1);
     }
 
+    #[test]
+    fn attachment_round_trip_collection_scoped() {
+        use relicario_core::encrypt_attachment;
+        let key = Zeroizing::new([7u8; 32]);
+        let (dir, vault) = make_vault(key);
+        let _ = dir; // keep tempdir alive
+        let item_id = ItemId::new();
+        let enc = encrypt_attachment(b"hello world", &vault.org_key, DEFAULT_ORG_ATTACHMENT_MAX_BYTES).unwrap();
+        let rel = vault.save_attachment("eng", &item_id, &enc).unwrap();
+        assert_eq!(rel, format!("attachments/eng/{}/{}.enc", item_id.as_str(), enc.id.as_str()));
+        let got = vault.load_attachment("eng", &item_id, &enc.id).unwrap();
+        assert_eq!(got.as_slice(), b"hello world");
+        vault.remove_item_attachments("eng", &item_id).unwrap();
+        assert!(vault.load_attachment("eng", &item_id, &enc.id).is_err());
+    }
+
     #[test]
     fn save_and_load_members() {
         let key = Zeroizing::new([0u8; 32]);

crates/relicario-cli/tests/org_authz.rs

@@ -152,7 +152,9 @@ fn org_get_edit_rm_restore_purge_reject_ungranted_member() {
     );
 
     for (label, args) in [
-        ("edit", vec!["org", "edit", "GitHub", "--username", "evil"]),
+        // `org edit` is now interactive (no flat flags); the ungranted member is
+        // rejected at manifest lookup, before any prompt is read.
+        ("edit", vec!["org", "edit", "GitHub"]),
         ("rm", vec!["org", "rm", "GitHub"]),
         ("restore", vec!["org", "restore", "GitHub"]),
         ("purge", vec!["org", "purge", "GitHub"]),
@@ -170,13 +172,12 @@ fn org_get_edit_rm_restore_purge_reject_ungranted_member() {
     }
 
     // The item is untouched: the owner can still read the original password and
-    // the username was NOT changed to the ungranted member's "evil" attempt.
+    // username — the ungranted member's get/edit/rm/restore/purge were all denied.
     let owner_get = owner_dev.run(vault, &["org", "get", "GitHub", "--show"]);
     let owner_out = String::from_utf8_lossy(&owner_get.stdout).to_string();
     assert!(owner_get.status.success(), "owner should still read the item");
     assert!(owner_out.contains("hunter2"), "owner read must still show original password: {owner_out}");
-    assert!(owner_out.contains("alice"), "edit by ungranted member must not have changed username: {owner_out}");
+    assert!(owner_out.contains("alice"), "ungranted member must not have modified the item: {owner_out}");
-    assert!(!owner_out.contains("evil"), "ungranted edit leaked through: {owner_out}");
 }
 
 #[test]

crates/relicario-cli/tests/org_items.rs

@@ -67,6 +67,39 @@ impl OrgFixture {
         let v: serde_json::Value = serde_json::from_str(&s).unwrap();
         v["members"][0]["member_id"].as_str().unwrap().to_string()
     }
+
+    /// Like `run`, but pipes `stdin_data` into the child's stdin — used to drive
+    /// `--*-stdin` secret flags and the interactive edit prompts. `wait_with_output`
+    /// closes stdin for us, so multiline secrets (read-to-EOF) terminate cleanly.
+    fn run_stdin(&self, args: &[&str], stdin_data: &str) -> std::process::Output {
+        use std::io::Write as _;
+        let mut child = Command::cargo_bin("relicario")
+            .unwrap()
+            .env("XDG_CONFIG_HOME", &self.xdg)
+            .env("RELICARIO_ORG_DIR", self.vault.path())
+            .args(args)
+            .stdin(Stdio::piped())
+            .stdout(Stdio::piped())
+            .stderr(Stdio::piped())
+            .spawn()
+            .unwrap();
+        child.stdin.as_mut().unwrap().write_all(stdin_data.as_bytes()).unwrap();
+        child.wait_with_output().unwrap()
+    }
+
+    /// Create collection `slug` and grant the owner access to it — the common
+    /// setup the item-type round-trip tests share.
+    fn create_collection_and_grant(&self, slug: &str) {
+        let owner = self.owner_member_id();
+        assert!(
+            self.run(&["org", "create-collection", slug, "--name", slug]).status.success(),
+            "create-collection {slug} failed",
+        );
+        assert!(
+            self.run(&["org", "grant", &owner, slug]).status.success(),
+            "grant {slug} failed",
+        );
+    }
 }
 
 #[test]
@@ -151,21 +184,17 @@ fn org_add_rejects_unknown_collection() {
 #[test]
 fn org_edit_updates_fields_and_commits_update_trailer() {
     let f = OrgFixture::new();
-    let owner = f.owner_member_id();
+    f.create_collection_and_grant("prod");
-    assert!(f.run(&["org", "create-collection", "prod", "--name", "Production"]).status.success());
-    assert!(f.run(&["org", "grant", &owner, "prod"]).status.success());
     assert!(f.run(&[
         "org", "add", "login", "--collection", "prod",
         "--title", "Mail", "--username", "old", "--password", "pw",
     ]).status.success());
 
-    // Edit the username.
+    // org edit is now interactive per-type: keep title, set username=new-user,
-    let out = f.run(&[
+    // keep URL, decline password change.
-        "org", "edit", "Mail", "--username", "new-user",
+    let out = f.run_stdin(&["org", "edit", "Mail"], "\nnew-user\n\nn\n");
-    ]);
     assert!(out.status.success(), "org edit: {}", String::from_utf8_lossy(&out.stderr));
 
-    // get --show reflects the new username.
     let out = f.run(&["org", "get", "Mail", "--show"]);
     let stdout = String::from_utf8_lossy(&out.stdout).to_string();
     assert!(stdout.contains("new-user"), "edit did not take: {stdout}");
@@ -215,3 +244,344 @@ fn org_rm_restore_purge_cycle() {
     let body = String::from_utf8_lossy(&log.stdout).to_string();
     assert!(body.contains("Relicario-Action: item-purge"), "missing purge trailer: {body}");
 }
+
+// --- v0.8.1 org item-type parity: Card / Key / Totp -------------------------
+// These drive the new `org add <card|key|totp>` subcommands. Secrets enter via
+// `--*-stdin` (read from piped stdin) or, for Totp, the `--secret` flag. `org get`
+// must mask every secret unless `--show` is passed — asserted below.
+
+#[test]
+fn org_add_card_via_stdin_then_get_masks_secret() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+
+    // build_card reads number, then cvv, then pin — one line each, in that order.
+    let out = f.run_stdin(
+        &[
+            "org", "add", "card", "--collection", "eng", "--title", "Corp Visa",
+            "--kind", "credit", "--number-stdin", "--cvv-stdin", "--pin-stdin",
+        ],
+        "4111111111111111\n123\n4321\n",
+    );
+    assert!(out.status.success(), "add card: {}", String::from_utf8_lossy(&out.stderr));
+
+    // get masks the card number by default.
+    let got = f.run(&["org", "get", "Corp Visa"]);
+    let stdout = String::from_utf8_lossy(&got.stdout).to_string();
+    assert!(stdout.contains("Corp Visa"), "title missing: {stdout}");
+    assert!(stdout.contains("********"), "card number must be masked without --show: {stdout}");
+    assert!(!stdout.contains("4111111111111111"), "secret leaked without --show: {stdout}");
+
+    // --show reveals it.
+    let shown = f.run(&["org", "get", "Corp Visa", "--show"]);
+    let shown = String::from_utf8_lossy(&shown.stdout).to_string();
+    assert!(shown.contains("4111111111111111"), "number not revealed with --show: {shown}");
+}
+
+#[test]
+fn org_add_key_via_stdin_then_get_masks_material() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+
+    // build_key reads key material from stdin to EOF (multiline secret).
+    let out = f.run_stdin(
+        &[
+            "org", "add", "key", "--collection", "eng", "--title", "Deploy Key",
+            "--label", "ci", "--algorithm", "ed25519", "--material-stdin",
+        ],
+        "-----BEGIN OPENSSH PRIVATE KEY-----\nAAAAsecretmaterial\n-----END OPENSSH PRIVATE KEY-----\n",
+    );
+    assert!(out.status.success(), "add key: {}", String::from_utf8_lossy(&out.stderr));
+
+    let got = f.run(&["org", "get", "Deploy Key"]);
+    let stdout = String::from_utf8_lossy(&got.stdout).to_string();
+    assert!(stdout.contains("Label:    ci"), "label missing: {stdout}");
+    assert!(stdout.contains("********"), "key material must be masked without --show: {stdout}");
+    assert!(!stdout.contains("secretmaterial"), "key material leaked without --show: {stdout}");
+}
+
+#[test]
+fn org_add_totp_with_secret_flag_round_trips() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+
+    // Totp accepts the base32 secret via --secret (no stdin needed).
+    let out = f.run(&[
+        "org", "add", "totp", "--collection", "eng", "--title", "AWS root",
+        "--issuer", "AWS", "--secret", "JBSWY3DPEHPK3PXP",
+    ]);
+    assert!(out.status.success(), "add totp: {}", String::from_utf8_lossy(&out.stderr));
+
+    let got = f.run(&["org", "get", "AWS root"]);
+    let stdout = String::from_utf8_lossy(&got.stdout).to_string();
+    assert!(stdout.contains("AWS root"), "title missing: {stdout}");
+    assert!(stdout.contains("Issuer:   AWS"), "issuer missing: {stdout}");
+}
+
+#[test]
+fn org_edit_card_interactive_changes_holder() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    let out = f.run_stdin(
+        &[
+            "org", "add", "card", "--collection", "eng", "--title", "Corp Visa",
+            "--kind", "credit", "--number-stdin", "--cvv-stdin", "--pin-stdin",
+        ],
+        "4111111111111111\n123\n4321\n",
+    );
+    assert!(out.status.success(), "add card: {}", String::from_utf8_lossy(&out.stderr));
+
+    // Interactive edit: keep title, set holder, decline number change.
+    let out = f.run_stdin(&["org", "edit", "Corp Visa"], "\nJane Q. Public\nn\n");
+    assert!(out.status.success(), "org edit card: {}", String::from_utf8_lossy(&out.stderr));
+
+    let got = f.run(&["org", "get", "Corp Visa"]);
+    let stdout = String::from_utf8_lossy(&got.stdout).to_string();
+    assert!(stdout.contains("Holder:   Jane Q. Public"), "holder edit did not take: {stdout}");
+    assert!(stdout.contains("********"), "number must stay masked after declining change: {stdout}");
+    assert!(!stdout.contains("4111111111111111"), "number leaked without --show: {stdout}");
+}
+
+#[test]
+fn org_edit_totp_interactive_changes_issuer() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    assert!(f.run(&[
+        "org", "add", "totp", "--collection", "eng", "--title", "AWS root",
+        "--issuer", "AWS", "--secret", "JBSWY3DPEHPK3PXP",
+    ]).status.success());
+
+    // Interactive edit: keep title, set issuer=GitHub, keep label, decline secret change.
+    let out = f.run_stdin(&["org", "edit", "AWS root"], "\nGitHub\n\nn\n");
+    assert!(out.status.success(), "org edit totp: {}", String::from_utf8_lossy(&out.stderr));
+
+    let got = f.run(&["org", "get", "AWS root"]);
+    assert!(String::from_utf8_lossy(&got.stdout).contains("Issuer:   GitHub"), "issuer edit did not take");
+}
+
+// --- grant enforcement + remaining --*-stdin paths for the new types ---------
+
+#[test]
+fn org_add_card_key_totp_reject_ungranted_and_unknown_collection() {
+    let f = OrgFixture::new();
+    // `secret` exists but is NOT granted to the owner.
+    assert!(f.run(&["org", "create-collection", "secret", "--name", "secret"]).status.success());
+
+    // ensure_grant runs before any secret prompt in run_add, so these need no
+    // stdin — each new type must be rejected for a collection it lacks a grant for.
+    for args in [
+        vec!["org", "add", "card", "--collection", "secret", "--title", "X", "--kind", "credit"],
+        vec!["org", "add", "key", "--collection", "secret", "--title", "X"],
+        vec!["org", "add", "totp", "--collection", "secret", "--title", "X", "--secret", "JBSWY3DPEHPK3PXP"],
+    ] {
+        let out = f.run(&args);
+        assert!(!out.status.success(), "ungranted add must fail: {args:?}");
+        let err = String::from_utf8_lossy(&out.stderr).to_string();
+        assert!(err.contains("access denied") || err.contains("grant"),
+                "expected grant denial for {args:?}: {err}");
+    }
+
+    // …and rejected for a nonexistent collection.
+    for args in [
+        vec!["org", "add", "card", "--collection", "ghost", "--title", "X", "--kind", "credit"],
+        vec!["org", "add", "key", "--collection", "ghost", "--title", "X"],
+        vec!["org", "add", "totp", "--collection", "ghost", "--title", "X", "--secret", "JBSWY3DPEHPK3PXP"],
+    ] {
+        let out = f.run(&args);
+        assert!(!out.status.success(), "unknown-collection add must fail: {args:?}");
+        let err = String::from_utf8_lossy(&out.stderr).to_string();
+        assert!(err.contains("does not exist") || err.contains("ghost"),
+                "expected unknown-collection error for {args:?}: {err}");
+    }
+}
+
+#[test]
+fn org_add_secure_note_via_body_stdin_masks_body() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    // build_secure_note(body_stdin=true) reads the body from stdin to EOF.
+    let out = f.run_stdin(
+        &["org", "add", "secure-note", "--collection", "eng", "--title", "Runbook", "--body-stdin"],
+        "line one\nsuper-secret-line\n",
+    );
+    assert!(out.status.success(), "add note: {}", String::from_utf8_lossy(&out.stderr));
+
+    let got = f.run(&["org", "get", "Runbook"]);
+    let stdout = String::from_utf8_lossy(&got.stdout).to_string();
+    assert!(stdout.contains("********"), "note body must be masked without --show: {stdout}");
+    assert!(!stdout.contains("super-secret-line"), "note body leaked without --show: {stdout}");
+
+    let shown = f.run(&["org", "get", "Runbook", "--show"]);
+    assert!(String::from_utf8_lossy(&shown.stdout).contains("super-secret-line"), "body not revealed with --show");
+}
+
+#[test]
+fn org_add_totp_via_secret_stdin_round_trips() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    // build_totp(secret_stdin=true) reads one base32 line from stdin.
+    let out = f.run_stdin(
+        &["org", "add", "totp", "--collection", "eng", "--title", "VPN", "--issuer", "Corp", "--secret-stdin"],
+        "JBSWY3DPEHPK3PXP\n",
+    );
+    assert!(out.status.success(), "add totp: {}", String::from_utf8_lossy(&out.stderr));
+
+    let got = f.run(&["org", "get", "VPN"]);
+    assert!(String::from_utf8_lossy(&got.stdout).contains("Issuer:   Corp"), "issuer missing");
+}
+
+#[test]
+fn org_edit_key_replaces_material_and_reveals_with_show() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    let out = f.run_stdin(
+        &["org", "add", "key", "--collection", "eng", "--title", "Signing Key",
+          "--label", "ci", "--material-stdin"],
+        "OLD-MATERIAL-aaaa\n",
+    );
+    assert!(out.status.success(), "add key: {}", String::from_utf8_lossy(&out.stderr));
+
+    // Interactive edit: keep title, ACCEPT "Replace key material?" -> new material
+    // read from stdin to EOF (edit_key). Exercises the accept branch + history push.
+    let out = f.run_stdin(&["org", "edit", "Signing Key"], "\ny\nNEW-MATERIAL-bbbb\n");
+    assert!(out.status.success(), "org edit key: {}", String::from_utf8_lossy(&out.stderr));
+
+    let masked = f.run(&["org", "get", "Signing Key"]);
+    let masked = String::from_utf8_lossy(&masked.stdout).to_string();
+    assert!(masked.contains("********"), "material must be masked without --show: {masked}");
+    assert!(!masked.contains("NEW-MATERIAL"), "material leaked without --show: {masked}");
+
+    let shown = f.run(&["org", "get", "Signing Key", "--show"]);
+    let shown = String::from_utf8_lossy(&shown.stdout).to_string();
+    assert!(shown.contains("NEW-MATERIAL-bbbb"), "replaced material not revealed with --show: {shown}");
+    assert!(!shown.contains("OLD-MATERIAL"), "old material still present after replace: {shown}");
+}
+
+// --- v0.8.1 org Document tests -----------------------------------------------
+
+/// `git status --porcelain` output for the org repo (trimmed). Empty-of-`attachments/`
+/// proves every attachment add/remove was staged into the signed commit.
+fn git_porcelain(repo: &str) -> String {
+    let out = std::process::Command::new("git")
+        .args(["-C", repo, "status", "--porcelain"])
+        .output()
+        .unwrap();
+    String::from_utf8_lossy(&out.stdout).trim().to_string()
+}
+
+#[test]
+fn org_add_document_stores_collection_scoped_attachment() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    let srcdir = TempDir::new().unwrap();
+    let src = srcdir.path().join("note.txt");
+    std::fs::write(&src, b"secret memo").unwrap();
+
+    let out = f.run(&["org", "add", "document", "--collection", "eng",
+                      "--title", "Q3 Memo", "--file", src.to_str().unwrap()]);
+    assert!(out.status.success(), "add doc: {}", String::from_utf8_lossy(&out.stderr));
+
+    // Encrypted blob at attachments/eng/<item-id>/<att-id>.enc (3 segments).
+    let att_eng = f.vault_path().join("attachments").join("eng");
+    assert!(att_eng.exists(), "attachment dir missing");
+    let item_dirs: Vec<_> = std::fs::read_dir(&att_eng).unwrap().map(|e| e.unwrap().path()).collect();
+    assert_eq!(item_dirs.len(), 1, "expected exactly one item attachment dir");
+    let blobs: Vec<_> = std::fs::read_dir(&item_dirs[0]).unwrap().map(|e| e.unwrap().path()).collect();
+    assert_eq!(blobs.len(), 1, "expected exactly one attachment blob");
+    assert_eq!(blobs[0].extension().and_then(|e| e.to_str()), Some("enc"), "blob must be .enc");
+
+    let got = f.run(&["org", "get", "Q3 Memo"]);
+    let stdout = String::from_utf8_lossy(&got.stdout);
+    assert!(stdout.contains("Filename: note.txt"), "get missing filename: {stdout}");
+    // Staging proof: nothing attachment-related left uncommitted.
+    assert!(!git_porcelain(f.vault_str()).contains("attachments/"), "unstaged attachment after add");
+}
+
+#[test]
+fn org_purge_document_removes_attachment_dir() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    let srcdir = TempDir::new().unwrap();
+    let src = srcdir.path().join("d.bin");
+    std::fs::write(&src, b"bytes").unwrap();
+    assert!(f.run(&["org", "add", "document", "--collection", "eng",
+                    "--title", "Doc", "--file", src.to_str().unwrap()]).status.success());
+
+    let att_eng = f.vault_path().join("attachments").join("eng");
+    assert!(std::fs::read_dir(&att_eng).unwrap().next().is_some(), "attachment must exist after add");
+
+    assert!(f.run(&["org", "rm", "Doc"]).status.success(), "rm");
+    let out = f.run(&["org", "purge", "Doc"]);
+    assert!(out.status.success(), "purge: {}", String::from_utf8_lossy(&out.stderr));
+
+    let empty = !att_eng.exists() || std::fs::read_dir(&att_eng).unwrap().next().is_none();
+    assert!(empty, "attachment dir should be gone after purge");
+    assert!(!git_porcelain(f.vault_str()).contains("attachments/"), "unstaged attachment removal after purge");
+}
+
+#[test]
+fn org_edit_document_replaces_attachment_and_stages_cleanly() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    let srcdir = TempDir::new().unwrap();
+    let a = srcdir.path().join("a.txt");
+    std::fs::write(&a, b"version A").unwrap();
+    assert!(f.run(&["org", "add", "document", "--collection", "eng",
+                    "--title", "Spec", "--file", a.to_str().unwrap()]).status.success());
+
+    let b = srcdir.path().join("b.md");
+    std::fs::write(&b, b"version B has different content").unwrap();
+    let out = f.run(&["org", "edit", "Spec", "--file", b.to_str().unwrap()]);
+    assert!(out.status.success(), "edit --file: {}", String::from_utf8_lossy(&out.stderr));
+
+    let got = String::from_utf8_lossy(&f.run(&["org", "get", "Spec"]).stdout).to_string();
+    assert!(got.contains("Filename: b.md"), "get should show new filename: {got}");
+    assert!(!got.contains("a.txt"), "old filename should be gone: {got}");
+
+    // Old blob replaced, not accumulated: exactly one blob remains.
+    let att_eng = f.vault_path().join("attachments").join("eng");
+    let item_dirs: Vec<_> = std::fs::read_dir(&att_eng).unwrap().map(|e| e.unwrap().path()).collect();
+    assert_eq!(item_dirs.len(), 1, "one item attachment dir");
+    let blobs = std::fs::read_dir(&item_dirs[0]).unwrap().count();
+    assert_eq!(blobs, 1, "old blob must be replaced, not accumulated");
+
+    // The key staging proof: no orphaned old blob / unstaged new blob.
+    assert!(!git_porcelain(f.vault_str()).contains("attachments/"),
+            "edit-replace left attachment changes unstaged (incomplete git add)");
+}
+
+#[test]
+fn org_edit_file_on_non_document_is_rejected() {
+    let f = OrgFixture::new();
+    f.create_collection_and_grant("eng");
+    assert!(f.run(&["org", "add", "login", "--collection", "eng",
+                    "--title", "Site", "--password", "p"]).status.success());
+    let srcdir = TempDir::new().unwrap();
+    let x = srcdir.path().join("x.txt");
+    std::fs::write(&x, b"nope").unwrap();
+
+    let out = f.run(&["org", "edit", "Site", "--file", x.to_str().unwrap()]);
+    assert!(!out.status.success(), "--file on a Login must be rejected");
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("--file is only valid"), "unexpected error: {stderr}");
+}
+
+#[test]
+fn org_add_document_into_ungranted_collection_is_denied() {
+    let f = OrgFixture::new();
+    // Collection exists but the owner is NOT granted.
+    assert!(f.run(&["org", "create-collection", "secret", "--name", "Secret"]).status.success(),
+            "create-collection");
+    let srcdir = TempDir::new().unwrap();
+    let src = srcdir.path().join("f.txt");
+    std::fs::write(&src, b"data").unwrap();
+
+    let out = f.run(&["org", "add", "document", "--collection", "secret",
+                      "--title", "X", "--file", src.to_str().unwrap()]);
+    assert!(!out.status.success(), "ungranted document add must fail");
+    let stderr = String::from_utf8_lossy(&out.stderr);
+    assert!(stderr.contains("access denied") || stderr.contains("grant"), "unexpected error: {stderr}");
+    // Grant is enforced before any attachment is written.
+    assert!(!f.vault_path().join("attachments").join("secret").exists(),
+            "no attachment dir should exist on a denied add");
+}

crates/relicario-server/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "relicario-server"
-version = "0.1.0"
+version = "0.1.1"
 edition = "2021"
 description = "Pre-receive Git hook for relicario password manager"
 license = "GPL-3.0-or-later"

crates/relicario-server/src/lib.rs

@@ -6,7 +6,8 @@
 pub enum PathClass {
     /// `members.json`, `collections.json`, `org.json` — only Owner/Admin may write.
     Protected,
-    /// `items/<slug>/<id>.enc` — writer must hold a grant for `<slug>`.
+    /// `items/<slug>/<id>.enc` and `attachments/<slug>/<item-id>/<att-id>.enc` —
+    /// writer must hold a grant for `<slug>`.
     Item { collection: String },
     /// `keys/<id>.enc`, `manifest.enc`, `.gitignore`, etc. — gated only by the
     /// per-commit signature check (signer must be a current member).
@@ -42,6 +43,23 @@ pub fn classify_path(path: &str) -> PathClass {
         return PathClass::Item { collection: slug.to_string() };
     }
 
+    if let Some(rest) = path.strip_prefix("attachments/") {
+        // Expect exactly: <slug>/<item-id>/<att-id>.enc → three segments.
+        let segments: Vec<&str> = rest.split('/').collect();
+        if segments.len() != 3 {
+            return PathClass::Rejected(
+                "attachments path must be attachments/<slug>/<item-id>/<att-id>.enc".to_string());
+        }
+        let slug = segments[0];
+        if slug.is_empty() {
+            return PathClass::Rejected("empty collection slug in attachments path".to_string());
+        }
+        if slug.contains('.') {
+            return PathClass::Rejected(format!("invalid collection slug: {:?}", slug));
+        }
+        return PathClass::Item { collection: slug.to_string() };
+    }
+
     PathClass::Unrestricted
 }
 

crates/relicario-server/tests/org_hook.rs

@@ -79,3 +79,43 @@ fn extract_schema_version_errors_on_missing_field() {
 fn extract_schema_version_errors_on_garbage() {
     assert!(extract_schema_version("not json").is_err());
 }
+
+#[test]
+fn attachment_path_is_collection_scoped() {
+    assert_eq!(
+        classify_path("attachments/prod/a1b2c3d4e5f6a1b2/0011223344556677.enc"),
+        PathClass::Item { collection: "prod".to_string() }
+    );
+}
+
+#[test]
+fn attachment_wrong_segment_count_is_rejected() {
+    assert_eq!(
+        classify_path("attachments/prod/onlytwo.enc"),
+        PathClass::Rejected("attachments path must be attachments/<slug>/<item-id>/<att-id>.enc".to_string())
+    );
+}
+
+#[test]
+fn attachment_empty_or_dotted_slug_is_rejected() {
+    assert!(matches!(classify_path("attachments//item/att.enc"), PathClass::Rejected(_)));
+    assert!(matches!(classify_path("attachments/../item/att.enc"), PathClass::Rejected(_)));
+}
+
+#[test]
+fn attachments_prefix_alone_is_rejected_not_unrestricted() {
+    // `attachments/` with no slug/item/att segments must be Rejected, NOT fall
+    // through to Unrestricted — that fall-through was the authz gap this closes.
+    assert!(matches!(classify_path("attachments/"), PathClass::Rejected(_)));
+}
+
+#[test]
+fn attachment_att_id_segment_may_contain_dots() {
+    // The `.`-free guard applies to the slug (segment[0]) ONLY; the att-id segment
+    // legitimately carries `.enc` and is unharmed by additional dots — proving the
+    // guard is not a blanket "reject any dotted segment".
+    assert_eq!(
+        classify_path("attachments/eng/a1b2c3d4e5f6a1b2/00112233.aux.enc"),
+        PathClass::Item { collection: "eng".to_string() }
+    );
+}

docs/FORMATS.md

@@ -82,6 +82,7 @@ collections.json                      # collection definitions
 keys/<member-id>.enc                  # org master key wrapped to that member's device key
 manifest.enc                          # OrgManifest (schema_version 1, per-member-filtered)
 items/<collection-slug>/<item-id>.enc # collection-scoped item blobs
+attachments/<collection-slug>/<item-id>/<att-id>.enc # Document attachment blobs (collection-scoped)
 ```
 
 ### `org.json` — OrgMeta
@@ -123,7 +124,13 @@ Standard `.enc` blob (see **Encrypted blob** above), encrypted under the org mas
 
 These blobs are written and read by the `relicario org` item commands (`org add` / `get` / `list` / `edit` / `rm` / `restore` / `purge`), all collection-scoped and grant-enforced. `org add` currently creates Login / SecureNote / Identity items; `get` / `list` display any item type present.
 
-**TODO (extension follow-up):** extension UI for browsing and editing org vault items. **Deferred:** `org add` / `edit` parity for Card / Key / Document / Totp item types.
+### `attachments/<collection-slug>/<item-id>/<att-id>.enc`
+
+Standard `.enc` blob (see **Encrypted blob** above), encrypted under the org master key — the encrypted file payload of a Document item. As with item blobs, the blob does **not** name its collection; the leading `<collection-slug>` path segment carries it, so the pre-receive hook (`relicario-server`, `classify_path`) authorizes the write by slug without decrypting — reusing the same grant + slug-existence check as the `items/` branch. The path is **exactly three segments** after `attachments/` (`<collection-slug>/<item-id>/<att-id>.enc`); the hook rejects any other shape (segment-count and `.`-free slug guards). `<att-id>` is the content-addressed `AttachmentId` (see **Item IDs and Field IDs** below).
+
+Per-attachment size is capped at `DEFAULT_ORG_ATTACHMENT_MAX_BYTES = 10 * 1024 * 1024` (10 MiB) (`org_session.rs:24`), mirroring the personal-vault default `AttachmentCaps::per_attachment_max_bytes` (`settings.rs:116`). Org vaults have no `settings.enc`, so this cap is a fixed default rather than per-org configurable. Blobs are persisted / read / removed by `UnlockedOrgVault::save_attachment` / `load_attachment` / `remove_item_attachments` (`org_session.rs:137`, `:147`, `:156`). The storage primitives back the org **Document** item type; the `org add document` / Document-edit commands that produce these blobs land in v0.8.1 (see the item-type-parity note below).
+
+**TODO (extension follow-up):** extension UI for browsing and editing org vault items. **Deferred:** `org add` / `edit` parity for Card / Key / Document / Totp item types (landing in v0.8.1; Document file payloads use the attachment layout above).
 
 ## Item IDs and Field IDs
 

docs/SECURITY.md

@@ -111,10 +111,11 @@ before they land.
    rejected outright.
 
 2. **Path-level write authorisation** — each modified path is classified by
-   `classify_path` (`crates/relicario-server/src/lib.rs:19`) into
+   `classify_path` (`crates/relicario-server/src/lib.rs:20`) into
-   `ProtectedJson` (owner/admin write only), `CollectionItem` (the
+   `Protected` (owner/admin write only), `Item { collection }` (the
-   `items/<slug>/…` prefix; write allowed only if the slug appears in the
+   `items/<slug>/…` or `attachments/<slug>/…` prefix; write allowed only if
-   signer's `collections` grant array), or `Unrestricted`. The write is
+   the slug appears in the signer's `collections` grant array), or
+   `Unrestricted`. The write is
    authorised if and only if the signer's role and grants satisfy the
    classification. Item blobs are authorised by the leading path segment
    alone — the ciphertext is never decrypted by the hook.
@@ -132,6 +133,21 @@ before they land.
    Merge commits are rejected. A genesis commit (no parents) is allowed
    only when it is signed by the sole Owner it introduces.
 
+#### Attachment write authorisation (v0.1.1 fix)
+
+Prior to `relicario-server` v0.1.1, `attachments/…` paths fell through to
+`PathClass::Unrestricted` in `classify_path`
+(`crates/relicario-server/src/lib.rs:20`). Any member with push access could
+write attachment blobs to any collection regardless of their grants. As of
+v0.1.1, `attachments/<slug>/<item-id>/<att-id>.enc` is classified as
+`PathClass::Item { collection: slug }`, bringing attachment writes under the
+same grant check already applied to `items/<slug>/<id>.enc` blobs.
+
+**Deploying this fix requires rebuilding and redeploying the pre-receive hook
+on the server.** A server still running a hook built before v0.1.1 continues
+to accept attachment pushes from any member; the `Unrestricted` path is only
+closed once the updated hook is installed at `<repo>/hooks/pre-receive`.
+
 ### Key rotation
 
 `relicario org rotate-key` generates a fresh 256-bit org master key,