# Changelog ## Unreleased ### Added - **Sync now button** in the extension settings view — surfaces the previously hidden `{ type: 'sync' }` SW message to users with success / error feedback. - **Device registration from the popup.** The "Register this device" button on the devices view now opens an inline name input and (on confirm) generates a keypair via WASM, persists the private key + name locally, and writes the device to the remote — no setup-wizard detour. Backed by a new `register_this_device` SW message. - **`relicario settings generator-defaults`** — view-and-edit access to the generator defaults stored in `VaultSettings`. Flags: `--random` / `--bip39` to switch mode, `--length`, `--words`, `--symbols`, `--separator` to update fields of the active mode. - **`relicario edit` now supports TOTP items.** Issuer, label, and secret rotation work; rotated secrets are pushed to `field_history` (key: `core:totp_secret`). - **`relicario history `** — view captured field history. Values are masked by default; `--show` reveals them; `--field ` filters to one synthetic key (e.g. `login_password`, `totp_secret`). - **`relicario detach `** — remove an individual attachment from an item. Refuses to drop a Document item's primary attachment (use `purge` instead). - **`relicario status`** — vault summary: root path, item count (active / trashed), attachment count + total bytes, registered device count, last commit (`%h %s`). - **Backup & restore.** New `relicario backup export ` and `relicario backup restore []` commands. The `.relbak` format is a single encrypted file: Argon2id-derived key from a user-chosen backup passphrase (independent of the vault factor), XChaCha20-Poly1305 ciphertext, zstd-compressed JSON envelope. Reference image and `.git/` history are opt-in inclusions (`--include-image`, `--no-history`). - **Vault-tab Backup & Restore panel.** Export downloads the `.relbak` via `chrome.downloads`. Restore takes a file + backup passphrase + new-remote config and writes the vault into a fresh empty repo (refuses to clobber existing). Git history is never bundled from the extension — CLI is the source of full backups. - **LastPass CSV import.** New `relicario import lastpass ` command + vault-tab Import panel (`vault.html#import`). Logins map to `Login` items; rows with `url == "http://sn"` map to `SecureNote` (extra column → body verbatim, structured data preserved as-is for manual re-categorization). TOTP secrets in the `totp` column are base32-decoded into `LoginCore.totp`; bad base32 surfaces a warning and the login is imported without TOTP. Failed rows (missing `name`, missing password on a login) are skipped with a per-row warning. Each row gets a freshly-minted ID — re-running the import creates duplicates rather than corrupting state. - **Popup deep link to the Import panel.** `settings-vault` gains an "import" section with a `LastPass CSV →` button next to the existing `Backup & restore →` button. - **`relicario status` shows last export age.** New `Last export: ` line reading `.relicario/last_backup` (a marker file `cmd_backup_export` writes on success). Reads "never" for fresh vaults, "4 days ago" otherwise. ### Known limitations - **Mid-restore failure leaves the target remote in a half-written state.** `cmd_backup_restore` and the vault-tab Restore panel both write artifacts sequentially via `writeFileCreateOnly`. If the process is interrupted partway, a retry against the same remote refuses to clobber. Workaround: delete the partial repo and retry. - **Cross-tool backup compatibility.** CLI-exported backups stored attachments at `/.enc`; extension stores at flat `.bin`. The `.relbak` envelope canonicalizes to `/` keys and each tool translates at the boundary. Round-trip works in both directions. ### Internal - Refactored `cmd_add` and `cmd_edit` in the CLI: each `ItemCore` variant now has its own `build_*_item` / `edit_*` helper. Pure mechanical extraction; behavior unchanged. The dispatcher matches and delegates. - Extracted pure helpers (`escapeHtml`, `ratePassphrase`, `scheduleRate`, `entropyText`, `STRENGTH_LABELS`) from `extension/src/setup/setup.ts` into `setup-helpers.ts`. State-coupled `updateStrengthUi` stays in `setup.ts` since it walks live wizard state. Setup.ts went from 1205 → 1137 lines. ### Changed - `relicario generate` now consults `VaultSettings.generator_defaults` when invoked inside an initialized vault. Explicit flags (`--length`, `--bip39`, `--words`, `--symbols`, `--separator`) override the vault default. Outside a vault, behavior is unchanged (length 20, safe symbol set, 5 BIP39 words, space separator). ## v0.2.0 — 2026-04-27 ### Fixed - **Setup wizard could silently overwrite an existing vault.** Pointing the wizard at a remote that already contained a relicario vault would clobber `manifest.enc`, `.relicario/salt`, and friends with no warning. The wizard now probes the remote after the connection test and refuses to create a new vault on top of an existing one. Affected users whose vault was wiped by this bug should restore from the git history of the affected repo (`git log` + `git checkout -- .`). - **New devices registered during initial setup were silently dropped.** The wizard's Step 5 fired `add_device` over a service-worker channel that required an unlocked vault, which is unavailable mid-wizard. Device pubkeys now write directly to `.relicario/devices.json` from the wizard. - **Wizard-created vaults were missing `settings.enc`.** The CLI's `init` writes a default-`VaultSettings` `settings.enc` alongside `manifest.enc`, but the wizard skipped it, causing every `get_vault_settings` SW call to 404. The wizard now encrypts and writes `settings.enc` using a new `default_vault_settings_json` WASM helper that keeps defaults in sync with Rust core. ### Added - **Attach this device to an existing vault — purely from the GUI.** New Step 0 mode picker splits the wizard into "create new vault" and "attach this device." The attach path takes a passphrase + reference image, fetches the existing manifest, verifies the credentials by decrypting it, and only then registers a new device key. No CLI required for multi-device setup. - `GitHost.lastCommit(path)` and `GitHost.writeFileCreateOnly(path, ...)`. - `default_vault_settings_json()` WASM export. ## v0.1.0 — 2026-04-22 Initial release.