relicario/docs/superpowers/reviews/2026-06-20-product-audit.md

Product Audit — Relicario — 2026-06-20 · fast

Generated by the product-expert skill (roadmap audit, fast mode). Competitive read grounded in references/competitive-landscape.md (last-reviewed 2026-06-20). Advisory only — record of what was considered, not a commitment.

Reality check

v0.8.1 tagged today: relicario org add/edit now covers all 7 item types with collection-scoped, grant-enforced attachments — sitting on the cryptographically serious v0.8.0 org backend (ECIES per-member key wrap, signature-verifying pre-receive hook). The personal vault is genuinely complete with full CLI↔extension parity. But the defining reality is an asymmetry: Relicario has now built an entire enterprise org vault that cannot be touched from a browser — the extension has zero org concept. The biggest recent investment has no GUI surface. No lift is currently active.

Drift found (low severity, but catching it is this skill's job):

• STATUS.md:7 — "Last release tagged: v0.6.0". Stale: v0.8.0 and v0.8.1 are both tagged (git tag; release commit 2fa4d68).
• STATUS.md:8 + ROADMAP.md:10 — "tag pending PM". Stale: the v0.8.1 tag is cut.
• docs/user_docs/ (12-page end-user guide) merged as a fast-follow after the tag — fine, just not inside the v0.8.1 tag.

Assessment

Strengths: the wedge sits in a near-empty competitive cell — two factors into the KDF + self-host + zero server metadata + git audit log (1Password has the 2-factor KDF but is cloud-only; vaultwarden self-hosts but is single-factor KDF). Personal vault is complete. Org backend is real cryptographic work, now feature-broad.

Gaps: (1) the org vault is invisible in the GUI — extension has no org read or write; the whole enterprise feature is stranded behind the CLI (rated critical; traces to docs/superpowers/specs/2026-06-20-extension-cli-parity-gap-analysis.md). (2) Personal-side parity holes that make a "parity-is-a-design-value" product feel unfinished — favorites (no UI on either surface), group/tag editing only on some forms, and autofill matching by exact hostname (so www.github.com misses a login saved as github.com). (3) The pitch leads with steganography — the most friction-heavy, least load-bearing part of the wedge.

Risks: mobile absence caps total addressable market — but for Relicario's self-selected desktop/CLI audience that's a ceiling, not a bleeding wound, and treating it as an emergency would import mass-market logic that doesn't fit this product. The sharper risk is that a GUI-less org vault only ever reaches CLI-native shops — a fraction of the market the org spec implies — stranding the investment.

Recommendations (leverage-ordered)

1. REORDER — Put a GUI on the org vault you already built: extension org read next, then write. Why: the v0.8.0+v0.8.1 backend is stranded without it; "unlock value already built" is the highest-ROI class of move; it's already roadmap item #1, and CLI reached all-7-type org write in v0.8.1 so the write path is unblocked. Outranks the command palette and personal-parity polish. Impact/Effort: H / M. Risk: browser GitHost has no commit-signing path, so write is harder than read — ship read first as its own slice. Refinement: scope to org item usage (read/add/edit a shared credential), NOT admin ops (member/key management staying CLI-only is a legitimate design choice; item usage being CLI-only is not).

2. PIVOT (positioning) — Re-lead with the thesis, demote stego to an option. Why: the most important thing the roadmap doesn't mention. A plain key file delivers the identical 256-bit second factor; stego's only marginal benefit is the niche "dead-drop on social media" story, while it carries the most unlock friction and a SPOF the project already had to paper over with the recovery-QR. The README leads with the gimmick and buries the moat. Impact/Effort: H / L (messaging; keep the feature). Risk: stego is the product's identity — keep it first-class-optional, don't delete it. Adjacent thesis-level call: offering a plain key file as an alternative second factor would lower onboarding friction for users who find "hide a secret in a JPEG" too weird — a real ADD candidate, not just messaging.

3. ADD (cheap, high-ROI) — Autofill matches by registrable domain (eTLD+1), not exact hostname. Why: exact-equality silently fails on the most common case (www. vs apex), making the extension feel broken; small, contained fix. Impact/Effort: M / L. Risk: use a public-suffix list to avoid over-matching.

4. ADD — Close the personal parity holes: favorites UI + group/tag editing on every item-type form. Why: CLI↔extension parity is a stated design value; family/individual users organize by exactly these. Impact/Effort: M / M.

5. REORDER (defer) — Keep org phase-2 (SSO/LDAP, read audit, per-collection subkeys, HTTP plane) parked behind extension org parity. Why: high-effort, no demand, pointless while the org feature has no GUI. Impact/Effort: M / H.

6. CUT (future investment, not deletion) — Stop deepening the over-served areas: no more stego-robustness work, no recovery-QR elaboration, leave field-history's knobs alone. Don't remove working features — just stop investing in them.

7. Housekeeping — sync STATUS.md and ROADMAP.md:10 to reflect v0.8.1 as tagged. Five minutes; it's the exact drift this audit exists to catch.

On mobile & v1.0: mobile is the single biggest TAM ceiling, but a high-effort, post-v1.0 bet that partly contradicts the desktop/CLI shape of the product — a separate-product-scale investment, not the next move. Frame v1.0 = the thesis, fully usable on the surfaces you already support: extension org parity + personal parity holes closed + positioning sharpened. Mobile is a v1.x conversation.

PM brief

## PRODUCT DIRECTIVE TO PM
Time: 2026-06-20 (local)
Source: /product-expert roadmap audit (fast)

Reality note: v0.8.1 is TAGGED (org item-type parity). The org vault backend is
fully shipped but has ZERO extension GUI — the whole enterprise feature is
CLI-only. STATUS.md still says "Last release tagged: v0.6.0" and "tag pending PM";
sync those (5-min housekeeping) before anything else.

Roadmap changes (priority order):
1. REORDER — extension org READ (org switch + collection-filtered browse) is the
   next slice; org WRITE follows as its own slice. Scope to item usage, not admin
   ops. This outranks the command palette and personal-parity polish.
2. PIVOT (positioning) — re-lead messaging with "two secrets into the KDF +
   self-host + zero server metadata + git audit"; present the stego image as an
   optional second-factor flavor, not the headline. Keep the feature.
3. ADD — autofill: match by registrable domain (eTLD+1), not exact hostname.
4. ADD — favorites UI + group/tag editing across all item-type forms (parity).

Recommended next slice: extension org READ (H impact / M effort — puts a usable
face on the backend you already paid for).

Out of scope / do NOT pick up: org phase-2 (SSO/LDAP, read audit, per-collection
subkeys) until org has a GUI; further stego/recovery-QR hardening; mobile (post-v1.0).