relicario/docs/superpowers/reviews/2026-06-20-product-audit.md

# Product Audit — Relicario — 2026-06-20 · fast

> Generated by the `product-expert` skill (roadmap audit, fast mode). Competitive
> read grounded in `references/competitive-landscape.md` (last-reviewed 2026-06-20).
> Advisory only — record of what was considered, not a commitment.

## Reality check

v0.8.1 tagged today: `relicario org add`/`edit` now covers **all 7 item types**
with collection-scoped, grant-enforced attachments — sitting on the
cryptographically serious v0.8.0 org backend (ECIES per-member key wrap,
signature-verifying pre-receive hook). The personal vault is genuinely complete
with full CLI↔extension parity. But the **defining reality is an asymmetry**:
Relicario has now built an entire enterprise org vault that *cannot be touched
from a browser* — the extension has zero org concept. The biggest recent
investment has no GUI surface. No lift is currently active.

**Drift found** (low severity, but catching it is this skill's job):
- `STATUS.md:7` — "Last release tagged: **v0.6.0**". Stale: v0.8.0 and v0.8.1 are
  both tagged (`git tag`; release commit `2fa4d68`).
- `STATUS.md:8` + `ROADMAP.md:10` — "tag pending PM". Stale: the v0.8.1 tag is cut.
- `docs/user_docs/` (12-page end-user guide) merged as a fast-follow *after* the
  tag — fine, just not inside the v0.8.1 tag.

## Assessment

**Strengths:** the wedge sits in a near-empty competitive cell — two factors
*into the KDF* + self-host + **zero server metadata** + git audit log (1Password
has the 2-factor KDF but is cloud-only; vaultwarden self-hosts but is
single-factor KDF). Personal vault is complete. Org backend is real cryptographic
work, now feature-broad.

**Gaps:** (1) the org vault is **invisible in the GUI** — extension has no org
read or write; the whole enterprise feature is stranded behind the CLI (rated
*critical*; traces to `docs/superpowers/specs/2026-06-20-extension-cli-parity-gap-analysis.md`).
(2) Personal-side parity holes that make a "parity-is-a-design-value" product feel
unfinished — favorites (no UI on either surface), group/tag editing only on some
forms, and autofill matching by **exact hostname** (so `www.github.com` misses a
login saved as `github.com`). (3) The pitch leads with steganography — the most
friction-heavy, least load-bearing part of the wedge.

**Risks:** mobile absence caps total addressable market — but for Relicario's
*self-selected* desktop/CLI audience that's a ceiling, not a bleeding wound, and
treating it as an emergency would import mass-market logic that doesn't fit this
product. The sharper risk is that a GUI-less org vault only ever reaches
CLI-native shops — a fraction of the market the org spec implies — stranding the
investment.

## Recommendations (leverage-ordered)

1. **REORDER — Put a GUI on the org vault you already built: extension org *read*
   next, then *write*.** *Why:* the v0.8.0+v0.8.1 backend is stranded without it;
   "unlock value already built" is the highest-ROI class of move; it's already
   roadmap item #1, and CLI reached all-7-type org write in v0.8.1 so the write
   path is unblocked. Outranks the command palette and personal-parity polish.
   *Impact/Effort:* H / M. *Risk:* browser GitHost has no commit-signing path, so
   write is harder than read — ship read first as its own slice. *Refinement:*
   scope to org **item usage** (read/add/edit a shared credential), NOT admin ops
   (member/key management staying CLI-only is a legitimate design choice; item
   usage being CLI-only is not).

2. **PIVOT (positioning) — Re-lead with the thesis, demote stego to an *option*.**
   *Why:* the most important thing the roadmap doesn't mention. A plain key file
   delivers the identical 256-bit second factor; stego's only marginal benefit is
   the niche "dead-drop on social media" story, while it carries the most unlock
   friction and a SPOF the project already had to paper over with the recovery-QR.
   The README leads with the gimmick and buries the moat. *Impact/Effort:* H / L
   (messaging; keep the feature). *Risk:* stego is the product's identity — keep
   it first-class-*optional*, don't delete it. *Adjacent thesis-level call:*
   offering a plain key file as an alternative second factor would lower
   onboarding friction for users who find "hide a secret in a JPEG" too weird — a
   real ADD candidate, not just messaging.

3. **ADD (cheap, high-ROI) — Autofill matches by registrable domain (eTLD+1), not
   exact hostname.** *Why:* exact-equality silently fails on the most common case
   (`www.` vs apex), making the extension feel broken; small, contained fix.
   *Impact/Effort:* M / L. *Risk:* use a public-suffix list to avoid over-matching.

4. **ADD — Close the personal parity holes: favorites UI + group/tag editing on
   every item-type form.** *Why:* CLI↔extension parity is a stated design value;
   family/individual users organize by exactly these. *Impact/Effort:* M / M.

5. **REORDER (defer) — Keep org phase-2 (SSO/LDAP, read audit, per-collection
   subkeys, HTTP plane) parked behind extension org parity.** *Why:* high-effort,
   no demand, pointless while the org feature has no GUI. *Impact/Effort:* M / H.

6. **CUT (future investment, not deletion) — Stop *deepening* the over-served
   areas:** no more stego-robustness work, no recovery-QR elaboration, leave
   field-history's knobs alone. Don't remove working features — just stop
   investing in them.

7. **Housekeeping — sync `STATUS.md` and `ROADMAP.md:10`** to reflect v0.8.1 as
   tagged. Five minutes; it's the exact drift this audit exists to catch.

**On mobile & v1.0:** mobile is the single biggest TAM ceiling, but a high-effort,
post-v1.0 bet that partly contradicts the desktop/CLI shape of the product — a
separate-product-scale investment, not the next move. Frame **v1.0 = the thesis,
fully usable on the surfaces you already support**: extension org parity +
personal parity holes closed + positioning sharpened. Mobile is a v1.x conversation.

## PM brief

```markdown
## PRODUCT DIRECTIVE TO PM
Time: 2026-06-20 (local)
Source: /product-expert roadmap audit (fast)

Reality note: v0.8.1 is TAGGED (org item-type parity). The org vault backend is
fully shipped but has ZERO extension GUI — the whole enterprise feature is
CLI-only. STATUS.md still says "Last release tagged: v0.6.0" and "tag pending PM";
sync those (5-min housekeeping) before anything else.

Roadmap changes (priority order):
1. REORDER — extension org READ (org switch + collection-filtered browse) is the
   next slice; org WRITE follows as its own slice. Scope to item usage, not admin
   ops. This outranks the command palette and personal-parity polish.
2. PIVOT (positioning) — re-lead messaging with "two secrets into the KDF +
   self-host + zero server metadata + git audit"; present the stego image as an
   optional second-factor flavor, not the headline. Keep the feature.
3. ADD — autofill: match by registrable domain (eTLD+1), not exact hostname.
4. ADD — favorites UI + group/tag editing across all item-type forms (parity).

Recommended next slice: extension org READ (H impact / M effort — puts a usable
face on the backend you already paid for).

Out of scope / do NOT pick up: org phase-2 (SSO/LDAP, read audit, per-collection
subkeys) until org has a GUI; further stego/recovery-QR hardening; mobile (post-v1.0).
```