alee/relicario
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity
Files
b1af0a11bc573a6984a6787d2637041b9a4c7834
relicario/CHANGELOG.md
adlee-was-taken 39ae2ecbf3 style: capitalize "Relicario" in prose / UI / CLI help 
Brand name uses capital R in user-facing text — extension UI strings,
CLI clap help / descriptions / error prose, markdown docs. Lowercase
preserved for the binary command, crate names, npm package, file
paths, env vars, and code identifiers.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-01 17:29:10 -04:00

129 lines
6.5 KiB
Markdown
Raw Blame History

# Changelog
## Unreleased
### Added
- **Sync now button** in the extension settings view — surfaces the
previously hidden `{ type: 'sync' }` SW message to users with success /
error feedback.
- **Device registration from the popup.** The "Register this device"
button on the devices view now opens an inline name input and (on
confirm) generates a keypair via WASM, persists the private key + name
locally, and writes the device to the remote — no setup-wizard detour.
Backed by a new `register_this_device` SW message.
- **`relicario settings generator-defaults`** — view-and-edit access to the
generator defaults stored in `VaultSettings`. Flags: `--random` /
`--bip39` to switch mode, `--length`, `--words`, `--symbols`,
`--separator` to update fields of the active mode.
- **`relicario edit` now supports TOTP items.** Issuer, label, and secret
rotation work; rotated secrets are pushed to `field_history` (key:
`core:totp_secret`).
- **`relicario history <query>`** — view captured field history. Values
are masked by default; `--show` reveals them; `--field <name>` filters
to one synthetic key (e.g. `login_password`, `totp_secret`).
- **`relicario detach <query> <aid>`** — remove an individual attachment
from an item. Refuses to drop a Document item's primary attachment
(use `purge` instead).
- **`relicario status`** — vault summary: root path, item count
(active / trashed), attachment count + total bytes, registered device
count, last commit (`%h %s`).
- **Backup & restore.** New `relicario backup export <out.relbak>` and
`relicario backup restore <in.relbak> [<dir>]` commands. The `.relbak`
format is a single encrypted file: Argon2id-derived key from a
user-chosen backup passphrase (independent of the vault factor),
XChaCha20-Poly1305 ciphertext, zstd-compressed JSON envelope.
Reference image and `.git/` history are opt-in inclusions
(`--include-image`, `--no-history`).
- **Vault-tab Backup & Restore panel.** Export downloads the
`.relbak` via `chrome.downloads`. Restore takes a file + backup
passphrase + new-remote config and writes the vault into a fresh
empty repo (refuses to clobber existing). Git history is never
bundled from the extension — CLI is the source of full backups.
- **LastPass CSV import.** New `relicario import lastpass <csv>`
command + vault-tab Import panel (`vault.html#import`).
Logins map to `Login` items; rows with `url == "http://sn"`
map to `SecureNote` (extra column → body verbatim, structured
data preserved as-is for manual re-categorization). TOTP
secrets in the `totp` column are base32-decoded into
`LoginCore.totp`; bad base32 surfaces a warning and the login
is imported without TOTP. Failed rows (missing `name`, missing
password on a login) are skipped with a per-row warning.
Each row gets a freshly-minted ID — re-running the import
creates duplicates rather than corrupting state.
- **Popup deep link to the Import panel.** `settings-vault`
gains an "import" section with a `LastPass CSV →` button
next to the existing `Backup & restore →` button.
- **`relicario status` shows last export age.** New `Last export:
<human-readable>` line reading `.relicario/last_backup` (a marker
file `cmd_backup_export` writes on success). Reads "never" for
fresh vaults, "4 days ago" otherwise.
### Known limitations
- **Mid-restore failure leaves the target remote in a half-written
state.** `cmd_backup_restore` and the vault-tab Restore panel both
write artifacts sequentially via `writeFileCreateOnly`. If the
process is interrupted partway, a retry against the same remote
refuses to clobber. Workaround: delete the partial repo and retry.
- **Cross-tool backup compatibility.** CLI-exported backups stored
attachments at `<item_id>/<aid>.enc`; extension stores at flat
`<aid>.bin`. The `.relbak` envelope canonicalizes to `<item_id>/<aid>`
keys and each tool translates at the boundary. Round-trip works in
both directions.
### Internal
- Refactored `cmd_add` and `cmd_edit` in the CLI: each `ItemCore` variant
now has its own `build_*_item` / `edit_*` helper. Pure mechanical
extraction; behavior unchanged. The dispatcher matches and delegates.
- Extracted pure helpers (`escapeHtml`, `ratePassphrase`, `scheduleRate`,
`entropyText`, `STRENGTH_LABELS`) from `extension/src/setup/setup.ts`
into `setup-helpers.ts`. State-coupled `updateStrengthUi` stays in
`setup.ts` since it walks live wizard state. Setup.ts went from
1205 → 1137 lines.
### Changed
- `relicario generate` now consults `VaultSettings.generator_defaults` when
invoked inside an initialized vault. Explicit flags (`--length`,
`--bip39`, `--words`, `--symbols`, `--separator`) override the vault
default. Outside a vault, behavior is unchanged (length 20, safe symbol
set, 5 BIP39 words, space separator).
## v0.2.0 — 2026-04-27
### Fixed
- **Setup wizard could silently overwrite an existing vault.** Pointing the
wizard at a remote that already contained a Relicario vault would clobber
`manifest.enc`, `.relicario/salt`, and friends with no warning. The wizard
now probes the remote after the connection test and refuses to create a
new vault on top of an existing one. Affected users whose vault was wiped
by this bug should restore from the git history of the affected repo
(`git log` + `git checkout <pre-init-sha> -- .`).
- **New devices registered during initial setup were silently dropped.** The
wizard's Step 5 fired `add_device` over a service-worker channel that
required an unlocked vault, which is unavailable mid-wizard. Device pubkeys
now write directly to `.relicario/devices.json` from the wizard.
- **Wizard-created vaults were missing `settings.enc`.** The CLI's `init`
writes a default-`VaultSettings` `settings.enc` alongside `manifest.enc`,
but the wizard skipped it, causing every `get_vault_settings` SW call to
404. The wizard now encrypts and writes `settings.enc` using a new
`default_vault_settings_json` WASM helper that keeps defaults in sync
with Rust core.
### Added
- **Attach this device to an existing vault — purely from the GUI.** New
Step 0 mode picker splits the wizard into "create new vault" and "attach
this device." The attach path takes a passphrase + reference image, fetches
the existing manifest, verifies the credentials by decrypting it, and only
then registers a new device key. No CLI required for multi-device setup.
- `GitHost.lastCommit(path)` and `GitHost.writeFileCreateOnly(path, ...)`.
- `default_vault_settings_json()` WASM export.
## v0.1.0 — 2026-04-22
Initial release.
Reference in New Issue View Git Blame Copy Permalink