alee/relicario
1
0
Fork 0
Code Issues Pull Requests 4 Actions Packages Projects Releases Wiki Activity
Files
d6703be2b1fd803c44fe04f86ea85d46277f8f7c
relicario/CHANGELOG.md
adlee-was-taken 39ae2ecbf3 style: capitalize "Relicario" in prose / UI / CLI help 
Brand name uses capital R in user-facing text — extension UI strings,
CLI clap help / descriptions / error prose, markdown docs. Lowercase
preserved for the binary command, crate names, npm package, file
paths, env vars, and code identifiers.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-01 17:29:10 -04:00

6.5 KiB
Raw Blame History

Changelog

Unreleased

Added

  • Sync now button in the extension settings view — surfaces the previously hidden { type: 'sync' } SW message to users with success / error feedback.
  • Device registration from the popup. The "Register this device" button on the devices view now opens an inline name input and (on confirm) generates a keypair via WASM, persists the private key + name locally, and writes the device to the remote — no setup-wizard detour. Backed by a new register_this_device SW message.
  • relicario settings generator-defaults — view-and-edit access to the generator defaults stored in VaultSettings. Flags: --random / --bip39 to switch mode, --length, --words, --symbols, --separator to update fields of the active mode.
  • relicario edit now supports TOTP items. Issuer, label, and secret rotation work; rotated secrets are pushed to field_history (key: core:totp_secret).
  • relicario history <query> — view captured field history. Values are masked by default; --show reveals them; --field <name> filters to one synthetic key (e.g. login_password, totp_secret).
  • relicario detach <query> <aid> — remove an individual attachment from an item. Refuses to drop a Document item's primary attachment (use purge instead).
  • relicario status — vault summary: root path, item count (active / trashed), attachment count + total bytes, registered device count, last commit (%h %s).
  • Backup & restore. New relicario backup export <out.relbak> and relicario backup restore <in.relbak> [<dir>] commands. The .relbak format is a single encrypted file: Argon2id-derived key from a user-chosen backup passphrase (independent of the vault factor), XChaCha20-Poly1305 ciphertext, zstd-compressed JSON envelope. Reference image and .git/ history are opt-in inclusions (--include-image, --no-history).
  • Vault-tab Backup & Restore panel. Export downloads the .relbak via chrome.downloads. Restore takes a file + backup passphrase + new-remote config and writes the vault into a fresh empty repo (refuses to clobber existing). Git history is never bundled from the extension — CLI is the source of full backups.
  • LastPass CSV import. New relicario import lastpass <csv> command + vault-tab Import panel (vault.html#import). Logins map to Login items; rows with url == "http://sn" map to SecureNote (extra column → body verbatim, structured data preserved as-is for manual re-categorization). TOTP secrets in the totp column are base32-decoded into LoginCore.totp; bad base32 surfaces a warning and the login is imported without TOTP. Failed rows (missing name, missing password on a login) are skipped with a per-row warning. Each row gets a freshly-minted ID — re-running the import creates duplicates rather than corrupting state.
  • Popup deep link to the Import panel. settings-vault gains an "import" section with a LastPass CSV → button next to the existing Backup & restore → button.
  • relicario status shows last export age. New Last export: <human-readable> line reading .relicario/last_backup (a marker file cmd_backup_export writes on success). Reads "never" for fresh vaults, "4 days ago" otherwise.

Known limitations

  • Mid-restore failure leaves the target remote in a half-written state. cmd_backup_restore and the vault-tab Restore panel both write artifacts sequentially via writeFileCreateOnly. If the process is interrupted partway, a retry against the same remote refuses to clobber. Workaround: delete the partial repo and retry.
  • Cross-tool backup compatibility. CLI-exported backups stored attachments at <item_id>/<aid>.enc; extension stores at flat <aid>.bin. The .relbak envelope canonicalizes to <item_id>/<aid> keys and each tool translates at the boundary. Round-trip works in both directions.

Internal

  • Refactored cmd_add and cmd_edit in the CLI: each ItemCore variant now has its own build_*_item / edit_* helper. Pure mechanical extraction; behavior unchanged. The dispatcher matches and delegates.
  • Extracted pure helpers (escapeHtml, ratePassphrase, scheduleRate, entropyText, STRENGTH_LABELS) from extension/src/setup/setup.ts into setup-helpers.ts. State-coupled updateStrengthUi stays in setup.ts since it walks live wizard state. Setup.ts went from 1205 → 1137 lines.

Changed

  • relicario generate now consults VaultSettings.generator_defaults when invoked inside an initialized vault. Explicit flags (--length, --bip39, --words, --symbols, --separator) override the vault default. Outside a vault, behavior is unchanged (length 20, safe symbol set, 5 BIP39 words, space separator).

v0.2.0 — 2026-04-27

Fixed

  • Setup wizard could silently overwrite an existing vault. Pointing the wizard at a remote that already contained a Relicario vault would clobber manifest.enc, .relicario/salt, and friends with no warning. The wizard now probes the remote after the connection test and refuses to create a new vault on top of an existing one. Affected users whose vault was wiped by this bug should restore from the git history of the affected repo (git log + git checkout <pre-init-sha> -- .).
  • New devices registered during initial setup were silently dropped. The wizard's Step 5 fired add_device over a service-worker channel that required an unlocked vault, which is unavailable mid-wizard. Device pubkeys now write directly to .relicario/devices.json from the wizard.
  • Wizard-created vaults were missing settings.enc. The CLI's init writes a default-VaultSettings settings.enc alongside manifest.enc, but the wizard skipped it, causing every get_vault_settings SW call to 404. The wizard now encrypts and writes settings.enc using a new default_vault_settings_json WASM helper that keeps defaults in sync with Rust core.

Added

  • Attach this device to an existing vault — purely from the GUI. New Step 0 mode picker splits the wizard into "create new vault" and "attach this device." The attach path takes a passphrase + reference image, fetches the existing manifest, verifies the credentials by decrypting it, and only then registers a new device key. No CLI required for multi-device setup.
  • GitHost.lastCommit(path) and GitHost.writeFileCreateOnly(path, ...).
  • default_vault_settings_json() WASM export.

v0.1.0 — 2026-04-22

Initial release.

Reference in New Issue View Git Blame Copy Permalink