All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Complete browser extension with built-in vault storage
- Popup UI for password management (search, add, edit, delete)
- Options page for vault settings (change master password, export/import)
- Setup wizard for first-time users
- Web Crypto API encryption (AES-256-GCM)
- PBKDF2 key derivation from master password (100,000 iterations)
- Brute-force protection (5 attempts → 5-minute lockout)
- Auto-lock after 5 minutes of inactivity
- Session token mechanism for secure autofill
list_passwordstool - List all password entriesget_passwordtool - Get password by domain/name (copies to clipboard)add_passwordtool - Add new password entry (requires confirmation)- Password privacy: actual passwords never returned to AI model
- Username masking in responses
- Audit logging for all password access
PasswordHelperclass for E2E testing- Direct form filling (fallback method)
- Extension communication via chrome.runtime
- Vault lock/unlock control
- REMOVED: Native Service (Unix Socket server)
- REMOVED: Native Messaging Host
- REMOVED: System keychain dependency
- ADDED: Browser extension with built-in vault
- ADDED: chrome.storage.local for data persistence
- ADDED: Master password authentication (replaces system keychain)
-
Export your passwords from the old vault:
pm list --json > passwords-backup.json -
Install the new browser extension:
npm run build:extension # Load dist/extension/ in Chrome -
Set up the new vault:
- Click extension icon
- Create new master password
- Import passwords manually
-
Stop the old Native Service:
pkill -f password-manager-native
- Session tokens are now single-use and expire after 5 minutes
- Added brute-force protection with lockout
- Added auto-lock after inactivity
- Password entries include creation/update timestamps
- All encryption uses Web Crypto API (browser-native)
native-service.tsremoved - no longer neededsrc/native-host/directory removed- System keychain no longer used for master key storage
- Users must remember master password (no recovery mechanism)
- Initial release with CLI interface
- SQLite storage with encryption
- System keychain integration
- Native Service for browser extension communication
- Native Messaging Host
- MCP Server support
- Basic E2E tests