Skip to content

Latest commit

 

History

History
98 lines (76 loc) · 2.9 KB

File metadata and controls

98 lines (76 loc) · 2.9 KB

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[1.0.0] - 2026-03-28

Added

Browser Extension (Simplified Architecture)

  • Complete browser extension with built-in vault storage
  • Popup UI for password management (search, add, edit, delete)
  • Options page for vault settings (change master password, export/import)
  • Setup wizard for first-time users
  • Web Crypto API encryption (AES-256-GCM)
  • PBKDF2 key derivation from master password (100,000 iterations)
  • Brute-force protection (5 attempts → 5-minute lockout)
  • Auto-lock after 5 minutes of inactivity
  • Session token mechanism for secure autofill

MCP Server Integration

  • list_passwords tool - List all password entries
  • get_password tool - Get password by domain/name (copies to clipboard)
  • add_password tool - Add new password entry (requires confirmation)
  • Password privacy: actual passwords never returned to AI model
  • Username masking in responses
  • Audit logging for all password access

Playwright Integration

  • PasswordHelper class for E2E testing
  • Direct form filling (fallback method)
  • Extension communication via chrome.runtime
  • Vault lock/unlock control

Changed

Architecture Simplification

  • REMOVED: Native Service (Unix Socket server)
  • REMOVED: Native Messaging Host
  • REMOVED: System keychain dependency
  • ADDED: Browser extension with built-in vault
  • ADDED: chrome.storage.local for data persistence
  • ADDED: Master password authentication (replaces system keychain)

Migration Guide

From Native Service Architecture

  1. Export your passwords from the old vault:

    pm list --json > passwords-backup.json
  2. Install the new browser extension:

    npm run build:extension
    # Load dist/extension/ in Chrome
  3. Set up the new vault:

    • Click extension icon
    • Create new master password
    • Import passwords manually
  4. Stop the old Native Service:

    pkill -f password-manager-native

Security Improvements

  • Session tokens are now single-use and expire after 5 minutes
  • Added brute-force protection with lockout
  • Added auto-lock after inactivity
  • Password entries include creation/update timestamps
  • All encryption uses Web Crypto API (browser-native)

Breaking Changes

  • native-service.ts removed - no longer needed
  • src/native-host/ directory removed
  • System keychain no longer used for master key storage
  • Users must remember master password (no recovery mechanism)

[0.1.0] - 2025-03-27

Added

  • Initial release with CLI interface
  • SQLite storage with encryption
  • System keychain integration
  • Native Service for browser extension communication
  • Native Messaging Host
  • MCP Server support
  • Basic E2E tests