Skip to content

Releases: allisson/blindpass

v0.11.0

Choose a tag to compare

@allisson allisson released this 22 May 14:43
1d5bf74

Added

  • Live TOTP code in the item list — the 6-digit code and seconds-remaining now render inline on each row that has a TOTP secret, updating every second and turning destructive-coloured at ≤5s, so you can copy without opening the detail view
  • Duplicate item from the detail view — opens the new-item form pre-populated from the source (title suffixed " (copy)", folder seeded), so you can fork and edit any field before saving. Hidden for viewers of read-only shared vaults
  • Recently Viewed section at the top of the vault list — surfaces the last 5 items you opened when no filter or search is active and you're in single-vault mode. Cleared on lock and sign-out so it cannot outlive the keychain that owned it

Internal

  • QuotaSlot brand (apps/server/src/vaults/quota.ts) — reserveItemQuota mints a slot carrying vaultId; items.createWithVersion and batchCreateWithVersion now require one, so an item insert can no longer skip the lock-count-limit assertion at compile time. Matches the brand-as-obligation pattern of ProofOfSession and TxDb
  • registerCompleteAuthRoute factory (apps/server/src/routes/auth/complete-route.ts) — folds the asTx → service → sendAuthFailure → session.attachCookie → 200 reply seam shared by completeLogin, completeRegistration, and completeRecovery into one helper. Each complete-*.ts file shrinks to its variance (path, schema, rate-limit count, and a run(tx, request, clock) callback that calls the service and shapes the payload)
  • ADR-0009 — records why uniformly-shaped thin vault-resource services (e.g. FoldersService) are kept rather than dissolved

v0.10.0

Choose a tag to compare

@allisson allisson released this 21 May 01:33
39de775

Added

  • Biometric credential registry — server now tracks enrolled passkeys per device; credentials can be revoked from the Sessions page so a lost or untrusted device loses biometric access immediately

Internal

  • Session lifecycle extracted to session-lifecycle.ts; auth error dispatch and session pub-sub replace DOM events (#55)
  • Expired-row cleanup (sessions, recovery tokens, enrollments) pushed into repositories; startup hook removed from index.ts (#54)
  • Vault error dispatch centralised in vaults/access.ts; access query deduplicated (#53)
  • @blindpass/types package absorbed into packages/crypto; vault list services added (#52)
  • Vault item navigation uses TanStack Router instead of manual cache-bust (#51)

v0.9.0

Choose a tag to compare

@allisson allisson released this 19 May 13:02
84c03c7

Added

  • Vault deletion — owners can delete a vault from the vault picker; all items inside are permanently purged immediately

Fixed

  • Filter row consolidated into a single layout component; isMobile prop removed from VaultSheet and ItemCard; ListPanelAnimator and SyncStatusBar polished; flaky e2e specs for folders, sync, and type-filter corrected

v0.8.0

Choose a tag to compare

@allisson allisson released this 18 May 19:18
b7ef4f4

Added

  • "All Vaults" aggregate view — search and browse items across every vault you own or share, with a vault-color dot on each item indicating its source
  • Per-vault deterministic color avatars in the vault picker and on items in the aggregate view
  • Type filter — single-select pill below the folder row that filters the current list by item type; remembered across reloads, resets when you switch vaults

Changed

  • Vault sheet is now a pure vault picker; lock, sign out, theme, and admin moved to a dedicated "More options" menu
  • Folder filter promoted from a horizontal scrolling strip to a dropdown button matching the new type-filter pattern

Removed

  • Command palette (Cmd/Ctrl+K) and the keyboard-shortcuts dialog — the type filter and folder dropdown cover the same flows from the touch UI. See ADR-0007. / still focuses the search input.

Internal

  • TxDb branded type (apps/server/src/db/tx.ts) and asTx() cast. Every write-path service signature (auth, vaults, shares, trash, folders, items) and the vaults/quota.ts advisory-lock helpers now require TxDb, making accidental calls on app.db outside a transaction a compile error. Closes a latent correctness gap where pg_advisory_xact_lock would silently no-op without a surrounding transaction
  • FoldersService (apps/server/src/vaults/folders/service.ts) extracted from inline route logic, mirroring the items / trash / shares service shape; folder write routes and the trash/list reader now run inside db.transaction(...)
  • requireOwner / requireWriter / requireReader exports on vaults/access.ts consolidate the role-gate pattern previously duplicated in items and trash services and in folder routes
  • app.clock Fastify decorator (apps/server/src/plugins/clock.ts) and test/fake-clock.ts helpers (fixedClock, advanceableClock) — session expiry, TOTP verify windows, recovery token expiry, the auth plugin's idle check, and the periodic cleanup interval all read time from app.clock so tests can control it without globally spying on Date.now
  • SessionProof is now an opaque, branded type — the cookie-attach call can only consume a proof produced by session.issue, so a thrown insert cannot leave an orphan cookie on the response
  • useKeychain is the single audit point for keychain access in the web app
  • Duplicate PG 23505 try/catch removed from routes/auth/register.ts and routes/vaults/shares/create-share.ts; the global error handler is now the only place that maps unique-violation to 409
  • Unit tests covering vaults/access.ts role-gate matrix, FoldersService write paths, the auth plugin's clock-driven idle ceiling, and verifyRecovery's clock-driven expiry stamping
  • Integration test app builder (buildIntegrationApp) now registers clockPlugin and the global errorHandler to match production wiring
  • The credential-rotation integration test anchors its mocked clock at real wall-time instead of a far-future fixed date, so the auth plugin's idle check (which now reads app.clock) and Postgres NOW() (used for sessions.last_used_at default) agree within the idle window

Full changelog: https://github.com/allisson/blindpass/blob/v0.8.0/CHANGELOG.md

v0.7.0

Choose a tag to compare

@allisson allisson released this 15 May 15:01
5537e76

Added

  • Import support for 1Password (.1pux), Dashlane (zip bundle), Apple Keychain (CSV), KeePassXC (CSV), and Proton Pass (JSON)
  • ImportResult.attachmentsDropped surfaces the count of file attachments that could not be carried over (BlindPass has no attachment storage); affected items get a [Lost attachments: …] breadcrumb in their notes/content
  • Content-sniff format detection: parsers register a signature that inspects file shape, replacing the filename-extension-only heuristic

Changed

  • Bitwarden importer: items in unknown categories (including Bitwarden 2024.12+ SSH-key type 5 when fields are incomplete) coerce into a secure_note instead of being silently skipped; well-formed SSH keys map natively to developer_credential ssh_key mode
  • CSV parser now correctly handles multi-line quoted fields and strips UTF-8 BOM, fixing silent corruption of notes with embedded newlines

Fixed

  • Selected vault is now visually distinct in the import and export pickers

v0.6.0

Choose a tag to compare

@allisson allisson released this 13 May 16:44
271b71e

Added

  • Vault-aware import/export — export items from any vault and import into a specific vault directly from Settings

v0.5.0

Choose a tag to compare

@allisson allisson released this 13 May 11:32
ef4688e

Added

  • Cross-vault search — find items across all owned and shared vaults from a single search bar
  • Real-time sync for shared vaults — changes made in shared vaults propagate automatically across sessions and devices
  • Mobile-first shell — redesigned app shell optimised for mobile with a fortress-purple visual theme

v0.4.1

Choose a tag to compare

@allisson allisson released this 10 May 15:33
0aa024f

Fixed

  • Biometric unlock now shows a clear, actionable error card when the chosen passkey
    provider doesn't support PRF (e.g. Bitwarden or 1Password on Android). Users are
    told which providers work, how to delete the orphan credential, and that their
    master password is unaffected.

v0.4.0

Choose a tag to compare

@allisson allisson released this 10 May 11:56
766589a

Added

  • Biometric unlock — opt-in per-device unlock using Touch ID, Face ID, Windows Hello, or Android biometric via WebAuthn PRF. The master password still bootstraps each session; biometrics only unwrap a device-scoped key. See ADR-0003 for the security rationale and threat model.

Docker images

  • `allisson/blindpass-server:0.4.0` (linux/amd64, linux/arm64)
  • `allisson/blindpass-webapp:0.4.0` (linux/amd64, linux/arm64)

Full Changelog: v0.3.0...v0.4.0

v0.3.0

Choose a tag to compare

@allisson allisson released this 09 May 14:39
bcb34f5

Positioning release. No server, crypto, or schema changes.

Changed

  • Repositioned README around "web-only by design" with a competitive comparison table; sharpened PRODUCT.md and AGENTS.md to drop browser-extension framing.

Removed

  • Browser extension scaffold (apps/extension/). Will not be pursued — see ADR-0002 for the security rationale (web-store supply chain, host-permission scope creep, MV3 cookie isolation).

Artifacts

  • allisson/blindpass-server:0.3.0
  • allisson/blindpass-webapp:0.3.0