Releases: allisson/blindpass
Releases · allisson/blindpass
Release list
v0.11.0
Added
- Live TOTP code in the item list — the 6-digit code and seconds-remaining now render inline on each row that has a TOTP secret, updating every second and turning destructive-coloured at ≤5s, so you can copy without opening the detail view
- Duplicate item from the detail view — opens the new-item form pre-populated from the source (title suffixed
" (copy)", folder seeded), so you can fork and edit any field before saving. Hidden for viewers of read-only shared vaults - Recently Viewed section at the top of the vault list — surfaces the last 5 items you opened when no filter or search is active and you're in single-vault mode. Cleared on lock and sign-out so it cannot outlive the keychain that owned it
Internal
QuotaSlotbrand (apps/server/src/vaults/quota.ts) —reserveItemQuotamints a slot carryingvaultId;items.createWithVersionandbatchCreateWithVersionnow require one, so an item insert can no longer skip the lock-count-limit assertion at compile time. Matches the brand-as-obligation pattern ofProofOfSessionandTxDbregisterCompleteAuthRoutefactory (apps/server/src/routes/auth/complete-route.ts) — folds theasTx → service → sendAuthFailure → session.attachCookie → 200 replyseam shared bycompleteLogin,completeRegistration, andcompleteRecoveryinto one helper. Eachcomplete-*.tsfile shrinks to its variance (path, schema, rate-limit count, and arun(tx, request, clock)callback that calls the service and shapes the payload)- ADR-0009 — records why uniformly-shaped thin vault-resource services (e.g.
FoldersService) are kept rather than dissolved
v0.10.0
Added
- Biometric credential registry — server now tracks enrolled passkeys per device; credentials can be revoked from the Sessions page so a lost or untrusted device loses biometric access immediately
Internal
- Session lifecycle extracted to
session-lifecycle.ts; auth error dispatch and session pub-sub replace DOM events (#55) - Expired-row cleanup (sessions, recovery tokens, enrollments) pushed into repositories; startup hook removed from
index.ts(#54) - Vault error dispatch centralised in
vaults/access.ts; access query deduplicated (#53) @blindpass/typespackage absorbed intopackages/crypto; vault list services added (#52)- Vault item navigation uses TanStack Router instead of manual cache-bust (#51)
v0.9.0
Added
- Vault deletion — owners can delete a vault from the vault picker; all items inside are permanently purged immediately
Fixed
- Filter row consolidated into a single layout component;
isMobileprop removed fromVaultSheetandItemCard;ListPanelAnimatorandSyncStatusBarpolished; flaky e2e specs for folders, sync, and type-filter corrected
v0.8.0
Added
- "All Vaults" aggregate view — search and browse items across every vault you own or share, with a vault-color dot on each item indicating its source
- Per-vault deterministic color avatars in the vault picker and on items in the aggregate view
- Type filter — single-select pill below the folder row that filters the current list by item type; remembered across reloads, resets when you switch vaults
Changed
- Vault sheet is now a pure vault picker; lock, sign out, theme, and admin moved to a dedicated "More options" menu
- Folder filter promoted from a horizontal scrolling strip to a dropdown button matching the new type-filter pattern
Removed
- Command palette (
Cmd/Ctrl+K) and the keyboard-shortcuts dialog — the type filter and folder dropdown cover the same flows from the touch UI. See ADR-0007./still focuses the search input.
Internal
TxDbbranded type (apps/server/src/db/tx.ts) andasTx()cast. Every write-path service signature (auth, vaults, shares, trash, folders, items) and thevaults/quota.tsadvisory-lock helpers now requireTxDb, making accidental calls onapp.dboutside a transaction a compile error. Closes a latent correctness gap wherepg_advisory_xact_lockwould silently no-op without a surrounding transactionFoldersService(apps/server/src/vaults/folders/service.ts) extracted from inline route logic, mirroring the items / trash / shares service shape; folder write routes and the trash/list reader now run insidedb.transaction(...)requireOwner/requireWriter/requireReaderexports onvaults/access.tsconsolidate the role-gate pattern previously duplicated in items and trash services and in folder routesapp.clockFastify decorator (apps/server/src/plugins/clock.ts) andtest/fake-clock.tshelpers (fixedClock,advanceableClock) — session expiry, TOTP verify windows, recovery token expiry, the auth plugin's idle check, and the periodic cleanup interval all read time fromapp.clockso tests can control it without globally spying onDate.nowSessionProofis now an opaque, branded type — the cookie-attach call can only consume a proof produced bysession.issue, so a thrown insert cannot leave an orphan cookie on the responseuseKeychainis the single audit point for keychain access in the web app- Duplicate PG
23505try/catch removed fromroutes/auth/register.tsandroutes/vaults/shares/create-share.ts; the global error handler is now the only place that maps unique-violation to 409 - Unit tests covering
vaults/access.tsrole-gate matrix,FoldersServicewrite paths, the auth plugin's clock-driven idle ceiling, andverifyRecovery's clock-driven expiry stamping - Integration test app builder (
buildIntegrationApp) now registersclockPluginand the globalerrorHandlerto match production wiring - The credential-rotation integration test anchors its mocked clock at real wall-time instead of a far-future fixed date, so the auth plugin's idle check (which now reads
app.clock) and PostgresNOW()(used forsessions.last_used_atdefault) agree within the idle window
Full changelog: https://github.com/allisson/blindpass/blob/v0.8.0/CHANGELOG.md
v0.7.0
Added
- Import support for 1Password (
.1pux), Dashlane (zip bundle), Apple Keychain (CSV), KeePassXC (CSV), and Proton Pass (JSON) ImportResult.attachmentsDroppedsurfaces the count of file attachments that could not be carried over (BlindPass has no attachment storage); affected items get a[Lost attachments: …]breadcrumb in their notes/content- Content-sniff format detection: parsers register a
signaturethat inspects file shape, replacing the filename-extension-only heuristic
Changed
- Bitwarden importer: items in unknown categories (including Bitwarden 2024.12+ SSH-key type 5 when fields are incomplete) coerce into a
secure_noteinstead of being silently skipped; well-formed SSH keys map natively todeveloper_credentialssh_key mode - CSV parser now correctly handles multi-line quoted fields and strips UTF-8 BOM, fixing silent corruption of notes with embedded newlines
Fixed
- Selected vault is now visually distinct in the import and export pickers
v0.6.0
v0.5.0
Added
- Cross-vault search — find items across all owned and shared vaults from a single search bar
- Real-time sync for shared vaults — changes made in shared vaults propagate automatically across sessions and devices
- Mobile-first shell — redesigned app shell optimised for mobile with a fortress-purple visual theme
v0.4.1
Fixed
- Biometric unlock now shows a clear, actionable error card when the chosen passkey
provider doesn't support PRF (e.g. Bitwarden or 1Password on Android). Users are
told which providers work, how to delete the orphan credential, and that their
master password is unaffected.
v0.4.0
Added
- Biometric unlock — opt-in per-device unlock using Touch ID, Face ID, Windows Hello, or Android biometric via WebAuthn PRF. The master password still bootstraps each session; biometrics only unwrap a device-scoped key. See ADR-0003 for the security rationale and threat model.
Docker images
- `allisson/blindpass-server:0.4.0` (linux/amd64, linux/arm64)
- `allisson/blindpass-webapp:0.4.0` (linux/amd64, linux/arm64)
Full Changelog: v0.3.0...v0.4.0
v0.3.0
Positioning release. No server, crypto, or schema changes.
Changed
- Repositioned README around "web-only by design" with a competitive comparison table; sharpened PRODUCT.md and AGENTS.md to drop browser-extension framing.
Removed
- Browser extension scaffold (
apps/extension/). Will not be pursued — see ADR-0002 for the security rationale (web-store supply chain, host-permission scope creep, MV3 cookie isolation).
Artifacts
allisson/blindpass-server:0.3.0allisson/blindpass-webapp:0.3.0