Complete vault rewrite with correct foundation:
- CVT encrypted envelope tokens (type 0x00 wire, type 0x01 client credential)
- Agents and scopes stored as L1-encrypted entries (no separate tables)
- Scope-based access control with AgentCanAccess() set intersection
- Owner-only admin enforcement (agents cannot manage agents/scopes)
- 14 password manager importers (Proton, Bitwarden, 1Password, LastPass,
Dashlane, KeePass, KeePassXC, NordPass, Keeper, RoboForm, Enpass,
Safari/iCloud, Chrome, Firefox)
- FIELD_SPEC single source of truth for field kind and tier
- L2/L3 client-side encryption on import (PRF required)
- Domain classification service on clavitor.ai/classify
- Scope auto-assignment during import (13 categories)
- Light theme default (Figtree font, matching clavitor.ai branding)
- Unified page shell across all screens (topbar on every page)
- Batch import with progress indicator
- ZIP extraction for Proton Pass exports
- Proton dedup by title+user+url
- 55 tests passing (26 API + 29 lib)
- Key leak detection tests (L1/L2/L3 never in responses)
- CLI updated for CVT token format
- Old code archived in _old/
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- POPs map on /hosted now generated from clavitor.db (28 POPs, 8 live)
- Added /glass (looking glass with client-side latency)
- Added /noc?pin=250365 (NOC dashboard with telemetry)
- Added POST /telemetry endpoint for POP agent heartbeats
- Encryption terminology: Vault/Credential/Identity (no more sealed/agent/L1-L3)
- License: MIT → Elastic License 2.0
- Capitalize Clavitor in all prose
- MCP references → CLI (agents use CLI, not MCP)
- GitHub links disabled (project not public yet)
- New favicon (black square logo) + apple-touch-icon
- Darker worldmap land/borders
- Added CLAUDE.md
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Security fix: Changed from 0.0.0.0 (all interfaces) to 127.0.0.1 (localhost only)
Files modified:
- design-system/server.go
- design-system/server-temp.go
Before: http.ListenAndServe(0.0.0.0:8888, ...) - exposed on LAN/WAN
After: http.ListenAndServe(127.0.0.1:8888, ...) - localhost only
Note: server-temp.go has 60-minute auto-shutdown. Dev server was not running
at time of fix (likely auto-shut or manually killed).
James