# clavitor-cli — Pure C CLI for credential access

## Build
```bash
make           # build for host (output: clavitor-cli)
make strip     # strip binary (<1MB target)
make clean     # remove build artifacts
make size      # show binary size
```

## Test
```bash
./clavitor-cli test-crypto              # BearSSL + JS crypto self-tests
./clavitor-cli test-totp <base32-seed>  # TOTP generation test
./clavitor-cli test-roundtrip           # runs crypto/test_crypto.js
```

## Code Style
- **Standard**: C11 (`-std=c11`), QuickJS sources use `-std=gnu11`
- **Indent**: 4 spaces
- **Comments**: `/* */` style only
- **Naming**: `snake_case` functions, `struct clv_*` types, `CLV_*_H` include guards
- **Headers**: Include guards required, co-located with .c files in `src/`
- **Error handling**: Return 0 for success, non-zero for failure
- **Static**: Mark internal functions as `static`
- **No system deps**: All dependencies vendored in `vendor/`

## Architecture
- `src/main.c` — CLI entry, command parsing (get, list, totp, test-*)
- `src/http.c` — HTTPS client via BearSSL
- `src/keystore.c` — AES-GCM encrypted config at `~/.config/clavitor/config`
- `src/jsbridge.c` — QuickJS bridge for shared crypto logic
- `src/util.c` — Base64, URL encoding