johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clavitor/clavis
History
James 230acd394e feat: vault v2 rewrite — CVT tokens, scoped access, agents-as-entries, 14 importers 
Complete vault rewrite with correct foundation:

- CVT encrypted envelope tokens (type 0x00 wire, type 0x01 client credential)
- Agents and scopes stored as L1-encrypted entries (no separate tables)
- Scope-based access control with AgentCanAccess() set intersection
- Owner-only admin enforcement (agents cannot manage agents/scopes)
- 14 password manager importers (Proton, Bitwarden, 1Password, LastPass,
  Dashlane, KeePass, KeePassXC, NordPass, Keeper, RoboForm, Enpass,
  Safari/iCloud, Chrome, Firefox)
- FIELD_SPEC single source of truth for field kind and tier
- L2/L3 client-side encryption on import (PRF required)
- Domain classification service on clavitor.ai/classify
- Scope auto-assignment during import (13 categories)
- Light theme default (Figtree font, matching clavitor.ai branding)
- Unified page shell across all screens (topbar on every page)
- Batch import with progress indicator
- ZIP extraction for Proton Pass exports
- Proton dedup by title+user+url
- 55 tests passing (26 API + 29 lib)
- Key leak detection tests (L1/L2/L3 never in responses)
- CLI updated for CVT token format
- Old code archived in _old/

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 		2026-03-31 13:36:04 -04:00
..
clavis-android chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-chrome chore: auto-commit uncommitted changes 2026-03-26 00:01:24 -04:00
clavis-cli feat: vault v2 rewrite — CVT tokens, scoped access, agents-as-entries, 14 importers 2026-03-31 13:36:04 -04:00
clavis-crypto chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-firefox chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-ios chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-safari chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-vault feat: vault v2 rewrite — CVT tokens, scoped access, agents-as-entries, 14 importers 2026-03-31 13:36:04 -04:00
.DS_Store chore: auto-commit uncommitted changes 2026-03-26 00:01:24 -04:00
._.DS_Store chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
Makefile rebrand: rename vault1984 references to clavitor in Makefile and pop-sync (C-005) 2026-03-29 07:16:12 -04:00
README.md chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00

README.md

Clavis

Secure vault platform with multi-client support.

Architecture

Clavis is the vault server. Everything else is a client that talks to it.

Structure

Active Development

Directory Purpose Status
clavis-vault/ Vault server with embedded UI (Go, FIPS 140-3) Active
clavis-crypto/ JavaScript crypto layer Active
clavis-cli/ CLI for agents Active
clavis-chrome/ Chrome browser extension Active

Planned

Directory Purpose Status
clavis-firefox/ Firefox browser extension Announced
clavis-safari/ Safari browser extension Announced
clavis-ios/ iOS native app Announced
clavis-android/ Android native app Announced

Build

make deploy            # Build + test + restart everything
make deploy-vault      # Build + test + restart vault only
make deploy-web        # Build + restart website only
make status            # Check running processes
make logs-vault        # Tail vault logs
make logs-web          # Tail web logs

Clients

The vault supports multiple client types:

  • Web: Built-in UI served by vault (clavis-vault/)
  • CLI: Command-line tool for automation/agents (clavis-cli/)
  • Browser Extension: Auto-fill and TOTP in Chrome (clavis-chrome/)
  • Mobile: Native iOS/Android apps (planned)

Security

  • FIPS 140-3 validated crypto (BoringCrypto via GOEXPERIMENT)
  • Zero-knowledge architecture
  • Vault server is the single source of truth

License

Proprietary — © Clavitor