johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clavitor/docs/X-ANNOUNCEMENT.md

165 lines
3.5 KiB
Markdown
Raw Blame History

# X.com Announcement — Clavitor
## Option A — Technical angle (developers)
```
Introducing Clavitor 🔐
A password manager built for the AI era.
The problem: your AI assistant needs your GitHub key.
It doesn't need your CVV.
Clavitor has two-tier encryption:
→ L1 (server key): AI can read. API keys, SSH, TOTP.
→ L2 (WebAuthn/Touch ID): AI cannot read. Ever.
Card numbers, passport, private keys stay client-side.
One Go binary. One SQLite file. Port 1984.
LLM-powered import from Chrome/Firefox/Bitwarden/Proton.
Browser extension with AI field mapping.
MCP tools for Claude/Codex/Cursor.
MIT. github.com/johanj/clavitor
```
---
## Option B — Story angle
```
I gave my AI assistant the keys to my house.
Then I realized he didn't need the key to my safe.
Clavitor: a password manager that knows the difference.
→ Your AI gets your GitHub keys, API tokens, SSH access
→ Your CVV, card numbers, passport — Touch ID only, never on the server
Not "AI has access to everything."
Not "AI has access to nothing."
Smart access. Per field.
Port 1984. Because someone has to watch the watchers.
github.com/johanj/clavitor
```
---
## Option C — Short punchy (for engagement)
```
Built a password manager today.
Port: 1984
Reason: your AI shouldn't know your CVV
Two-tier encryption — some fields your AI can read,
some only unlock with Touch ID. Key never hits the server.
LLM import from any password manager export.
MCP for Claude/Codex/Cursor.
One binary. MIT.
github.com/johanj/clavitor
```
---
## Thread format (recommended — 6 tweets)
**Tweet 1:**
```
Clavitor — a password manager for humans with AI assistants 🔐
Your AI needs your GitHub key.
It doesn't need your CVV.
No existing tool models this correctly. So we built one.
🧵
```
**Tweet 2:**
```
The insight: not all credentials are equal.
→ API keys, SSH, TOTP codes → AI can use these
→ Card numbers, passport, private keys → AI should never see these
But every existing password manager is all-or-nothing.
Clavitor is per-field.
```
**Tweet 3:**
```
How it works:
L1 (server key): AI-readable. Stored encrypted on your server.
L2 (WebAuthn PRF): Client-side ONLY.
Touch ID → key derived in browser → L2 fields decrypt.
Key never exists on server.
Even shell access can't read L2. Math, not policy.
```
**Tweet 4:**
```
The import is the killer feature.
Chrome CSV, Firefox CSV, Bitwarden JSON, Proton Pass JSON — parsed natively. No LLM needed.
12,000+ entries? Instant.
Collision resolution by source modification date.
Newest password wins. Per entry.
```
**Tweet 5:**
```
For AI developers:
MCP endpoint built in.
get_credential(), get_totp(), check_expiring()
Your Claude/Codex/Cursor agent can authenticate autonomously —
to the services you explicitly allow.
~/.claude/mcp.json → done.
```
**Tweet 6:**
```
One Go binary. One SQLite file. Port 1984.
MIT license. Self-hosted.
Because someone has to watch the watchers.
github.com/johanj/clavitor
(yes, the port number is intentional)
```
---
## Timing recommendations
- Post during US morning (9-11am ET) on a weekday for max dev audience
- Tuesday or Wednesday perform best for tech announcements
- Tag: @steipete if/when submitting to OpenClaw community
- Hashtags: #opensource #security #AI #passwordmanager #selfhosted
## Accounts to tag/notify
- @steipete (OpenClaw creator)
- @openclaw
- @AlexFinn (power user, amplifies community projects)
- Hacker News "Show HN" post same day (different copy, more technical)
Reference in New Issue View Git Blame Copy Permalink