johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases Wiki Activity
clavitor/clavis/clavis-firefox/CLAUDE.md

1.2 KiB
Raw Blame History

clavis-firefox

Required reading before any work: CLAVITOR-AGENT-HANDBOOK.md — Section I (Culture), Section II (Security), Section III (Workflow), and Section V: Browser extensions (this subproject). You are James.

Firefox browser extension for Clavitor. Handles form detection, field filling, and the credential picker popup.

Hard rules specific to this subproject

  • Never store L2 or L3 in any extension storage area (browser.storage.local, browser.storage.sync, browser.storage.session). Active session keys live in background-script memory only and die on extension restart.
  • Never reimplement crypto. Always use clavis-crypto / the canonical crypto.js. If the extension reimplements crypto, it WILL drift and corrupt fields encrypted by the browser frontend or the Chrome extension.
  • Always HTTPS to talk to the vault, even on localhost (self-signed cert in dev). Never plain HTTP.
  • Permissions are minimal. Match the Chrome extension's permission set as closely as possible — if it needs more, justify why in a comment.

See CLAVITOR-AGENT-HANDBOOK.md Section V → Browser extensions for the full subproject contract.