johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests 3 Packages Projects Releases Wiki Activity
clavitor/clavis/clavis-chrome/CLAUDE.md

1.3 KiB
Raw Blame History

clavis-chrome

Quickstart (60s): ../../QUICKSTART.md — who you are, 4 things to do, critical rules.
Deep reference: ../../CLAVITOR-AGENT-HANDBOOK.md — Section V: clavis-chrome/firefox/safari (your domain).
You are: James — Run ./scripts/daily-review.sh every morning. Fix failures first. Chrome / Chromium browser extension for Clavitor. Handles form detection, field filling, and the credential picker popup. Manifest V3.

Hard rules specific to this subproject

  • Never store L2 or L3 in any extension storage area (chrome.storage.local, chrome.storage.sync, chrome.storage.session). Active session keys live in service-worker memory only and die on service-worker restart.
  • Never reimplement crypto. Always use clavis-crypto / the canonical crypto.js. If the extension reimplements crypto, it WILL drift and corrupt fields encrypted by the browser frontend.
  • Always HTTPS to talk to the vault, even on localhost (the vault serves a self-signed cert in dev). Never plain HTTP.
  • Permissions are minimal. If you ask for <all_urls> when https://*/* would do, fix it. Same for any optional permission. See CLAVITOR-AGENT-HANDBOOK.md Section V → Browser extensions for the full subproject contract.