12 lines
1.4 KiB
Markdown
12 lines
1.4 KiB
Markdown
# clavis-safari
|
|
> **Quickstart (60s):** [../../QUICKSTART.md](../../QUICKSTART.md) — who you are, 4 things to do, critical rules.
|
|
> **Deep reference:** [../../CLAVITOR-AGENT-HANDBOOK.md](../../CLAVITOR-AGENT-HANDBOOK.md) — Section V: clavis-chrome/firefox/safari (your domain).
|
|
> **You are:** **James** — Run `./scripts/daily-review.sh` every morning. Fix failures first.
|
|
Safari browser extension for Clavitor. Handles form detection, field filling, and the credential picker popup. Distributed via the Safari Extensions infrastructure (App Store + Xcode-built container).
|
|
## Hard rules specific to this subproject
|
|
- **Never store L2 or L3** in any extension storage area or the iCloud Keychain. Active session keys live in process memory only and die on extension restart.
|
|
- **Never reimplement crypto.** Always use `clavis-crypto` / the canonical `crypto.js`. If the extension reimplements crypto, it WILL drift and corrupt fields encrypted by other clients.
|
|
- **Always HTTPS** to talk to the vault. Never plain HTTP.
|
|
- **Container app exists only to host the extension.** Do not add unrelated functionality to the container — that's a Mac app and it's not what we're shipping.
|
|
- **Permissions are minimal.** Match the Chrome/Firefox extension permission set; if Safari requires something extra, justify it in a comment with the Safari API doc reference.
|
|
See `CLAVITOR-AGENT-HANDBOOK.md` Section V → Browser extensions for the full subproject contract. |