johan
/
clavitor
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
clavitor/clavis
History
James dcdca016db feat: add MITM proxy mode with LLM policy evaluation (C-017) 
- New package clavis/clavis-vault/proxy/
  - HTTPS MITM proxy via HTTP CONNECT tunnel
  - Dynamic per-host TLS cert generation (signed by local CA)
  - CA cert auto-generated at DataDir/proxy/ca.crt (1-year validity)
  - Per-cert cache with 24h TTL
  - Credential injection hook (stub — DB wiring next)
  - LLM policy evaluation hook (stub — OpenAI-compatible API)
  - L2 (identity/card) fields are never injectable by design

- cmd/clavitor/main.go: new flags
  --proxy            Enable proxy mode (default: off)
  --proxy-addr       Listen addr (default: 127.0.0.1:19840)
  --proxy-llm        Enable LLM policy evaluation
  --proxy-llm-url    LLM base URL (OpenAI-compat)
  --proxy-llm-key    LLM API key
  --proxy-llm-model  LLM model name

Usage:
  clavitor --proxy
  export HTTP_PROXY=http://127.0.0.1:19840 HTTPS_PROXY=http://127.0.0.1:19840
  # Install DataDir/proxy/ca.crt in OS trust store for HTTPS MITM
 		2026-03-29 08:54:51 -04:00
..
clavis-android chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-chrome chore: auto-commit uncommitted changes 2026-03-26 00:01:24 -04:00
clavis-cli chore: auto-commit uncommitted changes 2026-03-28 06:01:23 -04:00
clavis-crypto chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-firefox chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-ios chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-safari chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
clavis-vault feat: add MITM proxy mode with LLM policy evaluation (C-017) 2026-03-29 08:54:51 -04:00
.DS_Store chore: auto-commit uncommitted changes 2026-03-26 00:01:24 -04:00
._.DS_Store chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00
Makefile rebrand: rename vault1984 references to clavitor in Makefile and pop-sync (C-005) 2026-03-29 07:16:12 -04:00
README.md chore: auto-commit uncommitted changes 2026-03-25 06:04:04 -04:00

README.md

Clavis

Secure vault platform with multi-client support.

Architecture

Clavis is the vault server. Everything else is a client that talks to it.

Structure

Active Development

Directory Purpose Status
clavis-vault/ Vault server with embedded UI (Go, FIPS 140-3) Active
clavis-crypto/ JavaScript crypto layer Active
clavis-cli/ CLI for agents Active
clavis-chrome/ Chrome browser extension Active

Planned

Directory Purpose Status
clavis-firefox/ Firefox browser extension Announced
clavis-safari/ Safari browser extension Announced
clavis-ios/ iOS native app Announced
clavis-android/ Android native app Announced

Build

make deploy            # Build + test + restart everything
make deploy-vault      # Build + test + restart vault only
make deploy-web        # Build + restart website only
make status            # Check running processes
make logs-vault        # Tail vault logs
make logs-web          # Tail web logs

Clients

The vault supports multiple client types:

  • Web: Built-in UI served by vault (clavis-vault/)
  • CLI: Command-line tool for automation/agents (clavis-cli/)
  • Browser Extension: Auto-fill and TOTP in Chrome (clavis-chrome/)
  • Mobile: Native iOS/Android apps (planned)

Security

  • FIPS 140-3 validated crypto (BoringCrypto via GOEXPERIMENT)
  • Zero-knowledge architecture
  • Vault server is the single source of truth

License

Proprietary — © Clavitor