0ff6db74cb
Features: - Two-tier encryption (L1 server-side, L2 client-side placeholder) - SQLite with WAL mode - HKDF per-entry key derivation - zstd + AES-256-GCM encryption - HMAC-SHA256 blind indexes for search - Session-based auth - Full CRUD API - Password generator (random + passphrase) - TOTP generation (L1 only, L2 returns flag) - LLM import endpoint (Fireworks) - LLM field mapping endpoint - MCP JSON-RPC endpoint with 5 tools - Vanilla JS web UI (Tailwind, dark theme) - Chrome extension scaffold (MV3) - Audit logging Day 2: WebAuthn PRF, extension autofill, full L2 flow |
||
|---|---|---|
| api | ||
| cmd/clawvault | ||
| extension | ||
| lib | ||
| .gitignore | ||
| README.md | ||
| SPEC.md | ||
| go.mod | ||
| go.sum | ||
README.md
ClawVault
A personal vault with two-tier encryption for AI assistants.
Features
- Two-tier encryption: L1 (server-side, AI-readable) + L2 (client-side only)
- Single binary: Go, cross-compiles, one port (default 8765)
- Single file: SQLite database, portable
- LLM-powered import: Parse any password manager export format
- LLM field mapping: Smart autofill via Chrome extension
- MCP endpoint: AI assistant integration
- TOTP generation: Live TOTP codes for L1 entries
Quick Start
# Generate vault key
export VAULT_KEY=$(openssl rand -hex 32)
export PORT=8765
export DB_PATH=./clawvault.db
# Run
./clawvault
Building
CGO_ENABLED=1 go build ./cmd/clawvault
API Endpoints
GET /health- Health checkPOST /api/auth/setup- Initialize sessionGET/POST /api/entries- CRUD entriesGET /api/search?q=- Search entriesGET /api/generate- Password generatorPOST /api/import- LLM importGET /api/ext/totp/:id- TOTP codesGET /api/ext/match?url=- URL matchingPOST /api/ext/map- LLM field mappingPOST /mcp- MCP JSON-RPC endpointGET /api/audit- Audit log
Chrome Extension
Load /extension as unpacked extension in Chrome.
License
Private - Johan Jongsma