Changelog

• Legacy: Cross-device, end-to-end encrypted synchronization of beneficiary metadata via IPFS
• Robust cryptographic mechanism using HKDF and local key derivation to guarantee zero-knowledge privacy
• Server route /api/legacy/beneficiaries-cid to decentralize the storage of the IPFS content identifier (CID)
• Android: Full native implementation of AutofillService (VaultAutofillService.kt) for secure, system-wide credential autofill

• iOS: Fixed UI refresh and state navigation after manual or automatic Legacy activation
• Extension: Enhanced domain matching precision for TOTP and credentials autofill queries
• Mobile / Extension: Fixed visibility and rendering issues of beneficiary labels on secondary devices

• Legacy: New encrypted vault inheritance system for designated beneficiaries
• Smart Contract: VaultKeeperLegacy.sol (Base Mainnet — Chain ID 8453)

- On-chain heartbeat with configurable cooldown

- Multi-beneficiary management with percentage-based shares (must total 100%)

- Activation by owner or automatic heartbeat expiry

- Encrypted fragment claiming via ECDSA signature (EIP-712 envelope)

- Events emitted: HeartbeatUpdated, VaultActivated, FragmentClaimed

- Foundry deployment script (DeployLegacy.s.sol) — deployed on Base Mainnet

• Package @vault-keeper/legacy: Full TypeScript SDK

- heartbeat.ts: On-chain heartbeat update + automated scheduling (1x/week)

- beneficiary.ts: Add/remove/list beneficiaries with share validation

- envelope.ts: ECIES encryption of vault fragments per beneficiary

- contract.ts: ABI and helpers for interacting with VaultKeeperLegacy

- legacy.ts: High-level orchestrator (activation, claim, status)

- Test suite: 3 unit test files (heartbeat, beneficiary, envelope)

• Web: 8 new API routes /api/legacy/*

- activate: Manual legacy activation (owner only)

- check-expiry: Heartbeat expiry verification

- claim: Fragment claim by a beneficiary (with ECDSA signature)

- claim-invite: Beneficiary invitation link validation

- encode-call: Calldata encoding for on-chain transactions

- invite: Invitation link generation and delivery to beneficiaries

- notify: Telegram + email notification to beneficiaries

- status: Full legacy vault status (heartbeat, beneficiaries, activation state)

• Web: Beneficiary invitation page (/legacy/invite)

- Dedicated layout with invitation token validation

- Claim interface with wallet connection and signature flow

• iOS / Android: New LegacyScreen

- Legacy configuration dashboard (heartbeat, beneficiary list, status)

- Add/remove beneficiaries with share allocation

- Visual heartbeat status indicator (active / expired / not configured)

- Integrated navigation from RootNavigator and SettingsScreen

• Extension: New LegacyPanel

- Accessible from extension settings (SettingsView)

- Legacy configuration and heartbeat status visualization

• Telegram Bot: Legacy notification bot (telegramBot.ts)
• Sends structured messages to beneficiaries upon vault activation
• Claim instructions with direct link to /legacy/invite
• Full setup documentation (docs/TELEGRAM_BOT_SETUP.md)
• Legacy Emails: Email templates for beneficiary notifications (legacyEmails.ts)
• Initial invitation email with claim instructions
• Activation email with secure link and deadline

• Crypto Payments: Refactored /api/premium/crypto/order and /api/premium/crypto/status routes
• Separated order/status responsibilities
• Improved error handling for on-chain polling
• Alias: Updated packages/alias/src/config.ts configuration
• Smart Account: Updated packages/smart-account/src/config.ts configuration

• Core: Extended packages/core/src/types.ts with Legacy types (LegacyConfig, Beneficiary, LegacyStatus)
• i18n: Added Legacy translation keys in packages/i18n/src/translations.ts (FR + EN)

• Vercel: Added apps/web/vercel.json for rewrite rules and security headers configuration
• Broadcast: Foundry deployment artifacts on Base Mainnet (contracts/broadcast/DeployLegacy.s.sol/8453/)
• Tests: VaultKeeperLegacy.t.sol test suite for the smart contract

• legacy branch created from release/1.6.4
• VaultKeeperLegacy smart contract deployed on Base Mainnet (Chain ID 8453)

• HPKP: Added Public-Key-Pins header (report-only) on app.vaultkeepr.xyz with SHA-256 pin of the Let's Encrypt certificate
• Bundler Relay: Secure proxy /api/relay/bundler for ERC-4337 calls (Pimlico) -- API key is no longer exposed client-side

• Extension: Fixed false positive login form detection (login-detect.ts)
• Added 17+ ignore patterns (contact, newsletter, support, chat, feedback, subscribe, etc.)
• hasLoginForm() now requires 2+ signals (autocomplete, pattern, label) instead of 1
• Standalone email fields in non-login forms no longer trigger the overlay
• Extension: Username is now captured at form submit time (snapshot _pendingSaveData)
• Fixes the bug where only the password was saved during credential capture
• Save prompt uses snapshotted credentials instead of re-collecting DOM fields (prevents empty values after SPA navigation)
• Extension: Added automatic save prompt after password generation via the extension button
• 2-second post-generation timer to allow username field completion
• Automatic add/update detection based on existing entries
• Extension: Fixed "Premium required to create email aliases" bug (usePremium.ts)
• Added cross-address discovery (findAnyStoredLicenseKey) when address changes (EOA → Smart Account migration)
• Automatic license migration to the new address
• Extension: Generated passwords are now accessible in the generator history
• getGeneratedHistory() now returns passwords (previously stripped for security but prevented reveal + copy)

• Extension / iOS / Android: Added reveal/hide toggle (Eye/EyeOff) in password history
• Generator: each generated password is masked by default with individual toggle
• Credential detail: old password history now has a per-item reveal toggle
• Consistent behavior across all 3 platforms
• Notes: Fixed note font color in credentials (white color consistency)

• Chrome/Firefox Extension: 1.6.2 → 1.6.3
• iOS: 1.6.1 → 1.6.3 (build 4)
• Android: 1.6.1 → 1.6.3 (versionCode 26)

• QRSync: Fixed vault transfer from iOS to the extension -- the received vault is now correctly imported into extension storage (the CustomEvent had no listener)
• QRSync: Fixed AA (Account Abstraction) address mismatch after vault reception -- secretKey is now stored before the cached password to prevent a race condition during identity derivation
• QRSync: Settings panel now auto-closes after a successful import
• QRSync: Automatic Premium license transfer during device pairing

• IPFS Sync: Polling interval reduced from 30s/60s to 10 seconds across all platforms (iOS + Extension)
• Extension: Popup polls IPFS every 10s while open (chrome.alarms limited to 30s in background)
• Extension: Background alarms reduced from 5min/1min to 30s/30s

• Chrome/Firefox Extension: 1.6.1 -> 1.6.2
• iOS: polling interval changed (no version bump)

• P0 Audit -- In-App Purchase: Complete IAP validation pipeline hardening
• (P0-#1) Server-side Android IAP validation via Google Play Developer API (purchases.subscriptionsv2.get, JWT RS256)
• (P0-#2) Cryptographic verification of Apple StoreKit 2 JWS signatures

- Pinned Apple Root CA - G3 certificate (SHA-256 fingerprint verified)

- x5c chain validation (DER), ES256 IEEE-P1363 signature verification

- 8 rejection test cases (alg=none, alg=HS256, missing x5c, invalid DER)

• (P0-#3) Strict productId whitelist (productIdMap.ts) -- removed all String.includes() tier inference

- Apple: com.vaultkeeper.app..

- Android: (productId, basePlanId) tuple -- 10 test cases

• (P0-#4) Rejected legacy 0xpasskey signatures (public rawId bypass)

- Synthetic address derived from rawId is no longer accepted server-side

- 5 tests covering the historical forgery vector

• Passkey ECDSA: Real cryptographic infrastructure for wallet-less users
• Phase 2: secp256k1 derivation via WebAuthn PRF extension + HKDF-SHA256
• Phase 3: Stealth signer wired into VaultView (4 callsites replaced)
• TOFU (Trust-On-First-Use) binding with anti-squat protection via expectedCid
• Zero npm dependencies added -- uses @noble/hashes, @noble/curves, viem
• WalletConnect: Complete removal of WalletConnect protocol from the extension
• walletConnect.js replaced with a deprecated no-op stub (482 -> 72 lines)
• Removed WalletConnect WSS endpoints from CSP and manifest
• Identity is now managed exclusively through Account Abstraction (Smart Wallet)

• Sync: Hardened 3-way merge (threeWayMerge) -- 4 data-loss bugs fixed
• B1: Cross-device folder deletion propagation via folderTombstones (30-day TTL)
• B2: cloudQuotaUsed recomputed from merged files (no more upward drift)
• B3: Field-level merge for documents and cloudFiles (no more whole-item LWW)
• B4: Deterministic tie-breaker for simultaneous conflicts
• 16 regression tests
• Resilience: Preserved local state on transient server errors (5xx / network)
• cidPointer.ts: Discriminated result type (auth vs network vs corrupted) -- no more premature delegation clearing
• PremiumContext: Premium cache preserved on 5xx/network errors (iOS, Android, Web)
• Mobile: Fixed AA address drift after biometric re-authentication
• Replaced getOrCreateSecretKey() with getStoredSecretKey() during biometric unlock (iOS + Android)
• Forced identity initialization even with empty password (Passkey flow)
• Extension: Auto-sign with Hidden Wallet as fallback when no delegation is available
• Extension: Simplified CSP (connect-src 'self' https:) -- removed WalletConnect whitelist
• iOS: Fixed Restore Purchase on StoreKit 2 (getAvailablePurchases instead of broken restorePurchases in expo-iap v3)

• Mobile: Tag filter in credentials list (iOS + Android)
• Horizontal scrollable bar with dynamic colored chips
• Tap selection/deselection with haptic feedback

• Chrome/Firefox Extension: 1.6.0 -> 1.6.1
• iOS: 1.6.0 -> 1.6.1 (build 1)
• Android: 1.6.0 -> 1.6.1 (versionCode 19)

• Sharing v2 (SEC-R4): Removed the ECDH self-loop in the secure sharing protocol
• Direct HKDF(ephemeralPrivKey, SHA256(PIN)) derivation instead of redundant ECDH(priv, priv*G)
• URL fragment now carries the private key (32 bytes) instead of the public key (65 bytes) -- shorter URLs
• Compact v2 blob (no encrypted private key in the blob, -72 bytes)
• v1 backward compatibility maintained for existing shares
• 8 callers updated across iOS, Android, Extension, and Web
• Extension CSP (SEC-R7): Hardened Content Security Policy with 9 explicit directives
• default-src 'self' -- everything blocked by default
• connect-src restricted to 5 whitelisted domains + 2 WalletConnect WSS endpoints
• frame-src 'none', object-src 'none', base-uri 'self'
• wasm-unsafe-eval preserved (required by Argon2 + Automerge CRDT)
• Audit confirmed: zero eval() / new Function() in the codebase

• Core: Fixed openpgp/lightweight -> openpgp in import.ts
• The ./lightweight subpath lacks a Node-compatible import condition -- was blocking tests
• Resolved 2 pre-existing test failures in the core test suite
• Unblocked @vault-keeper/recovery package (tests were unrunnable before)
• P2 Parity: Formalized 6 features already implemented but undocumented
• Android Credential Provider (VaultAutofillService.kt)
• Google Play Billing (PremiumContext.tsx + expo-iap)
• Email Aliases iOS/Android (AliasPanel.tsx + useAlias.ts)
• Password History (3 platforms)
• Passphrase Generator (3 platforms)
• Seed Phrase Manager (Extension EditForm + DetailPane + iOS/Android folders)

• 241 tests, 0 failures (up from 163 tests with 2 failures in 1.5.x)
• @vault-keeper/core: 95 -> 173 tests (+78)
• @vault-keeper/premium: 6 -> 31 tests (+25)
• @vault-keeper/recovery: 0 -> 8 tests (unblocked)
• New test files: sharing.test.ts, passwordHealth.test.ts, passwordStrength.test.ts

• Unified cross-platform version to 1.6.0
• Chrome/Firefox Extension: 1.5.0 -> 1.6.0
• iOS: 1.5.1 -> 1.6.0 (build 8)
• Android: 1.5.2 -> 1.6.0 (versionCode 19)

• iOS: Resolved Apple App Store rejection (Guideline 3.1.2(c)) -- added Terms of Use and Privacy Policy links in the in-app purchase flow
• iOS: Removed visible license key input field (Guideline 3.1.1) -- cross-platform premium now resolves silently via wallet address
• iOS: Added legal footer below purchase button with auto-renewal disclosure
• iOS: Optimized PremiumScreen layout to ensure legal footer visibility for reviewers
• Android: Build AAB 1.5.2 (versionCode 10) for Play Store
• i18n: Replaced all remaining hardcoded French strings with proper translation keys

• Web: Achieved functional parity between Webapp and iOS -- integrated sync management
• Web: Added Delegation Status Card and Wallet Connection display in Settings Sync tab
• Web: Finalized delegation renewal flow (message signing + persistent storage)
• Web: Removed legacy CRDT synchronization dead code causing JSON compatibility errors
• iOS: Restored IPFS synchronization and recovery flow
• i18n: Fixed missing translation keys for sync status indicators

• Premium: New 4-tier subscription model (Free / Premium / Pro / Ultimate)
• Free: 1 document, 5 MB max file size, no cloud storage
• Premium: 2 documents, 25 MB max, 10 MB cloud
• Pro: 5 documents, 25 MB max, 50 GB cloud
• Ultimate: unlimited documents, 50 MB max, unlimited storage
• Cloud: Encrypted multi-node cloud storage with end-to-end encryption
• Crypto Payments: Anonymous multi-chain checkout (BTC, ETH, SOL, USDC) for the Lifetime plan at EUR 299
• Multi-chain HD Wallet with real-time on-chain polling
• CoinGecko live exchange rates
• Flexible timer (2h for BTC, 30min for others)
• Automated license key delivery -- zero email required
• Landing Page: Overhaul with new feature cards (Cloud Storage, Quick Share, TOS AI, Password Health), Premium crown badges (Lucide), Android/Play Store link
• Privacy Policy: Updated to reflect new cross-platform data handling practices
• Android: First AAB build 1.5.0 for Google Play Store (internal test track)
• Extension: Published v1.5.0 on Chrome Web Store and Firefox Add-ons

• Extension: Resolved production build dependency issues
• iOS: Synchronized Xcode versions (1.5.0, build 8)
• Legal: Updated Terms of Service with Lifetime plan, Fair Use policy, and non-refundable crypto disclaimers

• Extension: Redesigned anti-phishing banners -- more visible and informative
• Extension / iOS: Interactive onboarding tour with spotlight guide for new users
• Extension: Improved email alias management panel
• NFC: Full PACE protocol implementation on iOS -- encrypted password read/write on NFC tags
• Passkeys: Cross-platform WebAuthn/FIDO2 support (Extension + iOS)
• IPFS Sync: Improved cross-platform synchronization with emoji cleanup in translations
• CRDT Sync: New @vault-keeper/sync package based on Automerge
• Phase 2: Integrated CRDT merge across all platforms
• Phase 3: Dual-format IPFS payloads (JSON + CRDT)
• Phase 5: Cleanup and tombstone management
• CI: Automated workflow to sync public packages to the open-core repository
• Recovery: Fixed type mismatch for decryptVault return type in fragmented vault creation

• Mobile: Resolved spotlight tour coordinate misalignment on Android
• Tests: Updated vault migration tests to reflect new notes and seeds categorization logic

• Secure Share: Complete redesign of the secure sharing module
• New secret.vaultkeepr.xyz subdomain for shared links
• Optional personal message with each share
• Full i18n (FR + EN) for all module strings
• Quick Share: New standalone module across all platforms (Web, Extension, iOS, Android)
• Share links, notes, and files (Premium only)
• Upload up to 50 MB with custom message
• Accessible via shortcut button in the extension toolbar
• Extension: Full popup navigation and UI redesign
• Reorganized settings menu into 5 logical categories
• Fixed password generator display

• Extension: CSP bleeding overlay fix (display: none inline)
• Extension: WalletConnect attestation 400 fix (corrected metadata.url)
• Extension: Added public key to manifest to stabilize extension ID across dev browsers
• Extension: declarativeNetRequest to spoof Origin on WalletConnect WebSockets (bypass 403)
• i18n: Removed duplicate title key in generator translations

• NFC PACE: Identity document NFC authentication via the PACE protocol (iOS)
• Secure Documents: Encrypted document vault (Premium)
• Upload and encrypt sensitive documents (ID cards, passports, driver's licenses, bank details, insurance)
• Fragmented across multiple IPFS nodes using XChaCha20-Poly1305
• Blurred thumbnail preview with timed reveal (15-second auto-hide)
• OCR text extraction with NFC-based biometric verification
• Android: First release of the Android mobile application (React Native + Expo 55)
• Extension: Multiple stability fixes

• Premium: Complete visual overhaul (Glassmorphism, animations, global UI refresh)
• New Premium subscription modal
• Security tools integration into the Premium interface
• Web: Premium visual overhaul with modal, Password Health and Breach Scanner integration

• iOS/Web: Fixed IPFS sync authentication, removed double Face ID prompt, improved ListScreen performance
• CSP: Added nonce to JSON-LD scripts in layout and blog pages

First stable release tag.

• Core: XChaCha20-Poly1305 + Argon2id cryptographic engine (64 MiB, 3 iterations, 4 parallelism)
• HMAC-SHA256 commitment scheme (prevents ciphertext substitution)
• Gzip compression before encryption
• Vault versions 2 and 3 support
• Recovery: Shamir Secret Sharing (3-of-5) with HKDF-encrypted fragments
• Distribution: Device, IPFS, Trusted Contact, Smart Contract, VaultKeepR API
• Premium: HMAC-SHA256 server-signed license key system
• Stripe (Web), In-App Purchase (iOS), license key activation (Extension)
• Premium branded email templates (dark theme, logo, bilingual)
• IPFS: Upload/download with multi-gateway fallback (Promise.any())
• Passkeys: Full WebAuthn/FIDO2 support (ES256, P-256 ECDSA)
• TOTP: Built-in authenticator (SHA-1, SHA-256, SHA-512) with animated countdown
• Password Health: Dashboard with zxcvbn scoring, reuse detection
• Breach Monitoring: HIBP integration with k-anonymity
• Email Aliases: Privacy-focused email alias generation and management (Premium)
• Password Generator: Cryptographically secure generation with rejection sampling (eliminates modulo bias)
• Smart Contract: VaultKeeperFragments.sol -- on-chain encrypted fragment storage (EVM)
• Bug Bounty: Bug Bounty Vault Challenge with dedicated page, scripts, and API
• Web App: Next.js 15 (App Router)
• Landing page with particle animations and glassmorphism
• Full vault CRUD (passwords, cards, identities, documents)
• SEO blog (12 articles)
• Bilingual legal pages (Privacy Policy, Terms of Service, Security Policy)
• Sitemap, robots.txt, OpenGraph, JSON-LD
• iOS App: React Native 0.83.2 + Expo 55
• Face ID / Touch ID biometric unlock
• NFC document scanning
• Credential Provider Extension (iOS AutoFill)
• WalletConnect v2 deep linking
• 23 screens
• Chrome Extension: Manifest V3
• Smart login form detection with autofill overlay
• Registration form detection with password generator
• Identity and credit card autofill
• Autosave observer (detects successful form submissions)
• dApp phishing detection (MetaMask, ChainPatrol, Scam Sniffer registries)
• Keyboard shortcuts (Cmd+Shift+L, Cmd+Shift+G)
• Command palette (Cmd+K)
• 39 React components in popup
• Firefox Extension: Chrome codebase port with adapted manifest
• i18n: Full French + English translations (@vault-keeper/i18n)
• CI/CD: GitHub Actions pipeline (lint, type-check, build, test, E2E Playwright)
• Tests: 241+ unit and integration tests across 7 packages
• Legal: ANSSI declaration, BIS Export Control, Chrome Web Store and Firefox Add-ons compliance
• Security:
• Comprehensive pre-bug bounty audit (C1, C2, H1-H4, M3, M5, L1)
• Removed PBKDF2 (v1) -- Argon2id only
• Removed unsafe-eval from CSP
• Auto-backup of stores
• Full API hardening (auth + rate limiting on all routes)
• Umami API monitoring via middleware
• Server hardening (SSH key-only, UFW, Fail2Ban, systemd sandboxing)

• 2026-03-03: Initial commit + Expo 55 dependency sync for iOS
• 2026-03-21: Full monorepo import with Turborepo structure
• GitHub Actions CI configuration (Node 22)
• Resolved workspace lockfile issues
• Build pipeline: core > i18n > ipfs > wallet > premium > alias > cloud > web > extension

• 2026-03-24: Fragments UI, "Coming Soon" landing, Premium system, Solidity contracts
• 2026-03-26: UI/UX modernization + VaultView.tsx refactoring (3670 to 2677 lines, -27%)
• Extracted UI components
• 40 unit tests for extracted modules
• First-run onboarding overlay for extension
• 2026-03-27: Added framer-motion for extension popup animations
• 2026-03-28: Custom IPFS gateway, WalletConnect fix, content script modular architecture
• 2026-03-29: iOS UX modernization -- visual alignment with extension

• Legal, security, monitoring, and backup audit
• Privacy policy rewrite
• API hardening (auth + rate limiting)
• Real-time TOTP overlay with Fill + Copy buttons
• Overlay performance: reduced latency (30ms debounce, 5s TTL cache, 150ms animations)
• QR code WalletConnect for IPFS save signature
• Complete vault isolation (purge WC SDK keys)