Skip to content

Firefox Extension 1.0.1

Choose a tag to compare

@flythenimbus flythenimbus released this 04 Jul 02:23
bc31075

Features

  • attach buildable source to the AMO listed submission
  • Firefox ships listed to AMO; GitHub release carries source only
  • metadata:firefox pushes by default, --dry-run to preview
  • metadata:firefox pushes the localized AMO listing
  • translate web store listings (Chrome + AMO) from the repo
  • passkey provider via MAIN-world content-script transport
  • relay-forward transport as a negotiated WebRTC fallback
  • Firefox WebRTC host iframe — probe increment (option a step 1)
  • request persistent storage so the only vault copy isn't evicted (Firefox port, phase 5)
  • float current-site matches to the top of the list
  • search, filter, sort, and lifecycle timestamps for the vault list
  • attach SHA256SUMS to chromium releases (parity with android)
  • registration (create) + pending handoff (step 3)
  • assertion flow - sign in with a stored passkey (step 2b)
  • vault passkey read + W3C response JSON builder (step 2a)
  • register a Credential Manager provider (skeleton)
  • finalize Bramble AAGUID; TODO to register it in the community list
  • make a freshly-created passkey usable without opening the app
  • register (create) passkeys + persist via a pending handoff
  • assert stored passkeys (sign-in) in the credential provider
  • surface stored passkeys to the OS credential store
  • passkey rows in the login item edit + view
  • get-time passkey picker for multiple accounts
  • confirmation toast when the provider saves a passkey
  • account picker when saving a passkey to an ambiguous domain
  • differentiate save-passkey card for an existing login
  • pause passkey proxy during Bramble's own WebAuthn unlock
  • Settings toggle for the passkey provider (General)
  • save-passkey corner prompt + create/get wiring
  • webAuthenticationProxy passkey handler (orchestration)
  • passkey provider vault logic (find + placement)
  • WebAuthn JSON helpers for the passkey provider
  • expose passkey crypto through TS adapter + transports
  • passkey authenticator crypto + entry model (provider role)
  • black splash with Bramble logo lockup, no white flash
  • full internationalization across all targets
  • modality-aware copy in the biometric Settings row
  • label biometric unlock by modality (Face ID vs Touch ID)
  • enforce matching master password when enrolling a device
  • add ios release lane (versioning + TestFlight, build-tagged)
  • native iOS WebRTC data channel via webrtc-rs
  • surface transport status + state for on-device diagnosis
  • native sync crypto on Android too (uniffi handshake/nostr)
  • native iOS sync crypto so pairing works under Lockdown Mode
  • per-device remove (revoke) with roster propagation
  • stop streaming transport status into the Settings log box
  • pre-fill + space the ICE/relay settings; tolerate more ICE shapes
  • TURN relay + state-aware device UI, with relay diagnostics
  • add Android system AutofillService at iOS parity
  • build, sign, and publish Android APKs via release android
  • add Android app launcher icon
  • source app version natively and add per-target version bumping
  • add ios:metadata script; lane pushes screenshots when present
  • target the project marketing version in the metadata lane
  • iOS autofill domain filtering + QuickType opt-in
  • Android native crypto (uniffi Kotlin NativeCrypto plugin)
  • "Immediately" auto-lock option (mobile default) replaces keep-unlocked toggle
  • opt-in "keep autofill unlocked" window (15 min, off by default)
  • autofill authenticates before revealing entries; encrypt the bundle
  • autofill master-password unlock in the extension + passcode cache
  • native iOS crypto + real autofill provider via shared uniffi core
  • set the iOS app icon from icon/ios
  • auto-resolve JDK 21 for android run/dev scripts
  • iOS autofill credential-provider probe (Phase 3 go/no-go: GO)
  • hide security-key unlock on mobile; biometric takes its slot
  • re-probe biometric availability when Settings opens
  • native BiometricVault plugin (iOS + Android) + adapter
  • device-local biometric unlock seam (optional Platform.biometric)
  • secure-storage substrate; move sync device keypair to Keychain/Keystore
  • buffer recent sync status so the panel shows current state on open
  • ongoing roster sync (continuous merge after enrollment)
  • show status log + explicit success message on join
  • hide pop-out affordance (supportsPopOut capability)
  • route Settings import to in-app ImportShell with close-to-app
  • camera QR scanning (getUserMedia + jsQR) for sync pairing + TOTP
  • wire P2P sync enrollment (in-webview, via @core/sync/transport)
  • inactivity auto-lock honoring autoLockMinutes (not lock-on-pause)
  • lock vault on app background (lifecycle pause)
  • streamline vault setup screen (hide file-location, pill tabs, compact)
  • in-app vault setup navigation + safe-area insets
  • upgrade Capacitor 7 -> 8 (SPM iOS project)
  • scaffold Capacitor platform-mobile POC (Phase 0 walking skeleton)
  • cap message size and subscriptions per connection
  • default to hosted relay, fold URL under Advanced
  • cloudflare worker relay; reorganize into node/ + cf-worker/
  • cross-device P2P vault sync, with architecture, crypto, and UX hardening
  • build, sign, and publish releases locally for CWS verified uploads
  • support logins inside open shadow DOM (web components)
  • inject content script in all frames for iframed logins (e.g. Apple ID); add reddit fixture/tests + screenshot seed
  • gate release on lint + tests so a failure blocks the release
  • tag releases as - with " Extension " name
  • tagged-release workflow + platform-aware version-bump script
  • theme-aware monochrome icon, light/dark/system selector, and entry-detail header actions
  • harden the autofill UI behind an extension-origin iframe
  • replace placeholder Shield logo with Bramble glyph
  • Chrome toolbar/install icons + icon source bundle
  • KeePass KDBX4 import — key files + WASM-side decrypt
  • webauthn unlock with hmac-secret + 26 crypto/policy tests
  • corner-prompt save/update card for captured logins
  • a login can cover multiple websites (url:string → urls:string[])
  • show the OpenSSH SHA-256 fingerprint on SSH-key entries
  • lock the vault when the OS locks the screen (idle.onStateChanged)
  • declare a lock-vault keyboard command (unbound by default)
  • import from 1password, bitwarden, keepass and proton pass
  • harden TOTP autofill and skip auto-submit on captchas
  • typed entry modes with cards, notes, ssh keys + custom-field autofill
  • retain state on pop-out, react to background locks, ui polish

Bug Fixes

  • set the AMO category on listed submissions
  • set the GPLv3 license on listed AMO submissions
  • resolve web-ext signed .xpi basename against artifactsDir
  • pass amoBaseUrl to web-ext sign (8.x makes it required)
  • close the unlock window after a locked passkey unlock
  • wrap content scripts in an IIFE so they don't clobber each other's globals
  • keep-alive alarm so background sync survives event-page suspension
  • localize manifest via _locales (default_locale + MSG)
  • Firefox testing round 1 (popup close, FSA/security-key/theme gating, sync log)
  • set Firefox gecko id to firefox@bramble.app
  • gate passkey provider off on Firefox (Firefox port, phase 4)
  • preserve \n/\t escapes; escape stray quotes in it/es strings
  • escape backslash in strings.xml encoder (CodeQL #30)
  • sync screenshots instead of overwrite to stop duplicates
  • replace deprecated kSecUseOperationPrompt with LAContext
  • squash duplicate toasts (same message + variant)
  • sign in with a single unlock (bridge list->sign)
  • use a freshly-created passkey before the app drains it
  • sign the browser-provided clientDataHash (fixes sign-in)
  • empty save toast - use i18n._(msg) not the useLingui macro
  • rename usePendingPasskeys to .tsx so its lingui macro is transformed
  • registration response needs response.publicKey (SPKI)
  • set BE+BS backup flags on synced passkeys
  • registration response needs authenticatorData + publicKeyAlgorithm
  • attach a new passkey to the right account by username
  • route background passkey crypto through the offscreen
  • render the passkey card account row as markup, not text
  • resolve passkey request origin from the active tab
  • generate notes from conventional commits, not PRs
  • skip keychain access group on iOS Simulator for biometric VEK
  • run build-crypto-ffi.sh under the macOS system bash (3.2)
  • release script
  • hide security-key pairing option on mobile
  • native iOS QR scanner for pairing/TOTP codes
  • clean up helper copy and gate platform-specific rows
  • trim App Store subtitle to the 30-char limit
  • harden QuickType identity-store population
  • flatten the 1024 marketing app icon (remove alpha)
  • fastlane uses a monotonic timestamp build number (race-free)
  • keep-autofill-unlocked window reuses the auto-lock timeout
  • autofill unlock shows the device's biometry (Face ID / Touch ID) + passcode
  • autofill UI matches the app auth screen + list (logo, card, padding)
  • autofill biometric via Keychain prompt + visible error alerts
  • autofill persists while locked, app-styled list, biometric hint
  • autofill App Group JSON + extension Face ID, fastlane internal DerivedData
  • add AutoFill entitlement to the main app target (App Store validation)
  • inset safe area at #root so screens keep their own padding
  • lock viewport scale to stop WKWebView rendering content off-screen
  • sort imports to satisfy biome ci
  • re-tag an already-bumped version instead of failing on an empty commit
  • disable happy-dom resource loading so fixture fetches don't fail CI
  • clear unconditionally instead of reading it back
  • cap untrusted KDBX Argon2 params to prevent OOM/hang on import

Performance

  • lazy-load jsqr to halve the service-worker bundle
  • code-split the import flow into an on-demand chunk

Refactors

  • transport-select the crypto+sync host (Firefox port, phase 2)
  • cross-browser api shim for chrome.* (Firefox port, phase 1)
  • split vault context into state + actions; share prefs provider
  • centralized reusable Toast (success/error/info)
  • rename packages/crypto-wasm to packages/core-rust
  • resolve the Keychain team prefix at runtime
  • dedupe shared autofill identifiers + tidy native plugins
  • SwiftUI autofill UI styled from the app design tokens
  • share the wasm->CryptoAdapter mapping via buildCryptoAdapter (mobile + offscreen) + unit test
  • hoist VaultCrypto type to @core/wasm; split mobile vault-session lifecycle off the crypto adapter
  • extract EntriesBlobStore as the one entries-format writer; build VaultSyncPort over it
  • move pure P2P transport/host modules from extension to core
  • rename manifests/chrome dir to chromium for accurate cross-browser naming
  • move content-only detection into content/
  • rename folder entry index.ts to match its folder name
  • move entries into background/ and content/, point vite at them
  • decompose content-script into concern modules under content/
  • split background into concern modules under background/
  • replace onMessage if-chain with a typed handler registry
  • extract card-brand and ssh key-type helpers to util
  • lean on tanstack router for route guards + ui fixes

Documentation

  • Firefox ships listed on AMO (release-signing + firefox-port)
  • current state (passkey verified, i18n done); export/import is what's left
  • add Status section + specifics for passkey provider & security-key unlock
  • mark relay-forward hardening implemented (timeout, reaper, epoch room, padding)
  • decide relay-forward transport + privacy hardening
  • correct the WebRTC-in-event-page assumption (RTCPeerConnection absent in FF background)
  • fix Vivaldi typo; move file attachments + iframe/shadow-DOM autofill to shipped
  • broaden README to mobile + passkeys, add passkeys to iOS store metadata
  • correct passkey + P2P sync findings
  • Android provider built (assertion + registration), compile-verified
  • Android dep check — androidx.credentials is Play-Services-free
  • mark iOS provider device-verified (register + sign-in on webauthn.io)
  • document the seamless-create refinements (foreground drain + immediate-use bridge)
  • mark iOS provider built (assertion + registration + handoff)
  • record the device-verified registration-response field set
  • spec item edit (passkey row below TOTP + remove) and view badge
  • update phased route with shipped status
  • plan passkey-provider role across extension + mobile
  • native iOS WebRTC sync, ipa slimming, Android autofill done
  • mark TURN, configurable relays, and device management as built
  • update privacy policy for iOS app + P2P sync
  • add Bramble support page + set App Store privacy/support URLs
  • record build 204423099 (iOS autofill filtering + QuickType opt-in)
  • iOS autofill working on device; refresh status + next steps
  • refresh 'Next steps' handoff after autofill confirmation
  • autofill confirmed end-to-end on real hardware (TestFlight)
  • autofill probe confirmed on real device (OS discovers the provider)
  • iOS Lockdown Mode disables JIT -> WASM crypto fails on device
  • add a consolidated 'Next steps (where to resume)' section
  • record iOS verification, security-key hiding, mobile test harness
  • record biometric unlock (OS-gated) in port plan + dev guide
  • bring mobile-port.md up to date with what's built (status, plan markers, answered questions)
  • TODO for device management UI + revocation
  • add development guide + sim:reset script
  • add README with run instructions and live-reload gotcha
  • switch mobile-port plan from Tauri to Capacitor
  • add security policy and point README to it
  • note Firefox storage.local durability (unlimitedStorage, uninstall, eviction)
  • add P2P device-to-device vault sync design
  • add Firefox-port feasibility findings
  • disclose the optional HIBP breach check; tighten wording
  • collapse to a single unstyled privacy-policy page
  • add static site to host the Web Store privacy policy
  • add design docs and function docblocks
  • PLAN — multi-URL logins and the legacy-url normalizer

Other

  • i18n(store): Firefox listing translations (de hand-polished, es/fr/it/pt-BR first pass)
  • i18n: translate the content-script UI via _locales + browser.i18n
  • i18n: translate the 12 missing vault-list strings (de/es/fr/it/pt-BR)
  • polish(ext): explain what unlocking is for on the locked passkey card
  • polish(ext): passkey rows act on click; chevron instead of checkmark
  • polish(ext): passkey card — Bramble glyph, account list, gradient bg
  • polish(ext): passkey corner card gets a key-glyph badge in the header
  • chore: reconcile pnpm-lock after rebase onto main
  • build(release): firefox bundle + AMO-signed .xpi release pipeline
  • harden(sync): epoch-rotating sync room so the relay can't link a group across time
  • harden(sync): reap stale relay peers (liveness for the connectionless transport)
  • harden(sync): relay-forward handshake timeout + payload size padding
  • chore(ext): remove throwaway FF WebRTC-context probes + sync-frame iframe
  • chore(ext): probe content-script + page-main-world WebRTC contexts (Firefox)
  • chore(ext): surface an RTCPeerConnection probe in the Device-sync panel (Firefox diag)
  • build(ext): output Chromium build to dist-chromium (symmetry with dist-firefox)
  • chore(ext): rename build/bundle -> build:chromium/bundle:chromium
  • build(ext): Firefox manifest + TARGET build wiring (Firefox port, phase 3)
  • chore(ios): make app iPhone-only (drops 13-inch iPad screenshot requirement)
  • chore(ios/metadata): add 7th App Store screenshot, reorder to sequence
  • i18n(extension): localize manifest description + lock command via Chrome _locales
  • chore(i18n): translate passkey strings (web catalogs + iOS String Catalog)
  • test(extension): cover the passkey ceremony flow (incl. the account picker)
  • i18n(passkeys): extract + compile the passkey provider setting strings
  • chore(ios): add App Store screenshots (en-US, 6.5")
  • test(core-rust): serialize the global-VEK-slot round-trip tests
  • build(ios): drop webrtc from the autofill extension binary
  • chore(settings): hide debug sync status log
  • chore(mobile): set App Store category to Productivity / Utilities
  • chore(mobile): manage App Review info in ASC, not fastlane
  • chore(mobile): optimize App Store subtitle + keywords (no title overlap)
  • chore(mobile): scaffold App Store Connect metadata (en-US) + deliver lane
  • chore: update .gitignore to ignore app bundles
  • chore(mobile): commit shared Xcode schemes, gitignore android .idea
  • chore(mobile): fastlane lanes for iOS TestFlight + IPA builds
  • chore(mobile): declare ITSAppUsesNonExemptEncryption=false
  • test: stand up mobile test harness + cover biometric paths
  • style(mobile): inset setup pills from edges + black active border
  • style(mobile): full-width, larger Create vault button
  • style(mobile): wider pill gap + thicker active border on setup tabs
  • chore(mobile): auto-target newest iPhone sim for cap run (skip picker)
  • chore(mobile): make dev:* the live-reload scripts, bundled run under run:*
  • chore(mobile): rename mobile:build script to core:build
  • chore(mobile): add live-reload dev scripts
  • build(mobile): commit generated iOS + Android native projects
  • test: migrate DOM test environment from happy-dom to jsdom
  • build(deps): bump esbuild, ws, wrangler for security advisories
  • ci: set least-privilege GITHUB_TOKEN permissions
  • chore(lint): migrate biome config to 2.5.0 and apply safe fixes
  • build: block commits/releases on type errors (pre-commit + release gate)
  • chore(build): migrate from bun to node/pnpm
  • chore(dev): local/CI lint parity hook + bump to Node 24 LTS
  • add web store link
  • chore(fixtures): repassword kdbx imports to 123456, add keyfile variant, fix key-file label spacing
  • chore: add tag:delete script to remove a tag locally and from all remotes
  • chore(biome): exclude import fixtures folder
  • test(fixtures): add sample import files for every supported provider
  • release: set extension version to 1.0 for the initial Web Store submission
  • build(ext): add 'bundle' script (build + zip dist to bramble.zip)
  • ci: deploy only website/ to GitHub Pages via Actions
  • style(manifest): biome-format permissions array (one line after activeTab drop)
  • chore(manifest): drop redundant activeTab, add use_dynamic_url to WAR
  • test(crypto): add an ignored benchmark for the vault Argon2id cost
  • test(bg): move the chrome-mock harness to src/test/
  • test(bg): add handler unit tests for the background modules (73 tests)
  • update readme
  • ci: exclude vendored icon/ export from biome
  • add monero qr code image
  • style: biome format fixes for ci
  • recovery codes, optional master password, and settings cleanup
  • test: extract detection helpers, add 10 real-world site fixtures, fix bmo card-vs-login bug
  • ci: pin wasm-pack version and cache cargo deps between runs
  • ci: pin Rust to rust-toolchain.toml and add a WASM verify gate
  • brand: rename app to Bramble
  • chore: centralize the user-facing brand on the manifest, swap Vault→Titanpass
  • ui: show real extension version in Settings (was hardcoded 0.0.1)
  • security: make HIBP breach check opt-in, with a clearer disclosure (L6)
  • security: stop persisting the decrypted autofill index (M2)
  • security: gate every autofill on user focus, never on page load (M1)
  • chore: prune unused shadcn/Radix UI scaffold and supporting deps (M6b)
  • data-integrity: snapshot-and-recover writes + verify-after-rotate (H1, H2)
  • security: quick-wins audit batch (M3, M4, M5, M6a, L2, L3, L4, L5, L7)
  • move to multi-key vault slots, full rotation on password change
  • wire settings, clipboard auto-clear, hibp checks, per-entry overrides
  • add crud elements and manage window size
  • update plan
  • implement autofill in website fields
  • implement vault crypto, vault creation and loading
  • set up fe arch: screens, router, rhf
  • wire up ui
  • initial commit