Home

Clio Wiki

Clio is a Chrome extension that extracts your Gemini, Claude, and ChatGPT conversations to local JSON. This wiki frames the design choices behind it: why a small extension is also a governance and safety artifact, and what each architectural constraint encodes.

The three pillars (CIA framing)

Clio's security and governance commitments map cleanly onto the classic CIA triad:

Pillar	Wiki page
C — Confidentiality	Privacy Architecture — no transmission, structural enforcement, not policy promise
I — Integrity	Provenance and Auditability — full-DOM capture, fail-closed-for-text
A — Availability	Availability and Denial of Access — local archive immune to provider-side denial

This is intentional. Most discussion of extensions focuses on C and I (privacy and tampering); for a tool whose purpose is retaining a copy of cloud-held data, A is the central commitment.

Reading order

1. User Data Sovereignty — the framing: returning conversations to the user as a data-portability act
2. Privacy Architecture — the technical commitments that make "strict-local" load-bearing (the C pillar)
3. Availability and Denial of Access — denial-of-access threats from the legitimate custodian, and how a local archive mitigates them (the A pillar)
4. Provenance and Auditability — why full DOM extraction is a governance feature (the I pillar)
5. Threat Model — what Clio defends against, and what it does not
6. Defense in Depth — how the manifest enforces the threat model
7. Connection to sentinel-rfc — agent-context permission bits as the broader research program
8. Known Limitations — honest boundaries

Authoritative documents

The wiki is interpretive — for the binding, version-controlled statements, see:

• README.md
• PRIVACY.md
• SECURITY.md
• CONTRIBUTING.md
• extensions/manifest.json — the ground-truth permission declaration

If any wiki page conflicts with one of those, the document wins.