diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c49054..b8f58c5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -10,6 +10,11 @@ range may break in any release. ### Added +- **`RELEASING.md` + v0.1 status reconcile.** A maintainer checklist for cutting + the `v0.1.0` tag (operational gates → mechanical version bump / CHANGELOG date + / signed tag), and PRD §11–§12 annotated with each criterion's status. Docs + only — no version bump or tag yet (those wait on the operational gates). + - **Scrolling detail pane.** The detail pane now scrolls to keep the focused field visible — the granular identity view is ~18 fields and could overflow a shorter terminal. Reuses the form's `scroll_offset`; only the detail-focused diff --git a/PRD.md b/PRD.md index 62c2b2d..717f60b 100644 --- a/PRD.md +++ b/PRD.md @@ -12,7 +12,7 @@ | Posture | Personal / Hobby (Standard §5) | | Standard | The Spacecraft Software Standard v1.12 | | Document state | Draft v0.1 | -| Last updated | 2026-06-01 | +| Last updated | 2026-06-16 | ## 1. Summary @@ -251,24 +251,29 @@ vault/ Vault is "v0.1 done" when: -1. A user can install (`cargo install vault`), `register`, `login`, `sync`, and reach `vault get` end-to-end against both bitwarden.com and a Vaultwarden test container. -2. The TUI sustains daily-driver use for the maintainer for two consecutive weeks without a blocker. -3. `cargo audit`, `cargo deny`, `cargo fmt --check`, `clippy -D warnings`, and the integration suite pass on every PR. -4. Fuzz harness for the EncString parser has run ≥ 24 h with no findings. -5. README, NOTICE, CONTRIBUTING, CREDITS, and CHANGELOG are present and accurate; §13.2 attribution block appears in `--version`, `--help` footer, README, and TUI About screen. +1. A user can install (`cargo install vault`), `register`, `login`, `sync`, and reach `vault get` end-to-end against both bitwarden.com and a Vaultwarden test container. — **✅ capability complete** (CLI flow + `docs/m2-vaultwarden.md`); the final live confirmation against both servers is a maintainer step. +2. The TUI sustains daily-driver use for the maintainer for two consecutive weeks without a blocker. — **⏳ operational** (maintainer attestation pending). +3. `cargo audit`, `cargo deny`, `cargo fmt --check`, `clippy -D warnings`, and the integration suite pass on every PR. — **✅ done** (CI enforces all five on every PR). +4. Fuzz harness for the EncString parser has run ≥ 24 h with no findings. — **⏳ harness built** (`fuzz/`, `docs/fuzzing.md`); the ≥ 24 h soak is pending. +5. README, NOTICE, CONTRIBUTING, CREDITS, and CHANGELOG are present and accurate; §13.2 attribution block appears in `--version`, `--help` footer, README, and TUI About screen. — **✅ done**. + +**Status (2026-06-16): code complete.** Remaining for the `v0.1.0` tag are the +operational gates above — the two-week daily-driver (2), the ≥ 24 h fuzz soak +(4), and a live PQC handshake test (§12 M7) — after which the tag is cut per +[`RELEASING.md`](RELEASING.md). ## 12. Milestones -| Phase | Deliverable | Gate | -| ----- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | -| M0 | Workspace skeleton, posture files, CI (fmt/clippy/audit/deny), signed commits verified | Empty `vault --version` returns Standard §13.2 attribution block | -| M1 | `vault-core` + `vault-store`: parse Bitwarden export JSON, decrypt offline | Round-trip an exported vault locally | -| M2 | `vault-api`: login + sync against Vaultwarden in a test container | `vault sync` populates encrypted cache | -| M3 | `vault-agent` + IPC + `vault unlock` / `lock` / `get` / `list` | `rbw` parity for read paths | -| M4 | CLI write paths (`add` / `edit` / `remove` / `generate`) with `--json` on every command | Scripts drive Vault end-to-end | -| M5 | `vault-tui` MVP: list / detail / search / copy / generate | Daily-driver usable in a terminal | -| M6 | Vim layer, theme loader, accessibility toggles | §8 / §9.1 / §11 boxes ticked | -| M7 | PQC transport feature flag, hardening pass, EncString fuzz harness | `v0.1` tag | +| Phase | Deliverable | Gate | Status | +| ----- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | ------ | +| M0 | Workspace skeleton, posture files, CI (fmt/clippy/audit/deny), signed commits verified | Empty `vault --version` returns Standard §13.2 attribution block | ✅ | +| M1 | `vault-core` + `vault-store`: parse Bitwarden export JSON, decrypt offline | Round-trip an exported vault locally | ✅ | +| M2 | `vault-api`: login + sync against Vaultwarden in a test container | `vault sync` populates encrypted cache | ✅ | +| M3 | `vault-agent` + IPC + `vault unlock` / `lock` / `get` / `list` | `rbw` parity for read paths | ✅ | +| M4 | CLI write paths (`add` / `edit` / `remove` / `generate`) with `--json` on every command | Scripts drive Vault end-to-end | ✅ | +| M5 | `vault-tui` MVP: list / detail / search / copy / generate | Daily-driver usable in a terminal | ✅ | +| M6 | Vim layer, theme loader, accessibility toggles | §8 / §9.1 / §11 boxes ticked | ◑ vim + accessibility toggles done; runtime theme loader not implemented (out of scope for v0.1 — the palette ships as `vault-theme` tokens) | +| M7 | PQC transport feature flag, hardening pass, EncString fuzz harness | `v0.1` tag | ◑ PQC flag ✅ / hardening (core dumps + ptrace + mlock) ✅ / fuzz harness ✅; `v0.1` tag pending the operational gates in §11 | ## 13. Risks and open questions diff --git a/RELEASING.md b/RELEASING.md new file mode 100644 index 0000000..6953b7e --- /dev/null +++ b/RELEASING.md @@ -0,0 +1,55 @@ + + +# Releasing Vault + +Vault's posture is **Personal / Hobby** (Standard §5): no SLA, no semver promise, +and `0.x` may break in any release. This checklist is a maintainer aid for +cutting a tag, not a contract. + +All code-side work for `v0.1` has landed (see `CHANGELOG.md` `[Unreleased]`). The +remaining `v0.1` success metrics (PRD §11) are **operational** — run them, then +do the mechanical cut below. + +## 1. Operational gates (run before tagging `v0.1.0`) + +- [ ] **EncString fuzz soak** — ≥ 24 h with no findings (PRD §11.4): + `cargo +nightly fuzz run enc_string_parse -- -max_total_time=86400` + (see `docs/fuzzing.md`). Any reproducer under `fuzz/artifacts/` blocks the + tag until fixed. +- [ ] **Live PQC handshake** — build with PQC and confirm an X25519MLKEM768 + handshake against a PQC-enabled endpoint: + `cargo build -p vault-agent --features pqc` (see `docs/pqc.md`). +- [ ] **End-to-end** (PRD §11.1) — `register` / `login` / `sync` / `get` against + both bitwarden.com and a Vaultwarden container (`docs/m2-vaultwarden.md`). +- [ ] **Daily-driver** (PRD §11.2) — two consecutive weeks of maintainer use with + no blocker. + +## 2. Cut the release (mechanical) + +- [ ] Bump the version once: `[workspace.package] version` in the root + `Cargo.toml` (`0.0.1` → `0.1.0`); all crates inherit it. Commit the updated + `Cargo.lock`. +- [ ] `CHANGELOG.md`: rename `## [Unreleased]` → `## [0.1.0] - ` + (ISO 8601 UTC, Standard §12) and open a fresh empty `[Unreleased]`. +- [ ] Run the CI-exact gates locally and confirm green: + `cargo fmt --all -- --check`; + `rm -rf target/clippy && RUSTFLAGS="-D warnings" CARGO_TARGET_DIR=target/clippy cargo clippy --workspace --all-targets --all-features -- -D warnings`; + `RUSTFLAGS="-D warnings" cargo test --workspace --all-targets`; + `cargo deny check`; + `cargo build -p vault-cli --no-default-features --features cli` and + `cargo build -p vault-agent --no-default-features`. +- [ ] `vault --version` shows `0.1.0` and the Standard §13.2 attribution block + (the CI `version-gate` mirror). +- [ ] Refresh `projects/PROJECTS.md` (the umbrella status tracker): status, + `Last Updated`, milestone — per `projects/CLAUDE.md` editing rules. +- [ ] Commit (signed, Ed25519 — Standard §6.3), open the PR, merge when green. +- [ ] On the merge commit, create a **signed annotated tag** and push it: + `git tag -s v0.1.0 -m "Vault v0.1.0"` then `git push origin v0.1.0`. + Confirm the tag shows "Verified" (signing key registered on GitHub). + +## Notes + +- Every commit and the tag must be cryptographically signed and show "Verified" + (Standard §6.3). Never `--no-verify` / `--no-gpg-sign`. +- The `fuzz/` crate is a standalone workspace (nightly + sanitizer) and is not a + CI gate; the soak above is the manual equivalent.