docs: RELEASING.md checklist + reconcile PRD §11–§12 v0.1 status

CHANGELOG.md

@@ -10,6 +10,11 @@ range may break in any release.
 
 ### Added
 
+- **`RELEASING.md` + v0.1 status reconcile.** A maintainer checklist for cutting
+  the `v0.1.0` tag (operational gates → mechanical version bump / CHANGELOG date
+  / signed tag), and PRD §11–§12 annotated with each criterion's status. Docs
+  only — no version bump or tag yet (those wait on the operational gates).
+
 - **Scrolling detail pane.** The detail pane now scrolls to keep the focused
   field visible — the granular identity view is ~18 fields and could overflow a
   shorter terminal. Reuses the form's `scroll_offset`; only the detail-focused

PRD.md

@@ -12,7 +12,7 @@
 | Posture        | Personal / Hobby (Standard §5)                            |
 | Standard       | The Spacecraft Software Standard v1.12                    |
 | Document state | Draft v0.1                                                |
-| Last updated   | 2026-06-01                                                |
+| Last updated   | 2026-06-16                                                |
 
 ## 1. Summary
 
@@ -251,24 +251,29 @@ vault/
 
 Vault is "v0.1 done" when:
 
-1. A user can install (`cargo install vault`), `register`, `login`, `sync`, and reach `vault get` end-to-end against both bitwarden.com and a Vaultwarden test container.
-2. The TUI sustains daily-driver use for the maintainer for two consecutive weeks without a blocker.
-3. `cargo audit`, `cargo deny`, `cargo fmt --check`, `clippy -D warnings`, and the integration suite pass on every PR.
-4. Fuzz harness for the EncString parser has run ≥ 24 h with no findings.
-5. README, NOTICE, CONTRIBUTING, CREDITS, and CHANGELOG are present and accurate; §13.2 attribution block appears in `--version`, `--help` footer, README, and TUI About screen.
+1. A user can install (`cargo install vault`), `register`, `login`, `sync`, and reach `vault get` end-to-end against both bitwarden.com and a Vaultwarden test container. — **✅ capability complete** (CLI flow + `docs/m2-vaultwarden.md`); the final live confirmation against both servers is a maintainer step.
+2. The TUI sustains daily-driver use for the maintainer for two consecutive weeks without a blocker. — **⏳ operational** (maintainer attestation pending).
+3. `cargo audit`, `cargo deny`, `cargo fmt --check`, `clippy -D warnings`, and the integration suite pass on every PR. — **✅ done** (CI enforces all five on every PR).
+4. Fuzz harness for the EncString parser has run ≥ 24 h with no findings. — **⏳ harness built** (`fuzz/`, `docs/fuzzing.md`); the ≥ 24 h soak is pending.
+5. README, NOTICE, CONTRIBUTING, CREDITS, and CHANGELOG are present and accurate; §13.2 attribution block appears in `--version`, `--help` footer, README, and TUI About screen. — **✅ done**.
+
+**Status (2026-06-16): code complete.** Remaining for the `v0.1.0` tag are the
+operational gates above — the two-week daily-driver (2), the ≥ 24 h fuzz soak
+(4), and a live PQC handshake test (§12 M7) — after which the tag is cut per
+[`RELEASING.md`](RELEASING.md).
 
 ## 12. Milestones
 
-| Phase | Deliverable                                                                                          | Gate                                                                |
-| ----- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- |
-| M0    | Workspace skeleton, posture files, CI (fmt/clippy/audit/deny), signed commits verified               | Empty `vault --version` returns Standard §13.2 attribution block    |
-| M1    | `vault-core` + `vault-store`: parse Bitwarden export JSON, decrypt offline                           | Round-trip an exported vault locally                                |
-| M2    | `vault-api`: login + sync against Vaultwarden in a test container                                    | `vault sync` populates encrypted cache                              |
-| M3    | `vault-agent` + IPC + `vault unlock` / `lock` / `get` / `list`                                       | `rbw` parity for read paths                                         |
-| M4    | CLI write paths (`add` / `edit` / `remove` / `generate`) with `--json` on every command              | Scripts drive Vault end-to-end                                      |
-| M5    | `vault-tui` MVP: list / detail / search / copy / generate                                            | Daily-driver usable in a terminal                                   |
-| M6    | Vim layer, theme loader, accessibility toggles                                                       | §8 / §9.1 / §11 boxes ticked                                        |
-| M7    | PQC transport feature flag, hardening pass, EncString fuzz harness                                   | `v0.1` tag                                                          |
+| Phase | Deliverable                                                                                          | Gate                                                                | Status |
+| ----- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------- | ------ |
+| M0    | Workspace skeleton, posture files, CI (fmt/clippy/audit/deny), signed commits verified               | Empty `vault --version` returns Standard §13.2 attribution block    | ✅ |
+| M1    | `vault-core` + `vault-store`: parse Bitwarden export JSON, decrypt offline                           | Round-trip an exported vault locally                                | ✅ |
+| M2    | `vault-api`: login + sync against Vaultwarden in a test container                                    | `vault sync` populates encrypted cache                              | ✅ |
+| M3    | `vault-agent` + IPC + `vault unlock` / `lock` / `get` / `list`                                       | `rbw` parity for read paths                                         | ✅ |
+| M4    | CLI write paths (`add` / `edit` / `remove` / `generate`) with `--json` on every command              | Scripts drive Vault end-to-end                                      | ✅ |
+| M5    | `vault-tui` MVP: list / detail / search / copy / generate                                            | Daily-driver usable in a terminal                                   | ✅ |
+| M6    | Vim layer, theme loader, accessibility toggles                                                       | §8 / §9.1 / §11 boxes ticked                                        | ◑ vim + accessibility toggles done; runtime theme loader not implemented (out of scope for v0.1 — the palette ships as `vault-theme` tokens) |
+| M7    | PQC transport feature flag, hardening pass, EncString fuzz harness                                   | `v0.1` tag                                                          | ◑ PQC flag ✅ / hardening (core dumps + ptrace + mlock) ✅ / fuzz harness ✅; `v0.1` tag pending the operational gates in §11 |
 
 ## 13. Risks and open questions
 

RELEASING.md

@@ -0,0 +1,55 @@
+<!-- SPDX-License-Identifier: GPL-3.0-or-later -->
+
+# Releasing Vault
+
+Vault's posture is **Personal / Hobby** (Standard §5): no SLA, no semver promise,
+and `0.x` may break in any release. This checklist is a maintainer aid for
+cutting a tag, not a contract.
+
+All code-side work for `v0.1` has landed (see `CHANGELOG.md` `[Unreleased]`). The
+remaining `v0.1` success metrics (PRD §11) are **operational** — run them, then
+do the mechanical cut below.
+
+## 1. Operational gates (run before tagging `v0.1.0`)
+
+- [ ] **EncString fuzz soak** — ≥ 24 h with no findings (PRD §11.4):
+      `cargo +nightly fuzz run enc_string_parse -- -max_total_time=86400`
+      (see `docs/fuzzing.md`). Any reproducer under `fuzz/artifacts/` blocks the
+      tag until fixed.
+- [ ] **Live PQC handshake** — build with PQC and confirm an X25519MLKEM768
+      handshake against a PQC-enabled endpoint:
+      `cargo build -p vault-agent --features pqc` (see `docs/pqc.md`).
+- [ ] **End-to-end** (PRD §11.1) — `register` / `login` / `sync` / `get` against
+      both bitwarden.com and a Vaultwarden container (`docs/m2-vaultwarden.md`).
+- [ ] **Daily-driver** (PRD §11.2) — two consecutive weeks of maintainer use with
+      no blocker.
+
+## 2. Cut the release (mechanical)
+
+- [ ] Bump the version once: `[workspace.package] version` in the root
+      `Cargo.toml` (`0.0.1` → `0.1.0`); all crates inherit it. Commit the updated
+      `Cargo.lock`.
+- [ ] `CHANGELOG.md`: rename `## [Unreleased]` → `## [0.1.0] - <YYYY-MM-DD>`
+      (ISO 8601 UTC, Standard §12) and open a fresh empty `[Unreleased]`.
+- [ ] Run the CI-exact gates locally and confirm green:
+      `cargo fmt --all -- --check`;
+      `rm -rf target/clippy && RUSTFLAGS="-D warnings" CARGO_TARGET_DIR=target/clippy cargo clippy --workspace --all-targets --all-features -- -D warnings`;
+      `RUSTFLAGS="-D warnings" cargo test --workspace --all-targets`;
+      `cargo deny check`;
+      `cargo build -p vault-cli --no-default-features --features cli` and
+      `cargo build -p vault-agent --no-default-features`.
+- [ ] `vault --version` shows `0.1.0` and the Standard §13.2 attribution block
+      (the CI `version-gate` mirror).
+- [ ] Refresh `projects/PROJECTS.md` (the umbrella status tracker): status,
+      `Last Updated`, milestone — per `projects/CLAUDE.md` editing rules.
+- [ ] Commit (signed, Ed25519 — Standard §6.3), open the PR, merge when green.
+- [ ] On the merge commit, create a **signed annotated tag** and push it:
+      `git tag -s v0.1.0 -m "Vault v0.1.0"` then `git push origin v0.1.0`.
+      Confirm the tag shows "Verified" (signing key registered on GitHub).
+
+## Notes
+
+- Every commit and the tag must be cryptographically signed and show "Verified"
+  (Standard §6.3). Never `--no-verify` / `--no-gpg-sign`.
+- The `fuzz/` crate is a standalone workspace (nightly + sanitizer) and is not a
+  CI gate; the soak above is the manual equivalent.