fix built by serving https

README.md

@@ -13,6 +13,7 @@ A client-side web app for encrypting cryptocurrency seed phrases with OpenPGP an
 ### 🔒 Backup Your Seed (in 30 seconds)
 
 1. **Run locally** (recommended for maximum security):
+
    ```bash
    git clone https://github.com/kccleoc/seedpgp-web.git
    cd seedpgp-web
@@ -76,6 +77,7 @@ SeedPGP is designed to protect against specific threats when used correctly:
 ### 🔬 Technical Security Architecture
 
 **Encryption Stack:**
+
 - **PGP Encryption:** OpenPGP.js with AES-256 (OpenPGP standard)
 - **Session Keys:** Web Crypto API AES-GCM-256 with `extractable: false`
 - **Key Derivation:** PBKDF2 for password-based keys (when used)
@@ -83,12 +85,14 @@ SeedPGP is designed to protect against specific threats when used correctly:
 - **Encoding:** Base45 (RFC 9285) for QR-friendly representation
 
 **Memory Management Limitations:**
+
 - JavaScript strings are immutable and may persist in memory after "clearing"
 - Garbage collection timing is non-deterministic and implementation-dependent
 - Browser crash dumps may contain sensitive data in memory
 - The best practice is to minimize exposure time and use airgapped devices
 
 **Detailed Memory & Encryption Strategy:** See [MEMORY_STRATEGY.md](MEMORY_STRATEGY.md) for comprehensive documentation on:
+
 - Why JavaScript cannot guarantee memory zeroing
 - How SeedPGP's defense-in-depth approach mitigates memory risks
 - Optional React hook (`useEncryptedState`) for encrypting component state
@@ -98,6 +102,7 @@ SeedPGP is designed to protect against specific threats when used correctly:
 ### 🏆 Best Practices for Maximum Security
 
 1. **Airgapped Workflow** (Recommended for large amounts):
+
    ```
    [Online Device] → Generate PGP keypair → Export public key
    [Airgapped Device] → Run SeedPGP locally → Encrypt with public key
@@ -106,6 +111,7 @@ SeedPGP is designed to protect against specific threats when used correctly:
    ```
 
 2. **Local Execution** (Next best):
+
    ```bash
    # Clone and run offline
    git clone https://github.com/kccleoc/seedpgp-web.git
@@ -198,10 +204,12 @@ console.log(result.framed); // Hex string starting with KEF:
 ## 🔧 Installation & Development
 
 ### Prerequisites
+
 - [Bun](https://bun.sh) v1.3.6+ (recommended) or Node.js 18+
 - Git
 
 ### Quick Install
+
 ```bash
 # Clone and install
 git clone https://github.com/kccleoc/seedpgp-web.git
@@ -217,6 +225,7 @@ bun run dev
 ```
 
 ### Production Build
+
 ```bash
 bun run build          # Build to dist/
 bun run preview        # Preview production build
@@ -227,21 +236,25 @@ bun run preview        # Preview production build
 ## 🔐 Advanced Security Features
 
 ### Session-Key Encryption
+
 - **AES-GCM-256** ephemeral keys for in-memory protection
 - Auto-destroys on tab close/navigation
 - Manual lock/clear button for immediate wiping
 
 ### Storage Monitoring
+
 - Real-time tracking of localStorage/sessionStorage
 - Alerts for sensitive data detection
 - Visual indicators of storage usage
 
 ### Clipboard Protection
+
 - Tracks all copy operations
 - Shows what was copied and when
 - One-click history clearing
 
 ### Read-Only Mode
+
 - Blurs all sensitive data
 - Disables all inputs
 - Prevents clipboard operations
@@ -254,6 +267,7 @@ bun run preview        # Preview production build
 ### Core Functions
 
 #### `encryptToSeed(params)`
+
 Encrypts a mnemonic to SeedPGP format.
 
 ```typescript
@@ -274,6 +288,7 @@ const result = await encryptToSeed({
 ```
 
 #### `decryptFromSeed(params)`
+
 Decrypts a SeedPGP frame.
 
 ```typescript
@@ -293,6 +308,7 @@ const plaintext = await decryptFromSeed({
 ```
 
 ### Frame Format
+
 ```
 SEEDPGP1:FRAME:CRC16:BASE45DATA
 └────────┬────────┘ └──┬──┘ └─────┬─────┘
@@ -309,6 +325,7 @@ Examples:
 ## 🚀 Deployment Options
 
 ### Option 1: Localhost (Most Secure)
+
 ```bash
 # Run on airgapped machine
 bun run dev -- --host 127.0.0.1
@@ -316,11 +333,13 @@ bun run dev -- --host 127.0.0.1
 ```
 
 ### Option 2: Self-Hosted (Balanced)
+
 - Build: `bun run build`
 - Serve `dist/` via NGINX/Apache with HTTPS
 - Set CSP headers (see `public/_headers`)
 
 ### Option 3: Cloudflare Pages (Convenient)
+
 - Auto-deploys from GitHub
 - Built-in CDN and security headers
 - [seedpgp-web.pages.dev](https://seedpgp-web.pages.dev)
@@ -330,6 +349,7 @@ bun run dev -- --host 127.0.0.1
 ## 🧪 Testing & Verification
 
 ### Test Suite
+
 ```bash
 # Run all tests (unit + integration)
 bun test
@@ -351,6 +371,7 @@ bun test --watch
 ```
 
 ### Test Coverage
+
 - ✅ **20+ comprehensive tests** including security and edge cases
 - ✅ **8 official Trezor BIP39 test vectors**
 - ✅ **CRC16 integrity validation** (corruption detection)
@@ -365,12 +386,14 @@ bun test --watch
 Security-focused integration tests verify:
 
 **CSP Enforcement** ([src/integration.test.ts](src/integration.test.ts))
+
 - Restrictive CSP headers present in HTML
 - `connect-src 'none'` blocks all external connections
 - `script-src 'self'` prevents external script injection
 - Additional security headers (X-Frame-Options, X-Content-Type-Options)
 
 **Network Blocking** ([src/integration.test.ts](src/integration.test.ts))
+
 - User-controlled network toggle blocks 5 API mechanisms:
   1. Fetch API
   2. XMLHttpRequest
@@ -380,12 +403,14 @@ Security-focused integration tests verify:
   6. Service Worker registration
 
 **Clipboard Behavior** ([src/integration.test.ts](src/integration.test.ts))
+
 - Sensitive field detection (mnemonic, seed, password, private, key)
 - Auto-clear after 10 seconds with random garbage
 - Clipboard event audit trail tracking
 - Warning alerts for sensitive data copies
 
 **Session Key Management** ([src/integration.test.ts](src/integration.test.ts))
+
 - Key rotation every 5 minutes
 - Key rotation after 1000 operations
 - Key destruction with page visibility change
@@ -427,27 +452,32 @@ seedpgp-web/
 ## 🔄 Version History
 
 ### v1.4.5 (2026-02-07)
+
 - ✅ **Fixed QR Scanner bugs** related to camera initialization and race conditions.
 - ✅ **Improved error handling** in the scanner to prevent crashes and provide better feedback.
 - ✅ **Stabilized component props** to prevent unnecessary re-renders and fix `AbortError`.
 
 ### v1.4.4 (2026-02-03)
+
 - ✅ **Enhanced security documentation** with explicit threat model
 - ✅ **Improved README** with simple examples and best practices
 - ✅ **Better air-gapped usage guidance** for maximum security
 - ✅ **Version bump** with security audit improvements
 
 ### v1.4.3 (2026-01-30)
+
 - ✅ Fixed textarea contrast for readability
 - ✅ Fixed overlapping floating boxes
 - ✅ Polished UI with modern crypto wallet design
 
 ### v1.4.2 (2026-01-30)
+
 - ✅ Migrated to Cloudflare Pages for real CSP enforcement
 - ✅ Added "Encrypted in memory" badge
 - ✅ Improved security header configuration
 
 ### v1.4.0 (2026-01-29)
+
 - ✅ Extended session-key encryption to Restore flow
 - ✅ Added 10-second auto-clear timer for restored mnemonic
 - ✅ Added manual Hide button for immediate clearing
@@ -459,17 +489,20 @@ seedpgp-web/
 ## 🗺️ Roadmap
 
 ### Short-term (v1.5.x)
+
 - [ ] Enhanced BIP39 validation (full wordlist + checksum)
 - [ ] Multi-frame support for larger payloads
 - [ ] Hardware wallet integration (Trezor/Keystone)
 
 ### Medium-term
+
 - [ ] Shamir Secret Sharing support
 - [ ] Mobile companion app (React Native)
 - [ ] Printable paper backup templates
 - [ ] Encrypted cloud backup with PBKDF2
 
 ### Long-term
+
 - [ ] BIP85 child mnemonic derivation
 - [ ] Quantum-resistant algorithm options
 - [ ] Cross-platform desktop app (Tauri)
@@ -508,4 +541,4 @@ The author is not responsible for lost funds due to software bugs, user error, o
 - **Security Concerns**: Private disclosure via GitHub security advisory
 - **Recovery Help**: See [RECOVERY_PLAYBOOK.md](RECOVERY_PLAYBOOK.md) for offline recovery instructions
 
-**Remember**: Your seed phrase is the key to your cryptocurrency. Guard it with your life.
+**Remember**: Your seed phrase is the key to your cryptocurrency. Guard it with your life.