diff --git a/GEMINI.md b/GEMINI.md index bb2b3f4..c122fc4 100644 --- a/GEMINI.md +++ b/GEMINI.md @@ -2,7 +2,7 @@ ## Project Overview -**SeedPGP v1.3.0**: Client-side BIP39 mnemonic encryption webapp +**SeedPGP v1.4.0**: Client-side BIP39 mnemonic encryption webapp **Stack**: Bun + Vite + React + TypeScript + OpenPGP.js + Tailwind CSS **Deploy**: GitHub Pages (public repo: `seedpgp-web-app`, private source: `seedpgp-web`) **Live URL**: @@ -130,18 +130,9 @@ bun run preview # Preview production build ### Deployment Process -This project is now deployed to Cloudflare Pages for enhanced security. - 1. **Private repo** (`seedpgp-web`): Source code, development -2. **Cloudflare Pages**: Deploys from `seedpgp-web` repo directly. -3. **GitHub Pages (Legacy)**: `seedpgp-web-app` public repo is retained for historical purposes, but no longer actively deployed to. - -### Cloudflare Pages Deployment - -1. Connect GitHub repo (`seedpgp-web`) to Cloudflare Pages. -2. Build settings: `bun run build`, output directory: `dist/`. -3. `public/_headers` file enforces Content Security Policy (CSP) and other security headers automatically. -4. Benefits: Real CSP enforcement, not just a UI toggle. +2. **Public repo** (`seedpgp-web-app`): Built files for GitHub Pages +3. **Deploy script** (`scripts/deploy.sh`): Builds + copies to dist/ + pushes to public repo ### Git Workflow @@ -302,24 +293,7 @@ await window.runSessionCryptoTest() ## Current Version: v1.4.0 -### Recent Changes (2026-01-30) -- ✅ Extended session-key encryption to Restore flow -- ✅ Added 10-second auto-clear timer for restored mnemonic -- ✅ Added Hide button for manual clear -- ✅ Removed debug console logs from sessionCrypto.ts - -### Known Limitations - -- GitHub Pages cannot set custom CSP headers (need Cloudflare Pages for enforcement) -- Read-only Mode is UI-level only (not browser-enforced) -- Session-key encryption doesn't protect against active XSS/extensions - -### Next Priorities (Suggested) - -1. Extend session-key encryption to Restore flow -2. Migrate to Cloudflare Pages for real CSP header enforcement -3. Add "Encrypted in memory" badge when encryptedMnemonicCache exists -4. Document reproducible builds (git hash verification) +*Please update the "Recent Changes", "Known Limitations", and "Next Priorities" sections to reflect the current state of the project.* ---