SoulNaturalist/zero_password_manager
Open-source self-hosted password manager built with Flutter. Store passwords and crypto seed phrases securely without cloud storage.
crypto-securitycybersecurityfluttermobile-securityoffline-firstpassword-managerpassword-manager-apppassword-manager-uiprivacysecure-vaultseed-phraseself-hostedweb3-security
First Claude commit: Mar 8, 2026Last Claude commit: 12d agoDiscovered: Apr 19, 2026
Recent Claude Commits
test(sharing): add full coverage + harden create-share path
96e21a112d agoauthor_emailfix(ci): use git-cliff binary instead of broken action
74f130612d agoauthor_emailfeat(auth): add /logout endpoint and fix CI test harness
e5f946a12d agoauthor_emailfix(auth): enforce token_version on WebSocket and password change
21c17e712d agoauthor_emailchore(ci): redesign changelog with emoji sections and rich release notes
3bd70091mo agoauthor_emailFix PUT /passwords folder errors and biometric enable flow
fa215621mo agoauthor_emailMove folder storage fully to local (SharedPreferences)
af3a1561mo agoauthor_emailTrigger biometric auth on app entry when no PIN is set
ffb97931mo agoauthor_emailFolder bottom nav bar, move-to-folder, fix sharing 404
c126a9e1mo agoauthor_emailFix biometrics (local_auth) and implement sharing endpoints
180f2541mo agoauthor_emailNo-PIN cold restart, biometric TOTP gate, and manifest permissions
b54b3da1mo agoauthor_emailFix vault-locked cold start, share button, and folder chip UI
510ef2c1mo agoauthor_emailFix delete FK, OTP background_tasks kwarg, add offline password cache
db15a991mo agoauthor_emailFix login: server returns 401 for invalid credentials instead of 200
e2ea3a81mo agoauthor_emailfix: correct login field name mismatch and MFA endpoint routing
a9247341mo agoauthor_emailfix: replace unsafe Uint8List downcast with Uint8List.fromList in vault key zeroing
1a64a8d1mo agoauthor_emailFix PIN save error: replace EncryptedSharedPreferences with KeyStore backend
ae8952f1mo agoauthor_emailFix 4 real security bugs found in code review
0ce1a0b1mo agoauthor_emailChange PIN from 4-digit to 6-digit in setup and verify screens
14b13981mo agoauthor_emaildebug: widen TOTP window to ±90s and log expected codes on mismatch
c3934551mo agoauthor_emailfix: use integer Unix timestamps in JWT creation (iat/exp)
efab0401mo agoauthor_emailfix: accept enrollment token from Authorization header OR mfa_token body field
8a126e41mo agoauthor_emaildebug: add detailed WARNING logs to diagnose 401 on confirm_2fa
379a1b11mo agoauthor_emailfix: secure password generator and repair TOTP enrollment flow
eabe9a91mo agoauthor_emailfix: resolve token_version crash and repair full registration/TOTP flow
35fd17d1mo agoauthor_emailfix: enable core library desugaring for flutter_local_notifications
c3710721mo agoauthor_emailfix: NDK 27.0.12077973 and remove stale _masterKey setter
d1afe991mo agoauthor_emailfix: upgrade AGP to 8.7.0, Kotlin to 2.0.21, add Gradle 8.10.2 wrapper
edd76241mo agoauthor_emailfix: upgrade safe_device and flutter_locker to fix Android v1 embedding error
2497eb91mo agoauthor_emailci: complete CI/CD setup for APK release + auto-changelog
ed021a61mo agoauthor_emailfix: repair broken biometric authentication flow
3b6df461mo agoauthor_emailsecurity: fix 14 backend CVE/CWE vulnerabilities (P0–P2)
88f487d1mo agoauthor_emailsecurity: fix CVE memory dump / PIN extraction vulnerabilities + Android JNI wipe
f0355c81mo agoauthor_emaildocs: elevate README to top-tier open-source landing page
16b8f041mo agoauthor_emailfeat: add automated APK release workflow and optimize README for SEO
d06475d1mo agoauthor_emailfix: biometric + passkey e2e — login form-data, master key persistence, WebAuthn challenge extraction
233bbdd1mo agoauthor_emailfix: stable e2e — server+client wired for sharing, rotation, emergency access
33eb03d1mo agoauthor_emailfeat: add secure sharing, password rotation, and emergency access
5be83991mo agoauthor_emailfix: close three confirmed security vulnerabilities in schemas and auth
7d407131mo agoauthor_emailsecurity: JWT revocation (jti+blacklist), logout endpoint, WebAuthn prod validation, CSP
0f115fc1mo agoauthor_emailsecurity: fix remaining P0–P3 vulnerabilities from audit report
ca74be51mo agoauthor_emailsecurity: fix multiple CVEs and hardening issues across backend
39206801mo agoauthor_emailrefactor(server): domain-based structure per FastAPI best practices
0202d931mo agoauthor_emailrefactor(server): rewrite backend following SOLID, KISS, DRY
4ad93671mo agoauthor_emailsecurity: store passwords/PINs as Uint8List, never as String (OWASP)
08ea5471mo agoauthor_emaildocs: rewrite both READMEs with detailed feature descriptions
66b9ff31mo agoauthor_emailsecurity: backend hardening — 12 vulnerabilities fixed
97913241mo agoauthor_emailfeat: add password folders — backend API + Flutter UI
38c08c81mo agoauthor_emailRedesign demo GIF: real Flutter UI mockups with logo and backgrounds
1e27cb41mo agoauthor_emailAdd Flutter UI mockup demo GIF with all screens and themes
bb4f7c11mo agoauthor_email