What's New in Claspt

The v2 wave is now publicly available. Browser extension v2.1.4 just passed Chrome Web Store review. Desktop v2.0.3 is downloadable on macOS, Linux, and Windows today.

• Browser extension v2.1.4 — live on the Chrome Web Store. Same build for Chrome, Edge, Brave, and Arc. Install from the store →
• macOS — available immediately as a signed and Apple-notarized universal .dmg (Apple Silicon + Intel). No SmartScreen-style warning; just download and open.
• Linux — available immediately as .AppImage (universal) and .deb (Ubuntu / Debian).
• Windows — available immediately via the Microsoft Store (recommended — Microsoft-verified and auto-updated) or as a direct .msi / .exe download.
• Mobile — still in store review. iOS and Android v2.0.0 builds are queued with Apple and Google. We'll post here when they roll out.

The full feature list for the v1.7.45 → v2.0.3 wave is below. Read the launch post for the highlights → /blog/claspt-v2-launch-day/.

A wave of releases consolidated as v2.0.3. Headline changes: full credential editing inside the browser extension, automatic desktop sync after every keystroke, mobile gets nested folders + a search overhaul + auto-lock, and the desktop editor stays in sync with external writers.

• Edit credentials inline — username, password, TOTP, URL, and custom fields edited directly in the popup; saving one field never disturbs the others
• Auto-detect password rotation — fill a credential, submit a form with a different password, and a save bar offers "Update password for X" with one click
• Delete, rename, move credentials right from the row context menu
• Password generator with presets — Easy 12 · Strong 20 · Long 32 · Passphrase · PIN, plus exclude-ambiguous / exclude-problematic toggles and a per-login generation history (hashed locally, configurable retention 1–30 days, default 7)
• Reused-password warning — per-row badge plus a banner with the total count when the same password covers more than one login. Hashing happens locally with Web Crypto; nothing leaves the device
• Multi-credential workflow — mark one as primary (★ auto-fill prefers it), retire legacy logins as deprecated, pin and last-used sort across popup and inline picker
• Per-item URL match policy — Base domain / Exact hostname / Exact URL / Never auto-fill

iOS and Android builds are still under review with Apple and Google. The v2.0.0 mobile build supersedes 1.4.4 / 1.5.17 / 1.6.3 — install once the stores approve and your existing vault unlocks unchanged.

• Auto-pull on foreground — the app pulls new changes when you bring it forward and again every 60 seconds while open
• Full nested folder hierarchy — Pages, Tags, Secrets, and Search all walk the vault tree recursively, so nothing inside a subfolder is hidden
• Search overhaul — unicode-aware tokenizer, AND→OR fallback for partial matches, substring toggle, scope picker (notes / secrets / both), and a reindex tool
• Auto-lock with configurable timeout + foreground / background-aware idle timer so the vault locks correctly whether you switched apps or just stopped typing
• Auto-enable biometric unlock on first password unlock (opt-out available) so subsequent unlocks are one touch
• Caps-lock hint and password visibility toggle on the unlock screen — the most common causes of mobile "wrong password" surprises

• Automatic sync after every change. Edit a page, your change reaches the server in ~20 seconds — no manual Sync now. Rapid edits collapse into a single server version, keeping history clean
• Three save states in the title bar — Unsaved (grey dot), Saving (pulsing gold), Saved (green check). No more "is it actually saved?" guessing
• Editor stays in sync with external writers. If the browser extension or sync changes a credential while the page is open, the editor re-reads it cleanly so autosave can never silently undo someone else's write
• Multi-device sync, rock solid. Every unlock path — password or biometric — restores the full key material needed to read and sync. Other devices will always decrypt what you push
• Portable exports. Vault exports are now plain, portable markdown — open them in any other markdown editor without conversion

• Windows: invisible-window-after-restore fixed — the saved window rect is now validated against the current monitor set before being restored, and the window re-asserts focus reliably on every code path
• Windows: unlock no longer deadlocks on multi-device sync — full-vault sync after first unlock is now reliable
• Browser extension: clickjacking-hardened inline picker — closed shadow DOM, isolated styles, and a refusal to render in cross-origin iframes (addresses the 2025 password-manager research)
• Vault.key and license.token excluded from git, fixing a path where they could leak to a third-party git remote on a git-synced vault. If you've ever pushed a Claspt vault to GitHub or a similar host, rotate that remote's credentials.

Released as v1.7.45 (2026-04-19) → v1.8.5 (2026-04-20) → v2.0.0 (2026-04-27) → v2.0.3 (publicly released 2026-05-08). Vault format is unchanged across the line — no migration on first launch from any earlier 1.x build.

Mobile builds are not yet on the App Store or Play Store — both submissions are under review.

• iOS and Android now pull your full encrypted vault, decrypt it on-device with the same master password as desktop, and open every page and secret intact
• First sync flow: activate licence → verify email OTP → enter master password → vault downloads, decrypts, and unlocks

• Per-license storage quotas — default 1 GB, lift to 2 / 5 / 10 / 20 / 50 GB on request
• Storage indicators on the Sync settings — Local Vault size and Server Sync used / quota with a colour-coded bar
• Force Push (overwrite server) button to recover from an unrecoverable sync state without disabling and re-enabling sync
• "Version" field renamed to Sync Revision to avoid confusion with the app version

• Usage Journal — every credential copy / reveal logged locally, never sent to the server
• Device Registry — every device that has opened the vault, with first-seen and last-seen timestamps
• Vault Stats — daily snapshot of page count, secret count, folder count, and top tags

• Security Scan — one click to flag weak or reused passwords
• Automation Rules — auto-tag from URL, auto-folder by source, auto-archive inactive pages, password rotation reminders, auto-pin frequently-used credentials
• Custom Templates — build your own secret block templates with named fields, required/optional flags, and icons

• Every settings tab now opens with a short description so you know what each panel is for
• Sync tab loads immediately with status, devices, and storage info instead of appearing blank on first visit

The current live version on the Chrome Web Store is still v1.5.0. v1.7.23 is submitted to Google for review and will roll out automatically once approved.

• SVG icons replace text buttons in the inline credential dropdown, with colourful field icons and faster hover tooltips
• Eye icon to preview credentials directly from the dropdown
• Two-row, full-width layout for better readability on narrow forms
• Hidden debug mode toggle for troubleshooting
• Stability fixes for "Extension context invalidated" errors

• Fixed "Internal server error" on the Licenses page
• Device IDs, Group IDs, and emails are no longer truncated in tables
• New "Storage Quota" menu item on each license with preset GB buttons and a custom value input

• macOS — universal .dmg signed and notarized by Apple. A signed Mac App Store .pkg is queued for submission
• Windows & Linux — direct .msi / .exe / .AppImage / .deb from CI; Microsoft Store .msix build also produced

• Claspt is now live on the Microsoft Store for Windows — installs without a SmartScreen warning, auto-updates handled by Microsoft
• Store builds ship with the auto-updater compiled out entirely via a Cargo feature flag (--no-default-features --features store) — Microsoft handles updates automatically
• Direct-download .msi / .exe installers still work and continue to self-update in-app (but remain unsigned for now; SmartScreen may warn)

• New claspt-core crate exposed via UniFFI — mobile (iOS + Android) now shares the exact same Rust encryption, Git, and sync code as the desktop
• Crypto: AES-256-GCM encryption and Argon2id key derivation run in native Rust on mobile — same code path as desktop
• Git: auto-commit, history, and diff now use git2 via UniFFI instead of isomorphic-git
• Sync bundle encryption/decryption, frontmatter parsing, and secret-block handling are now shared with desktop
• Mobile crypto is no longer implemented in JavaScript — every platform encrypts and decrypts secrets using the exact same Rust code, audited once

• Redesigned vault browser with categories, tags, and quick actions
• Server-first onboarding — new 4-step flow (Account → Verify → Device → Sync) with live sync progress
• Sync decryption fixes — mobile now correctly decrypts and unpacks sync blobs using the shared Rust module
• Theme fixes and a cleaned-up Settings screen
• Plan badge (Pro/Free) now shown in the Settings header

The current live version on the Chrome Web Store is v1.5. The build below is submitted to Google for review and will be rolled out automatically once approved.

• SVG icons replace text buttons and field labels in the in-page credential dropdown
• Colorful field icons with fast 0.3s hover tooltips
• Eye icon to view credentials directly from the inline dropdown
• Two-row, full-width layout for better readability on narrow forms
• Hidden debug mode toggle — opt-in debug logging for troubleshooting
• Context invalidation guards — prevents errors when the extension reloads while a page is open
• All debug console.log calls removed from production builds

• New example page: a full AWS production setup demonstrating 7 secret blocks (root credentials, IAM user, EC2 key pair, RDS admin, S3 bucket keys, CloudFront distribution, Route 53)

• Drag-and-drop in sidebar — move pages between folders, nest folders, multi-select drag with count badge, root-level drop zone
• Folder "Move to..." context menu — right-click any folder to move it to another location
• Plan badge in sidebar header — shows Free, Pro, Pro+, or Trial next to the Claspt logo, updates live

• Sync "license_key not set" error — license activation now saves to both license.token and config.json
• Sync settings correctly detect active Pro/Pro+ licenses
• License UI shows correct activate/deactivate state for all plan types
• Folder context menu no longer clipped by sidebar overflow

• Incoming shares redesigned — rich share cards with type icons, expiry countdowns, burn-after-reading indicators, preview modal, import with success feedback, and dismiss
• License auto-setup — activating Pro/Pro+ automatically enables server features and registers your email for sharing
• Settings consolidated — License and Server merged into a single "Account" section
• Reset to Defaults — new button in General settings resets theme, editor, extensions, and help pages without touching notes or secrets
• Live theme preview — clicking a theme applies immediately without Save
• All 15 extensions enabled by default in new vaults
• New "shared" default folder for incoming shares
• Git tracking — new vaults track vault.key and config.json in git for easier multi-device setup via clone

• Faster tooltips on sidebar icons (~0.5s instead of browser-default 3s)
• Reordered toolbar — Help, Share, Import, Generator, Refresh, Theme, Settings
• License badge in sidebar footer showing plan type and email

• Multi-device sync — fixed encryption key mismatch that prevented restored devices from decrypting the original device's vault data
• Multi-device sync — fixed sync group matching so restored devices join the correct sync group

• Automatic background sync — after setup, changes push and pull every 30 seconds with no manual "Sync Now" needed

• Restore from Pro Account now works end-to-end on all platforms — license token, sync setup, and vault pull all happen in one step
• License tier displays correctly ("Pro+" instead of raw identifier) during restore

• Sharing — 3 ways to share: Via Link (everyone), To Claspt User (email + access code), and Passwordless (Pro/Pro+ — one-click import, no password visible anywhere)
• Cloud Sync (Pro+) — sync your encrypted vault across devices via Claspt servers. End-to-end encrypted. Setup: Settings > Sync > Enable Cloud Sync > verify via email OTP
• Restore from Pro Account — set up a new device by entering your Pro account email, verifying via OTP, and entering your master password. Vault syncs from cloud
• Import from ZIP — import a previously exported .zip archive directly, with password support and folder structure preserved

• Admin dashboard rebuilt — React 19, shadcn/ui, light/dark mode, license CRUD with detail sheets, actions dropdown, breadcrumbs
• Sync infrastructure — encrypted vault blob storage, lazy sync engine initialization, HMAC-signed WebSocket auth

• Import Markdown Folder — import all .md files from a folder into your vault with automatic secret encryption and frontmatter title extraction
• 13 help pages — new guides for Password Generator, Browser Extension, and Utilities
• Starter folders — new vaults include credentials, identities, and personal folders
• Reset Help Pages — refresh help content to latest version from Settings > General

• All 15 markdown extensions working — Mermaid, chemical formulas, Graphviz, charts, timelines, kanban, spreadsheets, music notation all render correctly
• Spreadsheet formulas evaluate correctly under Content Security Policy
• Split view scroll — no more white space at the bottom of preview
• Tour no longer repeats after dismissal or completion
• Editor error boundary — crashes show recovery UI instead of blank panel

• Buy Pro in-app — Settings > License now shows Pro and Pro+ purchase options with Annual/Monthly pricing

• Convert Selection to Secret(s) — select text with credentials, right-click to convert to encrypted secret blocks

• Vault Export — export your entire vault as a password-protected zip archive, or export secrets only as structured JSON/CSV (compatible with 1Password/Bitwarden import)
• Multi-select & Bulk Operations — Cmd/Ctrl+click to select multiple pages, Shift+click for range selection. Bulk move, archive, or delete
• Consolidate test mode — preview with "Test Run" before full consolidation
• Preview syntax highlighting — code blocks render with proper coloring for 22 languages

• Consolidate preserves all secrets — secrets are fully decrypted, copied, and re-encrypted during merge
• Consolidate runs in background — no more UI freezes during large operations
• Bulk delete performance — instant batch deletion
• Secret label escaping — labels containing brackets display correctly throughout the app
• Context menu positioning — right-click menu uses fixed viewport positioning

• Sync security — HMAC-SHA256 request signing, WebSocket first-frame auth, device OTP verification
• Account portal — sync dashboard, storage usage, license details, activity log, device management

• Utilities redesigned — master-detail layout replaces card grid. Sidebar navigation on the left, full-width content on the right

• Window close button (Cmd+Q / red X) now works reliably
• Window state restore — missing Tauri permissions added for maximize, resize, position, and close
• Utility panel overflow — all panels use scrollable result lists with proper truncation

• Window state persistence — app maximizes on first launch, then restores last saved size and position
• 5 new themes — GitHub Dark, Everforest, Kanagawa, Ayu Light, Midnight Blue
• Syntax highlighting in preview — code blocks render with proper coloring for 22 languages

• Folder deletion performance — deleting folders with hundreds of pages is now near-instant
• Secret labels with brackets no longer truncated by the parser
• Sidebar improvements — folder/file icons redesigned, file indentation fixed, theme contrast improved

• Email verification enabled for registration
• Better error messages for registration and sharing

• Guided startup tour — spotlight-style walkthrough on first vault unlock. Quick Tour (6 steps) for essentials, Advanced Tour (9 steps) for power features
• Tour versioning — existing users get prompted when new features are added

• Multi-byte character crash — pages containing emoji, CJK, or accented characters no longer crash on truncation or paste
• Tour step reliability — all steps correctly handle async UI changes with proper cleanup

• Encrypted vault with AES-256-GCM — all secrets encrypted at rest
• Master password + optional biometric unlock (Touch ID / Windows Hello)
• Markdown-native pages with WYSIWYG and raw editing modes
• Inline encrypted secret blocks — embed credentials inside any note
• 8 secret templates: Login, API Key, SSH Key, Credit Card, Crypto Wallet, Wi-Fi, License Key, Secure Note
• Folder-based vault organization with drag-and-drop
• Auto-lock on idle, screen lock, and app minimize
• Password generator with configurable length, symbols, and entropy display

• Full CommonMark + GFM support with live preview
• Syntax highlighting for 50+ languages in fenced code blocks
• Tables, checklists, callouts, and horizontal rules
• Mermaid diagrams and KaTeX math formula rendering
• Slash commands for quick insertion of blocks, secrets, and formatting
• 20 editor themes including Vault Dark, Solarized, Nord, Everforest, and Kanagawa

• Full-text search across notes and secret metadata in < 100ms
• Cmd+K / Ctrl+K quick search with fuzzy matching
• Filter by tags, secret type, date modified, or folder

• Unlimited folders with nesting and drag-and-drop reordering
• Tag system with color coding and bulk operations
• Favorites and pinned pages for quick access
• Recently edited and recently viewed lists

• Zero-knowledge architecture — your master password never leaves your device
• AES-256-GCM encryption with Argon2id key derivation
• Per-secret encryption keys with HKDF key hierarchy
• Clipboard auto-clear after 30 seconds
• Configurable auto-lock timeout
• All data stored locally — no cloud required for free tier

• Local Git versioning — automatic commits on every save
• Full diff view for any page revision
• One-click revert to any previous version
• Google Drive sync (Pro) — encrypted before upload
• Hosted encrypted sync (Pro+) with conflict resolution

• Import from 1Password (.1pux), LastPass (.csv), RoboForm, KeePass (.kdbx)
• Import plain markdown files and folders
• Bulk import with automatic folder structure preservation

• 20 editor themes with dark and light variants
• Resizable sidebar with collapsible sections
• Compact and comfortable density modes
• Keyboard-first navigation — command palette, Vim-style shortcuts

• macOS universal binary (Apple Silicon + Intel) — .dmg and .tar.gz
• Windows x64 — .msi and .exe installers
• Linux x64 — .AppImage and .deb packages
• MCP Server for Claude, Cursor, and Windsurf AI memory integration
• CLI for scripting and automation
• REST API for programmatic vault access