The extension processes KeePass data locally. Decrypted data must stay on the user's machine and inside the extension runtime.

Treat all of the following as sensitive:

• Database password.
• Key-file bytes and path.
• KDBX file bytes.
• Derived keys.
• Decrypted XML or parsed database objects.
• Entry passwords.
• Usernames.
• URLs.
• Notes.
• TOTP seeds and generated codes.
• Custom fields.

• Do not log sensitive data.
• Do not send sensitive data to AI providers, telemetry, crash reporting, analytics, remote APIs, or favicon services.
• Do not shell out to KeePassXC or any external CLI.
• Do not write modified KDBX data in the initial product.
• Do not store decrypted database dumps in LocalStorage or files.

Credential persistence should mirror the referenced Raycast KeePassXC extension unless the user changes this requirement. Any implementation must clearly separate:

• Stored unlock credentials or unlock metadata.
• In-memory decrypted database state.
• Inactivity lock timestamps.
• User preferences.

The unlock form now remembers the database path and database password using launcher LocalStorage plus a file-backed fallback under the extension support directory after a successful unlock. This was added by explicit user request as a convenience/security tradeoff after form persistence and LocalStorage did not restore reliably in the target runtime:

• Remembered path and password are used to auto-unlock on command startup when both values are available, so anyone with access to the trusted launcher/device session may be able to open the command and view entries.
• Remembered password may remain available after manual lock, inactivity lock, extension restart, launcher restart, filesystem backup, or user-account compromise until the stored value is changed or cleared.
• Manual lock and inactivity lock clear decrypted database state from the command UI; they do not clear remembered unlock values.
• Database paths can reveal sensitive metadata such as usernames, client names, vault locations, or sync folders.
• Key-file bytes and key-file paths are not intentionally persisted by the extension, so key-file databases require selecting the key file when auto-unlock fails.
• The unlock form has a Forget Remembered Unlock Values action that removes the remembered database path and password from LocalStorage and the file-backed fallback.
• The file-backed fallback is stored with private directory and file permissions where supported, but it should still be treated as recoverable plaintext available to the same user account.
• SuperCmd's LocalStorage and support-directory storage behavior for password values must be runtime-verified before claiming equivalent protection to Raycast.

Before implementing or changing credential persistence again, run a security review.

Key-file support is mandatory. Handle key files as secret material:

• Read only the configured or selected file.
• Do not log the path if avoidable; never log bytes.
• Do not copy key-file bytes into persistent storage unless explicitly required and reviewed.
• Show clear errors for missing, unreadable, or unsupported key files.

TOTP seeds are equivalent to credentials.

• Parse only recognized KeePass OTP fields.
• Do not log OTP URLs or seeds.
• Generated codes should only be shown, copied, or pasted through explicit user action.

The current product requirement does not require clipboard auto-clearing. Do not add clipboard clearing unless requested. If added later, make behavior explicit and test carefully.

Before adding KDBX, Argon2, crypto, XML, TOTP, favicon, or file parsing dependencies, review:

• License.
• Maintenance activity.
• Native addon requirements.
• Bundling behavior.
• Transitive dependency size and risk.
• Network behavior.
• Known security issues.

Status: parser stack remains a verification spike and is not production-adopted yet.

Reviewed stack:

• kdbxweb@2.1.1.
• hash-wasm@4.12.0.
• Override @xmldom/xmldom@0.8.13 under kdbxweb.
• Override fflate@0.8.3 under kdbxweb.

Positive findings:

• npm audit --omit=dev --json reports 0 vulnerabilities.
• Reviewed packages are MIT licensed.
• Reviewed package metadata does not define install, preinstall, or postinstall scripts.
• Production source contains no console.*, fetch, XMLHttpRequest, shell execution, or KDBX write/save/create/merge/delete calls.
• Production persistence is limited to the user-requested remembered database path and password in LocalStorage and a file-backed fallback plus the corresponding forget action; decrypted entries, key-file paths/bytes, TOTP values, and parsed database objects are not stored.
• Production KDBX access is through Kdbx.load behind the read-only loader.
• KDBX create/save APIs are used only in tests for generated fixtures.
• TOTP generation is local and action-triggered; raw OTP seeds are not copied or rendered as actions.
• Placeholder handling is conservative and does not execute command, environment, or unknown placeholders.
• Favicon fetching/display remains disabled.

Adoption blockers:

• kdbxweb includes Salsa20 source that references an external gist with no declared source license. This provenance risk must be resolved or explicitly accepted before release.
• Practical fixture coverage is still missing for KDBX3 password-only, KDBX3 password plus key-file, KDBX4 AES-KDF, external KDBX4 Argon2, unsupported KDF/features, and corrupt/non-KDBX files.
• Raycast and SuperCmd runtime verification is still incomplete in the documentation.
• The Argon2 adapter currently relies on hash-wasm Argon2 version behavior and does not explicitly handle KDBX Argon2 v1.0 versus v1.3 differences.
• Sensitive byte/string lifetime relies on JavaScript runtime garbage collection after lock/unlock transitions; this is an accepted limitation only for spike verification, not a final release sign-off.

Errors should be actionable without exposing secrets. Good examples:

• Unable to unlock database. Check the password and key file.
• This database uses an unsupported KDBX feature or key derivation function.
• The configured key file could not be read.

Avoid including passwords, key-file contents, decrypted fields, or raw parser dumps in errors.