Skip to content

Add browser, password-manager, and authenticator migration contracts #10

Description

@mdheller

Summary

Add Exodus contracts for browser state, bookmarks, history, downloads, extensions, password-manager exports, passkey references, authenticator inventory, and browser-to-SourceOS migration readiness.

Why

Browsers and credential managers are major lock-in surfaces. Users cannot fully exit Apple, Google, or Microsoft ecosystems unless Exodus can inventory and preserve browser/workspace state while keeping secrets protected.

Contract family

Add initial contracts for:

  • BrowserSourceProfile
  • BrowserProfileSnapshot
  • BookmarkExportRecord
  • BrowserHistoryRecord
  • DownloadHistoryRecord
  • ExtensionInventoryRecord
  • CredentialVaultExportProfile
  • CredentialReferenceRecord
  • PasskeyReferenceRecord
  • AuthenticatorInventoryRecord
  • BrowserMigrationReadinessRecord

Initial source surfaces

Browsers

  • Safari
  • Chrome
  • Edge
  • Firefox
  • Librewolf
  • Brave
  • Chromium
  • Arc or equivalent user-exported browser state where available

Password managers and credentials

  • Apple Passwords / iCloud Keychain export where user-authorized and exportable
  • Google Password Manager export where user-authorized
  • Microsoft/Edge password export where user-authorized
  • Firefox password export where user-authorized
  • Bitwarden export
  • KeePass / KeePassXC database references
  • 1Password export where user-authorized
  • Proton Pass export where user-authorized
  • generic CSV/JSON password-manager exports

Passkeys and authenticators

  • passkey inventory metadata where exportable or observable
  • hardware security key inventory metadata
  • authenticator app backup/export metadata where user-authorized
  • recovery-code custody status without exposing recovery codes in proof packs

Required semantics

  • raw export custody first where safe and user-authorized
  • never put raw secrets into proof packs
  • credential values are sealed, redacted, or referenced; not displayed by default
  • passkeys are modeled as references/inventory when non-exportable
  • recovery codes are never printed or indexed as plaintext
  • browser history is private and redaction-gated before export
  • downloads and bookmarks preserve source aliases
  • extension inventory captures permissions/risk posture without executing extensions
  • SourceOS/BearBrowser/Librewolf migration readiness is a derived record

Acceptance criteria

  1. Contracts exist for browser profile, bookmarks, history, downloads, extensions, credential references, passkey references, authenticator inventory, and migration readiness.
  2. Each contract has at least one fixture.
  3. Validators verify fixture shape and safety gates.
  4. Credential/passkey records do not require plaintext secrets.
  5. Proof-pack export requires redaction or sealed-secret handling.
  6. Browser-to-Linux migration readiness can report imported, blocked, redaction-required, or manually-action-required states.

Non-goals

  • No credential harvesting.
  • No bypassing platform security controls.
  • No printing secrets or recovery codes.
  • No executing browser extensions.
  • No automatic account takeover or login automation.

Related

  • SocioProphet/exodus#5
  • SocioProphet/exodus#8
  • SocioProphet/exodus#9
  • SocioProphet/sociosphere#288

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions