Extension
Autofill that knows what to fill.
An LLM reads the form and decides where each value goes — not blind selector matching that ends up pasting your password into Reddit’s search box.
Intent-based autofill
The extension reads each form — HTML attributes, labels, placeholder text, even nearby DOM context — and asks the model what to fill. It fills by intent, not by CSS selector.
No content scripts on your pages
UI rendered inside a closed shadow DOM iframe. Nothing injected into the page’s DOM. No CSS interference. No interception of keystrokes. The extension stays invisible until you ask.
Vault stays remote
Your vault is not on your laptop. The extension fetches credentials over a scoped API per request — no local cache, no decrypted file on disk. WASM crypto runs in the service worker, never in page context.
What it does.
Inline autofill, the way it should work
A small Clavitor icon appears in detected fields. Click it (or focus the field) and a shadow-DOM dropdown shows matching entries for the current URL.
Choose one, the form fills. If the entry has TOTP, the code goes to your clipboard. If it has a passkey, it shows above passwords with its own auth flow.
URL match levels: domain · host · starts-with · exact · regex · neverWebAuthn unlock
No master password. Tap your hardware key or use platform biometrics; the extension asks the vault to issue a fresh credential token. The token is scoped, time-limited, and stored encrypted in extension local storage.
Identity fields (cards, SSN, recovery codes) need a fresh challenge each reveal. The PRF-derived key is computed in the browser, used once, discarded.
CLV1 token format · PRF over hardware authenticator · HKDF-SHA256Save & update prompts that don’t lie
Submit a login with credentials we don’t recognize? You get a save prompt with the URL, username, and a masked password. Use a different password on a known site? An update prompt that distinguishes "update existing" from "save as new account."
Saves go to the vault you pick, with the scope you set. The extension never silently saves anything.
Auto-dismiss after 15s · "Never for this site" excluded list · Per-vault defaultEverything else.
Passkey management
Create, store, and use passkeys. Shown above passwords with a distinct flow.
Password generator
Random or passphrase. HIBP k-anonymity check before saving.
Health dashboard
Weak, reused, breached, and 2FA-eligible findings — with one-click fixes.
Share links
Per-field share with expiry and optional PIN. L3 fields cannot be shared.
Multi-account
Multiple vaults selectable from the popup. Each unlocks independently.
Keyboard-first
Every action has a shortcut. Open, search, fill, generate, lock — without the mouse.
Light + dark
Both modes shipped. Toggle in the popup. CSS-variable swap, not a separate stylesheet.
Context menu
Right-click on a field for quick fill, generator, or TOTP copy with live countdown.
Onboarding in 30s
Paste your credential token. Pin the toolbar icon. Visit a site. Done.
Built for speed.
Get notified when it ships.
Beta opens to free-tier users first.