Merge branch 'beta' into codex/locate-command-usage-issue-in-seedpass

2025-09-08 07:18:47 +00:00 · 2025-07-10 22:57:34 -04:00
parent 2609064016 b8cf22e0bb
commit 9358f620c2
1 changed files with 106 additions and 167 deletions
--- a/README.md
+++ b/README.md
@@ -1,8 +1,9 @@
 ````markdown
 # SeedPass
 ![SeedPass Logo](https://raw.githubusercontent.com/PR0M3TH3AN/SeedPass/refs/heads/main/logo/png/SeedPass-Logo-03.png)
-**SeedPass** is a secure password generator and manager built on **Bitcoin's BIP-85 standard**. It uses deterministic key derivation to generate **passwords that are never stored**, but can be easily regenerated when needed. By integrating with the **Nostr network**, SeedPass compresses your encrypted vault and splits it into 50 KB chunks. Each chunk is published as a parameterised replaceable event (`kind 30071`), with a manifest (`kind 30070`) describing the snapshot and deltas (`kind 30072`) capturing changes between snapshots. This allows secure password recovery across devices without exposing your data.
+**SeedPass** is a secure password generator and manager built on **Bitcoin's BIP-85 standard**. It uses deterministic key derivation to generate **passwords that are never stored**, but can be easily regenerated when needed. By integrating with the **Nostr network**, SeedPass compresses your encrypted vault and splits it into 50 KB chunks. Each chunk is published as a parameterised replaceable event (`kind 30071`), with a manifest (`kind 30070`) describing the snapshot and deltas (`kind 30072`) capturing changes between snapshots. This allows secure password recovery across devices without exposing your data.
 [Tip Jar](https://nostrtipjar.netlify.app/?n=npub16y70nhp56rwzljmr8jhrrzalsx5x495l4whlf8n8zsxww204k8eqrvamnp)
@@ -10,7 +11,7 @@
 **⚠️ Disclaimer**
-This software was not developed by an experienced security expert and should be used with caution. There may be bugs and missing features. Each vault chunk is limited to 50 KB and SeedPass periodically publishes a new snapshot to keep accumulated deltas small. The security of the program's memory management and logs has not been evaluated and may leak sensitive information. Loss or exposure of the parent seed places all derived passwords, accounts, and other artifacts at risk.
+This software was not developed by an experienced security expert and should be used with caution. There may be bugs and missing features. Each vault chunk is limited to 50 KB and SeedPass periodically publishes a new snapshot to keep accumulated deltas small. The security of the program's memory management and logs has not been evaluated and may leak sensitive information. Loss or exposure of the parent seed places all derived passwords, accounts, and other artifacts at risk.
 ---
 ### Supported OS
@@ -18,7 +19,6 @@ This software was not developed by an experienced security expert and should be
 ✔ Windows 10/11 • macOS 12+ • Any modern Linux  
 SeedPass now uses the `portalocker` library for cross-platform file locking. No WSL or Cygwin required.
 ## Table of Contents
 - [Features](#features)
@@ -42,7 +42,7 @@ SeedPass now uses the `portalocker` library for cross-platform file locking. No
 - **Deterministic Password Generation:** Utilize BIP-85 for generating deterministic and secure passwords.
 - **Encrypted Storage:** All seeds, login passwords, and sensitive index data are encrypted locally.
 - **Nostr Integration:** Post and retrieve your encrypted password index to/from the Nostr network.
- **Chunked Snapshots:** Encrypted vaults are compressed and split into 50 KB chunks published as `kind 30071` events with a `kind 30070` manifest and `kind 30072` deltas.
+- **Chunked Snapshots:** Encrypted vaults are compressed and split into 50 KB chunks published as `kind 30071` events with a `kind 30070` manifest and `kind 30072` deltas.
 - **Automatic Checksum Generation:** The script generates and verifies a SHA-256 checksum to detect tampering.
 - **Multiple Seed Profiles:** Manage separate seed profiles and switch between them seamlessly.
 - **Nested Managed Account Seeds:** SeedPass can derive nested managed account seeds.
@@ -52,7 +52,7 @@ SeedPass now uses the `portalocker` library for cross-platform file locking. No
 - **Export 2FA Codes:** Save all stored TOTP entries to an encrypted JSON file for use with other apps.
 - **Display TOTP Codes:** Show all active 2FA codes with a countdown timer.
 - **Optional External Backup Location:** Configure a second directory where backups are automatically copied.
- **Auto‑Lock on Inactivity:** Vault locks after a configurable timeout for additional security.
+- **Auto-Lock on Inactivity:** Vault locks after a configurable timeout for additional security.
 - **Secret Mode:** Copy retrieved passwords directly to your clipboard and automatically clear it after a delay.
 - **Tagging Support:** Organize entries with optional tags and find them quickly via search.
 - **Manual Vault Export/Import:** Create encrypted backups or restore them using the CLI or API.
@@ -65,12 +65,11 @@ SeedPass now uses the `portalocker` library for cross-platform file locking. No
 ## Prerequisites
- **Python 3.8+** (3.11 or 3.12 recommended): Install Python from [python.org](https://www.python.org/downloads/) and be sure to check **"Add Python to PATH"** during setup. Using Python 3.13 is currently discouraged because some dependencies do not ship wheels for it yet, which can cause build failures on Windows unless you install the Visual C++ Build Tools.
+- **Python 3.8+** (3.11 or 3.12 recommended): Install Python from [python.org](https://www.python.org/downloads/) and be sure to check **"Add Python to PATH"** during setup. Using Python 3.13 is currently discouraged because some dependencies do not ship wheels for it yet, which can cause build failures on Windows unless you install the Visual C++ Build Tools.  
-*Windows only:* Install the [Visual Studio Build Tools](https://visualstudio.microsoft.com/visual-cpp-build-tools/) and select the **C++ build tools** workload.
+  *Windows only:* Install the [Visual Studio Build Tools](https://visualstudio.microsoft.com/visual-cpp-build-tools/) and select the **C++ build tools** workload.
 ## Installation
 ### Quick Installer
 Use the automated installer to download SeedPass and its dependencies in one step.
@@ -88,87 +87,52 @@ bash -c "$(curl -sSL https://raw.githubusercontent.com/PR0M3TH3AN/SeedPass/main/
 ```powershell
 Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; $scriptContent = (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/PR0M3TH3AN/SeedPass/main/scripts/install.ps1'); & ([scriptblock]::create($scriptContent))
 ```
-Before running the script, install **Python 3.11** or **3.12** from [python.org](https://www.python.org/downloads/windows/) and tick **"Add Python to PATH"**. You should also install the [Visual Studio Build Tools](https://visualstudio.microsoft.com/visual-cpp-build-tools/) with the **C++ build tools** workload so dependencies compile correctly.
+Before running the script, install **Python 3.11** or **3.12** from [python.org](https://www.python.org/downloads/windows/) and tick **"Add Python to PATH"**. You should also install the [Visual Studio Build Tools](https://visualstudio.microsoft.com/visual-cpp-build-tools/) with the **C++ build tools** workload so dependencies compile correctly.  
-The Windows installer will attempt to install Git automatically if it is not already available. It also tries to
+The Windows installer will attempt to install Git automatically if it is not already available. It also tries to install Python 3 using `winget`, `choco`, or `scoop` when Python is missing and recognizes the `py` launcher if `python` isn't on your PATH. If these tools are unavailable you'll see a link to download Python directly from <https://www.python.org/downloads/windows/>. When Python 3.13 or newer is detected without the Microsoft C++ build tools, the installer now attempts to download Python 3.12 automatically so you don't have to compile packages from source.
 install Python 3 using `winget`, `choco`, or `scoop` when Python is missing and recognizes the `py` launcher if `python`
 isn't on your PATH. If these tools are unavailable you'll see a link to download Python directly from
 <https://www.python.org/downloads/windows/>. When Python 3.13 or newer is detected without the Microsoft C++ build tools,
 the installer now attempts to download Python 3.12 automatically so you don't have to compile packages from source.
 **Note:** If this fallback fails, install Python 3.12 manually or install the [Microsoft Visual C++ Build Tools](https://visualstudio.microsoft.com/visual-cpp-build-tools/) and rerun the installer.
 *Install the beta branch:*
 ```powershell
 Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; $scriptContent = (New-Object System.Net.WebClient).DownloadString('https://raw.githubusercontent.com/PR0M3TH3AN/SeedPass/main/scripts/install.ps1'); & ([scriptblock]::create($scriptContent)) -Branch beta
 ```
 ### Manual Setup
 Follow these steps to set up SeedPass on your local machine.
-### 1. Clone the Repository
+1. **Clone the Repository**
-First, clone the SeedPass repository from GitHub:
+   ```bash
   git clone https://github.com/PR0M3TH3AN/SeedPass.git
   cd SeedPass
   ```
-```bash
+2. **Create a Virtual Environment**
 git clone https://github.com/PR0M3TH3AN/SeedPass.git
 ```
-Navigate to the project directory:
+   ```bash
   python3 -m venv venv
   ```
-```bash
+3. **Activate the Virtual Environment**
 cd SeedPass
 ```
-### 2. Create a Virtual Environment
+   - **Linux/macOS:**
     ```bash
     source venv/bin/activate
     ```
   - **Windows:**
     ```bash
     venv\Scripts\activate
     ```
-It's recommended to use a virtual environment to manage your project's dependencies. Create a virtual environment named `venv`:
+4. **Install Dependencies**
-```bash
+   ```bash
-python3 -m venv venv
+   python -m pip install --upgrade pip
-```
+   python -m pip install -r src/requirements.txt
-
+   python -m pip install -e .
-### 3. Activate the Virtual Environment
+   ```
-
+// 🔧 merged conflicting changes from codex/locate-command-usage-issue-in-seedpass vs beta
-Activate the virtual environment using the appropriate command for your operating system.
+After reinstalling, run `which seedpass` on Linux/macOS or `where seedpass` on Windows to confirm the command resolves to your virtual environment's `seedpass` executable.
 - **On Linux and macOS:**
  ```bash
  source venv/bin/activate
  ```
 - **On Windows:**
  ```bash
  venv\Scripts\activate
  ```
 Once activated, your terminal prompt should be prefixed with `(venv)` indicating that the virtual environment is active.
 ### 4. Install Dependencies
 Install the required Python packages and build dependencies using `pip`.
 When upgrading pip, use `python -m pip` inside the virtual environment so that pip can update itself cleanly:
 ```bash
 python -m pip install --upgrade pip
 python -m pip install -r src/requirements.txt
 python -m pip install -e .
 ```
 If you previously installed an older version of SeedPass, the `seedpass`
 command might still point to the legacy `main.py` script. Run
 `pip uninstall seedpass` and then reinstall with the command above to
 register the new Typer-based CLI.
 After reinstalling, run `which seedpass` on Linux/macOS or `where seedpass`
 on Windows to confirm the command resolves to your virtual environment's
 `seedpass` executable.
 #### Linux Clipboard Support
-On Linux, `pyperclip` relies on external utilities like `xclip` or `xsel`.
+On Linux, `pyperclip` relies on external utilities like `xclip` or `xsel`. SeedPass will attempt to install **xclip** automatically if neither tool is available. If the automatic installation fails, you can install it manually:
 SeedPass will attempt to install **xclip** automatically if neither tool is
 available. If the automatic installation fails, you can install it manually:
 ```bash
 sudo apt-get install xclip
@@ -176,8 +140,7 @@ sudo apt-get install xclip
 ## Quick Start
-After installing dependencies and activating your virtual environment, install
+After installing dependencies and activating your virtual environment, install the package in editable mode so the `seedpass` command is available:
 the package in editable mode so the `seedpass` command is available:
 ```bash
 python -m pip install -e .
@@ -211,8 +174,7 @@ seedpass list --filter totp
 # on an external drive.
 ```
-For additional command examples, see [docs/advanced_cli.md](docs/advanced_cli.md).
+For additional command examples, see [docs/advanced_cli.md](docs/advanced_cli.md). Details on the REST API can be found in [docs/api_reference.md](docs/api_reference.md).
 Details on the REST API can be found in [docs/api_reference.md](docs/api_reference.md).
 ### Vault JSON Layout
@@ -232,7 +194,6 @@ The encrypted index file `seedpass_entries_db.json.enc` begins with `schema_vers
 }
 ```
 ## Usage
 After successfully installing the dependencies, install the package with:
@@ -248,27 +209,32 @@ python src/main.py
 ```
 You can also use the new Typer-based CLI:
 ```bash
 seedpass --help
 ```
-If this command displays `usage: main.py` instead of the Typer help
+
-output, an old `seedpass` executable is still on your `PATH`. Remove it
+If this command displays `usage: main.py` instead of the Typer help output, an old `seedpass` executable is still on your `PATH`. Remove it with `pip uninstall seedpass` or delete the stale launcher and rerun:
-with `pip uninstall seedpass` or delete the stale launcher and rerun
+
-`python -m pip install -e .`.
+```bash
 python -m pip install -e .
 ```
 // 🔧 merged conflicting changes from codex/locate-command-usage-issue-in-seedpass vs beta
 You can confirm which executable will run with:
 ```bash
 which seedpass  # or 'where seedpass' on Windows
 ```
 For a full list of commands see [docs/advanced_cli.md](docs/advanced_cli.md). The REST API is described in [docs/api_reference.md](docs/api_reference.md).
 ### Running the Application
 1. **Start the Application:**
-    ```bash
+   ```bash
-    python src/main.py
+   python src/main.py
-    ```
+   ```
 2. **Follow the Prompts:**
@@ -278,18 +244,18 @@ For a full list of commands see [docs/advanced_cli.md](docs/advanced_cli.md). Th
   Example menu:
-    ```bash
+   ```bash
-    Select an option:
+   Select an option:
-    1. Add Entry
+   1. Add Entry
-    2. Retrieve Entry
+   2. Retrieve Entry
-    3. Search Entries
+   3. Search Entries
-    4. List Entries
+   4. List Entries
-    5. Modify an Existing Entry
+   5. Modify an Existing Entry
-    6. 2FA Codes
+   6. 2FA Codes
-    7. Settings
+   7. Settings
-    Enter your choice (1-7) or press Enter to exit:
+   Enter your choice (1-7) or press Enter to exit:
-    ```
+   ```
 When choosing **Add Entry**, you can now select from:
@@ -335,45 +301,40 @@ SeedPass supports storing more than just passwords and 2FA secrets. You can also
 - **SSH Key** – deterministically derive an Ed25519 key pair for servers or git hosting platforms.
 - **Seed Phrase** – store only the BIP-85 index and word count. The mnemonic is regenerated on demand.
 - **PGP Key** – derive an OpenPGP key pair from your master seed.
- **Nostr Key Pair** – store the index used to derive an `npub`/`nsec` pair for Nostr clients.
+- **Nostr Key Pair** – store the index used to derive an `npub`/`nsec` pair for Nostr clients. When you retrieve one of these entries, SeedPass can display QR codes for the keys. The `npub` is wrapped in the `nostr:` URI scheme so any client can scan it, while the `nsec` QR is shown only after a security warning.
  When you retrieve one of these entries, SeedPass can display QR codes for the
  keys. The `npub` is wrapped in the `nostr:` URI scheme so any client can scan
  it, while the `nsec` QR is shown only after a security warning.
 - **Key/Value** – store a simple key and value for miscellaneous secrets or configuration data.
 - **Managed Account** – derive a child seed under the current profile. Loading a managed account switches to a nested profile and the header shows `<parent_fp> > Managed Account > <child_fp>`. Press Enter on the main menu to return to the parent profile.
-The table below summarizes the extra fields stored for each entry type. Every
+The table below summarizes the extra fields stored for each entry type. Every entry includes a `label`, while only password entries track a `url`.
 entry includes a `label`, while only password entries track a `url`.
 | Entry Type    | Extra Fields |
 |---------------|---------------------------------------------------------------------------------------------------------------------------------------|
 | Password      | `username`, `url`, `length`, `archived`, optional `notes`, optional `custom_fields` (may include hidden fields), optional `tags` |
 | 2FA (TOTP)    | `index` or `secret`, `period`, `digits`, `archived`, optional `notes`, optional `tags` |
 | SSH Key       | `index`, `archived`, optional `notes`, optional `tags` |
 | Seed Phrase   | `index`, `word_count` *(mnemonic regenerated; never stored)*, `archived`, optional `notes`, optional `tags` |
 | PGP Key       | `index`, `key_type`, `archived`, optional `user_id`, optional `notes`, optional `tags` |
 | Nostr Key Pair| `index`, `archived`, optional `notes`, optional `tags` |
 | Key/Value     | `value`, `archived`, optional `notes`, optional `custom_fields`, optional `tags` |
 | Managed Account | `index`, `word_count`, `fingerprint`, `archived`, optional `notes`, optional `tags` |
 | Entry Type      | Extra Fields                                                                                                                                         |
 |-----------------|-------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Password        | `username`, `url`, `length`, `archived`, optional `notes`, optional `custom_fields` (may include hidden fields), optional `tags`                       |
 | 2FA (TOTP)      | `index` or `secret`, `period`, `digits`, `archived`, optional `notes`, optional `tags`                                                                 |
 | SSH Key         | `index`, `archived`, optional `notes`, optional `tags`                                                                                                |
 | Seed Phrase     | `index`, `word_count` *(mnemonic regenerated; never stored)*, `archived`, optional `notes`, optional `tags`                                            |
 | PGP Key         | `index`, `key_type`, `archived`, optional `user_id`, optional `notes`, optional `tags`                                                                 |
 | Nostr Key Pair  | `index`, `archived`, optional `notes`, optional `tags`                                                                                                |
 | Key/Value       | `value`, `archived`, optional `notes`, optional `custom_fields`, optional `tags`                                                                       |
 | Managed Account | `index`, `word_count`, `fingerprint`, `archived`, optional `notes`, optional `tags`                                                                   |
 ### Managing Multiple Seeds
 SeedPass allows you to manage multiple seed profiles (previously referred to as "fingerprints"). Each seed profile has its own parent seed and associated data, enabling you to compartmentalize your passwords.
 - **Add a New Seed Profile:**
-  - From the main menu, select **Settings** then **Profiles** and choose "Add a New Seed Profile".
+  1. From the main menu, select **Settings** then **Profiles** and choose "Add a New Seed Profile".
-  - Choose to enter an existing seed or generate a new one.
+  2. Choose to enter an existing seed or generate a new one.
-  - If generating a new seed, you'll be provided with a 12-word BIP-85 seed phrase. **Ensure you write this down and store it securely.**
+  3. If generating a new seed, you'll be provided with a 12-word BIP-85 seed phrase. **Ensure you write this down and store it securely.**
 - **Switch Between Seed Profiles:**
-  - From the **Profiles** menu, select "Switch Seed Profile".
+  1. From the **Profiles** menu, select "Switch Seed Profile".
-  - You'll see a list of available seed profiles.
+  2. You'll see a list of available seed profiles.
-  - Enter the number corresponding to the seed profile you wish to switch to.
+  3. Enter the number corresponding to the seed profile you wish to switch to.
-  - Enter the master password associated with that seed profile.
+  4. Enter the master password associated with that seed profile.
- **List All Seed Profiles:**
+- **List All Seed Profiles:**  
-  - In the **Profiles** menu, choose "List All Seed Profiles" to view all existing profiles.
+  In the **Profiles** menu, choose "List All Seed Profiles" to view all existing profiles.
 **Note:** The term "seed profile" is used to represent different sets of seeds you can manage within SeedPass. This provides an intuitive way to handle multiple identities or sets of passwords.
@@ -402,29 +363,24 @@ You can manage your relays and sync with Nostr from the **Settings** menu:
 Back in the Settings menu you can:
-* Select `3` to change your master password.
+- Select `3` to change your master password.
-* Choose `4` to verify the script checksum.
+- Choose `4` to verify the script checksum.
-* Select `5` to generate a new script checksum.
+- Select `5` to generate a new script checksum.
-* Choose `6` to back up the parent seed.
+- Choose `6` to back up the parent seed.
-* Select `7` to export the database to an encrypted file.
+- Select `7` to export the database to an encrypted file.
-* Choose `8` to import a database from a backup file.
+- Choose `8` to import a database from a backup file.
-* Select `9` to export all 2FA codes.
+- Select `9` to export all 2FA codes.
-* Choose `10` to set an additional backup location. A backup is created
+- Choose `10` to set an additional backup location. A backup is created immediately after the directory is configured.
-  immediately after the directory is configured.
+- Select `11` to change the inactivity timeout.
-* Select `11` to change the inactivity timeout.
+- Choose `12` to lock the vault and require re-entry of your password.
-* Choose `12` to lock the vault and require re-entry of your password.
+- Select `13` to view seed profile stats. The summary lists counts for passwords, TOTP codes, SSH keys, seed phrases, and PGP keys. It also shows whether both the encrypted database and the script itself pass checksum validation.
-* Select `13` to view seed profile stats. The summary lists counts for
+- Choose `14` to toggle Secret Mode and set the clipboard clear delay.
-  passwords, TOTP codes, SSH keys, seed phrases, and PGP keys. It also shows
+- Select `15` to return to the main menu.
  whether both the encrypted database and the script itself pass checksum
  validation.
 * Choose `14` to toggle Secret Mode and set the clipboard clear delay.
 * Select `15` to return to the main menu.
 ## Running Tests
 SeedPass includes a small suite of unit tests located under `src/tests`. **Before running `pytest`, be sure to install the test requirements.** Activate your virtual environment and run `pip install -r src/requirements.txt` to ensure all testing dependencies are available. Then run the tests with **pytest**. Use `-vv` to see INFO-level log messages from each passing test:
 ```bash
 pip install -r src/requirements.txt
 pytest -vv
@@ -432,10 +388,7 @@ pytest -vv
 ### Exploring Nostr Index Size Limits
-`test_nostr_index_size.py` demonstrates how SeedPass rotates snapshots after too many delta events.
+`test_nostr_index_size.py` demonstrates how SeedPass rotates snapshots after too many delta events. Each chunk is limited to 50 KB, so the test gradually grows the vault to observe when a new snapshot is triggered. Use the `NOSTR_TEST_DELAY` environment variable to control the delay between publishes when experimenting with large vaults.
 Each chunk is limited to 50 KB, so the test gradually grows the vault to observe
 when a new snapshot is triggered. Use the `NOSTR_TEST_DELAY` environment
 variable to control the delay between publishes when experimenting with large vaults.
 ```bash
 pytest -vv -s -n 0 src/tests/test_nostr_index_size.py --desktop --max-entries=1000
@@ -449,23 +402,17 @@ Use the helper script below to populate a profile with sample entries for testin
 python scripts/generate_test_profile.py --profile demo_profile --count 100
 ```
-The script now determines the fingerprint from the generated seed and stores the
+The script now determines the fingerprint from the generated seed and stores the vault under `~/.seedpass/<fingerprint>`. It also prints the fingerprint after creation and publishes the encrypted index to Nostr. Use that same seed phrase to load SeedPass. The app checks Nostr on startup and pulls any newer snapshot so your vault stays in sync across machines.
 vault under `~/.seedpass/<fingerprint>`. It also prints the fingerprint after
 creation and publishes the encrypted index to Nostr. Use that same seed phrase
 to load SeedPass. The app checks Nostr on startup and pulls any newer snapshot
 so your vault stays in sync across machines.
 ### Automatically Updating the Script Checksum
-SeedPass stores a SHA-256 checksum for the main program in `~/.seedpass/seedpass_script_checksum.txt`.
+SeedPass stores a SHA-256 checksum for the main program in `~/.seedpass/seedpass_script_checksum.txt`. To keep this value in sync with the source code, install the pre-push git hook:
 To keep this value in sync with the source code, install the pre‑push git hook:
 ```bash
 pre-commit install -t pre-push
 ```
-After running this command, every `git push` will execute `scripts/update_checksum.py`,
+After running this command, every `git push` will execute `scripts/update_checksum.py`, updating the checksum file automatically.
 updating the checksum file automatically.
 If the checksum file is missing, generate it manually:
@@ -493,7 +440,7 @@ Mutation testing is disabled in the GitHub workflow due to reliability issues an
 - **Revealing the Parent Seed:** The `vault reveal-parent-seed` command and `/api/v1/parent-seed` endpoint print your seed in plain text. Run them only in a secure environment.
 - **No PBKDF2 Salt Needed:** SeedPass deliberately omits an explicit PBKDF2 salt. Every password is derived from a unique 512-bit BIP-85 child seed, which already provides stronger per-password uniqueness than a conventional 128-bit salt.
 - **Checksum Verification:** Always verify the script's checksum to ensure its integrity and protect against unauthorized modifications.
- **Potential Bugs and Limitations:** Be aware that the software may contain bugs and lacks certain features. Snapshot chunks are capped at 50 KB and the client rotates snapshots after enough delta events accumulate. The security of memory management and logs has not been thoroughly evaluated and may pose risks of leaking sensitive information.
+- **Potential Bugs and Limitations:** Be aware that the software may contain bugs and lacks certain features. Snapshot chunks are capped at 50 KB and the client rotates snapshots after enough delta events accumulate. The security of memory management and logs has not been thoroughly evaluated and may pose risks of leaking sensitive information.
 - **Multiple Seeds Management:** While managing multiple seeds adds flexibility, it also increases the responsibility to secure each seed and its associated password.
 - **No PBKDF2 Salt Required:** SeedPass deliberately omits an explicit PBKDF2 salt. Every password is derived from a unique 512-bit BIP-85 child seed, which already provides stronger per-password uniqueness than a conventional 128-bit salt.
@@ -502,26 +449,19 @@ Mutation testing is disabled in the GitHub workflow due to reliability issues an
 Contributions are welcome! If you have suggestions for improvements, bug fixes, or new features, please follow these steps:
 1. **Fork the Repository:** Click the "Fork" button on the top right of the repository page.
-
+1. **Create a Branch:** Create a new branch for your feature or bugfix.
 2. **Create a Branch:** Create a new branch for your feature or bugfix.
   ```bash
   git checkout -b feature/YourFeatureName
   ```
-
+1. **Commit Your Changes:** Make your changes and commit them with clear messages.
 3. **Commit Your Changes:** Make your changes and commit them with clear messages.
   ```bash
   git commit -m "Add feature X"
   ```
-
+1. **Push to GitHub:** Push your changes to your forked repository.
 4. **Push to GitHub:** Push your changes to your forked repository.
   ```bash
   git push origin feature/YourFeatureName
   ```
-
+1. **Create a Pull Request:** Navigate to the original repository and create a pull request describing your changes.
 5. **Create a Pull Request:** Navigate to the original repository and create a pull request describing your changes.
 ## License
@@ -534,5 +474,4 @@ For any questions, suggestions, or support, please open an issue on the [GitHub
 ---
 *Stay secure and keep your passwords safe with SeedPass!*
-
+````
 ---