Claspt — Password Auto-Fill

Companion extension for the Claspt desktop password manager — auto-fills credentials on web pages from your local vault.

Claspt brings your encrypted vault to the browser. Auto-fill logins, generate strong passwords, recover passwords you forgot to save, and warn you about reused or weak passwords — all connected to your Claspt desktop app. YOUR VAULT, YOUR BROWSER Claspt is a local-first password manager. Your passwords stay encrypted on your device — never uploaded to any cloud. The browser extension connects to the Claspt desktop app running on your machine via a secure local API (loopback only — http://127.0.0.1). You will be asked once for permission to talk to your own computer. No browsing data is ever sent off your device. REQUIRES THE CLASPT DESKTOP APP The extension is a companion to the Claspt desktop app for macOS, Windows, and Linux. Download it from https://claspt.app — installation takes under 2 minutes. FEATURES ✏️ Manage credentials directly in the extension • Edit username, password, and any field inline in the popup — no dialog boxes • Add and remove custom fields — TOTP secret, URL, anything you want • Delete a credential with confirm. Empty pages are removed automatically • Rename label inline — focused input under the row, Save / Cancel • Move to folder with a dropdown of your existing vault folders, plus a "+ New" toggle to create a folder inline • Auto-detect password rotation: change your password on a site, and the save bar offers "Update password for {site}" — one click, non-destructive • Desktop wins on conflict: if the desktop has changed the credential since you opened it, the extension reverts and tells you. No silent overwrites. 🔑 Auto-Fill Credentials • Inline icon inside username, email, and password fields with a count badge of matching credentials • Single-line credential rows with local letter-initials avatars (no external favicon fetch) • Match-tier section headers — "Best match", "Same site", "Other matches" so you can see why each credential is being suggested • Smart matching by exact URL, hostname, or registrable domain • Multi-step login support (Google, Microsoft) — remembers email from step 1 ⚡ Smart Password Generator • Generate strong passwords directly in the browser, online or offline • Length slider from 8 to 64 characters • Configurable charset toggles plus exclude ambiguous (0O, 1lI) and exclude problematic (\\ ' " ` { } < >) • Max symbols cap (default 2) — no more "y0e{Cn!npeVtMV" symbol soup • Three modes (popup): Password, Passphrase (EFF wordlist), PIN • Right-click any field → Generate password into that field 🕒 Password History (recover what you forgot to save) • Generated passwords are remembered when you Copy or Use them • Per-login view in each credential row's expanded panel: last 3 generated passwords used on that site • Global view under Generator → History • Masked by default with eye-toggle reveal • Configurable retention (1 / 3 / 7 / 14 / 30 days, or never) — default 7 days • Stored locally on the device only ⚠️ Reused-Password Warning • Per-row badge on credentials sharing a password with another login • Banner above the credential list showing the total count • Hashing is done locally with the Web Crypto API — passwords never leave the device ⭐ Multi-Credential Workflow • Mark as primary — designate "this is the credential that works"; auto-fill prefers it • Mark as deprecated — soft-retire legacy credentials; dimmed and dropped from default lists • Pin to top — per-device pin, syncs between popup and inline picker • Notes per credential — small free-text field for "needs MFA app", "support contact", etc. • Per-item URL match policy — Base domain / Exact hostname / Exact URL / Never auto-fill • Folder-grouped headers in the inline picker when matches span 2+ vault folders 👤 Identity & Card Auto-Fill • Personal info, addresses, and credit cards stored in your vault under identities/ • Brand-aware card visuals (Visa, Mastercard, Amex, Discover, JCB, Diners, UnionPay, RuPay) • Smart classifier: items show under Credit Cards when their fields look card-like 🔐 TOTP / 2FA Support • Live 30-second TOTP code with circular timer in each credential's expanded view • One-click copy or auto-paste after password fill (toggleable) 🛡️ Security Built In • Closed shadow DOM for the inline picker — page CSS and scripts cannot reach inside • Refuses to render inside cross-origin iframes (clickjacking protection) • Phishing warnings — banner when the page domain doesn't match the saved credential URL • Iframe protection — block auto-fill inside iframes (toggleable) • Auto-lock after configurable idle time • Clipboard auto-clear (default 30 seconds, configurable) 📋 Right-Click Anywhere • Fill from Claspt — fills the current input with the best-matching credential • Generate password into this field — drops a strong password directly into the right-clicked field, using your saved generator preferences • Copy username / password for this site PRIVACY • Zero telemetry. The extension never reports usage, errors, or any data to any server. • Zero third-party calls. All requests go to http://127.0.0.1 (your own machine). • Zero analytics SDKs. None bundled. • Open and inspectable code. CROSS-PLATFORM Same JavaScript bundle on Windows, macOS, and Linux. Works in Chrome, Edge, Brave, and Firefox. LEARN MORE • Documentation: https://docs.claspt.app/guides/browser-extension • Connection troubleshooting: https://docs.claspt.app/reference/connection-troubleshooting • Desktop app: https://claspt.app