Storm Log

Full accessibility audit across the entire codebase: screen reader support, keyboard navigation, and visual contrast. The kind of review that finds the things sighted, mouse-using developers never notice. v1.2.0Accessibility audit
783973a · Mar 14, 2026
Screen reader, keyboard, and visual fixes across 12 files

Screen reader users now get feedback when a password is generated (“New password generated. Strength: Excellent.”) without the password itself being read aloud. The strength bar gained a progressbar role. Broken ARIA associations on the mode tabs were fixed. Decorative SVGs no longer pollute the accessibility tree.

Keyboard users got a skip-to-content link on every page. The dimmed service selector in PIN and passphrase modes is now fully inert — no more tabbing through 60+ disabled buttons. v1.2.0Keyboard navigation
783973a · Mar 14, 2026
Skip link, inert dimmed selector, tab panel ARIA fixes

The “Weak” and “Fair” strength colors were effectively invisible — 1.4:1 and 2.1:1 contrast on a dark background. Now warm red and amber, well above the 4.5:1 WCAG AA threshold. Added prefers-reduced-motion support: all animations and the scramble effect are suppressed for users who request it. v1.2.0Visual accessibility
783973a · Mar 14, 2026
Strength colors, reduced motion, contrast fixes

Refined copy and branding across the app. Consolidated the overlapping “What it doesn’t do” and “Privacy” sections on the about page into a single definitive list. Rewrote the Storm Log intro and tightened the footer trust line. The FAQ generator now respects service password limits — it no longer suggests “use at least 16 characters” for services that cap at 12. v1.2.0Voice and SEO refinements
3bd7206 0069ecc · Mar 14, 2026
FAQ fix, ItemList schema, about page consolidation, footer

Added ItemList structured data to the rules index for sitelinks potential. Improved accessibility labels on the rules search input. The footer navigation now reads “Boltkey · Password Rules · About” — the Storm Log moved to a dedicated callout on the about page, matching the changelog pattern across Rendered apps.

A tester generated a 20-character password and saw “Would take 270 quintillion years to crack.” Then cranked the length to 100 and got “Longer than the universe.” The universe is about 14 billion years old. 270 quintillion is already far beyond that. The crack-time scale was going backwards at the top. v1.1.0Strength narrative overhaul
3158537 · Mar 13, 2026
Universe-relative scale, PIN lockout, copy review

Rewrote the entire crack-time scale. Beyond a billion years, it now compares to the age of the universe: “4x the age of the universe,” “145x,” “20 billion times.” The progression always goes up. Extreme lengths cap at “Unfathomably long” instead of a wall of digits on mobile. Fixed singular/plural (“1 second,” not “1 seconds”). v1.1.0Crack-time scale fix
3158537 c4d9a99 · Mar 13, 2026
Universe-relative comparison, singular/plural, overflow cap

That bug triggered a full copy review across every piece of text in the app. 26 issues across 9 files: the “Entropy” label was alienating (now “Randomness”), the PIN Details panel contradicted the strength bar, a bolt note overstated entropy by 3 bits, the Enigma fact cited an indefensible number, and the footer said “None leave” about passwords that are explicitly designed to leave via clipboard. v1.1.0Copy review + factual fixes
3158537 · Mar 13, 2026
26 fixes across 9 files

Every fix makes the app more trustworthy to someone who reads carefully.

Boltkey has known the password rules for 60+ services since day one. All of that data was locked inside client-side JavaScript, invisible to search engines. Someone searching “Chase password requirements” would never find it. v1.1.0SEO rules pages
cdb238e · Mar 13, 2026
66 server-rendered pages, FAQPage schema, sitemap

Extracted all service presets into a shared JSON file, built a server-side module to generate meta descriptions and FAQ content, and added /rules (categorized index with search) and /rules/:service (detail pages with requirements grid, auto-generated prose, FAQ accordion, and a CTA that deep-links into the generator with ?preset=chase). v1.1.0Rules routes + templates
cdb238e · Mar 13, 2026
/rules index with search, /rules/:service detail pages, ?preset= deep-links

Every service page has FAQPage and BreadcrumbList JSON-LD for rich results. The sitemap grew from 3 to 70 URLs. Client-side presets migrated from 390 lines of hardcoded JavaScript to an async fetch from the same JSON the server reads — one source of truth. v1.1.0Structured data + single source of truth
cdb238e · Mar 13, 2026
FAQPage + BreadcrumbList JSON-LD, sitemap 3→70, async preset fetch

66 pages that search engines can now crawl, each answering a question someone is already typing into Google.

Boltkey is v1.0. A privacy-first password generator that knows the actual password rules for 60+ services, runs entirely in your browser, and never sends a byte. Three generation modes, real entropy from the Web Crypto API, rejection sampling to eliminate bias, auto-obscure after 30 seconds, and a storm-themed interface built to make the mundane feel electric. v1.0.0v1.0 release
2fe2750 · Mar 3, 2026
60+ presets, 3 modes, PWA, CSP, HSTS, zero tracking

Also in the final push: fixed the install button visibility bug (CSS display was overriding the hidden attribute), and capped crack-time display so a 110-character password doesn’t produce a wall of digits on mobile.

Boltkey is a PWA, but nobody clicks that tiny browser install icon. Added a visible “Install Boltkey” button that appears on Chrome, Edge, and Android when the app is installable. One tap and it’s on your home screen or dock. The button stays hidden on browsers that don’t support it — no broken UI, no fallback needed. v0.5.4PWA install button
a52f0a9 · Mar 3, 2026
beforeinstallprompt, hidden by default, accent CTA

Also in this round: branded OG card for the Storm Log page, HSTS header, shorter OG description, smoother hero crossfade, and the basic auth gate came down. Boltkey is public.

Added a share button to every page. On mobile it opens the native share sheet; on desktop it copies the link to your clipboard. Rewired the share logic to work cleanly with our security headers. v0.5.3Share button
7df381f · Mar 3, 2026
Web Share API → clipboard → prompt fallback

Designed an OG brand card for social sharing — the storm background behind the logo, service name pills (Google, Apple, Chase, Instagram, Netflix), and the “Knows the password rules for” headline. Home, about, and log pages all have share card images now. v0.5.3OG share cards
7df381f · Mar 3, 2026
1200×630 PNG, storm bg, service pills

Added llms.txt for LLM crawlers. Switched the favicon to the blue bolt on dark plate. Cleaned up the back links on log and about pages to just say “Boltkey”. Bumped dateline contrast on the Storm Log so dates are actually readable.

The hero now cycles through service names — Google, Chase, Spotify, Airbnb — on a dedicated line beneath “Knows the rules for.” Each name fades up in accent color, holding for a beat before the next one takes its place. Dropping the name to its own line eliminated the horizontal bounce that came from names being different lengths. v0.5.2Cycling hero names
6f07f88 · Mar 3, 2026
Dedicated line, min-height, fade-up transition

Added legal coverage proportionate to an indie app that references 60+ trademarked service names. The about page now has a Privacy section (short version: there are no data practices to disclose), an accuracy disclaimer on service presets, a trademark notice, and a fine-print section with warranty and liability language. A one-liner in the footer covers every page. v0.5.2Legal coverage
6f07f88 · Mar 3, 2026
Privacy, trademark, warranty, liability sections

Copy audit across the whole app. Trimmed the dictation alphabets from five to three (NATO, Spy, Mythology). Simplified about page headings. Cleaned up bolt notes. Fixed the passphrase tip for three-word phrases.

The password field is the whole point of the app, so it should look like it. Darkened the field to near-black so the colored characters pop against it — blue for uppercase, silver for lowercase, sky for digits, violet for symbols. Three distinct layers now: dark field, frosted panel, storm background. v0.5.0Password field contrast
260a4a1 · Mar 3, 2026
Near-black field bg, stronger inset shadow

The sticky output panel got a frosted glass treatment — backdrop blur, rounded corners, subtle blue-tinted border. Content scrolls cleanly behind it. The trust line (“Works offline · Nothing stored · Nothing sent”) moved inside the panel so it stays visible while you scroll. v0.5.0Frosted sticky panel
260a4a1 · Mar 3, 2026
backdrop-filter blur, trust line in sticky

When a password obscures after 30 seconds, a proper “Reveal” button with an eye icon now appears over the blur — clear and clickable, not a faint pseudo-element that was itself blurred. Clicking it reveals the password and starts a silent 30-second timer before re-obscuring. The Copy button stays honest: it only says “Copied” when you actually copied. v0.5.0Reveal overlay + timer
260a4a1 · Mar 3, 2026
Real button outside blur, silent re-obscure timer

Added a “Reset to defaults” button at the bottom of the Fine-tune drawer. After someone’s been sliding and toggling everything, one tap brings it all back to sane defaults for the current service preset.

Boltkey now ships with password rules for over 60 services — Google, Apple, Chase, Instagram, Amazon, Netflix, GitHub, and dozens more. Each preset knows the minimum and maximum length, which character types are required, and which symbols are actually allowed. No more guessing. v0.5.060+ service presets
260a4a1 · Mar 2, 2026
Real password rules for banks, social, streaming, dev tools

The hero messaging got honest. “The only password generator that knows every service’s rules” was an overclaim — user testing caught it immediately. Now it says what it means: “Knows the password rules for Google, Chase, Instagram, and 60 more.” Specific, credible, verifiable.

Crack time display now uses comma-delimited numbers. “269,757,077 trillion years” reads better than a wall of digits. v0.5.0Comma-delimited crack time
260a4a1 · Mar 2, 2026
toLocaleString() for thousand/million/billion/trillion

Complete visual pivot. The warm forge palette gave way to a cool storm identity — navy blues, electric accents, a watercolor lightning stormscape background. Fraunces replaced Source Serif 4 as the display font. The whole thing feels like generating passwords during a thunderstorm, which is exactly the vibe. v0.5.0Storm identity
260a4a1 · Mar 1, 2026
Blue palette, Fraunces, stormscape bg, lightened UI

Passwords auto-obscure 30 seconds after copying. The Copy button shows a depleting ring countdown, then the display blurs. Privacy by default. v0.5.0Auto-obscure
260a4a1 · Mar 1, 2026
30s clipboard countdown, blur on expiry

First pass at the storm identity. Swapped the warm charcoal-brown palette for cool blue-black, added a DALL-E stormscape background, and rewrote all the themed content — strength narratives, security tips, rotating facts, about page. v0.4.0The Storm
87d79ca · Feb 28, 2026
Cool blue palette, stormscape bg, storm-themed content

Fixed iOS double-tap zoom on buttons and input focus zoom. Disabled elastic overscroll bounce on mobile. v0.4.0Mobile polish
758a065 798f694 · Feb 28, 2026
touch-action, font-size 16px, overscroll-behavior

Visual depth overhaul. Sticky output section, forged surface textures, atmospheric background. Scramble animation on generate, copy ring countdown, contextual security tips. v0.3.0The Forge
0abd009 · Feb 27, 2026
Warm charcoal-brown palette, amber accents, noise texture

Smart input replaced the service dropdown — type “gmail” and it fuzzy-matches to Google. Service tiles surfaced as a grid below the search. v0.3.0Smart input + tiles
abac09e · Feb 27, 2026
Fuzzy match, tile grid, easter eggs

Boltkey launched as a privacy-first password generator. Three modes (password, passphrase, PIN), Web Crypto API randomness, rejection sampling to eliminate modulo bias, PWA with offline support, and a strict Content Security Policy. Zero database, zero tracking, zero network requests after page load. v0.1.0Initial release
bceb791 · Feb 26, 2026
Core generator, PWA, CSP, Dockerfile