@clareifi.com it makes debugging harder.
What shipped:
→ Supabase auth (email + password)
→ Salt stored server-side, key derived client-side
→ New device fetches salt, derives correct key, decrypts notes
→ Tested: Chrome, Brave, Vivaldi, Samsung Internet — all working