Hi HN, Bastion Enclave is an experiment in removing centralized trust from password management by eliminating server-side state entirely. Instead of storing an encrypted vault or syncing secrets through a backend, Bastion computes credentials deterministically on-the-fly using explicit cryptographic inputs. Given the same master entropy, service name, username, and version counter, the same password is reproduced across platforms. There is no account system, no database, and no persistent server storage — the server serves static code only. Password generation uses domain-separated salts and PBKDF2-HMAC-SHA512 (210k iterations) to produce a byte stream, followed by unbiased rejection sampling to avoid modulo bias when mapping to character sets. Nothing is stored; passwords are derived when needed and discarded immediately after use. When users choose to persist data locally (vault state, notes, file keys), encryption is handled separately using Argon2id (64 MB memory, 3 iterations) to derive a master key, followed by AES-256-GCM for authenticated encryption. All plaintext exists only in volatile memory; closing the tab tears down the runtime. Recovery and key escrow are handled via Shamir Secret Sharing over a large prime field (secp256k1 order) using a hybrid scheme: the secret is encrypted with a random session key, and only that key is split into shards. Invalid or mismatched shards fail cryptographically via AEAD tag verification. The security claim here is architectural, not policy-based: no stored vaults, no encrypted blobs on servers, no sync endpoints, and no recovery infrastructure to subpoena or breach. Attacking Bastion means attacking individual devices, not a centralized honeypot. This design intentionally trades convenience (sync, automated recovery) for reduced attack surface and deterministic guarantees. It assumes a trusted local execution environment and a strong master secret; it does not attempt to defend against a compromised OS or browser runtime. Live demo: https://bastion-enclave.vercel.app Spec / source / threat model: https://github.com/imkevinchasse/Bastion-Enclave-repo-V2 I’d appreciate critique of the threat model and whether this class of design meaningfully removes attack vectors inherent to cloud-based managers.