feat: Increase file size limit to 5MB

- Update validation from 750KB to 5MB
- Update UI messages and tooltips
- Update request size limit to 7MB

Author: teycir

app/admin/canary/page.tsx

@@ -1,8 +1,6 @@
 'use client';
 
 import { useState } from 'react';
-import { Card } from '@/components/ui/card';
-import { Button } from '@/components/ui/button';
 import { Shield, Calendar, AlertTriangle } from 'lucide-react';
 import { toast } from 'sonner';
 
@@ -40,7 +38,7 @@ export default function AdminCanaryPage() {
           <h1 className="text-3xl font-bold text-neon-green">WARRANT CANARY</h1>
         </div>
 
-        <Card className="p-6 mb-6">
+        <div className="cyber-card p-6 mb-6">
           <h2 className="text-xl font-bold text-neon-green mb-4">Monthly Update</h2>
 
           <div className="space-y-4 mb-6">
@@ -76,16 +74,20 @@ export default function AdminCanaryPage() {
             </div>
           </div>
 
-          <Button onClick={updateCanary} disabled={updating} className="w-full">
+          <button
+            onClick={updateCanary}
+            disabled={updating}
+            className="cyber-button w-full"
+          >
             {updating ? 'UPDATING...' : 'UPDATE CANARY'}
-          </Button>
-        </Card>
+          </button>
+        </div>
 
-        <Card className="p-6">
-          <a href="/canary.txt" target="_blank" className="text-neon-green hover:underline">
+        <div className="cyber-card p-6">
+          <a href="/canary" target="_blank" className="text-neon-green hover:underline">
             View Current Canary →
           </a>
-        </Card>
+        </div>
       </div>
     </div>
   );

app/api/seal/[id]/route.ts

@@ -58,6 +58,8 @@ export async function GET(
           isLocked: true,
           unlockTime: metadata.unlockTime,
           timeRemaining: metadata.unlockTime - Date.now(),
+          isDMS: metadata.isDMS,
+          pulseToken: metadata.isDMS ? (await container.db.getSeal(sealId))?.pulseToken : undefined,
         });
       }
 
@@ -72,6 +74,7 @@ export async function GET(
         keyB: metadata.keyB,
         iv: metadata.iv,
         encryptedBlob: blobBase64,
+        isDMS: metadata.isDMS,
       });
     } finally {
       concurrentTracker.release(ip);

app/page.tsx

@@ -143,13 +143,13 @@ export default function HomePage() {
   const onDrop = useCallback((acceptedFiles: File[]) => {
     if (acceptedFiles?.length > 0) {
       const selectedFile = acceptedFiles[0];
-      const maxSize = 750 * 1024;
+      const maxSize = 5 * 1024 * 1024; // 5MB
       if (selectedFile.size > maxSize) {
-        toast.error(`File too large: ${formatFileSize(selectedFile.size)} (max 750KB)`);
+        toast.error(`File too large: ${formatFileSize(selectedFile.size)} (max 5MB)`);
         return;
       }
       if (selectedFile.size > maxSize * 0.9) {
-        toast.warning(`File size: ${formatFileSize(selectedFile.size)} (approaching 750KB limit)`);
+        toast.warning(`File size: ${formatFileSize(selectedFile.size)} (approaching 5MB limit)`);
       }
       setFile(selectedFile);
       setMessage('');
@@ -260,9 +260,9 @@ export default function HomePage() {
       return;
     }
 
-    // Validate message length (D1 limit: 750KB)
-    if (message.trim() && message.length > 750000) {
-      toast.error('Message too large (max 750KB)');
+    // Validate message length (D1 limit: 5MB)
+    if (message.trim() && message.length > 5000000) {
+      toast.error('Message too large (max 5MB)');
       const textarea = document.getElementById('message-input');
       if (textarea) {
         textarea.classList.add('input-error');
@@ -271,9 +271,9 @@ export default function HomePage() {
       return;
     }
 
-    // Validate file size (D1 limit: 750KB)
-    if (file && file.size > 750 * 1024) {
-      toast.error('File too large (max 750KB)');
+    // Validate file size (D1 limit: 5MB)
+    if (file && file.size > 5 * 1024 * 1024) {
+      toast.error('File too large (max 5MB)');
       return;
     }
 
@@ -635,7 +635,7 @@ export default function HomePage() {
                   {/* Text Area */}
                   <label htmlFor="message-input" className="block text-sm mb-2 text-neon-green/80 tooltip">
                     MESSAGE OR FILE
-                    <span className="tooltip-text">Enter text message or upload a file (max 750KB). Only one can be used at a time.</span>
+                    <span className="tooltip-text">Enter text message or upload a file (max 5MB). Only one can be used at a time.</span>
                   </label>
                   <textarea
                     id="message-input"
@@ -685,7 +685,7 @@ export default function HomePage() {
                             <p className="text-xs text-neon-green/40">OR CLICK TO SELECT</p>
                             <div className="flex items-center justify-center gap-1 mt-2">
                               <AlertTriangle className="w-3 h-3 text-neon-green/30" />
-                              <p className="text-xs text-neon-green/30">Max size: 750KB</p>
+                              <p className="text-xs text-neon-green/30">Max size: 5MB</p>
                             </div>
                           </>
                         )}

app/pulse/[token]/page.tsx

@@ -208,18 +208,18 @@ function PulsePageClient() {
   }
 
   return (
-    <div className="min-h-screen flex items-center justify-center p-4 relative w-full overflow-hidden">
+    <div className="min-h-screen flex items-center justify-center p-4 relative w-full overflow-x-hidden pb-20">
       <BackgroundBeams className="absolute top-0 left-0 w-full h-full z-0" />
       <div className="max-w-md w-full relative z-10 text-center">
-        <Heart className={`w-16 h-16 mx-auto mb-4 ${isUrgent ? 'text-red-500 animate-pulse' : 'text-neon-green'}`} />
-        <h1 className="text-2xl sm:text-3xl font-bold glow-text mb-6 px-2">
+        <Heart className={`w-12 h-12 mx-auto mb-3 ${isUrgent ? 'text-red-500 animate-pulse' : 'text-neon-green'}`} />
+        <h1 className="text-2xl sm:text-3xl font-bold glow-text mb-4 px-2">
           <DecryptedText text="DEAD MAN'S SWITCH" animateOn="view" className="text-neon-green" />
         </h1>
 
         {timeRemaining > 0 && (
-          <Card className={`mb-8 ${isUrgent ? 'border-red-500/50 shadow-[0_0_20px_rgba(255,0,0,0.2)]' : ''}`}>
+          <Card className={`mb-6 p-4 ${isUrgent ? 'border-red-500/50 shadow-[0_0_20px_rgba(255,0,0,0.2)]' : ''}`}>
             <p className="text-xs text-neon-green/50 mb-2 uppercase tracking-widest">TIME UNTIL AUTO-UNLOCK</p>
-            <div className={`text-3xl sm:text-4xl md:text-5xl font-mono mb-2 ${isUrgent ? 'text-red-500 pulse-glow' : 'text-neon-green pulse-glow'}`}>
+            <div className={`text-3xl sm:text-4xl font-mono mb-2 ${isUrgent ? 'text-red-500 pulse-glow' : 'text-neon-green pulse-glow'}`}>
               {formatTimeShort(timeRemaining)}
             </div>
             {isUrgent && (
@@ -231,27 +231,29 @@ function PulsePageClient() {
           </Card>
         )}
 
-        <p className="text-neon-green/70 mb-8 text-sm">
+        <p className="text-neon-green/70 mb-6 text-sm px-4">
           Click below to confirm you are active and reset the countdown timer.
         </p>
 
-        <Button
-          onClick={handlePulse}
-          disabled={isPulsing}
-          className="w-full text-xl py-6 mb-4 shadow-[0_0_20px_rgba(0,255,65,0.3)] hover:shadow-[0_0_40px_rgba(0,255,65,0.5)] flex items-center justify-center gap-2"
-        >
-          <Heart className="w-5 h-5" />
-          {isPulsing ? 'PULSING...' : 'SEND PULSE'}
-        </Button>
+        <div className="space-y-3">
+          <Button
+            onClick={handlePulse}
+            disabled={isPulsing}
+            className="w-full text-lg py-4 shadow-[0_0_20px_rgba(0,255,65,0.3)] hover:shadow-[0_0_40px_rgba(0,255,65,0.5)] flex items-center justify-center gap-2"
+          >
+            <Heart className="w-5 h-5" />
+            {isPulsing ? 'PULSING...' : 'SEND PULSE'}
+          </Button>
 
-        <Button
-          onClick={() => setShowBurnConfirm(true)}
-          variant="danger"
-          className="w-full text-sm opacity-80 hover:opacity-100 flex items-center justify-center gap-2"
-        >
-          <Flame className="w-4 h-4" />
-          BURN SEAL (PERMANENT)
-        </Button>
+          <Button
+            onClick={() => setShowBurnConfirm(true)}
+            variant="danger"
+            className="w-full text-sm opacity-80 hover:opacity-100 flex items-center justify-center gap-2"
+          >
+            <Flame className="w-4 h-4" />
+            BURN SEAL (PERMANENT)
+          </Button>
+        </div>
 
         {error && <ErrorMessage message={error} />}
       </div>

app/v/[id]/page.tsx

@@ -17,6 +17,8 @@ interface SealStatus {
   timeRemaining?: number;
   keyB?: string;
   iv?: string;
+  isDMS?: boolean;
+  pulseToken?: string;
 }
 
 export default function VaultPage({ params }: { params: { id: string } }) {
@@ -257,7 +259,7 @@ function VaultPageClient({ id }: { id: string }) {
 
   // Locked state with countdown
   return (
-    <div className="min-h-screen flex items-center justify-center p-4 relative w-full overflow-hidden">
+    <div className="min-h-screen flex items-center justify-center p-4 relative w-full overflow-x-hidden pb-20">
       <BackgroundBeams className="absolute top-0 left-0 w-full h-full z-0" />
       <div className="max-w-md w-full text-center relative z-10">
         <motion.div
@@ -269,30 +271,46 @@ function VaultPageClient({ id }: { id: string }) {
             repeat: Infinity,
             repeatType: "reverse"
           }}
-          className="mb-6 flex justify-center"
+          className="mb-4 flex justify-center"
         >
-          <Lock className="w-16 h-16 text-neon-green" />
+          <Lock className="w-12 h-12 text-neon-green" />
         </motion.div>
 
-        <h1 className="text-3xl sm:text-4xl font-bold glow-text mb-3 px-2">
-          <DecryptedText text="VAULT SEALED" animateOn="view" className="text-neon-green" />
+        <h1 className="text-2xl sm:text-3xl font-bold glow-text mb-3 px-2">
+          <DecryptedText text={status.isDMS ? "DEAD MAN'S SWITCH ACTIVE" : "VAULT SEALED"} animateOn="view" className="text-neon-green" />
         </h1>
-        <p className="text-neon-green/70 mb-6 text-sm sm:text-base px-4">
-          This message is cryptographically locked until:
+        
+        {status.isDMS && status.pulseToken && (
+          <div className="mb-4 p-3 bg-yellow-500/10 border border-yellow-500/30 rounded-lg">
+            <p className="text-yellow-500 text-sm font-bold mb-2">⚠️ PULSE REQUIRED</p>
+            <p className="text-yellow-400/80 text-xs mb-3">
+              This seal will auto-unlock if not pulsed. Click below to keep it locked.
+            </p>
+            <a
+              href={`/pulse/${status.pulseToken}`}
+              className="cyber-button inline-flex items-center justify-center gap-2 bg-yellow-500/20 hover:bg-yellow-500/30 border-yellow-500/50 text-yellow-500 w-full text-sm"
+            >
+              SEND PULSE NOW →
+            </a>
+          </div>
+        )}
+        
+        <p className="text-neon-green/70 mb-4 text-sm px-4">
+          {status.isDMS ? 'Will auto-unlock if pulse not received by:' : 'This message is cryptographically locked until:'}
         </p>
 
-        <Card className="p-4 sm:p-6 mb-6 border-neon-green/40 shadow-[0_0_30px_rgba(0,255,65,0.1)]">
-          <div className="text-base sm:text-lg md:text-xl font-bold mb-4 text-neon-green/80 uppercase tracking-widest border-b border-neon-green/20 pb-2">
+        <Card className="p-4 mb-4 border-neon-green/40 shadow-[0_0_30px_rgba(0,255,65,0.1)]">
+          <div className="text-sm font-bold mb-3 text-neon-green/80 uppercase tracking-widest border-b border-neon-green/20 pb-2">
             Protocol Unlock Time
           </div>
-          <div className="text-lg sm:text-xl md:text-2xl font-bold mb-6 text-white font-mono break-words">
+          <div className="text-lg sm:text-xl font-bold mb-4 text-white font-mono break-words">
             {new Date(status.unlockTime).toLocaleString()}
           </div>
 
-          <div className="text-xs text-neon-green/50 mb-2 uppercase tracking-abovet">Time Remaining</div>
+          <div className="text-xs text-neon-green/50 mb-2 uppercase tracking-widest">Time Remaining</div>
           {timeLeft > 0 ? (
             <>
-              <div className="text-2xl sm:text-3xl md:text-4xl font-mono pulse-glow text-neon-green tabular-nums mb-4">
+              <div className="text-2xl sm:text-3xl font-mono pulse-glow text-neon-green tabular-nums mb-3">
                 <DecryptedText
                   text={formatTimeLeft(timeLeft)}
                   speed={0}
@@ -316,16 +334,16 @@ function VaultPageClient({ id }: { id: string }) {
           )}
         </Card>
 
-        <div className="space-y-4">
+        <div className="space-y-3">
           <button
             onClick={copyVaultLink}
-            className="cyber-button inline-flex items-center justify-center gap-2 bg-neon-green/10 hover:bg-neon-green/20"
+            className="cyber-button inline-flex items-center justify-center gap-2 bg-neon-green/10 hover:bg-neon-green/20 w-full"
           >
             <Copy className="w-4 h-4" />
             COPY VAULT LINK
           </button>
 
-          <p className="text-xs text-neon-green/40 max-w-xs mx-auto leading-relaxed">
+          <p className="text-xs text-neon-green/40 max-w-xs mx-auto leading-relaxed px-2">
             <span className="block mb-1">SECURITY LEVEL: MAXIMUM</span>
             This vault uses split-key encryption and WORM storage.
             It cannot be opened early, even by the creator.
@@ -338,4 +356,4 @@ function VaultPageClient({ id }: { id: string }) {
       </div>
     </div>
   );
-}
+}

docs/INNOVATION-ANALYSIS.md

@@ -0,0 +1,91 @@
+# Innovation Analysis: What's Worth Building?
+
+## TL;DR
+
+**Build Now:** Post-Quantum Cryptography (PQC)  
+**Maybe Later:** Decentralized Storage  
+**Skip:** SSI and ZKPs (wrong problems)
+
+## Quick Evaluation
+
+### 1. Self-Sovereign Identity (SSI) 🔴 SKIP
+
+**Problem it solves:** Lost vault links  
+**Why skip:**
+- Breaks "anyone with link = access" model (kills whistleblower use case)
+- Adds authentication layer (contradicts zero-trust design)
+- Requires wallet (huge UX barrier)
+- Massive complexity for small benefit
+
+**Better solution:** Optional password-encrypted link backup in localStorage
+
+### 2. Zero-Knowledge Proofs (ZKPs) 🟡 SKIP (FOR NOW)
+
+**Problem it solves:** Key A visible in URL  
+**Why skip:**
+- Key A already never sent to server (problem doesn't exist)
+- 1-5 second proof generation = terrible UX
+- Still need to distribute Key A somehow (defeats purpose)
+- You already have memory obfuscation (v0.6.0)
+
+**When to revisit:** If ZK tech gets 100x faster (2027+)
+
+### 3. Post-Quantum Cryptography (PQC) 🟢 BUILD THIS
+
+**Problem it solves:** Quantum computers will break AES-256 (2030-2035)  
+**Why build:**
+- Seals can be locked for decades (quantum threat is real)
+- NIST-approved algorithms ready now (CRYSTALS-Kyber)
+- Only 5x slower, +50KB bundle (acceptable)
+- Huge marketing value ("quantum-resistant vaults")
+
+**Implementation:**
+```typescript
+// Hybrid mode: AES + Kyber
+import { kyber1024 } from '@noble/post-quantum/kyber';
+
+// 1. Encrypt with AES (fast)
+const aesEncrypted = await aesEncrypt(data, aesKey);
+
+// 2. Protect AES key with Kyber (quantum-safe)
+const { ciphertext, sharedSecret } = kyber1024.encapsulate(publicKey);
+const protectedKey = xor(aesKey, sharedSecret);
+```
+
+**Timeline:** 2-3 months to production
+
+### 4. Decentralized Storage + MPC 🟡 MAYBE LATER
+
+**Problem it solves:** Cloudflare single point of failure  
+**Why wait:**
+- 10x slower (500ms vs 50ms)
+- 100x more expensive ($500/mo vs $5/mo)
+- Massive operational complexity (5 servers, consensus, Byzantine failures)
+- IPFS is slow (2-5 seconds per fetch)
+
+**When to build:** 
+- Enterprise tier (customers pay for censorship resistance)
+- Self-hosting guide (let others run MPC networks)
+- 2026+ when you have revenue to support infrastructure
+
+## What to Build
+
+**Now (Q1 2025):** Post-Quantum Cryptography
+- 2-3 months effort
+- Use `@noble/post-quantum/kyber`
+- Hybrid mode (AES + Kyber)
+- Huge marketing win
+
+**Later (2026+):** MPC for enterprise tier
+- Only if you have paying customers
+- Document self-hosting approach
+- Let others run their own networks
+
+**Never:** SSI and ZKPs
+- Wrong problems
+- Too much complexity
+- Conflicts with design
+
+---
+
+**Bottom line:** Build PQC. Skip the rest.