@athsra/cli 1.0.3 → 1.1.0

package/src/lib/mcp-tools/read.ts

@@ -9,6 +9,8 @@ import { loadAuthContext } from '../auth-context.ts';
 import { readPlain } from '../envelope.ts';
 import { applyManifest, loadManifest } from '../secrets-manifest.ts';
 import { pickWorker, readBoolean, readString } from './args.ts';
+import { requireConfirm } from './confirm.ts';
+import { maskValue } from './mask.ts';
 import { isAuthError, jsonError, jsonOk, notLoggedIn, type ToolTextResult } from './result.ts';
 
 /**
@@ -69,11 +71,12 @@ export async function handleGetProjectKeys(
 ): Promise<ToolTextResult> {
   const project = readString(args, 'project');
   if (!project) return jsonError('missing required arg: project');
+  const config = readString(args, 'config') ?? 'default';
   const ctx = await loadAuthContext();
   if (!ctx) {
     return notLoggedIn();
   }
-  const env = await readPlain(ctx, project);
+  const env = await readPlain(ctx, project, config);
   if (!env) {
     return jsonError(`envelope '${project}' not found`);
   }
@@ -84,6 +87,44 @@ export async function handleGetProjectKeys(
   return jsonOk({ project, keys, count: keys.length });
 }
 
+/**
+ * athsra_get_secret_value — value tier (ATHSRA_MCP_READ_VALUES). 기본 마스킹(maskValue:
+ * prefix+length+sha256, 역산 불가)으로 존재/형태/무결성만 확인. full=true 시 평문 — auth
+ * (네트워크·keyring) 전에 confirm=<project> 검증(조기 차단) + dispatch 의 value 게이트.
+ * 평문 노출 시 cross-server 경고 동반 — 호출측 agent 가 외부로 전송하지 않도록.
+ */
+export async function handleGetSecretValue(
+  args: Record<string, unknown> | undefined,
+): Promise<ToolTextResult> {
+  const project = readString(args, 'project');
+  const key = readString(args, 'key');
+  if (!project || !key) return jsonError('missing required args: project, key');
+  const config = readString(args, 'config') ?? 'default';
+  const full = readBoolean(args, 'full') ?? false;
+  if (full) {
+    const denied = requireConfirm(args, project);
+    if (denied) return denied;
+  }
+  const ctx = await loadAuthContext(project);
+  if (!ctx) return notLoggedIn();
+  const env = await readPlain(ctx, project, config);
+  if (!env) return jsonError(`envelope '${project}' not found`);
+  if (!(key in env)) return jsonError(`key '${key}' not found in '${project}'`);
+  const value = env[key] ?? '';
+  if (!full) {
+    return jsonOk(maskValue(key, value));
+  }
+  return jsonOk({
+    project,
+    key,
+    value,
+    _audit: 'reveal recorded server-side (envelope GET)',
+    warning:
+      'SECRET VALUE EXPOSED — do not paste into any outward tool (Slack/Gmail/email/web). ' +
+      'Store securely; never commit.',
+  });
+}
+
 export function handleShowManifest(args: Record<string, unknown> | undefined): ToolTextResult {
   const at = readString(args, 'cwd') ?? process.cwd();
   const worker = readString(args, 'worker');
@@ -154,3 +195,76 @@ export async function handleValidateManifest(
     },
   });
 }
+
+/** athsra_versions — project envelope 의 버전 이력 + tombstone (rollback 대상 식별). 메타만(값 X). */
+export async function handleVersions(
+  args: Record<string, unknown> | undefined,
+): Promise<ToolTextResult> {
+  const project = readString(args, 'project');
+  if (!project) return jsonError('missing required arg: project');
+  const config = readString(args, 'config') ?? 'default';
+  const ctx = await loadAuthContext(project);
+  if (!ctx) return notLoggedIn();
+  return jsonOk(await ctx.client.listVersions(project, config));
+}
+
+/** athsra_audit — audit 로그(cursor passthrough + 선택 필터). 메타만(actor/action/path/status, 값 X). */
+export async function handleAudit(
+  args: Record<string, unknown> | undefined,
+): Promise<ToolTextResult> {
+  const ctx = await loadAuthContext();
+  if (!ctx) return notLoggedIn();
+  return jsonOk(
+    await ctx.client.queryAudit({
+      cursor: readString(args, 'cursor'),
+      action: readString(args, 'action'),
+      actor: readString(args, 'actor'),
+    }),
+  );
+}
+
+/** athsra_list_orgs — 내가 속한 org 목록 + 현재 org. */
+export async function handleListOrgs(): Promise<ToolTextResult> {
+  const ctx = await loadAuthContext();
+  if (!ctx) return notLoggedIn();
+  return jsonOk(await ctx.client.listOrgs());
+}
+
+/** athsra_org_info — 현재 org 의 멤버 + org 목록(역할·상태). 시크릿 X. */
+export async function handleOrgInfo(): Promise<ToolTextResult> {
+  const ctx = await loadAuthContext();
+  if (!ctx) return notLoggedIn();
+  const [orgs, members] = await Promise.all([ctx.client.listOrgs(), ctx.client.listOrgMembers()]);
+  return jsonOk({
+    current_org_id: orgs.current_org_id,
+    orgs: orgs.orgs,
+    members: members.members,
+  });
+}
+
+/**
+ * athsra_doctor — 인증·세션 진단 (AI 가 막혔을 때 원인 자가 점검). 시크릿 미접근.
+ * --audit 전수복호 류 무거운 점검은 비포함 (read tier 경량 유지).
+ */
+export async function handleDoctor(): Promise<ToolTextResult> {
+  const checks: { name: string; ok: boolean; detail: string }[] = [];
+  const ctx = await loadAuthContext();
+  checks.push({
+    name: 'authenticated',
+    ok: ctx !== null,
+    detail: ctx ? `${ctx.kind} mode` : 'not logged in — run `athsra login`',
+  });
+  if (ctx) {
+    try {
+      const me = await ctx.client.whoami();
+      checks.push({ name: 'session', ok: true, detail: `user #${me.userId ?? '?'}` });
+    } catch (err) {
+      checks.push({
+        name: 'session',
+        ok: false,
+        detail: isAuthError(err) ? 'expired/idle — re-login' : (err as Error).message,
+      });
+    }
+  }
+  return jsonOk({ checks, healthy: checks.every((c) => c.ok) });
+}

package/src/lib/mcp-tools/result.ts

@@ -25,14 +25,14 @@ export function jsonError(message: string): ToolTextResult {
 }
 
 /**
- * 미인증 시 AI 가 곧바로 행동할 수 있는 안내. `athsra login --sso` 가 브라우저를 열어 modfolio
- * Connect 로 가입/로그인 → 토큰/master pw 를 OS keyring 에 저장한다. AI-온보딩의 인증 부트스트랩 신호.
+ * 미인증 시 AI 가 곧바로 행동할 수 있는 안내. 1순위 = in-chat 로그인 (athsra_login_start —
+ * 터미널 불필요, Phase 5 B5). 폴백 = 터미널 `athsra login` (browser 승인). AI-온보딩 부트스트랩 신호.
  */
 export function notLoggedIn(): ToolTextResult {
   return jsonError(
-    'not authenticated on this machine. Run `athsra login --sso` in a terminal — a browser opens ' +
-      'to sign up or log in (modfolio Connect SSO). Then retry this tool. ' +
-      '(headless/CI: set ATHSRA_TOKEN=ats_… service token instead.)',
+    'not authenticated on this machine. Call athsra_login_start to begin a browser login right ' +
+      'from chat — no terminal needed. (Alternative: run `athsra login` in a terminal.) ' +
+      'Then retry this tool. (headless/CI: set ATHSRA_TOKEN=ats_… service token instead.)',
   );
 }
 

package/src/lib/mcp-tools/run.ts

@@ -0,0 +1,101 @@
+/**
+ * mcp-tools/run.ts — athsra_run (value tier). envelope secret 을 자식 프로세스 env 로
+ * 주입해 명령 실행 — 값을 응답에 노출하지 않음(`athsra run` 의 MCP 등가). 출력 캡처 시
+ * 알려진 secret 값 scrub.
+ *
+ * 방어: allowlist(빌드/런타임 도구) 외 명령은 confirm=<project> 강제(deliberate-exec),
+ * stdin 차단, stdout/stderr pipe 캡처(MCP protocol stdout 오염 방지), timeout, secret scrub.
+ */
+import { spawn } from 'node:child_process';
+import { loadAuthContext } from '../auth-context.ts';
+import { buildChildEnv } from '../env-format.ts';
+import { readPlain } from '../envelope.ts';
+import { readBoolean, readInteger, readString, readStringArray } from './args.ts';
+import { requireConfirm } from './confirm.ts';
+import { scrubSecrets } from './mask.ts';
+import { jsonError, jsonOk, notLoggedIn, type ToolTextResult } from './result.ts';
+
+/** confirm 없이 실행 허용하는 빌드/런타임 도구 — 그 외는 deliberate-exec confirm=<project>. */
+const RUN_ALLOWLIST = new Set([
+  'bun',
+  'bunx',
+  'node',
+  'npm',
+  'npx',
+  'pnpm',
+  'yarn',
+  'wrangler',
+  'vite',
+  'tsx',
+]);
+
+const DEFAULT_TIMEOUT_MS = 120_000;
+const KILL_GRACE_MS = 2_000;
+const OUTPUT_CAP = 64 * 1024;
+
+export async function handleRun(
+  args: Record<string, unknown> | undefined,
+): Promise<ToolTextResult> {
+  const project = readString(args, 'project');
+  const command = readString(args, 'command');
+  if (!project || !command) return jsonError('missing required args: project, command');
+  const config = readString(args, 'config') ?? 'default';
+  const cmdArgs = readStringArray(args, 'args') ?? [];
+  const cwd = readString(args, 'cwd');
+  const returnOutput = readBoolean(args, 'return_output') ?? false;
+  const timeoutMs = readInteger(args, 'timeout_ms') ?? DEFAULT_TIMEOUT_MS;
+
+  // allowlist 외 명령은 auth(네트워크·keyring) 전에 confirm=<project> 강제 — 임의 실행 차단.
+  if (!RUN_ALLOWLIST.has(command)) {
+    const denied = requireConfirm(args, project);
+    if (denied) return denied;
+  }
+
+  const ctx = await loadAuthContext(project);
+  if (!ctx) return notLoggedIn();
+  const plain = await readPlain(ctx, project, config);
+  if (!plain) return jsonError(`envelope '${project}' not found`);
+
+  const { env, skipped } = buildChildEnv(process.env, plain);
+
+  return await new Promise<ToolTextResult>((resolve) => {
+    const child = spawn(command, cmdArgs, {
+      env,
+      cwd: cwd ?? process.cwd(),
+      stdio: ['ignore', 'pipe', 'pipe'], // stdin 차단, stdout/stderr 캡처
+    });
+    let stdout = '';
+    let stderr = '';
+    let timedOut = false;
+    const timer = setTimeout(() => {
+      timedOut = true;
+      child.kill('SIGTERM');
+      setTimeout(() => child.kill('SIGKILL'), KILL_GRACE_MS);
+    }, timeoutMs);
+    child.stdout?.on('data', (d: Buffer) => {
+      if (stdout.length < OUTPUT_CAP) stdout += d.toString('utf8');
+    });
+    child.stderr?.on('data', (d: Buffer) => {
+      if (stderr.length < OUTPUT_CAP) stderr += d.toString('utf8');
+    });
+    child.on('error', (err) => {
+      clearTimeout(timer);
+      resolve(jsonError(`spawn error: ${err.message}`));
+    });
+    child.on('close', (code) => {
+      clearTimeout(timer);
+      const base: Record<string, unknown> = {
+        project,
+        command,
+        exit_code: timedOut ? null : code,
+      };
+      if (timedOut) base.timed_out = timeoutMs;
+      if (skipped.length > 0) base.skipped_empty_keys = skipped;
+      if (returnOutput) {
+        base.stdout = scrubSecrets(stdout, plain);
+        base.stderr = scrubSecrets(stderr, plain);
+      }
+      resolve(jsonOk(base));
+    });
+  });
+}

package/src/lib/mcp-tools/write.ts

@@ -8,7 +8,8 @@ import { inferAdoptContext } from '../adopt-context.ts';
 import { loadAuthContext } from '../auth-context.ts';
 import { readPlain, writePlain } from '../envelope.ts';
 import { createManifest, loadManifest, saveManifest } from '../secrets-manifest.ts';
-import { pickWorker, readString, readStringArray } from './args.ts';
+import { pickWorker, readRecordOfStrings, readString, readStringArray } from './args.ts';
+import { requireConfirm } from './confirm.ts';
 import { jsonError, jsonOk, notLoggedIn, type ToolTextResult } from './result.ts';
 
 export async function handleSetSecret(
@@ -20,14 +21,15 @@ export async function handleSetSecret(
   if (!project || !key || value === undefined) {
     return jsonError('missing required args: project, key, value');
   }
+  const config = readString(args, 'config') ?? 'default';
   const ctx = await loadAuthContext();
   if (!ctx) return notLoggedIn();
   if (ctx.kind !== 'user') {
     return jsonError('service token cannot write — user token (master pw) required');
   }
-  const existing = (await readPlain(ctx, project)) ?? {};
+  const existing = (await readPlain(ctx, project, config)) ?? {};
   const updated: Record<string, string> = { ...existing, [key]: value };
-  await writePlain(ctx, project, updated);
+  await writePlain(ctx, project, updated, { config });
   // 보안: value 는 응답에 절대 포함 X — 키 이름만 confirm
   return jsonOk({ project, key, action: 'set', total_keys: Object.keys(updated).length });
 }
@@ -38,19 +40,20 @@ export async function handleUnsetSecret(
   const project = readString(args, 'project');
   const key = readString(args, 'key');
   if (!project || !key) return jsonError('missing required args: project, key');
+  const config = readString(args, 'config') ?? 'default';
   const ctx = await loadAuthContext();
   if (!ctx) return notLoggedIn();
   if (ctx.kind !== 'user') {
     return jsonError('service token cannot write — user token (master pw) required');
   }
-  const existing = await readPlain(ctx, project);
+  const existing = await readPlain(ctx, project, config);
   if (!existing) return jsonError(`envelope '${project}' not found`);
   if (!(key in existing)) {
     return jsonOk({ project, key, action: 'noop', reason: 'key not present' });
   }
   const updated: Record<string, string> = { ...existing };
   delete updated[key];
-  await writePlain(ctx, project, updated);
+  await writePlain(ctx, project, updated, { config });
   return jsonOk({ project, key, action: 'unset', total_keys: Object.keys(updated).length });
 }
 
@@ -125,3 +128,79 @@ export function handleManifestModify(args: Record<string, unknown> | undefined):
     return jsonError(`createManifest failed: ${(err as Error).message}`);
   }
 }
+
+/** 공통 — user(master pw) 컨텍스트 가드. service/identity 는 거부 (envelope 변경 불가). */
+function ensureUserCtx(
+  ctx: Awaited<ReturnType<typeof loadAuthContext>>,
+): ctx is Extract<NonNullable<Awaited<ReturnType<typeof loadAuthContext>>>, { kind: 'user' }> {
+  return ctx?.kind === 'user';
+}
+
+/** athsra_rollback — project 를 특정 version 으로 되돌림. confirm=project 필수(되돌리기 어려움). */
+export async function handleRollback(
+  args: Record<string, unknown> | undefined,
+): Promise<ToolTextResult> {
+  const project = readString(args, 'project');
+  const version = readString(args, 'version');
+  if (!project || !version) return jsonError('missing required args: project, version');
+  const config = readString(args, 'config') ?? 'default';
+  const denied = requireConfirm(args, project);
+  if (denied) return denied;
+  const ctx = await loadAuthContext();
+  if (!ctx) return notLoggedIn();
+  if (!ensureUserCtx(ctx)) return jsonError('rollback requires a user token (master pw)');
+  return jsonOk(await ctx.client.rollbackProject(project, version, config));
+}
+
+/** athsra_delete_project — soft delete (복구 가능). confirm=project 필수. hard delete 는 MCP 미노출. */
+export async function handleDeleteProject(
+  args: Record<string, unknown> | undefined,
+): Promise<ToolTextResult> {
+  const project = readString(args, 'project');
+  if (!project) return jsonError('missing required arg: project');
+  const config = readString(args, 'config') ?? 'default';
+  const denied = requireConfirm(args, project);
+  if (denied) return denied;
+  const ctx = await loadAuthContext();
+  if (!ctx) return notLoggedIn();
+  if (!ensureUserCtx(ctx)) return jsonError('delete requires a user token (master pw)');
+  return jsonOk(await ctx.client.deleteProject(project, { config }));
+}
+
+/** athsra_restore_project — soft-deleted project 복구. confirm 불요(비파괴 — 직전 상태 회복). */
+export async function handleRestoreProject(
+  args: Record<string, unknown> | undefined,
+): Promise<ToolTextResult> {
+  const project = readString(args, 'project');
+  if (!project) return jsonError('missing required arg: project');
+  const config = readString(args, 'config') ?? 'default';
+  const ctx = await loadAuthContext();
+  if (!ctx) return notLoggedIn();
+  if (!ensureUserCtx(ctx)) return jsonError('restore requires a user token (master pw)');
+  return jsonOk(await ctx.client.restoreProject(project, config));
+}
+
+/** athsra_bulk_set — 여러 키를 1회 read→merge→write (버전 1 bump). 값은 응답 미노출(키 이름만). */
+export async function handleBulkSet(
+  args: Record<string, unknown> | undefined,
+): Promise<ToolTextResult> {
+  const project = readString(args, 'project');
+  const secrets = readRecordOfStrings(args, 'secrets');
+  if (!project || !secrets) {
+    return jsonError('missing required args: project, secrets (object of string→string)');
+  }
+  if (Object.keys(secrets).length === 0) return jsonError('secrets must be a non-empty object');
+  const config = readString(args, 'config') ?? 'default';
+  const ctx = await loadAuthContext();
+  if (!ctx) return notLoggedIn();
+  if (!ensureUserCtx(ctx)) return jsonError('bulk_set requires a user token (master pw)');
+  const existing = (await readPlain(ctx, project, config)) ?? {};
+  const merged: Record<string, string> = { ...existing, ...secrets };
+  await writePlain(ctx, project, merged, { config });
+  return jsonOk({
+    project,
+    action: 'bulk_set',
+    set_keys: Object.keys(secrets).sort(),
+    total_keys: Object.keys(merged).length,
+  });
+}

package/src/lib/oidc-flow.ts

@@ -10,6 +10,7 @@
 
 import { spawn } from 'node:child_process';
 import { createHash, randomBytes } from 'node:crypto';
+import { readFileSync } from 'node:fs';
 import { createServer, type IncomingMessage, type ServerResponse } from 'node:http';
 
 /** OIDC PKCE 플로우 엔드포인트 + 파라미터 (env override 는 호출부에서 해석해 주입). */
@@ -103,9 +104,50 @@ function base64urlBuf(buf: Buffer): string {
 
 export function openBrowser(url: string): void {
   const platform = process.platform;
+  // WSL — Linux 플랫폼이지만 xdg-open 이 호스트 브라우저로 연결 안 됨. wslview/powershell 폴백.
+  if (platform === 'linux' && isWsl()) {
+    openWsl(url);
+    return;
+  }
   const cmd = platform === 'darwin' ? 'open' : platform === 'win32' ? 'cmd' : 'xdg-open';
   const args = platform === 'win32' ? ['/c', 'start', '', url] : [url];
-  spawn(cmd, args, { detached: true, stdio: 'ignore' }).unref();
+  spawnQuiet(cmd, args);
+}
+
+/** WSL(Windows Subsystem for Linux) 호스트 감지 — env 우선, /proc/version 폴백. */
+function isWsl(): boolean {
+  if (process.env.WSL_DISTRO_NAME) return true;
+  try {
+    return readFileSync('/proc/version', 'utf8').toLowerCase().includes('microsoft');
+  } catch {
+    return false;
+  }
+}
+
+/** detached spawn + error 무음 — 자동 열기 실패해도 URL 은 호출 전 출력됨(사용자 수동 복사). */
+function spawnQuiet(cmd: string, args: string[]): void {
+  const child = spawn(cmd, args, { detached: true, stdio: 'ignore' });
+  child.on('error', () => {
+    /* URL 이미 출력됨 */
+  });
+  child.unref();
+}
+
+/** WSL — Windows 호스트 기본 브라우저. wslview(wslu) 우선, 실패 시 powershell.exe Start-Process. */
+function openWsl(url: string): void {
+  const child = spawn('wslview', [url], { detached: true, stdio: 'ignore' });
+  child.on('error', () => {
+    const ps = spawn(
+      'powershell.exe',
+      ['-NoProfile', '-Command', `Start-Process '${url.replace(/'/g, "''")}'`],
+      { detached: true, stdio: 'ignore' },
+    );
+    ps.on('error', () => {
+      /* 둘 다 실패 — URL 이미 출력됨 */
+    });
+    ps.unref();
+  });
+  child.unref();
 }
 
 async function findFreePort(): Promise<number> {

package/src/lib/org-rewrap.ts

@@ -40,13 +40,14 @@ interface AdderIdentity {
  * 호출자가 **owner**(master pw 로 master recipient unwrap)면 addMemberRecipient, **admin 멤버**
  * (master 불가)면 본인 X25519 키로 addMemberRecipientAsMember (server recipient-continuity 가
  * add=manager 강제). `replace`=true 면 기존 member recipient 를 제거 후 재포장(key reset 복구의
- * stale wrap 교체 — recipient id set 불변).
+ * stale wrap 교체 — recipient id set 불변). `projects` 명시 시 그 프로젝트만 대상
+ * (Phase 5 B4 — MCP athsra_project_share 의 단건 공유; 기본 = listProjects 전체).
  */
 export async function grantOrgAccess(
   client: AthsraClient,
   masterPw: string,
   memberUserId: number,
-  opts?: { replace?: boolean },
+  opts?: { replace?: boolean; dryRun?: boolean; projects?: string[] },
 ): Promise<GrantResult> {
   const pub = await client.getPublicKey(memberUserId);
   if (!pub) {
@@ -102,7 +103,7 @@ export async function grantOrgAccess(
     }
   };
 
-  const projects = await client.listProjects();
+  const projects = opts?.projects ?? (await client.listProjects());
   const result: GrantResult = { granted: [], skipped: [], legacyV1: [], failed: [] };
   for (const project of projects) {
     try {
@@ -120,6 +121,11 @@ export async function grantOrgAccess(
         result.skipped.push(project);
         continue;
       }
+      if (opts?.dryRun) {
+        // survey 만 — 실제 crypto 연산·PUT 없이 "추가 예정" 으로 집계 (migrate --self dry-run).
+        result.granted.push(project);
+        continue;
+      }
       // replace: 기존(stale) recipient 제거 후 재포장. 신규: 그냥 추가.
       const baseEnv = has ? removeMemberRecipient(env, memberUserId) : env;
       const updated = await addRecipient(baseEnv);

package/src/lib/service-tokens.ts

@@ -0,0 +1,62 @@
+/**
+ * service-tokens.ts — Phase 5 B4. service token 발급 + envelope recipient 동반 추가의 공용 코어.
+ *
+ * `commands/service-token.ts` createCmd 에서 추출 — CLI 와 MCP(athsra_service_token_create)가
+ * 같은 경로를 소비해 드리프트를 막는다. 발급(worker) → v1→v2 migrate(필요 시) →
+ * addServiceRecipient(DEK 를 token secret 으로 wrap) → putEnvelope. master pw 필수
+ * (recipient 추가에 master recipient DEK unwrap 이 필요) — identity 디바이스 불가.
+ */
+import { addServiceRecipient, migrateV1ToV2, type SecretEnvelopeV2 } from '@athsra/crypto';
+import type { UserAuthContext } from './auth-context.ts';
+
+export interface CreatedServiceToken {
+  token: string;
+  recipient_id: string;
+  project: string;
+  perms: string;
+  expires_at: string | null;
+}
+
+/**
+ * 발급 + envelope recipient 추가 일체. envelope 부재 시 throw (발급 무의미 — 먼저 `athsra set`).
+ * 반환되는 `token` 은 이 시점 1회만 노출 — 보관 안내는 호출자(CLI 출력 / MCP warning) 책임.
+ */
+export async function createServiceTokenWithRecipient(
+  ctx: Pick<UserAuthContext, 'client' | 'masterPw'>,
+  args: { project: string; label: string; perms: 'read' | 'write'; expiresInDays?: number },
+): Promise<CreatedServiceToken> {
+  const { client, masterPw } = ctx;
+
+  // envelope 확인 — 없으면 service token 발급 무의미
+  const envelope = await client.getEnvelope(args.project);
+  if (!envelope) {
+    throw new Error(
+      `project ${args.project} envelope 없음 — 먼저 \`athsra set ${args.project} KEY=value\` 실행.`,
+    );
+  }
+
+  // worker 에 service token 발급
+  const created = await client.createServiceToken({
+    project: args.project,
+    label: args.label,
+    perms: args.perms,
+    expiresInDays: args.expiresInDays,
+  });
+
+  // envelope 에 recipient 추가 — v1 이면 v2 로 자동 migrate
+  let v2Envelope: SecretEnvelopeV2;
+  if (envelope.version === 1) {
+    v2Envelope = await migrateV1ToV2(envelope, masterPw);
+  } else {
+    v2Envelope = envelope;
+  }
+  const updated = await addServiceRecipient(
+    v2Envelope,
+    masterPw,
+    created.token,
+    created.recipient_id,
+  );
+  await client.putEnvelope(args.project, updated);
+
+  return created;
+}