@owloops/browserbird 1.7.1 → 1.8.0

package/dist/index.mjs

@@ -3,7 +3,7 @@ import { parseArgs, styleText } from "node:util";
 import { existsSync, mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
 import { dirname, extname, join, resolve } from "node:path";
 import { DatabaseSync } from "node:sqlite";
-import { createHmac, randomBytes, scrypt, timingSafeEqual } from "node:crypto";
+import { createCipheriv, createDecipheriv, createHmac, randomBytes, scrypt, timingSafeEqual } from "node:crypto";
 import { connect } from "node:net";
 import { execFileSync, spawn } from "node:child_process";
 import { createServer } from "node:http";
@@ -15,6 +15,7 @@ import { LogLevel, WebClient } from "@slack/web-api";
 const COMMANDS = {
 	SESSIONS: "sessions",
 	BIRDS: "birds",
+	KEYS: "keys",
 	CONFIG: "config",
 	LOGS: "logs",
 	JOBS: "jobs",
@@ -192,8 +193,8 @@ function unknownSubcommand(subcommand, command, validCommands) {
 /** @fileoverview ASCII banner displayed on daemon startup and in help text. */
 const pkg = createRequire(import.meta.url)("../package.json");
 const buildInfo = [];
-buildInfo.push(`commit: ${"15ead4a5a3d42d49a5b1c8a7bb3b4bc34d32c539".substring(0, 7)}`);
-buildInfo.push(`built: 2026-03-20T00:08:17+04:00`);
+buildInfo.push(`commit: ${"2c657bcf3aa7f81dcfc993a561bed0f74cacffcf".substring(0, 7)}`);
+buildInfo.push(`built: 2026-03-22T02:02:21+04:00`);
 const buildString = buildInfo.length > 0 ? ` (${buildInfo.join(", ")})` : "";
 const VERSION = `browserbird ${pkg.version}${buildString}`;
 const BIRD = [
@@ -644,6 +645,31 @@ const MIGRATIONS = [
         );
         CREATE INDEX IF NOT EXISTS idx_feedback_channel_thread
           ON feedback(channel_id, thread_id);
+      `);
+		}
+	},
+	{
+		name: "keys vault",
+		up(d) {
+			d.exec(`
+        CREATE TABLE IF NOT EXISTS keys (
+          uid TEXT PRIMARY KEY,
+          name TEXT NOT NULL UNIQUE,
+          value TEXT NOT NULL,
+          description TEXT,
+          created_at TEXT NOT NULL DEFAULT (datetime('now')),
+          updated_at TEXT NOT NULL DEFAULT (datetime('now'))
+        );
+
+        CREATE TABLE IF NOT EXISTS key_bindings (
+          id INTEGER PRIMARY KEY AUTOINCREMENT,
+          key_uid TEXT NOT NULL REFERENCES keys(uid) ON DELETE CASCADE,
+          target_type TEXT NOT NULL CHECK(target_type IN ('channel', 'bird')),
+          target_id TEXT NOT NULL,
+          UNIQUE(key_uid, target_type, target_id)
+        );
+        CREATE INDEX IF NOT EXISTS idx_key_bindings_target
+          ON key_bindings(target_type, target_id);
       `);
 		}
 	}
@@ -790,6 +816,7 @@ const ALPHABET = "abcdefghijklmnopqrstuvwxyz0123456789";
 const UID_PREFIX = {
 	bird: "br_",
 	flight: "fl_",
+	key: "ky_",
 	session: "ss_"
 };
 function generateUid(prefix) {
@@ -1339,6 +1366,182 @@ function insertFeedback(channelId, threadId, messageTs, userId, value) {
        VALUES (?, ?, ?, ?, ?)`).run(channelId, threadId ?? null, messageTs ?? null, userId, value);
 }
 
+//#endregion
+//#region src/core/crypto.ts
+/** @fileoverview AES-256-GCM encryption for vault key values. */
+const ALGORITHM = "aes-256-gcm";
+const IV_BYTES = 12;
+const ENC_PREFIX = "enc$";
+const VAULT_KEY_ENV = "BROWSERBIRD_VAULT_KEY";
+function encrypt(plaintext, keyHex) {
+	const key = Buffer.from(keyHex, "hex");
+	const iv = randomBytes(IV_BYTES);
+	const cipher = createCipheriv(ALGORITHM, key, iv);
+	const encrypted = Buffer.concat([cipher.update(plaintext, "utf-8"), cipher.final()]);
+	const tag = cipher.getAuthTag();
+	return `${ENC_PREFIX}${iv.toString("base64")}:${tag.toString("base64")}:${encrypted.toString("base64")}`;
+}
+function decrypt(encoded, keyHex) {
+	if (!encoded.startsWith(ENC_PREFIX)) return encoded;
+	const parts = encoded.slice(4).split(":");
+	if (parts.length !== 3) throw new Error("malformed encrypted value");
+	const iv = Buffer.from(parts[0], "base64");
+	const tag = Buffer.from(parts[1], "base64");
+	const ciphertext = Buffer.from(parts[2], "base64");
+	const decipher = createDecipheriv(ALGORITHM, Buffer.from(keyHex, "hex"), iv);
+	decipher.setAuthTag(tag);
+	return Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf-8");
+}
+function isEncrypted(value) {
+	return value.startsWith(ENC_PREFIX);
+}
+function generateVaultKey() {
+	return randomBytes(32).toString("hex");
+}
+function getVaultKey() {
+	const key = process.env[VAULT_KEY_ENV];
+	if (!key) throw new Error(`${VAULT_KEY_ENV} not set. Run the daemon to auto-generate it, or set it manually.`);
+	return key;
+}
+function ensureVaultKey(envPath) {
+	if (process.env[VAULT_KEY_ENV]) return;
+	const key = generateVaultKey();
+	saveEnvFile(envPath, { [VAULT_KEY_ENV]: key });
+	process.env[VAULT_KEY_ENV] = key;
+	logger.info("generated vault encryption key");
+}
+
+//#endregion
+//#region src/db/keys.ts
+function decryptValue(raw) {
+	return isEncrypted(raw) ? decrypt(raw, getVaultKey()) : raw;
+}
+function computeHint(raw) {
+	const value = decryptValue(raw);
+	if (value.length <= 8) return "****";
+	return `${value.slice(0, 4)}...${value.slice(-4)}`;
+}
+const KEY_SORT_COLUMNS = new Set([
+	"uid",
+	"name",
+	"created_at",
+	"updated_at"
+]);
+const KEY_SEARCH_COLUMNS = [
+	"uid",
+	"name",
+	"description"
+];
+function loadBindingsMap() {
+	const bindings = getDb().prepare("SELECT * FROM key_bindings ORDER BY key_uid").all();
+	const map = /* @__PURE__ */ new Map();
+	for (const b of bindings) {
+		let arr = map.get(b.key_uid);
+		if (!arr) {
+			arr = [];
+			map.set(b.key_uid, arr);
+		}
+		arr.push({
+			targetType: b.target_type,
+			targetId: b.target_id
+		});
+	}
+	return map;
+}
+function enrichKeys(result) {
+	const bindingsByKey = loadBindingsMap();
+	return {
+		...result,
+		items: result.items.map((row) => ({
+			uid: row.uid,
+			name: row.name,
+			hint: computeHint(row.value),
+			description: row.description,
+			created_at: row.created_at,
+			updated_at: row.updated_at,
+			bindings: bindingsByKey.get(row.uid) ?? []
+		}))
+	};
+}
+function listKeys(page = 1, perPage = DEFAULT_PER_PAGE, sort, search) {
+	return enrichKeys(paginate("keys", page, perPage, {
+		defaultSort: "name ASC",
+		sort,
+		search,
+		allowedSortColumns: KEY_SORT_COLUMNS,
+		searchColumns: KEY_SEARCH_COLUMNS
+	}));
+}
+function getKey(uid) {
+	return getDb().prepare("SELECT * FROM keys WHERE uid = ?").get(uid);
+}
+function createKey(name, value, description) {
+	const d = getDb();
+	const uid = generateUid(UID_PREFIX.key);
+	const encrypted = encrypt(value, getVaultKey());
+	d.prepare("INSERT INTO keys (uid, name, value, description) VALUES (?, ?, ?, ?)").run(uid, name, encrypted, description ?? null);
+	return getKey(uid);
+}
+function updateKey(uid, fields) {
+	const d = getDb();
+	const sets = [];
+	const params = [];
+	if (fields.name !== void 0) {
+		sets.push("name = ?");
+		params.push(fields.name);
+	}
+	if (fields.value !== void 0) {
+		sets.push("value = ?");
+		params.push(encrypt(fields.value, getVaultKey()));
+	}
+	if (fields.description !== void 0) {
+		sets.push("description = ?");
+		params.push(fields.description || null);
+	}
+	if (sets.length === 0) return getKey(uid);
+	sets.push("updated_at = datetime('now')");
+	params.push(uid);
+	if (d.prepare(`UPDATE keys SET ${sets.join(", ")} WHERE uid = ?`).run(...params).changes === 0) return void 0;
+	return getKey(uid);
+}
+function deleteKey(uid) {
+	return getDb().prepare("DELETE FROM keys WHERE uid = ?").run(uid).changes > 0;
+}
+function replaceBindings(keyUid, bindings) {
+	transaction(() => {
+		const d = getDb();
+		d.prepare("DELETE FROM key_bindings WHERE key_uid = ?").run(keyUid);
+		const stmt = d.prepare("INSERT INTO key_bindings (key_uid, target_type, target_id) VALUES (?, ?, ?)");
+		for (const b of bindings) stmt.run(keyUid, b.targetType, b.targetId);
+	});
+}
+function getKeysForTarget(targetType, targetId) {
+	return getDb().prepare(`SELECT k.name, k.value FROM keys k
+       JOIN key_bindings kb ON kb.key_uid = k.uid
+       WHERE kb.target_type = ? AND (kb.target_id = ? OR kb.target_id = '*')`).all(targetType, targetId).map((r) => ({
+		name: r.name,
+		value: decryptValue(r.value)
+	}));
+}
+/** Resolves keys for one or more targets into a flat env map. Later targets override earlier ones. */
+function resolveExtraEnv(targets) {
+	const env = {};
+	for (const t of targets) for (const k of getKeysForTarget(t.type, t.id)) env[k.name] = k.value;
+	return Object.keys(env).length > 0 ? env : void 0;
+}
+function getAllKeyValues() {
+	return getDb().prepare("SELECT value FROM keys").all().map((r) => decryptValue(r.value));
+}
+function migrateUnencryptedKeys() {
+	const d = getDb();
+	const rows = d.prepare("SELECT uid, value FROM keys").all();
+	const vaultKey = getVaultKey();
+	for (const row of rows) if (!isEncrypted(row.value)) {
+		const encrypted = encrypt(row.value, vaultKey);
+		d.prepare("UPDATE keys SET value = ? WHERE uid = ?").run(encrypted, row.uid);
+	}
+}
+
 //#endregion
 //#region src/db/path.ts
 /** @fileoverview Database path resolution: CLI flag, env var, or default. */
@@ -1363,6 +1566,67 @@ function resolveDbPathFromArgv(argv) {
 	return resolveDbPath();
 }
 
+//#endregion
+//#region src/core/redact.ts
+/** @fileoverview Output redaction: scrubs known secrets and token patterns from agent output. */
+const REDACTED = "[redacted]";
+const ENV_SECRET_MIN_LENGTH = 8;
+const VAULT_SECRET_MIN_LENGTH = 4;
+const SENSITIVE_NAME_RE$1 = /KEY|SECRET|TOKEN|PASSWORD/i;
+/**
+* Token prefix patterns. Each entry is [prefix, minLength] where minLength
+* is the shortest plausible token including the prefix (avoids false positives
+* on short strings that happen to start with a prefix).
+*/
+const TOKEN_PATTERNS = [
+	["xoxb-", 20],
+	["xapp-", 20],
+	["sk-ant-api", 20],
+	["sk-ant-oat", 20],
+	["sk-or-", 20]
+];
+let knownSecrets;
+function collectSecrets() {
+	const secrets = [];
+	for (const [name, value] of Object.entries(process.env)) if (value && SENSITIVE_NAME_RE$1.test(name) && value.length >= ENV_SECRET_MIN_LENGTH) secrets.push(value);
+	secrets.sort((a, b) => b.length - a.length);
+	return secrets;
+}
+function getSecrets() {
+	if (!knownSecrets) knownSecrets = collectSecrets();
+	return knownSecrets;
+}
+/** Merges additional secret values (e.g. vault keys) into the redactor. Additive only. */
+function addSecrets(values, minLength = ENV_SECRET_MIN_LENGTH) {
+	const current = getSecrets();
+	const existing = new Set(current);
+	let added = false;
+	for (const v of values) if (v.length >= minLength && !existing.has(v)) {
+		current.push(v);
+		existing.add(v);
+		added = true;
+	}
+	if (added) current.sort((a, b) => b.length - a.length);
+}
+function escapeForRegex(s) {
+	return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+}
+function buildPatternRegex() {
+	const parts = TOKEN_PATTERNS.map(([prefix, minLength]) => {
+		return `${escapeForRegex(prefix)}[A-Za-z0-9_\\-]{${minLength - prefix.length},}`;
+	});
+	return new RegExp(parts.join("|"), "g");
+}
+const patternRegex = buildPatternRegex();
+/** Replaces known secret values and token patterns in text with [redacted]. */
+function redact(text) {
+	if (!text) return text;
+	let result = text;
+	for (const secret of getSecrets()) if (result.includes(secret)) result = result.replaceAll(secret, REDACTED);
+	result = result.replace(patternRegex, REDACTED);
+	return result;
+}
+
 //#endregion
 //#region src/server/auth.ts
 /** @fileoverview Password hashing, token signing, and verification using node:crypto. */
@@ -1855,6 +2119,61 @@ function maskSecret(value) {
 		hint: prefix ? `${prefix}...${tail}` : `...${tail}`
 	};
 }
+const KEY_NAME_RE = /^[A-Z][A-Z0-9_]*$/;
+const BLOCKED_KEY_PREFIXES = [
+	"LD_",
+	"DYLD_",
+	"NODE_",
+	"NPM_",
+	"GIT_",
+	"PYTHON",
+	"RUBY",
+	"PERL",
+	"JAVA_",
+	"CLAUDE_",
+	"BROWSERBIRD_"
+];
+const BLOCKED_KEY_NAMES = new Set([
+	"ANTHROPIC_API_KEY",
+	"CLAUDECODE",
+	"SLACK_BOT_TOKEN",
+	"SLACK_APP_TOKEN",
+	"PATH",
+	"HOME",
+	"SHELL",
+	"USER",
+	"LOGNAME",
+	"TERM",
+	"IFS",
+	"CDPATH",
+	"CPATH",
+	"CPPATH",
+	"LIBRARY_PATH",
+	"TMPDIR",
+	"TZDIR",
+	"GCONV_PATH",
+	"HOSTALIASES",
+	"MALLOC_TRACE",
+	"RESOLV_HOST_CONF",
+	"HTTP_PROXY",
+	"HTTPS_PROXY",
+	"ALL_PROXY",
+	"NO_PROXY",
+	"CURL_CA_BUNDLE",
+	"SSL_CERT_FILE",
+	"SSL_CERT_DIR",
+	"REQUESTS_CA_BUNDLE"
+]);
+function isDangerousKeyName(name) {
+	if (BLOCKED_KEY_NAMES.has(name)) return true;
+	return BLOCKED_KEY_PREFIXES.some((p) => name.startsWith(p));
+}
+function validateKeyName(raw) {
+	const name = raw.trim().toUpperCase();
+	if (!KEY_NAME_RE.test(name)) return { error: "Name must match [A-Z][A-Z0-9_]* (e.g. GITHUB_TOKEN)" };
+	if (isDangerousKeyName(name)) return { error: `"${name}" is a reserved or dangerous name` };
+	return { name };
+}
 const HH_MM_RE = /^\d{2}:\d{2}$/;
 const ALLOWED_TOP_LEVEL_KEYS = new Set([
 	"timezone",
@@ -2723,6 +3042,154 @@ function buildRoutes(getConfig, startedAt, getDeps, options) {
 					jsonError(res, `Launch failed: ${err instanceof Error ? err.message : String(err)}`, 500);
 				}
 			}
+		},
+		{
+			method: "GET",
+			pattern: pathToRegex("/api/keys"),
+			handler(req, res) {
+				const url = new URL(req.url ?? "/", `http://${req.headers.host}`);
+				const { page, perPage } = parsePagination(url);
+				json(res, listKeys(page, perPage, parseSortParam(url), parseSearchParam(url)));
+			}
+		},
+		{
+			method: "POST",
+			pattern: pathToRegex("/api/keys"),
+			async handler(req, res) {
+				let body;
+				try {
+					body = await readJsonBody(req);
+				} catch {
+					jsonError(res, "Invalid JSON body", 400);
+					return;
+				}
+				if (!body.name || typeof body.name !== "string" || !body.name.trim()) {
+					jsonError(res, "\"name\" is required", 400);
+					return;
+				}
+				if (!body.value || typeof body.value !== "string") {
+					jsonError(res, "\"value\" is required", 400);
+					return;
+				}
+				const validated = validateKeyName(body.name);
+				if ("error" in validated) {
+					jsonError(res, validated.error, 400);
+					return;
+				}
+				const { name } = validated;
+				try {
+					const key = createKey(name, body.value, body.description?.trim());
+					addSecrets([body.value], VAULT_SECRET_MIN_LENGTH);
+					if (body.bindings && body.bindings.length > 0) replaceBindings(key.uid, body.bindings);
+					broadcastSSE("invalidate", { resource: "keys" });
+					json(res, { uid: key.uid }, 201);
+				} catch (err) {
+					const msg = err instanceof Error ? err.message : String(err);
+					if (msg.includes("UNIQUE constraint")) jsonError(res, `A key named "${name}" already exists`, 409);
+					else jsonError(res, msg, 500);
+				}
+			}
+		},
+		{
+			method: "PATCH",
+			pattern: pathToRegex("/api/keys/:id"),
+			async handler(req, res, params) {
+				const uid = params["id"];
+				if (!uid) {
+					jsonError(res, "Missing key ID", 400);
+					return;
+				}
+				if (!getKey(uid)) {
+					jsonError(res, `Key ${uid} not found`, 404);
+					return;
+				}
+				let body;
+				try {
+					body = await readJsonBody(req);
+				} catch {
+					jsonError(res, "Invalid JSON body", 400);
+					return;
+				}
+				const fields = {};
+				if (body.name !== void 0) {
+					const validated = validateKeyName(body.name);
+					if ("error" in validated) {
+						jsonError(res, validated.error, 400);
+						return;
+					}
+					fields.name = validated.name;
+				}
+				if (body.value !== void 0 && body.value !== "") fields.value = body.value;
+				if (body.description !== void 0) fields.description = body.description;
+				try {
+					const updated = updateKey(uid, fields);
+					if (!updated) {
+						jsonError(res, `Key ${uid} not found`, 404);
+						return;
+					}
+					if (fields.value) addSecrets([fields.value], VAULT_SECRET_MIN_LENGTH);
+					broadcastSSE("invalidate", { resource: "keys" });
+					json(res, { uid: updated.uid });
+				} catch (err) {
+					const msg = err instanceof Error ? err.message : String(err);
+					if (msg.includes("UNIQUE constraint")) jsonError(res, `A key named "${fields.name}" already exists`, 409);
+					else jsonError(res, msg, 500);
+				}
+			}
+		},
+		{
+			method: "DELETE",
+			pattern: pathToRegex("/api/keys/:id"),
+			handler(_req, res, params) {
+				const uid = params["id"];
+				if (!uid) {
+					jsonError(res, "Missing key ID", 400);
+					return;
+				}
+				if (deleteKey(uid)) {
+					broadcastSSE("invalidate", { resource: "keys" });
+					json(res, { success: true });
+				} else jsonError(res, `Key ${uid} not found`, 404);
+			}
+		},
+		{
+			method: "PUT",
+			pattern: pathToRegex("/api/keys/:id/bindings"),
+			async handler(req, res, params) {
+				const uid = params["id"];
+				if (!uid) {
+					jsonError(res, "Missing key ID", 400);
+					return;
+				}
+				if (!getKey(uid)) {
+					jsonError(res, `Key ${uid} not found`, 404);
+					return;
+				}
+				let body;
+				try {
+					body = await readJsonBody(req);
+				} catch {
+					jsonError(res, "Invalid JSON body", 400);
+					return;
+				}
+				if (!Array.isArray(body)) {
+					jsonError(res, "Body must be an array of bindings", 400);
+					return;
+				}
+				for (const b of body) {
+					if (b.targetType !== "channel" && b.targetType !== "bird") {
+						jsonError(res, "\"targetType\" must be \"channel\" or \"bird\"", 400);
+						return;
+					}
+					if (!b.targetId || typeof b.targetId !== "string") {
+						jsonError(res, "\"targetId\" is required", 400);
+						return;
+					}
+				}
+				replaceBindings(uid, body);
+				broadcastSSE("invalidate", { resource: "keys" });
+				json(res, { success: true });
+			}
 		}
 	];
 }
@@ -3322,13 +3789,13 @@ function gracefulKill(proc) {
 /** Env vars that prevent nested Claude Code sessions. */
 const STRIPPED_ENV_VARS = ["CLAUDECODE", "CLAUDE_CODE_ENTRYPOINT"];
 /** Strips env vars whose names suggest they hold credentials. */
-const SENSITIVE_NAME_RE$1 = /KEY|SECRET|TOKEN|PASSWORD/i;
+const SENSITIVE_NAME_RE = /KEY|SECRET|TOKEN|PASSWORD/i;
 function cleanEnv() {
 	const env = {};
 	for (const [key, value] of Object.entries(process.env)) {
 		if (value == null) continue;
 		if (STRIPPED_ENV_VARS.includes(key)) continue;
-		if (SENSITIVE_NAME_RE$1.test(key)) continue;
+		if (SENSITIVE_NAME_RE.test(key)) continue;
 		env[key] = value;
 	}
 	return env;
@@ -3344,6 +3811,7 @@ function spawnProvider(options, signal) {
 	const baseEnv = cleanEnv();
 	if (cmd.env) for (const [k, v] of Object.entries(cmd.env)) if (v === "") delete baseEnv[k];
 	else baseEnv[k] = v;
+	if (options.extraEnv) for (const [k, v] of Object.entries(options.extraEnv)) baseEnv[k] = v;
 	const proc = spawn(cmd.binary, cmd.args, {
 		cwd: cmd.cwd ?? process.cwd(),
 		stdio: [
@@ -3425,53 +3893,6 @@ async function* parseStdout(proc, buffer, setBuffer) {
 	};
 }
 
-//#endregion
-//#region src/core/redact.ts
-/** @fileoverview Output redaction: scrubs known secrets and token patterns from agent output. */
-const REDACTED = "[redacted]";
-const SENSITIVE_NAME_RE = /KEY|SECRET|TOKEN|PASSWORD/i;
-/**
-* Token prefix patterns. Each entry is [prefix, minLength] where minLength
-* is the shortest plausible token including the prefix (avoids false positives
-* on short strings that happen to start with a prefix).
-*/
-const TOKEN_PATTERNS = [
-	["xoxb-", 20],
-	["xapp-", 20],
-	["sk-ant-api", 20],
-	["sk-ant-oat", 20],
-	["sk-or-", 20]
-];
-let knownSecrets;
-function collectSecrets() {
-	const secrets = [];
-	for (const [name, value] of Object.entries(process.env)) if (value && SENSITIVE_NAME_RE.test(name) && value.length >= 8) secrets.push(value);
-	secrets.sort((a, b) => b.length - a.length);
-	return secrets;
-}
-function getSecrets() {
-	if (!knownSecrets) knownSecrets = collectSecrets();
-	return knownSecrets;
-}
-function escapeForRegex(s) {
-	return s.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
-}
-function buildPatternRegex() {
-	const parts = TOKEN_PATTERNS.map(([prefix, minLength]) => {
-		return `${escapeForRegex(prefix)}[A-Za-z0-9_\\-]{${minLength - prefix.length},}`;
-	});
-	return new RegExp(parts.join("|"), "g");
-}
-const patternRegex = buildPatternRegex();
-/** Replaces known secret values and token patterns in text with [redacted]. */
-function redact(text) {
-	if (!text) return text;
-	let result = text;
-	for (const secret of getSecrets()) if (result.includes(secret)) result = result.replaceAll(secret, REDACTED);
-	result = result.replace(patternRegex, REDACTED);
-	return result;
-}
-
 //#endregion
 //#region src/channel/blocks.ts
 function plain(text) {
@@ -3844,12 +4265,23 @@ function startScheduler(getConfig, signal, deps) {
 		const needsBrowserLock = config.browser.enabled && getBrowserMode() === "persistent";
 		let browserLock = null;
 		try {
+			const targets = [];
+			if (payload.channelId) targets.push({
+				type: "channel",
+				id: payload.channelId
+			});
+			targets.push({
+				type: "bird",
+				id: payload.cronJobUid
+			});
+			const extraEnv = resolveExtraEnv(targets);
 			const { events, kill } = spawnProvider({
 				message: payload.prompt,
 				agent,
 				mcpConfigPath: config.browser.mcpConfigPath,
 				timezone: config.timezone,
-				globalTimeoutMs: config.sessions.processTimeoutMs
+				globalTimeoutMs: config.sessions.processTimeoutMs,
+				extraEnv
 			}, signal);
 			activeKills.set(payload.cronJobUid, kill);
 			if (payload.channelId) logMessage(payload.channelId, null, agent.id, "in", payload.prompt);
@@ -4121,7 +4553,10 @@ function createHandler(client, getConfig, signal, getTeamId, getChannelNameToId)
 				await streamer.stop(opts);
 			} catch (err) {
 				if (isStreamExpired(err)) streamDead = true;
-				else throw err;
+				else {
+					await streamer.stop().catch(() => {});
+					throw err;
+				}
 			}
 		}
 		let lastStatus = "is thinking...";
@@ -4129,118 +4564,121 @@ function createHandler(client, getConfig, signal, getTeamId, getChannelNameToId)
 			client.setStatus?.(channelId, threadTs, lastStatus).catch(() => {});
 		};
 		const statusTimer = setInterval(refreshStatus, STATUS_REFRESH_MS);
-		for await (const event of events) {
-			if (signal.aborted) break;
-			logger.debug(`stream event: ${event.type}`);
-			switch (event.type) {
-				case "init":
-					updateSessionProviderId(sessionUid, event.sessionId);
-					break;
-				case "text_delta": {
-					const safe = redact(event.delta);
-					fullText += safe;
-					await safeAppend({ markdown_text: safe });
-					break;
-				}
-				case "tool_images":
-					await uploadImages(event.images, channelId, threadTs);
-					break;
-				case "tool_use":
-					meta.onToolUse?.(event.toolName);
-					lastStatus = toolStatusText(event.toolName);
-					client.setStatus?.(channelId, threadTs, lastStatus).catch(() => {});
-					if (event.toolCallId !== void 0) {
-						toolCount++;
-						activeTasks.set(event.toolCallId, event.toolName);
-						const title = toolTaskTitle(event.toolName);
-						const chunks = [];
-						if (toolCount === 1) chunks.push({
-							type: "plan_update",
-							title: "Working on it"
-						});
-						chunks.push({
-							type: "task_update",
-							id: event.toolCallId,
-							title,
-							status: "in_progress",
-							...event.details ? { details: event.details } : {}
-						});
-						await safeAppend({ chunks });
+		try {
+			for await (const event of events) {
+				if (signal.aborted) break;
+				logger.debug(`stream event: ${event.type}`);
+				switch (event.type) {
+					case "init":
+						updateSessionProviderId(sessionUid, event.sessionId);
+						break;
+					case "text_delta": {
+						const safe = redact(event.delta);
+						fullText += safe;
+						await safeAppend({ markdown_text: safe });
+						break;
 					}
-					break;
-				case "tool_result": {
-					const toolName = activeTasks.get(event.toolCallId);
-					if (toolName) {
-						activeTasks.delete(event.toolCallId);
-						const title = toolTaskTitle(toolName);
-						if (event.isError) toolErrors++;
-						else toolSuccesses++;
-						const chunks = [{
-							type: "task_update",
-							id: event.toolCallId,
-							title,
-							status: event.isError ? "error" : "complete",
-							...event.output ? { output: event.output } : {}
-						}];
-						if (activeTasks.size === 0) {
-							const label = toolErrors === 0 ? `Completed (${toolCount} ${toolCount === 1 ? "step" : "steps"})` : `${toolSuccesses} passed, ${toolErrors} failed`;
-							chunks.push({
+					case "tool_images":
+						await uploadImages(event.images, channelId, threadTs);
+						break;
+					case "tool_use":
+						meta.onToolUse?.(event.toolName);
+						lastStatus = toolStatusText(event.toolName);
+						client.setStatus?.(channelId, threadTs, lastStatus).catch(() => {});
+						if (event.toolCallId !== void 0) {
+							toolCount++;
+							activeTasks.set(event.toolCallId, event.toolName);
+							const title = toolTaskTitle(event.toolName);
+							const chunks = [];
+							if (toolCount === 1) chunks.push({
 								type: "plan_update",
-								title: label
+								title: "Working on it"
 							});
+							chunks.push({
+								type: "task_update",
+								id: event.toolCallId,
+								title,
+								status: "in_progress",
+								...event.details ? { details: redact(event.details) } : {}
+							});
+							await safeAppend({ chunks });
+						}
+						break;
+					case "tool_result": {
+						const toolName = activeTasks.get(event.toolCallId);
+						if (toolName) {
+							activeTasks.delete(event.toolCallId);
+							const title = toolTaskTitle(toolName);
+							if (event.isError) toolErrors++;
+							else toolSuccesses++;
+							const chunks = [{
+								type: "task_update",
+								id: event.toolCallId,
+								title,
+								status: event.isError ? "error" : "complete",
+								...event.output ? { output: redact(event.output) } : {}
+							}];
+							if (activeTasks.size === 0) {
+								const label = toolErrors === 0 ? `Completed (${toolCount} ${toolCount === 1 ? "step" : "steps"})` : `${toolSuccesses} passed, ${toolErrors} failed`;
+								chunks.push({
+									type: "plan_update",
+									title: label
+								});
+							}
+							await safeAppend({ chunks });
 						}
-						await safeAppend({ chunks });
+						break;
 					}
-					break;
-				}
-				case "completion":
-					completion = event;
-					logger.info(`completion [${event.subtype}]: ${event.tokensIn}in/${event.tokensOut}out, $${event.costUsd.toFixed(4)}, ${event.numTurns} turns`);
-					logMessage(channelId, threadTs, "bot", "out", fullText, event.tokensIn, event.tokensOut);
-					break;
-				case "rate_limit":
-					logger.debug(`rate limit window resets ${(/* @__PURE__ */ new Date(event.resetsAt * 1e3)).toISOString()}`);
-					break;
-				case "error": {
-					hasError = true;
-					const safeError = redact(event.error);
-					logger.error(`agent error: ${safeError}`);
-					insertLog("error", "spawn", safeError, channelId);
-					await safeAppend({ markdown_text: `\n\nError: ${safeError}` });
-					break;
+					case "completion":
+						completion = event;
+						logger.info(`completion [${event.subtype}]: ${event.tokensIn}in/${event.tokensOut}out, $${event.costUsd.toFixed(4)}, ${event.numTurns} turns`);
+						logMessage(channelId, threadTs, "bot", "out", fullText, event.tokensIn, event.tokensOut);
+						break;
+					case "rate_limit":
+						logger.debug(`rate limit window resets ${(/* @__PURE__ */ new Date(event.resetsAt * 1e3)).toISOString()}`);
+						break;
+					case "error": {
+						hasError = true;
+						const safeError = redact(event.error);
+						logger.error(`agent error: ${safeError}`);
+						insertLog("error", "spawn", safeError, channelId);
+						await safeAppend({ markdown_text: `\n\nError: ${safeError}` });
+						break;
+					}
+					case "timeout":
+						timedOut = true;
+						timedOutMs = event.timeoutMs;
+						logger.warn(`session timed out after ${event.timeoutMs}ms`);
+						break;
 				}
-				case "timeout":
-					timedOut = true;
-					timedOutMs = event.timeoutMs;
-					logger.warn(`session timed out after ${event.timeoutMs}ms`);
-					break;
 			}
-		}
-		clearInterval(statusTimer);
-		client.setStatus?.(channelId, threadTs, "").catch(() => {});
-		if (activeTasks.size > 0) {
-			const staleChunks = [];
-			for (const [id, toolName] of activeTasks) staleChunks.push({
-				type: "task_update",
-				id,
-				title: toolTaskTitle(toolName),
-				status: "error"
-			});
-			await safeAppend({ chunks: staleChunks });
-			activeTasks.clear();
-		}
-		if (toolCount > 0 && (hasError || activeTasks.size > 0)) await safeAppend({ chunks: [{
-			type: "plan_update",
-			title: hasError ? "Finished with errors" : `Interrupted (${toolCount} ${toolCount === 1 ? "step" : "steps"})`
-		}] });
-		if (timedOut) {
-			await safeStop({});
-			const blocks = sessionTimeoutBlocks(timedOutMs, { sessionUid });
-			await client.postMessage(channelId, threadTs, `Session timed out after ${Math.round(timedOutMs / 6e4)} minutes.`, { blocks });
-		} else if (completion) await safeStop({ blocks: completionFooterBlocks(completion, hasError, meta.birdName, userId) });
-		else {
-			if (!fullText) await safeAppend({ markdown_text: "_Stopped._" });
-			await safeStop({});
+			if (activeTasks.size > 0) {
+				const staleChunks = [];
+				for (const [id, toolName] of activeTasks) staleChunks.push({
+					type: "task_update",
+					id,
+					title: toolTaskTitle(toolName),
+					status: "error"
+				});
+				await safeAppend({ chunks: staleChunks });
+				activeTasks.clear();
+			}
+			if (toolCount > 0 && (hasError || activeTasks.size > 0)) await safeAppend({ chunks: [{
+				type: "plan_update",
+				title: hasError ? "Finished with errors" : `Interrupted (${toolCount} ${toolCount === 1 ? "step" : "steps"})`
+			}] });
+			if (timedOut) {
+				await safeStop({});
+				const blocks = sessionTimeoutBlocks(timedOutMs, { sessionUid });
+				await client.postMessage(channelId, threadTs, `Session timed out after ${Math.round(timedOutMs / 6e4)} minutes.`, { blocks });
+			} else if (completion) await safeStop({ blocks: completionFooterBlocks(completion, hasError, meta.birdName, userId) });
+			else {
+				if (!fullText) await safeAppend({ markdown_text: "_Stopped._" });
+				await safeStop({});
+			}
+		} finally {
+			clearInterval(statusTimer);
+			client.setStatus?.(channelId, threadTs, "").catch(() => {});
 		}
 	}
 	async function uploadImages(images, channelId, threadTs) {
@@ -4293,13 +4731,18 @@ function createHandler(client, getConfig, signal, getTeamId, getChannelNameToId)
 			broadcastSSE("invalidate", { resource: "sessions" });
 			const prompt = formatPrompt(messages);
 			const userId = messages[messages.length - 1].userId;
+			const extraEnv = resolveExtraEnv([{
+				type: "channel",
+				id: channelId
+			}]);
 			const { events, kill } = spawnProvider({
 				message: prompt,
 				sessionId: isNew ? void 0 : session.provider_session_id || void 0,
 				agent,
 				mcpConfigPath: config.browser.mcpConfigPath,
 				timezone: config.timezone,
-				globalTimeoutMs: config.sessions.processTimeoutMs
+				globalTimeoutMs: config.sessions.processTimeoutMs,
+				extraEnv
 			}, signal);
 			lock.killCurrent = kill;
 			client.setStatus?.(channelId, threadTs, "is thinking...").catch(() => {});
@@ -5057,9 +5500,13 @@ async function startDaemon(options) {
 	const configDir = dirname(configPath);
 	const envPath = resolve(configDir, ".env");
 	openDatabase(resolveDbPath(options.flags.db));
+	loadDotEnv(envPath);
+	ensureVaultKey(envPath);
+	migrateUnencryptedKeys();
+	const vaultValues = getAllKeyValues();
+	if (vaultValues.length > 0) addSecrets(vaultValues, VAULT_SECRET_MIN_LENGTH);
 	clearBrowserLock();
 	startWorker(controller.signal);
-	loadDotEnv(envPath);
 	let currentConfig;
 	let slackHandle = null;
 	let schedulerStarted = false;
@@ -5606,6 +6053,288 @@ function handleBirds(argv) {
 	}
 }
 
+//#endregion
+//#region src/cli/keys.ts
+/** @fileoverview Keys command: manage vault keys for agent sessions. */
+const KEYS_HELP = `
+${c("cyan", "usage:")} browserbird keys <subcommand> [options]
+
+manage vault keys (env vars injected into agent sessions).
+
+${c("dim", "subcommands:")}
+
+  ${c("cyan", "list")}                         list all keys
+  ${c("cyan", "add")} <name>                   add a new key (prompts for value)
+  ${c("cyan", "edit")} <name>                  update a key's value or description
+  ${c("cyan", "remove")} <name>                remove a key
+  ${c("cyan", "bind")} <name> <type> <target>  bind a key to a channel or bird
+  ${c("cyan", "unbind")} <name> <type> <target>  unbind a key from a target
+
+${c("dim", "options:")}
+
+  ${c("yellow", "--value")} <secret>     secret value (if omitted, prompts interactively)
+  ${c("yellow", "--description")} <text> description for the key
+  ${c("yellow", "--json")}              output as JSON (with list)
+  ${c("yellow", "--db")} <path>          database file path (env: BROWSERBIRD_DB)
+  ${c("yellow", "-h, --help")}           show this help
+
+${c("dim", "examples:")}
+
+  browserbird keys add GITHUB_TOKEN
+  browserbird keys add GITHUB_TOKEN --value ghp_abc123
+  browserbird keys bind GITHUB_TOKEN channel '*'
+  browserbird keys bind GITHUB_TOKEN bird br_abc1234
+  browserbird keys unbind GITHUB_TOKEN channel '*'
+  browserbird keys remove GITHUB_TOKEN
+`.trim();
+function resolveKey(nameOrUid) {
+	const d = getDb();
+	const byName = d.prepare("SELECT * FROM keys WHERE name = ?").get(nameOrUid.toUpperCase());
+	if (byName) return byName;
+	const byUid = d.prepare("SELECT * FROM keys WHERE uid = ? OR uid LIKE ?").get(nameOrUid, `${nameOrUid}%`);
+	if (byUid) return byUid;
+	logger.error(`key "${nameOrUid}" not found`);
+	process.exitCode = 1;
+}
+function loadBindings(keyUid) {
+	return getDb().prepare("SELECT target_type, target_id FROM key_bindings WHERE key_uid = ?").all(keyUid).map((r) => ({
+		targetType: r.target_type,
+		targetId: r.target_id
+	}));
+}
+function promptSecret(prompt) {
+	return new Promise((resolve) => {
+		process.stderr.write(prompt);
+		const stdin = process.stdin;
+		if (!stdin.isTTY) {
+			let data = "";
+			stdin.setEncoding("utf-8");
+			stdin.on("data", (chunk) => {
+				data += chunk;
+			});
+			stdin.on("end", () => resolve(data.trim()));
+			return;
+		}
+		const wasRaw = stdin.isRaw;
+		stdin.setRawMode(true);
+		stdin.resume();
+		stdin.setEncoding("utf-8");
+		let value = "";
+		const onData = (ch) => {
+			if (ch === "\r" || ch === "\n") {
+				stdin.removeListener("data", onData);
+				stdin.setRawMode(wasRaw ?? false);
+				stdin.pause();
+				process.stderr.write("\n");
+				resolve(value);
+			} else if (ch === "") {
+				stdin.removeListener("data", onData);
+				stdin.setRawMode(wasRaw ?? false);
+				process.stderr.write("\n");
+				process.exit(130);
+			} else if (ch === "" || ch === "\b") value = value.slice(0, -1);
+			else value += ch;
+		};
+		stdin.on("data", onData);
+	});
+}
+function initVaultKey() {
+	const envPath = resolve(dirname(resolve(process.env["BROWSERBIRD_CONFIG"] ?? "browserbird.json")), ".env");
+	loadDotEnv(envPath);
+	ensureVaultKey(envPath);
+}
+async function handleKeys(argv) {
+	const subcommand = argv[0] ?? "list";
+	const { values, positionals } = parseArgs({
+		args: argv.slice(1),
+		options: {
+			value: { type: "string" },
+			description: { type: "string" },
+			json: {
+				type: "boolean",
+				default: false
+			}
+		},
+		allowPositionals: true,
+		strict: false
+	});
+	openDatabase(resolveDbPathFromArgv(argv));
+	initVaultKey();
+	try {
+		switch (subcommand) {
+			case "list": {
+				const result = listKeys(1, 100);
+				if (values.json) {
+					console.log(JSON.stringify(result.items, null, 2));
+					break;
+				}
+				console.log(`keys (${result.totalItems} total):`);
+				if (result.items.length === 0) {
+					console.log("\n  no keys stored");
+					return;
+				}
+				console.log("");
+				printTable([
+					"name",
+					"value",
+					"description",
+					"bindings"
+				], result.items.map((key) => {
+					const bindings = key.bindings.map((b) => `${b.targetType}:${b.targetId}`).join(", ") || "-";
+					return [
+						key.name,
+						key.hint,
+						key.description ?? "-",
+						bindings
+					];
+				}), [
+					void 0,
+					void 0,
+					30,
+					40
+				]);
+				break;
+			}
+			case "add": {
+				const name = positionals[0];
+				if (!name) {
+					logger.error("usage: browserbird keys add <name> [--value <secret>] [--description <text>]");
+					process.exitCode = 1;
+					return;
+				}
+				let secret = values.value;
+				if (!secret) {
+					secret = await promptSecret(`value for ${name.toUpperCase()}: `);
+					if (!secret) {
+						logger.error("value cannot be empty");
+						process.exitCode = 1;
+						return;
+					}
+				}
+				try {
+					const key = createKey(name.toUpperCase(), secret, values.description?.trim());
+					logger.success(`key ${key.name} created`);
+					process.stderr.write(c("dim", `  hint: run 'browserbird keys bind ${key.name} channel *' to bind it`) + "\n");
+				} catch (err) {
+					const msg = err instanceof Error ? err.message : String(err);
+					if (msg.includes("UNIQUE constraint")) logger.error(`a key named "${name.toUpperCase()}" already exists`);
+					else logger.error(msg);
+					process.exitCode = 1;
+				}
+				break;
+			}
+			case "edit": {
+				const nameOrUid = positionals[0];
+				if (!nameOrUid) {
+					logger.error("usage: browserbird keys edit <name> [--value <secret>] [--description <text>]");
+					process.exitCode = 1;
+					return;
+				}
+				const key = resolveKey(nameOrUid);
+				if (!key) return;
+				const fields = {};
+				if (values.value !== void 0) fields.value = values.value;
+				if (values.description !== void 0) fields.description = values.description.trim();
+				if (!fields.value && !("description" in fields)) {
+					const secret = await promptSecret(`new value for ${key.name}: `);
+					if (secret) fields.value = secret;
+				}
+				if (!fields.value && !("description" in fields)) {
+					logger.error("provide --value, --description, or enter a value when prompted");
+					process.exitCode = 1;
+					return;
+				}
+				if (updateKey(key.uid, fields)) logger.success(`key ${key.name} updated`);
+				else {
+					logger.error(`key ${key.name} not found`);
+					process.exitCode = 1;
+				}
+				break;
+			}
+			case "remove": {
+				const nameOrUid = positionals[0];
+				if (!nameOrUid) {
+					logger.error("usage: browserbird keys remove <name>");
+					process.exitCode = 1;
+					return;
+				}
+				const key = resolveKey(nameOrUid);
+				if (!key) return;
+				if (deleteKey(key.uid)) logger.success(`key ${key.name} removed`);
+				else {
+					logger.error(`key ${key.name} not found`);
+					process.exitCode = 1;
+				}
+				break;
+			}
+			case "bind": {
+				const nameOrUid = positionals[0];
+				const targetType = positionals[1];
+				const targetId = positionals[2];
+				if (!nameOrUid || !targetType || !targetId) {
+					logger.error("usage: browserbird keys bind <name> <channel|bird> <target>\n  example: browserbird keys bind GITHUB_TOKEN channel '*'");
+					process.exitCode = 1;
+					return;
+				}
+				if (targetType !== "channel" && targetType !== "bird") {
+					logger.error("target type must be \"channel\" or \"bird\"");
+					process.exitCode = 1;
+					return;
+				}
+				const key = resolveKey(nameOrUid);
+				if (!key) return;
+				const existing = loadBindings(key.uid);
+				if (existing.some((b) => b.targetType === targetType && b.targetId === targetId)) {
+					logger.warn(`key ${key.name} is already bound to ${targetType} ${targetId}`);
+					return;
+				}
+				replaceBindings(key.uid, [...existing, {
+					targetType,
+					targetId
+				}]);
+				logger.success(`key ${key.name} bound to ${targetType} ${targetId}`);
+				break;
+			}
+			case "unbind": {
+				const nameOrUid = positionals[0];
+				const targetType = positionals[1];
+				const targetId = positionals[2];
+				if (!nameOrUid || !targetType || !targetId) {
+					logger.error("usage: browserbird keys unbind <name> <channel|bird> <target>");
+					process.exitCode = 1;
+					return;
+				}
+				if (targetType !== "channel" && targetType !== "bird") {
+					logger.error("target type must be \"channel\" or \"bird\"");
+					process.exitCode = 1;
+					return;
+				}
+				const key = resolveKey(nameOrUid);
+				if (!key) return;
+				const existing = loadBindings(key.uid);
+				const filtered = existing.filter((b) => !(b.targetType === targetType && b.targetId === targetId));
+				if (filtered.length === existing.length) {
+					logger.warn(`key ${key.name} is not bound to ${targetType} ${targetId}`);
+					return;
+				}
+				replaceBindings(key.uid, filtered);
+				logger.success(`key ${key.name} unbound from ${targetType} ${targetId}`);
+				break;
+			}
+			default: unknownSubcommand(subcommand, "keys", [
+				"list",
+				"add",
+				"edit",
+				"remove",
+				"bind",
+				"unbind"
+			]);
+		}
+	} finally {
+		closeDatabase();
+	}
+}
+
 //#endregion
 //#region src/cli/logs.ts
 /** @fileoverview Logs command: show recent log entries from the database. */
@@ -5917,6 +6646,7 @@ ${c("dim", "commands:")}
 
   ${c("cyan", "sessions")}    manage sessions
   ${c("cyan", "birds")}       manage scheduled birds
+  ${c("cyan", "keys")}        manage vault keys
   ${c("cyan", "config")}      view configuration
   ${c("cyan", "logs")}        show recent log entries
   ${c("cyan", "jobs")}        inspect and manage the job queue
@@ -5934,6 +6664,7 @@ run 'browserbird <command> --help' for command-specific options.`.trimEnd();
 const COMMAND_HELP = {
 	sessions: SESSIONS_HELP,
 	birds: BIRDS_HELP,
+	keys: KEYS_HELP,
 	config: CONFIG_HELP,
 	logs: LOGS_HELP,
 	jobs: JOBS_HELP,
@@ -5974,6 +6705,13 @@ async function run(argv) {
 			}
 			handleBirds(rest);
 			break;
+		case COMMANDS.KEYS:
+			if (isHelp) {
+				console.log(COMMAND_HELP.keys);
+				return;
+			}
+			await handleKeys(rest);
+			break;
 		case COMMANDS.CONFIG:
 			if (isHelp) {
 				console.log(COMMAND_HELP.config);
@@ -6001,6 +6739,7 @@ async function run(argv) {
 		default: unknownSubcommand(command, "", [
 			"sessions",
 			"birds",
+			"keys",
 			"config",
 			"logs",
 			"jobs",