@principle2026/vault 1.1.7 → 1.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +369 -106
- package/SKILL.md +4 -8
- package/dist/tools.d.ts.map +1 -1
- package/dist/tools.js +70 -21
- package/dist/tools.js.map +1 -1
- package/package.json +2 -3
package/README.md
CHANGED
|
@@ -1,185 +1,448 @@
|
|
|
1
|
-
# Vault
|
|
1
|
+
# 🔐 Vault
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
**[English](#english) | [中文](#中文)**
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
---
|
|
6
|
+
|
|
7
|
+
<a id="english"></a>
|
|
8
|
+
|
|
9
|
+
# Vault — AI-Native Secret Management for Claude Code
|
|
10
|
+
|
|
11
|
+
> **Coding with AI but still copy-pasting API keys by hand?**
|
|
12
|
+
>
|
|
13
|
+
> Vault lets you manage all your secrets with natural language. Just say "remember my OpenAI key" — that's it.
|
|
14
|
+
|
|
15
|
+
---
|
|
16
|
+
|
|
17
|
+
## The Problem
|
|
18
|
+
|
|
19
|
+
If you use Claude Code, you've hit these walls:
|
|
6
20
|
|
|
7
|
-
-
|
|
8
|
-
-
|
|
9
|
-
-
|
|
10
|
-
-
|
|
11
|
-
- ⚡ **零配置** — 安装后立即可用
|
|
21
|
+
- 🔑 Need an API key mid-deploy — scramble through notes to find it
|
|
22
|
+
- 🤦 Accidentally commit a secret to git — panic mode
|
|
23
|
+
- 💻 Switch to a new Mac — reconfigure every single key from scratch
|
|
24
|
+
- 📋 `.env` files scattered across dozens of projects — unmanageable
|
|
12
25
|
|
|
13
|
-
|
|
26
|
+
**Vault turns AI into your secret keeper — encrypted, synced, zero friction.**
|
|
14
27
|
|
|
15
28
|
---
|
|
16
29
|
|
|
17
|
-
##
|
|
30
|
+
## Why Vault
|
|
18
31
|
|
|
19
|
-
|
|
32
|
+
| | Vault | .env files | 1Password CLI | System Keychain |
|
|
33
|
+
|---|---|---|---|---|
|
|
34
|
+
| AI-native conversational UI | ✅ | ❌ | ❌ | ❌ |
|
|
35
|
+
| End-to-end encryption (AES-256-GCM) | ✅ | ❌ | ✅ | ✅ |
|
|
36
|
+
| iCloud auto-sync | ✅ | ❌ | Paid | ❌ |
|
|
37
|
+
| Deep Claude Code integration | ✅ | ❌ | ❌ | ❌ |
|
|
38
|
+
| Fully open-source | ✅ | — | ❌ | ❌ |
|
|
39
|
+
| Zero-config setup | ✅ | ✅ | ❌ | ❌ |
|
|
40
|
+
|
|
41
|
+
---
|
|
42
|
+
|
|
43
|
+
## Get Started in 30 Seconds
|
|
20
44
|
|
|
21
45
|
```bash
|
|
22
46
|
npm install -g @principle2026/vault
|
|
23
47
|
vault init
|
|
24
48
|
```
|
|
25
49
|
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
50
|
+
The installer handles everything: CLI setup → Claude Code skill linking → first-time passphrase.
|
|
51
|
+
|
|
52
|
+
**Then just talk to Claude Code:**
|
|
53
|
+
|
|
54
|
+
```
|
|
55
|
+
You: Remember my OpenAI key is sk-abc123
|
|
56
|
+
AI: ✅ Securely saved: openai_key
|
|
57
|
+
|
|
58
|
+
You: Create a GitHub repo using my saved token
|
|
59
|
+
AI: Reading your saved token... → Repo created ✅
|
|
30
60
|
|
|
31
|
-
|
|
61
|
+
You: What secrets do I have?
|
|
62
|
+
AI: 📋 openai_key · github_token · aws_secret
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
**No config files. No CLI flags. Just plain English.**
|
|
66
|
+
|
|
67
|
+
---
|
|
68
|
+
|
|
69
|
+
## Key Features
|
|
70
|
+
|
|
71
|
+
### 🗣️ Conversational — Talk, Don't Type Commands
|
|
72
|
+
|
|
73
|
+
No commands to memorize. AI automatically detects sensitive info and routes it through Vault:
|
|
74
|
+
|
|
75
|
+
- `"My password is 123456"` → auto-saved
|
|
76
|
+
- `"Remember my sk-xxx"` → recognized as API key, saved
|
|
77
|
+
- `"Deploy with my AWS credentials"` → auto-retrieved and used
|
|
78
|
+
|
|
79
|
+
### 🔐 Military-Grade Encryption — Your Keys, Only Yours
|
|
80
|
+
|
|
81
|
+
- **AES-256-GCM** encryption (the same standard used for classified government communications)
|
|
82
|
+
- **PBKDF2** key derivation with 100,000 iterations — brute force is not an option
|
|
83
|
+
- Passphrase never touches disk, never uploaded, never shared. **Forget it = data gone forever** (that's a feature, not a bug)
|
|
84
|
+
|
|
85
|
+
### ☁️ iCloud Sync — Switch Devices Seamlessly
|
|
86
|
+
|
|
87
|
+
Encrypted data syncs automatically via iCloud. On a new device:
|
|
32
88
|
|
|
33
89
|
```bash
|
|
34
|
-
# 1. 安装 npm 包
|
|
35
90
|
npm install -g @principle2026/vault
|
|
91
|
+
vault init # Same passphrase → all secrets instantly available
|
|
92
|
+
```
|
|
36
93
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
94
|
+
| What | Where | Sync |
|
|
95
|
+
|---|---|---|
|
|
96
|
+
| Encrypted secret data | iCloud `~/.vault-data/` | ✅ Automatic |
|
|
97
|
+
| CLI + skill link | Local `~/.claude/skills/vault` | Install per device |
|
|
40
98
|
|
|
41
|
-
|
|
42
|
-
ln -s $(npm root -g)/@principle2026/vault ~/.claude/skills/vault
|
|
99
|
+
### 🔓 Fully Open-Source — Trust Code, Not Promises
|
|
43
100
|
|
|
44
|
-
|
|
45
|
-
vault init
|
|
46
|
-
```
|
|
101
|
+
Every line of encryption logic is auditable. Don't take our word for it: [view the source →](https://github.com/xiaolin26/vault/tree/main/src)
|
|
47
102
|
|
|
48
103
|
---
|
|
49
104
|
|
|
50
|
-
##
|
|
105
|
+
## How AI Decides When to Use Vault
|
|
51
106
|
|
|
52
|
-
|
|
107
|
+
Vault runs as a Claude Code Skill. AI automatically determines when to invoke it based on context:
|
|
53
108
|
|
|
54
|
-
|
|
109
|
+
| What you say | What AI does |
|
|
110
|
+
|---|---|
|
|
111
|
+
| "My password is...", "key is...", "token is..." | 🔒 Encrypt & save via Vault |
|
|
112
|
+
| "Use my xxx key", "the token I saved earlier" | 🔓 Retrieve from Vault & use |
|
|
113
|
+
| "What secrets do I have?", "List my keys" | 📋 List all saved entries |
|
|
114
|
+
| "Delete xxx" | 🗑️ Remove from Vault |
|
|
55
115
|
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
你:mypassword
|
|
60
|
-
AI:✅ 已保存:openai_key
|
|
61
|
-
```
|
|
116
|
+
**⚠️ Critical design: When AI detects passwords / API keys / sensitive data, it automatically routes through Vault — never saved to CLAUDE.md or any plaintext file.**
|
|
117
|
+
|
|
118
|
+
---
|
|
62
119
|
|
|
120
|
+
## CLI Reference
|
|
121
|
+
|
|
122
|
+
Beyond conversational use, you can also operate directly from the terminal:
|
|
123
|
+
|
|
124
|
+
```bash
|
|
125
|
+
vault status # Check Vault status
|
|
126
|
+
vault set <key> # Interactively save a secret
|
|
127
|
+
vault get <key> # Retrieve a secret
|
|
128
|
+
vault list # List all secrets
|
|
129
|
+
vault delete <key> # Delete a secret
|
|
130
|
+
vault reset # Reset (delete all data)
|
|
63
131
|
```
|
|
64
|
-
|
|
65
|
-
|
|
66
|
-
|
|
132
|
+
|
|
133
|
+
For scripts / CI:
|
|
134
|
+
|
|
135
|
+
```bash
|
|
136
|
+
VAULT_PASSPHRASE="yourpassword" vault set mykey "myvalue"
|
|
137
|
+
VAULT_PASSPHRASE="yourpassword" vault get mykey
|
|
67
138
|
```
|
|
68
139
|
|
|
69
|
-
|
|
140
|
+
---
|
|
141
|
+
|
|
142
|
+
## Security Architecture
|
|
70
143
|
|
|
71
144
|
```
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
145
|
+
┌─────────────────────────────────────────────────┐
|
|
146
|
+
│ Your Passphrase │
|
|
147
|
+
│ (exists only in your head) │
|
|
148
|
+
└────────────────────┬────────────────────────────┘
|
|
149
|
+
│ PBKDF2 (100K iterations)
|
|
150
|
+
▼
|
|
151
|
+
┌─────────────┐
|
|
152
|
+
│ Master Key │ ← Same passphrase = same key
|
|
153
|
+
└──────┬──────┘ (multi-device support)
|
|
154
|
+
│ AES-256-GCM
|
|
155
|
+
▼
|
|
156
|
+
┌───────────────────────┐
|
|
157
|
+
│ Encrypted Secrets │
|
|
158
|
+
│ ~/.vault-data/ │
|
|
159
|
+
└───────────┬───────────┘
|
|
160
|
+
│ iCloud Sync
|
|
161
|
+
▼
|
|
162
|
+
┌─────────────────┐
|
|
163
|
+
│ All Your Macs │
|
|
164
|
+
│ Instant Access │
|
|
165
|
+
└─────────────────┘
|
|
76
166
|
```
|
|
77
167
|
|
|
168
|
+
**Design principles:**
|
|
169
|
+
- Passphrase is never stored or transmitted — key is derived in real-time from your input
|
|
170
|
+
- Even if iCloud is compromised, data is unreadable without the passphrase
|
|
171
|
+
- Even if code is tampered with, the encryption algorithm itself guarantees security (AES-256-GCM is industry standard)
|
|
172
|
+
|
|
173
|
+
---
|
|
174
|
+
|
|
175
|
+
## Manual Installation (Optional)
|
|
176
|
+
|
|
177
|
+
For more granular control over the installation process:
|
|
178
|
+
|
|
179
|
+
```bash
|
|
180
|
+
# 1. Install the npm package
|
|
181
|
+
npm install -g @principle2026/vault
|
|
182
|
+
|
|
183
|
+
# 2. Create Claude Code skill link
|
|
184
|
+
ln -s $(npm root -g)/@principle2026/vault ~/.claude/skills/vault
|
|
185
|
+
|
|
186
|
+
# 3. Initialize
|
|
187
|
+
vault init
|
|
78
188
|
```
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
189
|
+
|
|
190
|
+
---
|
|
191
|
+
|
|
192
|
+
## FAQ
|
|
193
|
+
|
|
194
|
+
**Q: What if I forget my passphrase?**
|
|
195
|
+
A: Unrecoverable. By design — no backdoor means nobody can bypass encryption, including the developer.
|
|
196
|
+
|
|
197
|
+
**Q: Does it work on Windows / Linux?**
|
|
198
|
+
A: CLI and encryption work on all platforms. iCloud sync is macOS only; other platforms store data locally at `~/.vault-data/`.
|
|
199
|
+
|
|
200
|
+
**Q: How is this different from `.env` files?**
|
|
201
|
+
A: `.env` files are plaintext and easily committed to git by mistake. Vault encrypts everything, and AI manages it automatically — no files to maintain.
|
|
202
|
+
|
|
203
|
+
**Q: Is the passphrase safe? Can AI see it?**
|
|
204
|
+
A: The passphrase is passed to the CLI via environment variable. It's never written to any file or log. AI uses it transiently and does not persist it in conversation history.
|
|
205
|
+
|
|
206
|
+
---
|
|
207
|
+
|
|
208
|
+
## Links
|
|
209
|
+
|
|
210
|
+
- 📦 npm: [@principle2026/vault](https://www.npmjs.com/package/@principle2026/vault)
|
|
211
|
+
- 💻 GitHub: [xiaolin26/vault](https://github.com/xiaolin26/vault)
|
|
212
|
+
|
|
213
|
+
---
|
|
214
|
+
|
|
215
|
+
## License
|
|
216
|
+
|
|
217
|
+
MIT — Use freely, modify freely, distribute freely.
|
|
218
|
+
|
|
219
|
+
---
|
|
220
|
+
|
|
221
|
+
<p align="center">
|
|
222
|
+
<b>In the age of AI-powered coding, secret management should be AI-powered too.</b><br>
|
|
223
|
+
<sub>Built with ❤️ for the Claude Code community</sub>
|
|
224
|
+
</p>
|
|
225
|
+
|
|
226
|
+
---
|
|
227
|
+
---
|
|
228
|
+
|
|
229
|
+
<a id="中文"></a>
|
|
230
|
+
|
|
231
|
+
# Vault — AI 时代的密码管理,专为 Claude Code 而生
|
|
232
|
+
|
|
233
|
+
**[English](#english) | [中文](#中文)**
|
|
234
|
+
|
|
235
|
+
> **用 AI 编程,却还在手动复制粘贴 API Key?**
|
|
236
|
+
>
|
|
237
|
+
> Vault 让你用自然语言管理所有密钥。说一句"记住我的 OpenAI 密钥",就够了。
|
|
238
|
+
|
|
239
|
+
---
|
|
240
|
+
|
|
241
|
+
## 痛点
|
|
242
|
+
|
|
243
|
+
用 Claude Code 开发时,你一定遇到过这些场景:
|
|
244
|
+
|
|
245
|
+
- 🔑 部署项目需要 API Key,翻遍笔记才找到
|
|
246
|
+
- 🤦 密钥写进代码被 git 提交,慌得一批
|
|
247
|
+
- 💻 换了台电脑,所有密钥都要重新配置
|
|
248
|
+
- 📋 `.env` 文件散落在几十个项目里,根本管不过来
|
|
249
|
+
|
|
250
|
+
**Vault 解决的核心问题:让 AI 成为你的密钥管家,安全、同步、零摩擦。**
|
|
251
|
+
|
|
252
|
+
---
|
|
253
|
+
|
|
254
|
+
## 为什么选 Vault
|
|
255
|
+
|
|
256
|
+
| | Vault | .env 文件 | 1Password CLI | 系统 Keychain |
|
|
257
|
+
|---|---|---|---|---|
|
|
258
|
+
| AI 原生对话式操作 | ✅ | ❌ | ❌ | ❌ |
|
|
259
|
+
| 端到端加密 (AES-256-GCM) | ✅ | ❌ | ✅ | ✅ |
|
|
260
|
+
| iCloud 自动同步 | ✅ | ❌ | 需订阅 | ❌ |
|
|
261
|
+
| Claude Code 深度集成 | ✅ | ❌ | ❌ | ❌ |
|
|
262
|
+
| 完全开源 | ✅ | — | ❌ | ❌ |
|
|
263
|
+
| 零配置上手 | ✅ | ✅ | ❌ | ❌ |
|
|
264
|
+
|
|
265
|
+
---
|
|
266
|
+
|
|
267
|
+
## 30 秒上手
|
|
268
|
+
|
|
269
|
+
```bash
|
|
270
|
+
npm install -g @principle2026/vault
|
|
271
|
+
vault init
|
|
82
272
|
```
|
|
83
273
|
|
|
84
|
-
|
|
274
|
+
安装脚本自动完成:CLI 安装 → Claude Code 技能链接 → 首次密码设置。
|
|
275
|
+
|
|
276
|
+
**然后,直接跟 Claude Code 说话就行:**
|
|
85
277
|
|
|
86
278
|
```
|
|
279
|
+
你:记住我的 OpenAI 密钥是 sk-abc123
|
|
280
|
+
AI:✅ 已安全保存:openai_key
|
|
281
|
+
|
|
282
|
+
你:用我的 GitHub token 创建一个 repo
|
|
283
|
+
AI:好的,正在读取你保存的 token...→ 仓库已创建 ✅
|
|
284
|
+
|
|
87
285
|
你:我保存了哪些密钥?
|
|
88
|
-
AI
|
|
89
|
-
📋 已保存的密钥:
|
|
90
|
-
- openai_key - OpenAI API Key
|
|
91
|
-
- github_token - GitHub Token
|
|
286
|
+
AI:📋 openai_key · github_token · aws_secret
|
|
92
287
|
```
|
|
93
288
|
|
|
94
|
-
|
|
289
|
+
**就这么简单。没有配置文件,没有命令行参数,说人话就行。**
|
|
95
290
|
|
|
96
|
-
|
|
97
|
-
- "密码是...", "记住密码", "保存密码"
|
|
98
|
-
- "API key", "token", "密钥", "令牌"
|
|
99
|
-
- "sk-xxx", "ghp_xxx" (凭证格式)
|
|
100
|
-
- "保存到 vault"
|
|
291
|
+
---
|
|
101
292
|
|
|
102
|
-
|
|
103
|
-
|------|------|
|
|
104
|
-
| "密码是 123456" | 用 Vault 保存 |
|
|
105
|
-
| "记住我的 OpenAI key" | 用 Vault 保存 |
|
|
106
|
-
| "我的密码是什么?" | 从 Vault 获取 |
|
|
107
|
-
| "有哪些密钥?" | 列出所有密钥 |
|
|
108
|
-
| "删除 xxx" | 删除密钥 |
|
|
293
|
+
## 核心特性
|
|
109
294
|
|
|
110
|
-
|
|
295
|
+
### 🗣️ 对话式操作 — 说人话,存密码
|
|
296
|
+
|
|
297
|
+
不需要记命令。AI 自动识别你话里的敏感信息,主动使用 Vault 保存:
|
|
111
298
|
|
|
112
|
-
|
|
299
|
+
- `"密码是 123456"` → 自动保存
|
|
300
|
+
- `"记住我的 sk-xxx"` → 自动识别为 API Key 并保存
|
|
301
|
+
- `"帮我部署,用之前的 AWS 密钥"` → 自动读取并使用
|
|
113
302
|
|
|
114
|
-
|
|
303
|
+
### 🔐 军事级加密 — 你的密钥只有你能解
|
|
304
|
+
|
|
305
|
+
- **AES-256-GCM** 加密(同级别用于政府机密通信)
|
|
306
|
+
- **PBKDF2** 密钥派生,100,000 次迭代,暴力破解?想都别想
|
|
307
|
+
- 密码不落盘,不上传,不共享。**忘记密码 = 数据不可恢复**(这是 feature,不是 bug)
|
|
308
|
+
|
|
309
|
+
### ☁️ iCloud 同步 — 换电脑无感衔接
|
|
310
|
+
|
|
311
|
+
加密后的数据通过 iCloud 自动同步。新设备只需:
|
|
115
312
|
|
|
116
313
|
```bash
|
|
117
|
-
# 1. 安装 Vault
|
|
118
314
|
npm install -g @principle2026/vault
|
|
119
|
-
|
|
120
|
-
# 2. 初始化(使用相同的密码)
|
|
121
|
-
vault init
|
|
315
|
+
vault init # 输入相同密码,所有密钥立即可用
|
|
122
316
|
```
|
|
123
317
|
|
|
124
|
-
| 内容 |
|
|
125
|
-
|
|
126
|
-
|
|
|
127
|
-
|
|
|
318
|
+
| 内容 | 存储位置 | 同步 |
|
|
319
|
+
|---|---|---|
|
|
320
|
+
| 加密密钥数据 | iCloud `~/.vault-data/` | ✅ 自动 |
|
|
321
|
+
| CLI + 技能链接 | 本地 `~/.claude/skills/vault` | 每台设备各自安装 |
|
|
322
|
+
|
|
323
|
+
### 🔓 完全开源 — 信任不靠承诺,靠代码
|
|
128
324
|
|
|
129
|
-
|
|
325
|
+
每一行加密逻辑都可审计。不信?自己看:[源代码 →](https://github.com/xiaolin26/vault/tree/main/src)
|
|
130
326
|
|
|
131
327
|
---
|
|
132
328
|
|
|
133
|
-
##
|
|
329
|
+
## AI 自动识别规则
|
|
134
330
|
|
|
135
|
-
|
|
136
|
-
# 查看状态
|
|
137
|
-
vault status
|
|
331
|
+
Vault 作为 Claude Code 的技能(Skill)运行,AI 会根据上下文自动判断何时使用:
|
|
138
332
|
|
|
139
|
-
|
|
140
|
-
|
|
141
|
-
|
|
333
|
+
| 你说的话 | AI 的行为 |
|
|
334
|
+
|---|---|
|
|
335
|
+
| "密码是..."、"key 是..."、"token 是..." | 🔒 用 Vault 加密保存 |
|
|
336
|
+
| "用我的 xxx 密钥"、"之前保存的 token" | 🔓 从 Vault 读取并使用 |
|
|
337
|
+
| "有哪些密钥?"、"列出我的密码" | 📋 列出所有已保存项 |
|
|
338
|
+
| "删除 xxx" | 🗑️ 从 Vault 移除 |
|
|
142
339
|
|
|
143
|
-
|
|
144
|
-
vault get <key>
|
|
340
|
+
**⚠️ 关键设计:当 AI 检测到密码 / API Key 等敏感信息时,会自动走 Vault 通道,绝不会保存到 CLAUDE.md 或其他明文文件。**
|
|
145
341
|
|
|
146
|
-
|
|
147
|
-
vault list
|
|
342
|
+
---
|
|
148
343
|
|
|
149
|
-
|
|
150
|
-
vault delete <key>
|
|
344
|
+
## CLI 命令参考
|
|
151
345
|
|
|
152
|
-
|
|
153
|
-
vault reset
|
|
154
|
-
```
|
|
346
|
+
除了对话式使用,你也可以直接在终端操作:
|
|
155
347
|
|
|
156
|
-
|
|
348
|
+
```bash
|
|
349
|
+
vault status # 查看 Vault 状态
|
|
350
|
+
vault set <key> # 交互式保存密钥
|
|
351
|
+
vault get <key> # 获取密钥
|
|
352
|
+
vault list # 列出所有密钥
|
|
353
|
+
vault delete <key> # 删除密钥
|
|
354
|
+
vault reset # 重置(删除所有数据)
|
|
355
|
+
```
|
|
157
356
|
|
|
158
|
-
|
|
159
|
-
|------|------|
|
|
160
|
-
| `VAULT_PASSPHRASE` | Vault 密码(跳过交互式输入) |
|
|
357
|
+
脚本 / CI 中使用:
|
|
161
358
|
|
|
162
359
|
```bash
|
|
163
|
-
# 非交互式使用(脚本/AI 调用)
|
|
164
360
|
VAULT_PASSPHRASE="yourpassword" vault set mykey "myvalue"
|
|
165
361
|
VAULT_PASSPHRASE="yourpassword" vault get mykey
|
|
166
362
|
```
|
|
167
363
|
|
|
168
364
|
---
|
|
169
365
|
|
|
170
|
-
##
|
|
366
|
+
## 安全架构
|
|
367
|
+
|
|
368
|
+
```
|
|
369
|
+
┌─────────────────────────────────────────────────┐
|
|
370
|
+
│ 你的密码 │
|
|
371
|
+
│ (只存在你脑中) │
|
|
372
|
+
└────────────────────┬────────────────────────────┘
|
|
373
|
+
│ PBKDF2 (100K iterations)
|
|
374
|
+
▼
|
|
375
|
+
┌─────────────┐
|
|
376
|
+
│ 主密钥 │ ← 相同密码 = 相同密钥
|
|
377
|
+
└──────┬──────┘ (支持多设备)
|
|
378
|
+
│ AES-256-GCM
|
|
379
|
+
▼
|
|
380
|
+
┌───────────────────────┐
|
|
381
|
+
│ 加密后的密钥数据 │
|
|
382
|
+
│ ~/.vault-data/ │
|
|
383
|
+
└───────────┬───────────┘
|
|
384
|
+
│ iCloud 同步
|
|
385
|
+
▼
|
|
386
|
+
┌─────────────────┐
|
|
387
|
+
│ 所有 Mac 设备 │
|
|
388
|
+
│ 即时同步可用 │
|
|
389
|
+
└─────────────────┘
|
|
390
|
+
```
|
|
391
|
+
|
|
392
|
+
**设计原则:**
|
|
393
|
+
- 密码不存储、不传输 — 每次使用时从你的输入实时派生密钥
|
|
394
|
+
- 即使 iCloud 被入侵,没有密码也无法解密
|
|
395
|
+
- 即使代码被恶意修改,加密算法本身保证安全(AES-256-GCM 是行业标准)
|
|
396
|
+
|
|
397
|
+
---
|
|
398
|
+
|
|
399
|
+
## 手动安装(可选)
|
|
400
|
+
|
|
401
|
+
如果你想更精细地控制安装过程:
|
|
402
|
+
|
|
403
|
+
```bash
|
|
404
|
+
# 1. 安装 npm 包
|
|
405
|
+
npm install -g @principle2026/vault
|
|
406
|
+
|
|
407
|
+
# 2. 创建 Claude Code 技能链接
|
|
408
|
+
ln -s $(npm root -g)/@principle2026/vault ~/.claude/skills/vault
|
|
409
|
+
|
|
410
|
+
# 3. 初始化
|
|
411
|
+
vault init
|
|
412
|
+
```
|
|
413
|
+
|
|
414
|
+
---
|
|
415
|
+
|
|
416
|
+
## 常见问题
|
|
171
417
|
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
- **主密钥**: 从 Vault 密码派生(相同密码 = 相同密钥)
|
|
175
|
-
- **存储位置**: iCloud(macOS)或本地 `~/.vault-data/`
|
|
176
|
-
- **多设备同步**: 通过 iCloud 自动同步,所有设备使用相同密码即可访问
|
|
418
|
+
**Q: 忘记密码怎么办?**
|
|
419
|
+
A: 无法恢复。这是刻意的安全设计 — 没有后门意味着没有人能绕过加密,包括开发者。
|
|
177
420
|
|
|
178
|
-
|
|
421
|
+
**Q: 支持 Windows / Linux 吗?**
|
|
422
|
+
A: CLI 和加密功能全平台可用。iCloud 同步仅限 macOS,其他平台数据存储在本地 `~/.vault-data/`。
|
|
423
|
+
|
|
424
|
+
**Q: 和 `.env` 文件有什么区别?**
|
|
425
|
+
A: `.env` 是明文存储,容易被误提交到 git。Vault 全程加密,且 AI 会自动管理,你不需要手动维护任何文件。
|
|
426
|
+
|
|
427
|
+
**Q: 密码安全吗?会被 AI 看到吗?**
|
|
428
|
+
A: 密码通过环境变量传递给 CLI,不会被写入任何文件或日志。AI 用完即丢,不会记录到对话历史中。
|
|
179
429
|
|
|
180
430
|
---
|
|
181
431
|
|
|
182
|
-
##
|
|
432
|
+
## 链接
|
|
433
|
+
|
|
434
|
+
- 📦 npm: [@principle2026/vault](https://www.npmjs.com/package/@principle2026/vault)
|
|
435
|
+
- 💻 GitHub: [xiaolin26/vault](https://github.com/xiaolin26/vault)
|
|
436
|
+
|
|
437
|
+
---
|
|
438
|
+
|
|
439
|
+
## License
|
|
440
|
+
|
|
441
|
+
MIT — 自由使用,自由修改,自由分发。
|
|
442
|
+
|
|
443
|
+
---
|
|
183
444
|
|
|
184
|
-
|
|
185
|
-
|
|
445
|
+
<p align="center">
|
|
446
|
+
<b>用 AI 写代码的时代,密码管理也该 AI 化了。</b><br>
|
|
447
|
+
<sub>Built with ❤️ for the Claude Code community</sub>
|
|
448
|
+
</p>
|
package/SKILL.md
CHANGED
|
@@ -97,28 +97,24 @@ Shows all saved secret names (without values).
|
|
|
97
97
|
|
|
98
98
|
- Passphrase must be at least 8 characters
|
|
99
99
|
- Secrets are encrypted using AES-256-GCM
|
|
100
|
+
- Master key is derived from passphrase (same password = same key on all devices)
|
|
100
101
|
- Encrypted data is stored in iCloud (if available) or locally
|
|
101
102
|
- Use VAULT_PASSPHRASE env var to avoid interactive prompts in AI mode
|
|
102
|
-
|
|
103
|
-
- Passphrase must be at least 8 characters
|
|
104
|
-
- Secrets are encrypted using AES-256-GCM
|
|
105
|
-
- Encrypted data is stored in iCloud (if available) or locally
|
|
106
|
-
- Master key is stored in system keychain
|
|
103
|
+
- ⚠️ Forgetting passphrase means data cannot be recovered
|
|
107
104
|
|
|
108
105
|
## Error Handling
|
|
109
106
|
|
|
110
107
|
| Error | Cause | Solution |
|
|
111
108
|
|-------|-------|----------|
|
|
112
|
-
| `Vault is not initialized` | First time use | Run `vault init
|
|
109
|
+
| `Vault is not initialized` | First time use | Run `vault init` |
|
|
113
110
|
| `Passphrase incorrect` | Wrong password | Re-enter correct passphrase |
|
|
114
111
|
| `Secret "xxx" not found` | Secret not found | Check name or use `vault list` |
|
|
115
112
|
| `Key name cannot be empty` | Validation failed | Provide valid key name |
|
|
116
113
|
|
|
117
114
|
## Storage Locations
|
|
118
115
|
|
|
119
|
-
- **iCloud**: `~/Library/Mobile Documents/com~apple~CloudDocs/.vault-data/`
|
|
116
|
+
- **iCloud (macOS)**: `~/Library/Mobile Documents/com~apple~CloudDocs/.vault-data/`
|
|
120
117
|
- **Local fallback**: `~/.vault-data/`
|
|
121
|
-
- **Keychain**: service=`vault-skill`, account=`master-key`
|
|
122
118
|
|
|
123
119
|
## Example Conversations
|
|
124
120
|
|
package/dist/tools.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;
|
|
1
|
+
{"version":3,"file":"tools.d.ts","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAqCH,qBAAa,wBAAyB,SAAQ,KAAK;;CAKlD;AAED,qBAAa,mBAAoB,SAAQ,KAAK;gBAChC,GAAG,EAAE,MAAM;CAIxB;AAoED,MAAM,WAAW,WAAW;IAC1B,MAAM,EAAE,MAAM,CAAA;IACd,UAAU,EAAE,MAAM,CAAA;CACnB;AAED;;GAEG;AACH,wBAAsB,SAAS,CAC7B,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAC;IAAC,WAAW,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CA0DtE;AAED;;GAEG;AACH,wBAAsB,SAAS,CAC7B,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,MAAM,CAAC,CAoBjB;AAED;;GAEG;AACH,wBAAsB,SAAS,CAC7B,GAAG,EAAE,MAAM,EACX,KAAK,EAAE,MAAM,EACb,UAAU,EAAE,MAAM,EAClB,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CAiDhD;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC,KAAK,CAAC;IAAE,GAAG,EAAE,MAAM,CAAC;IAAC,WAAW,EAAE,MAAM,CAAA;CAAE,CAAC,CAAC,CAiBtD;AAED;;GAEG;AACH,wBAAsB,YAAY,CAChC,GAAG,EAAE,MAAM,EACX,UAAU,EAAE,MAAM,GACjB,OAAO,CAAC;IAAE,OAAO,EAAE,OAAO,CAAC;IAAC,OAAO,EAAE,MAAM,CAAA;CAAE,CAAC,CA8BhD;AAED;;GAEG;AACH,wBAAsB,cAAc,IAAI,OAAO,CAAC;IAC9C,WAAW,EAAE,OAAO,CAAA;IACpB,WAAW,EAAE,QAAQ,GAAG,OAAO,GAAG,SAAS,CAAA;IAC3C,MAAM,CAAC,EAAE,MAAM,CAAA;IACf,WAAW,EAAE,MAAM,CAAA;IACnB,YAAY,EAAE,OAAO,CAAA;CACtB,CAAC,CAmBD;AAED;;GAEG;AACH,wBAAsB,UAAU,IAAI,OAAO,CAAC;IAC1C,OAAO,EAAE,OAAO,CAAA;IAChB,OAAO,EAAE,MAAM,CAAA;CAChB,CAAC,CA2CD"}
|
package/dist/tools.js
CHANGED
|
@@ -8,7 +8,7 @@
|
|
|
8
8
|
* - Same passphrase = same master key on all devices
|
|
9
9
|
* - No keychain dependency for the master key
|
|
10
10
|
*/
|
|
11
|
-
import { decrypt, deriveKey, encrypt, generateSalt, validatePassphrase, } from './Crypto.js';
|
|
11
|
+
import { decrypt, deriveKey, encrypt, generateSalt, validatePassphrase, VaultError, } from './Crypto.js';
|
|
12
12
|
import { readStore, writeStore, } from './Store.js';
|
|
13
13
|
// ============================================================================
|
|
14
14
|
// Constants
|
|
@@ -16,6 +16,9 @@ import { readStore, writeStore, } from './Store.js';
|
|
|
16
16
|
// Vault salt is stored in the data file and shared across devices
|
|
17
17
|
// This allows same passphrase to derive same master key on all devices
|
|
18
18
|
const VAULT_SALT_KEY = '_vault_salt';
|
|
19
|
+
// Verification token - encrypted known value to verify passphrase correctness
|
|
20
|
+
const VAULT_VERIFY_KEY = '_vault_verify';
|
|
21
|
+
const VERIFICATION_VALUE = 'VALID';
|
|
19
22
|
// ============================================================================
|
|
20
23
|
// Error types
|
|
21
24
|
// ============================================================================
|
|
@@ -54,6 +57,30 @@ async function deriveMasterKey(passphrase, salt) {
|
|
|
54
57
|
const saltBuffer = Buffer.from(salt, 'hex');
|
|
55
58
|
return deriveKey(passphrase, saltBuffer);
|
|
56
59
|
}
|
|
60
|
+
/**
|
|
61
|
+
* Verify passphrase by decrypting the verification token
|
|
62
|
+
* Throws an error if passphrase is incorrect
|
|
63
|
+
*/
|
|
64
|
+
async function verifyPassphrase(store, passphrase) {
|
|
65
|
+
const verifyEntry = store.secrets[VAULT_VERIFY_KEY];
|
|
66
|
+
if (!verifyEntry) {
|
|
67
|
+
// Old vault format without verification - upgrade needed
|
|
68
|
+
throw new Error('Vault format outdated. Please run vault init to migrate.');
|
|
69
|
+
}
|
|
70
|
+
try {
|
|
71
|
+
const parsed = JSON.parse(verifyEntry.value);
|
|
72
|
+
const decrypted = await decrypt(parsed.encrypted, parsed.salt, passphrase);
|
|
73
|
+
if (decrypted !== VERIFICATION_VALUE) {
|
|
74
|
+
throw new VaultError('INVALID_PASSPHRASE', 'Incorrect passphrase');
|
|
75
|
+
}
|
|
76
|
+
}
|
|
77
|
+
catch (error) {
|
|
78
|
+
if (error instanceof VaultError) {
|
|
79
|
+
throw error;
|
|
80
|
+
}
|
|
81
|
+
throw new VaultError('INVALID_PASSPHRASE', 'Incorrect passphrase');
|
|
82
|
+
}
|
|
83
|
+
}
|
|
57
84
|
/**
|
|
58
85
|
* Initialize Vault
|
|
59
86
|
*/
|
|
@@ -70,10 +97,12 @@ export async function initVault(userId, passphrase) {
|
|
|
70
97
|
}
|
|
71
98
|
// Generate vault salt (shared across devices)
|
|
72
99
|
const vaultSalt = generateSalt();
|
|
100
|
+
// Create verification token (encrypt known value with passphrase)
|
|
101
|
+
const verifyToken = await encrypt(VERIFICATION_VALUE, passphrase);
|
|
73
102
|
// Get storage location
|
|
74
103
|
const { getStorageLocation } = await import('./Store.js');
|
|
75
104
|
const location = await getStorageLocation();
|
|
76
|
-
// Initialize storage with vault salt
|
|
105
|
+
// Initialize storage with vault salt and verification token
|
|
77
106
|
const newData = {
|
|
78
107
|
version: '2.0', // New version with synced master key
|
|
79
108
|
user_id: userId,
|
|
@@ -86,6 +115,12 @@ export async function initVault(userId, passphrase) {
|
|
|
86
115
|
created_at: new Date().toISOString(),
|
|
87
116
|
updated_at: new Date().toISOString(),
|
|
88
117
|
},
|
|
118
|
+
[VAULT_VERIFY_KEY]: {
|
|
119
|
+
value: JSON.stringify(verifyToken),
|
|
120
|
+
description: 'Passphrase verification (do not delete)',
|
|
121
|
+
created_at: new Date().toISOString(),
|
|
122
|
+
updated_at: new Date().toISOString(),
|
|
123
|
+
},
|
|
89
124
|
},
|
|
90
125
|
};
|
|
91
126
|
await writeStore(newData);
|
|
@@ -140,12 +175,9 @@ export async function setSecret(key, value, passphrase, description) {
|
|
|
140
175
|
if (!store || !store.secrets[VAULT_SALT_KEY]) {
|
|
141
176
|
throw new VaultNotInitializedError();
|
|
142
177
|
}
|
|
143
|
-
//
|
|
144
|
-
|
|
145
|
-
|
|
146
|
-
// Derive master key
|
|
147
|
-
const masterKey = await deriveMasterKey(passphrase, vaultSalt);
|
|
148
|
-
// Encrypt secret value with the passphrase (encrypt function derives key internally)
|
|
178
|
+
// Verify passphrase before making any changes
|
|
179
|
+
await verifyPassphrase(store, passphrase);
|
|
180
|
+
// Encrypt secret value with the passphrase
|
|
149
181
|
const encrypted = await encrypt(value, passphrase);
|
|
150
182
|
// Update secret
|
|
151
183
|
const now = new Date().toISOString();
|
|
@@ -182,13 +214,11 @@ export async function listSecrets(passphrase) {
|
|
|
182
214
|
if (!store || !store.secrets[VAULT_SALT_KEY]) {
|
|
183
215
|
throw new VaultNotInitializedError();
|
|
184
216
|
}
|
|
185
|
-
// Verify passphrase
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
await deriveMasterKey(passphrase, vaultSalt);
|
|
189
|
-
// Return list of secret names (without vault salt, without values)
|
|
217
|
+
// Verify passphrase before allowing access
|
|
218
|
+
await verifyPassphrase(store, passphrase);
|
|
219
|
+
// Return list of secret names (without vault salt and verify token, without values)
|
|
190
220
|
return Object.entries(store.secrets)
|
|
191
|
-
.filter(([key]) => key !== VAULT_SALT_KEY)
|
|
221
|
+
.filter(([key]) => key !== VAULT_SALT_KEY && key !== VAULT_VERIFY_KEY)
|
|
192
222
|
.map(([key, entry]) => ({
|
|
193
223
|
key,
|
|
194
224
|
description: entry.description || '',
|
|
@@ -204,9 +234,8 @@ export async function deleteSecret(key, passphrase) {
|
|
|
204
234
|
if (!store || !store.secrets[VAULT_SALT_KEY]) {
|
|
205
235
|
throw new VaultNotInitializedError();
|
|
206
236
|
}
|
|
207
|
-
|
|
208
|
-
|
|
209
|
-
await deriveMasterKey(passphrase, vaultSalt);
|
|
237
|
+
// Verify passphrase before allowing deletion
|
|
238
|
+
await verifyPassphrase(store, passphrase);
|
|
210
239
|
// Check if secret exists
|
|
211
240
|
if (!store.secrets[key]) {
|
|
212
241
|
return { success: false, message: `Secret "${key}" not found` };
|
|
@@ -234,12 +263,15 @@ export async function getVaultStatus() {
|
|
|
234
263
|
const { getStorageInfo } = await import('./Store.js');
|
|
235
264
|
const storageInfo = await getStorageInfo();
|
|
236
265
|
const hasVaultSalt = store !== null && VAULT_SALT_KEY in store.secrets;
|
|
266
|
+
const hasVerifyToken = store !== null && VAULT_VERIFY_KEY in store.secrets;
|
|
267
|
+
// Count internal fields (salt + verify token)
|
|
268
|
+
const internalFields = (hasVaultSalt ? 1 : 0) + (hasVerifyToken ? 1 : 0);
|
|
237
269
|
return {
|
|
238
270
|
initialized: store !== null,
|
|
239
271
|
storageType: storageInfo.type,
|
|
240
272
|
userId: store?.user_id,
|
|
241
|
-
secretCount: store ? Object.keys(store.secrets).length -
|
|
242
|
-
isNewVersion: hasVaultSalt,
|
|
273
|
+
secretCount: store ? Object.keys(store.secrets).length - internalFields : 0,
|
|
274
|
+
isNewVersion: hasVaultSalt && hasVerifyToken,
|
|
243
275
|
};
|
|
244
276
|
}
|
|
245
277
|
/**
|
|
@@ -254,11 +286,28 @@ export async function resetVault() {
|
|
|
254
286
|
const location = await getStorageLocation();
|
|
255
287
|
const dataFile = join(location.path, 'secrets.json');
|
|
256
288
|
if (existsSync(dataFile)) {
|
|
257
|
-
|
|
289
|
+
// Secure wipe: overwrite with random data multiple times before deleting
|
|
290
|
+
const { unlink } = await import('fs/promises');
|
|
291
|
+
try {
|
|
292
|
+
// Read file size
|
|
293
|
+
const { statSync } = await import('fs');
|
|
294
|
+
const fileSize = statSync(dataFile).size;
|
|
295
|
+
// Overwrite 3 times with random data
|
|
296
|
+
for (let i = 0; i < 3; i++) {
|
|
297
|
+
const randomData = crypto.getRandomValues(new Uint8Array(fileSize));
|
|
298
|
+
await writeFile(dataFile, Buffer.from(randomData));
|
|
299
|
+
}
|
|
300
|
+
// Finally delete the file
|
|
301
|
+
await unlink(dataFile);
|
|
302
|
+
}
|
|
303
|
+
catch {
|
|
304
|
+
// If secure wipe fails, fall back to simple overwrite
|
|
305
|
+
await writeFile(dataFile, '', 'utf-8');
|
|
306
|
+
}
|
|
258
307
|
}
|
|
259
308
|
return {
|
|
260
309
|
success: true,
|
|
261
|
-
message: 'Vault has been reset. Run "vault init" to set up again.',
|
|
310
|
+
message: 'Vault has been securely reset. Run "vault init" to set up again.',
|
|
262
311
|
};
|
|
263
312
|
}
|
|
264
313
|
catch {
|
package/dist/tools.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tools.js","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;
|
|
1
|
+
{"version":3,"file":"tools.js","sourceRoot":"","sources":["../src/tools.ts"],"names":[],"mappings":"AAAA;;;;;;;;;GASG;AAKH,OAAO,EACL,OAAO,EACP,SAAS,EACT,OAAO,EACP,YAAY,EACZ,kBAAkB,EAClB,UAAU,GACX,MAAM,aAAa,CAAA;AACpB,OAAO,EACL,SAAS,EACT,UAAU,GAEX,MAAM,YAAY,CAAA;AAInB,+EAA+E;AAC/E,YAAY;AACZ,+EAA+E;AAE/E,kEAAkE;AAClE,uEAAuE;AACvE,MAAM,cAAc,GAAG,aAAa,CAAA;AAEpC,8EAA8E;AAC9E,MAAM,gBAAgB,GAAG,eAAe,CAAA;AACxC,MAAM,kBAAkB,GAAG,OAAO,CAAA;AAElC,+EAA+E;AAC/E,cAAc;AACd,+EAA+E;AAE/E,MAAM,OAAO,wBAAyB,SAAQ,KAAK;IACjD;QACE,KAAK,CAAC,kDAAkD,CAAC,CAAA;QACzD,IAAI,CAAC,IAAI,GAAG,0BAA0B,CAAA;IACxC,CAAC;CACF;AAED,MAAM,OAAO,mBAAoB,SAAQ,KAAK;IAC5C,YAAY,GAAW;QACrB,KAAK,CAAC,WAAW,GAAG,aAAa,CAAC,CAAA;QAClC,IAAI,CAAC,IAAI,GAAG,qBAAqB,CAAA;IACnC,CAAC;CACF;AAED,+EAA+E;AAC/E,wBAAwB;AACxB,+EAA+E;AAE/E;;GAEG;AACH,KAAK,UAAU,oBAAoB;IACjC,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAA;IAE/B,IAAI,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC3C,0BAA0B;QAC1B,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,CAAC,KAAK,CAAC,CAAA;QAC9D,OAAO,MAAM,CAAC,IAAI,CAAA;IACpB,CAAC;IAED,wBAAwB;IACxB,OAAO,YAAY,EAAE,CAAA;AACvB,CAAC;AAED;;GAEG;AACH,KAAK,UAAU,eAAe,CAAC,UAAkB,EAAE,IAAY;IAC7D,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,KAAK,CAAC,CAAA;IAC3C,OAAO,SAAS,CAAC,UAAU,EAAE,UAAU,CAAC,CAAA;AAC1C,CAAC;AAED;;;GAGG;AACH,KAAK,UAAU,gBAAgB,CAC7B,KAAiB,EACjB,UAAkB;IAElB,MAAM,WAAW,GAAG,KAAK,CAAC,OAAO,CAAC,gBAAgB,CAAC,CAAA;IACnD,IAAI,CAAC,WAAW,EAAE,CAAC;QACjB,yDAAyD;QACzD,MAAM,IAAI,KAAK,CAAC,0DAA0D,CAAC,CAAA;IAC7E,CAAC;IAED,IAAI,CAAC;QACH,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAC,KAAK,CAAC,CAAA;QAC5C,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;QAC1E,IAAI,SAAS,KAAK,kBAAkB,EAAE,CAAC;YACrC,MAAM,IAAI,UAAU,CAClB,oBAAoB,EACpB,sBAAsB,CACvB,CAAA;QACH,CAAC;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,UAAU,EAAE,CAAC;YAChC,MAAM,KAAK,CAAA;QACb,CAAC;QACD,MAAM,IAAI,UAAU,CAClB,oBAAoB,EACpB,sBAAsB,CACvB,CAAA;IACH,CAAC;AACH,CAAC;AAWD;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,MAAc,EACd,UAAkB;IAElB,IAAI,CAAC;QACH,kBAAkB,CAAC,UAAU,CAAC,CAAA;QAE9B,0BAA0B;QAC1B,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAA;QAC/B,IAAI,KAAK,IAAI,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC3C,OAAO;gBACL,OAAO,EAAE,KAAK;gBACd,OAAO,EAAE,yDAAyD;aACnE,CAAA;QACH,CAAC;QAED,8CAA8C;QAC9C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAA;QAEhC,kEAAkE;QAClE,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,kBAAkB,EAAE,UAAU,CAAC,CAAA;QAEjE,uBAAuB;QACvB,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAA;QACzD,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAA;QAE3C,4DAA4D;QAC5D,MAAM,OAAO,GAAe;YAC1B,OAAO,EAAE,KAAK,EAAE,qCAAqC;YACrD,OAAO,EAAE,MAAM;YACf,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;YACpC,OAAO,EAAE;gBACP,CAAC,cAAc,CAAC,EAAE;oBAChB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,EAAE,SAAS,EAAE,CAAC;oBAC1C,WAAW,EAAE,4BAA4B;oBACzC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACpC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACrC;gBACD,CAAC,gBAAgB,CAAC,EAAE;oBAClB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,WAAW,CAAC;oBAClC,WAAW,EAAE,yCAAyC;oBACtD,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;oBACpC,UAAU,EAAE,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE;iBACrC;aACF;SACF,CAAA;QAED,MAAM,UAAU,CAAC,OAAO,CAAC,CAAA;QAEzB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,yCAAyC,MAAM,EAAE;YAC1D,WAAW,EAAE,QAAQ,CAAC,IAAI;SAC3B,CAAA;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,0BAA0B,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SAC5F,CAAA;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAW,EACX,UAAkB;IAElB,aAAa;IACb,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAA;IAC/B,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,wBAAwB,EAAE,CAAA;IACtC,CAAC;IAED,iBAAiB;IACjB,MAAM,aAAa,GAAG,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,CAAA;IACnD,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,aAAa,CAAC,KAAK,CAAC,CAAC,IAAI,CAAA;IAEtD,aAAa;IACb,MAAM,KAAK,GAAG,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;IAChC,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,mBAAmB,CAAC,GAAG,CAAC,CAAA;IACpC,CAAC;IAED,sDAAsD;IACtD,MAAM,MAAM,GAAG,IAAI,CAAC,KAAK,CAAC,KAAK,CAAC,KAAK,CAAC,CAAA;IACtC,OAAO,MAAM,OAAO,CAAC,MAAM,CAAC,SAAS,EAAE,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC,CAAA;AACjE,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,SAAS,CAC7B,GAAW,EACX,KAAa,EACb,UAAkB,EAClB,WAAoB;IAEpB,IAAI,CAAC;QACH,iBAAiB;QACjB,IAAI,CAAC,GAAG,IAAI,GAAG,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACpC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,0BAA0B,EAAE,CAAA;QAChE,CAAC;QACD,IAAI,CAAC,KAAK,IAAI,KAAK,CAAC,IAAI,EAAE,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACxC,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,8BAA8B,EAAE,CAAA;QACpE,CAAC;QAED,aAAa;QACb,IAAI,KAAK,GAAG,MAAM,SAAS,EAAE,CAAA;QAC7B,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,wBAAwB,EAAE,CAAA;QACtC,CAAC;QAED,8CAA8C;QAC9C,MAAM,gBAAgB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;QAEzC,2CAA2C;QAC3C,MAAM,SAAS,GAAG,MAAM,OAAO,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;QAElD,gBAAgB;QAChB,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC,WAAW,EAAE,CAAA;QACpC,MAAM,KAAK,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QAEjC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,GAAG;YACnB,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,CAAC;YAChC,WAAW,EAAE,WAAW,IAAI,EAAE;YAC9B,UAAU,EAAE,KAAK,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC,UAAU;YACvD,UAAU,EAAE,GAAG;SAChB,CAAA;QAED,cAAc;QACd,MAAM,UAAU,CAAC,KAAK,CAAC,CAAA;QAEvB,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,KAAK,CAAC,CAAC,CAAC,UAAU,GAAG,EAAE,CAAC,CAAC,CAAC,YAAY,GAAG,EAAE;SACrD,CAAA;IACH,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,wBAAwB,EAAE,CAAC;YAC9C,MAAM,KAAK,CAAA;QACb,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,gBAAgB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SAClF,CAAA;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,WAAW,CAC/B,UAAkB;IAElB,aAAa;IACb,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAA;IAC/B,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC7C,MAAM,IAAI,wBAAwB,EAAE,CAAA;IACtC,CAAC;IAED,2CAA2C;IAC3C,MAAM,gBAAgB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;IAEzC,oFAAoF;IACpF,OAAO,MAAM,CAAC,OAAO,CAAC,KAAK,CAAC,OAAO,CAAC;SACjC,MAAM,CAAC,CAAC,CAAC,GAAG,CAAC,EAAE,EAAE,CAAC,GAAG,KAAK,cAAc,IAAI,GAAG,KAAK,gBAAgB,CAAC;SACrE,GAAG,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAAC,CAAC;QACtB,GAAG;QACH,WAAW,EAAE,KAAK,CAAC,WAAW,IAAI,EAAE;KACrC,CAAC,CAAC,CAAA;AACP,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,YAAY,CAChC,GAAW,EACX,UAAkB;IAElB,IAAI,CAAC;QACH,oBAAoB;QACpB,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAA;QAC/B,IAAI,CAAC,KAAK,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;YAC7C,MAAM,IAAI,wBAAwB,EAAE,CAAA;QACtC,CAAC;QAED,6CAA6C;QAC7C,MAAM,gBAAgB,CAAC,KAAK,EAAE,UAAU,CAAC,CAAA;QAEzC,yBAAyB;QACzB,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,EAAE,CAAC;YACxB,OAAO,EAAE,OAAO,EAAE,KAAK,EAAE,OAAO,EAAE,WAAW,GAAG,aAAa,EAAE,CAAA;QACjE,CAAC;QAED,gBAAgB;QAChB,OAAO,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC,CAAA;QACzB,MAAM,UAAU,CAAC,KAAK,CAAC,CAAA;QAEvB,OAAO,EAAE,OAAO,EAAE,IAAI,EAAE,OAAO,EAAE,YAAY,GAAG,EAAE,EAAE,CAAA;IACtD,CAAC;IAAC,OAAO,KAAK,EAAE,CAAC;QACf,IAAI,KAAK,YAAY,wBAAwB,EAAE,CAAC;YAC9C,MAAM,KAAK,CAAA;QACb,CAAC;QACD,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,kBAAkB,KAAK,YAAY,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE;SACpF,CAAA;IACH,CAAC;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,cAAc;IAOlC,MAAM,KAAK,GAAG,MAAM,SAAS,EAAE,CAAA;IAE/B,MAAM,EAAE,cAAc,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAA;IACrD,MAAM,WAAW,GAAG,MAAM,cAAc,EAAE,CAAA;IAE1C,MAAM,YAAY,GAAG,KAAK,KAAK,IAAI,IAAI,cAAc,IAAI,KAAK,CAAC,OAAO,CAAA;IACtE,MAAM,cAAc,GAAG,KAAK,KAAK,IAAI,IAAI,gBAAgB,IAAI,KAAK,CAAC,OAAO,CAAA;IAE1E,8CAA8C;IAC9C,MAAM,cAAc,GAAG,CAAC,YAAY,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC,cAAc,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,CAAA;IAExE,OAAO;QACL,WAAW,EAAE,KAAK,KAAK,IAAI;QAC3B,WAAW,EAAE,WAAW,CAAC,IAAI;QAC7B,MAAM,EAAE,KAAK,EAAE,OAAO;QACtB,WAAW,EAAE,KAAK,CAAC,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,CAAC,MAAM,GAAG,cAAc,CAAC,CAAC,CAAC,CAAC;QAC3E,YAAY,EAAE,YAAY,IAAI,cAAc;KAC7C,CAAA;AACH,CAAC;AAED;;GAEG;AACH,MAAM,CAAC,KAAK,UAAU,UAAU;IAI9B,IAAI,CAAC;QACH,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;QAC3D,MAAM,EAAE,UAAU,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAA;QACzC,MAAM,EAAE,IAAI,EAAE,GAAG,MAAM,MAAM,CAAC,MAAM,CAAC,CAAA;QACrC,MAAM,EAAE,kBAAkB,EAAE,GAAG,MAAM,MAAM,CAAC,YAAY,CAAC,CAAA;QAEzD,MAAM,QAAQ,GAAG,MAAM,kBAAkB,EAAE,CAAA;QAC3C,MAAM,QAAQ,GAAG,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,cAAc,CAAC,CAAA;QAEpD,IAAI,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;YACzB,yEAAyE;YACzE,MAAM,EAAE,MAAM,EAAE,GAAG,MAAM,MAAM,CAAC,aAAa,CAAC,CAAA;YAE9C,IAAI,CAAC;gBACH,iBAAiB;gBACjB,MAAM,EAAE,QAAQ,EAAE,GAAG,MAAM,MAAM,CAAC,IAAI,CAAC,CAAA;gBACvC,MAAM,QAAQ,GAAG,QAAQ,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAA;gBAExC,qCAAqC;gBACrC,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,EAAE,CAAC,EAAE,EAAE,CAAC;oBAC3B,MAAM,UAAU,GAAG,MAAM,CAAC,eAAe,CAAC,IAAI,UAAU,CAAC,QAAQ,CAAC,CAAC,CAAA;oBACnE,MAAM,SAAS,CAAC,QAAQ,EAAE,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAA;gBACpD,CAAC;gBAED,0BAA0B;gBAC1B,MAAM,MAAM,CAAC,QAAQ,CAAC,CAAA;YACxB,CAAC;YAAC,MAAM,CAAC;gBACP,sDAAsD;gBACtD,MAAM,SAAS,CAAC,QAAQ,EAAE,EAAE,EAAE,OAAO,CAAC,CAAA;YACxC,CAAC;QACH,CAAC;QAED,OAAO;YACL,OAAO,EAAE,IAAI;YACb,OAAO,EAAE,kEAAkE;SAC5E,CAAA;IACH,CAAC;IAAC,MAAM,CAAC;QACP,OAAO;YACL,OAAO,EAAE,KAAK;YACd,OAAO,EAAE,cAAc;SACxB,CAAA;IACH,CAAC;AACH,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@principle2026/vault",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.2.0",
|
|
4
4
|
"description": "Vault - AI-powered secret management for Claude Code",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.js",
|
|
@@ -36,7 +36,7 @@
|
|
|
36
36
|
"license": "MIT",
|
|
37
37
|
"repository": {
|
|
38
38
|
"type": "git",
|
|
39
|
-
"url": "https://github.com/xiaolin26/vault.git"
|
|
39
|
+
"url": "git+https://github.com/xiaolin26/vault.git"
|
|
40
40
|
},
|
|
41
41
|
"bugs": {
|
|
42
42
|
"url": "https://github.com/xiaolin26/vault/issues"
|
|
@@ -46,7 +46,6 @@
|
|
|
46
46
|
"node": ">=18.0.0"
|
|
47
47
|
},
|
|
48
48
|
"dependencies": {
|
|
49
|
-
"keytar": "^7.9.0",
|
|
50
49
|
"yargs": "^17.7.2"
|
|
51
50
|
},
|
|
52
51
|
"devDependencies": {
|