@yawlabs/mcp 0.64.1 → 0.65.0

package/dist/index.js

@@ -1148,9 +1148,15 @@ async function runBundlesCommand(opts = {}) {
     env: opts.env
   });
   if (!config.token) {
-    printErr(
-      "yaw-mcp bundles match: no token resolved. Run `yaw-mcp install <client> --token mcp_pat_\u2026` or set YAW_MCP_TOKEN."
-    );
+    const msg = "no token resolved. Run `yaw-mcp install <client> --token mcp_pat_\u2026` or set YAW_MCP_TOKEN.";
+    if (opts.json) {
+      const jsonErr = JSON.stringify({ ok: false, error: msg });
+      lines.push(jsonErr);
+      writeErr(`${jsonErr}
+`);
+    } else {
+      printErr(`yaw-mcp bundles match: ${msg}`);
+    }
     return { exitCode: 1, lines };
   }
   const fetcher = opts.fetcher ?? fetchConfig;
@@ -1159,11 +1165,26 @@ async function runBundlesCommand(opts = {}) {
     backend = await fetcher(config.apiBase, config.token);
   } catch (err) {
     const msg = err instanceof ConfigError || err instanceof Error ? err.message : String(err);
-    printErr(`yaw-mcp bundles match: ${msg}`);
+    if (opts.json) {
+      const jsonErr = JSON.stringify({ ok: false, error: msg });
+      lines.push(jsonErr);
+      writeErr(`${jsonErr}
+`);
+    } else {
+      printErr(`yaw-mcp bundles match: ${msg}`);
+    }
     return { exitCode: 2, lines };
   }
   if (!backend) {
-    printErr("yaw-mcp bundles match: backend returned 304 without a conditional request.");
+    const msg = "backend returned 304 without a conditional request.";
+    if (opts.json) {
+      const jsonErr = JSON.stringify({ ok: false, error: msg });
+      lines.push(jsonErr);
+      writeErr(`${jsonErr}
+`);
+    } else {
+      printErr(`yaw-mcp bundles match: ${msg}`);
+    }
     return { exitCode: 2, lines };
   }
   const installed = backend.servers.filter((s) => s.isActive).map((s) => s.namespace);
@@ -1380,18 +1401,27 @@ function renderScript(shell) {
       return renderPowershell();
   }
 }
+function isPlaceholder(s) {
+  return s.startsWith("<") && s.endsWith(">");
+}
 function renderBash() {
   const subcommandList = SUBCOMMAND_SPEC.map((s) => s.name).join(" ");
   const topLevelFlags = "--help -h --version -V";
   const cases = SUBCOMMAND_SPEC.map((spec) => {
-    const posClause = spec.positional ? `    if [[ $cword -eq 2 ]]; then
-      COMPREPLY=( $(compgen -W "${spec.positional.join(" ")} ${spec.flags.join(" ")}" -- "$cur") )
+    const indexedPositionals = (spec.positional ?? []).map((p, i) => ({ value: p, index: i })).filter(({ value }) => !isPlaceholder(value));
+    const posClauses = indexedPositionals.map(
+      ({ value, index }) => `    if [[ $cword -eq $((${index} + 2)) ]]; then
+      COMPREPLY=( $(compgen -W "${value}" -- "$cur") )
       return 0
-    fi` : "";
+    fi`
+    );
+    const parts = [
+      ...posClauses,
+      `    COMPREPLY=( $(compgen -W "${spec.flags.join(" ")}" -- "$cur") )`,
+      "    return 0"
+    ].filter((p) => p !== "");
     return `  ${spec.name})
-${posClause}
-    COMPREPLY=( $(compgen -W "${spec.flags.join(" ")}" -- "$cur") )
-    return 0
+${parts.join("\n")}
     ;;`;
   }).join("\n");
   return `# bash completion for yaw-mcp \u2014 generated by \`yaw-mcp completion bash\`
@@ -1418,8 +1448,10 @@ function renderZsh() {
   const subcommandList = SUBCOMMAND_SPEC.map((s) => `    '${s.name}:${s.description}'`).join("\n");
   const argsCases = SUBCOMMAND_SPEC.map((spec) => {
     const lines = [`      ${spec.name})`];
-    if (spec.positional) {
-      lines.push(`        _arguments '1: :(${spec.positional.join(" ")})' '*: :(${spec.flags.join(" ")})'`);
+    const indexedPositionals = (spec.positional ?? []).map((p, i) => ({ value: p, index: i })).filter(({ value }) => !isPlaceholder(value));
+    if (indexedPositionals.length > 0) {
+      const posArgs = indexedPositionals.map(({ value, index }) => `'${index + 1}: :(${value})'`).join(" ");
+      lines.push(`        _arguments ${posArgs} '*: :(${spec.flags.join(" ")})'`);
     } else {
       lines.push(`        _arguments '*: :(${spec.flags.join(" ")})'`);
     }
@@ -1463,9 +1495,13 @@ complete -c yaw-mcp -f`;
   const flagLines = [];
   for (const spec of SUBCOMMAND_SPEC) {
     if (spec.positional) {
-      for (const p of spec.positional) {
-        positionalLines.push(`complete -c yaw-mcp -n "__fish_seen_subcommand_from ${spec.name}" -a ${p}`);
-      }
+      spec.positional.forEach((p, i) => {
+        if (isPlaceholder(p)) return;
+        const expectedCount = i + 2;
+        positionalLines.push(
+          `complete -c yaw-mcp -n "__fish_seen_subcommand_from ${spec.name}; and test (count (commandline -opc)) -eq ${expectedCount}" -a ${p}`
+        );
+      });
     }
     for (const f of spec.flags) {
       if (!f.startsWith("--")) continue;
@@ -1478,12 +1514,13 @@ complete -c yaw-mcp -f`;
 function renderPowershell() {
   const subcommandNames = SUBCOMMAND_SPEC.map((s) => `'${s.name}'`).join(", ");
   const caseBranches = SUBCOMMAND_SPEC.map((spec) => {
-    const positional = spec.positional ? spec.positional.map((p) => `'${p}'`).join(", ") : "";
+    const indexedPositionals = (spec.positional ?? []).map((p, i) => ({ value: p, index: i })).filter(({ value }) => !isPlaceholder(value));
     const flags = spec.flags.map((f) => `'${f}'`).join(", ");
-    const positionalLine = positional ? `      $completions += @(${positional})
+    const positionalLines = indexedPositionals.map(({ value, index }) => `      if ($tokens.Count -eq ${index + 2}) { $completions += @('${value}') }`).join("\n");
+    const positionalBlock = positionalLines ? `${positionalLines}
 ` : "";
     return `    '${spec.name}' {
-${positionalLine}      $completions += @(${flags})
+${positionalBlock}      $completions += @(${flags})
     }`;
   }).join("\n");
   return `# PowerShell completion for yaw-mcp \u2014 generated by \`yaw-mcp completion powershell\`
@@ -1694,6 +1731,19 @@ var token = "";
 var lastFailure = null;
 var lastLoggedConnectStatus = null;
 var lastLoggedDispatchStatus = null;
+var warnedInsecureBearerSkipConnect = false;
+var warnedInsecureBearerSkipDispatch = false;
+function shouldSendBearer(targetUrl) {
+  let parsed;
+  try {
+    parsed = new URL(targetUrl);
+  } catch {
+    return false;
+  }
+  if (parsed.protocol === "https:") return true;
+  if (parsed.protocol === "http:" && isLoopbackHost(parsed.hostname)) return true;
+  return false;
+}
 function getLastAnalyticsFailure() {
   return lastFailure;
 }
@@ -1746,12 +1796,20 @@ async function flush() {
   const events = buffer.splice(0, FLUSH_SIZE);
   const url = `${apiUrl.replace(/\/$/, "")}/api/connect/analytics`;
   try {
+    const headers = { "Content-Type": "application/json" };
+    if (shouldSendBearer(url)) {
+      headers.Authorization = `Bearer ${token}`;
+    } else if (!warnedInsecureBearerSkipConnect) {
+      log(
+        "warn",
+        "Analytics URL is not https and not loopback; sending without Authorization header to avoid leaking the bearer token",
+        { url }
+      );
+      warnedInsecureBearerSkipConnect = true;
+    }
     const res = await request3(url, {
       method: "POST",
-      headers: {
-        Authorization: `Bearer ${token}`,
-        "Content-Type": "application/json"
-      },
+      headers,
       body: JSON.stringify({ events }),
       headersTimeout: 1e4,
       bodyTimeout: 1e4
@@ -1788,17 +1846,25 @@ async function flushDispatch() {
   const events = dispatchBuffer.splice(0, FLUSH_SIZE);
   const url = `${apiUrl.replace(/\/$/, "")}/api/connect/dispatch-events`;
   try {
+    const headers = { "Content-Type": "application/json" };
+    if (shouldSendBearer(url)) {
+      headers.Authorization = `Bearer ${token}`;
+    } else if (!warnedInsecureBearerSkipDispatch) {
+      log(
+        "warn",
+        "Analytics URL is not https and not loopback; sending without Authorization header to avoid leaking the bearer token",
+        { url }
+      );
+      warnedInsecureBearerSkipDispatch = true;
+    }
     const res = await request3(url, {
       method: "POST",
-      headers: {
-        Authorization: `Bearer ${token}`,
-        "Content-Type": "application/json"
-      },
+      headers,
       body: JSON.stringify({ events }),
       headersTimeout: 1e4,
       bodyTimeout: 1e4
     });
-    if (res.statusCode >= 400 && res.statusCode !== 204) {
+    if (res.statusCode >= 400) {
       const retryable = res.statusCode >= 500 || res.statusCode === 408 || res.statusCode === 429;
       if (retryable) {
         const room = MAX_BUFFER - dispatchBuffer.length;
@@ -1812,7 +1878,7 @@ async function flushDispatch() {
         lastLoggedDispatchStatus = res.statusCode;
       }
       lastFailure = { statusCode: res.statusCode, url, at: Date.now() };
-    } else if (res.statusCode < 400) {
+    } else {
       lastFailure = null;
       lastLoggedDispatchStatus = null;
     }
@@ -1830,6 +1896,8 @@ function initAnalytics(url, tok) {
   token = tok;
   lastLoggedConnectStatus = null;
   lastLoggedDispatchStatus = null;
+  warnedInsecureBearerSkipConnect = false;
+  warnedInsecureBearerSkipDispatch = false;
   teamAnalyticsDisabled = false;
   flushTimer = setInterval(() => {
     flush().catch(() => {
@@ -2296,9 +2364,12 @@ function errorMessage(err) {
 import { request as request4 } from "undici";
 var apiUrl2 = "";
 var token2 = "";
-var lastFailure2 = null;
-function getLastReportFailure() {
-  return lastFailure2;
+var lastFailureByServer = /* @__PURE__ */ new Map();
+function getLastReportFailure(serverId) {
+  if (serverId !== void 0) return lastFailureByServer.get(serverId) ?? null;
+  const entries = [...lastFailureByServer.values()];
+  if (entries.length === 0) return null;
+  return entries.reduce((a, b) => a.at >= b.at ? a : b);
 }
 function initToolReport(url, tok) {
   apiUrl2 = url;
@@ -2306,7 +2377,7 @@ function initToolReport(url, tok) {
 }
 async function reportTools(serverId, tools) {
   if (!apiUrl2 || !token2 || !serverId) return;
-  const url = `${apiUrl2.replace(/\/$/, "")}/api/connect/servers/${serverId}/tools`;
+  const url = `${apiUrl2.replace(/\/$/, "")}/api/connect/servers/${encodeURIComponent(serverId)}/tools`;
   try {
     const res = await request4(url, {
       method: "POST",
@@ -2322,12 +2393,13 @@ async function reportTools(serverId, tools) {
     });
     if (res.statusCode >= 400 && res.statusCode !== 404) {
       log("warn", "Tool report failed", { serverId, status: res.statusCode });
-      lastFailure2 = { statusCode: res.statusCode, url, at: Date.now() };
-    } else if (res.statusCode < 400) {
-      lastFailure2 = null;
+      lastFailureByServer.set(serverId, { statusCode: res.statusCode, url, at: Date.now() });
+    } else {
+      lastFailureByServer.delete(serverId);
     }
   } catch (err) {
     log("warn", "Tool report error", { serverId, error: err?.message });
+    lastFailureByServer.set(serverId, { statusCode: 0, url, at: Date.now() });
   }
 }
 
@@ -2367,6 +2439,9 @@ function tokenizeCommand(cmd) {
       has = true;
     }
   }
+  if (quote !== null) {
+    throw new Error(`Unbalanced quote in command: ${cmd}`);
+  }
   if (has) out.push(cur);
   return out;
 }
@@ -3912,7 +3987,7 @@ async function runUpgrade(opts = {}) {
   return { exitCode: 3, lines };
 }
 function readCurrentVersion() {
-  return true ? "0.64.1" : "dev";
+  return true ? "0.65.0" : "dev";
 }
 
 // src/usage-hints.ts
@@ -3974,7 +4049,7 @@ function selectFlakyNamespaces(entries, limit) {
 }
 
 // src/doctor-cmd.ts
-var VERSION = true ? "0.64.1" : "dev";
+var VERSION = true ? "0.65.0" : "dev";
 function isPersistenceDisabled(env) {
   const raw = env.YAW_MCP_DISABLE_PERSISTENCE;
   return raw !== void 0 && raw !== "" && (raw === "1" || raw.toLowerCase() === "true");
@@ -5588,13 +5663,85 @@ function isFileNotFound2(err) {
 }
 
 // src/secrets-cmd.ts
+import { existsSync as existsSync6 } from "fs";
+import { homedir as homedir15 } from "os";
+
+// src/secrets-audit.ts
 import { existsSync as existsSync5 } from "fs";
-import { homedir as homedir14 } from "os";
+import { appendFile as appendFile2, chmod as chmod4, readFile as readFile9, writeFile } from "fs/promises";
+import { homedir as homedir13 } from "os";
+import { join as join10 } from "path";
+var SECRETS_AUDIT_FILENAME = "secrets-audit.log";
+var AUDIT_TAIL_CAP = 5e3;
+function auditLogPath(home = homedir13()) {
+  return join10(home, CONFIG_DIRNAME, SECRETS_AUDIT_FILENAME);
+}
+async function appendAuditEvent(input, home = homedir13()) {
+  try {
+    const event = {
+      ts: (/* @__PURE__ */ new Date()).toISOString(),
+      server: input.server,
+      secret: input.secret,
+      event: input.event
+    };
+    const path5 = auditLogPath(home);
+    const line = `${JSON.stringify(event)}
+`;
+    if (!existsSync5(path5)) {
+      await atomicWriteFile(path5, line);
+    } else {
+      await appendFile2(path5, line, "utf8");
+    }
+    if (process.platform !== "win32") {
+      await chmod4(path5, 384).catch(() => void 0);
+    }
+    await trimToTailCap(path5);
+  } catch {
+  }
+}
+async function trimToTailCap(path5) {
+  const raw = await readFile9(path5, "utf8");
+  const lines = raw.split("\n").filter((l) => l.length > 0);
+  if (lines.length <= AUDIT_TAIL_CAP) return;
+  const kept = lines.slice(lines.length - AUDIT_TAIL_CAP);
+  await writeFile(path5, `${kept.join("\n")}
+`, "utf8");
+}
+async function readAuditLog(filter = {}, home = homedir13()) {
+  const path5 = auditLogPath(home);
+  if (!existsSync5(path5)) return [];
+  let raw;
+  try {
+    raw = await readFile9(path5, "utf8");
+  } catch {
+    return [];
+  }
+  const out = [];
+  for (const line of raw.split("\n")) {
+    if (line.length === 0) continue;
+    let parsed;
+    try {
+      parsed = JSON.parse(line);
+    } catch {
+      continue;
+    }
+    if (!isAuditEvent(parsed)) continue;
+    if (filter.secret !== void 0 && parsed.secret !== filter.secret) continue;
+    if (filter.server !== void 0 && parsed.server !== filter.server) continue;
+    out.push(parsed);
+  }
+  return out;
+}
+function isAuditEvent(v) {
+  if (!v || typeof v !== "object") return false;
+  const e = v;
+  return typeof e.ts === "string" && typeof e.server === "string" && typeof e.secret === "string" && (e.event === "injected" || e.event === "missing");
+}
 
 // src/secrets-vault.ts
-import { chmod as chmod4, mkdir as mkdir4, readFile as readFile9 } from "fs/promises";
-import { homedir as homedir13 } from "os";
-import { dirname as dirname2, join as join10 } from "path";
+import { chmod as chmod5, mkdir as mkdir4, readFile as readFile10 } from "fs/promises";
+import { homedir as homedir14 } from "os";
+import { dirname as dirname2, join as join11 } from "path";
 
 // src/secrets-crypto.ts
 import { createCipheriv, createDecipheriv, randomBytes, scrypt as scryptCb } from "crypto";
@@ -5653,8 +5800,8 @@ function decryptEntry(entry, key) {
 var SECRETS_FILENAME = "secrets.json";
 var SECRETS_SCHEMA_VERSION = 1;
 var VAULT_CHECK_PLAINTEXT = "yaw-mcp-vault-v1";
-function vaultPath(home = homedir13()) {
-  return join10(home, CONFIG_DIRNAME, SECRETS_FILENAME);
+function vaultPath(home = homedir14()) {
+  return join11(home, CONFIG_DIRNAME, SECRETS_FILENAME);
 }
 function emptyVault() {
   return {
@@ -5666,7 +5813,7 @@ function emptyVault() {
 async function loadVault(path5) {
   let raw;
   try {
-    raw = await readFile9(path5, "utf8");
+    raw = await readFile10(path5, "utf8");
   } catch (err) {
     const code = err.code;
     if (code === "ENOENT") return null;
@@ -5711,7 +5858,7 @@ async function saveVault(path5, vault) {
   await mkdir4(dir, { recursive: true });
   if (process.platform !== "win32") {
     try {
-      await chmod4(dir, 448);
+      await chmod5(dir, 448);
     } catch {
     }
   }
@@ -5719,7 +5866,7 @@ async function saveVault(path5, vault) {
 `, "utf8", 384, 448);
   if (process.platform !== "win32") {
     try {
-      await chmod4(path5, 384);
+      await chmod5(path5, 384);
     } catch {
     }
   }
@@ -5753,6 +5900,44 @@ function ensureCheck(vault, key) {
   if (vault.check) return vault;
   return { ...vault, check: encryptEntry(VAULT_CHECK_PLAINTEXT, key) };
 }
+async function rotateVault(vault, oldKey, newPassphrase) {
+  if (vault.check) {
+    try {
+      const probe2 = decryptEntry(vault.check, oldKey);
+      if (probe2 !== VAULT_CHECK_PLAINTEXT) {
+        throw new Error("vault check marker did not match expected plaintext");
+      }
+    } catch {
+      throw new Error("rotate aborted: current passphrase is wrong (vault check failed to decrypt)");
+    }
+  }
+  const plaintext = /* @__PURE__ */ new Map();
+  for (const [name, entry] of Object.entries(vault.entries)) {
+    try {
+      plaintext.set(name, decryptEntry(entry, oldKey));
+    } catch {
+      plaintext.clear();
+      throw new Error(`rotate aborted: entry "${name}" failed to decrypt under the current passphrase`);
+    }
+  }
+  const newSalt = generateSalt();
+  const newKey = await deriveKey(newPassphrase, newSalt);
+  try {
+    const entries = {};
+    for (const [name, value] of plaintext) {
+      entries[name] = encryptEntry(value, newKey);
+    }
+    return {
+      version: SECRETS_SCHEMA_VERSION,
+      salt: newSalt.toString("base64"),
+      entries,
+      check: encryptEntry(VAULT_CHECK_PLAINTEXT, newKey)
+    };
+  } finally {
+    plaintext.clear();
+    newKey.fill(0);
+  }
+}
 function listKeys(vault) {
   return Object.keys(vault.entries).sort();
 }
@@ -5844,6 +6029,19 @@ Actions:
                           \`yaw-mcp login\` first. Refuses when the local
                           vault has a different salt (different passphrase
                           lineage) unless --force is passed.
+  rotate                  Re-encrypt every entry under a NEW passphrase
+                          (fresh salt + derived key). Re-wraps the
+                          ENCRYPTION, NOT the underlying token values -- a
+                          leaked token is still leaked; rotate it at its
+                          source. Reads the current passphrase, then the
+                          new one (env YAW_MCP_VAULT_PASSPHRASE_NEW or a
+                          confirm-twice TTY prompt). Pass --push to also
+                          upload the re-encrypted blob to mcp_secrets.
+  audit [--secret NAME] [--server NS]
+                          Show the local secret-resolution audit trail
+                          (~/.yaw-mcp/secrets-audit.log): which secret
+                          NAMES were injected into (or missing for) which
+                          server, and when. Never shows a value.
 
 Flags:
   --json                  Machine-readable output (where applicable).
@@ -5855,12 +6053,18 @@ Flags:
   --replace               (push only) Overwrite even when the remote vault
                           salt differs from the local (different passphrase
                           lineage). Coordinate with your team first.
+  --push                  (rotate only) After re-encrypting, push the new
+                          blob to mcp_secrets (requires a login session).
+  --secret <name>         (audit only) Filter to one secret name.
+  --server <ns>           (audit only) Filter to one server namespace.
 
 Passphrase:
   Set YAW_MCP_VAULT_PASSPHRASE in the env, or you will be prompted on
   the controlling TTY. The passphrase derives the encryption key via
   scrypt and is cached in memory for the lifetime of this yaw-mcp
-  process; the on-disk vault only ever holds ciphertext.`;
+  process; the on-disk vault only ever holds ciphertext. For rotate, the
+  NEW passphrase comes from YAW_MCP_VAULT_PASSPHRASE_NEW (or a TTY
+  confirm-twice prompt).`;
 function parseSecretsArgs(argv) {
   const opts = {};
   for (let i = 0; i < argv.length; i++) {
@@ -5882,6 +6086,10 @@ function parseSecretsArgs(argv) {
       opts.replace = true;
       continue;
     }
+    if (a === "--push") {
+      opts.push = true;
+      continue;
+    }
     if (a === "--value") {
       const v = argv[++i];
       if (v === void 0 || v.startsWith("-")) {
@@ -5895,13 +6103,31 @@ ${SECRETS_USAGE}`
       opts.value = v;
       continue;
     }
+    if (a === "--secret") {
+      const v = argv[++i];
+      if (v === void 0)
+        return { ok: false, error: `yaw-mcp secrets: --secret requires a value
+
+${SECRETS_USAGE}` };
+      opts.secretFilter = v;
+      continue;
+    }
+    if (a === "--server") {
+      const v = argv[++i];
+      if (v === void 0)
+        return { ok: false, error: `yaw-mcp secrets: --server requires a value
+
+${SECRETS_USAGE}` };
+      opts.serverFilter = v;
+      continue;
+    }
     if (a.startsWith("-")) {
       return { ok: false, error: `yaw-mcp secrets: unknown flag "${a}"
 
 ${SECRETS_USAGE}` };
     }
     if (!opts.action) {
-      if (a !== "set" && a !== "get" && a !== "list" && a !== "remove" && a !== "lock" && a !== "push" && a !== "pull") {
+      if (a !== "set" && a !== "get" && a !== "list" && a !== "remove" && a !== "lock" && a !== "push" && a !== "pull" && a !== "rotate" && a !== "audit") {
         return { ok: false, error: `yaw-mcp secrets: unknown action "${a}"
 
 ${SECRETS_USAGE}` };
@@ -5965,6 +6191,35 @@ async function resolvePassphrase(opts) {
   }
   return null;
 }
+async function resolveNewPassphrase(opts) {
+  if (opts.newPassphrase !== void 0) return opts.newPassphrase.length > 0 ? opts.newPassphrase : null;
+  const fromEnv = process.env.YAW_MCP_VAULT_PASSPHRASE_NEW;
+  if (typeof fromEnv === "string" && fromEnv.length > 0) {
+    if (fromEnv.length < MIN_PASSPHRASE_WARN_LEN) {
+      const stderr = opts.io?.stderr ?? process.stderr;
+      stderr.write(
+        `yaw-mcp secrets: warning -- the new passphrase is shorter than ${MIN_PASSPHRASE_WARN_LEN} characters; consider a longer passphrase.
+`
+      );
+    }
+    return fromEnv;
+  }
+  const stdin = opts.io?.stdin ?? process.stdin;
+  const stdout = opts.io?.stdout ?? process.stdout;
+  const isTTY = stdin.isTTY === true && stdout.isTTY === true;
+  if (!isTTY) return null;
+  for (let attempt = 0; attempt < MAX_PASSPHRASE_PROMPTS; attempt++) {
+    const first = await readPassphraseFromTTY(stdin, stdout, "New vault passphrase: ");
+    if (first.length === 0) {
+      stdout.write("Passphrase cannot be empty.\n");
+      continue;
+    }
+    const second = await readPassphraseFromTTY(stdin, stdout, "Confirm new passphrase: ");
+    if (first === second) return first;
+    stdout.write("Passphrases did not match. Try again.\n");
+  }
+  return null;
+}
 var MAX_PASSPHRASE_PROMPTS = 3;
 var MIN_PASSPHRASE_WARN_LEN = 12;
 function readPassphraseFromTTY(stdin, stdout, prompt = "Vault passphrase: ") {
@@ -6033,7 +6288,7 @@ async function runSecrets(opts, io = {
   out: (s) => process.stdout.write(s),
   err: (s) => process.stderr.write(s)
 }) {
-  const home = opts.home ?? homedir14();
+  const home = opts.home ?? homedir15();
   const path5 = vaultPath(home);
   if (opts.action === "lock") {
     lock();
@@ -6048,12 +6303,18 @@ async function runSecrets(opts, io = {
   if (opts.action === "pull") {
     return await runSecretsPull(opts, io);
   }
+  if (opts.action === "rotate") {
+    return await runSecretsRotate(opts, io);
+  }
+  if (opts.action === "audit") {
+    return await runSecretsAudit(opts, io);
+  }
   if (opts.action === "list") {
     const loaded = await safeLoadVault(path5, io, opts.json, "list");
     if (!loaded.ok) return loaded.result;
     const vault2 = loaded.vault;
     const keys = vault2 ? listKeys(vault2) : [];
-    if (opts.json) io.out(`${JSON.stringify({ ok: true, vault: existsSync5(path5), keys }, null, 2)}
+    if (opts.json) io.out(`${JSON.stringify({ ok: true, vault: existsSync6(path5), keys }, null, 2)}
 `);
     else if (!vault2) io.out(`No vault at ${path5}. Run \`yaw-mcp secrets set <name>\` to create one.
 `);
@@ -6084,7 +6345,7 @@ async function runSecrets(opts, io = {
   const loadedForMutate = await safeLoadVault(path5, io, opts.json, opts.action ?? "");
   if (!loadedForMutate.ok) return loadedForMutate.result;
   let vault = loadedForMutate.vault ?? newVault();
-  const isFresh = !existsSync5(path5);
+  const isFresh = !existsSync6(path5);
   const passphrase = await resolvePassphrase(opts);
   if (passphrase === null) {
     const msg = "Passphrase required. Set YAW_MCP_VAULT_PASSPHRASE or run from a TTY so we can prompt.";
@@ -6186,7 +6447,7 @@ async function runSecrets(opts, io = {
 }
 var MCP_SECRETS_RESOURCE = "mcp_secrets";
 async function runSecretsPush(opts, io) {
-  const home = opts.home ?? homedir14();
+  const home = opts.home ?? homedir15();
   const path5 = vaultPath(home);
   const session = await getSession({ home, baseUrl: opts.baseUrl });
   if (!session) {
@@ -6260,7 +6521,7 @@ async function runSecretsPush(opts, io) {
   }
 }
 async function runSecretsPull(opts, io) {
-  const home = opts.home ?? homedir14();
+  const home = opts.home ?? homedir15();
   const path5 = vaultPath(home);
   const session = await getSession({ home, baseUrl: opts.baseUrl });
   if (!session) {
@@ -6328,10 +6589,159 @@ async function runSecretsPull(opts, io) {
     return { exitCode: 1 };
   }
 }
+async function runSecretsRotate(opts, io) {
+  const home = opts.home ?? homedir15();
+  const path5 = vaultPath(home);
+  const vault = await loadVault(path5);
+  if (!vault) {
+    const msg = `No vault at ${path5} to rotate. Run \`yaw-mcp secrets set <name>\` first.`;
+    if (opts.json) io.err(`${JSON.stringify({ ok: false, error: msg })}
+`);
+    else io.err(`yaw-mcp secrets rotate: ${msg}
+`);
+    return { exitCode: 1 };
+  }
+  const currentPassphrase = await resolvePassphrase(opts);
+  if (currentPassphrase === null) {
+    const msg = "Current passphrase required. Set YAW_MCP_VAULT_PASSPHRASE or run from a TTY so we can prompt.";
+    if (opts.json) io.err(`${JSON.stringify({ ok: false, error: msg })}
+`);
+    else io.err(`yaw-mcp secrets rotate: ${msg}
+`);
+    return { exitCode: 1 };
+  }
+  let oldKey;
+  try {
+    oldKey = await unlock(vault, currentPassphrase);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (opts.json) io.err(`${JSON.stringify({ ok: false, error: msg })}
+`);
+    else io.err(`yaw-mcp secrets rotate: ${msg}
+`);
+    return { exitCode: 1 };
+  }
+  const newPassphrase = await resolveNewPassphrase(opts);
+  if (newPassphrase === null) {
+    const msg = "New passphrase required (and must be confirmed). Set YAW_MCP_VAULT_PASSPHRASE_NEW or run from a TTY so we can prompt.";
+    if (opts.json) io.err(`${JSON.stringify({ ok: false, error: msg })}
+`);
+    else io.err(`yaw-mcp secrets rotate: ${msg}
+`);
+    return { exitCode: 1 };
+  }
+  let rotated;
+  try {
+    rotated = await rotateVault(vault, oldKey, newPassphrase);
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (opts.json) io.err(`${JSON.stringify({ ok: false, error: msg })}
+`);
+    else io.err(`yaw-mcp secrets rotate: ${msg}
+`);
+    lock();
+    return { exitCode: 1 };
+  }
+  await saveVault(path5, rotated);
+  lock();
+  const count = Object.keys(rotated.entries).length;
+  let pushedVersion = null;
+  if (opts.push) {
+    const session = await getSession({ home, baseUrl: opts.baseUrl });
+    if (!session) {
+      const msg = "Rotated locally, but --push needs a session. Run `yaw-mcp login --key <license-key>` then push.";
+      if (opts.json) io.err(`${JSON.stringify({ ok: true, rotated: true, pushed: false, note: msg })}
+`);
+      else io.err(`yaw-mcp secrets rotate: ${msg}
+`);
+      return { exitCode: 0 };
+    }
+    try {
+      const remote = await getResource(MCP_SECRETS_RESOURCE, { home, baseUrl: opts.baseUrl });
+      const result = await putResource(MCP_SECRETS_RESOURCE, remote.version, rotated, {
+        home,
+        baseUrl: opts.baseUrl
+      });
+      pushedVersion = result.version;
+    } catch (err) {
+      if (err instanceof TeamSyncStaleVersionError) {
+        const hint = `Rotated locally. Push skipped -- remote is at v${err.currentVersion}; pull and reconcile, then push.`;
+        if (opts.json) io.err(`${JSON.stringify({ ok: true, rotated: true, pushed: false, note: hint })}
+`);
+        else io.err(`yaw-mcp secrets rotate: ${hint}
+`);
+        return { exitCode: 0 };
+      }
+      if (err instanceof TeamSyncAuthError) {
+        const hint = "Rotated locally. Push skipped -- session expired. Run `yaw-mcp login` again, then push.";
+        if (opts.json) io.err(`${JSON.stringify({ ok: true, rotated: true, pushed: false, note: hint })}
+`);
+        else io.err(`yaw-mcp secrets rotate: ${hint}
+`);
+        return { exitCode: 0 };
+      }
+      const message = err instanceof Error ? err.message : String(err);
+      if (opts.json) io.err(`${JSON.stringify({ ok: true, rotated: true, pushed: false, error: message })}
+`);
+      else io.err(`yaw-mcp secrets rotate: rotated locally but push failed: ${message}
+`);
+      return { exitCode: 0 };
+    }
+  }
+  if (opts.json) {
+    io.out(
+      `${JSON.stringify({ ok: true, rotated: true, secret_count: count, pushed: pushedVersion !== null, ...pushedVersion !== null ? { new_version: pushedVersion } : {} })}
+`
+    );
+  } else {
+    io.out(
+      `Rotated ${count} secret${count === 1 ? "" : "s"} under a new passphrase (encryption re-wrapped, token values unchanged).
+`
+    );
+    if (pushedVersion !== null) io.out(`Pushed the re-encrypted vault -> mcp_secrets v${pushedVersion}.
+`);
+    io.out("Vault locked -- the next secrets command will prompt for the new passphrase.\n");
+  }
+  return { exitCode: 0 };
+}
+async function runSecretsAudit(opts, io) {
+  const home = opts.home ?? homedir15();
+  let events;
+  try {
+    events = await readAuditLog(
+      {
+        ...opts.secretFilter !== void 0 ? { secret: opts.secretFilter } : {},
+        ...opts.serverFilter !== void 0 ? { server: opts.serverFilter } : {}
+      },
+      home
+    );
+  } catch (err) {
+    const msg = err instanceof Error ? err.message : String(err);
+    if (opts.json) io.err(`${JSON.stringify({ ok: false, error: msg })}
+`);
+    else io.err(`yaw-mcp secrets audit: ${msg}
+`);
+    return { exitCode: 1 };
+  }
+  if (opts.json) {
+    io.out(`${JSON.stringify({ ok: true, count: events.length, events }, null, 2)}
+`);
+    return { exitCode: 0 };
+  }
+  if (events.length === 0) {
+    io.out("No secret-resolution audit events recorded yet.\n");
+    return { exitCode: 0 };
+  }
+  for (const e of events) {
+    io.out(`${e.ts}  ${e.event === "injected" ? "injected" : "missing "}  ${e.server}  ${e.secret}
+`);
+  }
+  return { exitCode: 0 };
+}
 
 // src/server.ts
-import { readFile as readFile11 } from "fs/promises";
-import { homedir as homedir15 } from "os";
+import { readFile as readFile12 } from "fs/promises";
+import { homedir as homedir16 } from "os";
 import { isAbsolute as isAbsolute2, relative, resolve as resolve6 } from "path";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
@@ -6447,7 +6857,7 @@ function defaultSpawn2(cmd, args) {
 async function maybeAutoUpgrade(deps = {}) {
   const optOut = process.env.YAW_MCP_AUTO_UPGRADE;
   if (optOut === "0" || optOut?.toLowerCase() === "false") return;
-  const current = deps.currentVersion ?? (true ? "0.64.1" : "dev");
+  const current = deps.currentVersion ?? (true ? "0.65.0" : "dev");
   if (current === "dev") return;
   const method = (deps.isSeaImpl ? await deps.isSeaImpl() : await detectSea()) ? "binary" : detectInstallMethod(deps.argvPath ?? process.argv[1]);
   const latest = await (deps.fetchLatestImpl ?? fetchLatestVersion2)();
@@ -6953,22 +7363,22 @@ function closestNames(query, candidates, limit) {
 }
 
 // src/guide.ts
-import { readFile as readFile10 } from "fs/promises";
+import { readFile as readFile11 } from "fs/promises";
 var GUIDE_READ_TIMEOUT_MS = 1e3;
 async function readGuide(path5, scope) {
   let raw;
+  const ac = new AbortController();
+  const timer = setTimeout(() => ac.abort(new Error("guide read timeout")), GUIDE_READ_TIMEOUT_MS);
   try {
-    raw = await Promise.race([
-      readFile10(path5, "utf8"),
-      new Promise(
-        (_, reject) => setTimeout(() => reject(new Error("guide read timeout")), GUIDE_READ_TIMEOUT_MS)
-      )
-    ]);
+    raw = await readFile11(path5, { encoding: "utf8", signal: ac.signal });
   } catch (err) {
-    if (err instanceof Error && err.message === "guide read timeout") {
+    const isTimeout = err instanceof Error && err.code === "ABORT_ERR";
+    if (isTimeout) {
       log("warn", "Guide read timed out", { path: path5 });
     }
     return null;
+  } finally {
+    clearTimeout(timer);
   }
   const content = raw.trim();
   if (content.length === 0) {
@@ -7080,7 +7490,7 @@ function initHeartbeat(url, tok) {
   lastLoggedErrorMessage = null;
   warnedInsecureBearerSkip = false;
 }
-function shouldSendBearer(targetUrl) {
+function shouldSendBearer2(targetUrl) {
   let parsed;
   try {
     parsed = new URL(targetUrl);
@@ -7106,7 +7516,7 @@ async function reportHeartbeat(clientName, clientVersion, isRefresh = false) {
     const headers = {
       "Content-Type": "application/json"
     };
-    if (shouldSendBearer(fullUrl)) {
+    if (shouldSendBearer2(fullUrl)) {
       headers.Authorization = `Bearer ${token3}`;
     }
     const res = await request6(fullUrl, {
@@ -7572,6 +7982,26 @@ var META_TOOLS = {
       openWorldHint: false
     }
   },
+  secrets: {
+    name: "mcp_connect_secrets",
+    description: "List, per installed server, which local-vault secrets its `${secret:NAME}` env references resolve to -- by NAME only, never a value. Use this to confirm a server will get the credentials it needs before activating it, or to spot a typo'd / un-set secret reference. `injectedSecrets` are the names the local vault HAS and the server references; `missing` are names the server references but the vault LACKS (set them via `yaw-mcp secrets set <name>`). This is a values-free preview: it reads the vault's KEY LIST and the server's env-reference NAMES, and never decrypts or returns any secret value. Servers with no `${secret:...}` references are omitted. Requires no passphrase (no decryption happens).",
+    inputSchema: {
+      type: "object",
+      properties: {
+        server: {
+          type: "string",
+          description: 'Optional: restrict the report to a single server namespace (e.g. "gh"). Omit to report every installed server that references a vault secret.'
+        }
+      }
+    },
+    annotations: {
+      title: "Inspect Vault Secret Resolution",
+      readOnlyHint: true,
+      destructiveHint: false,
+      idempotentHint: true,
+      openWorldHint: false
+    }
+  },
   exec: {
     name: "mcp_connect_exec",
     description: "Run a short DECLARATIVE pipeline of upstream tool calls in a single round-trip. Use this when you already know the exact 2-4 tool calls to make and one call's output feeds another's args \u2014 e.g. `a = gh_list_prs(); b = gh_get_pr(a[0].number); return b`. NOT a code sandbox: there is no expression language, no loops, no branching, no arithmetic. The only control flow is sequential step execution; the only data-flow primitive is `{\"$ref\": \"<stepId>[.path.to.value]\"}` which substitutes a prior step's output (or a nested field of it) into the next step's args. Paths support dot keys and `[N]` / `.N` array indexing. Each step's `tool` must be a namespaced, already-loaded tool name (the exec does not auto-activate \u2014 call `mcp_connect_activate` first). Max 16 steps per exec. If any step fails, the whole pipeline fails and returns `{ ok: false, failedStep, error, partial: { ...completed outputs } }`. On success returns `{ ok: true, result: <return-step output>, steps: { ...all outputs } }`. Prefer this over back-to-back tool calls when the chain is deterministic \u2014 it saves prompt-token replay and client round-trips.",
@@ -7689,6 +8119,30 @@ function buildInstallPayload(args) {
   }
   return { ok: true, payload };
 }
+var SECRETS_REPORT_REF_RE = /\$\{secret:([a-zA-Z0-9_.-]+)\}/g;
+function computeSecretsReport(servers, vaultKeys) {
+  const rows = [];
+  for (const server of servers) {
+    const referenced = /* @__PURE__ */ new Set();
+    for (const v of Object.values(server.env ?? {})) {
+      if (typeof v !== "string") continue;
+      for (const m of v.matchAll(SECRETS_REPORT_REF_RE)) referenced.add(m[1]);
+    }
+    if (referenced.size === 0) continue;
+    const injectedSecrets = [];
+    const missing = [];
+    for (const name of referenced) {
+      if (vaultKeys.has(name)) injectedSecrets.push(name);
+      else missing.push(name);
+    }
+    rows.push({
+      server: server.namespace,
+      injectedSecrets: injectedSecrets.sort(),
+      missing: missing.sort()
+    });
+  }
+  return rows;
+}
 var META_TOOL_NAMES = /* @__PURE__ */ new Set([
   META_TOOLS.discover.name,
   META_TOOLS.activate.name,
@@ -7700,7 +8154,8 @@ var META_TOOL_NAMES = /* @__PURE__ */ new Set([
   META_TOOLS.read_tool.name,
   META_TOOLS.suggest.name,
   META_TOOLS.exec.name,
-  META_TOOLS.bundles.name
+  META_TOOLS.bundles.name,
+  META_TOOLS.secrets.name
 ]);
 
 // src/pack-detect.ts
@@ -8139,7 +8594,8 @@ function pruneJson(value) {
 }
 
 // src/read-tool.ts
-function normalizeToolName(namespace, raw) {
+function normalizeToolName(namespace, raw, tools) {
+  if (tools?.some((t) => t.name === raw)) return raw;
   const prefix = `${namespace}_`;
   if (raw.startsWith(prefix) && raw.length > prefix.length) return raw.slice(prefix.length);
   return raw;
@@ -9137,7 +9593,7 @@ async function resolveUvSpawn(command, args) {
 }
 
 // src/upstream.ts
-async function resolveServerEnv(env) {
+async function resolveServerEnv(env, namespace) {
   if (!hasSecretRefs(env)) return env;
   const refKeys = Object.entries(env).filter(([, v]) => typeof v === "string" && v.includes("${secret:")).map(([k]) => k);
   const passphrase = process.env.YAW_MCP_VAULT_PASSPHRASE;
@@ -9159,8 +9615,36 @@ async function resolveServerEnv(env) {
   if (missing.length > 0) {
     throw new Error(`vault: missing or undecryptable secret refs: ${missing.join(", ")}`);
   }
+  try {
+    await recordResolveAudit(namespace, env, missing);
+  } catch (auditErr) {
+    log("warn", "Failed to record secret-resolve audit (non-fatal)", {
+      namespace,
+      error: auditErr instanceof Error ? auditErr.message : String(auditErr)
+    });
+  }
   return resolved;
 }
+async function recordResolveAudit(namespace, env, missing) {
+  const missingSet = new Set(missing);
+  const referenced = collectSecretNames(env);
+  for (const name of referenced) {
+    if (missingSet.has(name)) continue;
+    await appendAuditEvent({ server: namespace, secret: name, event: "injected" });
+  }
+  for (const name of missingSet) {
+    await appendAuditEvent({ server: namespace, secret: name, event: "missing" });
+  }
+}
+function collectSecretNames(env) {
+  const names = /* @__PURE__ */ new Set();
+  const re = /\$\{secret:([a-zA-Z0-9_.-]+)\}/g;
+  for (const v of Object.values(env)) {
+    if (typeof v !== "string") continue;
+    for (const m of v.matchAll(re)) names.add(m[1]);
+  }
+  return [...names];
+}
 var DEFAULT_CONNECT_TIMEOUT = (() => {
   const env = process.env.MCP_CONNECT_TIMEOUT;
   if (!env) return 15e3;
@@ -9208,7 +9692,7 @@ function categorizeSpawnError(err) {
 }
 async function connectToUpstream(config, onDisconnect, onListChanged) {
   const client = new Client(
-    { name: "yaw-mcp", version: true ? "0.64.1" : "dev" },
+    { name: "yaw-mcp", version: true ? "0.65.0" : "dev" },
     { capabilities: {} }
   );
   let transport;
@@ -9224,7 +9708,7 @@ async function connectToUpstream(config, onDisconnect, onListChanged) {
       ...parentEnv
     } = process.env;
     const resolved = await resolveUvSpawn(config.command, config.args ?? []);
-    const serverEnv = await resolveServerEnv(config.env ?? {});
+    const serverEnv = await resolveServerEnv(config.env ?? {}, config.namespace);
     resolvedServerEnv = serverEnv;
     const stdioTransport = new StdioClientTransport({
       command: resolved.command,
@@ -9279,7 +9763,7 @@ async function connectToUpstream(config, onDisconnect, onListChanged) {
       message = `Server "${config.namespace}" started but didn't complete the MCP handshake within ${connectTimeoutMs / 1e3}s.${trimmedStderr ? ` stderr tail: ${redactSecretsInOutput(trimmedStderr, resolvedServerEnv).slice(-500)}` : ""}`;
     } else if (trimmedStderr.length > 0) {
       category = "install_failure";
-      const safe = redactSecretsInOutput(trimmedStderr, config.env ?? {});
+      const safe = redactSecretsInOutput(trimmedStderr, resolvedServerEnv);
       message = `Server "${config.namespace}" failed to start. stderr: ${safe.slice(-500)}`;
     } else {
       category = categorizeSpawnError(err);
@@ -9292,7 +9776,7 @@ async function connectToUpstream(config, onDisconnect, onListChanged) {
     if (config.id) {
       message = `${message} \u2192 Edit at https://yaw.sh/mcp/dashboard/connect#server-${config.id}`;
     }
-    const redactedTail = trimmedStderr ? redactSecretsInOutput(trimmedStderr, config.env ?? {}) : void 0;
+    const redactedTail = trimmedStderr ? redactSecretsInOutput(trimmedStderr, resolvedServerEnv) : void 0;
     throw new ActivationError(message, category, redactedTail, err);
   }
   log("info", "Connected to upstream", { name: config.name, namespace: config.namespace, type: config.type });
@@ -9540,7 +10024,7 @@ var ConnectServer = class _ConnectServer {
     this.apiUrl = apiUrl5;
     this.token = token5;
     this.server = new Server(
-      { name: "yaw-mcp", version: true ? "0.64.1" : "dev" },
+      { name: "yaw-mcp", version: true ? "0.65.0" : "dev" },
       {
         capabilities: {
           tools: { listChanged: true },
@@ -10122,6 +10606,17 @@ var ConnectServer = class _ConnectServer {
       recordConnectEvent({ namespace: null, toolName: null, action: "bundles", latencyMs: null, success: true });
       return this.attachGuideNudge(this.handleBundles(action));
     }
+    if (name === META_TOOLS.secrets.name) {
+      const serverArg = typeof args.server === "string" ? args.server : void 0;
+      recordConnectEvent({
+        namespace: serverArg ?? null,
+        toolName: null,
+        action: "secrets",
+        latencyMs: null,
+        success: true
+      });
+      return this.attachGuideNudge(await this.handleSecretsReport(serverArg));
+    }
     let routes = this.toolRoutes;
     let route = routes.get(name);
     if (route?.deferred) {
@@ -11217,7 +11712,7 @@ ${activeCount} loaded in this session, ${totalTools} tools in context${tokenSumm
     }
     const ALLOWED_FILENAMES = ["claude_desktop_config.json", "mcp.json", "settings.json", "mcp_config.json"];
     try {
-      const resolved = filepath.startsWith("~/") || filepath.startsWith("~\\") ? resolve6(homedir15(), filepath.slice(2)) : resolve6(filepath);
+      const resolved = filepath.startsWith("~/") || filepath.startsWith("~\\") ? resolve6(homedir16(), filepath.slice(2)) : resolve6(filepath);
       const resolvedBasename = resolved.split(/[/\\]/).pop() || "";
       if (!ALLOWED_FILENAMES.includes(resolvedBasename)) {
         return {
@@ -11234,7 +11729,7 @@ ${activeCount} loaded in this session, ${totalTools} tools in context${tokenSumm
         const rel = relative(base, p);
         return rel === "" || !rel.startsWith("..") && !isAbsolute2(rel);
       };
-      if (!isUnder(homedir15(), resolved) && !isUnder(process.cwd(), resolved)) {
+      if (!isUnder(homedir16(), resolved) && !isUnder(process.cwd(), resolved)) {
         return {
           content: [
             { type: "text", text: "Import path must be under your home directory or the current working directory." }
@@ -11242,7 +11737,7 @@ ${activeCount} loaded in this session, ${totalTools} tools in context${tokenSumm
           isError: true
         };
       }
-      const raw = await readFile11(resolved, "utf-8");
+      const raw = await readFile12(resolved, "utf-8");
       const parsed = JSON.parse(raw);
       if (!parsed.mcpServers || typeof parsed.mcpServers !== "object" || Array.isArray(parsed.mcpServers)) {
         return {
@@ -11471,9 +11966,9 @@ Use mcp_connect_discover to see imported servers.`
         isError: true
       };
     }
-    const toolName = normalizeToolName(serverArg, toolArg);
     const existing = this.connections.get(serverArg);
     if (existing && existing.status === "connected") {
+      const toolName = normalizeToolName(serverArg, toolArg, existing.tools);
       const tool = findTool(existing.tools, toolName);
       if (!tool) {
         return {
@@ -11509,6 +12004,7 @@ Use mcp_connect_discover to see imported servers.`
       };
     }
     try {
+      const toolName = normalizeToolName(serverArg, toolArg, transient.tools);
       const tool = findTool(transient.tools, toolName);
       if (!tool) {
         return {
@@ -11533,6 +12029,43 @@ Use mcp_connect_discover to see imported servers.`
       );
     }
   }
+  // Values-free preview of which local-vault secrets each installed
+  // server's `${secret:NAME}` env refs resolve to. NAMES ONLY -- this
+  // reads the vault's KEY LIST (listKeys, no unlock, no passphrase) and
+  // the servers' env-reference names, and NEVER calls getSecret /
+  // decryptEntry. Servers with no refs are omitted.
+  async handleSecretsReport(serverArg) {
+    const vault = await loadVault(vaultPath()).catch(() => null);
+    const vaultKeys = new Set(vault ? listKeys(vault) : []);
+    let servers = this.getProfiledActiveServers().map((s) => ({ namespace: s.namespace, env: s.env }));
+    if (serverArg) servers = servers.filter((s) => s.namespace === serverArg);
+    const rows = computeSecretsReport(servers, vaultKeys);
+    if (serverArg && servers.length === 0) {
+      return {
+        content: [
+          {
+            type: "text",
+            text: `No installed server with namespace "${serverArg}". Call mcp_connect_discover to list installed servers.`
+          }
+        ],
+        isError: true
+      };
+    }
+    if (rows.length === 0) {
+      const scope = serverArg ? `Server "${serverArg}"` : "No installed server";
+      return {
+        content: [
+          {
+            type: "text",
+            text: `${scope} references any \${secret:NAME} vault values. Add a reference in a server's env (e.g. GITHUB_TOKEN=\${secret:gh}) and store the value with \`yaw-mcp secrets set <name>\`.`
+          }
+        ]
+      };
+    }
+    return {
+      content: [{ type: "text", text: JSON.stringify(rows, null, 2) }]
+    };
+  }
   handleHealth() {
     const lines = [];
     if (this.profile) {
@@ -11974,9 +12507,10 @@ async function runServersCommand(opts = {}) {
     printErr("yaw-mcp servers: backend returned no data (unexpected 304).");
     return { exitCode: 2, lines };
   }
-  const filtered = opts.filter ? {
+  const filterStr = opts.filter;
+  const filtered = filterStr !== void 0 ? {
     ...backend,
-    servers: backend.servers.filter((s) => s.namespace.toLowerCase().includes(opts.filter.toLowerCase()))
+    servers: backend.servers.filter((s) => s.namespace.toLowerCase().includes(filterStr.toLowerCase()))
   } : backend;
   const gradesReader = opts.gradesReader ?? readGradesCache;
   const grades = await gradesReader(opts.home).catch(() => ({}));
@@ -11991,12 +12525,12 @@ async function runServersCommand(opts = {}) {
     const payload = {
       ...merged,
       filter: opts.filter ?? null,
-      filterMatched: opts.filter ? merged.servers.length > 0 : null
+      filterMatched: opts.filter !== void 0 ? merged.servers.length > 0 : null
     };
     print(JSON.stringify(payload, null, 2));
     return { exitCode: 0, lines };
   }
-  if (opts.filter && filtered.servers.length === 0) {
+  if (opts.filter !== void 0 && filtered.servers.length === 0) {
     print(`No servers match "${opts.filter}". Run \`yaw-mcp servers\` to see the full list.`);
     return { exitCode: 0, lines };
   }
@@ -12044,21 +12578,21 @@ function truncateVersion(v) {
 }
 
 // src/set-active-cmd.ts
-import { homedir as homedir16 } from "os";
+import { homedir as homedir17 } from "os";
 
 // src/sync-state.ts
-import { existsSync as existsSync6 } from "fs";
-import { mkdir as mkdir5, readFile as readFile12 } from "fs/promises";
-import { dirname as dirname4, join as join11 } from "path";
+import { existsSync as existsSync7 } from "fs";
+import { mkdir as mkdir5, readFile as readFile13 } from "fs/promises";
+import { dirname as dirname4, join as join12 } from "path";
 var SYNC_STATE_FILENAME = "sync-state.json";
 function syncStatePath(home) {
-  return join11(home, CONFIG_DIRNAME, SYNC_STATE_FILENAME);
+  return join12(home, CONFIG_DIRNAME, SYNC_STATE_FILENAME);
 }
 async function readSyncState(home) {
   const path5 = syncStatePath(home);
-  if (!existsSync6(path5)) return {};
+  if (!existsSync7(path5)) return {};
   try {
-    const raw = await readFile12(path5, "utf8");
+    const raw = await readFile13(path5, "utf8");
     const parsed = JSON.parse(raw);
     if (!parsed || typeof parsed !== "object") return {};
     return parsed;
@@ -12162,10 +12696,15 @@ async function runSetActive(opts, io = { out: (s) => process.stdout.write(s), er
           base
         );
         if (typeof putRes.version === "number") {
-          await deps.writeSyncState(opts.home ?? homedir16(), {
+          await deps.writeSyncState(opts.home ?? homedir17(), {
             mcp_bundles: { lastPulledVersion: putRes.version }
           }).catch(() => {
           });
+        } else {
+          io.err(
+            `yaw-mcp set-active: putRes.version was not a number (got ${JSON.stringify(putRes.version)}); local sync-state not updated
+`
+          );
         }
         return done(io, opts.json, namespace, active, true);
       } catch (e) {
@@ -12203,7 +12742,7 @@ function fail(io, json, message, code) {
 }
 
 // src/stats-cmd.ts
-import { homedir as homedir17 } from "os";
+import { homedir as homedir18 } from "os";
 var STATS_USAGE = `Usage: yaw-mcp stats [--json] [--limit N] [--days N]
 
   Print a digest of recent AI tool calls recorded against your Yaw
@@ -12327,7 +12866,7 @@ async function runStats(opts, io = {
   out: (s) => process.stdout.write(s),
   err: (s) => process.stderr.write(s)
 }) {
-  const home = opts.home ?? homedir17();
+  const home = opts.home ?? homedir18();
   const session = await getSession({ home, baseUrl: opts.baseUrl });
   if (!session) {
     const msg = "Not signed in. Yaw MCP analytics requires a Yaw Team account.\n  - Yaw Team: $15/seat/mo or $150/seat/yr -- https://yaw.sh/mcp\nSign in with: yaw-mcp login --key <license-key>";
@@ -12416,14 +12955,22 @@ function suggestSubcommand(input, limit = 3) {
 }
 function suggestFlag(input, limit = 2) {
   if (input.length <= 2) return [];
-  return closestNames(input, FLAG_ALIASES, limit);
+  const q = input.toLowerCase();
+  const hits = [];
+  for (const alias of FLAG_ALIASES) {
+    if (alias.toLowerCase() === q) continue;
+    const d = levenshtein(q, alias.toLowerCase());
+    if (d <= 2) hits.push({ name: alias, d });
+  }
+  hits.sort((a, b) => a.d - b.d || a.name.localeCompare(b.name));
+  return hits.slice(0, limit).map((h) => h.name);
 }
 
 // src/sync-cmd.ts
-import { existsSync as existsSync7 } from "fs";
-import { mkdir as mkdir6, readFile as readFile13 } from "fs/promises";
-import { homedir as homedir18 } from "os";
-import { dirname as dirname5, join as join12 } from "path";
+import { existsSync as existsSync8 } from "fs";
+import { mkdir as mkdir6, readFile as readFile14 } from "fs/promises";
+import { homedir as homedir19 } from "os";
+import { dirname as dirname5, join as join13 } from "path";
 var SYNC_USAGE = `Usage: yaw-mcp sync <push|pull|status> [--json]
 
   Replicate ~/.yaw-mcp/bundles.json across machines via your Yaw
@@ -12470,12 +13017,12 @@ ${SYNC_USAGE}` };
   return { ok: true, options: opts };
 }
 function bundlesPath(home) {
-  return join12(home, CONFIG_DIRNAME, BUNDLES_FILENAME2);
+  return join13(home, CONFIG_DIRNAME, BUNDLES_FILENAME2);
 }
 async function readLocalBundles(home) {
   const path5 = bundlesPath(home);
-  if (!existsSync7(path5)) return { version: 1, servers: [] };
-  const raw = await readFile13(path5, "utf8");
+  if (!existsSync8(path5)) return { version: 1, servers: [] };
+  const raw = await readFile14(path5, "utf8");
   let parsed;
   try {
     parsed = JSON.parse(raw);
@@ -12526,7 +13073,7 @@ async function runSync(opts, io = {
   out: (s) => process.stdout.write(s),
   err: (s) => process.stderr.write(s)
 }) {
-  const home = opts.home ?? homedir18();
+  const home = opts.home ?? homedir19();
   const session = await getSession({ home, baseUrl: opts.baseUrl });
   if (!session) {
     const msg = "Not signed in. Run `yaw-mcp login --key <license-key>` first.";
@@ -12685,10 +13232,11 @@ function handleSyncError(err, opts, io) {
     return { exitCode: 1 };
   }
   if (err instanceof TeamSyncAuthError) {
-    if (opts.json)
-      io.err(`${JSON.stringify({ ok: false, error: "Session expired or revoked. Run `yaw-mcp login` again." })}
+    const authMsg = "Session expired or revoked. Run `yaw-mcp login --key <license-key>` again.";
+    if (opts.json) io.err(`${JSON.stringify({ ok: false, error: authMsg })}
+`);
+    else io.err(`yaw-mcp sync: ${authMsg}
 `);
-    else io.err("yaw-mcp sync: session expired or revoked. Run `yaw-mcp login --key <license-key>` again.\n");
     return { exitCode: 1 };
   }
   if (err instanceof TeamSyncForbiddenError) {
@@ -13100,7 +13648,7 @@ if (subcommand === "compliance") {
 `);
   process.exit(0);
 } else if (subcommand === "--version" || subcommand === "-V") {
-  process.stdout.write(`yaw-mcp ${true ? "0.64.1" : "dev"}
+  process.stdout.write(`yaw-mcp ${true ? "0.65.0" : "dev"}
 `);
   process.exit(0);
 } else if (subcommand && !subcommand.startsWith("-")) {