clementine-agent 1.1.3 → 1.1.4

package/dist/cli/index.js

@@ -1227,13 +1227,19 @@ async function cmdConfigKeychainFixAcl(opts) {
     const RED = '\x1b[0;31m';
     const RESET = '\x1b[0m';
     const entries = listClementineKeychainEntries();
+    const ours = entries.filter(e => e.isClementine);
+    const foreign = entries.filter(e => !e.isClementine);
     console.log();
-    console.log(`  ${BOLD}Found ${entries.length} clementine-agent keychain entr${entries.length === 1 ? 'y' : 'ies'}.${RESET}`);
-    for (const e of entries)
-        console.log(`    ${DIM}${e.account}${RESET}`);
+    console.log(`  ${BOLD}Found ${entries.length} entr${entries.length === 1 ? 'y' : 'ies'} under clementine* services.${RESET}`);
+    console.log(`  ${DIM}Will fix ${ours.length}; will skip ${foreign.length} (look like other apps).${RESET}`);
     console.log();
-    if (entries.length === 0) {
-        console.log(`  ${GREEN}Nothing to fix.${RESET}`);
+    for (const e of entries) {
+        const tag = e.isClementine ? `${GREEN}fix${RESET}` : `${DIM}skip${RESET}`;
+        console.log(`    [${tag}] ${e.service}/${e.account}`);
+    }
+    console.log();
+    if (ours.length === 0) {
+        console.log(`  ${GREEN}Nothing Clementine-shaped to fix.${RESET}`);
         console.log();
         return;
     }
@@ -1244,29 +1250,34 @@ async function cmdConfigKeychainFixAcl(opts) {
     }
     console.log(`  ${BOLD}Fixing ACLs...${RESET}`);
     console.log(`  ${DIM}macOS may ask for your login keychain password (the system prompt — it DOES appear).${RESET}`);
-    console.log(`  ${DIM}You may also be asked to "Always Allow" — pick that.${RESET}`);
+    console.log(`  ${DIM}One prompt per entry; type Mac password + Enter for each.${RESET}`);
     console.log();
     const results = fixAllClementineEntries();
     let okCount = 0;
     let failCount = 0;
+    let skipCount = 0;
     for (const r of results) {
         if (r.status === 'fixed') {
-            console.log(`    ${GREEN}✓${RESET} ${r.account}`);
+            console.log(`    ${GREEN}✓${RESET} ${r.service}/${r.account}`);
             okCount++;
         }
+        else if (r.status === 'skipped-foreign') {
+            skipCount++;
+        }
         else {
-            console.log(`    ${RED}✗${RESET} ${r.account} ${DIM}— ${r.error}${RESET}`);
+            console.log(`    ${RED}✗${RESET} ${r.service}/${r.account} ${DIM}— ${r.error}${RESET}`);
             failCount++;
         }
     }
     console.log();
     if (failCount === 0) {
-        console.log(`  ${GREEN}All ${okCount} entries fixed.${RESET} ${DIM}Future reads via the security CLI succeed silently.${RESET}`);
+        console.log(`  ${GREEN}All ${okCount} Clementine entries fixed.${RESET} ${DIM}Future reads via the security CLI succeed silently.${RESET}`);
+        if (skipCount > 0)
+            console.log(`  ${DIM}(${skipCount} foreign entr${skipCount === 1 ? 'y' : 'ies'} left untouched.)${RESET}`);
     }
     else {
-        console.log(`  ${YELLOW}${okCount} fixed, ${failCount} failed.${RESET}`);
-        console.log(`  ${DIM}Failed entries can be fixed manually in Keychain Access.app:${RESET}`);
-        console.log(`  ${DIM}  search "clementine-agent" → double-click → Access Control → Allow all applications.${RESET}`);
+        console.log(`  ${YELLOW}${okCount} fixed, ${failCount} failed${skipCount > 0 ? `, ${skipCount} foreign-skipped` : ''}.${RESET}`);
+        console.log(`  ${DIM}Failed entries can be fixed manually in Keychain Access.app.${RESET}`);
     }
     console.log();
 }

package/dist/config/keychain-fix-acl.d.ts

@@ -20,37 +20,43 @@
  * (the macOS system prompt — the one that DOES reliably appear). After
  * approving, all entries become readable without further prompts.
  */
+/**
+ * Both keychain service names the codebase has used over time:
+ * - "clementine-agent" — used by src/secrets/keychain.ts (env_set / migrate-to-keychain)
+ * - "clementine"       — getSecret's default fallback when no explicit service
+ *                        passed (src/config.ts: ASSISTANT_NAME.toLowerCase()).
+ *                        Holds older per-agent and handoff entries.
+ */
+declare const SERVICES: readonly ["clementine-agent", "clementine"];
+type Service = typeof SERVICES[number];
 export interface KeychainEntry {
+    service: Service;
     account: string;
+    /** True when isClementineAccount returned true; only these get fixed. */
+    isClementine: boolean;
 }
 export interface AclFixResult {
+    service: Service;
     account: string;
-    status: 'fixed' | 'failed';
+    status: 'fixed' | 'failed' | 'skipped-foreign';
     error?: string;
 }
 /**
- * Enumerate every clementine-agent keychain entry. Uses the dump-keychain
- * grep approach since `security` doesn't expose a clean list-by-service.
- * Read-only, no prompts.
- */
-export declare function listClementineKeychainEntries(): KeychainEntry[];
-/**
- * Add `apple-tool:,apple:` to the partition list of a given account.
- *
- * `security set-generic-password-partition-list` prompts on the controlling
- * terminal — `password to unlock default:` — for the user's login keychain
- * password. We must inherit stdio so the child can read from the parent's
- * TTY; piped stdio causes security to consume an empty line and fail with
- * "exit code null" / "wrong password."
+ * Enumerate every keychain entry under any service in SERVICES. Uses the
+ * dump-keychain grep approach since `security` doesn't expose a clean
+ * list-by-service. Read-only, no prompts.
  *
- * That means this function only works when called from an interactive shell.
- * Callers in non-TTY contexts should fall back to instructing the user to
- * run `clementine config keychain-fix-acl` from their own terminal.
+ * For the legacy "clementine" service we set `isClementine: false` on any
+ * entry that doesn't match our naming patterns — those get reported but
+ * never touched (could be other apps that coincidentally chose that name).
  */
-export declare function fixAcl(account: string): AclFixResult;
+export declare function listClementineKeychainEntries(): KeychainEntry[];
+export declare function fixAcl(service: Service, account: string): AclFixResult;
 /**
- * Plan + apply: enumerate entries, fix each in turn. Returns per-entry
- * results so the CLI can render a checklist.
+ * Plan + apply: enumerate entries, fix each Clementine-shaped one in turn.
+ * Foreign entries (other apps under the legacy "clementine" service) get
+ * reported with status='skipped-foreign' and never touched.
  */
 export declare function fixAllClementineEntries(): AclFixResult[];
+export {};
 //# sourceMappingURL=keychain-fix-acl.d.ts.map

package/dist/config/keychain-fix-acl.js

@@ -21,30 +21,97 @@
  * approving, all entries become readable without further prompts.
  */
 import { execSync, spawnSync } from 'node:child_process';
-const SERVICE = 'clementine-agent';
 /**
- * Enumerate every clementine-agent keychain entry. Uses the dump-keychain
- * grep approach since `security` doesn't expose a clean list-by-service.
- * Read-only, no prompts.
+ * Both keychain service names the codebase has used over time:
+ * - "clementine-agent" — used by src/secrets/keychain.ts (env_set / migrate-to-keychain)
+ * - "clementine"       — getSecret's default fallback when no explicit service
+ *                        passed (src/config.ts: ASSISTANT_NAME.toLowerCase()).
+ *                        Holds older per-agent and handoff entries.
+ */
+const SERVICES = ['clementine-agent', 'clementine'];
+/**
+ * Under the legacy "clementine" service, some non-Clementine apps
+ * coincidentally store entries (e.g., macOS "Local Crypto Key Data"
+ * with a UUID prefix). We refuse to touch those — only entries that
+ * match our naming conventions get the ACL update.
+ */
+function isClementineAccount(service, account) {
+    if (service === 'clementine-agent')
+        return true; // we own this whole service
+    // For the legacy "clementine" service, conservatively only touch entries
+    // that look like things we set: per-agent secrets (AGENT_*),
+    // handoff-decryption-key-*, oauth-tokens, env-var names (UPPER_SNAKE),
+    // anything starting with "clementine-".
+    if (account.startsWith('AGENT_'))
+        return true;
+    if (account.startsWith('handoff-'))
+        return true;
+    if (account === 'oauth-tokens')
+        return true;
+    if (account.startsWith('clementine-'))
+        return true;
+    if (/^[A-Z][A-Z0-9_]*$/.test(account))
+        return true;
+    return false;
+}
+/**
+ * Enumerate every keychain entry under any service in SERVICES. Uses the
+ * dump-keychain grep approach since `security` doesn't expose a clean
+ * list-by-service. Read-only, no prompts.
+ *
+ * For the legacy "clementine" service we set `isClementine: false` on any
+ * entry that doesn't match our naming patterns — those get reported but
+ * never touched (could be other apps that coincidentally chose that name).
  */
 export function listClementineKeychainEntries() {
+    let raw;
     try {
-        const out = execSync('/usr/bin/security dump-keychain 2>/dev/null', {
+        raw = execSync('/usr/bin/security dump-keychain 2>/dev/null', {
             encoding: 'utf-8',
-            timeout: 5000,
+            timeout: 10_000,
             stdio: ['pipe', 'pipe', 'pipe'],
+            maxBuffer: 32 * 1024 * 1024,
         });
-        const accounts = new Set();
-        // Lines look like:  "acct"<blob>="clementine-agent-DISCORD_TOKEN"
-        const re = /"acct"<blob>="(clementine-agent-[^"]+)"/g;
-        for (const m of out.matchAll(re)) {
-            accounts.add(m[1]);
-        }
-        return Array.from(accounts).sort().map(account => ({ account }));
     }
     catch {
         return [];
     }
+    // dump-keychain emits one record per item. Within a record, fields appear
+    // in arbitrary order — `acct` often comes BEFORE `svce`. So we can't track
+    // "last-seen svce" line-by-line; we have to split into per-record blocks
+    // and extract both fields from each block.
+    //
+    // Each record starts with `keychain: "/path/to/keychain"` followed by the
+    // `version`, `class`, `attributes:` lines and the field blobs. The next
+    // record begins at the next `^keychain: ` line.
+    const entries = [];
+    const seen = new Set();
+    // Split by record boundary. Use a positive lookahead so the delimiter stays
+    // at the start of each chunk.
+    const blocks = raw.split(/\n(?=keychain: ")/);
+    for (const block of blocks) {
+        const svceMatch = block.match(/"svce"<blob>="([^"]+)"/);
+        const acctMatch = block.match(/"acct"<blob>="([^"]+)"/);
+        if (!svceMatch || !acctMatch)
+            continue;
+        const svc = svceMatch[1];
+        const account = acctMatch[1];
+        if (!SERVICES.includes(svc))
+            continue;
+        const service = svc;
+        const dedupeKey = `${service}\x00${account}`;
+        if (seen.has(dedupeKey))
+            continue;
+        seen.add(dedupeKey);
+        entries.push({
+            service,
+            account,
+            isClementine: isClementineAccount(service, account),
+        });
+    }
+    // Stable sort: service first, then account
+    entries.sort((a, b) => a.service === b.service ? a.account.localeCompare(b.account) : a.service.localeCompare(b.service));
+    return entries;
 }
 /**
  * Add `apple-tool:,apple:` to the partition list of a given account.
@@ -59,34 +126,75 @@ export function listClementineKeychainEntries() {
  * Callers in non-TTY contexts should fall back to instructing the user to
  * run `clementine config keychain-fix-acl` from their own terminal.
  */
-export function fixAcl(account) {
-    const result = spawnSync('/usr/bin/security', [
+/**
+ * Discover which keychain a (service, account) pair lives in. Returns the
+ * path or null if find-generic-password can't locate it (in which case we
+ * skip — the entry isn't reachable via standard search anyway).
+ */
+function locateKeychain(service, account) {
+    const probe = spawnSync('/usr/bin/security', [
+        'find-generic-password',
+        '-s', service,
+        '-a', account,
+    ], {
+        stdio: ['pipe', 'pipe', 'pipe'],
+        timeout: 5000,
+        encoding: 'utf-8',
+    });
+    if (probe.status !== 0)
+        return null;
+    // First line is `keychain: "/path/to/keychain"` — extract.
+    const first = (probe.stdout || '').split('\n')[0] ?? '';
+    const m = first.match(/^keychain:\s+"([^"]+)"/);
+    return m ? m[1] : null;
+}
+export function fixAcl(service, account) {
+    const keychainPath = locateKeychain(service, account);
+    if (!keychainPath) {
+        return {
+            service,
+            account,
+            status: 'failed',
+            error: 'item not findable via standard search (may be in iCloud or a non-default keychain) — leaving alone',
+        };
+    }
+    // Pass the keychain path as the trailing positional arg so partition-list
+    // doesn't search the wrong store.
+    const args = [
         'set-generic-password-partition-list',
-        '-s', SERVICE,
+        '-s', service,
         '-a', account,
         '-S', 'apple-tool:,apple:',
-    ], {
+        keychainPath,
+    ];
+    const result = spawnSync('/usr/bin/security', args, {
         stdio: 'inherit',
-        timeout: 120_000, // 2min — generous since the user is typing per call
+        timeout: 120_000,
     });
     if (result.status === 0) {
-        return { account, status: 'fixed' };
+        return { service, account, status: 'fixed' };
     }
     return {
+        service,
         account,
         status: 'failed',
         error: result.error?.message ?? `exit code ${result.status}`,
     };
 }
 /**
- * Plan + apply: enumerate entries, fix each in turn. Returns per-entry
- * results so the CLI can render a checklist.
+ * Plan + apply: enumerate entries, fix each Clementine-shaped one in turn.
+ * Foreign entries (other apps under the legacy "clementine" service) get
+ * reported with status='skipped-foreign' and never touched.
  */
 export function fixAllClementineEntries() {
     const entries = listClementineKeychainEntries();
     const results = [];
     for (const entry of entries) {
-        results.push(fixAcl(entry.account));
+        if (!entry.isClementine) {
+            results.push({ service: entry.service, account: entry.account, status: 'skipped-foreign' });
+            continue;
+        }
+        results.push(fixAcl(entry.service, entry.account));
     }
     return results;
 }

package/dist/config.d.ts

@@ -14,6 +14,13 @@ export declare const BASE_DIR: string;
 export declare function envSnapshot(): Record<string, string | undefined>;
 /** Test-only: clear the keychain ref cache so re-resolution can be tested. */
 export declare function _resetKeychainRefCache(): void;
+/**
+ * Return the keychain stubs that couldn't be resolved this process. Used by
+ * the daemon entrypoint to log a clear remediation hint at boot if any
+ * keychain reads are failing (typically: ACL not yet partition-listed →
+ * `clementine config keychain-fix-acl` fixes it).
+ */
+export declare function getFailedKeychainResolutions(): string[];
 export declare const VAULT_DIR: string;
 export declare const SYSTEM_DIR: string;
 export declare const DAILY_NOTES_DIR: string;

package/dist/config.js

@@ -117,6 +117,20 @@ export function envSnapshot() {
 export function _resetKeychainRefCache() {
     resolvedKeychainRefs.clear();
 }
+/**
+ * Return the keychain stubs that couldn't be resolved this process. Used by
+ * the daemon entrypoint to log a clear remediation hint at boot if any
+ * keychain reads are failing (typically: ACL not yet partition-listed →
+ * `clementine config keychain-fix-acl` fixes it).
+ */
+export function getFailedKeychainResolutions() {
+    const out = [];
+    for (const [stub, value] of resolvedKeychainRefs) {
+        if (value === null)
+            out.push(stub);
+    }
+    return out;
+}
 // ── Paths ────────────────────────────────────────────────────────────
 export const VAULT_DIR = path.join(BASE_DIR, 'vault');
 export const SYSTEM_DIR = path.join(VAULT_DIR, '00-System');

package/dist/index.js

@@ -548,6 +548,17 @@ async function asyncMain() {
         hydrateSecretsFromEnv();
     }
     catch { /* non-fatal — non-macOS systems, or keychain unavailable */ }
+    // ── Surface keychain resolution failures with a clear remediation hint ──
+    // If any keychain ref couldn't be read at module-init time, the user is
+    // probably hitting the per-process approval-dialog issue (entry written
+    // with the wrong ACL). The fix is one command — print it loud so they
+    // don't have to grep for the answer.
+    const failedKcRefs = config.getFailedKeychainResolutions();
+    if (failedKcRefs.length > 0) {
+        logger.warn({ count: failedKcRefs.length, refs: failedKcRefs }, `${failedKcRefs.length} keychain reference(s) could not be resolved at startup.`);
+        logger.warn('Affected channels/integrations may be degraded. Fix in one command: clementine config keychain-fix-acl');
+        logger.warn('See: https://github.com/Natebreynolds/Clementine-AI-Assistant#keychain-prompts');
+    }
     // ── Check MCP extension permissions ────────────────────────────
     try {
         const { checkPermissionsOnStartup, bootstrapClaudeIntegrationsFromAuditLog, probeAvailableTools } = await import('./agent/mcp-bridge.js');

package/dist/tools/admin-tools.js

@@ -122,10 +122,10 @@ export function registerAdminTools(server) {
         return textResult(`Timer set. Reminder in ${minutes} minute${minutes !== 1 ? 's' : ''} (~${fireTime}): "${message}"`);
     });
     // ── Env self-configuration (owner-DM only) ────────────────────────────
-    server.tool('env_set', 'Save or update an env var. Owner-DM only. In "auto" mode (default), credential-shaped keys (API keys, tokens, secrets, passwords) go to the macOS Keychain; everything else goes to plain ~/.clementine/.env. Force keychain or env via the storage arg if you need to override. Changes take effect immediately; process.env gets the real value and the next tool call can use it. Use this when the owner gives a value in chat — never tell them to hand-edit files.', {
+    server.tool('env_set', 'Save or update an env var. Owner-DM only. Default behavior writes to plain ~/.clementine/.env (mode 0600). Pass storage="keychain" to opt into macOS Keychain storage — but be aware keychain entries can require per-app approval prompts on first read which create UX friction (see commit history for the rabbit hole). Use plain .env unless you specifically need at-rest encryption beyond filesystem permissions.', {
         key: z.string().describe('Env var name (uppercase with underscores, e.g. STRIPE_API_KEY)'),
         value: z.string().describe('The value to store. Never echo back to the user; it will be masked in logs.'),
-        storage: z.enum(['keychain', 'env', 'auto']).optional().describe('Where to store it. "auto" (default) routes credential-shaped keys to Keychain and config-shaped keys to plain .env. "keychain" forces Keychain. "env" forces plaintext .env.'),
+        storage: z.enum(['keychain', 'env', 'auto']).optional().describe('Where to store it. Default (and "auto"/"env") writes plaintext to ~/.clementine/.env. "keychain" opts into macOS Keychain — only use when at-rest encryption matters more than read ergonomics.'),
     }, async ({ key, value, storage }) => {
         const gate = requireOwnerDm();
         if (!gate.ok)
@@ -137,14 +137,19 @@ export function registerAdminTools(server) {
         if (!value)
             return textResult('Refused: empty value. Use env_unset to remove a key.');
         const mode = storage ?? 'auto';
-        const looksSensitive = isSensitiveEnvKey(normalizedKey);
-        // auto mode: keychain-route only credential-shaped keys, so config knobs
-        // (BUDGET_*, OWNER_NAME, etc.) stay readable as plain .env values.
-        const useKeychain = mode === 'keychain' ||
-            (mode === 'auto' && looksSensitive && keychain.isAvailable());
+        // Keychain is now strictly opt-in. The legacy 'auto' mode used to route
+        // credential-shaped keys to keychain, but that produced a class of read-
+        // approval dialog UX bugs (see commits 88cfd99 .. c34da0b). Plaintext .env
+        // with mode 0600 is the safer default — credentials still encrypted at
+        // rest if FileVault is on, and no per-process keychain prompts.
+        const useKeychain = mode === 'keychain';
         if (mode === 'keychain' && !keychain.isAvailable()) {
             return textResult('Refused: Keychain storage requested but macOS Keychain is unavailable on this system.');
         }
+        // Reference unused-but-imported helper so the import line stays meaningful
+        // for grep — it's used by other modules and we may re-enable smart routing
+        // later behind a feature flag.
+        void isSensitiveEnvKey;
         const map = parseEnvFile();
         const existed = map.has(normalizedKey);
         let envFileValue;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "clementine-agent",
-  "version": "1.1.3",
+  "version": "1.1.4",
   "description": "Clementine — Personal AI Assistant (TypeScript)",
   "type": "module",
   "main": "dist/index.js",