npm - keymaxxer - Versions diffs - 0.1.2 → 0.2.0 - Mend

keymaxxer 0.1.2 → 0.2.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/cli.mjs CHANGED Viewed

@@ -2,7 +2,7 @@
 // @bun
 // packages/cli/src/index.ts
-import { existsSync as existsSync6, readFileSync as readFileSync3 } from "fs";
+import { existsSync as existsSync5, readFileSync as readFileSync3 } from "fs";
 // packages/sdk/src/scrubber.ts
 var MIN_SCRUB_LEN = 4;
@@ -59,7 +59,7 @@ function runWithSecrets(opts) {
 }
 // packages/sdk/src/store.ts
 import { connect } from "@tursodatabase/database";
-import { mkdirSync } from "node:fs";
+import { chmodSync, mkdirSync } from "node:fs";
 import { homedir } from "node:os";
 import { dirname, join } from "node:path";
 var DEFAULT_CIPHER = "aes256gcm";
@@ -82,6 +82,9 @@ class SecretStore {
   static async open(opts) {
     const path = opts.path ?? defaultVaultPath();
     mkdirSync(dirname(path), { recursive: true });
+    try {
+      chmodSync(dirname(path), 448);
+    } catch {}
     try {
       const db = await connect(path, {
         encryption: { cipher: opts.cipher ?? DEFAULT_CIPHER, hexkey: opts.hexkey },
@@ -291,9 +294,8 @@ function newPassphraseMeta(cipher, salt) {
 function newExternalKeyMeta(cipher) {
   return { version: 1, cipher, kdf: "none" };
 }
-// packages/cli/src/agent.ts
-import { appendFileSync, chmodSync, existsSync as existsSync2, mkdirSync as mkdirSync3, unlinkSync, writeFileSync as writeFileSync2 } from "node:fs";
-import { createServer } from "node:net";
+// packages/cli/src/client.ts
+import { existsSync as existsSync2 } from "node:fs";
 // packages/cli/src/approver.ts
 import { spawn as spawn2 } from "node:child_process";
 function isSensitive(m) {
@@ -310,32 +312,43 @@ function describe(req) {
   const names = req.secrets.map((s) => `${s.name} (${[s.provider, s.environment, s.access].filter(Boolean).join(" / ")})`).join(", ");
   const cmd = req.command.length > 200 ? req.command.slice(0, 197) + "..." : req.command;
   return [
-    "An agent wants to USE a sensitive secret:",
     `Secret: ${names}`,
     `Command: ${cmd}`,
-    `Dir: ${req.cwd}`
+    `Dir: ${req.cwd}`,
+    "",
+    "Allow once = this command only.   Allow session = until the vault locks."
   ];
 }
 function approveViaOsascript(req) {
   return new Promise((resolve) => {
     const body = describe(req).map(asQuote).join(" & return & ");
-    const script = `display dialog ${body} with title "keymaxxer — approve secret use" ` + `buttons {"Deny", "Allow"} default button "Deny" cancel button "Deny" giving up after 60`;
+    const script = `display alert "An agent wants to use a sensitive secret" message (${body}) as critical ` + `buttons {"Deny", "Allow once", "Allow session"} default button "Allow once" ` + `cancel button "Deny" giving up after 60`;
     const proc = spawn2("osascript", ["-e", script]);
     let out = "";
     proc.stdout.on("data", (c) => out += c.toString());
-    proc.on("error", () => resolve(false));
-    proc.on("close", (code) => resolve(code === 0 && /button returned:Allow/.test(out)));
+    proc.on("error", () => resolve("deny"));
+    proc.on("close", (code) => {
+      if (code !== 0)
+        return resolve("deny");
+      if (/button returned:Allow session/.test(out))
+        return resolve("session");
+      if (/button returned:Allow once/.test(out))
+        return resolve("once");
+      return resolve("deny");
+    });
   });
 }
 async function requestApproval(req) {
   const override = (process.env.KEYMAXXER_APPROVE ?? "").toLowerCase();
-  if (override === "allow")
-    return true;
   if (override === "deny")
-    return false;
+    return "deny";
+  if (override === "session")
+    return "session";
+  if (override === "allow" || override === "once")
+    return "once";
   if (process.platform === "darwin")
     return approveViaOsascript(req);
-  return false;
+  return "deny";
 }
 // packages/cli/src/paths.ts
@@ -347,320 +360,178 @@ function keymaxxerDir() {
 function vaultPath() {
   return join3(keymaxxerDir(), "vault.db");
 }
-function socketPath() {
-  return join3(keymaxxerDir(), "agent.sock");
-}
-function pidPath() {
-  return join3(keymaxxerDir(), "agent.pid");
+// packages/cli/src/prompt.ts
+import { spawn as spawn3 } from "node:child_process";
+var stdinAttached = false;
+var buffer = "";
+var ended = false;
+var queued = [];
+var waiters = [];
+function attachStdinLines() {
+  if (stdinAttached)
+    return;
+  stdinAttached = true;
+  process.stdin.on("data", (d) => {
+    buffer += d.toString();
+    let nl;
+    while ((nl = buffer.indexOf(`
+`)) >= 0) {
+      const line = buffer.slice(0, nl).replace(/\r$/, "");
+      buffer = buffer.slice(nl + 1);
+      const w = waiters.shift();
+      if (w)
+        w(line);
+      else
+        queued.push(line);
+    }
+  });
+  process.stdin.on("end", () => {
+    ended = true;
+    if (buffer.length) {
+      queued.push(buffer);
+      buffer = "";
+    }
+    while (waiters.length)
+      waiters.shift()(queued.shift() ?? null);
+  });
+  process.stdin.resume();
 }
-function agentLogPath() {
-  return join3(keymaxxerDir(), "agent.log");
+function nextLine() {
+  attachStdinLines();
+  const q = queued.shift();
+  if (q !== undefined)
+    return Promise.resolve(q);
+  if (ended)
+    return Promise.resolve(null);
+  return new Promise((res) => waiters.push(res));
 }
-// packages/cli/src/agent.ts
-function log(msg) {
-  try {
-    appendFileSync(agentLogPath(), `${new Date().toISOString()} ${msg}
+function readHiddenLine(promptText) {
+  return new Promise((resolve) => {
+    const stdin = process.stdin;
+    process.stderr.write(promptText);
+    stdin.setRawMode(true);
+    stdin.resume();
+    let buf = "";
+    const cleanup = () => {
+      stdin.setRawMode(false);
+      stdin.pause();
+      stdin.off("data", onData);
+    };
+    const onData = (d) => {
+      for (const ch of d.toString("utf8")) {
+        const code = ch.charCodeAt(0);
+        if (code === 13 || code === 10) {
+          cleanup();
+          process.stderr.write(`
 `);
-  } catch {}
-}
-function readKeyFromStdin() {
-  return new Promise((resolve, reject) => {
-    let data = "";
-    const onData = (chunk) => {
-      data += chunk.toString();
-      const nl = data.indexOf(`
+          resolve(buf);
+          return;
+        } else if (code === 3) {
+          cleanup();
+          process.stderr.write(`
 `);
-      if (nl >= 0) {
-        process.stdin.off("data", onData);
-        process.stdin.pause();
-        resolve(data.slice(0, nl).trim());
+          process.exit(130);
+        } else if (code === 127 || code === 8) {
+          buf = buf.slice(0, -1);
+        } else if (code >= 32) {
+          buf += ch;
+        }
       }
     };
-    process.stdin.on("data", onData);
-    process.stdin.on("end", () => reject(new Error("stdin closed before key was received")));
-    process.stdin.on("error", reject);
+    stdin.on("data", onData);
   });
 }
-async function runAgent() {
-  const sock = socketPath();
-  const idleMs = Math.max(1, Number(process.env.KEYMAXXER_IDLE_MINUTES) || 15) * 60000;
-  const hexkey = await readKeyFromStdin();
-  let store;
-  try {
-    store = await SecretStore.open({ path: vaultPath(), hexkey });
-  } catch (err) {
-    log(`failed to open vault: ${err instanceof Error ? err.message : String(err)}`);
-    process.exit(1);
-  }
-  let lastActivity = Date.now();
-  const unlockedAt = Date.now();
-  const shutdown = (reason) => {
-    log(`locking (${reason})`);
-    if (existsSync2(sock))
-      unlinkSync(sock);
-    if (existsSync2(pidPath()))
-      unlinkSync(pidPath());
-    process.exit(0);
-  };
-  const idleTimer = setInterval(() => {
-    if (Date.now() - lastActivity > idleMs)
-      shutdown("idle timeout");
-  }, 5000);
-  idleTimer.unref();
-  async function handle(req) {
-    lastActivity = Date.now();
-    try {
-      switch (req.op) {
-        case "status": {
-          const result = {
-            unlocked: true,
-            vault: vaultPath(),
-            idleSeconds: Math.floor((Date.now() - lastActivity) / 1000),
-            idleTimeoutSeconds: Math.floor(idleMs / 1000)
-          };
-          return { ok: true, result };
-        }
-        case "list":
-          return { ok: true, result: await store.list() };
-        case "run": {
-          const metas = await store.list();
-          const sensitive = req.req.secrets.map((n) => metas.find((m) => m.name === n)).filter((m) => !!m && isSensitive(m));
-          if (sensitive.length > 0) {
-            const names = sensitive.map((s) => s.name).join(", ");
-            const ok = await requestApproval({
-              secrets: sensitive,
-              command: req.req.command,
-              cwd: req.req.cwd ?? process.cwd()
-            });
-            if (!ok) {
-              await store.auditDenied(req.req.secrets, req.req.command, req.req.cwd ?? process.cwd());
-              log(`DENIED [${names}]: ${req.req.command}`);
-              return { ok: false, error: `Denied: use of ${names} was not approved by the user.` };
-            }
-            log(`approved [${names}]`);
-          }
-          return { ok: true, result: await store.run(req.req) };
-        }
-        case "set":
-          await store.set(req.name, req.value, req.fields);
-          return { ok: true, result: null };
-        case "remove":
-          return { ok: true, result: await store.remove(req.name) };
-        case "audit":
-          return { ok: true, result: await store.recentAudit(req.limit) };
-        case "lock":
-          setTimeout(() => shutdown("explicit lock"), 10);
-          return { ok: true, result: null };
-        default:
-          return { ok: false, error: `unknown op` };
-      }
-    } catch (err) {
-      return { ok: false, error: err instanceof Error ? err.message : String(err) };
-    }
-  }
-  const server = createServer((conn) => {
-    let data = "";
-    conn.on("data", async (chunk) => {
-      data += chunk.toString();
-      const nl = data.indexOf(`
-`);
-      if (nl < 0)
-        return;
-      let req;
-      try {
-        req = JSON.parse(data.slice(0, nl));
-      } catch {
-        conn.end(JSON.stringify({ ok: false, error: "malformed request" }) + `
-`);
-        return;
-      }
-      const res = await handle(req);
-      conn.end(JSON.stringify(res) + `
-`);
-    });
-    conn.on("error", () => conn.destroy());
-  });
-  mkdirSync3(keymaxxerDir(), { recursive: true });
-  try {
-    chmodSync(keymaxxerDir(), 448);
-  } catch {}
-  if (existsSync2(sock))
-    unlinkSync(sock);
-  server.listen(sock, () => {
-    try {
-      chmodSync(sock, 384);
-    } catch {}
-    writeFileSync2(pidPath(), String(process.pid));
-    log(`unlocked, listening on ${sock} (idle ${idleMs / 60000}m)`);
-  });
-  server.on("error", (err) => {
-    log(`server error: ${err.message}`);
-    process.exit(1);
-  });
-  for (const sig of ["SIGINT", "SIGTERM", "SIGHUP"]) {
-    process.on(sig, () => shutdown(sig));
-  }
+function asAppleScript(s) {
+  return '"' + s.replace(/\\/g, "\\\\").replace(/"/g, "\\\"").replace(/[\r\n]+/g, " ") + '"';
 }
-// packages/cli/src/client.ts
-import { spawn as spawn3 } from "node:child_process";
-import { existsSync as existsSync3, unlinkSync as unlinkSync2 } from "node:fs";
-// packages/cli/src/protocol.ts
-import { connect as connect2 } from "node:net";
-function sendRequest(socket, req, timeoutMs = 0) {
-  return new Promise((resolve, reject) => {
-    const conn = connect2(socket);
-    let data = "";
-    if (timeoutMs > 0)
-      conn.setTimeout(timeoutMs, () => conn.destroy(new Error("request timed out")));
-    conn.on("connect", () => conn.write(JSON.stringify(req) + `
-`));
-    conn.on("data", (chunk) => {
-      data += chunk.toString();
-      const nl = data.indexOf(`
-`);
-      if (nl >= 0) {
-        conn.end();
-        try {
-          resolve(JSON.parse(data.slice(0, nl)));
-        } catch (err) {
-          reject(new Error("malformed response from agent"));
-        }
-      }
+function promptPassphraseGui(message) {
+  if (process.platform !== "darwin")
+    return Promise.resolve(null);
+  return new Promise((resolve) => {
+    const script = `display dialog ${asAppleScript(message)} default answer "" with hidden answer ` + `with icon note with title "keymaxxer — unlock vault" ` + `buttons {"Cancel", "Unlock"} default button "Unlock" cancel button "Cancel" ` + `giving up after 120`;
+    const proc = spawn3("osascript", ["-e", script]);
+    let out = "";
+    proc.stdout.on("data", (c) => out += c.toString());
+    proc.on("error", () => resolve(null));
+    proc.on("close", (code) => {
+      if (code !== 0)
+        return resolve(null);
+      if (/gave up:true/.test(out))
+        return resolve(null);
+      const m = out.match(/text returned:([\s\S]*?)(?:, gave up:[^,]*)?$/);
+      resolve(m ? m[1].replace(/\n$/, "") : "");
     });
-    conn.on("error", reject);
   });
 }
-// packages/cli/src/self.ts
-function selfCommand(extraArgs) {
-  const entry = process.argv[1];
-  if (entry)
-    return { cmd: process.execPath, args: [entry, ...extraArgs] };
-  return { cmd: process.execPath, args: [...extraArgs] };
+async function readPassphrase(promptText) {
+  const env = process.env.KEYMAXXER_PASSPHRASE;
+  if (env)
+    return env;
+  if (process.stdin.isTTY)
+    return readHiddenLine(promptText);
+  const piped = await nextLine();
+  if (piped)
+    return piped;
+  const gui = await promptPassphraseGui(promptText.replace(/:\s*$/, ""));
+  if (gui)
+    return gui;
+  throw new Error("no passphrase provided (no TTY, no piped input, no GUI available).");
 }
 // packages/cli/src/client.ts
 var HEX64 = /^[0-9a-fA-F]{64}$/;
-function unwrap(res) {
-  if (!res.ok)
-    throw new Error(res.error);
-  return res.result;
-}
-class DaemonClient {
-  call(req) {
-    return sendRequest(socketPath(), req).then(unwrap);
-  }
-  list() {
-    return this.call({ op: "list" });
-  }
-  run(req) {
-    return this.call({ op: "run", req });
-  }
-  async set(name, value, fields) {
-    await this.call({ op: "set", name, value, fields });
-  }
-  remove(name) {
-    return this.call({ op: "remove", name });
-  }
-  audit(limit) {
-    return this.call({ op: "audit", limit });
-  }
-  async close() {}
-}
-class DirectStore {
-  store;
-  constructor(store) {
-    this.store = store;
-  }
-  static async open(hexkey) {
-    return new DirectStore(await SecretStore.open({ path: vaultPath(), hexkey }));
-  }
-  list() {
-    return this.store.list();
-  }
-  run(req) {
-    return this.store.run(req);
-  }
-  set(name, value, fields) {
-    return this.store.set(name, value, fields);
-  }
-  remove(name) {
-    return this.store.remove(name);
-  }
-  audit(limit) {
-    return this.store.recentAudit(limit);
-  }
-  close() {
-    return this.store.close();
-  }
-}
-async function isAgentAlive() {
-  if (!existsSync3(socketPath()))
-    return false;
-  try {
-    const res = await sendRequest(socketPath(), { op: "status" }, 2000);
-    return res.ok;
-  } catch {
-    for (const p of [socketPath(), pidPath()])
-      if (existsSync3(p))
-        unlinkSync2(p);
-    return false;
-  }
-}
-async function agentStatus() {
-  if (!await isAgentAlive())
-    return null;
-  const res = await sendRequest(socketPath(), { op: "status" });
-  return res.ok ? res.result : null;
-}
-async function getClient() {
+async function openVault(getPassphrase) {
   const envKey = process.env.KEYMAXXER_MASTER_KEY;
   if (envKey) {
     if (!HEX64.test(envKey))
       throw new Error("KEYMAXXER_MASTER_KEY must be 64 hex characters.");
-    return DirectStore.open(envKey.toLowerCase());
+    return SecretStore.open({ path: vaultPath(), hexkey: envKey.toLowerCase() });
   }
-  if (await isAgentAlive())
-    return new DaemonClient;
-  throw new Error("vault is locked. Run `keymaxxer unlock` first (or set KEYMAXXER_MASTER_KEY).");
-}
-async function lockAgent() {
-  if (!await isAgentAlive())
-    return false;
+  const meta = loadMeta(vaultPath());
+  if (!meta || !existsSync2(vaultPath()))
+    throw new Error("no vault found. Run `keymaxxer init` first.");
+  if (meta.kdf !== "scrypt" || !meta.salt) {
+    throw new Error("this vault uses an external key — set KEYMAXXER_MASTER_KEY.");
+  }
+  const passphrase = await getPassphrase();
+  if (!passphrase)
+    throw new Error("no passphrase provided — vault stays locked.");
+  const hexkey = deriveKey(passphrase, meta.salt, meta.scrypt);
   try {
-    await sendRequest(socketPath(), { op: "lock" });
-  } catch {}
-  return true;
+    return await SecretStore.open({ path: vaultPath(), hexkey });
+  } catch (err) {
+    if (err instanceof WrongKeyError)
+      throw new Error("wrong passphrase.");
+    throw err;
+  }
 }
-async function spawnAgent(hexkey, idleMinutes) {
-  if (await isAgentAlive())
-    throw new Error("vault is already unlocked.");
-  const { cmd, args } = selfCommand(["__agent"]);
-  const env = { ...process.env };
-  delete env.KEYMAXXER_MASTER_KEY;
-  if (idleMinutes)
-    env.KEYMAXXER_IDLE_MINUTES = String(idleMinutes);
-  const child = spawn3(cmd, args, { detached: true, stdio: ["pipe", "ignore", "ignore"], env });
-  child.stdin.write(hexkey + `
-`);
-  child.stdin.end();
-  child.unref();
-  const deadline = Date.now() + 8000;
-  while (Date.now() < deadline) {
-    if (await isAgentAlive())
-      return;
-    await new Promise((r) => setTimeout(r, 100));
+function openVaultCli() {
+  return openVault(() => readPassphrase("Vault passphrase: "));
+}
+async function runGated(store, req, approved) {
+  const metas = await store.list();
+  const sensitive = req.secrets.map((n) => metas.find((m) => m.name === n)).filter((m) => !!m && isSensitive(m));
+  const needPrompt = sensitive.filter((s) => !approved.has(s.name));
+  if (needPrompt.length > 0) {
+    const names = needPrompt.map((s) => s.name).join(", ");
+    const decision = await requestApproval({
+      secrets: needPrompt,
+      command: req.command,
+      cwd: req.cwd ?? process.cwd()
+    });
+    if (decision === "deny") {
+      await store.auditDenied(req.secrets, req.command, req.cwd ?? process.cwd());
+      throw new Error(`Denied: use of ${names} was not approved by the user.`);
+    }
+    if (decision === "session")
+      needPrompt.forEach((s) => approved.add(s.name));
   }
-  throw new Error("agent did not start in time — check ~/.keymaxxer/agent.log");
+  return store.run(req);
 }
 // packages/cli/src/init.ts
-import { existsSync as existsSync4, readFileSync as readFileSync2, writeFileSync as writeFileSync3 } from "node:fs";
+import { existsSync as existsSync3, readFileSync as readFileSync2, writeFileSync as writeFileSync2 } from "node:fs";
 import { join as join4 } from "node:path";
 function keymaxxerServerEntry() {
   const entry = process.argv[1] ?? "";
@@ -672,7 +543,7 @@ function keymaxxerServerEntry() {
 function wireMcpJson(dir) {
   const file = join4(dir, ".mcp.json");
   let config = {};
-  if (existsSync4(file)) {
+  if (existsSync3(file)) {
     try {
       config = JSON.parse(readFileSync2(file, "utf8"));
     } catch {
@@ -682,7 +553,7 @@ function wireMcpJson(dir) {
   config.mcpServers ??= {};
   const existed = "keymaxxer" in config.mcpServers;
   config.mcpServers.keymaxxer = keymaxxerServerEntry();
-  writeFileSync3(file, JSON.stringify(config, null, 2) + `
+  writeFileSync2(file, JSON.stringify(config, null, 2) + `
 `);
   return `${existed ? "Updated" : "Added"} 'keymaxxer' server in ${file}`;
 }
@@ -695,118 +566,262 @@ import { McpServer } from "@modelcontextprotocol/sdk/server/mcp.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { z } from "zod";
-// packages/cli/src/client.ts
-import { existsSync as existsSync5, unlinkSync as unlinkSync3 } from "node:fs";
-var HEX642 = /^[0-9a-fA-F]{64}$/;
-function unwrap2(res) {
-  if (!res.ok)
-    throw new Error(res.error);
-  return res.result;
+// packages/cli/src/addsecret.ts
+import { spawn as spawn4 } from "node:child_process";
+function asAppleScript2(s) {
+  return '"' + s.replace(/\\/g, "\\\\").replace(/"/g, "\\\"").replace(/[\r\n]+/g, " ") + '"';
 }
-class DaemonClient2 {
-  call(req) {
-    return sendRequest(socketPath(), req).then(unwrap2);
-  }
-  list() {
-    return this.call({ op: "list" });
-  }
-  run(req) {
-    return this.call({ op: "run", req });
-  }
-  async set(name, value, fields) {
-    await this.call({ op: "set", name, value, fields });
-  }
-  remove(name) {
-    return this.call({ op: "remove", name });
-  }
-  audit(limit) {
-    return this.call({ op: "audit", limit });
-  }
-  async close() {}
+function dialog(message, prefill, saveLabel) {
+  if (process.platform !== "darwin")
+    return Promise.resolve(null);
+  return new Promise((resolve) => {
+    const script = `display dialog ${asAppleScript2(message)} default answer ${asAppleScript2(prefill)} ` + `with title "keymaxxer — add secret" with icon note ` + `buttons {"Cancel", ${asAppleScript2(saveLabel)}} default button ${asAppleScript2(saveLabel)} ` + `cancel button "Cancel" giving up after 180`;
+    const proc = spawn4("osascript", ["-e", script]);
+    let out = "";
+    proc.stdout.on("data", (c) => out += c.toString());
+    proc.on("error", () => resolve(null));
+    proc.on("close", (code) => {
+      if (code !== 0)
+        return resolve(null);
+      if (/gave up:true/.test(out))
+        return resolve(null);
+      const m = out.match(/text returned:([\s\S]*?)(?:, gave up:[^,]*)?$/);
+      resolve(m ? m[1].replace(/\n$/, "") : "");
+    });
+  });
 }
-class DirectStore2 {
-  store;
-  constructor(store) {
-    this.store = store;
-  }
-  static async open(hexkey) {
-    return new DirectStore2(await SecretStore.open({ path: vaultPath(), hexkey }));
-  }
-  list() {
-    return this.store.list();
-  }
-  run(req) {
-    return this.store.run(req);
-  }
-  set(name, value, fields) {
-    return this.store.set(name, value, fields);
-  }
-  remove(name) {
-    return this.store.remove(name);
-  }
-  audit(limit) {
-    return this.store.recentAudit(limit);
+function confirm(message) {
+  if (process.platform !== "darwin")
+    return Promise.resolve(null);
+  return new Promise((resolve) => {
+    const lines = message.split(`
+`);
+    const heading = asAppleScript2(lines[0] ?? "");
+    const rest = lines.slice(1).map(asAppleScript2).join(" & return & ") || '""';
+    const script = `display alert ${heading} message (${rest}) as informational ` + `buttons {"Edit", "Save"} default button "Save" giving up after 180`;
+    const proc = spawn4("osascript", ["-e", script]);
+    let out = "";
+    proc.stdout.on("data", (c) => out += c.toString());
+    proc.on("error", () => resolve(null));
+    proc.on("close", (code) => {
+      if (code !== 0)
+        return resolve(null);
+      if (/gave up:true/.test(out))
+        return resolve(null);
+      if (/button returned:Save/.test(out))
+        return resolve("save");
+      if (/button returned:Edit/.test(out))
+        return resolve("edit");
+      return resolve(null);
+    });
+  });
+}
+function tokenize(s) {
+  const out = [];
+  let cur = "";
+  let inQuote = false;
+  let started = false;
+  for (const ch of s) {
+    if (ch === '"') {
+      inQuote = !inQuote;
+      started = true;
+    } else if (ch === " " && !inQuote) {
+      if (started || cur)
+        out.push(cur);
+      cur = "";
+      started = false;
+    } else {
+      cur += ch;
+      started = true;
+    }
   }
-  close() {
-    return this.store.close();
+  if (started || cur)
+    out.push(cur);
+  return out;
+}
+function tokensToFields(tokens) {
+  const flags = {};
+  for (let i = 0;i < tokens.length; i++) {
+    const t = tokens[i];
+    if (!t.startsWith("--"))
+      continue;
+    const key = t.slice(2);
+    const next = tokens[i + 1];
+    if (next !== undefined && !next.startsWith("--")) {
+      flags[key] = next;
+      i++;
+    } else {
+      flags[key] = "";
+    }
   }
+  const fields = {};
+  const pick = (...keys) => keys.map((k) => flags[k]).find((v) => v);
+  const tag = pick("tag", "tags");
+  if (tag)
+    fields.tags = tag.split(",");
+  const provider = pick("provider");
+  if (provider)
+    fields.provider = provider;
+  const account = pick("account");
+  if (account)
+    fields.account = account;
+  const environment = pick("env", "environment");
+  if (environment)
+    fields.environment = environment;
+  const access = pick("access");
+  if (access)
+    fields.access = access;
+  const description = pick("description", "desc");
+  if (description)
+    fields.description = description;
+  return fields;
 }
-async function isAgentAlive2() {
-  if (!existsSync5(socketPath()))
-    return false;
-  try {
-    const res = await sendRequest(socketPath(), { op: "status" }, 2000);
-    return res.ok;
-  } catch {
-    for (const p of [socketPath(), pidPath()])
-      if (existsSync5(p))
-        unlinkSync3(p);
-    return false;
+function suggestionLine(s) {
+  const q = (v) => `"${v.replace(/"/g, "'")}"`;
+  const parts = [s.name];
+  if (s.provider)
+    parts.push(`--provider ${q(s.provider)}`);
+  if (s.account)
+    parts.push(`--account ${q(s.account)}`);
+  if (s.environment)
+    parts.push(`--env ${q(s.environment)}`);
+  if (s.access)
+    parts.push(`--access ${q(s.access)}`);
+  if (s.tags)
+    parts.push(`--tag ${q(s.tags)}`);
+  if (s.description)
+    parts.push(`--description ${q(s.description)}`);
+  return parts.join(" ");
+}
+function parseSuggestionLine(line) {
+  const tokens = tokenize(line.trim());
+  const name = tokens[0];
+  if (!name || name.startsWith("--"))
+    throw new Error("a secret name is required.");
+  return { name, fields: tokensToFields(tokens.slice(1)) };
+}
+async function promptAddSecret(s) {
+  const edited = await dialog("Edit the new secret's name and attributes. Available flags: --provider --account --env --access --tag --description", suggestionLine(s), "Next");
+  if (edited === null)
+    return null;
+  const { name, fields } = parseSuggestionLine(edited);
+  let value = "";
+  for (;; ) {
+    const entered = await dialog(`Value for ${name} — saved to the vault, never shared with the agent:`, value, "Review");
+    if (entered === null)
+      return null;
+    if (!entered)
+      throw new Error("no value provided.");
+    value = entered;
+    const choice = await confirm(`Save this value for ${name}?
+${value}`);
+    if (choice === "save")
+      break;
+    if (choice === null)
+      return null;
   }
+  return { name, value, fields };
 }
-async function getClient2() {
+// packages/cli/src/client.ts
+import { existsSync as existsSync4 } from "node:fs";
+var HEX642 = /^[0-9a-fA-F]{64}$/;
+async function openVault2(getPassphrase) {
   const envKey = process.env.KEYMAXXER_MASTER_KEY;
   if (envKey) {
     if (!HEX642.test(envKey))
       throw new Error("KEYMAXXER_MASTER_KEY must be 64 hex characters.");
-    return DirectStore2.open(envKey.toLowerCase());
+    return SecretStore.open({ path: vaultPath(), hexkey: envKey.toLowerCase() });
+  }
+  const meta = loadMeta(vaultPath());
+  if (!meta || !existsSync4(vaultPath()))
+    throw new Error("no vault found. Run `keymaxxer init` first.");
+  if (meta.kdf !== "scrypt" || !meta.salt) {
+    throw new Error("this vault uses an external key — set KEYMAXXER_MASTER_KEY.");
+  }
+  const passphrase = await getPassphrase();
+  if (!passphrase)
+    throw new Error("no passphrase provided — vault stays locked.");
+  const hexkey = deriveKey(passphrase, meta.salt, meta.scrypt);
+  try {
+    return await SecretStore.open({ path: vaultPath(), hexkey });
+  } catch (err) {
+    if (err instanceof WrongKeyError)
+      throw new Error("wrong passphrase.");
+    throw err;
   }
-  if (await isAgentAlive2())
-    return new DaemonClient2;
-  throw new Error("vault is locked. Run `keymaxxer unlock` first (or set KEYMAXXER_MASTER_KEY).");
+}
+function openVaultServe(message) {
+  return openVault2(() => process.env.KEYMAXXER_PASSPHRASE ? Promise.resolve(process.env.KEYMAXXER_PASSPHRASE) : promptPassphraseGui(message));
+}
+async function runGated2(store, req, approved) {
+  const metas = await store.list();
+  const sensitive = req.secrets.map((n) => metas.find((m) => m.name === n)).filter((m) => !!m && isSensitive(m));
+  const needPrompt = sensitive.filter((s) => !approved.has(s.name));
+  if (needPrompt.length > 0) {
+    const names = needPrompt.map((s) => s.name).join(", ");
+    const decision = await requestApproval({
+      secrets: needPrompt,
+      command: req.command,
+      cwd: req.cwd ?? process.cwd()
+    });
+    if (decision === "deny") {
+      await store.auditDenied(req.secrets, req.command, req.cwd ?? process.cwd());
+      throw new Error(`Denied: use of ${names} was not approved by the user.`);
+    }
+    if (decision === "session")
+      needPrompt.forEach((s) => approved.add(s.name));
+  }
+  return store.run(req);
 }
 // packages/cli/src/mcp.ts
 async function serve() {
-  const server = new McpServer({ name: "keymaxxer", version: "0.1.0" });
+  let store = null;
+  const approved = new Set;
+  let lastActivity = Date.now();
+  const idleMs = Math.max(0, Number(process.env.KEYMAXXER_IDLE_MINUTES) || 0) * 60000;
+  if (idleMs > 0) {
+    const timer = setInterval(() => {
+      if (store && Date.now() - lastActivity > idleMs) {
+        store.close().catch(() => {});
+        store = null;
+        approved.clear();
+      }
+    }, 5000);
+    timer.unref();
+  }
+  async function vault() {
+    lastActivity = Date.now();
+    if (!store) {
+      store = await openVaultServe("An agent wants to use a secret. Enter your keymaxxer passphrase to unlock the vault:");
+    }
+    return store;
+  }
+  const server = new McpServer({ name: "keymaxxer", version: "0.2.0" });
   server.registerTool("keymaxxer_list", {
     description: "List the secrets in the vault with their attributes — name, provider (e.g. github/orb/stripe), account, environment (prod/dev/staging), access level (read-only/read-write/admin), tags, and description. Returns NO secret values. Call this first to discover which secrets exist AND to choose the correct one: match the provider/account the task targets, prefer the right environment, and prefer the least-privileged credential that can do the job (e.g. a read-only key when you're only reading).",
     inputSchema: {}
   }, async () => {
     try {
-      const client = await getClient2();
-      const metas = await client.list();
-      await client.close();
+      const metas = await (await vault()).list();
       return { content: [{ type: "text", text: JSON.stringify(metas, null, 2) }] };
     } catch (err) {
       return { content: [{ type: "text", text: errText(err) }], isError: true };
     }
   });
   server.registerTool("keymaxxer_run", {
-    description: 'Run a shell command with secrets injected as environment variables. Reference each secret as $NAME (e.g. "gh api /user" with GITHUB_TOKEN, or curl -H "Authorization: Bearer $TOKEN"). Secret values are injected into the child process only; they are scrubbed from the returned output and never exposed to you. Use keymaxxer_list to find available names. Note: read-write or production secrets are gated — the human is asked to approve the use, so the call may pause briefly and can be denied; if denied, pick a less-privileged secret or ask the user.',
+    description: `Run a shell command with secrets injected as environment variables. Reference each secret as $NAME (e.g. "gh api /user" with GITHUB_TOKEN, or curl -H "Authorization: Bearer $TOKEN"). Secret values are injected into the child process only; they are scrubbed from the returned output and never exposed to you. Use keymaxxer_list to find available names. Note: if the vault is locked the human is prompted to unlock it (the call may pause). Read-write or production secrets are gated — the human approves the use and may allow it just once or for the whole session; the call may pause and can be denied. If denied, pick a less-privileged secret or ask the user. Don't tell the user to unlock manually — just make the call and it will prompt them.`,
     inputSchema: {
       command: z.string().describe("Shell command to run. Reference secrets as $NAME."),
       secrets: z.array(z.string()).describe("Names of secrets to inject as environment variables."),
-      cwd: z.string().optional().describe("Working directory. Defaults to the agent's cwd."),
+      cwd: z.string().optional().describe("Working directory. Defaults to the server's cwd."),
       timeoutMs: z.number().optional().describe("Kill the command after this many milliseconds.")
     }
   }, async (args) => {
     try {
-      const client = await getClient2();
-      const res = await client.run(args);
-      await client.close();
+      const res = await runGated2(await vault(), args, approved);
       const lines = [
         `exit_code: ${res.exitCode}`,
         res.redactions > 0 ? `[keymaxxer] redacted ${res.redactions} secret occurrence(s)` : null,
@@ -821,6 +836,37 @@ async function serve() {
       return { content: [{ type: "text", text: errText(err) }], isError: true };
     }
   });
+  server.registerTool("keymaxxer_add", {
+    description: "Ask the human to add a new secret to the vault. Suggest the name and any attributes you can infer (provider, account, environment, access, description, tags); the human reviews/edits them in a dialog and types the secret VALUE. The value is saved straight to the encrypted vault and is NEVER returned to you. Use this when a task needs a credential that isn't in keymaxxer_list yet — never ask the user to paste a secret into the chat.",
+    inputSchema: {
+      name: z.string().describe("Suggested secret name, e.g. GITHUB_TOKEN or ORB_PROD_TOKEN."),
+      provider: z.string().optional().describe("e.g. github, orb, stripe"),
+      account: z.string().optional().describe("which account/org the credential belongs to"),
+      environment: z.string().optional().describe("prod / dev / staging / test"),
+      access: z.string().optional().describe("read-only / read-write / admin"),
+      description: z.string().optional(),
+      tags: z.string().optional().describe("comma-separated")
+    }
+  }, async (args) => {
+    try {
+      const store2 = await vault();
+      const result = await promptAddSecret(args);
+      if (!result) {
+        return { content: [{ type: "text", text: "The user cancelled — no secret was added." }] };
+      }
+      await store2.set(result.name, result.value, result.fields);
+      return {
+        content: [
+          {
+            type: "text",
+            text: `Stored '${result.name}'. The value was entered by the user and is not shown to you — use it with keymaxxer_run as $${result.name}.`
+          }
+        ]
+      };
+    } catch (err) {
+      return { content: [{ type: "text", text: errText(err) }], isError: true };
+    }
+  });
   await server.connect(new StdioServerTransport);
 }
 function errText(err) {
@@ -838,37 +884,51 @@ function vaultPath2() {
 }
 // packages/cli/src/prompt.ts
-var stdinAttached = false;
-var buffer = "";
-var queued = [];
-var waiters = [];
-function attachStdinLines() {
-  if (stdinAttached)
+import { spawn as spawn5 } from "node:child_process";
+var stdinAttached2 = false;
+var buffer2 = "";
+var ended2 = false;
+var queued2 = [];
+var waiters2 = [];
+function attachStdinLines2() {
+  if (stdinAttached2)
     return;
-  stdinAttached = true;
+  stdinAttached2 = true;
   process.stdin.on("data", (d) => {
-    buffer += d.toString();
+    buffer2 += d.toString();
     let nl;
-    while ((nl = buffer.indexOf(`
+    while ((nl = buffer2.indexOf(`
 `)) >= 0) {
-      const line = buffer.slice(0, nl).replace(/\r$/, "");
-      buffer = buffer.slice(nl + 1);
-      const w = waiters.shift();
+      const line = buffer2.slice(0, nl).replace(/\r$/, "");
+      buffer2 = buffer2.slice(nl + 1);
+      const w = waiters2.shift();
       if (w)
         w(line);
       else
-        queued.push(line);
+        queued2.push(line);
+    }
+  });
+  process.stdin.on("end", () => {
+    ended2 = true;
+    if (buffer2.length) {
+      queued2.push(buffer2);
+      buffer2 = "";
     }
+    while (waiters2.length)
+      waiters2.shift()(queued2.shift() ?? null);
   });
+  process.stdin.resume();
 }
-function nextLine() {
-  attachStdinLines();
-  const q = queued.shift();
+function nextLine2() {
+  attachStdinLines2();
+  const q = queued2.shift();
   if (q !== undefined)
     return Promise.resolve(q);
-  return new Promise((res) => waiters.push(res));
+  if (ended2)
+    return Promise.resolve(null);
+  return new Promise((res) => waiters2.push(res));
 }
-function readHiddenLine(promptText) {
+function readHiddenLine2(promptText) {
   return new Promise((resolve) => {
     const stdin = process.stdin;
     process.stderr.write(promptText);
@@ -904,16 +964,47 @@ function readHiddenLine(promptText) {
     stdin.on("data", onData);
   });
 }
-function readPassphrase(promptText) {
-  if (!process.stdin.isTTY)
-    return nextLine();
-  return readHiddenLine(promptText);
+function asAppleScript3(s) {
+  return '"' + s.replace(/\\/g, "\\\\").replace(/"/g, "\\\"").replace(/[\r\n]+/g, " ") + '"';
+}
+function promptPassphraseGui2(message) {
+  if (process.platform !== "darwin")
+    return Promise.resolve(null);
+  return new Promise((resolve) => {
+    const script = `display dialog ${asAppleScript3(message)} default answer "" with hidden answer ` + `with icon note with title "keymaxxer — unlock vault" ` + `buttons {"Cancel", "Unlock"} default button "Unlock" cancel button "Cancel" ` + `giving up after 120`;
+    const proc = spawn5("osascript", ["-e", script]);
+    let out = "";
+    proc.stdout.on("data", (c) => out += c.toString());
+    proc.on("error", () => resolve(null));
+    proc.on("close", (code) => {
+      if (code !== 0)
+        return resolve(null);
+      if (/gave up:true/.test(out))
+        return resolve(null);
+      const m = out.match(/text returned:([\s\S]*?)(?:, gave up:[^,]*)?$/);
+      resolve(m ? m[1].replace(/\n$/, "") : "");
+    });
+  });
+}
+async function readPassphrase2(promptText) {
+  const env = process.env.KEYMAXXER_PASSPHRASE;
+  if (env)
+    return env;
+  if (process.stdin.isTTY)
+    return readHiddenLine2(promptText);
+  const piped = await nextLine2();
+  if (piped)
+    return piped;
+  const gui = await promptPassphraseGui2(promptText.replace(/:\s*$/, ""));
+  if (gui)
+    return gui;
+  throw new Error("no passphrase provided (no TTY, no piped input, no GUI available).");
 }
 async function readNewPassphrase() {
-  const a = await readPassphrase("Create a vault passphrase: ");
+  const a = await readPassphrase2("Create a vault passphrase: ");
   if (a.length < 8)
     throw new Error("passphrase must be at least 8 characters.");
-  const b = await readPassphrase("Confirm passphrase: ");
+  const b = await readPassphrase2("Confirm passphrase: ");
   if (a !== b)
     throw new Error("passphrases did not match.");
   return a;
@@ -923,12 +1014,9 @@ async function readNewPassphrase() {
 var HELP = `keymaxxer \u2014 a secret manager for coding agents
 Setup:
-  keymaxxer init                 Create the encrypted vault (prompts for a passphrase)
-  keymaxxer unlock [--timeout m]  Unlock the vault into the background agent (default 15m idle)
-  keymaxxer lock                 Lock the vault and stop the agent
-  keymaxxer status               Show whether the vault is unlocked
+  keymaxxer init             Create the encrypted vault (prompts for a passphrase)
-Secrets (require an unlocked vault, or KEYMAXXER_MASTER_KEY):
+Secrets:
   keymaxxer set <NAME> [attrs]   Store a secret; prompts to paste the value (hidden),
                              or pipe it in. attrs: --provider --account --env --access --tag --description
   keymaxxer import <file>        Import KEY=VALUE lines from a .env-style file
@@ -938,10 +1026,10 @@ Secrets (require an unlocked vault, or KEYMAXXER_MASTER_KEY):
   keymaxxer audit [--limit N]    Show recent secret-access log
 Agent integration:
-  keymaxxer serve                Start the MCP server on stdio (proxies to the agent)
+  keymaxxer serve                Start the MCP server on stdio (holds the key for the session)
-The encryption key is derived from your passphrase and never stored at rest.
-For CI, set KEYMAXXER_MASTER_KEY (64-hex) and skip unlock entirely.`;
+The key is derived from your passphrase and never stored. Each command unlocks on
+demand; set KEYMAXXER_PASSPHRASE (or KEYMAXXER_MASTER_KEY, 64-hex) for non-interactive use.`;
 async function readStdin() {
   const chunks = [];
   for await (const chunk of process.stdin)
@@ -1014,28 +1102,23 @@ async function main() {
     case "--help":
       console.log(HELP);
       return;
-    case "__agent":
-      await runAgent();
-      return;
     case "init": {
-      if (loadMeta(vaultPath2()) && existsSync6(vaultPath2())) {
+      if (loadMeta(vaultPath2()) && existsSync5(vaultPath2())) {
         die("a vault already exists at " + vaultPath2());
       }
       const envKey = process.env.KEYMAXXER_MASTER_KEY;
       if (envKey) {
-        await SecretStore.open({ path: vaultPath2(), hexkey: envKey.toLowerCase() });
+        const store = await SecretStore.open({ path: vaultPath2(), hexkey: envKey.toLowerCase() });
+        await store.close();
         saveMeta(vaultPath2(), newExternalKeyMeta(DEFAULT_CIPHER));
         console.log(`\u2713 Vault created at ${vaultPath2()} using KEYMAXXER_MASTER_KEY (AES-256-GCM).`);
       } else {
         const passphrase = await readNewPassphrase();
         const salt = generateSalt();
-        const hexkey = deriveKey(passphrase, salt);
-        const store = await SecretStore.open({ path: vaultPath2(), hexkey });
+        const store = await SecretStore.open({ path: vaultPath2(), hexkey: deriveKey(passphrase, salt) });
         await store.close();
         saveMeta(vaultPath2(), newPassphraseMeta(DEFAULT_CIPHER, salt));
         console.log(`\u2713 Vault created at ${vaultPath2()} (key derived from your passphrase, AES-256-GCM).`);
-        await spawnAgent(hexkey);
-        console.log("\u2713 Vault unlocked into the background agent.");
       }
       console.log(wireMcpJson(process.cwd()));
       console.log(`
@@ -1043,64 +1126,23 @@ For editors not auto-configured, add this MCP server:`);
       console.log(manualSnippet());
       return;
     }
-    case "unlock": {
-      const meta = loadMeta(vaultPath2());
-      if (!meta || !existsSync6(vaultPath2()))
-        die("no vault found. Run `keymaxxer init` first.");
-      if (meta.kdf === "none") {
-        die("this vault uses an external key \u2014 set KEYMAXXER_MASTER_KEY; no unlock needed.");
-      }
-      if (await isAgentAlive()) {
-        console.log("Vault is already unlocked.");
-        return;
-      }
-      const passphrase = await readPassphrase("Vault passphrase: ");
-      const hexkey = deriveKey(passphrase, meta.salt, meta.scrypt);
-      try {
-        const probe = await SecretStore.open({ path: vaultPath2(), hexkey });
-        await probe.close();
-      } catch (err) {
-        if (err instanceof WrongKeyError)
-          die("wrong passphrase.");
-        throw err;
-      }
-      const timeout = typeof flags.timeout === "string" ? Number(flags.timeout) : undefined;
-      await spawnAgent(hexkey, timeout);
-      const st = await agentStatus();
-      console.log(`\u2713 Vault unlocked (auto-locks after ${st ? st.idleTimeoutSeconds / 60 : 15}m idle).`);
-      return;
-    }
-    case "lock": {
-      const stopped = await lockAgent();
-      console.log(stopped ? "\u2713 Vault locked." : "Vault was not unlocked.");
-      return;
-    }
-    case "status": {
-      const st = await agentStatus();
-      if (!st) {
-        console.log(process.env.KEYMAXXER_MASTER_KEY ? "Unlocked via KEYMAXXER_MASTER_KEY." : "Locked.");
-        return;
-      }
-      console.log(`Unlocked \u2014 vault ${st.vault}, idle ${st.idleSeconds}s / ${st.idleTimeoutSeconds}s timeout.`);
-      return;
-    }
     case "set": {
       const name = positionals[0] ?? die("usage: keymaxxer set <NAME> [--provider p] [--account a] [--env e] [--access a] [--tag t] [--description d]");
-      const value = process.stdin.isTTY ? await readHiddenLine(`Value for ${name} (paste \u2014 input is hidden): `) : await readStdin();
+      const value = process.stdin.isTTY ? await readHiddenLine2(`Value for ${name} (paste \u2014 input is hidden): `) : await readStdin();
       if (!value)
         die("no value provided.");
-      const client = await getClient();
-      await client.set(name, value, fieldsFromFlags(flags));
-      await client.close();
+      const store = await openVaultCli();
+      await store.set(name, value, fieldsFromFlags(flags));
+      await store.close();
       console.log(`\u2713 Stored '${name}'.`);
       return;
     }
     case "import": {
       const file = positionals[0] ?? die("usage: keymaxxer import <file>");
-      if (!existsSync6(file))
+      if (!existsSync5(file))
         die(`file not found: ${file}`);
       const text = readFileSync3(file, "utf8");
-      const client = await getClient();
+      const store = await openVaultCli();
       let count = 0;
       for (const raw of text.split(`
 `)) {
@@ -1115,19 +1157,19 @@ For editors not auto-configured, add this MCP server:`);
         if (val.startsWith('"') && val.endsWith('"') || val.startsWith("'") && val.endsWith("'")) {
           val = val.slice(1, -1);
         }
-        await client.set(key, val, {});
+        await store.set(key, val, {});
         count++;
       }
-      await client.close();
+      await store.close();
       console.log(`\u2713 Imported ${count} secret(s) from ${file}.`);
       return;
     }
     case "list": {
-      const client = await getClient();
-      const metas = await client.list();
-      await client.close();
+      const store = await openVaultCli();
+      const metas = await store.list();
+      await store.close();
       if (metas.length === 0) {
-        console.log("No secrets yet. Add one: printf %s 'value' | keymaxxer set NAME");
+        console.log("No secrets yet. Add one: keymaxxer set NAME");
         return;
       }
       for (const m of metas) {
@@ -1143,9 +1185,9 @@ For editors not auto-configured, add this MCP server:`);
     }
     case "rm": {
       const name = positionals[0] ?? die("usage: keymaxxer rm <NAME>");
-      const client = await getClient();
-      const removed = await client.remove(name);
-      await client.close();
+      const store = await openVaultCli();
+      const removed = await store.remove(name);
+      await store.close();
       console.log(removed ? `\u2713 Removed '${name}'.` : `'${name}' not found.`);
       return;
     }
@@ -1155,9 +1197,13 @@ For editors not auto-configured, add this MCP server:`);
         die("usage: keymaxxer run --secrets a,b -- <command...>");
       const secrets = typeof flags.secrets === "string" && flags.secrets.length ? flags.secrets.split(",") : [];
       const timeoutMs = typeof flags.timeout === "string" ? Number(flags.timeout) : undefined;
-      const client = await getClient();
-      const res = await client.run({ command, secrets, timeoutMs });
-      await client.close();
+      const store = await openVaultCli();
+      let res;
+      try {
+        res = await runGated(store, { command, secrets, timeoutMs }, new Set);
+      } finally {
+        await store.close();
+      }
       if (res.stdout)
         process.stdout.write(res.stdout.endsWith(`
 `) ? res.stdout : res.stdout + `
@@ -1172,9 +1218,9 @@ For editors not auto-configured, add this MCP server:`);
     }
     case "audit": {
       const limit = typeof flags.limit === "string" ? Number(flags.limit) : 20;
-      const client = await getClient();
-      const entries = await client.audit(limit);
-      await client.close();
+      const store = await openVaultCli();
+      const entries = await store.recentAudit(limit);
+      await store.close();
       if (entries.length === 0) {
         console.log("No audit entries yet.");
         return;