Built-in agent presets ship with AutoUnseal=true, bypassing sealed-secret protection (+5 more)#204
Merged
Merged
Conversation
Built-in agent profiles were hardcoded with AutoUnseal=true, which unconditionally bypassed the sealed-secret response path. This allowed plaintext secrets to leak into LLM transcripts. Change all built-in presets (default, claude-code, codex, hermes, openclaw, opencode) to AutoUnseal=false so secrets are sealed by default. Closes #201
…cument them The skill documentation did not recommend execute_with_secret or execute_api_request as preferred tools, steering agents toward get_entry_value + manual curl which leaks secrets into transcripts. Update the skill doc to prominently feature the safe tools with worked examples and anti-pattern callouts. Enable CanRunCommands for named built-in agent profiles (claude-code, codex, hermes, openclaw, opencode) so they can actually use these tools. Closes #203
…ith_secret Agent-supplied env_vars were merged verbatim into the subprocess environment, allowing LD_PRELOAD, NODE_OPTIONS, BASH_ENV, and similar injection vectors. Add a denylist covering loader and interpreter injection variables, reject requests containing them before execution, and surface the command and env-var keys in the approval prompt so human approvers can see what is actually being executed. Closes #198
…terns DetectSecretType already recognizes GitHub tokens, AWS keys, SSH keys, and other secret types, but the result was never used to set entry.Classification. This meant the sealed-secret protection in tools_get.go never triggered for auto-detected secrets. Add InferClassification() that scans entry.Data values and maps detected secret types to taint.Classification levels. High-risk secrets (SSH keys, certificates, TOTP seeds) map to Restricted; tokens and API keys map to Secret; passwords map to Confidential. The inference runs on every write and never lowers a manually-set classification. Closes #202
Deprecated MCP commands (mcp install, mcp-config, mcp-token-rotate, mcp token) still showed full v3 behavior descriptions in --help, confusing users. Replace with concise deprecation notices that name the v4 replacements, hide the commands from top-level help, and print migration hints to stderr on invocation. Closes #200
listPseudonymized previously walked entries sequentially with no caching, while the non-pseudonymized path used both an in-memory cache and a bounded worker pool. This caused up to 2x sequential age decryptions per find_entries call on pseudonymized vaults. Add an mtime-invalidated in-memory cache for pseudonymized listings and replace the serial walk with the same bounded worker pool used by FindWithOptions. Reuse decrypted entries between the listing pass and the second pass of FindWithOptions so each entry is decrypted at most once per call. Closes #199
danieljustus
changed the title
danieljustus
added a commit
that referenced
this pull request
May 22, 2026
- Apply gofmt to cmd/mcp/mcp_config.go, cmd/mcp/mcp_token.go, internal/mcp/server/tools_execute_with_secret.go - Remove unused agentWriteConfig variable from cmd/mcp/agent.go - Update tests to not pass removed flags on deprecated mcp-config and mcp token commands - Add Example field to mcpCmd Refs PR #204
danieljustus
added a commit
that referenced
this pull request
May 22, 2026
- Apply gofmt to cmd/mcp/mcp_config.go, cmd/mcp/mcp_token.go, internal/mcp/server/tools_execute_with_secret.go - Remove unused agentWriteConfig variable from cmd/mcp/agent.go - Update tests to not pass removed flags on deprecated mcp-config and mcp token commands - Add Example field to mcpCmd Refs PR #204
danieljustus
force-pushed
the
session/20260522-151856
branch
from
f6f9258 to
9156e2f
Compare
- Apply gofmt to cmd/mcp/mcp_config.go, cmd/mcp/mcp_token.go, internal/mcp/server/tools_execute_with_secret.go - Remove unused agentWriteConfig variable from cmd/mcp/agent.go - Update tests to not pass removed flags on deprecated mcp-config and mcp token commands - Add Example field to mcpCmd Refs PR #204
danieljustus
force-pushed
the
session/20260522-151856
branch
from
9156e2f to
a0d0486
Compare
Upgraded golang.org/x/net v0.54.0 → v0.55.0 to resolve OSV scanner findings (GO-2026-5025..5030). Refs PR #204
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bundles fixes for multiple open issues. The list below grows as commits land; every linked issue will close automatically on merge.
Milestone: v4.0.1