Release secrets-mcp 0.3.0: folder/type schema and MCP folder disambiguation

- Rename namespace/kind to folder/type on entries, audit_log, and history tables; add notes. Unique key is (user_id, folder, name). - Service layer and MCP tools support name-first lookup with optional folder when multiple entries share the same name. - secrets_delete dry_run uses the same disambiguation as real deletes. - Add scripts/migrate-v0.3.0.sql for manual DB migration. Refresh README and AGENTS.md. Made-with: Cursor
2026-03-26 15:12:28 +08:00
parent f7afd7f819
commit 409fd78a35
21 changed files with 1108 additions and 558 deletions
--- a/crates/secrets-core/src/service/add.rs
+++ b/crates/secrets-core/src/service/add.rs
@@ -159,18 +159,20 @@ pub fn flatten_json_fields(prefix: &str, value: &Value) -> Vec<(String, Value)>

 #[derive(Debug, serde::Serialize)]
 pub struct AddResult {
-    pub namespace: String,
-    pub kind: String,
    pub name: String,
+    pub folder: String,
+    #[serde(rename = "type")]
+    pub entry_type: String,
    pub tags: Vec<String>,
    pub meta_keys: Vec<String>,
    pub secret_keys: Vec<String>,
 }

 pub struct AddParams<'a> {
-    pub namespace: &'a str,
-    pub kind: &'a str,
    pub name: &'a str,
+    pub folder: &'a str,
+    pub entry_type: &'a str,
+    pub notes: &'a str,
    pub tags: &'a [String],
    pub meta_entries: &'a [String],
    pub secret_entries: &'a [String],
@@ -186,25 +188,23 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->

    let mut tx = pool.begin().await?;

-    // Fetch existing entry (user-scoped or global depending on user_id)
+    // Fetch existing entry by (user_id, folder, name) — the natural unique key
    let existing: Option<EntryRow> = if let Some(uid) = params.user_id {
        sqlx::query_as(
-            "SELECT id, version, tags, metadata FROM entries \
-             WHERE user_id = $1 AND namespace = $2 AND kind = $3 AND name = $4",
+            "SELECT id, version, folder, type, tags, metadata, notes FROM entries \
+             WHERE user_id = $1 AND folder = $2 AND name = $3",
        )
        .bind(uid)
-        .bind(params.namespace)
-        .bind(params.kind)
+        .bind(params.folder)
        .bind(params.name)
        .fetch_optional(&mut *tx)
        .await?
    } else {
        sqlx::query_as(
-            "SELECT id, version, tags, metadata FROM entries \
-             WHERE user_id IS NULL AND namespace = $1 AND kind = $2 AND name = $3",
+            "SELECT id, version, folder, type, tags, metadata, notes FROM entries \
+             WHERE user_id IS NULL AND folder = $1 AND name = $2",
        )
-        .bind(params.namespace)
-        .bind(params.kind)
+        .bind(params.folder)
        .bind(params.name)
        .fetch_optional(&mut *tx)
        .await?
@@ -216,8 +216,8 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
            db::EntrySnapshotParams {
                entry_id: ex.id,
                user_id: params.user_id,
-                namespace: params.namespace,
-                kind: params.kind,
+                folder: params.folder,
+                entry_type: params.entry_type,
                name: params.name,
                version: ex.version,
                action: "add",
@@ -232,10 +232,13 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->

    let entry_id: Uuid = if let Some(uid) = params.user_id {
        sqlx::query_scalar(
-            r#"INSERT INTO entries (user_id, namespace, kind, name, tags, metadata, version, updated_at)
-               VALUES ($1, $2, $3, $4, $5, $6, 1, NOW())
-               ON CONFLICT (user_id, namespace, kind, name) WHERE user_id IS NOT NULL
+            r#"INSERT INTO entries (user_id, folder, type, name, notes, tags, metadata, version, updated_at)
+               VALUES ($1, $2, $3, $4, $5, $6, $7, 1, NOW())
+               ON CONFLICT (user_id, folder, name) WHERE user_id IS NOT NULL
               DO UPDATE SET
+                   folder     = EXCLUDED.folder,
+                   type       = EXCLUDED.type,
+                   notes      = EXCLUDED.notes,
                   tags       = EXCLUDED.tags,
                   metadata   = EXCLUDED.metadata,
                   version    = entries.version + 1,
@@ -243,28 +246,33 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
               RETURNING id"#,
        )
        .bind(uid)
-        .bind(params.namespace)
-        .bind(params.kind)
+        .bind(params.folder)
+        .bind(params.entry_type)
        .bind(params.name)
+        .bind(params.notes)
        .bind(params.tags)
        .bind(&metadata)
        .fetch_one(&mut *tx)
        .await?
    } else {
        sqlx::query_scalar(
-            r#"INSERT INTO entries (namespace, kind, name, tags, metadata, version, updated_at)
-               VALUES ($1, $2, $3, $4, $5, 1, NOW())
-               ON CONFLICT (namespace, kind, name) WHERE user_id IS NULL
+            r#"INSERT INTO entries (folder, type, name, notes, tags, metadata, version, updated_at)
+               VALUES ($1, $2, $3, $4, $5, $6, 1, NOW())
+               ON CONFLICT (folder, name) WHERE user_id IS NULL
               DO UPDATE SET
+                   folder     = EXCLUDED.folder,
+                   type       = EXCLUDED.type,
+                   notes      = EXCLUDED.notes,
                   tags       = EXCLUDED.tags,
                   metadata   = EXCLUDED.metadata,
                   version    = entries.version + 1,
                   updated_at = NOW()
               RETURNING id"#,
        )
-        .bind(params.namespace)
-        .bind(params.kind)
+        .bind(params.folder)
+        .bind(params.entry_type)
        .bind(params.name)
+        .bind(params.notes)
        .bind(params.tags)
        .bind(&metadata)
        .fetch_one(&mut *tx)
@@ -282,8 +290,8 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
            db::EntrySnapshotParams {
                entry_id,
                user_id: params.user_id,
-                namespace: params.namespace,
-                kind: params.kind,
+                folder: params.folder,
+                entry_type: params.entry_type,
                name: params.name,
                version: new_entry_version,
                action: "create",
@@ -348,8 +356,8 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
        &mut tx,
        params.user_id,
        "add",
-        params.namespace,
-        params.kind,
+        params.folder,
+        params.entry_type,
        params.name,
        serde_json::json!({
            "tags": params.tags,
@@ -362,9 +370,9 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
    tx.commit().await?;

    Ok(AddResult {
-        namespace: params.namespace.to_string(),
-        kind: params.kind.to_string(),
        name: params.name.to_string(),
+        folder: params.folder.to_string(),
+        entry_type: params.entry_type.to_string(),
        tags: params.tags.to_vec(),
        meta_keys,
        secret_keys,