feat(auth): 服务端托管 Google OAuth；修复未解锁 vault 时 bootstrap

- API：桌面登录 session、Google 托管回调与轮询
- Desktop：轮询登录；bootstrap 在 vault 未解锁时不返回 shell，避免跳过主密码
- 文档与 deploy/.env.example 对齐 GOOGLE_OAUTH_* 与 SECRETS_PUBLIC_BASE_URL

.gitea/workflows/secrets.yml

@@ -1,13 +1,13 @@
-name: Secrets CLI - Build & Release
+name: Secrets v3 CI
 
 on:
   push:
-    branches: [main]
     paths:
-      - 'src/**'
+      - 'crates/**'
       - 'Cargo.toml'
       - 'Cargo.lock'
-      - '.gitea/workflows/secrets.yml'
+      - 'deploy/**'
+      - '.gitea/workflows/**'
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -17,127 +17,40 @@ permissions:
   contents: write
 
 env:
-  BINARY_NAME: secrets
+  RUST_TOOLCHAIN: 1.94.0
   CARGO_INCREMENTAL: 0
   CARGO_NET_RETRY: 10
   CARGO_TERM_COLOR: always
   RUST_BACKTRACE: short
+  MUSL_TARGET: x86_64-unknown-linux-musl
 
 jobs:
-  # ========== 版本检查（只跑一次，供后续 job 共用）==========
-  version:
-    name: 检查版本
+  ci:
+    name: 检查
     runs-on: debian
-    outputs:
-      version: ${{ steps.version.outputs.version }}
-      tag: ${{ steps.version.outputs.tag }}
-      tag_exists: ${{ steps.version.outputs.tag_exists }}
+    timeout-minutes: 40
     steps:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
 
-      - name: 检查版本
-        id: version
+      # ── Rust 工具链 ──────────────────────────────────────────────────────
+      - name: 安装 Rust 与 musl 工具链
         run: |
-          version=$(grep -m1 '^version' Cargo.toml | sed 's/.*"\(.*\)".*/\1/')
-          tag="secrets-${version}"
-          echo "version=${version}" >> $GITHUB_OUTPUT
-          echo "tag=${tag}" >> $GITHUB_OUTPUT
-
-          if git rev-parse "refs/tags/${tag}" >/dev/null 2>&1; then
-            echo "tag_exists=true" >> $GITHUB_OUTPUT
-            echo "版本 ${tag} 已存在"
-          else
-            echo "tag_exists=false" >> $GITHUB_OUTPUT
-            echo "将创建新版本 ${tag}"
+          sudo apt-get update -qq
+          sudo apt-get install -y -qq pkg-config musl-tools binutils jq
+          if ! command -v rustup >/dev/null 2>&1; then
+            curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain "${RUST_TOOLCHAIN}"
+            echo "$HOME/.cargo/bin" >> "$GITHUB_PATH"
           fi
+          source "$HOME/.cargo/env" 2>/dev/null || true
+          rustup toolchain install "${RUST_TOOLCHAIN}" --profile minimal \
+            --component rustfmt --component clippy
+          rustup default "${RUST_TOOLCHAIN}"
+          rustup target add "${MUSL_TARGET}" --toolchain "${RUST_TOOLCHAIN}"
+          rustc -V && cargo -V
 
-      - name: 创建 Tag
-        if: steps.version.outputs.tag_exists == 'false'
-        run: |
-          git config user.name "github-actions[bot]"
-          git config user.email "github-actions[bot]@users.noreply.github.com"
-          git tag -a "${{ steps.version.outputs.tag }}" -m "Release ${{ steps.version.outputs.tag }}"
-          git push origin "${{ steps.version.outputs.tag }}"
-
-  # ========== 矩阵构建 ==========
-  build:
-    name: Build (${{ matrix.target }})
-    needs: version
-    continue-on-error: true       # 某平台失败/超时不阻断其他平台和 notify
-    timeout-minutes: 30           # runner 不在线时 30 分钟后放弃
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - runner: debian
-            target: x86_64-unknown-linux-musl
-            archive_suffix: x86_64-linux-musl
-            os: linux
-          - runner: darwin-arm64
-            target: aarch64-apple-darwin
-            archive_suffix: aarch64-macos
-            os: macos
-          - runner: windows
-            target: x86_64-pc-windows-msvc
-            archive_suffix: x86_64-windows
-            os: windows
-
-    runs-on: ${{ matrix.runner }}
-    steps:
-      # ========== 环境准备 ==========
-      - name: 安装依赖 (Linux)
-        if: matrix.os == 'linux'
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y jq curl git pkg-config musl-tools binutils
-
-          if ! command -v cargo &>/dev/null; then
-            echo "安装 Rust 工具链..."
-            curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
-            source "$HOME/.cargo/env"
-            rustup component add rustfmt clippy
-          fi
-
-          rustup target add ${{ matrix.target }}
-          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-
-      - name: 安装依赖 (macOS)
-        if: matrix.os == 'macos'
-        run: |
-          brew install jq
-
-          if ! command -v cargo &>/dev/null; then
-            echo "安装 Rust 工具链..."
-            curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain stable
-            source "$HOME/.cargo/env"
-            rustup component add rustfmt clippy
-          fi
-
-          rustup target add ${{ matrix.target }}
-          echo "$HOME/.cargo/bin" >> $GITHUB_PATH
-
-      - name: 安装依赖 (Windows)
-        if: matrix.os == 'windows'
-        shell: pwsh
-        run: |
-          # 检查 Rust 是否已安装
-          if (-not (Get-Command cargo -ErrorAction SilentlyContinue)) {
-            Write-Host "安装 Rust 工具链..."
-            Invoke-WebRequest -Uri "https://win.rustup.rs/x86_64" -OutFile rustup-init.exe
-            .\rustup-init.exe -y --default-toolchain stable
-            Remove-Item rustup-init.exe
-          }
-          rustup component add rustfmt clippy
-          rustup target add ${{ matrix.target }}
-
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      # ========== Cargo 缓存 ==========
-      - name: 缓存 Cargo 依赖
+      - name: 缓存 Cargo
         uses: actions/cache@v4
         with:
           path: |
@@ -145,169 +58,44 @@ jobs:
             ~/.cargo/registry/cache
             ~/.cargo/git/db
             target
-          key: cargo-secrets-${{ matrix.target }}-${{ hashFiles('Cargo.lock') }}
+          key: cargo-${{ env.MUSL_TARGET }}-${{ env.RUST_TOOLCHAIN }}-${{ hashFiles('Cargo.lock') }}
           restore-keys: |
-            cargo-secrets-${{ matrix.target }}-
+            cargo-${{ env.MUSL_TARGET }}-${{ env.RUST_TOOLCHAIN }}-
+            cargo-${{ env.MUSL_TARGET }}-
 
-      - name: 检查代码格式
-        if: matrix.os != 'windows'
+      # ── 质量检查（先于构建，失败即止）──────────────────────────────────
+      - name: fmt
         run: cargo fmt -- --check
 
-      - name: 检查代码格式 (Windows)
-        if: matrix.os == 'windows'
-        shell: pwsh
-        run: cargo fmt -- --check
+      - name: clippy
+        run: cargo clippy --locked -- -D warnings
 
-      - name: 运行 Clippy 检查
-        if: matrix.os != 'windows'
-        run: cargo clippy --release --target ${{ matrix.target }} -- -D warnings
+      - name: test
+        run: cargo test --locked
 
-      - name: 运行 Clippy 检查 (Windows)
-        if: matrix.os == 'windows'
-        shell: pwsh
-        run: cargo clippy --release --target ${{ matrix.target }} -- -D warnings
-
-      - name: 构建
-        if: matrix.os != 'windows'
-        env:
-          GIT_TAG: ${{ needs.version.outputs.version }}
-        run: cargo build --release --target ${{ matrix.target }} --verbose
-
-      - name: 构建 (Windows)
-        if: matrix.os == 'windows'
-        shell: pwsh
-        env:
-          GIT_TAG: ${{ needs.version.outputs.version }}
-        run: cargo build --release --target ${{ matrix.target }} --verbose
-
-      - name: Strip 二进制 (Linux)
-        if: matrix.os == 'linux'
-        run: strip target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}
-
-      - name: Strip 二进制 (macOS)
-        if: matrix.os == 'macos'
-        run: strip -x target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}
-
-      # ========== 上传 Release 产物 ==========
-      - name: 上传 Release 产物 (Linux/macOS)
-        if: needs.version.outputs.tag_exists == 'false' && matrix.os != 'windows'
-        env:
-          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+      - name: 构建 secrets-api
         run: |
-          [ -z "$RELEASE_TOKEN" ] && echo "跳过：未配置 RELEASE_TOKEN" && exit 0
+          cargo build --release --locked -p secrets-api
 
-          tag="${{ needs.version.outputs.tag }}"
-          binary="target/${{ matrix.target }}/release/${{ env.BINARY_NAME }}"
-          archive="${{ env.BINARY_NAME }}-${tag}-${{ matrix.archive_suffix }}.tar.gz"
-
-          tar -czf "$archive" -C "$(dirname $binary)" "$(basename $binary)"
-
-          # 查找已有 Release（由首个完成的 job 创建，后续 job 直接上传）
-          release_url="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases"
-          release_id=$(curl -sS -H "Authorization: token $RELEASE_TOKEN" \
-            "${release_url}/tags/${tag}" | jq -r '.id // empty')
-
-          if [ -z "$release_id" ]; then
-            release_id=$(curl -sS -H "Authorization: token $RELEASE_TOKEN" \
-              -H "Content-Type: application/json" \
-              -X POST "$release_url" \
-              -d "{\"tag_name\": \"${tag}\", \"name\": \"${tag}\", \"body\": \"Release ${tag}\"}" \
-              | jq -r '.id')
-          fi
-
-          upload_url="${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases/${release_id}/assets"
-          curl -sS -H "Authorization: token $RELEASE_TOKEN" \
-            -F "attachment=@${archive}" \
-            "$upload_url"
-
-          echo "已上传: ${archive} → Release ${tag}"
-
-      - name: 上传 Release 产物 (Windows)
-        if: needs.version.outputs.tag_exists == 'false' && matrix.os == 'windows'
-        shell: pwsh
-        env:
-          RELEASE_TOKEN: ${{ secrets.RELEASE_TOKEN }}
+      - name: 构建 secrets-desktop-daemon
         run: |
-          if (-not $env:RELEASE_TOKEN) { Write-Host "跳过：未配置 RELEASE_TOKEN"; exit 0 }
+          cargo build --release --locked -p secrets-desktop-daemon
 
-          $tag = "${{ needs.version.outputs.tag }}"
-          $binary = "target\${{ matrix.target }}\release\${{ env.BINARY_NAME }}.exe"
-          $archive = "${{ env.BINARY_NAME }}-${tag}-${{ matrix.archive_suffix }}.zip"
-
-          Compress-Archive -Path $binary -DestinationPath $archive
-
-          $headers = @{ "Authorization" = "token $env:RELEASE_TOKEN"; "Content-Type" = "application/json" }
-          $release_url = "${{ github.server_url }}/api/v1/repos/${{ github.repository }}/releases"
-
-          # 查找已有 Release
-          $existing = Invoke-RestMethod -Uri "${release_url}/tags/${tag}" -Headers $headers -ErrorAction SilentlyContinue
-          if ($existing.id) {
-            $release_id = $existing.id
-          } else {
-            $body = @{ tag_name = $tag; name = $tag; body = "Release ${tag}" } | ConvertTo-Json
-            $release_id = (Invoke-RestMethod -Uri $release_url -Method Post -Headers $headers -Body $body).id
-          }
-
-          $upload_url = "${release_url}/${release_id}/assets"
-          $upload_headers = @{ "Authorization" = "token $env:RELEASE_TOKEN" }
-          $form = @{ attachment = Get-Item $archive }
-          Invoke-RestMethod -Uri $upload_url -Method Post -Headers $upload_headers -Form $form
-
-          Write-Host "已上传: ${archive} → Release ${tag}"
-
-  # ========== 汇总通知 ==========
-  notify:
-    name: 发送通知
-    needs: [version, build]
-    if: always() && github.event_name == 'push'
-    runs-on: debian
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: 发送通知
-        continue-on-error: true
+      # ── 飞书汇总通知 ─────────────────────────────────────────────────────
+      - name: 飞书通知
+        if: always()
         env:
           WEBHOOK_URL: ${{ vars.WEBHOOK_URL }}
         run: |
           [ -z "$WEBHOOK_URL" ] && exit 0
-
-          tag="${{ needs.version.outputs.tag }}"
-          tag_exists="${{ needs.version.outputs.tag_exists }}"
-          build_result="${{ needs.build.result }}"
-
-          if [ "$build_result" = "success" ]; then
-            status_text="构建成功 ✅"
-          else
-            status_text="构建失败 ❌"
-          fi
-
-          commit_title=$(git log -1 --pretty=format:"%s" 2>/dev/null || echo "N/A")
-          workflow_url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}"
-
-          if [ "$build_result" != "success" ]; then
-            payload=$(jq -n \
-              --arg title "${{ env.BINARY_NAME }} ${status_text}" \
-              --arg commit "$commit_title" \
-              --arg version "$tag" \
-              --arg author "${{ github.actor }}" \
-              --arg url "$workflow_url" \
-              '{msg_type: "text", content: {text: "\($title)\n提交：\($commit)\n版本：\($version)\n作者：\($author)\n详情：\($url)"}}')
-          elif [ "$tag_exists" = "false" ]; then
-            payload=$(jq -n \
-              --arg title "${{ env.BINARY_NAME }} ${status_text}" \
-              --arg commit "$commit_title" \
-              --arg version "$tag" \
-              --arg author "${{ github.actor }}" \
-              --arg url "$workflow_url" \
-              '{msg_type: "text", content: {text: "\($title)\n🆕 新版本已发布 (linux / macOS / windows)\n提交：\($commit)\n版本：\($version)\n作者：\($author)\n详情：\($url)"}}')
-          else
-            payload=$(jq -n \
-              --arg title "${{ env.BINARY_NAME }} ${status_text}" \
-              --arg commit "$commit_title" \
-              --arg version "$tag" \
-              --arg author "${{ github.actor }}" \
-              --arg url "$workflow_url" \
-              '{msg_type: "text", content: {text: "\($title)\n🔄 重复构建\n提交：\($commit)\n版本：\($version)\n作者：\($author)\n详情：\($url)"}}')
-          fi
-
+          commit="${{ github.event.head_commit.message }}"
+          [ -z "$commit" ] && commit="${{ github.sha }}"
+          url="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_number }}"
+          result="${{ job.status }}"
+          if [ "$result" = "success" ]; then icon="✅"; else icon="❌"; fi
+          msg="secrets v3 CI ${icon}
+          提交：${commit}
+          作者：${{ github.actor }}
+          详情：${url}"
+          payload=$(jq -n --arg text "$msg" '{msg_type: "text", content: {text: $text}}')
           curl -sS -H "Content-Type: application/json" -X POST -d "$payload" "$WEBHOOK_URL"

.gitignore

@@ -1,2 +1,15 @@
 /target
 .env
+.DS_Store
+.cursor/
+*.pem
+tmp/
+client_secret_*.apps.googleusercontent.com.json
+node_modules/
+*.pyc
+
+# Tauri app icon pack: generated by `cargo tauri icon apps/desktop/src-tauri/icons/icon.png`
+# Version control only the 1024×1024 master; regenerate the rest locally or in release builds.
+apps/desktop/src-tauri/icons/**
+!apps/desktop/src-tauri/icons/
+!apps/desktop/src-tauri/icons/icon.png

.vscode/tasks.json

@@ -1,107 +0,0 @@
-{
-  "version": "2.0.0",
-  "tasks": [
-    {
-      "label": "build",
-      "type": "shell",
-      "command": "cargo build",
-      "group": { "kind": "build", "isDefault": true }
-    },
-    {
-      "label": "cli: version",
-      "type": "shell",
-      "command": "./target/debug/secrets -V",
-      "dependsOn": "build"
-    },
-    {
-      "label": "cli: help",
-      "type": "shell",
-      "command": "./target/debug/secrets --help",
-      "dependsOn": "build"
-    },
-    {
-      "label": "cli: help add",
-      "type": "shell",
-      "command": "./target/debug/secrets help add",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search all",
-      "type": "shell",
-      "command": "./target/debug/secrets search",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search by namespace (refining)",
-      "type": "shell",
-      "command": "./target/debug/secrets search -n refining",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search by namespace (ricnsmart)",
-      "type": "shell",
-      "command": "./target/debug/secrets search -n ricnsmart",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search servers",
-      "type": "shell",
-      "command": "./target/debug/secrets search --kind server",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search services",
-      "type": "shell",
-      "command": "./target/debug/secrets search --kind service",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search keys",
-      "type": "shell",
-      "command": "./target/debug/secrets search --kind key",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search by tag (aliyun)",
-      "type": "shell",
-      "command": "./target/debug/secrets search --tag aliyun",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search by tag (hongkong)",
-      "type": "shell",
-      "command": "./target/debug/secrets search --tag hongkong",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search keyword (gitea)",
-      "type": "shell",
-      "command": "./target/debug/secrets search -q gitea",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: search with secrets revealed",
-      "type": "shell",
-      "command": "./target/debug/secrets search -n refining --kind service --name gitea --show-secrets",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: combined search (ricnsmart + server + shanghai)",
-      "type": "shell",
-      "command": "./target/debug/secrets search -n ricnsmart --kind server --tag shanghai",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: add + delete roundtrip",
-      "type": "shell",
-      "command": "echo '--- add ---' && ./target/debug/secrets add -n test --kind demo --name roundtrip-test --tag test -m foo=bar -s password=secret123 && echo '--- search ---' && ./target/debug/secrets search -n test --show-secrets && echo '--- delete ---' && ./target/debug/secrets delete -n test --kind demo --name roundtrip-test && echo '--- verify deleted ---' && ./target/debug/secrets search -n test",
-      "dependsOn": "build"
-    },
-    {
-      "label": "test: add with file secret",
-      "type": "shell",
-      "command": "echo '--- add key from file ---' && ./target/debug/secrets add -n test --kind key --name test-key --tag test -s content=@./refining/keys/Vultr && echo '--- verify ---' && ./target/debug/secrets search -n test --kind key --show-secrets && echo '--- cleanup ---' && ./target/debug/secrets delete -n test --kind key --name test-key",
-      "dependsOn": "build"
-    }
-  ]
-}

AGENTS.md

@@ -1,130 +1,240 @@
-# Secrets CLI — AGENTS.md
+# Secrets — AGENTS.md
 
-跨设备密钥与配置管理 CLI 工具，将 refining / ricnsmart 两个项目的服务器信息、服务凭据存储到 PostgreSQL 18，供 AI 工具读取上下文。
+本仓库当前为 **v3 桌面端架构**：
+
+- `apps/api`：远端 JSON API
+- `apps/desktop/src-tauri`：桌面客户端
+- `crates/desktop-daemon`：本地 MCP daemon
+- `crates/application` / `domain` / `infrastructure-db`：v3 业务与数据层
+
+旧 `secrets-core` / `secrets-mcp` / `secrets-mcp-local` 已移除，不再作为开发入口。
+
+## 版本控制
+
+本仓库使用 **[Jujutsu (jj)](https://jj-vcs.dev/)** 作为版本控制系统（纯 jj 模式，无 `.git` 目录）。
+
+### 常用 jj 命令对照
+
+| 操作 | jj 命令 |
+|------|---------|
+| 查看历史 | `jj log` / `jj log 'all()'` |
+| 查看状态 | `jj status` |
+| 新建提交 | `jj commit` |
+| 创建新变更 | `jj new` |
+| 变基 | `jj rebase` |
+| 合并提交 | `jj squash` |
+| 撤销操作 | `jj undo` |
+| 查看标签 | `jj tag list` |
+| 查看分支 | `jj bookmark list` |
+| 推送远端 | `jj git push` |
+| 拉取远端 | `jj git fetch` |
+
+### 注意事项
+
+- 本仓库为纯 `jj` 模式，本地不要使用 `git` 命令。
+- CI Runner 侧仍可能使用 `git` 拉代码，这不影响本地开发。
+- 检查 tag 是否存在时，使用 `jj log --no-graph --revisions "tag(${tag})"`。
+
+## 提交前检查
+
+每次提交前至少运行：
+
+```bash
+cargo fmt -- --check
+cargo clippy --locked -- -D warnings
+cargo test --locked
+```
+
+也可以直接运行：
+
+```bash
+./scripts/release-check.sh
+```
 
 ## 项目结构
 
-```
+```text
 secrets/
-  src/
-    main.rs              # CLI 入口，clap 命令定义，auto-migrate
-    db.rs                # PgPool 创建 + 建表/索引（幂等）
-    models.rs            # Secret 结构体（sqlx::FromRow + serde）
-    commands/
-      add.rs             # add 命令：upsert，支持 --meta key=value / --secret key=@file
-      search.rs          # search 命令：多条件动态查询
-      delete.rs          # delete 命令
+  Cargo.toml
+  apps/
+    api/                  # 远端 JSON API
+    desktop/src-tauri/    # 桌面端
+  crates/
+    application/          # v3 应用服务
+    client-integrations/  # Cursor / Claude Code 配置注入
+    crypto/               # 通用加密辅助
+    desktop-daemon/       # 本地 MCP daemon
+    device-auth/          # 设备登录 / Desktop OAuth 辅助
+    domain/               # v3 领域模型
+    infrastructure-db/    # 数据库与迁移
+  deploy/
   scripts/
-    seed-data.sh         # 从 refining/ricnsmart config.toml 导入全量数据
   .gitea/workflows/
-    secrets.yml          # CI：fmt + clippy + musl 构建 + Release 上传 + 飞书通知
-  .vscode/tasks.json     # 本地测试任务（build / search / add+delete roundtrip 等）
-  .env                   # DATABASE_URL（gitignore，不提交）
+  .vscode/tasks.json
 ```
 
 ## 数据库
 
-- **Host**: `47.117.131.22:5432`（阿里云上海 ECS，PostgreSQL 18 with io_uring）
-- **Database**: `secrets`
-- **连接串**: `postgres://postgres:<password>@47.117.131.22:5432/secrets`
-- **表**: 单张 `secrets` 表，首次连接自动建表（auto-migrate）
+- 建议数据库名：`secrets-v3`
+- 连接串：`SECRETS_DATABASE_URL`
+- 首次连接会自动运行 `secrets-infrastructure-db::migrate_current_schema`
 
-### 表结构
+当前 v3 主要表：
 
-```sql
-secrets (
-  id          UUID PRIMARY KEY DEFAULT uuidv7(),  -- PG18 时间有序 UUID
-  namespace   VARCHAR(64)   NOT NULL,              -- 一级隔离: "refining" | "ricnsmart"
-  kind        VARCHAR(64)   NOT NULL,              -- 类型: "server" | "service"（可扩展）
-  name        VARCHAR(256)  NOT NULL,              -- 人类可读标识
-  tags        TEXT[]        NOT NULL DEFAULT '{}', -- 灵活标签: ["aliyun","hongkong"]
-  metadata    JSONB         NOT NULL DEFAULT '{}', -- 明文描述: ip, desc, domains, location...
-  encrypted   JSONB         NOT NULL DEFAULT '{}', -- 敏感数据: ssh_key, password, token...
-  created_at  TIMESTAMPTZ   NOT NULL DEFAULT NOW(),
-  updated_at  TIMESTAMPTZ   NOT NULL DEFAULT NOW(),
-  UNIQUE(namespace, kind, name)
-)
+- `users`
+- `oauth_accounts`
+- `devices`
+- `device_login_tokens`
+- `auth_events`
+- `vault_objects`
+- `vault_object_revisions`
+
+### 当前模型约束
+
+- 服务端只保存同步所需的密文对象与版本信息
+- 搜索、详情、reveal、history 主要在 desktop 本地 vault 中完成
+- 删除通过对象级 `deleted_at` / tombstone 传播
+- 历史服务端保留在 `vault_object_revisions`，本地另有 `vault_object_history`
+
+### 字段职责
+
+| 字段 | 含义 | 示例 |
+|------|------|------|
+| `object_id` | 同步对象标识 | `UUID` |
+| `object_kind` | 当前对象类别 | `cipher` |
+| `revision` | 对象版本号 | `12` |
+| `cipher_version` | 密文封装版本 | `1` |
+| `ciphertext` | 密文对象载荷 | AES-GCM 密文 |
+| `content_hash` | 密文内容摘要 | `sha256:...` |
+| `deleted_at` | 对象删除时间 | `2026-04-14T12:00:00Z` |
+
+## Google 登录
+
+当前登录流为 **Google Desktop OAuth**：
+
+- 桌面端使用系统浏览器拉起 Google 授权
+- API 服务端持有 Google OAuth client 配置并处理 callback / token exchange
+- desktop 创建一次性 login session，打开托管登录页后轮询状态
+- API 校验 Google userinfo 后发放本地 device token
+
+官网 DMG 正式分发时，服务端至少需要配置：
+
+- `SECRETS_PUBLIC_BASE_URL`
+- `GOOGLE_OAUTH_CLIENT_ID`
+- `GOOGLE_OAUTH_CLIENT_SECRET`
+- `GOOGLE_OAUTH_REDIRECT_URI`
+
+推荐约束：
+
+- `SECRETS_PUBLIC_BASE_URL` 使用用户浏览器实际访问的 HTTPS 官网地址
+- `GOOGLE_OAUTH_REDIRECT_URI` 配置为 `${SECRETS_PUBLIC_BASE_URL}/auth/google/callback`
+- `GOOGLE_OAUTH_CLIENT_SECRET` 只保留在服务端环境变量或密钥管理系统中，不入库
+- Google Cloud Console 中登记的 callback URL 必须与 `GOOGLE_OAUTH_REDIRECT_URI` 完全一致
+
+## MCP
+
+本地 MCP 入口由 `crates/desktop-daemon` 提供，默认地址：
+
+```text
+http://127.0.0.1:9515/mcp
 ```
 
-### 字段职责划分
+当前暴露的工具：
 
-| 字段 | 存什么 | 示例 |
-|------|--------|------|
-| `namespace` | 项目/团队隔离 | `refining`, `ricnsmart` |
-| `kind` | 记录类型 | `server`, `service` |
-| `name` | 唯一标识名 | `i-uf63f2uookgs5uxmrdyc`, `gitea` |
-| `tags` | 多维分类标签 | `["aliyun","hongkong","ricn"]` |
-| `metadata` | 明文非敏感信息 | `{"ip":"47.243.154.187","desc":"Grafana","domains":["..."]}` |
-| `encrypted` | 敏感凭据（MVP 阶段明文存储，后续对 value 加密） | `{"ssh_key":"-----BEGIN...","password":"..."}` |
+- `secrets_entry_find`
+- `secrets_entry_get`
+- `secrets_entry_add`
+- `secrets_entry_update`
+- `secrets_entry_delete`
+- `secrets_entry_restore`
+- `secrets_secret_add`
+- `secrets_secret_update`
+- `secrets_secret_delete`
+- `secrets_secret_history`
+- `secrets_secret_rollback`
+- `target_exec`
 
-## CLI 命令
+当前不保留：
+
+- `secrets_env_map`
+
+### `target_exec`
+
+`target_exec` 会显式读取 entry 当前 secrets 的真实值，并从 metadata / secrets 派生标准环境变量，例如：
+
+- `TARGET_ENTRY_ID`
+- `TARGET_NAME`
+- `TARGET_FOLDER`
+- `TARGET_TYPE`
+- `TARGET_HOST`
+- `TARGET_PORT`
+- `TARGET_USER`
+- `TARGET_BASE_URL`
+- `TARGET_API_KEY`
+- `TARGET_TOKEN`
+- `TARGET_SSH_KEY`
+
+## 桌面端
+
+桌面端当前支持：
+
+- Google 登录
+- 自动写入 `Cursor` / `Claude Code` 的 `mcp.json`
+- 新建条目
+- 搜索、按 type 筛选
+- 右侧原地编辑
+- secret 新增、编辑、删除
+- secret 明文显示 / 复制
+- secret 历史查看与回滚
+- 删除到最近删除与恢复
+- 登录态仅在当前 desktop 进程内有效，不做自动恢复登录
+- desktop 进程退出后，本地 daemon 所有工具不可用
+
+### 配置注入
+
+桌面端会把本地 daemon 配置写入：
+
+- `~/.cursor/mcp.json`
+- `~/.claude/mcp.json`
+
+写入策略：
+
+- 保留现有其它 `mcpServers`
+- 仅覆盖同名 `secrets` 节点
+
+### 图标与前端 dist（本地 / CI）
+
+版本库为减小噪音，**不提交** Tauri 生成的多尺寸图标包；但 **`apps/desktop/dist/`** 现在作为桌面端前端静态资源目录，**需要提交到版本库**，以保证新机器 clone 后可直接运行 Tauri desktop。
+
+- **图标**：仅跟踪 `apps/desktop/src-tauri/icons/icon.png` 作为源图（建议 **1024×1024** PNG）。检出代码后，若需要完整 `icons/`（例如打包、验证窗口/托盘图标），在 **`apps/desktop/src-tauri`** 下执行：
 
   ```bash
-# 查看版本
-secrets -V / --version
-
-# 查看帮助
-secrets -h / --help
-secrets help <subcommand>   # 子命令详细帮助，如 secrets help add
-
-# 添加或更新记录（upsert）
-secrets add -n <namespace> --kind <kind> --name <name> \
-  [--tag <tag>]...          # 可重复
-  [-m key=value]...         # --meta 明文字段，-m 是短标志
-  [-s key=value]...         # --secret 敏感字段，value 以 @ 开头表示从文件读取
-
-# 搜索（默认隐藏 encrypted 内容）
-secrets search [-n <namespace>] [--kind <kind>] [--tag <tag>] [-q <keyword>] [--show-secrets]
-# -q 匹配范围：name、namespace、kind、metadata 全文内容、tags
-
-# 删除
-secrets delete -n <namespace> --kind <kind> --name <name>
+  cd apps/desktop/src-tauri
+  cargo tauri icon icons/icon.png
   ```
 
-### 示例
+  需已安装 **Tauri CLI**（例如 `cargo install tauri-cli`，或与项目一致的 `cargo-tauri` 版本）。
 
-```bash
-# 添加服务器
-secrets add -n refining --kind server --name i-uf63f2uookgs5uxmrdyc \
-  --tag aliyun --tag shanghai \
-  -m ip=47.117.131.22 -m desc="Aliyun Shanghai ECS" \
-  -s username=root -s ssh_key=@./keys/voson_shanghai_e.pem
-
-# 添加服务凭据
-secrets add -n refining --kind service --name gitea \
-  --tag gitea \
-  -m url=https://gitea.refining.dev \
-  -s token=<token>
-
-# 搜索含 mqtt 的所有记录
-secrets search -q mqtt
-
-# 查看 refining 的全部服务配置（显示 secrets）
-secrets search -n refining --kind service --show-secrets
-
-# 按 tag 筛选
-secrets search --tag hongkong
-```
+- **前端 dist**：`tauri.conf.json` 中 `build.frontendDist` 指向 `../dist`。当前仓库直接跟踪 **`apps/desktop/dist/`** 下的静态页面资源，因此新机器 clone 后无需额外生成前端产物即可运行 `cargo run -p secrets-desktop`。若后续引入独立前端构建链，再单独把这部分切回构建产物管理。
 
 ## 代码规范
 
-- 错误处理：统一使用 `anyhow::Result`，不用 `unwrap()`
-- 异步：全程 `tokio`，数据库操作 `sqlx` async
-- SQL：使用 `sqlx::query` / `sqlx::query_as` 绑定参数，禁止字符串拼接（搜索的动态 WHERE 子句除外，需使用参数绑定 `$1/$2`）
-- 新增 `kind` 类型时：只需在 `add` 调用时传入，无需改代码
-- 字段命名：CLI 短标志 `-n`=namespace，`-m`=meta，`-s`=secret，`-q`=query
+- 业务层优先使用 `anyhow::Result`
+- 避免生产路径 `unwrap()`
+- 使用 `tokio` + `sqlx` async
+- SQL 使用参数绑定，不要手拼用户输入
+- 运维日志使用 `tracing`
+- 变更后优先跑最小必要验证，不要只改不测
 
-## CI/CD
+## CI / 脚本
 
-- Gitea Actions（runner: debian）
-- 触发：`src/**`、`Cargo.toml`、`Cargo.lock` 变更推送到 main
-- 构建目标：`x86_64-unknown-linux-musl`（静态链接，无 glibc 依赖）
-- 新版本自动打 Tag（格式 `secrets-<version>`）并上传二进制到 Gitea Release
-- 通知：飞书 Webhook（`vars.WEBHOOK_URL`）
-- 所需 secrets/vars：`RELEASE_TOKEN`（Release 上传，Gitea PAT）、`vars.WEBHOOK_URL`（通知，可选）
+- `.gitea/workflows/secrets.yml` 现在是 v3 workspace 级 CI
+- `scripts/release-check.sh` 只做 workspace 质量检查
+- `deploy/.env.example` 反映当前 v3 API / daemon / desktop 登录配置
 
-## 环境变量
+## 安全约束
 
-| 变量 | 说明 |
-|------|------|
-| `DATABASE_URL` | PostgreSQL 连接串，优先级高于 `--db-url` 参数 |
+- 不要把 Google `client_secret` 提交到受版本控制的配置文件中
+- 不要把 device token、数据库密码、真实生产密钥提交入库
+- 数据库生产环境优先使用 `verify-full`
+- AI 审查时，不要把“随机高熵 token 明文存储”机械地当成密码学问题处理，必须结合当前架构和威胁模型判断

CONTRIBUTING.md

@@ -0,0 +1,56 @@
+# Contributing
+
+## 版本控制
+
+本仓库使用 **[Jujutsu (jj)](https://jj-vcs.dev/)**。请勿使用 `git` 命令。
+
+```bash
+jj log          # 查看历史
+jj status       # 查看状态
+jj new          # 创建新变更
+jj commit       # 提交
+jj rebase       # 变基
+jj squash       # 合并提交
+jj git push     # 推送到远端
+```
+
+详见 [AGENTS.md](AGENTS.md) 的「版本控制」章节。
+
+## 本地开发
+
+```bash
+# 复制环境变量
+cp deploy/.env.example .env
+
+# 填写数据库连接等配置后
+cargo build
+cargo test --locked
+```
+
+## 提交前检查
+
+每次提交前必须通过：
+
+```bash
+cargo fmt -- --check
+cargo clippy --locked -- -D warnings
+cargo test --locked
+```
+
+或使用脚本：
+
+```bash
+./scripts/release-check.sh
+```
+
+## 发版规则
+
+当前仓库已切换到 v3 架构，不再围绕 `secrets-mcp` 做单独发版。
+
+提交前请至少保证：
+
+1. `cargo fmt -- --check`
+2. `cargo clippy --locked -- -D warnings`
+3. `cargo test --locked`
+
+详见 [AGENTS.md](AGENTS.md) 中最新的仓库说明。

Cargo.toml

@@ -1,16 +1,54 @@
-[package]
-name = "secrets"
-version = "0.1.0"
+[workspace]
+members = [
+    "apps/api",
+    "apps/desktop/src-tauri",
+    "crates/application",
+    "crates/client-integrations",
+    "crates/crypto",
+    "crates/desktop-daemon",
+    "crates/device-auth",
+    "crates/domain",
+    "crates/infrastructure-db",
+]
+resolver = "2"
+
+[workspace.package]
 edition = "2024"
 
-[dependencies]
-anyhow = "1.0.102"
-chrono = { version = "0.4.44", features = ["serde"] }
-clap = { version = "4.6.0", features = ["derive", "env"] }
-dotenvy = "0.15.7"
-serde = { version = "1.0.228", features = ["derive"] }
-serde_json = "1.0.149"
-sqlx = { version = "0.8.6", features = ["runtime-tokio", "tls-native-tls", "postgres", "uuid", "json", "chrono"] }
-tokio = { version = "1.50.0", features = ["full"] }
-toml = "1.0.7"
-uuid = { version = "1.22.0", features = ["serde", "v4"] }
+[workspace.dependencies]
+# Async runtime
+tokio = { version = "^1.50.0", features = ["rt-multi-thread", "macros", "fs", "io-util", "process", "signal"] }
+
+# Database
+sqlx = { version = "^0.8.6", features = ["runtime-tokio", "tls-rustls", "postgres", "sqlite", "uuid", "json", "chrono"] }
+
+# Serialization
+serde = { version = "^1.0.228", features = ["derive"] }
+serde_json = "^1.0.149"
+serde_yaml = "^0.9"
+toml = "^1.0.7"
+
+# Crypto
+aes-gcm = "^0.10.3"
+sha2 = "^0.10.9"
+rand = "^0.10.0"
+hex = "0.4"
+
+# Utils
+anyhow = "^1.0.102"
+thiserror = "^2"
+chrono = { version = "^0.4.44", features = ["serde"] }
+uuid = { version = "^1.22.0", features = ["serde", "v4"] }
+tracing = "^0.1"
+tracing-subscriber = { version = "^0.3", features = ["env-filter"] }
+dotenvy = "^0.15"
+
+# HTTP
+# system-proxy：与浏览器一致，读取 macOS/Windows 系统代理（禁用 default 后须显式开启，否则 OAuth 出站不走 Clash 等）
+reqwest = { version = "^0.12", default-features = false, features = ["rustls-tls", "json", "system-proxy"] }
+axum = "0.8"
+http = "1"
+url = "2"
+rmcp = { version = "1", features = ["server", "macros", "transport-streamable-http-server", "schemars"] }
+tauri = { version = "2", features = [] }
+tauri-build = { version = "2", features = [] }

README.md

@@ -1,104 +1,223 @@
-# secrets
+# Secrets
 
-跨设备密钥与配置管理 CLI，基于 Rust + PostgreSQL 18。
+这是 v3 架构的仓库，当前主路径已经收敛为：
 
-将服务器信息、服务凭据统一存入数据库，供本地工具和 AI 读取上下文。
+- `apps/api`：远端 JSON API
+- `apps/desktop/src-tauri`：桌面客户端
+- `crates/desktop-daemon`：本地 MCP 入口
+- `crates/application` / `domain` / `infrastructure-db`：业务与数据层
 
-## 安装
+## 本地开发
 
 ```bash
-cargo build --release
-# 或从 Release 页面下载预编译二进制
+cp deploy/.env.example .env
+
+# 远端 API
+cargo run -p secrets-api --bin secrets-api
+
+# 本地 daemon
+cargo run -p secrets-desktop-daemon
+
+# 桌面客户端
+cargo run -p secrets-desktop
 ```
 
-配置数据库连接：
+说明：
+
+- `apps/desktop/src-tauri/tauri.conf.json` 中 `build.frontendDist` 指向 `apps/desktop/dist`
+- 当前仓库会直接提交 `apps/desktop/dist/` 下的桌面端静态资源
+- 因此新机器 clone 后，无需额外前端构建步骤即可启动 desktop
+- 官网 DMG 正式分发不依赖本地 `client_secret_*.json`
+- Google OAuth 凭据只配置在 API 服务端，desktop 通过浏览器完成托管登录
+
+## 官网 DMG 的服务端 OAuth 配置
+
+官网 DMG 正式分发时，**Google OAuth 只配置在 API 服务端**。桌面端不需要本地 `client_secret_*.json`，也不直接向 Google 换 token。
+
+建议先复制 `deploy/.env.example` 为 `.env`，然后至少配置以下变量：
 
 ```bash
-export DATABASE_URL=postgres://postgres:<password>@<host>:5432/secrets
-# 或在项目根目录创建 .env 文件写入上述变量
+SECRETS_PUBLIC_BASE_URL=https://secrets.example.com
+GOOGLE_OAUTH_CLIENT_ID=your-google-oauth-client-id.apps.googleusercontent.com
+GOOGLE_OAUTH_CLIENT_SECRET=your-google-oauth-client-secret
+GOOGLE_OAUTH_REDIRECT_URI=https://secrets.example.com/auth/google/callback
 ```
 
-## 使用
+变量含义：
+
+- `SECRETS_PUBLIC_BASE_URL`：桌面端打开浏览器时访问的 API 外网基地址，必须是用户浏览器能访问到的公开地址
+- `GOOGLE_OAUTH_CLIENT_ID`：Google Cloud Console 中为服务端登录流程配置的 OAuth Client ID
+- `GOOGLE_OAUTH_CLIENT_SECRET`：对应的 Client Secret，只能保留在服务端
+- `GOOGLE_OAUTH_REDIRECT_URI`：Google 登录完成后回调到 API 的地址，必须与 Google Console 中登记的回调地址完全一致
+
+配置步骤建议：
+
+1. 在 Google Cloud Console 创建或选择 OAuth Client
+2. 把授权回调地址加入允许列表，例如 `https://secrets.example.com/auth/google/callback`
+3. 把上面的 4 个变量配置到 API 服务的运行环境中
+4. 确认 `SECRETS_PUBLIC_BASE_URL` 与 `GOOGLE_OAUTH_REDIRECT_URI` 使用同一公开域名
+5. 重启 API 服务后，再用 desktop / DMG 验证浏览器登录流程
+
+注意：
+
+- `GOOGLE_OAUTH_CLIENT_SECRET` 不要提交到仓库
+- `GOOGLE_OAUTH_REDIRECT_URI` 不要写成 `localhost`，正式分发应使用官网可访问域名
+- 如果 API 部署在反向代理后面，`SECRETS_PUBLIC_BASE_URL` 应填写用户实际访问的 HTTPS 地址，而不是内网监听地址
+
+## 当前能力
+
+- 桌面端使用系统浏览器完成 Google Desktop OAuth 登录
+- 登录成功后向 API 注册设备，并在当前桌面进程内维护登录会话
+- 本地 daemon 提供显式拆分的 MCP 工具：
+  - `secrets_entry_find` / `secrets_entry_get`
+  - `secrets_entry_add` / `secrets_entry_update` / `secrets_entry_delete` / `secrets_entry_restore`
+  - `secrets_secret_add` / `secrets_secret_update` / `secrets_secret_delete`
+  - `secrets_secret_history` / `secrets_secret_rollback`
+  - `target_exec`
+- 桌面端会自动把本地 daemon MCP 配置写入 `Cursor` 与 `Claude Code`
+- 桌面端支持条目新建、搜索、按 type 筛选、元数据编辑、最近删除与恢复
+- 桌面端支持 secret 新增、编辑、删除、明文显示、真实复制、历史查看与回滚
+- 不保留 `secrets_env_map`
+- 不做自动恢复登录；重启 app 后必须重新登录
+
+## 提交前检查
 
 ```bash
-# 查看版本
-secrets -V
-secrets --version
+cargo fmt -- --check
+cargo clippy --locked -- -D warnings
+cargo test --locked
+```
 
-# 查看帮助
-secrets --help
-secrets -h
+## PostgreSQL TLS 加固
 
-# 查看子命令帮助
-secrets help add
-secrets help search
-secrets help delete
+- 推荐将数据库域名单独设置为 `db.refining.ltd`，服务域名保持 `secrets.refining.app`。
+- 数据库证书建议使用可校验链路（如 Let's Encrypt 或私有 CA），并保证证书 `SAN` 包含 `db.refining.ltd`。
+- PostgreSQL 侧建议使用 `hostssl` 规则限制应用来源（如 `47.238.146.244/32`），逐步移除公网明文 `host` 访问。
+- 应用端推荐 `SECRETS_DATABASE_SSL_MODE=verify-full`；仅在过渡阶段可临时用 `verify-ca`。
+- 可执行运维步骤见 `[deploy/postgres-tls-hardening.md](deploy/postgres-tls-hardening.md)`。
 
-# 添加服务器
-secrets add -n refining --kind server --name my-server \
-  --tag aliyun --tag shanghai \
-  -m ip=1.2.3.4 -m desc="My Server" \
-  -s username=root \
-  -s ssh_key=@./keys/my.pem
+## MCP 与 AI 工作流（v3）
 
-# 添加服务凭据
-secrets add -n refining --kind service --name gitea \
-  -m url=https://gitea.example.com \
-  -s token=<token>
+当前 v3 以 **桌面端 + 本地 daemon** 为主路径：
 
-# 搜索（默认隐藏敏感字段）
-secrets search
-secrets search -n refining --kind server
-secrets search --tag hongkong
-secrets search -q mqtt              # 关键词匹配 name / metadata / tags
-secrets search -n refining --kind service --name gitea --show-secrets
+- 桌面端登录态仅在当前进程内有效，不持久化 `device token`
+- 本地 daemon 默认监听 `http://127.0.0.1:9515/mcp`
+- daemon 通过活跃 desktop 进程提供的本地会话转发访问 API；desktop 进程退出后所有工具不可用
+- `target_exec` 会显式读取真实 secret 值后再生成 `TARGET_`* 环境变量
+- 不保留 `secrets_env_map`
 
-# 删除
-secrets delete -n refining --kind server --name my-server
+### Canonical MCP 工具
+
+
+| 工具                        | 说明                                                        |
+| ------------------------- | --------------------------------------------------------- |
+| `secrets_entry_find`      | 从 desktop 已解锁本地 vault 搜索对象，支持 `query` / `folder` / `type` |
+| `secrets_entry_get`       | 读取单条本地对象，并返回当前 secrets 的真实值                               |
+| `secrets_entry_add`       | 在本地 vault 创建对象，可选附带初始 secrets                             |
+| `secrets_entry_update`    | 更新本地对象的 folder / type / name / metadata                   |
+| `secrets_entry_delete`    | 将本地对象标记为删除                                                |
+| `secrets_entry_restore`   | 恢复本地已删除对象                                                 |
+| `secrets_secret_add`      | 向已有本地对象新增 secret                                          |
+| `secrets_secret_update`   | 更新本地 secret 名称、类型或内容                                      |
+| `secrets_secret_delete`   | 删除单个本地 secret                                             |
+| `secrets_secret_history`  | 查看单个本地 secret 的历史版本                                       |
+| `secrets_secret_rollback` | 将单个本地 secret 回滚到指定版本                                      |
+| `target_exec`             | 用本地对象的 metadata 和 secrets 生成 `TARGET_`* 环境变量并执行本地命令       |
+
+
+## AI 客户端配置
+
+桌面端会自动把本地 daemon 写入以下配置：
+
+- `~/.cursor/mcp.json`
+- `~/.claude/mcp.json`
+
+写入示例：
+
+```json
+{
+  "mcpServers": {
+    "secrets": {
+      "url": "http://127.0.0.1:9515/mcp"
+    }
+  }
+}
 ```
 
 ## 数据模型
 
-单张 `secrets` 表，首次连接自动建表。
+当前 v3 已切到**零知识同步模型**：
 
-| 字段 | 说明 |
-|------|------|
-| `namespace` | 一级隔离，如 `refining`、`ricnsmart` |
-| `kind` | 记录类型，如 `server`、`service`（可自由扩展） |
-| `name` | 人类可读唯一标识 |
-| `tags` | 多维标签，如 `["aliyun","hongkong"]` |
-| `metadata` | 明文描述信息（ip、desc、domains 等） |
-| `encrypted` | 敏感凭据（ssh_key、password、token 等），MVP 阶段明文存储，预留加密字段 |
+- 服务端保存 `vault_objects` 与 `vault_object_revisions`
+- desktop 本地保存 `vault_objects`、`vault_object_history`、`pending_changes`、`sync_state`
+- 搜索、详情、reveal、history 主要在本地已解锁 vault 上完成
+- 服务端负责 `auth/device` 与 `/sync/`*，不再承担明文搜索与明文 reveal
 
-`-m` / `--meta` 写入 `metadata`，`-s` / `--secret` 写入 `encrypted`，`value=@file` 从文件读取内容。
+主要表：
+
+- `users`
+- `oauth_accounts`
+- `devices`
+- `device_login_tokens`
+- `auth_events`
+- `vault_objects`
+- `vault_object_revisions`
+
+字段职责：
+
+
+| 位置                       | 字段                        | 说明                    |
+| ------------------------ | ------------------------- | --------------------- |
+| `vault_objects`          | `object_id`               | 同步对象标识                |
+| `vault_objects`          | `object_kind`             | 当前对象类别，当前主要为 `cipher` |
+| `vault_objects`          | `revision`                | 服务端对象版本               |
+| `vault_objects`          | `ciphertext`              | 密文对象载荷                |
+| `vault_objects`          | `content_hash`            | 密文摘要                  |
+| `vault_objects`          | `deleted_at`              | 对象级删除标记               |
+| `vault_object_revisions` | `revision` / `ciphertext` | 服务端对象历史版本             |
+
+
+## 认证与事件
+
+当前登录流为 Google Desktop OAuth：
+
+- 桌面端使用系统浏览器拉起 Google 授权
+- API 服务端负责发起 OAuth、处理 callback、校验 Google userinfo
+- desktop 通过创建一次性 login session 并轮询状态获取 `device token`
+- 登录与设备活动写入 `auth_events`
 
 ## 项目结构
 
-```
-src/
-  main.rs          # CLI 入口（clap）
-  db.rs            # 连接池 + auto-migrate
-  models.rs        # Secret 结构体
-  commands/
-    add.rs         # upsert
-    search.rs      # 多条件查询
-    delete.rs      # 删除
+```text
+Cargo.toml
+apps/
+  api/                  # 远端 JSON API
+  desktop/src-tauri/    # Tauri 桌面端
+crates/
+  application/          # v3 应用服务
+  client-integrations/  # Cursor / Claude Code mcp.json 注入
+  crypto/               # 通用加密辅助
+  desktop-daemon/       # 本地 MCP daemon
+  device-auth/          # Desktop OAuth / device token 辅助
+  domain/               # 领域模型
+  infrastructure-db/    # PostgreSQL 连接与迁移
+deploy/
+  .env.example
+  secrets-mcp.service
+  postgres-tls-hardening.md
 scripts/
-  seed-data.sh     # 导入 refining / ricnsmart 全量数据
+  release-check.sh
+  setup-gitea-actions.sh
 ```
 
 ## CI/CD（Gitea Actions）
 
-推送 `main` 分支时自动：fmt/clippy 检查 → musl 构建 → 创建 Release 并上传二进制。
+当前以 workspace 级检查为主，见 `[.gitea/workflows/secrets.yml](.gitea/workflows/secrets.yml)`。
 
-**首次使用需配置 Actions 变量和 Secrets：**
+提交前建议直接运行：
 
 ```bash
-# 需有 ~/.config/gitea/config.env（GITEA_URL、GITEA_TOKEN、GITEA_WEBHOOK_URL）
-./scripts/setup-gitea-actions.sh
+./scripts/release-check.sh
 ```
 
-- `RELEASE_TOKEN`（Secret）：Gitea PAT，用于创建 Release 上传二进制
-- `WEBHOOK_URL`（Variable）：飞书通知，可选
-
-详见 [AGENTS.md](AGENTS.md)。
+详见 [AGENTS.md](AGENTS.md)（发版规则、代码规范）。

apps/api/Cargo.toml

@@ -0,0 +1,30 @@
+[package]
+name = "secrets-api"
+version = "0.1.0"
+edition.workspace = true
+
+[[bin]]
+name = "secrets-api"
+path = "src/main.rs"
+
+[dependencies]
+anyhow.workspace = true
+axum.workspace = true
+dotenvy.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+sqlx.workspace = true
+tokio.workspace = true
+tracing.workspace = true
+tracing-subscriber.workspace = true
+uuid.workspace = true
+chrono.workspace = true
+reqwest.workspace = true
+sha2.workspace = true
+url.workspace = true
+base64 = "0.22.1"
+
+secrets-application = { path = "../../crates/application" }
+secrets-device-auth = { path = "../../crates/device-auth" }
+secrets-domain = { path = "../../crates/domain" }
+secrets-infrastructure-db = { path = "../../crates/infrastructure-db" }

apps/api/src/bin/secrets-api-migrate.rs

@@ -0,0 +1,15 @@
+use anyhow::{Context, Result};
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    let _ = dotenvy::dotenv();
+
+    let database_url = secrets_infrastructure_db::load_database_url()?;
+    let pool = secrets_infrastructure_db::create_pool(&database_url).await?;
+    secrets_infrastructure_db::migrate_current_schema(&pool)
+        .await
+        .context("failed to initialize current database schema")?;
+
+    println!("current database schema initialized");
+    Ok(())
+}

apps/desktop/README.md

@@ -0,0 +1,6 @@
+# apps/desktop
+
+This directory is reserved for the v3 Tauri desktop shell.
+
+The desktop UI is intentionally kept separate from `crates/desktop-daemon` so
+that closing the main window does not terminate the local MCP process.

apps/desktop/design/DESIGN.md

@@ -0,0 +1,208 @@
+# Secrets Design System
+
+## 1. Visual Theme & Atmosphere
+
+- Primary inspiration: Raycast desktop UI.
+- Secondary influence: Linear information density and list discipline.
+- Product personality: secure, local-first, developer-facing, restrained, trustworthy.
+- Default mood: dark utility app, not a marketing site and not a glossy consumer app.
+- The interface should feel like a native desktop control surface for secrets and MCP integrations.
+- Use calm contrast, clean edges, compact spacing, and intentional empty space.
+- Prefer precision over decoration. Visual polish should come from alignment, spacing, and hierarchy.
+
+## 2. Color Palette & Roles
+
+### Core Surfaces
+
+- `bg.app`: `#0A0A0B` - app background, deepest canvas.
+- `bg.panel`: `#111113` - main panel and modal background.
+- `bg.panelElevated`: `#17171A` - cards, selected rows, input shells.
+- `bg.panelHover`: `#1D1D22` - hover state for rows and controls.
+- `bg.input`: `#141418` - text inputs, code blocks, secret fields.
+- `border.subtle`: `#26262C` - default panel borders.
+- `border.strong`: `#34343D` - active borders and high-emphasis outlines.
+
+### Text
+
+- `text.primary`: `#F5F5F7` - primary labels and values.
+- `text.secondary`: `#B3B3BD` - supporting metadata.
+- `text.tertiary`: `#7C7C88` - placeholders and low-emphasis copy.
+- `text.inverse`: `#0B0B0D` - text on bright accents.
+
+### Accents
+
+- `accent.blue`: `#3B82F6` - login CTA, toggles, focus ring, trust signals.
+- `accent.blueHover`: `#4C8DFF` - hover state for primary interactions.
+- `accent.purple`: `#8B5CF6` - secondary accent for selected count pills or light emphasis.
+- `accent.amber`: `#D97706` - local warnings or pending states.
+- `accent.red`: `#EF4444` - destructive actions.
+- `accent.green`: `#22C55E` - success or enabled state when stronger signal is required.
+
+### Semantic Use
+
+- Blue is the main action color. Keep it rare and meaningful.
+- Purple can appear in subtle badges or selected-count chips, never as a second primary CTA.
+- Red is reserved for delete, revoke, sign-out danger, and destructive confirmations.
+- Avoid bright gradients as a dominant surface treatment.
+
+## 3. Typography Rules
+
+- Font stack: `Inter`, `SF Pro Text`, `SF Pro Display`, `Segoe UI`, system sans-serif.
+- Use system-friendly text rendering. This is a desktop tool, not a display-heavy website.
+- Chinese UI copy is allowed and should feel natural beside English identifiers like `host`, `token`, `MCP`.
+- Keep tracking neutral. Avoid wide uppercase spacing except tiny overline labels.
+
+### Type Scale
+
+- App title / page title: 30-34px, weight 700.
+- Section title: 18-22px, weight 650-700.
+- Card title / row title: 15-17px, weight 600.
+- Body text: 13-14px, weight 400-500.
+- Caption / metadata label: 11-12px, weight 500, uppercase allowed with modest tracking.
+- Monospace values: `SF Mono`, `JetBrains Mono`, `Menlo`, monospace; 12-13px.
+
+## 4. Component Stylings
+
+### App Shell
+
+- Use a three-pane desktop layout for the main screen: left navigation, middle list, right detail pane.
+- Pane separation should rely on subtle borders, not strong shadows.
+- Sidebar should feel slightly darker than the center list pane.
+- The detail pane can be the most open surface, with larger top padding and calmer spacing.
+
+### Login Card
+
+- Centered card on a dark canvas.
+- Width: compact, roughly 420-520px.
+- Rounded corners: 24-28px.
+- Include one lock/trust mark, one clear product title, one short support sentence, one primary Google login button.
+- Login should feel calm and premium, never busy.
+
+### Buttons
+
+- Primary button: dark app shell with blue fill, white text, medium radius.
+- Secondary button: dark raised surface with subtle border.
+- Destructive button: same structure as secondary, with red text or red-emphasis border only when needed.
+- Button height should feel desktop-like, not mobile oversized.
+- Avoid flashy gradients and oversized glows.
+
+### Inputs
+
+- Inputs use dark filled surfaces, subtle inset feel, 12-14px radius.
+- Border should be nearly invisible at rest and stronger on hover/focus.
+- Placeholders should be quiet and low-contrast.
+- Search and filter inputs should visually align and share the same height.
+
+### Lists and Rows
+
+- Entry rows should be compact, crisp, and easy to scan.
+- Selected row: slightly brighter dark card, subtle border, no heavy glow.
+- Support a two-line rhythm: primary name and smaller type/folder metadata.
+- Counts in the sidebar should use muted rounded chips.
+
+### Detail Pane
+
+- Use strong top title hierarchy with restrained action buttons on the right.
+- Metadata should be presented in structured blocks or columns, not loose paragraphs.
+- Secret values should live inside dedicated protected field cards.
+- Secret field rows should include icon, masked value, reveal action, and copy action.
+- Sensitive content must look controlled and deliberate, not playful.
+
+### Modals
+
+- Modal cards should feel like elevated control panels.
+- MCP integration modal should support stacked integration rows with trailing toggles.
+- Embedded JSON/config blocks should use a darker, code-oriented surface with monospace text.
+- Large modal width is acceptable for configuration-heavy content.
+
+### Toggles
+
+- Use blue enabled state by default.
+- Toggle track should be compact and clean, avoiding iOS-like softness.
+- Align toggles flush right in integration lists.
+
+### Badges and Status Pills
+
+- Use small rounded pills for folder counts, archived state, or recent-delete state.
+- Prefer muted purple, gray, or amber fills over saturated color blocks.
+
+## 5. Layout Principles
+
+- Use an 8px spacing system.
+- Typical paddings:
+- Sidebars: 16-20px.
+- List and toolbar: 12-18px.
+- Detail pane: 24-32px.
+- Modals: 20-28px.
+- Favor even vertical rhythm over decorative separators.
+- Keep left edges aligned aggressively across sections.
+- Avoid oversized hero spacing inside application surfaces.
+- The main app should feel dense enough for productivity but never cramped.
+
+## 6. Depth & Elevation
+
+- Most separation should come from tone shifts and borders.
+- Base panels: no shadow or extremely soft shadow.
+- Elevated cards and modals: subtle shadow only, with low blur and low opacity.
+- Do not use neon bloom, oversized backdrop blur, or glassmorphism.
+- Focus states should use border color and a faint blue outer ring.
+
+## 7. Do's and Don'ts
+
+### Do
+
+- Keep the UI dark, crisp, and desktop-native.
+- Preserve strong information hierarchy in the detail pane.
+- Make security-sensitive actions feel explicit and carefully gated.
+- Use compact controls and disciplined spacing.
+- Let alignment and typography carry most of the visual quality.
+- Keep MCP integration screens structured like settings panels.
+
+### Don't
+
+- Do not turn the app into a landing page aesthetic.
+- Do not use giant gradients, colorful illustrations, or soft SaaS cards.
+- Do not over-round every surface.
+- Do not mix many accent colors in one screen.
+- Do not make secret fields look like casual form inputs.
+- Do not use bright white backgrounds in the desktop app.
+
+## 8. Responsive Behavior
+
+- Primary target is desktop widths from 1280px upward.
+- The three-pane shell should remain stable on desktop.
+- At narrower widths, collapse from three panes to two panes before using stacked mobile behavior.
+- The MCP modal can reduce width but should keep readable row spacing and code block legibility.
+- Buttons and toggles should remain mouse-first, with minimum 32px touch-friendly height where practical.
+
+## 9. Screen-Specific Guidance
+
+### Login Screen
+
+- Centered trust card.
+- One focal icon or emblem above the title.
+- Keep copy short.
+- The Google login button should be the visual anchor.
+
+### Main Secrets Screen
+
+- Left sidebar: user card, folder navigation, utility actions near the bottom.
+- Middle pane: search, type filter, result list.
+- Right pane: selected entry title, metadata grid, secret cards, edit actions.
+- The selected item should be immediately obvious but understated.
+
+### MCP Integration Screen
+
+- Treat as a settings modal.
+- Integration rows should read like desktop preferences, not marketing feature cards.
+- JSON config block should feel developer-native and copy-friendly.
+
+## 10. Agent Prompt Guide
+
+- Keywords: `dark desktop utility`, `Raycast-inspired`, `Linear-density`, `secure control panel`, `developer tool`, `restrained premium`, `MCP settings modal`.
+- When generating screens, preserve: dark surfaces, subtle borders, compact controls, right-aligned actions, clean typography, muted status pills.
+- If unsure, bias toward less decoration and tighter structure.
+
+## 11. Quick Summary for Agents
+
+Build Secrets like a polished desktop utility: mostly Raycast in atmosphere, a little Linear in density, with dark layered panels, precise typography, subtle borders, blue-only primary actions, and security-sensitive detail cards that feel calm, serious, and highly usable.

apps/desktop/dist/disable-features.js

@@ -0,0 +1,41 @@
+(() => {
+  const tauriInvoke = window.__TAURI_INTERNALS__?.invoke;
+
+  // Disable text selection globally, but keep inputs editable.
+  document.addEventListener("selectstart", (event) => {
+    const target = event.target;
+    if (target instanceof HTMLInputElement || target instanceof HTMLTextAreaElement) {
+      return;
+    }
+    event.preventDefault();
+  });
+
+  async function applyProductionGuards() {
+    if (!tauriInvoke) {
+      return;
+    }
+
+    let isDebugBuild = false;
+    try {
+      isDebugBuild = await tauriInvoke("is_debug_build");
+    } catch {
+      return;
+    }
+
+    if (isDebugBuild) {
+      return;
+    }
+
+    document.addEventListener("contextmenu", (event) => event.preventDefault());
+    document.addEventListener("keydown", (event) => {
+      if (event.key === "F12") {
+        event.preventDefault();
+      }
+      if ((event.ctrlKey || event.metaKey) && event.shiftKey && ["I", "C", "J"].includes(event.key.toUpperCase())) {
+        event.preventDefault();
+      }
+    });
+  }
+
+  void applyProductionGuards();
+})();

apps/desktop/dist/index.html

@@ -0,0 +1,279 @@
+<!doctype html>
+<html lang="zh-CN">
+  <head>
+    <meta charset="utf-8" />
+    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
+    <title>Secrets</title>
+    <link rel="stylesheet" href="./styles.css" />
+    <script src="./disable-features.js"></script>
+  </head>
+  <body>
+    <div id="login-view" class="login-screen hidden">
+      <div class="window-titlebar login-titlebar" data-tauri-drag-region aria-hidden="true"></div>
+      <div class="login-card">
+        <div class="login-main">
+          <div class="login-emblem" aria-hidden="true">
+            <svg class="login-lock-icon" viewBox="0 0 24 24" fill="none" aria-hidden="true">
+              <circle cx="12" cy="16" r="1"></circle>
+              <rect x="3" y="10" width="18" height="12" rx="2"></rect>
+              <path d="M7 10V7a5 5 0 0 1 10 0v3"></path>
+            </svg>
+          </div>
+          <div class="login-title-block">
+            <h1>Secrets</h1>
+            <p class="login-subtle">用 AI 安全地管理和使用密钥</p>
+          </div>
+          <div class="login-actions">
+            <button id="login-button" class="primary login-google-button">
+              <svg class="login-google-mark" viewBox="0 0 24 24" fill="currentColor" aria-hidden="true">
+                <path d="M22.56 12.25c0-.78-.07-1.53-.2-2.25H12v4.26h5.92c-.26 1.37-1.04 2.53-2.21 3.31v2.77h3.57c2.08-1.92 3.28-4.74 3.28-8.09z" />
+                <path d="M12 23c2.97 0 5.46-.98 7.28-2.66l-3.57-2.77c-.98.66-2.23 1.06-3.71 1.06-2.86 0-5.29-1.93-6.16-4.53H2.18v2.84C3.99 20.53 7.7 23 12 23z" />
+                <path d="M5.84 14.09c-.22-.66-.35-1.36-.35-2.09s.13-1.43.35-2.09V7.07H2.18C1.43 8.55 1 10.22 1 12s.43 3.45 1.18 4.93l2.85-2.22.81-.62z" />
+                <path d="M12 5.38c1.62 0 3.06.56 4.21 1.64l3.15-3.15C17.45 2.09 14.97 1 12 1 7.7 1 3.99 3.47 2.18 7.07l3.66 2.84c.87-2.6 3.3-4.53 6.16-4.53z" />
+              </svg>
+              <span>前往浏览器登录</span>
+            </button>
+          </div>
+          <p id="login-error" class="error-text hidden"></p>
+        </div>
+      </div>
+    </div>
+
+    <div id="vault-modal" class="modal hidden">
+      <div class="modal-card">
+        <div class="modal-header">
+          <h3 id="vault-modal-title">解锁本地 Vault</h3>
+        </div>
+        <p id="vault-modal-copy" class="subtle modal-copy">请输入本地 vault 主密码。</p>
+        <div class="modal-form">
+          <label class="field-label">
+            <span>主密码</span>
+            <input id="vault-password-input" type="password" class="detail-input" placeholder="输入主密码" />
+          </label>
+        </div>
+        <p id="vault-modal-error" class="error-text hidden"></p>
+        <div class="modal-actions">
+          <button id="vault-modal-save" class="primary small">继续</button>
+        </div>
+      </div>
+    </div>
+
+    <div id="app-shell" class="shell hidden">
+      <div class="window-titlebar shell-titlebar" data-tauri-drag-region aria-hidden="true"></div>
+      <aside class="sidebar">
+        <div class="user-block">
+          <button id="user-trigger" class="user-trigger">
+            <div class="avatar">V</div>
+            <div class="user-copy">
+              <div id="user-name" class="user-name">-</div>
+              <div id="user-email" class="user-email">-</div>
+            </div>
+            <span class="caret">▾</span>
+          </button>
+          <div id="user-menu" class="user-menu hidden">
+            <button id="manage-devices" class="menu-item">管理设备</button>
+          </div>
+        </div>
+
+        <div id="folder-list" class="folder-list"></div>
+
+        <div class="sidebar-spacer"></div>
+
+        <div class="sidebar-footer">
+          <button id="open-mcp-modal" class="sidebar-utility">
+            <span class="sidebar-utility-icon" aria-hidden="true">⌁</span>
+            <span>MCP</span>
+          </button>
+          <button id="logout-button" class="sidebar-utility">
+            <span class="sidebar-utility-icon" aria-hidden="true">↩</span>
+            <span>退出登录</span>
+          </button>
+        </div>
+      </aside>
+
+      <main class="main-shell">
+        <section class="list-column">
+          <div class="searchbar-shell">
+            <input id="search-input" class="search-input global-search" placeholder="按名称模糊搜索" />
+          </div>
+          <section class="list-pane">
+            <div class="toolbar">
+              <button id="new-entry-button" class="secondary-button small">
+                <span class="button-icon" aria-hidden="true">＋</span>
+                <span class="button-label">新建条目</span>
+              </button>
+              <select id="type-filter" class="filter-select">
+                <option value="">全部类型</option>
+              </select>
+            </div>
+            <div id="entry-list" class="entry-list"></div>
+          </section>
+        </section>
+
+        <section class="detail-pane">
+          <div class="detail-header">
+            <div class="detail-title-stack">
+              <div id="detail-folder-label" class="detail-folder-label">-</div>
+              <div class="detail-title-block">
+                <h2 id="entry-title">-</h2>
+                <div id="detail-badge" class="detail-badge hidden">最近删除</div>
+              </div>
+            </div>
+            <div class="detail-actions">
+              <button id="edit-entry-button" class="secondary-button small action-button">
+                <span class="button-icon" aria-hidden="true">✎</span>
+                <span class="button-label">编辑</span>
+              </button>
+              <button id="delete-entry-button" class="secondary-button small danger action-button hidden">
+                <span class="button-icon" aria-hidden="true">⌫</span>
+                <span class="button-label">删除</span>
+              </button>
+              <button id="restore-entry-button" class="secondary-button small action-button hidden">
+                <span class="button-icon" aria-hidden="true">↺</span>
+                <span class="button-label">恢复</span>
+              </button>
+              <button id="save-entry-button" class="primary small action-button hidden">
+                <span class="button-icon" aria-hidden="true">✓</span>
+                <span class="button-label">保存</span>
+              </button>
+              <button id="cancel-edit-button" class="secondary-button small action-button hidden">
+                <span class="button-icon" aria-hidden="true">×</span>
+                <span class="button-label">取消</span>
+              </button>
+            </div>
+          </div>
+
+          <div id="name-section" class="detail-section detail-edit-section hidden">
+            <h3>名称</h3>
+            <div id="name-view" class="detail-inline-value">-</div>
+            <input id="name-input" class="detail-input hidden" />
+          </div>
+
+          <div class="detail-section">
+            <h3>元数据</h3>
+            <div id="metadata-list" class="detail-fields"></div>
+            <div id="metadata-editor" class="metadata-editor hidden"></div>
+            <button id="add-metadata-button" class="secondary-button small hidden">新增元数据</button>
+          </div>
+
+          <div class="detail-section">
+            <div class="section-header-row">
+              <h3>密钥</h3>
+              <button id="add-secret-button" class="secondary-button small hidden">
+                <span class="button-icon" aria-hidden="true">＋</span>
+                <span class="button-label">新增密钥</span>
+              </button>
+            </div>
+            <div id="secret-list" class="secret-list"></div>
+          </div>
+        </section>
+      </main>
+
+      <div id="device-modal" class="modal hidden">
+        <div class="modal-card">
+          <div class="modal-header">
+            <h3>设备在线列表</h3>
+            <button id="close-device-modal" class="icon-button">×</button>
+          </div>
+          <p class="subtle modal-copy">查看已登录设备的在线情况与最近活动。</p>
+          <div id="device-list" class="device-list"></div>
+        </div>
+      </div>
+
+      <div id="mcp-modal" class="modal hidden">
+        <div class="modal-card wide">
+          <div class="modal-header">
+            <h3>MCP 集成</h3>
+            <button id="close-mcp-modal" class="icon-button">×</button>
+          </div>
+          <p class="subtle modal-copy">查看当前 AI 工具的 MCP 集成情况，并一键写入本地 daemon 配置。</p>
+          <section class="modal-section">
+            <div id="mcp-integration-list" class="integration-list"></div>
+            <p class="modal-footnote">启动 Secrets 桌面端时，可按选择自动为上述工具写入 MCP 配置。</p>
+          </section>
+          <section class="detail-section compact modal-section">
+            <div class="mcp-json-header">
+              <h4>自定义 MCP 配置</h4>
+              <button id="copy-mcp-config" class="secondary-button small">
+                <span class="button-icon" aria-hidden="true">⧉</span>
+                <span class="button-label">复制</span>
+              </button>
+            </div>
+            <pre id="mcp-config" class="mcp-config"></pre>
+          </section>
+        </div>
+      </div>
+
+      <div id="entry-modal" class="modal hidden">
+        <div class="modal-card">
+          <div class="modal-header">
+            <h3>新建条目</h3>
+            <button id="close-entry-modal" class="icon-button">×</button>
+          </div>
+          <div class="modal-form">
+            <label class="field-label">
+              <span>项目</span>
+              <input id="entry-modal-folder" class="detail-input" placeholder="例如：Refining" />
+            </label>
+            <label class="field-label">
+              <span>名称</span>
+              <input id="entry-modal-title" class="detail-input" placeholder="例如：secrets-local" />
+            </label>
+            <label class="field-label">
+              <span>类型</span>
+              <input id="entry-modal-type" class="detail-input" placeholder="例如：service" />
+            </label>
+          </div>
+          <div class="modal-actions">
+            <button id="entry-modal-cancel" class="secondary-button small">取消</button>
+            <button id="entry-modal-save" class="primary small">创建</button>
+          </div>
+        </div>
+      </div>
+
+      <div id="secret-modal" class="modal hidden">
+        <div class="modal-card">
+          <div class="modal-header">
+            <h3 id="secret-modal-title">新增密钥</h3>
+            <button id="close-secret-modal" class="icon-button">×</button>
+          </div>
+          <div class="modal-form">
+            <label class="field-label">
+              <span>名称</span>
+              <input id="secret-name-input" class="detail-input" placeholder="例如：token" />
+            </label>
+            <label class="field-label">
+              <span>类型</span>
+              <select id="secret-type-input" class="filter-select">
+                <option value="text">text</option>
+                <option value="password">password</option>
+                <option value="key">key</option>
+              </select>
+            </label>
+            <label class="field-label">
+              <span>内容</span>
+              <textarea id="secret-value-input" class="detail-input detail-textarea" placeholder="输入密钥内容"></textarea>
+            </label>
+          </div>
+          <div class="modal-actions">
+            <button id="secret-modal-cancel" class="secondary-button small">取消</button>
+            <button id="secret-modal-save" class="primary small">保存</button>
+          </div>
+        </div>
+      </div>
+
+      <div id="history-modal" class="modal hidden">
+        <div class="modal-card wide">
+          <div class="modal-header">
+            <h3>密钥历史</h3>
+            <button id="close-history-modal" class="icon-button">×</button>
+          </div>
+          <p id="history-modal-copy" class="subtle modal-copy">查看版本历史并回滚到指定版本。</p>
+          <div id="history-list" class="history-list"></div>
+        </div>
+      </div>
+    </div>
+
+    <script src="./main.js"></script>
+  </body>
+  </html>

apps/desktop/src-tauri/Cargo.toml

@@ -0,0 +1,32 @@
+[package]
+name = "secrets-desktop"
+version = "3.0.0"
+edition.workspace = true
+
+[build-dependencies]
+tauri-build.workspace = true
+
+[dependencies]
+anyhow.workspace = true
+axum.workspace = true
+chrono.workspace = true
+hex.workspace = true
+sqlx.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+tauri.workspace = true
+tokio.workspace = true
+reqwest.workspace = true
+sha2.workspace = true
+url.workspace = true
+uuid.workspace = true
+base64 = "0.22.1"
+
+secrets-client-integrations = { path = "../../../crates/client-integrations" }
+secrets-crypto = { path = "../../../crates/crypto" }
+secrets-device-auth = { path = "../../../crates/device-auth" }
+secrets-domain = { path = "../../../crates/domain" }
+
+[[bin]]
+name = "Secrets"
+path = "src/main.rs"

apps/desktop/src-tauri/build.rs

@@ -0,0 +1,3 @@
+fn main() {
+    tauri_build::build()
+}

apps/desktop/src-tauri/check_png_center.js

@@ -0,0 +1,2 @@
+const fs = require('fs');
+// Very simple check: read the first few bytes, maybe we can use an image library to find the bounding box

apps/desktop/src-tauri/gen/schemas/capabilities.json

@@ -0,0 +1 @@
+{}

apps/desktop/src-tauri/src/session_api.rs

@@ -0,0 +1,356 @@
+use anyhow::{Context, Result as AnyResult};
+use axum::{
+    Router,
+    body::{Body, to_bytes},
+    extract::{Request, State as AxumState},
+    http::{StatusCode as AxumStatusCode, header},
+    response::Response,
+    routing::{any, get, post},
+};
+use url::Url;
+
+use crate::local_vault::{
+    LocalEntryQuery, bootstrap as vault_bootstrap, create_entry as vault_create_entry,
+    create_secret as vault_create_secret, delete_entry as vault_delete_entry,
+    delete_secret as vault_delete_secret, entry_detail as vault_entry_detail,
+    list_entries as vault_list_entries, restore_entry as vault_restore_entry,
+    reveal_secret_value as vault_reveal_secret_value, rollback_secret as vault_rollback_secret,
+    secret_history as vault_secret_history, update_entry as vault_update_entry,
+    update_secret as vault_update_secret,
+};
+use crate::{
+    DesktopState, EntryDetail, EntryDraft, EntryListItem, EntryListQuery, SecretDraft,
+    SecretUpdateDraft, current_device_token, map_entry_detail_to_local, map_entry_draft_to_local,
+    map_local_entry_detail, map_local_history_item, map_local_secret_value,
+    map_secret_draft_to_local, map_secret_update_to_local, split_secret_ref_for_ui,
+    sync_local_vault,
+};
+
+pub async fn desktop_session_health(
+    AxumState(state): AxumState<DesktopState>,
+) -> Result<&'static str, AxumStatusCode> {
+    current_device_token(&state)
+        .map(|_| "ok")
+        .map_err(|_| AxumStatusCode::UNAUTHORIZED)
+}
+
+pub async fn desktop_session_api(
+    AxumState(state): AxumState<DesktopState>,
+    request: Request<Body>,
+) -> Response {
+    let (parts, body) = request.into_parts();
+    let path_and_query = parts
+        .uri
+        .path_and_query()
+        .map(|value| value.as_str())
+        .unwrap_or("/");
+
+    let body_bytes = match to_bytes(body, 1024 * 1024).await {
+        Ok(bytes) => bytes,
+        Err(_) => {
+            return Response::builder()
+                .status(AxumStatusCode::BAD_REQUEST)
+                .body(Body::from("failed to read relay request body"))
+                .expect("build relay bad request");
+        }
+    };
+
+    handle_local_session_request(&state, parts.method.as_str(), path_and_query, &body_bytes)
+        .await
+        .unwrap_or_else(|| {
+            Response::builder()
+                .status(AxumStatusCode::NOT_FOUND)
+                .header(header::CONTENT_TYPE, "application/json; charset=utf-8")
+                .body(Body::from(
+                    r#"{"error":"desktop local vault route not found"}"#,
+                ))
+                .expect("build local session not found response")
+        })
+}
+
+async fn handle_local_session_request(
+    state: &DesktopState,
+    method: &str,
+    path_and_query: &str,
+    body_bytes: &[u8],
+) -> Option<Response> {
+    let path = path_and_query.split('?').next().unwrap_or(path_and_query);
+    let make_json = |status: AxumStatusCode, value: serde_json::Value| {
+        Response::builder()
+            .status(status)
+            .header(header::CONTENT_TYPE, "application/json; charset=utf-8")
+            .body(Body::from(value.to_string()))
+            .expect("build local session response")
+    };
+
+    match (method, path) {
+        ("GET", "/vault/status") => {
+            let status = vault_bootstrap(&state.local_vault).await.ok()?;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::json!({
+                    "unlocked": status.unlocked,
+                    "has_master_password": status.has_master_password
+                }),
+            ))
+        }
+        ("GET", "/vault/entries") => {
+            let url = format!("http://localhost{path_and_query}");
+            let parsed = Url::parse(&url).ok()?;
+            let mut query = EntryListQuery {
+                folder: None,
+                entry_type: None,
+                query: None,
+                deleted_only: false,
+            };
+            for (key, value) in parsed.query_pairs() {
+                match key.as_ref() {
+                    "folder" => query.folder = Some(value.into_owned()),
+                    "entry_type" => query.entry_type = Some(value.into_owned()),
+                    "query" => query.query = Some(value.into_owned()),
+                    "deleted_only" => query.deleted_only = value == "true",
+                    _ => {}
+                }
+            }
+            let entries = vault_list_entries(
+                &state.local_vault,
+                &LocalEntryQuery {
+                    folder: query.folder,
+                    cipher_type: query.entry_type,
+                    query: query.query,
+                    deleted_only: query.deleted_only,
+                },
+            )
+            .await
+            .ok()?;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(
+                    entries
+                        .into_iter()
+                        .map(|entry| EntryListItem {
+                            id: entry.id,
+                            title: entry.name,
+                            subtitle: entry.cipher_type,
+                            folder: entry.folder,
+                            deleted: entry.deleted,
+                        })
+                        .collect::<Vec<_>>(),
+                )
+                .ok()?,
+            ))
+        }
+        _ if method == "GET" && path.starts_with("/vault/entries/") => {
+            let entry_id = path.trim_start_matches("/vault/entries/");
+            let detail = vault_entry_detail(&state.local_vault, entry_id)
+                .await
+                .ok()?;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(map_local_entry_detail(detail)).ok()?,
+            ))
+        }
+        ("POST", "/vault/entries") => {
+            let draft: EntryDraft = serde_json::from_slice(body_bytes).ok()?;
+            let created = vault_create_entry(&state.local_vault, map_entry_draft_to_local(draft))
+                .await
+                .ok()?;
+            let _ = sync_local_vault(state).await;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(map_local_entry_detail(created)).ok()?,
+            ))
+        }
+        _ if method == "PATCH" && path.starts_with("/vault/entries/") => {
+            let entry_id = path.trim_start_matches("/vault/entries/").to_string();
+            let mut detail: EntryDetail = serde_json::from_slice(body_bytes).ok()?;
+            detail.id = entry_id;
+            let updated = vault_update_entry(&state.local_vault, map_entry_detail_to_local(detail))
+                .await
+                .ok()?;
+            let _ = sync_local_vault(state).await;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(map_local_entry_detail(updated)).ok()?,
+            ))
+        }
+        _ if method == "POST"
+            && path.starts_with("/vault/entries/")
+            && path.ends_with("/delete") =>
+        {
+            let entry_id = path
+                .trim_start_matches("/vault/entries/")
+                .trim_end_matches("/delete")
+                .trim_end_matches('/');
+            vault_delete_entry(&state.local_vault, entry_id)
+                .await
+                .ok()?;
+            let _ = sync_local_vault(state).await;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::json!({ "ok": true }),
+            ))
+        }
+        _ if method == "POST"
+            && path.starts_with("/vault/entries/")
+            && path.ends_with("/restore") =>
+        {
+            let entry_id = path
+                .trim_start_matches("/vault/entries/")
+                .trim_end_matches("/restore")
+                .trim_end_matches('/');
+            vault_restore_entry(&state.local_vault, entry_id)
+                .await
+                .ok()?;
+            let _ = sync_local_vault(state).await;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::json!({ "ok": true }),
+            ))
+        }
+        _ if method == "POST"
+            && path.starts_with("/vault/entries/")
+            && path.ends_with("/secrets") =>
+        {
+            let entry_id = path
+                .trim_start_matches("/vault/entries/")
+                .trim_end_matches("/secrets")
+                .trim_end_matches('/');
+            let secret: SecretDraft = serde_json::from_slice(body_bytes).ok()?;
+            let updated = vault_create_secret(
+                &state.local_vault,
+                entry_id,
+                map_secret_draft_to_local(secret),
+            )
+            .await
+            .ok()?;
+            let _ = sync_local_vault(state).await;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(map_local_entry_detail(updated)).ok()?,
+            ))
+        }
+        _ if method == "GET" && path.starts_with("/vault/secrets/") && path.ends_with("/value") => {
+            let secret_id = path
+                .trim_start_matches("/vault/secrets/")
+                .trim_end_matches("/value")
+                .trim_end_matches('/')
+                .to_string();
+            let (entry_id, secret_name) = split_secret_ref_for_ui(&secret_id).ok()?;
+            let value = vault_reveal_secret_value(&state.local_vault, &entry_id, &secret_name)
+                .await
+                .ok()?;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(map_local_secret_value(value)).ok()?,
+            ))
+        }
+        _ if method == "GET"
+            && path.starts_with("/vault/secrets/")
+            && path.ends_with("/history") =>
+        {
+            let secret_id = path
+                .trim_start_matches("/vault/secrets/")
+                .trim_end_matches("/history")
+                .trim_end_matches('/')
+                .to_string();
+            let (entry_id, secret_name) = split_secret_ref_for_ui(&secret_id).ok()?;
+            let history = vault_secret_history(&state.local_vault, &entry_id, &secret_name)
+                .await
+                .ok()?;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(
+                    history
+                        .into_iter()
+                        .map(map_local_history_item)
+                        .collect::<Vec<_>>(),
+                )
+                .ok()?,
+            ))
+        }
+        _ if method == "PATCH" && path.starts_with("/vault/secrets/") => {
+            let secret_id = path.trim_start_matches("/vault/secrets/").to_string();
+            let mut update: SecretUpdateDraft = serde_json::from_slice(body_bytes).ok()?;
+            update.id = secret_id;
+            let updated =
+                vault_update_secret(&state.local_vault, map_secret_update_to_local(update))
+                    .await
+                    .ok()?;
+            let _ = sync_local_vault(state).await;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(map_local_entry_detail(updated)).ok()?,
+            ))
+        }
+        _ if method == "POST"
+            && path.starts_with("/vault/secrets/")
+            && path.ends_with("/delete") =>
+        {
+            let secret_id = path
+                .trim_start_matches("/vault/secrets/")
+                .trim_end_matches("/delete")
+                .trim_end_matches('/');
+            vault_delete_secret(&state.local_vault, secret_id)
+                .await
+                .ok()?;
+            let _ = sync_local_vault(state).await;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::json!({ "ok": true }),
+            ))
+        }
+        _ if method == "POST"
+            && path.starts_with("/vault/secrets/")
+            && path.ends_with("/rollback") =>
+        {
+            let secret_id = path
+                .trim_start_matches("/vault/secrets/")
+                .trim_end_matches("/rollback")
+                .trim_end_matches('/')
+                .to_string();
+            let payload: serde_json::Value = serde_json::from_slice(body_bytes).ok()?;
+            let updated = vault_rollback_secret(
+                &state.local_vault,
+                &secret_id,
+                payload.get("history_id").and_then(|value| value.as_i64()),
+            )
+            .await
+            .ok()?;
+            let _ = sync_local_vault(state).await;
+            Some(make_json(
+                AxumStatusCode::OK,
+                serde_json::to_value(map_local_entry_detail(updated)).ok()?,
+            ))
+        }
+        _ => None,
+    }
+}
+
+pub async fn start_desktop_session_server(state: DesktopState) -> AnyResult<()> {
+    let app = Router::new()
+        .route("/healthz", get(desktop_session_health))
+        .route("/vault/status", get(desktop_session_api))
+        .route("/vault/entries", any(desktop_session_api))
+        .route("/vault/entries/{id}", any(desktop_session_api))
+        .route("/vault/entries/{id}/delete", post(desktop_session_api))
+        .route("/vault/entries/{id}/restore", post(desktop_session_api))
+        .route("/vault/entries/{id}/secrets", post(desktop_session_api))
+        .route("/vault/secrets/{id}", any(desktop_session_api))
+        .route("/vault/secrets/{id}/value", get(desktop_session_api))
+        .route("/vault/secrets/{id}/history", get(desktop_session_api))
+        .route("/vault/secrets/{id}/delete", post(desktop_session_api))
+        .route("/vault/secrets/{id}/rollback", post(desktop_session_api))
+        .with_state(state.clone());
+    let listener = tokio::net::TcpListener::bind(&state.session_bind)
+        .await
+        .with_context(|| {
+            format!(
+                "failed to bind desktop session relay {}",
+                state.session_bind
+            )
+        })?;
+    axum::serve(listener, app)
+        .await
+        .context("desktop session relay server error")
+}

apps/desktop/src-tauri/tauri.conf.json

@@ -0,0 +1,31 @@
+{
+  "$schema": "https://schema.tauri.app/config/2",
+  "productName": "Secrets",
+  "version": "3.0.0",
+  "identifier": "dev.refining.secrets",
+  "build": {
+    "beforeDevCommand": "",
+    "beforeBuildCommand": "",
+    "frontendDist": "../dist"
+  },
+  "app": {
+    "windows": [
+      {
+        "title": "Secrets",
+        "width": 420,
+        "height": 400,
+        "minWidth": 420,
+        "minHeight": 400,
+        "resizable": true,
+        "titleBarStyle": "overlay",
+        "hiddenTitle": true
+      }
+    ],
+    "security": {
+      "csp": null
+    }
+  },
+  "bundle": {
+    "active": false
+  }
+}

crates/application/Cargo.toml

@@ -0,0 +1,18 @@
+[package]
+name = "secrets-application"
+version = "0.1.0"
+edition.workspace = true
+
+[lib]
+name = "secrets_application"
+path = "src/lib.rs"
+
+[dependencies]
+anyhow.workspace = true
+chrono.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+sqlx.workspace = true
+uuid.workspace = true
+
+secrets-domain = { path = "../domain" }

crates/application/src/conflict.rs

@@ -0,0 +1,9 @@
+use secrets_domain::VaultObjectEnvelope;
+use uuid::Uuid;
+
+#[derive(Debug, Clone)]
+pub struct RevisionConflict {
+    pub change_id: Uuid,
+    pub object_id: Uuid,
+    pub server_object: Option<VaultObjectEnvelope>,
+}

crates/application/src/lib.rs

@@ -0,0 +1,3 @@
+pub mod conflict;
+pub mod sync;
+pub mod vault_store;

crates/application/src/sync.rs

@@ -0,0 +1,252 @@
+use anyhow::Result;
+use sqlx::PgPool;
+use uuid::Uuid;
+
+use secrets_domain::{
+    SyncAcceptedChange, SyncConflict, SyncPullRequest, SyncPullResponse, SyncPushRequest,
+    SyncPushResponse, VaultObjectChange, VaultObjectEnvelope,
+};
+
+use crate::vault_store::{
+    get_object, list_objects_since, list_tombstones_since, max_server_revision,
+};
+
+fn detect_conflict(
+    change: &VaultObjectChange,
+    existing: Option<&VaultObjectEnvelope>,
+) -> Option<SyncConflict> {
+    match (change.base_revision, existing) {
+        (Some(base_revision), Some(server_object)) if server_object.revision != base_revision => {
+            Some(SyncConflict {
+                change_id: change.change_id,
+                object_id: change.object_id,
+                reason: "revision_conflict".to_string(),
+                server_object: Some(server_object.clone()),
+            })
+        }
+        _ if !matches!(change.operation.as_str(), "upsert" | "delete") => Some(SyncConflict {
+            change_id: change.change_id,
+            object_id: change.object_id,
+            reason: "unsupported_operation".to_string(),
+            server_object: existing.cloned(),
+        }),
+        _ => None,
+    }
+}
+
+pub async fn sync_pull(
+    pool: &PgPool,
+    user_id: Uuid,
+    request: SyncPullRequest,
+) -> Result<SyncPullResponse> {
+    let cursor = request.cursor.unwrap_or(0).max(0);
+    let limit = request.limit.unwrap_or(200).clamp(1, 500);
+    let objects = list_objects_since(pool, user_id, cursor, limit).await?;
+    let tombstones = if request.include_deleted {
+        list_tombstones_since(pool, user_id, cursor, limit).await?
+    } else {
+        Vec::new()
+    };
+    let server_revision = max_server_revision(pool, user_id).await?;
+    let next_cursor = objects
+        .last()
+        .map(|object| object.revision)
+        .unwrap_or(cursor);
+
+    Ok(SyncPullResponse {
+        server_revision,
+        next_cursor,
+        has_more: (objects.len() as i64) >= limit,
+        objects,
+        tombstones,
+    })
+}
+
+pub async fn sync_push(
+    pool: &PgPool,
+    user_id: Uuid,
+    request: SyncPushRequest,
+) -> Result<SyncPushResponse> {
+    let mut accepted = Vec::new();
+    let mut conflicts = Vec::new();
+
+    for change in request.changes {
+        let existing = get_object(pool, user_id, change.object_id).await?;
+        if let Some(conflict) = detect_conflict(&change, existing.as_ref()) {
+            conflicts.push(conflict);
+            continue;
+        }
+
+        let next_revision = existing
+            .as_ref()
+            .map(|object| object.revision + 1)
+            .unwrap_or(1);
+        let next_cipher_version = change.cipher_version.unwrap_or(1);
+        let next_ciphertext = change.ciphertext.clone().unwrap_or_default();
+        let next_content_hash = change.content_hash.clone().unwrap_or_default();
+        let next_deleted_at = if change.operation == "delete" {
+            Some(chrono::Utc::now())
+        } else {
+            None
+        };
+
+        match change.operation.as_str() {
+            "upsert" => {
+                sqlx::query(
+                    r#"
+                    INSERT INTO vault_objects (
+                        object_id, user_id, object_kind, revision, cipher_version, ciphertext, content_hash, deleted_at, updated_at, created_by_device
+                    )
+                    VALUES ($1, $2, $3, $4, $5, $6, $7, NULL, NOW(), NULL)
+                    ON CONFLICT (object_id)
+                    DO UPDATE SET
+                        revision = EXCLUDED.revision,
+                        cipher_version = EXCLUDED.cipher_version,
+                        ciphertext = EXCLUDED.ciphertext,
+                        content_hash = EXCLUDED.content_hash,
+                        deleted_at = NULL,
+                        updated_at = NOW()
+                    "#,
+                )
+                .bind(change.object_id)
+                .bind(user_id)
+                .bind(change.object_kind.as_str())
+                .bind(next_revision)
+                .bind(next_cipher_version)
+                .bind(next_ciphertext.clone())
+                .bind(next_content_hash.clone())
+                .execute(pool)
+                .await?;
+            }
+            "delete" => {
+                sqlx::query(
+                    r#"
+                    UPDATE vault_objects
+                    SET revision = $1, deleted_at = NOW(), updated_at = NOW()
+                    WHERE object_id = $2
+                      AND user_id = $3
+                    "#,
+                )
+                .bind(next_revision)
+                .bind(change.object_id)
+                .bind(user_id)
+                .execute(pool)
+                .await?;
+            }
+            _ => unreachable!("unsupported operations are filtered by detect_conflict"),
+        }
+
+        sqlx::query(
+            r#"
+            INSERT INTO vault_object_revisions (
+                object_id, user_id, revision, cipher_version, ciphertext, content_hash, deleted_at, created_at
+            )
+            VALUES ($1, $2, $3, $4, $5, $6, $7, NOW())
+            "#,
+        )
+        .bind(change.object_id)
+        .bind(user_id)
+        .bind(next_revision)
+        .bind(next_cipher_version)
+        .bind(next_ciphertext)
+        .bind(next_content_hash)
+        .bind(next_deleted_at)
+        .execute(pool)
+        .await?;
+
+        accepted.push(SyncAcceptedChange {
+            change_id: change.change_id,
+            object_id: change.object_id,
+            revision: next_revision,
+        });
+    }
+
+    let server_revision = max_server_revision(pool, user_id).await?;
+    Ok(SyncPushResponse {
+        server_revision,
+        accepted,
+        conflicts,
+    })
+}
+
+pub async fn fetch_object(
+    pool: &PgPool,
+    user_id: Uuid,
+    object_id: Uuid,
+) -> Result<Option<VaultObjectEnvelope>> {
+    get_object(pool, user_id, object_id).await
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use chrono::Utc;
+    use secrets_domain::{VaultObjectChange, VaultObjectKind};
+    use uuid::Uuid;
+
+    fn sample_change(operation: &str, base_revision: Option<i64>) -> VaultObjectChange {
+        VaultObjectChange {
+            change_id: Uuid::nil(),
+            object_id: Uuid::max(),
+            object_kind: VaultObjectKind::Cipher,
+            operation: operation.to_string(),
+            base_revision,
+            cipher_version: Some(1),
+            ciphertext: Some(vec![1, 2, 3]),
+            content_hash: Some("sha256:test".to_string()),
+        }
+    }
+
+    fn sample_object(revision: i64) -> VaultObjectEnvelope {
+        VaultObjectEnvelope {
+            object_id: Uuid::max(),
+            object_kind: VaultObjectKind::Cipher,
+            revision,
+            cipher_version: 1,
+            ciphertext: vec![9, 9, 9],
+            content_hash: "sha256:server".to_string(),
+            deleted_at: None,
+            updated_at: Utc::now(),
+        }
+    }
+
+    #[test]
+    fn conflict_when_base_revision_is_stale() {
+        let mut change = sample_change("upsert", Some(3));
+        let server = sample_object(5);
+        change.object_id = server.object_id;
+
+        let conflict = detect_conflict(&change, Some(&server)).expect("expected conflict");
+
+        assert_eq!(conflict.reason, "revision_conflict");
+        assert_eq!(conflict.object_id, server.object_id);
+        assert_eq!(
+            conflict
+                .server_object
+                .as_ref()
+                .map(|object| object.revision),
+            Some(5)
+        );
+    }
+
+    #[test]
+    fn no_conflict_when_revision_matches() {
+        let mut change = sample_change("upsert", Some(5));
+        let server = sample_object(5);
+        change.object_id = server.object_id;
+
+        let conflict = detect_conflict(&change, Some(&server));
+
+        assert!(conflict.is_none());
+    }
+
+    #[test]
+    fn unsupported_operation_is_conflict() {
+        let change = sample_change("merge", None);
+
+        let conflict = detect_conflict(&change, None).expect("expected unsupported operation");
+
+        assert_eq!(conflict.reason, "unsupported_operation");
+        assert!(conflict.server_object.is_none());
+    }
+}

crates/application/src/vault_store.rs

@@ -0,0 +1,147 @@
+use anyhow::{Context, Result};
+use chrono::{DateTime, Utc};
+use sqlx::PgPool;
+use uuid::Uuid;
+
+use secrets_domain::{VaultObjectEnvelope, VaultObjectKind, VaultTombstone};
+
+#[derive(Debug, sqlx::FromRow)]
+struct VaultObjectRow {
+    object_id: Uuid,
+    _object_kind: String,
+    revision: i64,
+    cipher_version: i32,
+    ciphertext: Vec<u8>,
+    content_hash: String,
+    deleted_at: Option<DateTime<Utc>>,
+    updated_at: DateTime<Utc>,
+}
+
+impl From<VaultObjectRow> for VaultObjectEnvelope {
+    fn from(row: VaultObjectRow) -> Self {
+        Self {
+            object_id: row.object_id,
+            object_kind: VaultObjectKind::Cipher,
+            revision: row.revision,
+            cipher_version: row.cipher_version,
+            ciphertext: row.ciphertext,
+            content_hash: row.content_hash,
+            deleted_at: row.deleted_at,
+            updated_at: row.updated_at,
+        }
+    }
+}
+
+pub async fn list_objects_since(
+    pool: &PgPool,
+    user_id: Uuid,
+    cursor: i64,
+    limit: i64,
+) -> Result<Vec<VaultObjectEnvelope>> {
+    let rows = sqlx::query_as::<_, VaultObjectRow>(
+        r#"
+        SELECT
+            object_id,
+            object_kind AS _object_kind,
+            revision,
+            cipher_version,
+            ciphertext,
+            content_hash,
+            deleted_at,
+            updated_at
+        FROM vault_objects
+        WHERE user_id = $1
+          AND revision > $2
+        ORDER BY revision ASC
+        LIMIT $3
+        "#,
+    )
+    .bind(user_id)
+    .bind(cursor)
+    .bind(limit.max(1))
+    .fetch_all(pool)
+    .await
+    .context("failed to list vault objects")?;
+
+    Ok(rows.into_iter().map(Into::into).collect())
+}
+
+pub async fn get_object(
+    pool: &PgPool,
+    user_id: Uuid,
+    object_id: Uuid,
+) -> Result<Option<VaultObjectEnvelope>> {
+    let row = sqlx::query_as::<_, VaultObjectRow>(
+        r#"
+        SELECT
+            object_id,
+            object_kind AS _object_kind,
+            revision,
+            cipher_version,
+            ciphertext,
+            content_hash,
+            deleted_at,
+            updated_at
+        FROM vault_objects
+        WHERE user_id = $1
+          AND object_id = $2
+        "#,
+    )
+    .bind(user_id)
+    .bind(object_id)
+    .fetch_optional(pool)
+    .await
+    .context("failed to load vault object")?;
+
+    Ok(row.map(Into::into))
+}
+
+pub async fn list_tombstones_since(
+    pool: &PgPool,
+    user_id: Uuid,
+    cursor: i64,
+    limit: i64,
+) -> Result<Vec<VaultTombstone>> {
+    let rows = sqlx::query_as::<_, (Uuid, i64, DateTime<Utc>)>(
+        r#"
+        SELECT object_id, revision, deleted_at
+        FROM vault_objects
+        WHERE user_id = $1
+          AND revision > $2
+          AND deleted_at IS NOT NULL
+        ORDER BY revision ASC
+        LIMIT $3
+        "#,
+    )
+    .bind(user_id)
+    .bind(cursor)
+    .bind(limit.max(1))
+    .fetch_all(pool)
+    .await
+    .context("failed to list tombstones")?;
+
+    Ok(rows
+        .into_iter()
+        .map(|(object_id, revision, deleted_at)| VaultTombstone {
+            object_id,
+            revision,
+            deleted_at,
+        })
+        .collect())
+}
+
+pub async fn max_server_revision(pool: &PgPool, user_id: Uuid) -> Result<i64> {
+    let revision = sqlx::query_scalar::<_, Option<i64>>(
+        r#"
+        SELECT MAX(revision)
+        FROM vault_objects
+        WHERE user_id = $1
+        "#,
+    )
+    .bind(user_id)
+    .fetch_one(pool)
+    .await
+    .context("failed to load max server revision")?;
+
+    Ok(revision.unwrap_or(0))
+}

crates/client-integrations/Cargo.toml

@@ -0,0 +1,13 @@
+[package]
+name = "secrets-client-integrations"
+version = "0.1.0"
+edition.workspace = true
+
+[lib]
+name = "secrets_client_integrations"
+path = "src/lib.rs"
+
+[dependencies]
+anyhow.workspace = true
+serde.workspace = true
+serde_json.workspace = true

crates/client-integrations/src/lib.rs

@@ -0,0 +1,162 @@
+use anyhow::{Context, Result};
+use serde_json::{Map, Value};
+use std::{
+    fs,
+    path::{Path, PathBuf},
+};
+
+pub trait ClientAdapter {
+    fn client_name(&self) -> &'static str;
+    fn config_path(&self) -> PathBuf;
+}
+
+pub struct CursorAdapter;
+
+impl ClientAdapter for CursorAdapter {
+    fn client_name(&self) -> &'static str {
+        "cursor"
+    }
+
+    fn config_path(&self) -> PathBuf {
+        default_home().join(".cursor").join("mcp.json")
+    }
+}
+
+pub struct ClaudeCodeAdapter;
+
+impl ClientAdapter for ClaudeCodeAdapter {
+    fn client_name(&self) -> &'static str {
+        "claude-code"
+    }
+
+    fn config_path(&self) -> PathBuf {
+        default_home().join(".claude").join("mcp.json")
+    }
+}
+
+fn default_home() -> PathBuf {
+    std::env::var_os("HOME")
+        .or_else(|| std::env::var_os("USERPROFILE"))
+        .map(PathBuf::from)
+        .unwrap_or_else(|| PathBuf::from("."))
+}
+
+pub fn has_managed_server(adapter: &dyn ClientAdapter, server_name: &str) -> Result<bool> {
+    let path = adapter.config_path();
+    let root = read_config_or_default(&path)?;
+    Ok(root
+        .get("mcpServers")
+        .and_then(Value::as_object)
+        .is_some_and(|servers| servers.contains_key(server_name)))
+}
+
+pub fn upsert_managed_server(
+    adapter: &dyn ClientAdapter,
+    server_name: &str,
+    server_config: Value,
+) -> Result<()> {
+    let path = adapter.config_path();
+    let mut root = read_config_or_default(&path)?;
+    let root_object = ensure_object(&mut root);
+    let mcp_servers = root_object
+        .entry("mcpServers".to_string())
+        .or_insert_with(|| Value::Object(Map::new()));
+    let servers_object = ensure_object(mcp_servers);
+    servers_object.insert(server_name.to_string(), server_config);
+    write_config_atomically(&path, &root)
+}
+
+fn read_config_or_default(path: &Path) -> Result<Value> {
+    if !path.exists() {
+        return Ok(Value::Object(Map::new()));
+    }
+    let raw =
+        fs::read_to_string(path).with_context(|| format!("failed to read {}", path.display()))?;
+    serde_json::from_str(&raw).with_context(|| format!("failed to parse {}", path.display()))
+}
+
+fn write_config_atomically(path: &Path, value: &Value) -> Result<()> {
+    if let Some(parent) = path.parent() {
+        fs::create_dir_all(parent)
+            .with_context(|| format!("failed to create {}", parent.display()))?;
+    }
+    let tmp_path = path.with_extension("json.tmp");
+    let body = serde_json::to_string_pretty(value).context("failed to serialize mcp config")?;
+    fs::write(&tmp_path, body)
+        .with_context(|| format!("failed to write {}", tmp_path.display()))?;
+    fs::rename(&tmp_path, path).with_context(|| format!("failed to replace {}", path.display()))?;
+    Ok(())
+}
+
+fn ensure_object(value: &mut Value) -> &mut Map<String, Value> {
+    if !value.is_object() {
+        *value = Value::Object(Map::new());
+    }
+    value.as_object_mut().expect("object just ensured")
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::time::{SystemTime, UNIX_EPOCH};
+
+    struct TestAdapter {
+        path: PathBuf,
+    }
+
+    impl ClientAdapter for TestAdapter {
+        fn client_name(&self) -> &'static str {
+            "test"
+        }
+
+        fn config_path(&self) -> PathBuf {
+            self.path.clone()
+        }
+    }
+
+    #[test]
+    fn upsert_preserves_other_servers() {
+        let unique = SystemTime::now()
+            .duration_since(UNIX_EPOCH)
+            .expect("clock")
+            .as_nanos();
+        let base = std::env::temp_dir().join(format!("secrets-client-integrations-{unique}"));
+        let adapter = TestAdapter {
+            path: base.join("mcp.json"),
+        };
+        fs::create_dir_all(adapter.path.parent().expect("parent")).expect("mkdir");
+        fs::write(
+            &adapter.path,
+            r#"{"mcpServers":{"postgres":{"command":"npx"},"secrets":{"url":"http://old"}}}"#,
+        )
+        .expect("seed config");
+
+        upsert_managed_server(
+            &adapter,
+            "secrets",
+            serde_json::json!({
+                "url": "http://127.0.0.1:9515/mcp"
+            }),
+        )
+        .expect("upsert config");
+
+        let root: Value =
+            serde_json::from_str(&fs::read_to_string(&adapter.path).expect("read back"))
+                .expect("parse back");
+        let servers = root
+            .get("mcpServers")
+            .and_then(Value::as_object)
+            .expect("mcpServers object");
+        assert!(servers.contains_key("postgres"));
+        assert_eq!(
+            servers
+                .get("secrets")
+                .and_then(Value::as_object)
+                .and_then(|value| value.get("url"))
+                .and_then(Value::as_str),
+            Some("http://127.0.0.1:9515/mcp")
+        );
+
+        let _ = fs::remove_dir_all(base);
+    }
+}

crates/crypto/Cargo.toml

@@ -0,0 +1,14 @@
+[package]
+name = "secrets-crypto"
+version = "0.1.0"
+edition.workspace = true
+
+[lib]
+name = "secrets_crypto"
+path = "src/lib.rs"
+
+[dependencies]
+aes-gcm.workspace = true
+anyhow.workspace = true
+hex.workspace = true
+rand.workspace = true

crates/crypto/src/lib.rs

@@ -0,0 +1,47 @@
+use aes_gcm::aead::{Aead, KeyInit};
+use aes_gcm::{Aes256Gcm, Nonce};
+use anyhow::{Context, Result};
+use rand::Rng;
+
+pub const KEY_CHECK_PLAINTEXT: &[u8] = b"secrets-v3-key-check";
+
+pub fn decode_hex(input: &str) -> Result<Vec<u8>> {
+    hex::decode(input.trim()).context("invalid hex")
+}
+
+pub fn encode_hex(input: &[u8]) -> String {
+    hex::encode(input)
+}
+
+pub fn extract_key_32(input: &str) -> Result<[u8; 32]> {
+    let bytes = decode_hex(input)?;
+    let key: [u8; 32] = bytes
+        .try_into()
+        .map_err(|_| anyhow::anyhow!("expected 32-byte key"))?;
+    Ok(key)
+}
+
+pub fn encrypt(key: &[u8; 32], plaintext: &[u8]) -> Result<Vec<u8>> {
+    let cipher = Aes256Gcm::new_from_slice(key).context("invalid AES-256 key")?;
+    let mut nonce_bytes = [0_u8; 12];
+    rand::rng().fill_bytes(&mut nonce_bytes);
+    let nonce = Nonce::from_slice(&nonce_bytes);
+    let mut out = nonce_bytes.to_vec();
+    out.extend(
+        cipher
+            .encrypt(nonce, plaintext)
+            .map_err(|_| anyhow::anyhow!("encryption failed"))?,
+    );
+    Ok(out)
+}
+
+pub fn decrypt(key: &[u8; 32], ciphertext: &[u8]) -> Result<Vec<u8>> {
+    if ciphertext.len() < 12 {
+        anyhow::bail!("ciphertext too short");
+    }
+    let cipher = Aes256Gcm::new_from_slice(key).context("invalid AES-256 key")?;
+    let (nonce, body) = ciphertext.split_at(12);
+    cipher
+        .decrypt(Nonce::from_slice(nonce), body)
+        .map_err(|_| anyhow::anyhow!("decryption failed"))
+}

crates/desktop-daemon/Cargo.toml

@@ -0,0 +1,26 @@
+[package]
+name = "secrets-desktop-daemon"
+version = "0.1.0"
+edition.workspace = true
+
+[lib]
+name = "secrets_desktop_daemon"
+path = "src/lib.rs"
+
+[[bin]]
+name = "secrets-desktop-daemon"
+path = "src/main.rs"
+
+[dependencies]
+anyhow.workspace = true
+axum.workspace = true
+dotenvy.workspace = true
+reqwest = { workspace = true, features = ["stream"] }
+rmcp.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+tokio.workspace = true
+tracing.workspace = true
+tracing-subscriber.workspace = true
+
+secrets-device-auth = { path = "../device-auth" }

crates/desktop-daemon/src/config.rs

@@ -0,0 +1,23 @@
+use anyhow::Result;
+
+#[derive(Debug, Clone)]
+pub struct DaemonConfig {
+    pub bind: String,
+}
+
+pub fn load_config() -> Result<DaemonConfig> {
+    let bind =
+        std::env::var("SECRETS_DAEMON_BIND").unwrap_or_else(|_| "127.0.0.1:9515".to_string());
+    if bind.trim().is_empty() {
+        anyhow::bail!("SECRETS_DAEMON_BIND must not be empty");
+    }
+    Ok(DaemonConfig { bind })
+}
+
+pub fn load_persisted_device_token() -> Result<Option<String>> {
+    let token = std::env::var("SECRETS_DEVICE_LOGIN_TOKEN")
+        .ok()
+        .map(|value| value.trim().to_string())
+        .filter(|value| !value.is_empty());
+    Ok(token)
+}

crates/desktop-daemon/src/exec.rs

@@ -0,0 +1,139 @@
+use std::collections::BTreeMap;
+use std::time::Duration;
+
+use anyhow::{Context, Result, anyhow};
+use serde::{Deserialize, Serialize};
+use serde_json::{Map, Value};
+use tokio::process::Command;
+
+use crate::target::{ExecutionTarget, ResolvedTarget};
+
+const MAX_OUTPUT_CHARS: usize = 64 * 1024;
+
+#[derive(Clone, Debug, Deserialize)]
+pub struct TargetExecInput {
+    pub target_ref: Option<String>,
+    pub command: String,
+    pub timeout_secs: Option<u64>,
+    pub working_dir: Option<String>,
+    pub env_overrides: Option<Map<String, Value>>,
+}
+
+#[derive(Clone, Debug, Serialize)]
+pub struct ExecResult {
+    pub resolved_target: ResolvedTarget,
+    pub resolved_env_keys: Vec<String>,
+    pub command: String,
+    pub exit_code: Option<i32>,
+    pub stdout: String,
+    pub stderr: String,
+    pub timed_out: bool,
+    pub duration_ms: u128,
+    pub stdout_truncated: bool,
+    pub stderr_truncated: bool,
+}
+
+fn truncate_output(text: String) -> (String, bool) {
+    if text.chars().count() <= MAX_OUTPUT_CHARS {
+        return (text, false);
+    }
+    let truncated = text.chars().take(MAX_OUTPUT_CHARS).collect::<String>();
+    (truncated, true)
+}
+
+fn stringify_env_override(value: &Value) -> Option<String> {
+    match value {
+        Value::Null => None,
+        Value::String(s) => Some(s.clone()),
+        Value::Bool(v) => Some(v.to_string()),
+        Value::Number(v) => Some(v.to_string()),
+        other => serde_json::to_string(other).ok(),
+    }
+}
+
+fn apply_env_overrides(
+    env: &mut BTreeMap<String, String>,
+    overrides: Option<&Map<String, Value>>,
+) -> Result<()> {
+    let Some(overrides) = overrides else {
+        return Ok(());
+    };
+    for (key, value) in overrides {
+        if key.is_empty() || key.contains('=') {
+            return Err(anyhow!("invalid env override key: {key}"));
+        }
+        if key.starts_with("TARGET_") {
+            return Err(anyhow!(
+                "env override `{key}` cannot override reserved TARGET_* variables"
+            ));
+        }
+        if let Some(value) = stringify_env_override(value) {
+            env.insert(key.clone(), value);
+        }
+    }
+    Ok(())
+}
+
+pub async fn execute_command(
+    input: &TargetExecInput,
+    target: &ExecutionTarget,
+    timeout_secs: u64,
+) -> Result<ExecResult> {
+    let mut env = target.env.clone();
+    apply_env_overrides(&mut env, input.env_overrides.as_ref())?;
+
+    let started = std::time::Instant::now();
+    let mut command = Command::new("/bin/sh");
+    command
+        .arg("-lc")
+        .arg(&input.command)
+        .kill_on_drop(true)
+        .stdout(std::process::Stdio::piped())
+        .stderr(std::process::Stdio::piped());
+
+    if let Some(dir) = input.working_dir.as_ref().filter(|dir| !dir.is_empty()) {
+        command.current_dir(dir);
+    }
+    for (key, value) in &env {
+        command.env(key, value);
+    }
+
+    let child = command
+        .spawn()
+        .with_context(|| format!("failed to spawn command: {}", input.command))?;
+
+    let timed = tokio::time::timeout(
+        Duration::from_secs(timeout_secs.clamp(1, 86400)),
+        child.wait_with_output(),
+    )
+    .await;
+
+    let (exit_code, stdout, stderr, timed_out) = match timed {
+        Ok(output) => {
+            let output = output.context("failed waiting for command output")?;
+            (
+                output.status.code(),
+                String::from_utf8_lossy(&output.stdout).to_string(),
+                String::from_utf8_lossy(&output.stderr).to_string(),
+                false,
+            )
+        }
+        Err(_) => (None, String::new(), "command timed out".to_string(), true),
+    };
+
+    let (stdout, stdout_truncated) = truncate_output(stdout);
+    let (stderr, stderr_truncated) = truncate_output(stderr);
+
+    Ok(ExecResult {
+        resolved_target: target.resolved.clone(),
+        resolved_env_keys: target.resolved_env_keys(),
+        command: input.command.clone(),
+        exit_code,
+        stdout,
+        stderr,
+        timed_out,
+        duration_ms: started.elapsed().as_millis(),
+        stdout_truncated,
+        stderr_truncated,
+    })
+}

crates/desktop-daemon/src/lib.rs

@@ -0,0 +1,642 @@
+pub mod config;
+pub mod exec;
+pub mod target;
+pub mod vault_client;
+
+use std::collections::HashMap;
+
+use anyhow::{Context, Result, anyhow};
+use axum::{
+    Router,
+    body::Body,
+    extract::State,
+    http::{StatusCode, header},
+    response::Response,
+    routing::{any, get},
+};
+use serde::Deserialize;
+use serde_json::{Value, json};
+
+use crate::{
+    exec::{TargetExecInput, execute_command},
+    target::{TargetSnapshot, build_execution_target},
+    vault_client::{
+        EntryDetail, EntrySummary, SecretHistoryItem, SecretValueField, authorized_get,
+        authorized_patch, authorized_post, entry_detail_payload, fetch_entry_detail,
+        fetch_revealed_entry_secrets,
+    },
+};
+
+#[derive(Clone)]
+pub struct AppState {
+    session_base: String,
+    client: reqwest::Client,
+}
+
+#[derive(Deserialize)]
+struct JsonRpcRequest {
+    #[serde(default)]
+    id: Value,
+    method: String,
+    #[serde(default)]
+    params: Value,
+}
+
+fn json_response(status: StatusCode, value: Value) -> Response {
+    Response::builder()
+        .status(status)
+        .header(header::CONTENT_TYPE, "application/json; charset=utf-8")
+        .body(Body::from(value.to_string()))
+        .expect("build response")
+}
+
+fn jsonrpc_result_response(id: Value, result: Value) -> Response {
+    json_response(
+        StatusCode::OK,
+        json!({
+            "jsonrpc": "2.0",
+            "id": id,
+            "result": result,
+        }),
+    )
+}
+
+fn tool_success_response(id: Value, value: Value) -> Response {
+    let pretty = serde_json::to_string_pretty(&value).unwrap_or_else(|_| value.to_string());
+    jsonrpc_result_response(
+        id,
+        json!({
+            "content": [
+                {
+                    "type": "text",
+                    "text": pretty
+                }
+            ],
+            "isError": false
+        }),
+    )
+}
+
+fn tool_error_response(id: Value, message: impl Into<String>) -> Response {
+    jsonrpc_result_response(
+        id,
+        json!({
+            "content": [
+                {
+                    "type": "text",
+                    "text": message.into()
+                }
+            ],
+            "isError": true
+        }),
+    )
+}
+
+fn initialize_response(id: Value) -> Response {
+    let session_id = format!(
+        "desktop-daemon-{}",
+        std::time::SystemTime::now()
+            .duration_since(std::time::UNIX_EPOCH)
+            .map(|duration| duration.as_nanos())
+            .unwrap_or(0)
+    );
+    let payload = json!({
+        "jsonrpc": "2.0",
+        "id": id,
+        "result": {
+            "protocolVersion": "2025-06-18",
+            "capabilities": {
+                "tools": {}
+            },
+            "serverInfo": {
+                "name": "secrets-desktop-daemon",
+                "version": env!("CARGO_PKG_VERSION"),
+                "title": "Secrets Desktop Daemon"
+            },
+            "instructions": "Preferred tools: secrets_entry_find, secrets_entry_get, secrets_entry_add, secrets_entry_update, secrets_entry_delete, secrets_entry_restore, secrets_secret_add, secrets_secret_update, secrets_secret_delete, secrets_secret_history, secrets_secret_rollback, and target_exec. All data is resolved from the desktop app's unlocked local vault session."
+        }
+    });
+    Response::builder()
+        .status(StatusCode::OK)
+        .header(header::CONTENT_TYPE, "application/json; charset=utf-8")
+        .header("mcp-session-id", session_id)
+        .body(Body::from(payload.to_string()))
+        .expect("build response")
+}
+
+fn tool_definitions() -> Vec<Value> {
+    vec![
+        json!({
+            "name": "secrets_entry_find",
+            "description": "Find entries from the user's secrets vault.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "query": { "type": ["string", "null"] },
+                    "folder": { "type": ["string", "null"] },
+                    "type": { "type": ["string", "null"] }
+                }
+            }
+        }),
+        json!({
+            "name": "secrets_entry_get",
+            "description": "Get one entry from the unlocked local vault by entry id.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "id": { "type": "string" }
+                },
+                "required": ["id"]
+            }
+        }),
+        json!({
+            "name": "secrets_entry_add",
+            "description": "Create a new entry and optionally include initial secrets.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "folder": { "type": "string" },
+                    "name": { "type": "string" },
+                    "type": { "type": ["string", "null"] },
+                    "metadata": { "type": ["object", "null"] },
+                    "secrets": {
+                        "type": ["array", "null"],
+                        "items": {
+                            "type": "object",
+                            "properties": {
+                                "name": { "type": "string" },
+                                "secret_type": { "type": ["string", "null"] },
+                                "value": { "type": "string" }
+                            },
+                            "required": ["name", "value"]
+                        }
+                    }
+                },
+                "required": ["folder", "name"]
+            }
+        }),
+        json!({
+            "name": "secrets_entry_update",
+            "description": "Update an existing entry by id.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "id": { "type": "string" },
+                    "folder": { "type": ["string", "null"] },
+                    "name": { "type": ["string", "null"] },
+                    "type": { "type": ["string", "null"] },
+                    "metadata": { "type": ["object", "null"] }
+                },
+                "required": ["id"]
+            }
+        }),
+        json!({
+            "name": "secrets_entry_delete",
+            "description": "Move an entry into recycle bin by id.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "id": { "type": "string" }
+                },
+                "required": ["id"]
+            }
+        }),
+        json!({
+            "name": "secrets_entry_restore",
+            "description": "Restore a deleted entry from recycle bin by id.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "id": { "type": "string" }
+                },
+                "required": ["id"]
+            }
+        }),
+        json!({
+            "name": "secrets_secret_add",
+            "description": "Create one secret under an existing entry.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "entry_id": { "type": "string" },
+                    "name": { "type": "string" },
+                    "secret_type": { "type": ["string", "null"] },
+                    "value": { "type": "string" }
+                },
+                "required": ["entry_id", "name", "value"]
+            }
+        }),
+        json!({
+            "name": "secrets_secret_update",
+            "description": "Update one secret by id.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "id": { "type": "string" },
+                    "name": { "type": ["string", "null"] },
+                    "secret_type": { "type": ["string", "null"] },
+                    "value": { "type": ["string", "null"] }
+                },
+                "required": ["id"]
+            }
+        }),
+        json!({
+            "name": "secrets_secret_delete",
+            "description": "Delete one secret by id.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "id": { "type": "string" }
+                },
+                "required": ["id"]
+            }
+        }),
+        json!({
+            "name": "secrets_secret_history",
+            "description": "List history snapshots for one secret by id.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "id": { "type": "string" }
+                },
+                "required": ["id"]
+            }
+        }),
+        json!({
+            "name": "secrets_secret_rollback",
+            "description": "Rollback one secret by id to a previous version or history id.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "id": { "type": "string" },
+                    "version": { "type": ["integer", "null"] },
+                    "history_id": { "type": ["integer", "null"] }
+                },
+                "required": ["id"]
+            }
+        }),
+        json!({
+            "name": "target_exec",
+            "description": "Execute a local shell command with resolved TARGET_* environment variables from one entry.",
+            "inputSchema": {
+                "type": "object",
+                "properties": {
+                    "target_ref": { "type": ["string", "null"] },
+                    "command": { "type": "string" },
+                    "timeout_secs": { "type": ["integer", "null"] },
+                    "working_dir": { "type": ["string", "null"] },
+                    "env_overrides": { "type": ["object", "null"] }
+                },
+                "required": ["target_ref", "command"]
+            }
+        }),
+    ]
+}
+
+fn entry_detail_to_snapshot(detail: &EntryDetail) -> TargetSnapshot {
+    let metadata = detail
+        .metadata
+        .iter()
+        .map(|field| (field.label.clone(), Value::String(field.value.clone())))
+        .collect();
+    let secret_fields = detail
+        .secrets
+        .iter()
+        .map(|secret| crate::target::SecretFieldRef {
+            name: secret.name.clone(),
+            secret_type: Some(secret.secret_type.clone()),
+        })
+        .collect();
+    TargetSnapshot {
+        id: detail.id.clone(),
+        folder: detail.folder.clone(),
+        name: detail.name.clone(),
+        entry_type: Some(detail.cipher_type.clone()),
+        metadata,
+        secret_fields,
+    }
+}
+
+fn revealed_secrets_to_env(secrets: &[SecretValueField]) -> HashMap<String, Value> {
+    secrets
+        .iter()
+        .map(|secret| (secret.name.clone(), Value::String(secret.value.clone())))
+        .collect()
+}
+
+async fn call_tool(state: &AppState, name: &str, arguments: Value) -> Result<Value> {
+    match name {
+        "secrets_entry_find" => {
+            let folder = arguments
+                .get("folder")
+                .and_then(Value::as_str)
+                .map(ToOwned::to_owned);
+            let query = arguments
+                .get("query")
+                .and_then(Value::as_str)
+                .map(ToOwned::to_owned);
+            let entry_type = arguments
+                .get("type")
+                .and_then(Value::as_str)
+                .map(ToOwned::to_owned);
+            let mut params = Vec::new();
+            if let Some(folder) = folder {
+                params.push(("folder", folder));
+            }
+            if let Some(query) = query {
+                params.push(("query", query));
+            }
+            if let Some(entry_type) = entry_type {
+                params.push(("entry_type", entry_type));
+            }
+            params.push(("deleted_only", "false".to_string()));
+            let entries = authorized_get(state, "/vault/entries", &params)
+                .await?
+                .json::<Vec<EntrySummary>>()
+                .await
+                .context("failed to decode entries list")?;
+            Ok(json!({
+                "entries": entries.into_iter().map(|entry| {
+                    json!({
+                        "id": entry.id,
+                        "folder": entry.folder,
+                        "name": entry.name,
+                        "type": entry.cipher_type
+                    })
+                }).collect::<Vec<_>>()
+            }))
+        }
+        "secrets_entry_get" => {
+            let id = arguments
+                .get("id")
+                .and_then(Value::as_str)
+                .context("id is required")?;
+            let detail = fetch_entry_detail(state, id).await?;
+            let secrets = fetch_revealed_entry_secrets(state, id).await?;
+            Ok(entry_detail_payload(&detail, Some(&secrets)))
+        }
+        "secrets_entry_add" => {
+            let folder = arguments
+                .get("folder")
+                .and_then(Value::as_str)
+                .context("folder is required")?;
+            let name = arguments
+                .get("name")
+                .and_then(Value::as_str)
+                .context("name is required")?;
+            let entry_type = arguments
+                .get("type")
+                .and_then(Value::as_str)
+                .unwrap_or("entry");
+            let metadata = arguments
+                .get("metadata")
+                .cloned()
+                .unwrap_or_else(|| json!({}));
+            let res = authorized_post(
+                state,
+                "/vault/entries",
+                &json!({
+                    "folder": folder,
+                    "name": name,
+                    "entry_type": entry_type,
+                    "metadata": metadata,
+                    "secrets": arguments.get("secrets").cloned().unwrap_or(Value::Null)
+                }),
+            )
+            .await?;
+            Ok(res
+                .json::<Value>()
+                .await
+                .context("failed to decode create result")?)
+        }
+        "secrets_entry_update" => {
+            let id = arguments
+                .get("id")
+                .and_then(Value::as_str)
+                .context("id is required")?;
+            let body = json!({
+                "folder": arguments.get("folder").cloned().unwrap_or(Value::Null),
+                "entry_type": arguments.get("type").cloned().unwrap_or(Value::Null),
+                "title": arguments.get("name").cloned().unwrap_or(Value::Null),
+                "metadata": arguments.get("metadata").cloned().unwrap_or(Value::Null)
+            });
+            let res = authorized_patch(state, &format!("/vault/entries/{id}"), &body).await?;
+            Ok(res
+                .json::<Value>()
+                .await
+                .context("failed to decode update result")?)
+        }
+        "secrets_entry_delete" => {
+            let id = arguments
+                .get("id")
+                .and_then(Value::as_str)
+                .context("id is required")?;
+            let res =
+                authorized_post(state, &format!("/vault/entries/{id}/delete"), &json!({})).await?;
+            Ok(res
+                .json::<Value>()
+                .await
+                .context("failed to decode delete result")?)
+        }
+        "secrets_entry_restore" => {
+            let id = arguments
+                .get("id")
+                .and_then(Value::as_str)
+                .context("id is required")?;
+            let res =
+                authorized_post(state, &format!("/vault/entries/{id}/restore"), &json!({})).await?;
+            Ok(res
+                .json::<Value>()
+                .await
+                .context("failed to decode restore result")?)
+        }
+        "secrets_secret_add" => {
+            let entry_id = arguments
+                .get("entry_id")
+                .and_then(Value::as_str)
+                .context("entry_id is required")?;
+            let name = arguments
+                .get("name")
+                .and_then(Value::as_str)
+                .context("name is required")?;
+            let value = arguments
+                .get("value")
+                .and_then(Value::as_str)
+                .context("value is required")?;
+            let res = authorized_post(
+                state,
+                &format!("/vault/entries/{entry_id}/secrets"),
+                &json!({
+                    "name": name,
+                    "secret_type": arguments.get("secret_type").cloned().unwrap_or(Value::Null),
+                    "value": value
+                }),
+            )
+            .await?;
+            Ok(res
+                .json::<Value>()
+                .await
+                .context("failed to decode secret create result")?)
+        }
+        "secrets_secret_update" => {
+            let id = arguments
+                .get("id")
+                .and_then(Value::as_str)
+                .context("id is required")?;
+            let res = authorized_patch(
+                state,
+                &format!("/vault/secrets/{id}"),
+                &json!({
+                    "name": arguments.get("name").cloned().unwrap_or(Value::Null),
+                    "secret_type": arguments.get("secret_type").cloned().unwrap_or(Value::Null),
+                    "value": arguments.get("value").cloned().unwrap_or(Value::Null)
+                }),
+            )
+            .await?;
+            Ok(res
+                .json::<Value>()
+                .await
+                .context("failed to decode secret update result")?)
+        }
+        "secrets_secret_delete" => {
+            let id = arguments
+                .get("id")
+                .and_then(Value::as_str)
+                .context("id is required")?;
+            let res =
+                authorized_post(state, &format!("/vault/secrets/{id}/delete"), &json!({})).await?;
+            Ok(res
+                .json::<Value>()
+                .await
+                .context("failed to decode secret delete result")?)
+        }
+        "secrets_secret_history" => {
+            let id = arguments
+                .get("id")
+                .and_then(Value::as_str)
+                .context("id is required")?;
+            let history = authorized_get(state, &format!("/vault/secrets/{id}/history"), &[])
+                .await?
+                .json::<Vec<SecretHistoryItem>>()
+                .await
+                .context("failed to decode secret history")?;
+            Ok(json!({
+                "history": history.into_iter().map(|item| {
+                    json!({
+                        "history_id": item.history_id,
+                        "secret_id": item.secret_id,
+                        "name": item.name,
+                        "type": item.secret_type,
+                        "masked_value": item.masked_value,
+                        "value": item.value,
+                        "version": item.version,
+                        "action": item.action,
+                        "created_at": item.created_at
+                    })
+                }).collect::<Vec<_>>()
+            }))
+        }
+        "secrets_secret_rollback" => {
+            let id = arguments
+                .get("id")
+                .and_then(Value::as_str)
+                .context("id is required")?;
+            let res = authorized_post(
+                state,
+                &format!("/vault/secrets/{id}/rollback"),
+                &json!({
+                    "version": arguments.get("version").cloned().unwrap_or(Value::Null),
+                    "history_id": arguments.get("history_id").cloned().unwrap_or(Value::Null)
+                }),
+            )
+            .await?;
+            Ok(res
+                .json::<Value>()
+                .await
+                .context("failed to decode secret rollback result")?)
+        }
+        "target_exec" => {
+            let input: TargetExecInput =
+                serde_json::from_value(arguments).context("invalid target_exec arguments")?;
+            let target_ref = input
+                .target_ref
+                .as_ref()
+                .context("target_ref is required")?;
+            let detail = fetch_entry_detail(state, target_ref).await?;
+            let secrets = fetch_revealed_entry_secrets(state, target_ref).await?;
+            let execution_target = build_execution_target(
+                &entry_detail_to_snapshot(&detail),
+                &revealed_secrets_to_env(&secrets),
+            )?;
+            let result =
+                execute_command(&input, &execution_target, input.timeout_secs.unwrap_or(30))
+                    .await?;
+            Ok(serde_json::to_value(result).context("failed to encode exec result")?)
+        }
+        other => Err(anyhow!("unsupported tool: {other}")),
+    }
+}
+
+pub async fn handle_mcp(State(state): State<AppState>, body: String) -> Response {
+    let request: JsonRpcRequest = match serde_json::from_str(&body) {
+        Ok(request) => request,
+        Err(err) => {
+            return json_response(
+                StatusCode::BAD_REQUEST,
+                json!({
+                    "jsonrpc": "2.0",
+                    "id": null,
+                    "error": {
+                        "code": -32600,
+                        "message": format!("invalid request: {err}")
+                    }
+                }),
+            );
+        }
+    };
+
+    match request.method.as_str() {
+        "initialize" => initialize_response(request.id),
+        "tools/list" => jsonrpc_result_response(request.id, json!({ "tools": tool_definitions() })),
+        "tools/call" => {
+            let name = request
+                .params
+                .get("name")
+                .and_then(Value::as_str)
+                .unwrap_or_default();
+            let arguments = request
+                .params
+                .get("arguments")
+                .cloned()
+                .unwrap_or_else(|| json!({}));
+            match call_tool(&state, name, arguments).await {
+                Ok(value) => tool_success_response(request.id, value),
+                Err(err) => tool_error_response(request.id, err.to_string()),
+            }
+        }
+        other => json_response(
+            StatusCode::OK,
+            json!({
+                "jsonrpc": "2.0",
+                "id": request.id,
+                "error": {
+                    "code": -32601,
+                    "message": format!("method `{other}` not supported by secrets-desktop-daemon")
+                }
+            }),
+        ),
+    }
+}
+
+pub async fn build_router() -> Result<Router> {
+    let session_base = std::env::var("SECRETS_DESKTOP_SESSION_URL")
+        .unwrap_or_else(|_| "http://127.0.0.1:9520".to_string());
+    let state = AppState {
+        session_base,
+        client: reqwest::Client::new(),
+    };
+    Ok(Router::new()
+        .route("/healthz", get(|| async { "ok" }))
+        .route("/mcp", any(handle_mcp))
+        .with_state(state))
+}

crates/desktop-daemon/src/main.rs

@@ -0,0 +1,26 @@
+use anyhow::{Context, Result};
+use tracing_subscriber::EnvFilter;
+
+#[tokio::main]
+async fn main() -> Result<()> {
+    let _ = dotenvy::dotenv();
+
+    tracing_subscriber::fmt()
+        .with_env_filter(
+            EnvFilter::try_from_default_env()
+                .unwrap_or_else(|_| "secrets_desktop_daemon=info".into()),
+        )
+        .init();
+
+    let config = secrets_desktop_daemon::config::load_config()?;
+    let app = secrets_desktop_daemon::build_router().await?;
+    let listener = tokio::net::TcpListener::bind(&config.bind)
+        .await
+        .with_context(|| format!("failed to bind {}", config.bind))?;
+
+    tracing::info!(bind = %config.bind, "secrets-desktop-daemon listening");
+    axum::serve(listener, app)
+        .await
+        .context("daemon server error")?;
+    Ok(())
+}

crates/desktop-daemon/src/target.rs

@@ -0,0 +1,332 @@
+use std::collections::{BTreeMap, HashMap};
+
+use anyhow::{Result, anyhow};
+use serde::{Deserialize, Serialize};
+use serde_json::{Map, Value};
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct SecretFieldRef {
+    pub name: String,
+    #[serde(rename = "type")]
+    pub secret_type: Option<String>,
+}
+
+#[derive(Clone, Debug, Deserialize, Serialize)]
+pub struct TargetSnapshot {
+    pub id: String,
+    pub folder: String,
+    pub name: String,
+    #[serde(rename = "type")]
+    pub entry_type: Option<String>,
+    #[serde(default)]
+    pub metadata: Map<String, Value>,
+    #[serde(default)]
+    pub secret_fields: Vec<SecretFieldRef>,
+}
+
+#[derive(Clone, Debug, Serialize)]
+pub struct ResolvedTarget {
+    pub id: String,
+    pub folder: String,
+    pub name: String,
+    #[serde(rename = "type")]
+    pub entry_type: Option<String>,
+}
+
+#[derive(Clone, Debug)]
+pub struct ExecutionTarget {
+    pub resolved: ResolvedTarget,
+    pub env: BTreeMap<String, String>,
+}
+
+impl ExecutionTarget {
+    pub fn resolved_env_keys(&self) -> Vec<String> {
+        self.env.keys().cloned().collect()
+    }
+}
+
+fn stringify_value(value: &Value) -> Option<String> {
+    match value {
+        Value::Null => None,
+        Value::String(s) => Some(s.clone()),
+        Value::Bool(v) => Some(v.to_string()),
+        Value::Number(v) => Some(v.to_string()),
+        other => serde_json::to_string(other).ok(),
+    }
+}
+
+fn sanitize_env_key(key: &str) -> String {
+    let mut out = String::with_capacity(key.len());
+    for ch in key.chars() {
+        if ch.is_ascii_alphanumeric() {
+            out.push(ch.to_ascii_uppercase());
+        } else {
+            out.push('_');
+        }
+    }
+    while out.contains("__") {
+        out = out.replace("__", "_");
+    }
+    out.trim_matches('_').to_string()
+}
+
+fn set_if_missing(env: &mut BTreeMap<String, String>, key: &str, value: Option<String>) {
+    if let Some(value) = value.filter(|v| !v.is_empty()) {
+        env.entry(key.to_string()).or_insert(value);
+    }
+}
+
+fn metadata_alias(metadata: &Map<String, Value>, keys: &[&str]) -> Option<String> {
+    keys.iter()
+        .find_map(|key| metadata.get(*key))
+        .and_then(stringify_value)
+}
+
+fn secret_alias(
+    secrets: &HashMap<String, Value>,
+    secret_types: &HashMap<&str, Option<&str>>,
+    name_match: impl Fn(&str) -> bool,
+    type_match: impl Fn(Option<&str>) -> bool,
+) -> Option<String> {
+    secrets.iter().find_map(|(name, value)| {
+        let normalized = sanitize_env_key(name);
+        let ty = secret_types.get(name.as_str()).copied().flatten();
+        if name_match(&normalized) || type_match(ty) {
+            stringify_value(value)
+        } else {
+            None
+        }
+    })
+}
+
+pub fn build_execution_target(
+    snapshot: &TargetSnapshot,
+    secrets: &HashMap<String, Value>,
+) -> Result<ExecutionTarget> {
+    if snapshot.id.trim().is_empty() {
+        return Err(anyhow!("target snapshot missing id"));
+    }
+
+    let mut env = BTreeMap::new();
+    env.insert("TARGET_ENTRY_ID".to_string(), snapshot.id.clone());
+    env.insert("TARGET_NAME".to_string(), snapshot.name.clone());
+    env.insert("TARGET_FOLDER".to_string(), snapshot.folder.clone());
+    if let Some(entry_type) = snapshot.entry_type.as_ref().filter(|v| !v.is_empty()) {
+        env.insert("TARGET_TYPE".to_string(), entry_type.clone());
+    }
+
+    for (key, value) in &snapshot.metadata {
+        if let Some(value) = stringify_value(value) {
+            let name = sanitize_env_key(key);
+            if !name.is_empty() {
+                env.insert(format!("TARGET_META_{name}"), value);
+            }
+        }
+    }
+
+    let secret_type_map: HashMap<&str, Option<&str>> = snapshot
+        .secret_fields
+        .iter()
+        .map(|field| (field.name.as_str(), field.secret_type.as_deref()))
+        .collect();
+
+    for (key, value) in secrets {
+        if let Some(value) = stringify_value(value) {
+            let name = sanitize_env_key(key);
+            if !name.is_empty() {
+                env.insert(format!("TARGET_SECRET_{name}"), value);
+            }
+        }
+    }
+
+    set_if_missing(
+        &mut env,
+        "TARGET_HOST",
+        metadata_alias(
+            &snapshot.metadata,
+            &["public_ip", "ipv4", "private_ip", "host", "hostname"],
+        ),
+    );
+    set_if_missing(
+        &mut env,
+        "TARGET_PORT",
+        metadata_alias(&snapshot.metadata, &["ssh_port", "port"]),
+    );
+    set_if_missing(
+        &mut env,
+        "TARGET_USER",
+        metadata_alias(&snapshot.metadata, &["username", "ssh_user", "user"]),
+    );
+    set_if_missing(
+        &mut env,
+        "TARGET_BASE_URL",
+        metadata_alias(&snapshot.metadata, &["base_url", "url", "endpoint"]),
+    );
+    set_if_missing(
+        &mut env,
+        "TARGET_API_KEY",
+        secret_alias(
+            secrets,
+            &secret_type_map,
+            |name| matches!(name, "API_KEY" | "APIKEY" | "ACCESS_KEY" | "ACCESS_KEY_ID"),
+            |_| false,
+        ),
+    );
+    set_if_missing(
+        &mut env,
+        "TARGET_TOKEN",
+        secret_alias(
+            secrets,
+            &secret_type_map,
+            |name| name.contains("TOKEN"),
+            |_| false,
+        ),
+    );
+    set_if_missing(
+        &mut env,
+        "TARGET_SSH_KEY",
+        secret_alias(
+            secrets,
+            &secret_type_map,
+            |name| name.contains("SSH") || name.ends_with("PEM"),
+            |ty| ty.is_some_and(|v| v.eq_ignore_ascii_case("ssh-key")),
+        ),
+    );
+
+    Ok(ExecutionTarget {
+        resolved: ResolvedTarget {
+            id: snapshot.id.clone(),
+            folder: snapshot.folder.clone(),
+            name: snapshot.name.clone(),
+            entry_type: snapshot.entry_type.clone(),
+        },
+        env,
+    })
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    fn build_snapshot() -> TargetSnapshot {
+        let mut metadata = Map::new();
+        metadata.insert(
+            "host".to_string(),
+            Value::String("git.example.com".to_string()),
+        );
+        metadata.insert("port".to_string(), Value::String("22".to_string()));
+        metadata.insert("username".to_string(), Value::String("deploy".to_string()));
+        metadata.insert(
+            "base_url".to_string(),
+            Value::String("https://api.example.com".to_string()),
+        );
+        TargetSnapshot {
+            id: "entry-1".to_string(),
+            folder: "infra".to_string(),
+            name: "production".to_string(),
+            entry_type: Some("ssh_key".to_string()),
+            metadata,
+            secret_fields: vec![
+                SecretFieldRef {
+                    name: "api_key".to_string(),
+                    secret_type: Some("text".to_string()),
+                },
+                SecretFieldRef {
+                    name: "token".to_string(),
+                    secret_type: Some("text".to_string()),
+                },
+                SecretFieldRef {
+                    name: "ssh_key".to_string(),
+                    secret_type: Some("ssh-key".to_string()),
+                },
+            ],
+        }
+    }
+
+    #[test]
+    fn derives_standard_target_env_keys() {
+        let snapshot = build_snapshot();
+        let secrets = HashMap::from([
+            ("api_key".to_string(), Value::String("ak-123".to_string())),
+            ("token".to_string(), Value::String("tok-456".to_string())),
+            (
+                "ssh_key".to_string(),
+                Value::String("-----BEGIN KEY-----".to_string()),
+            ),
+        ]);
+
+        let target = build_execution_target(&snapshot, &secrets).expect("build execution target");
+
+        assert_eq!(
+            target.env.get("TARGET_ENTRY_ID").map(String::as_str),
+            Some("entry-1")
+        );
+        assert_eq!(
+            target.env.get("TARGET_NAME").map(String::as_str),
+            Some("production")
+        );
+        assert_eq!(
+            target.env.get("TARGET_FOLDER").map(String::as_str),
+            Some("infra")
+        );
+        assert_eq!(
+            target.env.get("TARGET_TYPE").map(String::as_str),
+            Some("ssh_key")
+        );
+        assert_eq!(
+            target.env.get("TARGET_HOST").map(String::as_str),
+            Some("git.example.com")
+        );
+        assert_eq!(
+            target.env.get("TARGET_PORT").map(String::as_str),
+            Some("22")
+        );
+        assert_eq!(
+            target.env.get("TARGET_USER").map(String::as_str),
+            Some("deploy")
+        );
+        assert_eq!(
+            target.env.get("TARGET_BASE_URL").map(String::as_str),
+            Some("https://api.example.com")
+        );
+        assert_eq!(
+            target.env.get("TARGET_API_KEY").map(String::as_str),
+            Some("ak-123")
+        );
+        assert_eq!(
+            target.env.get("TARGET_TOKEN").map(String::as_str),
+            Some("tok-456")
+        );
+        assert_eq!(
+            target.env.get("TARGET_SSH_KEY").map(String::as_str),
+            Some("-----BEGIN KEY-----")
+        );
+    }
+
+    #[test]
+    fn exports_sanitized_meta_and_secret_keys() {
+        let mut snapshot = build_snapshot();
+        snapshot.metadata.insert(
+            "private-ip".to_string(),
+            Value::String("10.0.0.8".to_string()),
+        );
+        let secrets = HashMap::from([(
+            "access key id".to_string(),
+            Value::String("access-1".to_string()),
+        )]);
+
+        let target = build_execution_target(&snapshot, &secrets).expect("build execution target");
+
+        assert_eq!(
+            target.env.get("TARGET_META_PRIVATE_IP").map(String::as_str),
+            Some("10.0.0.8")
+        );
+        assert_eq!(
+            target
+                .env
+                .get("TARGET_SECRET_ACCESS_KEY_ID")
+                .map(String::as_str),
+            Some("access-1")
+        );
+    }
+}

crates/desktop-daemon/src/vault_client.rs

@@ -0,0 +1,168 @@
+use std::collections::HashMap;
+
+use anyhow::{Context, Result};
+use serde::Deserialize;
+use serde_json::{Value, json};
+
+use crate::AppState;
+
+#[derive(Debug, Deserialize)]
+pub struct EntrySummary {
+    pub id: String,
+    pub folder: String,
+    #[serde(rename = "title")]
+    pub name: String,
+    #[serde(rename = "subtitle")]
+    pub cipher_type: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct EntryDetail {
+    pub id: String,
+    #[serde(rename = "title")]
+    pub name: String,
+    pub folder: String,
+    #[serde(rename = "entry_type")]
+    pub cipher_type: String,
+    pub metadata: Vec<DetailField>,
+    pub secrets: Vec<SecretField>,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct DetailField {
+    pub label: String,
+    pub value: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct SecretField {
+    pub id: String,
+    pub name: String,
+    pub secret_type: String,
+    pub masked_value: String,
+    pub version: i64,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct SecretValueField {
+    pub id: String,
+    pub name: String,
+    pub value: String,
+}
+
+#[derive(Debug, Deserialize)]
+pub struct SecretHistoryItem {
+    pub history_id: i64,
+    pub secret_id: String,
+    pub name: String,
+    pub secret_type: String,
+    pub masked_value: String,
+    pub value: String,
+    pub version: i64,
+    pub action: String,
+    pub created_at: String,
+}
+
+pub async fn authorized_get(
+    state: &AppState,
+    path: &str,
+    query: &[(&str, String)],
+) -> Result<reqwest::Response> {
+    state
+        .client
+        .get(format!("{}{}", state.session_base, path))
+        .query(query)
+        .send()
+        .await
+        .with_context(|| format!("desktop local vault unavailable: {path}"))?
+        .error_for_status()
+        .with_context(|| format!("desktop local vault requires sign-in and unlock: {path}"))
+}
+
+pub async fn authorized_patch(
+    state: &AppState,
+    path: &str,
+    body: &Value,
+) -> Result<reqwest::Response> {
+    state
+        .client
+        .patch(format!("{}{}", state.session_base, path))
+        .json(body)
+        .send()
+        .await
+        .with_context(|| format!("desktop local vault unavailable: {path}"))?
+        .error_for_status()
+        .with_context(|| format!("desktop local vault requires sign-in and unlock: {path}"))
+}
+
+pub async fn authorized_post(
+    state: &AppState,
+    path: &str,
+    body: &Value,
+) -> Result<reqwest::Response> {
+    state
+        .client
+        .post(format!("{}{}", state.session_base, path))
+        .json(body)
+        .send()
+        .await
+        .with_context(|| format!("desktop local vault unavailable: {path}"))?
+        .error_for_status()
+        .with_context(|| format!("desktop local vault requires sign-in and unlock: {path}"))
+}
+
+pub async fn fetch_entry_detail(state: &AppState, entry_id: &str) -> Result<EntryDetail> {
+    authorized_get(state, &format!("/vault/entries/{entry_id}"), &[])
+        .await?
+        .json::<EntryDetail>()
+        .await
+        .context("failed to decode entry detail")
+}
+
+pub async fn fetch_revealed_entry_secrets(
+    state: &AppState,
+    entry_id: &str,
+) -> Result<Vec<SecretValueField>> {
+    let detail = fetch_entry_detail(state, entry_id).await?;
+    let mut secrets = Vec::new();
+    for secret in detail.secrets {
+        let item = authorized_get(state, &format!("/vault/secrets/{}/value", secret.id), &[])
+            .await?
+            .json::<SecretValueField>()
+            .await
+            .context("failed to decode revealed secret value")?;
+        secrets.push(item);
+    }
+    Ok(secrets)
+}
+
+pub fn entry_detail_payload(detail: &EntryDetail, revealed: Option<&[SecretValueField]>) -> Value {
+    let revealed_by_id: HashMap<&str, &SecretValueField> = revealed
+        .unwrap_or(&[])
+        .iter()
+        .map(|secret| (secret.id.as_str(), secret))
+        .collect();
+    json!({
+        "id": detail.id,
+        "folder": detail.folder,
+        "name": detail.name,
+        "type": detail.cipher_type,
+        "metadata": detail.metadata.iter().map(|field| {
+            json!({
+                "label": field.label,
+                "value": field.value
+            })
+        }).collect::<Vec<_>>(),
+        "secrets": detail.secrets.iter().map(|secret| {
+            let revealed = revealed_by_id.get(secret.id.as_str());
+            json!({
+                "id": secret.id,
+                "name": secret.name,
+                "type": secret.secret_type,
+                "masked_value": secret.masked_value,
+                "value": revealed.map(|item| item.value.clone()),
+                "version": secret.version
+            })
+        }).collect::<Vec<_>>()
+    })
+}

crates/device-auth/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "secrets-device-auth"
+version = "0.1.0"
+edition.workspace = true
+
+[lib]
+name = "secrets_device_auth"
+path = "src/lib.rs"
+
+[dependencies]
+anyhow.workspace = true
+hex.workspace = true
+rand.workspace = true
+sha2.workspace = true
+url.workspace = true
+uuid.workspace = true

crates/device-auth/src/lib.rs

@@ -0,0 +1,27 @@
+use anyhow::{Context, Result};
+use rand::{Rng, RngExt};
+use sha2::{Digest, Sha256};
+use url::Url;
+
+pub fn loopback_redirect_uri(port: u16) -> Result<Url> {
+    Url::parse(&format!("http://127.0.0.1:{port}/oauth/callback"))
+        .context("failed to build loopback redirect URI")
+}
+
+pub fn new_device_fingerprint() -> String {
+    let mut bytes = [0_u8; 16];
+    rand::rng().fill(&mut bytes);
+    hex::encode(bytes)
+}
+
+pub fn new_device_login_token() -> String {
+    let mut bytes = [0_u8; 32];
+    rand::rng().fill_bytes(&mut bytes);
+    hex::encode(bytes)
+}
+
+pub fn hash_device_login_token(token: &str) -> String {
+    let mut hasher = Sha256::new();
+    hasher.update(token.as_bytes());
+    hex::encode(hasher.finalize())
+}

crates/domain/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+name = "secrets-domain"
+version = "0.1.0"
+edition.workspace = true
+
+[lib]
+name = "secrets_domain"
+path = "src/lib.rs"
+
+[dependencies]
+argon2 = "0.5.3"
+chrono.workspace = true
+serde.workspace = true
+serde_json.workspace = true
+thiserror.workspace = true
+uuid.workspace = true

crates/domain/src/auth.rs

@@ -0,0 +1,68 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use serde_json::Value;
+use uuid::Uuid;
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct User {
+    pub id: Uuid,
+    pub email: Option<String>,
+    pub name: String,
+    pub avatar_url: Option<String>,
+    pub key_salt: Option<Vec<u8>>,
+    pub key_check: Option<Vec<u8>>,
+    pub key_params: Option<Value>,
+    pub key_version: i64,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct Device {
+    pub id: Uuid,
+    pub user_id: Uuid,
+    pub display_name: String,
+    pub platform: String,
+    pub client_version: String,
+    pub device_fingerprint: String,
+    pub created_at: DateTime<Utc>,
+    pub last_seen_at: DateTime<Utc>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct DeviceLoginToken {
+    pub id: Uuid,
+    pub device_id: Uuid,
+    pub token_hash: String,
+    pub created_at: DateTime<Utc>,
+    pub last_seen_at: DateTime<Utc>,
+}
+
+#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+pub enum LoginMethod {
+    GoogleOauth,
+    DeviceToken,
+}
+
+#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+pub enum LoginResult {
+    Success,
+    Failed,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize)]
+pub struct ClientLoginEvent {
+    pub id: i64,
+    pub user_id: Uuid,
+    pub device_id: Uuid,
+    pub device_name: String,
+    pub platform: String,
+    pub client_version: String,
+    pub ip_addr: Option<String>,
+    pub forwarded_ip: Option<String>,
+    pub login_method: LoginMethod,
+    pub login_result: LoginResult,
+    pub created_at: DateTime<Utc>,
+}

crates/domain/src/cipher.rs

@@ -0,0 +1,138 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use serde_json::Value;
+use uuid::Uuid;
+
+#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+pub enum CipherType {
+    Login,
+    ApiKey,
+    SecureNote,
+    SshKey,
+    Identity,
+    Card,
+}
+
+impl CipherType {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            Self::Login => "login",
+            Self::ApiKey => "api_key",
+            Self::SecureNote => "secure_note",
+            Self::SshKey => "ssh_key",
+            Self::Identity => "identity",
+            Self::Card => "card",
+        }
+    }
+
+    pub fn parse(input: &str) -> Self {
+        match input {
+            "login" => Self::Login,
+            "api_key" => Self::ApiKey,
+            "secure_note" => Self::SecureNote,
+            "ssh_key" => Self::SshKey,
+            "identity" => Self::Identity,
+            "card" => Self::Card,
+            _ => Self::SecureNote,
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct CustomField {
+    pub name: String,
+    pub value: Value,
+    #[serde(default)]
+    pub sensitive: bool,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+pub struct LoginPayload {
+    #[serde(default)]
+    pub username: Option<String>,
+    #[serde(default)]
+    pub uris: Vec<String>,
+    #[serde(default)]
+    pub password: Option<String>,
+    #[serde(default)]
+    pub totp: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+pub struct ApiKeyPayload {
+    #[serde(default)]
+    pub client_id: Option<String>,
+    #[serde(default)]
+    pub secret: Option<String>,
+    #[serde(default)]
+    pub base_url: Option<String>,
+    #[serde(default)]
+    pub host: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+pub struct SecureNotePayload {
+    #[serde(default)]
+    pub text: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq, Default)]
+pub struct SshKeyPayload {
+    #[serde(default)]
+    pub username: Option<String>,
+    #[serde(default)]
+    pub host: Option<String>,
+    #[serde(default)]
+    pub port: Option<u16>,
+    #[serde(default)]
+    pub private_key: Option<String>,
+    #[serde(default)]
+    pub passphrase: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+#[serde(tag = "kind", rename_all = "snake_case")]
+pub enum ItemPayload {
+    Login(LoginPayload),
+    ApiKey(ApiKeyPayload),
+    SecureNote(SecureNotePayload),
+    SshKey(SshKeyPayload),
+}
+
+impl Default for ItemPayload {
+    fn default() -> Self {
+        Self::SecureNote(SecureNotePayload::default())
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq)]
+pub struct CipherView {
+    pub id: Uuid,
+    pub cipher_type: CipherType,
+    pub name: String,
+    pub folder: String,
+    #[serde(default)]
+    pub notes: Option<String>,
+    #[serde(default)]
+    pub custom_fields: Vec<CustomField>,
+    #[serde(default)]
+    pub deleted_at: Option<DateTime<Utc>>,
+    pub revision_date: DateTime<Utc>,
+    pub payload: ItemPayload,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct Cipher {
+    pub id: Uuid,
+    pub user_id: Uuid,
+    pub object_kind: String,
+    pub cipher_type: CipherType,
+    pub revision: i64,
+    pub cipher_version: i32,
+    pub ciphertext: Vec<u8>,
+    pub content_hash: String,
+    pub deleted_at: Option<DateTime<Utc>>,
+    pub created_at: DateTime<Utc>,
+    pub updated_at: DateTime<Utc>,
+}

crates/domain/src/error.rs

@@ -0,0 +1,15 @@
+use thiserror::Error;
+
+#[derive(Debug, Error)]
+pub enum DomainError {
+    #[error("resource not found")]
+    NotFound,
+    #[error("resource already exists")]
+    Conflict,
+    #[error("validation failed: {0}")]
+    Validation(String),
+    #[error("authentication failed")]
+    AuthenticationFailed,
+    #[error("decryption failed")]
+    DecryptionFailed,
+}

crates/domain/src/kdf.rs

@@ -0,0 +1,37 @@
+use argon2::{Algorithm, Argon2, Params, Version};
+use serde::{Deserialize, Serialize};
+
+use crate::DomainError;
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+pub enum KdfType {
+    Argon2id,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct KdfConfig {
+    pub kdf_type: KdfType,
+    pub memory_kib: u32,
+    pub iterations: u32,
+    pub parallelism: u32,
+}
+
+impl Default for KdfConfig {
+    fn default() -> Self {
+        Self {
+            kdf_type: KdfType::Argon2id,
+            memory_kib: 64 * 1024,
+            iterations: 3,
+            parallelism: 4,
+        }
+    }
+}
+
+impl KdfConfig {
+    pub fn build_argon2(&self) -> Result<Argon2<'static>, DomainError> {
+        let params = Params::new(self.memory_kib, self.iterations, self.parallelism, Some(32))
+            .map_err(|err| DomainError::Validation(err.to_string()))?;
+        Ok(Argon2::new(Algorithm::Argon2id, Version::V0x13, params))
+    }
+}

crates/domain/src/lib.rs

@@ -0,0 +1,19 @@
+pub mod auth;
+pub mod cipher;
+pub mod error;
+pub mod kdf;
+pub mod sync;
+pub mod vault_object;
+
+pub use auth::{ClientLoginEvent, Device, DeviceLoginToken, LoginMethod, LoginResult, User};
+pub use cipher::{
+    ApiKeyPayload, Cipher, CipherType, CipherView, CustomField, ItemPayload, LoginPayload,
+    SecureNotePayload, SshKeyPayload,
+};
+pub use error::DomainError;
+pub use kdf::{KdfConfig, KdfType};
+pub use sync::{
+    SyncAcceptedChange, SyncConflict, SyncPullRequest, SyncPullResponse, SyncPushRequest,
+    SyncPushResponse,
+};
+pub use vault_object::{VaultObjectChange, VaultObjectEnvelope, VaultObjectKind, VaultTombstone};

crates/domain/src/sync.rs

@@ -0,0 +1,47 @@
+use serde::{Deserialize, Serialize};
+
+use crate::vault_object::{VaultObjectChange, VaultObjectEnvelope, VaultTombstone};
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct SyncPullRequest {
+    pub cursor: Option<i64>,
+    pub limit: Option<i64>,
+    #[serde(default)]
+    pub include_deleted: bool,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct SyncPullResponse {
+    pub server_revision: i64,
+    pub next_cursor: i64,
+    pub has_more: bool,
+    pub objects: Vec<VaultObjectEnvelope>,
+    pub tombstones: Vec<VaultTombstone>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct SyncPushRequest {
+    pub changes: Vec<VaultObjectChange>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct SyncAcceptedChange {
+    pub change_id: uuid::Uuid,
+    pub object_id: uuid::Uuid,
+    pub revision: i64,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct SyncConflict {
+    pub change_id: uuid::Uuid,
+    pub object_id: uuid::Uuid,
+    pub reason: String,
+    pub server_object: Option<VaultObjectEnvelope>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct SyncPushResponse {
+    pub server_revision: i64,
+    pub accepted: Vec<SyncAcceptedChange>,
+    pub conflicts: Vec<SyncConflict>,
+}

crates/domain/src/vault_object.rs

@@ -0,0 +1,48 @@
+use chrono::{DateTime, Utc};
+use serde::{Deserialize, Serialize};
+use uuid::Uuid;
+
+#[derive(Debug, Clone, Copy, Serialize, Deserialize, PartialEq, Eq)]
+#[serde(rename_all = "snake_case")]
+pub enum VaultObjectKind {
+    Cipher,
+}
+
+impl VaultObjectKind {
+    pub fn as_str(&self) -> &'static str {
+        match self {
+            Self::Cipher => "cipher",
+        }
+    }
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct VaultObjectEnvelope {
+    pub object_id: Uuid,
+    pub object_kind: VaultObjectKind,
+    pub revision: i64,
+    pub cipher_version: i32,
+    pub ciphertext: Vec<u8>,
+    pub content_hash: String,
+    pub deleted_at: Option<DateTime<Utc>>,
+    pub updated_at: DateTime<Utc>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct VaultObjectChange {
+    pub change_id: Uuid,
+    pub object_id: Uuid,
+    pub object_kind: VaultObjectKind,
+    pub operation: String,
+    pub base_revision: Option<i64>,
+    pub cipher_version: Option<i32>,
+    pub ciphertext: Option<Vec<u8>>,
+    pub content_hash: Option<String>,
+}
+
+#[derive(Debug, Clone, Serialize, Deserialize, PartialEq, Eq)]
+pub struct VaultTombstone {
+    pub object_id: Uuid,
+    pub revision: i64,
+    pub deleted_at: DateTime<Utc>,
+}

crates/infrastructure-db/Cargo.toml

@@ -0,0 +1,15 @@
+[package]
+name = "secrets-infrastructure-db"
+version = "0.1.0"
+edition.workspace = true
+
+[lib]
+name = "secrets_infrastructure_db"
+path = "src/lib.rs"
+
+[dependencies]
+anyhow.workspace = true
+dotenvy.workspace = true
+sqlx.workspace = true
+tracing.workspace = true
+uuid.workspace = true

crates/infrastructure-db/src/lib.rs

@@ -0,0 +1,29 @@
+mod migrate;
+
+use anyhow::{Context, Result};
+use sqlx::PgPool;
+use sqlx::postgres::{PgConnectOptions, PgPoolOptions};
+use std::str::FromStr;
+
+pub use migrate::migrate_current_schema;
+
+pub fn load_database_url() -> Result<String> {
+    std::env::var("SECRETS_DATABASE_URL")
+        .context("SECRETS_DATABASE_URL is required for current services")
+}
+
+pub async fn create_pool(database_url: &str) -> Result<PgPool> {
+    let options =
+        PgConnectOptions::from_str(database_url).context("failed to parse SECRETS_DATABASE_URL")?;
+    let pool = PgPoolOptions::new()
+        .max_connections(
+            std::env::var("SECRETS_DATABASE_POOL_SIZE")
+                .ok()
+                .and_then(|v| v.parse::<u32>().ok())
+                .unwrap_or(10),
+        )
+        .connect_with(options)
+        .await
+        .context("failed to connect to PostgreSQL")?;
+    Ok(pool)
+}

crates/infrastructure-db/src/migrate.rs

@@ -0,0 +1,130 @@
+use anyhow::Result;
+use sqlx::PgPool;
+
+pub async fn migrate_current_schema(pool: &PgPool) -> Result<()> {
+    sqlx::raw_sql(
+        r#"
+        CREATE TABLE IF NOT EXISTS users (
+            id          UUID PRIMARY KEY DEFAULT uuidv7(),
+            email       VARCHAR(256),
+            name        VARCHAR(256) NOT NULL DEFAULT '',
+            avatar_url  TEXT,
+            key_salt    BYTEA,
+            key_check   BYTEA,
+            key_params  JSONB,
+            key_version BIGINT NOT NULL DEFAULT 0,
+            created_at  TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+            updated_at  TIMESTAMPTZ NOT NULL DEFAULT NOW()
+        );
+
+        CREATE TABLE IF NOT EXISTS oauth_accounts (
+            id           UUID PRIMARY KEY DEFAULT uuidv7(),
+            user_id      UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+            provider     VARCHAR(32) NOT NULL,
+            provider_id  VARCHAR(256) NOT NULL,
+            email        VARCHAR(256),
+            name         VARCHAR(256),
+            avatar_url   TEXT,
+            created_at   TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+            UNIQUE(provider, provider_id),
+            UNIQUE(user_id, provider)
+        );
+
+        CREATE TABLE IF NOT EXISTS devices (
+            id                 UUID PRIMARY KEY DEFAULT uuidv7(),
+            user_id            UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+            display_name       VARCHAR(256) NOT NULL,
+            platform           VARCHAR(64) NOT NULL,
+            client_version     VARCHAR(64) NOT NULL,
+            device_fingerprint TEXT NOT NULL,
+            created_at         TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+            last_seen_at       TIMESTAMPTZ NOT NULL DEFAULT NOW()
+        );
+        CREATE INDEX IF NOT EXISTS idx_devices_user_id ON devices(user_id);
+
+        CREATE TABLE IF NOT EXISTS device_login_tokens (
+            id           UUID PRIMARY KEY DEFAULT uuidv7(),
+            device_id    UUID NOT NULL REFERENCES devices(id) ON DELETE CASCADE,
+            token_hash   TEXT NOT NULL UNIQUE,
+            created_at   TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+            last_seen_at TIMESTAMPTZ NOT NULL DEFAULT NOW()
+        );
+        CREATE INDEX IF NOT EXISTS idx_device_login_tokens_device_id ON device_login_tokens(device_id);
+
+        CREATE TABLE IF NOT EXISTS auth_events (
+            id             BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY,
+            user_id        UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+            device_id      UUID NOT NULL REFERENCES devices(id) ON DELETE CASCADE,
+            device_name    VARCHAR(256) NOT NULL,
+            platform       VARCHAR(64) NOT NULL,
+            client_version VARCHAR(64) NOT NULL,
+            ip_addr        TEXT,
+            forwarded_ip   TEXT,
+            login_method   VARCHAR(32) NOT NULL,
+            login_result   VARCHAR(32) NOT NULL,
+            created_at     TIMESTAMPTZ NOT NULL DEFAULT NOW()
+        );
+        CREATE INDEX IF NOT EXISTS idx_auth_events_user_id_created_at
+            ON auth_events(user_id, created_at DESC);
+        CREATE INDEX IF NOT EXISTS idx_auth_events_device_id_created_at
+            ON auth_events(device_id, created_at DESC);
+
+        CREATE TABLE IF NOT EXISTS desktop_login_sessions (
+            session_id          TEXT PRIMARY KEY,
+            oauth_state         TEXT NOT NULL UNIQUE,
+            pkce_verifier       TEXT NOT NULL,
+            device_name         VARCHAR(256) NOT NULL,
+            platform            VARCHAR(64) NOT NULL,
+            client_version      VARCHAR(64) NOT NULL,
+            device_fingerprint  TEXT NOT NULL,
+            status              VARCHAR(32) NOT NULL DEFAULT 'pending',
+            error_message       TEXT,
+            user_id             UUID REFERENCES users(id) ON DELETE SET NULL,
+            device_id           UUID REFERENCES devices(id) ON DELETE SET NULL,
+            device_token        TEXT,
+            device_token_hash   TEXT,
+            expires_at          TIMESTAMPTZ NOT NULL,
+            consumed_at         TIMESTAMPTZ,
+            created_at          TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+            updated_at          TIMESTAMPTZ NOT NULL DEFAULT NOW()
+        );
+        CREATE INDEX IF NOT EXISTS idx_desktop_login_sessions_status_expires
+            ON desktop_login_sessions(status, expires_at);
+
+        CREATE TABLE IF NOT EXISTS vault_objects (
+            object_id         UUID PRIMARY KEY,
+            user_id           UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+            object_kind       VARCHAR(32) NOT NULL,
+            revision          BIGINT NOT NULL,
+            cipher_version    INTEGER NOT NULL DEFAULT 1,
+            ciphertext        BYTEA NOT NULL DEFAULT '\x',
+            content_hash      TEXT NOT NULL DEFAULT '',
+            deleted_at        TIMESTAMPTZ,
+            updated_at        TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+            created_by_device UUID REFERENCES devices(id) ON DELETE SET NULL
+        );
+        CREATE INDEX IF NOT EXISTS idx_vault_objects_user_revision
+            ON vault_objects(user_id, revision ASC);
+        CREATE INDEX IF NOT EXISTS idx_vault_objects_user_deleted
+            ON vault_objects(user_id, deleted_at);
+
+        CREATE TABLE IF NOT EXISTS vault_object_revisions (
+            object_id      UUID NOT NULL,
+            user_id        UUID NOT NULL REFERENCES users(id) ON DELETE CASCADE,
+            revision       BIGINT NOT NULL,
+            cipher_version INTEGER NOT NULL DEFAULT 1,
+            ciphertext     BYTEA NOT NULL DEFAULT '\x',
+            content_hash   TEXT NOT NULL DEFAULT '',
+            deleted_at     TIMESTAMPTZ,
+            created_at     TIMESTAMPTZ NOT NULL DEFAULT NOW(),
+            PRIMARY KEY (object_id, revision)
+        );
+        CREATE INDEX IF NOT EXISTS idx_vault_object_revisions_user_revision
+            ON vault_object_revisions(user_id, revision ASC);
+        "#,
+    )
+    .execute(pool)
+    .await?;
+
+    Ok(())
+}

deploy/.env.example

@@ -0,0 +1,57 @@
+# Secrets v3 环境变量配置
+# 复制此文件为 .env 并填写真实值
+
+# ─── 数据库 ───────────────────────────────────────────────────────────
+# v3 API 与桌面端都复用这套数据库
+SECRETS_DATABASE_URL=postgres://postgres:PASSWORD@db.refining.ltd:5432/secrets-v3
+# 强烈建议生产使用 verify-full（至少 verify-ca）
+SECRETS_DATABASE_SSL_MODE=verify-full
+# 私有 CA 或自建链路时填写 CA 根证书路径；使用公共受信 CA 可留空
+# SECRETS_DATABASE_SSL_ROOT_CERT=/etc/secrets/pg-ca.crt
+# 当设为 prod/production 时，服务会拒绝弱 TLS 模式（prefer/disable/allow/require）
+SECRETS_ENV=production
+
+# ─── 服务地址 ─────────────────────────────────────────────────────────
+SECRETS_API_BIND=127.0.0.1:9415
+SECRETS_DAEMON_BIND=127.0.0.1:9515
+SECRETS_API_BASE=http://127.0.0.1:9415
+SECRETS_DAEMON_URL=http://127.0.0.1:9515/mcp
+
+# ─── Google OAuth（服务端托管）──────────────────────────────────────────
+# 官网 DMG 正式分发时，Google OAuth 凭据只配置在 API 服务端
+SECRETS_PUBLIC_BASE_URL=http://127.0.0.1:9415
+GOOGLE_OAUTH_CLIENT_ID=your-google-oauth-client-id.apps.googleusercontent.com
+GOOGLE_OAUTH_CLIENT_SECRET=your-google-oauth-client-secret
+GOOGLE_OAUTH_REDIRECT_URI=http://127.0.0.1:9415/auth/google/callback
+# 可选：如不配置则使用 Google 默认公开端点
+# GOOGLE_OAUTH_AUTH_URI=https://accounts.google.com/o/oauth2/v2/auth
+# GOOGLE_OAUTH_TOKEN_URI=https://oauth2.googleapis.com/token
+# 若仍无法换 token（仅提供端口代理、无系统代理）：可取消注释并改为本机代理地址
+# HTTPS_PROXY=http://127.0.0.1:7890
+# NO_PROXY=localhost,127.0.0.1
+
+# ─── 日志（可选）──────────────────────────────────────────────────────
+# RUST_LOG=secrets_api=debug,secrets_desktop_daemon=debug
+
+# ─── 数据库连接池（可选）──────────────────────────────────────────────
+# 最大连接数，默认 10
+# SECRETS_DATABASE_POOL_SIZE=10
+# 获取连接超时秒数，默认 5
+# SECRETS_DATABASE_ACQUIRE_TIMEOUT=5
+
+# ─── 限流（可选）──────────────────────────────────────────────────────
+# 全局限流速率（req/s），默认 100
+# RATE_LIMIT_GLOBAL_PER_SECOND=100
+# 全局限流突发量，默认 200
+# RATE_LIMIT_GLOBAL_BURST=200
+# 单 IP 限流速率（req/s），默认 20
+# RATE_LIMIT_IP_PER_SECOND=20
+# 单 IP 限流突发量，默认 40
+# RATE_LIMIT_IP_BURST=40
+
+# ─── 代理信任（可选）─────────────────────────────────────────────────
+# 设为 1/true/yes 时从 X-Forwarded-For / X-Real-IP 提取客户端 IP
+# 仅在反代环境下启用，否则客户端可伪造 IP 绕过限流
+# TRUST_PROXY=1
+
+# 桌面端会在 ~/.secrets-v3/desktop 下持久化 device token 与 device fingerprint

deploy/postgres-tls-hardening.md

@@ -0,0 +1,92 @@
+# PostgreSQL TLS Hardening Runbook
+
+This runbook applies to:
+
+- PostgreSQL server: `47.117.131.22` (`db.refining.ltd`)
+- `secrets-mcp` app server: `47.238.146.244` (`secrets.refining.app`)
+
+## 1) Issue certificate for `db.refining.ltd` (Let's Encrypt + Cloudflare DNS-01)
+
+Install `acme.sh` on the PostgreSQL server and use a Cloudflare API token with DNS edit permission for the target zone.
+
+```bash
+curl https://get.acme.sh | sh -s email=ops@refining.ltd
+export CF_Token="your_cloudflare_dns_token"
+export CF_Zone_ID="your_zone_id"
+~/.acme.sh/acme.sh --issue --dns dns_cf -d db.refining.ltd --keylength ec-256
+```
+
+Install cert/key into a PostgreSQL-readable path:
+
+```bash
+sudo mkdir -p /etc/postgresql/tls
+sudo ~/.acme.sh/acme.sh --install-cert -d db.refining.ltd --ecc \
+  --fullchain-file /etc/postgresql/tls/fullchain.pem \
+  --key-file /etc/postgresql/tls/privkey.pem \
+  --reloadcmd "systemctl reload postgresql || systemctl restart postgresql"
+sudo chown -R postgres:postgres /etc/postgresql/tls
+sudo chmod 600 /etc/postgresql/tls/privkey.pem
+sudo chmod 644 /etc/postgresql/tls/fullchain.pem
+```
+
+## 2) Configure PostgreSQL TLS and access rules
+
+In `postgresql.conf`:
+
+```conf
+ssl = on
+ssl_cert_file = '/etc/postgresql/tls/fullchain.pem'
+ssl_key_file = '/etc/postgresql/tls/privkey.pem'
+```
+
+In `pg_hba.conf`, allow app traffic via TLS only (example):
+
+```conf
+hostssl  secrets-mcp  postgres  47.238.146.244/32  scram-sha-256
+```
+
+Keep a safe admin path (`local` socket or restricted source CIDR) before removing old plaintext `host` rules.
+
+Reload PostgreSQL:
+
+```bash
+sudo systemctl reload postgresql
+```
+
+## 3) Verify server-side TLS
+
+```bash
+openssl s_client -starttls postgres -connect db.refining.ltd:5432 -servername db.refining.ltd
+```
+
+The handshake should succeed and the certificate should match `db.refining.ltd`.
+
+## 4) Update `secrets-mcp` app server env
+
+Use environment values like:
+
+```bash
+SECRETS_DATABASE_URL=postgres://postgres:***@db.refining.ltd:5432/secrets-mcp
+SECRETS_DATABASE_SSL_MODE=verify-full
+SECRETS_ENV=production
+```
+
+If you use private CA instead of public CA, also set:
+
+```bash
+SECRETS_DATABASE_SSL_ROOT_CERT=/etc/secrets/pg-ca.crt
+```
+
+Restart `secrets-mcp` after updating env.
+
+## 5) Verify from app server
+
+Run positive and negative checks:
+
+- Positive: app starts, migrations pass, dashboard + MCP API work.
+- Negative:
+  - wrong hostname -> connection fails
+  - wrong CA file -> connection fails
+  - disable TLS on DB -> connection fails
+
+This ensures no silent downgrade to weak TLS in production.

deploy/secrets-mcp.service

@@ -0,0 +1,27 @@
+[Unit]
+Description=Secrets API Server
+After=network.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=secrets
+Group=secrets
+WorkingDirectory=/opt/secrets
+EnvironmentFile=/opt/secrets/.env
+ExecStart=/opt/secrets/secrets-api
+Restart=always
+RestartSec=5
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=secrets-api
+
+# 安全加固
+NoNewPrivileges=yes
+ProtectSystem=strict
+ProtectHome=yes
+ReadWritePaths=/opt/secrets
+PrivateTmp=yes
+
+[Install]
+WantedBy=multi-user.target

rust-toolchain.toml

@@ -0,0 +1,3 @@
+[toolchain]
+channel = "1.94.0"
+components = ["rustfmt", "clippy"]

scripts/release-check.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+repo_root="$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)"
+cd "$repo_root"
+
+echo "==> 开始执行检查"
+cargo fmt -- --check
+cargo clippy --locked -- -D warnings
+cargo test --locked

scripts/repair-secrets.template.csv

@@ -0,0 +1 @@
+entry_id,secret_name,secret_value

scripts/repair_secrets_from_csv.py

@@ -0,0 +1,383 @@
+#!/usr/bin/env python3
+"""
+Batch re-encrypt secret fields from a CSV file.
+
+CSV format:
+    entry_id,secret_name,secret_value
+    019d...,api_key,sk-xxxx
+    019d...,password,hunter2
+
+The script groups rows by entry_id, then calls `secrets_entry_update` with `secrets_obj`
+so the server re-encrypts the provided plaintext values with the current key.
+
+Warnings:
+- Keep the CSV outside version control whenever possible.
+- Delete the filled CSV after the repair is complete.
+"""
+
+from __future__ import annotations
+
+import argparse
+import csv
+import json
+import sys
+import urllib.error
+import urllib.request
+from collections import OrderedDict
+from pathlib import Path
+from typing import Any
+
+
+DEFAULT_USER_AGENT = "Cursor/3.0.12 (darwin arm64)"
+REQUIRED_COLUMNS = {"entry_id", "secret_name", "secret_value"}
+
+
+def parse_args() -> argparse.Namespace:
+    parser = argparse.ArgumentParser(
+        description="Repair secret ciphertexts by re-submitting plaintext via secrets_entry_update."
+    )
+    parser.add_argument(
+        "--csv",
+        required=True,
+        help="Path to CSV file with columns: entry_id,secret_name,secret_value",
+    )
+    parser.add_argument(
+        "--mcp-json",
+        default=str(Path.home() / ".cursor" / "mcp.json"),
+        help="Path to mcp.json used to resolve URL and headers",
+    )
+    parser.add_argument(
+        "--server",
+        default="secrets",
+        help="MCP server name inside mcp.json (default: secrets)",
+    )
+    parser.add_argument("--url", help="Override MCP URL")
+    parser.add_argument("--auth", help="Override Authorization header value")
+    parser.add_argument("--encryption-key", help="Override X-Encryption-Key header value")
+    parser.add_argument(
+        "--user-agent",
+        default=DEFAULT_USER_AGENT,
+        help=f"User-Agent header (default: {DEFAULT_USER_AGENT})",
+    )
+    parser.add_argument(
+        "--dry-run",
+        action="store_true",
+        help="Parse and print grouped updates without sending requests",
+    )
+    return parser.parse_args()
+
+
+def load_mcp_config(path: str, server_name: str) -> dict[str, Any]:
+    data = json.loads(Path(path).read_text(encoding="utf-8"))
+    servers = data.get("mcpServers", {})
+    if server_name not in servers:
+        raise KeyError(f"Server '{server_name}' not found in {path}")
+    return servers[server_name]
+
+
+def resolve_connection_settings(args: argparse.Namespace) -> tuple[str, str, str]:
+    server = load_mcp_config(args.mcp_json, args.server)
+    headers = server.get("headers", {})
+
+    url = args.url or server.get("url")
+    auth = args.auth or headers.get("Authorization")
+    encryption_key = args.encryption_key or headers.get("X-Encryption-Key")
+
+    if not url:
+        raise ValueError("Missing MCP URL. Pass --url or configure it in mcp.json.")
+    if not auth:
+        raise ValueError(
+            "Missing Authorization header. Pass --auth or configure it in mcp.json."
+        )
+    if not encryption_key:
+        raise ValueError(
+            "Missing X-Encryption-Key. Pass --encryption-key or configure it in mcp.json."
+        )
+
+    return url, auth, encryption_key
+
+
+def load_updates(csv_path: str) -> OrderedDict[str, OrderedDict[str, str]]:
+    grouped: OrderedDict[str, OrderedDict[str, str]] = OrderedDict()
+
+    with Path(csv_path).open("r", encoding="utf-8-sig", newline="") as fh:
+        reader = csv.DictReader(fh)
+        fieldnames = set(reader.fieldnames or [])
+        missing = REQUIRED_COLUMNS - fieldnames
+        if missing:
+            raise ValueError(
+                "CSV missing required columns: " + ", ".join(sorted(missing))
+            )
+
+        for line_no, row in enumerate(reader, start=2):
+            entry_id = (row.get("entry_id") or "").strip()
+            secret_name = (row.get("secret_name") or "").strip()
+            secret_value = row.get("secret_value") or ""
+
+            if not entry_id and not secret_name and not secret_value:
+                continue
+            if not entry_id:
+                raise ValueError(f"Line {line_no}: entry_id is required")
+            if not secret_name:
+                raise ValueError(f"Line {line_no}: secret_name is required")
+
+            entry_group = grouped.setdefault(entry_id, OrderedDict())
+            if secret_name in entry_group:
+                raise ValueError(
+                    f"Line {line_no}: duplicate secret_name '{secret_name}' for entry_id '{entry_id}'"
+                )
+            entry_group[secret_name] = secret_value
+
+    if not grouped:
+        raise ValueError("CSV contains no updates")
+
+    return grouped
+
+
+def post_json(
+    url: str,
+    payload: dict[str, Any],
+    auth: str,
+    encryption_key: str,
+    user_agent: str,
+    session_id: str | None = None,
+) -> tuple[int, str | None, str]:
+    headers = {
+        "Content-Type": "application/json",
+        "Accept": "application/json, text/event-stream",
+        "Authorization": auth,
+        "X-Encryption-Key": encryption_key,
+        "User-Agent": user_agent,
+    }
+    if session_id:
+        headers["mcp-session-id"] = session_id
+
+    req = urllib.request.Request(
+        url,
+        data=json.dumps(payload).encode("utf-8"),
+        headers=headers,
+        method="POST",
+    )
+    try:
+        with urllib.request.urlopen(req, timeout=30) as resp:
+            return (
+                resp.status,
+                resp.headers.get("mcp-session-id") or session_id,
+                resp.read().decode("utf-8"),
+            )
+    except urllib.error.HTTPError as exc:
+        body = exc.read().decode("utf-8", errors="replace")
+        return exc.code, session_id, body
+
+
+def parse_sse_json(body: str) -> list[dict[str, Any]]:
+    items: list[dict[str, Any]] = []
+    for line in body.splitlines():
+        if line.startswith("data: {"):
+            items.append(json.loads(line[6:]))
+    return items
+
+
+def initialize_session(
+    url: str, auth: str, encryption_key: str, user_agent: str
+) -> str:
+    status, session_id, body = post_json(
+        url,
+        {
+            "jsonrpc": "2.0",
+            "id": 1,
+            "method": "initialize",
+            "params": {
+                "protocolVersion": "2025-06-18",
+                "capabilities": {},
+                "clientInfo": {"name": "repair-script", "version": "1.0"},
+            },
+        },
+        auth,
+        encryption_key,
+        user_agent,
+    )
+    if status != 200 or not session_id:
+        raise RuntimeError(f"initialize failed: status={status}, body={body[:500]}")
+
+    status, _, body = post_json(
+        url,
+        {"jsonrpc": "2.0", "method": "notifications/initialized", "params": {}},
+        auth,
+        encryption_key,
+        user_agent,
+        session_id,
+    )
+    if status not in (200, 202):
+        raise RuntimeError(
+            f"notifications/initialized failed: status={status}, body={body[:500]}"
+        )
+    return session_id
+
+
+def load_entry_index(
+    url: str, auth: str, encryption_key: str, user_agent: str, session_id: str
+) -> dict[str, tuple[str, str]]:
+    status, _, body = post_json(
+        url,
+        {
+            "jsonrpc": "2.0",
+            "id": 999_001,
+            "method": "tools/call",
+            "params": {
+                "name": "secrets_entry_find",
+                "arguments": {
+                    "limit": 1000,
+                },
+            },
+        },
+        auth,
+        encryption_key,
+        user_agent,
+        session_id,
+    )
+    items = parse_sse_json(body)
+    last = items[-1] if items else {"raw": body[:1000]}
+    if status != 200:
+        raise RuntimeError(
+            f"secrets_entry_find failed: status={status}, body={body[:500]}"
+        )
+    if "error" in last:
+        raise RuntimeError(f"secrets_entry_find returned error: {last}")
+
+    content = last.get("result", {}).get("content", [])
+    if not content:
+        raise RuntimeError("secrets_entry_find returned no content")
+    payload = json.loads(content[0]["text"])
+
+    index: dict[str, tuple[str, str]] = {}
+    for entry in payload.get("entries", []):
+        entry_id = entry.get("id")
+        name = entry.get("name")
+        folder = entry.get("folder", "")
+        if entry_id and name is not None:
+            index[entry_id] = (name, folder)
+    return index
+
+
+def call_secrets_entry_update(
+    url: str,
+    auth: str,
+    encryption_key: str,
+    user_agent: str,
+    session_id: str,
+    request_id: int,
+    entry_id: str,
+    entry_name: str,
+    entry_folder: str,
+    secrets_obj: dict[str, str],
+) -> dict[str, Any]:
+    payload = {
+        "jsonrpc": "2.0",
+        "id": request_id,
+        "method": "tools/call",
+        "params": {
+            "name": "secrets_entry_update",
+            "arguments": {
+                "id": entry_id,
+                "name": entry_name,
+                "folder": entry_folder,
+                "secrets_obj": secrets_obj,
+                # Pass the key as an argument too, so repair can still work
+                # even when a client/proxy mishandles custom headers.
+                "encryption_key": encryption_key,
+            },
+        },
+    }
+    status, _, body = post_json(
+        url, payload, auth, encryption_key, user_agent, session_id
+    )
+    items = parse_sse_json(body)
+    last = items[-1] if items else {"raw": body[:1000]}
+    if status != 200:
+        raise RuntimeError(
+            f"secrets_entry_update failed for {entry_id}: status={status}, body={body[:500]}"
+        )
+    return last
+
+
+def main() -> int:
+    args = parse_args()
+
+    try:
+        url, auth, encryption_key = resolve_connection_settings(args)
+        updates = load_updates(args.csv)
+    except Exception as exc:
+        print(f"ERROR: {exc}", file=sys.stderr)
+        return 1
+
+    print(f"Loaded {len(updates)} entries from {args.csv}")
+
+    if args.dry_run:
+        for entry_id, secrets_obj in updates.items():
+            print(
+                json.dumps(
+                    {"id": entry_id, "secrets_obj": secrets_obj},
+                    ensure_ascii=False,
+                    indent=2,
+                )
+            )
+        return 0
+
+    try:
+        session_id = initialize_session(url, auth, encryption_key, args.user_agent)
+        entry_index = load_entry_index(
+            url, auth, encryption_key, args.user_agent, session_id
+        )
+    except Exception as exc:
+        print(f"ERROR: {exc}", file=sys.stderr)
+        return 1
+
+    success = 0
+    failures = 0
+    for request_id, (entry_id, secrets_obj) in enumerate(updates.items(), start=2):
+        try:
+            if entry_id not in entry_index:
+                raise RuntimeError(
+                    f"entry id not found in secrets_entry_find results: {entry_id}"
+                )
+            entry_name, entry_folder = entry_index[entry_id]
+            result = call_secrets_entry_update(
+                url,
+                auth,
+                encryption_key,
+                args.user_agent,
+                session_id,
+                request_id,
+                entry_id,
+                entry_name,
+                entry_folder,
+                secrets_obj,
+            )
+            if "error" in result:
+                failures += 1
+                print(
+                    json.dumps(
+                        {"id": entry_id, "status": "error", "result": result},
+                        ensure_ascii=False,
+                    ),
+                    file=sys.stderr,
+                )
+            else:
+                success += 1
+                print(
+                    json.dumps(
+                        {"id": entry_id, "status": "ok", "result": result},
+                        ensure_ascii=False,
+                    )
+                )
+        except Exception as exc:
+            failures += 1
+            print(f"{entry_id}: ERROR: {exc}", file=sys.stderr)
+
+    print(f"Done. success={success} failure={failures}")
+    return 0 if failures == 0 else 2
+
+
+if __name__ == "__main__":
+    raise SystemExit(main())

scripts/setup-gitea-actions.sh

@@ -1,18 +1,17 @@
 #!/usr/bin/env bash
 #
-# 为 refining/secrets 仓库配置 Gitea Actions 所需的 Secrets 和 Variables
+# 为 refining/secrets 仓库配置 v3 CI 所需的 Variables
 # 参考: .gitea/workflows/secrets.yml
 #
 # 所需配置:
-#   - secrets.RELEASE_TOKEN  (必选) Release 上传用，值为 Gitea PAT
 #   - vars.WEBHOOK_URL       (可选) 飞书通知
 #
-# 注意: Gitea 不允许 secret/variable 名以 GITEA_ 或 GITHUB_ 开头，故使用 RELEASE_TOKEN
+# 注意:
+#   - Variables 的 value 字段为原始字符串，不要 base64。
 #
 # 用法:
 #   1. 从 ~/.config/gitea/config.env 读取 GITEA_URL, GITEA_TOKEN, GITEA_WEBHOOK_URL
-#   2. 或通过环境变量覆盖: GITEA_TOKEN（作为 RELEASE_TOKEN 的值）, WEBHOOK_URL
-#   3. 或使用 secrets CLI 获取: 需 DATABASE_URL，从 refining/service gitea 读取
+#   2. 或通过环境变量覆盖: GITEA_TOKEN, WEBHOOK_URL
 #
 
 set -e
@@ -21,26 +20,38 @@ OWNER="refining"
 REPO="secrets"
 
 # 解析参数
-USE_SECRETS_CLI=false
 while [[ $# -gt 0 ]]; do
   case $1 in
-    --from-secrets) USE_SECRETS_CLI=true; shift ;;
+    --from-secrets)
+      echo "❌ --from-secrets 尚未实现，请使用 ~/.config/gitea/config.env 或环境变量" >&2
+      exit 1
+      ;;
     -h|--help)
-      echo "用法: $0 [--from-secrets]"
+      echo "用法: $0"
       echo ""
-      echo "  --from-secrets  从 secrets CLI (refining/service gitea) 获取 token 和 webhook_url"
-      echo "                  否则从 ~/.config/gitea/config.env 读取"
+      echo "从 ~/.config/gitea/config.env 读取，或由环境变量覆盖。"
       echo ""
-      echo "环境变量覆盖:"
-      echo "  GITEA_URL        Gitea 实例地址"
-      echo "  GITEA_TOKEN      用于 Release 上传的 PAT (创建 RELEASE_TOKEN secret)"
-      echo "  WEBHOOK_URL      飞书 Webhook URL (创建 variable，可选)"
+      echo "环境变量:"
+      echo "  GITEA_URL             Gitea 实例根地址（可误带尾部 /api/v1，脚本会规范化后拼接）"
+      echo "  GITEA_TOKEN           Gitea PAT"
+      echo "  WEBHOOK_URL           或 GITEA_WEBHOOK_URL → vars.WEBHOOK_URL（可选）"
       exit 0
       ;;
-    *) shift ;;
+    *)
+      echo "❌ 未知参数: $1" >&2
+      echo "   使用 $0 --help 查看用法" >&2
+      exit 1
+      ;;
   esac
 done
 
+for cmd in curl jq; do
+  if ! command -v "$cmd" &>/dev/null; then
+    echo "❌ 未找到命令: $cmd（本脚本依赖 curl 与 jq）" >&2
+    exit 1
+  fi
+done
+
 # 加载配置
 load_config() {
   local config="$HOME/.config/gitea/config.env"
@@ -50,26 +61,6 @@ load_config() {
   fi
 }
 
-# 从 secrets CLI 获取 gitea 凭据
-fetch_from_secrets() {
-  if ! command -v secrets &>/dev/null; then
-    echo "❌ secrets CLI 未找到，请先构建: cargo build --release" >&2
-    return 1
-  fi
-  # 输出 JSON 格式便于解析；需要 --show-secrets
-  # secrets 当前无 JSON 输出，用简单解析
-  local out
-  out=$(secrets search -n refining --kind service -q gitea --show-secrets 2>/dev/null || true)
-  if [[ -z "$out" ]]; then
-    echo "❌ 未找到 refining/service gitea 记录" >&2
-    return 1
-  fi
-  # 简化：从 metadata 和 secrets 中提取，实际格式需根据 search 输出调整
-  # 此处仅作占位，实际解析较复杂；建议用户优先用 config.env
-  echo "⚠️  --from-secrets 暂不支持自动解析，请使用 config.env 或环境变量" >&2
-  return 1
-}
-
 load_config
 
 # 优先使用环境变量
@@ -84,21 +75,19 @@ if [[ -z "$GITEA_URL" ]]; then
   exit 1
 fi
 
-# 去掉 URL 尾部斜杠
+# 规范为实例根 URL：去尾部斜杠，并去掉重复的 .../api/v1 后缀（避免拼成 .../api/v1/api/v1）
 GITEA_URL="${GITEA_URL%/}"
-# 确保使用 /api/v1 基础路径（若用户只写了根 URL）
-[[ "$GITEA_URL" != *"/api/v1"* ]] || true
+while [[ "$GITEA_URL" == */api/v1 ]]; do
+  GITEA_URL="${GITEA_URL%/api/v1}"
+  GITEA_URL="${GITEA_URL%/}"
+done
 
 API_BASE="${GITEA_URL}/api/v1"
 
-# 获取 GITEA_TOKEN（作为 workflow 中 secrets.RELEASE_TOKEN 的值）
 if [[ -z "$GITEA_TOKEN" ]]; then
-  if $USE_SECRETS_CLI; then
-    fetch_from_secrets || exit 1
-  fi
   echo "❌ GITEA_TOKEN 未配置"
   echo "   在 ~/.config/gitea/config.env 中设置，或 export GITEA_TOKEN=xxx" >&2
-  echo "   Token 需具备 repo 写权限（创建 Release、上传附件）" >&2
+  echo "   Token 需具备 repo 写权限" >&2
   exit 1
 fi
 
@@ -107,34 +96,14 @@ echo "配置 Gitea Actions: $OWNER/$REPO"
 echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 echo ""
 
-# 1. 创建 Secret: RELEASE_TOKEN
-echo "1. 创建 Secret: RELEASE_TOKEN"
-encoded=$(echo -n "$GITEA_TOKEN" | base64)
-resp=$(curl -s -w "\n%{http_code}" -X PUT \
-  -H "Authorization: token $GITEA_TOKEN" \
-  -H "Content-Type: application/json" \
-  -d "{\"data\":\"${encoded}\"}" \
-  "${API_BASE}/repos/${OWNER}/${REPO}/actions/secrets/RELEASE_TOKEN")
-http_code=$(echo "$resp" | tail -n1)
-body=$(echo "$resp" | sed '$d')
-
-if [[ "$http_code" == "200" || "$http_code" == "201" || "$http_code" == "204" ]]; then
-  echo "   ✓ RELEASE_TOKEN 已创建/更新"
-else
-  echo "   ❌ 失败 (HTTP $http_code)" >&2
-  echo "$body" | jq -r '.message // .' 2>/dev/null || echo "$body" >&2
-  exit 1
-fi
-
-# 2. 创建/更新 Variable: WEBHOOK_URL（可选）
+echo "1. 创建/更新 Variable: WEBHOOK_URL（可选）"
 WEBHOOK_VALUE="${WEBHOOK_URL:-$GITEA_WEBHOOK_URL}"
 if [[ -n "$WEBHOOK_VALUE" ]]; then
-  echo ""
-  echo "2. 创建/更新 Variable: WEBHOOK_URL"
+  var_payload=$(jq -n --arg v "$WEBHOOK_VALUE" '{value: $v}')
   resp=$(curl -s -w "\n%{http_code}" -X POST \
     -H "Authorization: token $GITEA_TOKEN" \
     -H "Content-Type: application/json" \
-    -d "{\"value\":\"${WEBHOOK_VALUE}\"}" \
+    -d "$var_payload" \
     "${API_BASE}/repos/${OWNER}/${REPO}/actions/variables/WEBHOOK_URL")
   http_code=$(echo "$resp" | tail -n1)
   body=$(echo "$resp" | sed '$d')
@@ -146,7 +115,7 @@ if [[ -n "$WEBHOOK_VALUE" ]]; then
     resp=$(curl -s -w "\n%{http_code}" -X PUT \
       -H "Authorization: token $GITEA_TOKEN" \
       -H "Content-Type: application/json" \
-      -d "{\"value\":\"${WEBHOOK_VALUE}\"}" \
+      -d "$var_payload" \
       "${API_BASE}/repos/${OWNER}/${REPO}/actions/variables/WEBHOOK_URL")
     http_code=$(echo "$resp" | tail -n1)
     if [[ "$http_code" == "200" || "$http_code" == "204" ]]; then
@@ -158,8 +127,7 @@ if [[ -n "$WEBHOOK_VALUE" ]]; then
     echo "   ⚠ 失败 (HTTP $http_code)，飞书通知将不可用" >&2
   fi
 else
-  echo ""
-  echo "2. 跳过 WEBHOOK_URL（未配置 GITEA_WEBHOOK_URL 或 WEBHOOK_URL）"
+  echo "   跳过 WEBHOOK_URL（未配置 GITEA_WEBHOOK_URL 或 WEBHOOK_URL）"
   echo "   飞书通知将不可用；如需可后续在仓库 Settings → Variables 中添加"
 fi
 
@@ -169,7 +137,6 @@ echo "✓ 配置完成"
 echo "━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━"
 echo ""
 echo "Workflow 将使用:"
-echo "  - secrets.RELEASE_TOKEN  创建 Release 并上传二进制"
 echo "  - vars.WEBHOOK_URL 发送飞书通知（如已配置）"
 echo ""
 echo "推送代码触发构建:"

src/commands/add.rs

@@ -1,87 +0,0 @@
-use anyhow::Result;
-use serde_json::{Map, Value};
-use sqlx::PgPool;
-use std::fs;
-
-/// Parse "key=value" entries. Value starting with '@' reads from file.
-fn parse_kv(entry: &str) -> Result<(String, String)> {
-    let (key, raw_val) = entry.split_once('=').ok_or_else(|| {
-        anyhow::anyhow!(
-            "Invalid format '{}'. Expected: key=value or key=@file",
-            entry
-        )
-    })?;
-
-    let value = if let Some(path) = raw_val.strip_prefix('@') {
-        fs::read_to_string(path)
-            .map_err(|e| anyhow::anyhow!("Failed to read file '{}': {}", path, e))?
-    } else {
-        raw_val.to_string()
-    };
-
-    Ok((key.to_string(), value))
-}
-
-fn build_json(entries: &[String]) -> Result<Value> {
-    let mut map = Map::new();
-    for entry in entries {
-        let (key, value) = parse_kv(entry)?;
-        map.insert(key, Value::String(value));
-    }
-    Ok(Value::Object(map))
-}
-
-pub async fn run(
-    pool: &PgPool,
-    namespace: &str,
-    kind: &str,
-    name: &str,
-    tags: &[String],
-    meta_entries: &[String],
-    secret_entries: &[String],
-) -> Result<()> {
-    let metadata = build_json(meta_entries)?;
-    let encrypted = build_json(secret_entries)?;
-
-    sqlx::query(
-        r#"
-        INSERT INTO secrets (namespace, kind, name, tags, metadata, encrypted, updated_at)
-        VALUES ($1, $2, $3, $4, $5, $6, NOW())
-        ON CONFLICT (namespace, kind, name)
-        DO UPDATE SET
-            tags      = EXCLUDED.tags,
-            metadata  = EXCLUDED.metadata,
-            encrypted = EXCLUDED.encrypted,
-            updated_at = NOW()
-        "#,
-    )
-    .bind(namespace)
-    .bind(kind)
-    .bind(name)
-    .bind(tags)
-    .bind(&metadata)
-    .bind(&encrypted)
-    .execute(pool)
-    .await?;
-
-    println!("Added: [{}/{}] {}", namespace, kind, name);
-    if !tags.is_empty() {
-        println!("  tags:     {}", tags.join(", "));
-    }
-    if !meta_entries.is_empty() {
-        let keys: Vec<&str> = meta_entries
-            .iter()
-            .filter_map(|s| s.split_once('=').map(|(k, _)| k))
-            .collect();
-        println!("  metadata: {}", keys.join(", "));
-    }
-    if !secret_entries.is_empty() {
-        let keys: Vec<&str> = secret_entries
-            .iter()
-            .filter_map(|s| s.split_once('=').map(|(k, _)| k))
-            .collect();
-        println!("  secrets:  {}", keys.join(", "));
-    }
-
-    Ok(())
-}

src/commands/delete.rs

@@ -1,20 +0,0 @@
-use anyhow::Result;
-use sqlx::PgPool;
-
-pub async fn run(pool: &PgPool, namespace: &str, kind: &str, name: &str) -> Result<()> {
-    let result = sqlx::query(
-        "DELETE FROM secrets WHERE namespace = $1 AND kind = $2 AND name = $3",
-    )
-    .bind(namespace)
-    .bind(kind)
-    .bind(name)
-    .execute(pool)
-    .await?;
-
-    if result.rows_affected() == 0 {
-        println!("Not found: [{}/{}] {}", namespace, kind, name);
-    } else {
-        println!("Deleted: [{}/{}] {}", namespace, kind, name);
-    }
-    Ok(())
-}

src/commands/mod.rs

@@ -1,3 +0,0 @@
-pub mod add;
-pub mod delete;
-pub mod search;

src/commands/search.rs

@@ -1,104 +0,0 @@
-use anyhow::Result;
-use sqlx::PgPool;
-
-use crate::models::Secret;
-
-pub async fn run(
-    pool: &PgPool,
-    namespace: Option<&str>,
-    kind: Option<&str>,
-    tag: Option<&str>,
-    query: Option<&str>,
-    show_secrets: bool,
-) -> Result<()> {
-    let mut conditions: Vec<String> = Vec::new();
-    let mut idx: i32 = 1;
-
-    if namespace.is_some() {
-        conditions.push(format!("namespace = ${}", idx));
-        idx += 1;
-    }
-    if kind.is_some() {
-        conditions.push(format!("kind = ${}", idx));
-        idx += 1;
-    }
-    if tag.is_some() {
-        conditions.push(format!("tags @> ARRAY[${}]", idx));
-        idx += 1;
-    }
-    if query.is_some() {
-        conditions.push(format!(
-            "(name ILIKE ${i} OR namespace ILIKE ${i} OR kind ILIKE ${i} OR metadata::text ILIKE ${i} OR EXISTS (SELECT 1 FROM unnest(tags) t WHERE t ILIKE ${i}))",
-            i = idx
-        ));
-    }
-
-    let where_clause = if conditions.is_empty() {
-        String::new()
-    } else {
-        format!("WHERE {}", conditions.join(" AND "))
-    };
-
-    let sql = format!(
-        "SELECT * FROM secrets {} ORDER BY namespace, kind, name",
-        where_clause
-    );
-
-    let mut q = sqlx::query_as::<_, Secret>(&sql);
-    if let Some(v) = namespace {
-        q = q.bind(v);
-    }
-    if let Some(v) = kind {
-        q = q.bind(v);
-    }
-    if let Some(v) = tag {
-        q = q.bind(v);
-    }
-    if let Some(v) = query {
-        q = q.bind(format!("%{}%", v));
-    }
-
-    let rows = q.fetch_all(pool).await?;
-
-    if rows.is_empty() {
-        println!("No records found.");
-        return Ok(());
-    }
-
-    for row in &rows {
-        println!(
-            "[{}/{}] {}",
-            row.namespace, row.kind, row.name,
-        );
-        println!("  id:       {}", row.id);
-
-        if !row.tags.is_empty() {
-            println!("  tags:     [{}]", row.tags.join(", "));
-        }
-
-        let meta_obj = row.metadata.as_object();
-        if let Some(m) = meta_obj {
-            if !m.is_empty() {
-                println!("  metadata: {}", serde_json::to_string_pretty(&row.metadata)?);
-            }
-        }
-
-        if show_secrets {
-            println!("  secrets:  {}", serde_json::to_string_pretty(&row.encrypted)?);
-        } else {
-            let keys: Vec<String> = row
-                .encrypted
-                .as_object()
-                .map(|m| m.keys().cloned().collect())
-                .unwrap_or_default();
-            if !keys.is_empty() {
-                println!("  secrets:  [{}]  (--show-secrets to reveal)", keys.join(", "));
-            }
-        }
-
-        println!("  created:  {}", row.created_at.format("%Y-%m-%d %H:%M:%S UTC"));
-        println!();
-    }
-    println!("{} record(s) found.", rows.len());
-    Ok(())
-}

src/db.rs

@@ -1,44 +0,0 @@
-use anyhow::Result;
-use sqlx::postgres::PgPoolOptions;
-use sqlx::PgPool;
-
-pub async fn create_pool(database_url: &str) -> Result<PgPool> {
-    let pool = PgPoolOptions::new()
-        .max_connections(5)
-        .connect(database_url)
-        .await?;
-    Ok(pool)
-}
-
-pub async fn migrate(pool: &PgPool) -> Result<()> {
-    sqlx::raw_sql(
-        r#"
-        CREATE TABLE IF NOT EXISTS secrets (
-            id          UUID PRIMARY KEY DEFAULT uuidv7(),
-            namespace   VARCHAR(64)  NOT NULL,
-            kind        VARCHAR(64)  NOT NULL,
-            name        VARCHAR(256) NOT NULL,
-            tags        TEXT[]       NOT NULL DEFAULT '{}',
-            metadata    JSONB        NOT NULL DEFAULT '{}',
-            encrypted   JSONB        NOT NULL DEFAULT '{}',
-            created_at  TIMESTAMPTZ  NOT NULL DEFAULT NOW(),
-            updated_at  TIMESTAMPTZ  NOT NULL DEFAULT NOW(),
-            UNIQUE(namespace, kind, name)
-        );
-
-        -- idempotent column add for existing tables
-        DO $$ BEGIN
-            ALTER TABLE secrets ADD COLUMN IF NOT EXISTS metadata JSONB NOT NULL DEFAULT '{}';
-        EXCEPTION WHEN OTHERS THEN NULL;
-        END $$;
-
-        CREATE INDEX IF NOT EXISTS idx_secrets_namespace ON secrets(namespace);
-        CREATE INDEX IF NOT EXISTS idx_secrets_kind ON secrets(kind);
-        CREATE INDEX IF NOT EXISTS idx_secrets_tags ON secrets USING GIN(tags);
-        CREATE INDEX IF NOT EXISTS idx_secrets_metadata ON secrets USING GIN(metadata jsonb_path_ops);
-        "#,
-    )
-    .execute(pool)
-    .await?;
-    Ok(())
-}

src/main.rs

@@ -1,132 +0,0 @@
-mod commands;
-mod db;
-mod models;
-
-use anyhow::Result;
-use clap::{Parser, Subcommand};
-use dotenvy::dotenv;
-
-#[derive(Parser)]
-#[command(name = "secrets", version, about = "Secrets & config manager backed by PostgreSQL")]
-struct Cli {
-    /// Database URL (or set DATABASE_URL env var)
-    #[arg(long, env = "DATABASE_URL", global = true, default_value = "")]
-    db_url: String,
-
-    #[command(subcommand)]
-    command: Commands,
-}
-
-#[derive(Subcommand)]
-enum Commands {
-    /// Add or update a record (upsert)
-    Add {
-        /// Namespace (e.g. refining, ricnsmart)
-        #[arg(short, long)]
-        namespace: String,
-        /// Kind of record (server, service, key, ...)
-        #[arg(long)]
-        kind: String,
-        /// Human-readable name
-        #[arg(long)]
-        name: String,
-        /// Tags for categorization (repeatable)
-        #[arg(long = "tag")]
-        tags: Vec<String>,
-        /// Plaintext metadata entry: key=value (repeatable, key=@file reads from file)
-        #[arg(long = "meta", short = 'm')]
-        meta: Vec<String>,
-        /// Secret entry: key=value (repeatable, key=@file reads from file)
-        #[arg(long = "secret", short = 's')]
-        secrets: Vec<String>,
-    },
-
-    /// Search records
-    Search {
-        /// Filter by namespace
-        #[arg(short, long)]
-        namespace: Option<String>,
-        /// Filter by kind
-        #[arg(long)]
-        kind: Option<String>,
-        /// Filter by tag
-        #[arg(long)]
-        tag: Option<String>,
-        /// Search by keyword (matches name, namespace, kind)
-        #[arg(short, long)]
-        query: Option<String>,
-        /// Reveal encrypted secret values
-        #[arg(long)]
-        show_secrets: bool,
-    },
-
-    /// Delete a record
-    Delete {
-        /// Namespace
-        #[arg(short, long)]
-        namespace: String,
-        /// Kind
-        #[arg(long)]
-        kind: String,
-        /// Name
-        #[arg(long)]
-        name: String,
-    },
-}
-
-#[tokio::main]
-async fn main() -> Result<()> {
-    dotenv().ok();
-
-    let cli = Cli::parse();
-
-    let db_url = if cli.db_url.is_empty() {
-        std::env::var("DATABASE_URL").map_err(|_| {
-            anyhow::anyhow!("DATABASE_URL not set. Use --db-url or set DATABASE_URL env var.")
-        })?
-    } else {
-        cli.db_url.clone()
-    };
-
-    let pool = db::create_pool(&db_url).await?;
-    db::migrate(&pool).await?;
-
-    match &cli.command {
-        Commands::Add {
-            namespace,
-            kind,
-            name,
-            tags,
-            meta,
-            secrets,
-        } => {
-            commands::add::run(&pool, namespace, kind, name, tags, meta, secrets).await?;
-        }
-        Commands::Search {
-            namespace,
-            kind,
-            tag,
-            query,
-            show_secrets,
-        } => {
-            commands::search::run(
-                &pool,
-                namespace.as_deref(),
-                kind.as_deref(),
-                tag.as_deref(),
-                query.as_deref(),
-                *show_secrets,
-            )
-            .await?;
-        }
-        Commands::Delete {
-            namespace,
-            kind,
-            name,
-        } => {
-            commands::delete::run(&pool, namespace, kind, name).await?;
-        }
-    }
-
-    Ok(())
-}

src/models.rs

@@ -1,17 +0,0 @@
-use chrono::{DateTime, Utc};
-use serde::{Deserialize, Serialize};
-use serde_json::Value;
-use uuid::Uuid;
-
-#[derive(Debug, Serialize, Deserialize, sqlx::FromRow)]
-pub struct Secret {
-    pub id: Uuid,
-    pub namespace: String,
-    pub kind: String,
-    pub name: String,
-    pub tags: Vec<String>,
-    pub metadata: Value,
-    pub encrypted: Value,
-    pub created_at: DateTime<Utc>,
-    pub updated_at: DateTime<Utc>,
-}