release: secrets-mcp 0.5.2

Bump version: secrets-mcp-0.5.1 tag already existed while crates had further changes.

Made-with: Cursor

.gitignore

@@ -4,4 +4,5 @@
 .cursor/
 *.pem
 tmp/
-client_secret_*.apps.googleusercontent.com.json
+client_secret_*.apps.googleusercontent.com.json
+node_modules/

AGENTS.md

@@ -119,7 +119,7 @@ oauth_accounts (
 | 字段 | 含义 | 示例 |
 |------|------|------|
 | `folder` | 隔离空间（参与唯一键） | `refining` |
-| `type` | 软分类（不参与唯一键） | `server`, `service`, `person`, `document` |
+| `type` | 软分类（不参与唯一键，用户自定义） | `server`, `service`, `account`, `person`, `document` |
 | `name` | 标识名 | `gitea`, `aliyun` |
 | `notes` | 非敏感说明 | 自由文本 |
 | `tags` | 标签 | `["aliyun","prod"]` |
@@ -180,6 +180,9 @@ git tag -l 'secrets-mcp-*'
 | 变量 | 说明 |
 |------|------|
 | `SECRETS_DATABASE_URL` | **必填**。PostgreSQL URL。 |
+| `SECRETS_DATABASE_SSL_MODE` | 可选但强烈建议生产必填。推荐 `verify-full`（至少 `verify-ca`）。 |
+| `SECRETS_DATABASE_SSL_ROOT_CERT` | 可选。私有 CA 或自签链路时指定 CA 根证书路径。 |
+| `SECRETS_ENV` | 可选。设为 `prod` / `production` 时会拒绝弱 PostgreSQL TLS 模式。 |
 | `BASE_URL` | 对外基址；OAuth 回调 `${BASE_URL}/auth/google/callback`。 |
 | `SECRETS_MCP_BIND` | 监听地址，默认 `127.0.0.1:9315`（容器/远程直接暴露时需改为 `0.0.0.0:9315`）。 |
 | `GOOGLE_CLIENT_ID` / `GOOGLE_CLIENT_SECRET` | 可选；仅运行时配置。 |

Cargo.lock

@@ -464,6 +464,20 @@ dependencies = [
  "syn",
 ]
 
+[[package]]
+name = "dashmap"
+version = "6.1.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5041cc499144891f3790297212f32a74fb938e5136a14943f338ef9e0ae276cf"
+dependencies = [
+ "cfg-if",
+ "crossbeam-utils",
+ "hashbrown 0.14.5",
+ "lock_api",
+ "once_cell",
+ "parking_lot_core",
+]
+
 [[package]]
 name = "der"
 version = "0.7.10"
@@ -596,6 +610,12 @@ version = "0.1.5"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
 
+[[package]]
+name = "foldhash"
+version = "0.2.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77ce24cb58228fbb8aa041425bb1050850ac19177686ea6e0f41a70416f56fdb"
+
 [[package]]
 name = "form_urlencoded"
 version = "1.2.2"
@@ -687,6 +707,12 @@ version = "0.3.32"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
 
+[[package]]
+name = "futures-timer"
+version = "3.0.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f288b0a4f20f9a56b5d1da57e2227c661b7b16168e2f72365f57b63326e29b24"
+
 [[package]]
 name = "futures-util"
 version = "0.3.32"
@@ -765,6 +791,35 @@ dependencies = [
  "polyval",
 ]
 
+[[package]]
+name = "governor"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9efcab3c1958580ff1f25a2a41be1668f7603d849bb63af523b208a3cc1223b8"
+dependencies = [
+ "cfg-if",
+ "dashmap",
+ "futures-sink",
+ "futures-timer",
+ "futures-util",
+ "getrandom 0.3.4",
+ "hashbrown 0.16.1",
+ "nonzero_ext",
+ "parking_lot",
+ "portable-atomic",
+ "quanta",
+ "rand 0.9.2",
+ "smallvec",
+ "spinning_top",
+ "web-time",
+]
+
+[[package]]
+name = "hashbrown"
+version = "0.14.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e5274423e17b7c9fc20b6e7e208532f9b19825d82dfd615708b70edd83df41f1"
+
 [[package]]
 name = "hashbrown"
 version = "0.15.5"
@@ -773,7 +828,7 @@ checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
 dependencies = [
  "allocator-api2",
  "equivalent",
- "foldhash",
+ "foldhash 0.1.5",
 ]
 
 [[package]]
@@ -781,6 +836,11 @@ name = "hashbrown"
 version = "0.16.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "841d1cc9bed7f9236f321df977030373f4a4163ae1a7dbfe1a51a2c1a51d9100"
+dependencies = [
+ "allocator-api2",
+ "equivalent",
+ "foldhash 0.2.0",
+]
 
 [[package]]
 name = "hashlink"
@@ -1283,6 +1343,12 @@ dependencies = [
  "windows-sys 0.61.2",
 ]
 
+[[package]]
+name = "nonzero_ext"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "38bf9645c8b145698bb0b18a4637dcacbc421ea49bef2317e4fd8065a387cf21"
+
 [[package]]
 name = "nu-ansi-term"
 version = "0.50.3"
@@ -1463,6 +1529,12 @@ dependencies = [
  "universal-hash",
 ]
 
+[[package]]
+name = "portable-atomic"
+version = "1.13.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49"
+
 [[package]]
 name = "potential_utf"
 version = "0.1.4"
@@ -1506,6 +1578,21 @@ dependencies = [
  "unicode-ident",
 ]
 
+[[package]]
+name = "quanta"
+version = "0.12.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "f3ab5a9d756f0d97bdc89019bd2e4ea098cf9cde50ee7564dde6b81ccc8f06c7"
+dependencies = [
+ "crossbeam-utils",
+ "libc",
+ "once_cell",
+ "raw-cpuid",
+ "wasi",
+ "web-sys",
+ "winapi",
+]
+
 [[package]]
 name = "quinn"
 version = "0.11.9"
@@ -1658,6 +1745,15 @@ version = "0.10.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "0c8d0fd677905edcbeedbf2edb6494d676f0e98d54d5cf9bda0b061cb8fb8aba"
 
+[[package]]
+name = "raw-cpuid"
+version = "11.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "498cd0dc59d73224351ee52a95fee0f1a617a2eae0e7d9d720cc622c73a54186"
+dependencies = [
+ "bitflags",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.5.18"
@@ -1969,7 +2065,7 @@ dependencies = [
 
 [[package]]
 name = "secrets-mcp"
-version = "0.4.0"
+version = "0.5.2"
 dependencies = [
  "anyhow",
  "askama",
@@ -1977,6 +2073,7 @@ dependencies = [
  "axum-extra",
  "chrono",
  "dotenvy",
+ "governor",
  "http",
  "rand 0.10.0",
  "reqwest",
@@ -1995,6 +2092,7 @@ dependencies = [
  "tower-sessions-sqlx-store-chrono",
  "tracing",
  "tracing-subscriber",
+ "url",
  "urlencoding",
  "uuid",
 ]
@@ -2195,6 +2293,15 @@ dependencies = [
  "lock_api",
 ]
 
+[[package]]
+name = "spinning_top"
+version = "0.3.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "d96d2d1d716fb500937168cc09353ffdc7a012be8475ac7308e1bdf0e3923300"
+dependencies = [
+ "lock_api",
+]
+
 [[package]]
 name = "spki"
 version = "0.7.3"
@@ -2717,6 +2824,7 @@ dependencies = [
  "futures-util",
  "http",
  "http-body",
+ "http-body-util",
  "iri-string",
  "pin-project-lite",
  "tower",
@@ -3167,6 +3275,28 @@ dependencies = [
  "wasite",
 ]
 
+[[package]]
+name = "winapi"
+version = "0.3.9"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
+dependencies = [
+ "winapi-i686-pc-windows-gnu",
+ "winapi-x86_64-pc-windows-gnu",
+]
+
+[[package]]
+name = "winapi-i686-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
+
+[[package]]
+name = "winapi-x86_64-pc-windows-gnu"
+version = "0.4.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
+
 [[package]]
 name = "windows-core"
 version = "0.62.2"

README.md

@@ -54,10 +54,31 @@ SECRETS_ENV=production
 
 条目在逻辑上以 **`(folder, name)`** 在用户内唯一（数据库唯一索引：`user_id + folder + name`）。同名可在不同 folder 下各存一条（例如 `refining/aliyun` 与 `ricnsmart/aliyun`）。
 
-- **`secrets_search`**：发现条目（可按 query / folder / type / name 过滤）；不要求加密头。
-- **`secrets_get` / `secrets_update` / `secrets_delete`（按 name）/ `secrets_history` / `secrets_rollback`**：仅 `name` 且全局唯一则直接命中；若多条同名，返回消歧错误，需在参数中补 **`folder`**。
-- **`secrets_delete`**：`dry_run=true` 时与真实删除相同的消歧规则——唯一则预览一条，多条则报错并要求 `folder`。
-- **共享密钥**：N:N 关联下，删除 entry 仅解除关联，被共享的 secret 若仍被其他 entry 引用则保留；无引用时自动清理。
+### 工具列表
+
+| 工具 | 需要加密密钥 | 说明 |
+|------|-------------|------|
+| `secrets_find` | 否 | 发现条目（返回含 secret_fields schema），支持 `name_query` 模糊匹配 |
+| `secrets_search` | 否 | 搜索条目，支持 `query`/`folder`/`type`/`name` 过滤、`sort`/`offset` 分页、`summary` 摘要模式 |
+| `secrets_get` | 是 | 按 UUID `id` 获取单条条目及解密后的 secrets |
+| `secrets_add` | 是 | 添加新条目，支持 `meta_obj`/`secrets_obj` JSON 对象参数、`secret_types` 指定密钥类型、`link_secret_names` 关联已有 secret |
+| `secrets_update` | 是 | 更新条目，支持 `id` 或 `name`+`folder` 定位 |
+| `secrets_delete` | 否 | 删除条目，支持 `id` 或 `name`+`folder` 定位；`dry_run=true` 预览删除 |
+| `secrets_history` | 否 | 查看条目历史，支持 `id` 或 `name`+`folder` 定位 |
+| `secrets_rollback` | 是 | 回滚条目到指定历史版本，支持 `id` 或 `name`+`folder` 定位 |
+| `secrets_export` | 是 | 导出条目（含解密明文），支持 JSON/TOML/YAML 格式 |
+| `secrets_env_map` | 是 | 将 secrets 转换为环境变量映射（`UPPER(entry)_UPPER(field)` 格式），支持 `prefix` |
+| `secrets_overview` | 否 | 返回各 folder 和 type 的 entry 计数概览 |
+
+### 消歧规则
+
+- **按 `name` 定位的工具**（`secrets_update` / `secrets_delete` / `secrets_history` / `secrets_rollback`）：若该用户下仅一条匹配则直接执行；若多条（同 `name`、不同 `folder`）则返回错误并提示补全 `folder`。也可直接传 `id`（UUID）跳过消歧。
+- **`secrets_get`** 仅支持通过 `id`（UUID）获取。
+- **`secrets_delete`** 的 `dry_run=true` 与真实删除使用相同消歧规则——唯一则预览一条，多条则报错并要求 `folder`。
+
+### 共享密钥
+
+N:N 关联下，删除 entry 仅解除关联，被共享的 secret 若仍被其他 entry 引用则保留；无引用时自动清理。
 
 ## 加密架构（混合 E2EE）
 
@@ -151,12 +172,12 @@ flowchart LR
 
 ## 数据模型
 
-主表 **`entries`**（`folder`、`type`、`name`、`notes`、`tags`、`metadata`，多租户时带 `user_id`）+ 子表 **`secrets`**（每行一个加密字段：`name`、`type`、`encrypted`，通过 `entry_secrets` 中间表与 entry 建立 N:N 关联）。**唯一性**：`UNIQUE(user_id, folder, name)`（`user_id` 为空时为遗留行唯一 `(folder, name)`）。另有 `entries_history`、`secrets_history`、`audit_log`，以及 **`users`**（含 `key_salt`、`key_check`、`key_params`、`api_key`）、**`oauth_accounts`**。首次连库自动迁移建表（`secrets-core` 的 `migrate`）；已有库可对照 [`scripts/migrate-v0.3.0.sql`](scripts/migrate-v0.3.0.sql) 做列重命名与索引重建。**Web 登录会话**（tower-sessions）使用同一 `SECRETS_DATABASE_URL`，进程启动时对会话存储执行迁移（见 `secrets-mcp` 中 `PostgresStore::migrate`），无需额外环境变量。
+主表 **`entries`**（`folder`、`type`、`name`、`notes`、`tags`、`metadata`，多租户时带 `user_id`）+ 子表 **`secrets`**（每行一个加密字段：`name`、`type`、`encrypted`，通过 `entry_secrets` 中间表与 entry 建立 N:N 关联）。**唯一性**：`UNIQUE(user_id, folder, name)`（`user_id` 为空时为遗留行唯一 `(folder, name)`）。另有 `entries_history`、`secrets_history`、`audit_log`，以及 **`users`**（含 `key_salt`、`key_check`、`key_params`、`api_key`）、**`oauth_accounts`**。首次连库自动迁移建表（`secrets-core` 的 `migrate`）；已有库在进程启动时亦由同一 `migrate()` 增量补齐表、索引与 N:N 结构。若需从更早版本对照一次性 SQL，可在 git 历史中检索已移除的 `scripts/migrate-v0.3.0.sql`。**Web 登录会话**（tower-sessions）使用同一 `SECRETS_DATABASE_URL`，进程启动时对会话存储执行迁移（见 `secrets-mcp` 中 `PostgresStore::migrate`），无需额外环境变量。
 
 | 位置 | 字段 | 说明 |
 |------|------|------|
 | entries | folder | 组织/隔离空间，如 `refining`、`ricnsmart`；参与唯一键 |
-| entries | type | 软分类，如 `server`、`service`、`person`、`document`（可扩展，不参与唯一键） |
+| entries | type | 软分类，用户自定义，如 `server`、`service`、`account`、`person`、`document`（不参与唯一键） |
 | entries | name | 人类可读标识；与 `folder` 一起在用户内唯一 |
 | entries | notes | 非敏感说明文本 |
 | entries | metadata | 明文 JSON（ip、url、subtype 等） |
@@ -174,6 +195,10 @@ flowchart LR
 - 同一 secret 可被多个 entry 引用，删除某 entry 不会级联删除被共享的 secret
 - 当 secret 不再被任何 entry 引用时，自动清理（`NOT EXISTS` 子查询）
 
+### 类型（Type）
+
+`type` 字段用于软分类，由用户自由填写，不做任何自动转换或归一化。常见示例：`server`、`service`、`account`、`person`、`document`，但任何值均可接受。
+
 ## 审计日志
 
 `add`、`update`、`delete` 等写操作写入 **`audit_log`**（操作类型、对象、摘要，不含 secret 明文）。多租户场景下可写 **`user_id`**（可空，兼容遗留行）。
@@ -191,10 +216,18 @@ LIMIT 20;
 ```
 Cargo.toml
 crates/secrets-core/     # db / crypto / models / audit / service
+  src/
+    taxonomy.rs          # SECRET_TYPE_OPTIONS（secret 字段类型下拉选项）
+    service/             # 业务逻辑（add, search, update, delete, export, env_map 等）
 crates/secrets-mcp/     # MCP HTTP、Web、OAuth、API Key
 scripts/
-  migrate-v0.3.0.sql    # 可选：手动 SQL 迁移（namespace/kind → folder/type、唯一键含 folder）
-deploy/                 # systemd、.env 示例
+  release-check.sh      # 发版前 fmt / clippy / test
+  setup-gitea-actions.sh
+  sync-test-to-prod.sh  # 测试库同步到生产（按需）
+deploy/
+  .env.example          # 环境变量模板
+  secrets-mcp.service   # systemd 服务文件（生产部署用）
+  postgres-tls-hardening.md  # PostgreSQL TLS 加固运维手册
 ```
 
 ## CI/CD（Gitea Actions）

crates/secrets-core/src/crypto.rs

@@ -5,6 +5,8 @@ use aes_gcm::{
 use anyhow::{Context, Result, bail};
 use serde_json::Value;
 
+use crate::error::AppError;
+
 const NONCE_LEN: usize = 12;
 
 // ─── AES-256-GCM encrypt / decrypt ───────────────────────────────────────────
@@ -38,7 +40,7 @@ pub fn decrypt(master_key: &[u8; 32], data: &[u8]) -> Result<Vec<u8>> {
     let nonce = Nonce::from_slice(nonce_bytes);
     cipher
         .decrypt(nonce, ciphertext)
-        .map_err(|_| anyhow::anyhow!("decryption failed — wrong master key or corrupted data"))
+        .map_err(|_| AppError::DecryptionFailed.into())
 }
 
 // ─── JSON helpers ─────────────────────────────────────────────────────────────

crates/secrets-core/src/db.rs

@@ -36,12 +36,31 @@ fn build_connect_options(config: &DatabaseConfig) -> Result<PgConnectOptions> {
 pub async fn create_pool(config: &DatabaseConfig) -> Result<PgPool> {
     tracing::debug!("connecting to database");
     let connect_options = build_connect_options(config)?;
+
+    // Connection pool configuration from environment
+    let max_connections = std::env::var("SECRETS_DATABASE_POOL_SIZE")
+        .ok()
+        .and_then(|v| v.parse::<u32>().ok())
+        .unwrap_or(10);
+
+    let acquire_timeout_secs = std::env::var("SECRETS_DATABASE_ACQUIRE_TIMEOUT")
+        .ok()
+        .and_then(|v| v.parse::<u64>().ok())
+        .unwrap_or(5);
+
     let pool = PgPoolOptions::new()
-        .max_connections(10)
-        .acquire_timeout(std::time::Duration::from_secs(5))
+        .max_connections(max_connections)
+        .acquire_timeout(std::time::Duration::from_secs(acquire_timeout_secs))
+        .max_lifetime(std::time::Duration::from_secs(1800)) // 30 minutes
+        .idle_timeout(std::time::Duration::from_secs(600)) // 10 minutes
         .connect_with(connect_options)
         .await?;
-    tracing::debug!("database connection established");
+
+    tracing::debug!(
+        max_connections,
+        acquire_timeout_secs,
+        "database connection established"
+    );
     Ok(pool)
 }
 

crates/secrets-core/src/error.rs

@@ -15,12 +15,30 @@ pub enum AppError {
     #[error("Entry not found")]
     NotFoundEntry,
 
+    #[error("User not found")]
+    NotFoundUser,
+
+    #[error("Secret not found")]
+    NotFoundSecret,
+
+    #[error("Authentication failed")]
+    AuthenticationFailed,
+
+    #[error("Unauthorized: insufficient permissions")]
+    Unauthorized,
+
     #[error("Validation failed: {message}")]
     Validation { message: String },
 
     #[error("Concurrent modification detected")]
     ConcurrentModification,
 
+    #[error("Decryption failed — the encryption key may be incorrect")]
+    DecryptionFailed,
+
+    #[error("Encryption key not set — user must set passphrase first")]
+    EncryptionKeyNotSet,
+
     #[error(transparent)]
     Internal(#[from] anyhow::Error),
 }
@@ -116,6 +134,18 @@ mod tests {
         let err = AppError::NotFoundEntry;
         assert_eq!(err.to_string(), "Entry not found");
 
+        let err = AppError::NotFoundUser;
+        assert_eq!(err.to_string(), "User not found");
+
+        let err = AppError::NotFoundSecret;
+        assert_eq!(err.to_string(), "Secret not found");
+
+        let err = AppError::AuthenticationFailed;
+        assert_eq!(err.to_string(), "Authentication failed");
+
+        let err = AppError::Unauthorized;
+        assert!(err.to_string().contains("Unauthorized"));
+
         let err = AppError::Validation {
             message: "too long".to_string(),
         };
@@ -123,6 +153,9 @@ mod tests {
 
         let err = AppError::ConcurrentModification;
         assert!(err.to_string().contains("Concurrent modification"));
+
+        let err = AppError::EncryptionKeyNotSet;
+        assert!(err.to_string().contains("Encryption key not set"));
     }
 
     #[test]

crates/secrets-core/src/models.rs

@@ -4,7 +4,7 @@ use serde_json::Value;
 use std::collections::BTreeMap;
 use uuid::Uuid;
 
-/// A top-level entry (server, service, key, person, …).
+/// A top-level entry (server, service, account, person, …).
 /// Sensitive fields are stored separately in `secrets`.
 #[derive(Debug, Serialize, Deserialize, sqlx::FromRow)]
 pub struct Entry {

crates/secrets-core/src/service/add.rs

@@ -9,7 +9,6 @@ use crate::crypto;
 use crate::db;
 use crate::error::{AppError, DbErrorContext};
 use crate::models::EntryRow;
-use crate::taxonomy;
 
 // ── Key/value parsing helpers ─────────────────────────────────────────────────
 
@@ -186,11 +185,10 @@ pub struct AddParams<'a> {
 }
 
 pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) -> Result<AddResult> {
-    let Value::Object(mut metadata_map) = build_json(params.meta_entries)? else {
+    let Value::Object(metadata_map) = build_json(params.meta_entries)? else {
         unreachable!("build_json always returns a JSON object");
     };
-    let normalized_entry_type =
-        taxonomy::normalize_entry_type_and_metadata(params.entry_type, &mut metadata_map);
+    let entry_type = params.entry_type.trim();
     let metadata = Value::Object(metadata_map);
     let secret_json = build_json(params.secret_entries)?;
     let meta_keys = collect_key_paths(params.meta_entries)?;
@@ -232,7 +230,7 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
                 entry_id: ex.id,
                 user_id: params.user_id,
                 folder: params.folder,
-                entry_type: &normalized_entry_type,
+                entry_type,
                 name: params.name,
                 version: ex.version,
                 action: "add",
@@ -262,7 +260,7 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
         )
         .bind(uid)
         .bind(params.folder)
-        .bind(&normalized_entry_type)
+        .bind(entry_type)
         .bind(params.name)
         .bind(params.notes)
         .bind(params.tags)
@@ -285,7 +283,7 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
                RETURNING id"#,
         )
         .bind(params.folder)
-        .bind(&normalized_entry_type)
+        .bind(entry_type)
         .bind(params.name)
         .bind(params.notes)
         .bind(params.tags)
@@ -307,7 +305,7 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
                 entry_id,
                 user_id: params.user_id,
                 folder: params.folder,
-                entry_type: &normalized_entry_type,
+                entry_type,
                 name: params.name,
                 version: current_entry_version,
                 action: "create",
@@ -434,7 +432,7 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
         params.user_id,
         "add",
         params.folder,
-        &normalized_entry_type,
+        entry_type,
         params.name,
         serde_json::json!({
             "tags": params.tags,
@@ -449,7 +447,7 @@ pub async fn run(pool: &PgPool, params: AddParams<'_>, master_key: &[u8; 32]) ->
     Ok(AddResult {
         name: params.name.to_string(),
         folder: params.folder.to_string(),
-        entry_type: normalized_entry_type,
+        entry_type: entry_type.to_string(),
         tags: params.tags.to_vec(),
         meta_keys,
         secret_keys,

crates/secrets-core/src/service/api_key.rs

@@ -2,6 +2,8 @@ use anyhow::Result;
 use sqlx::PgPool;
 use uuid::Uuid;
 
+use crate::error::AppError;
+
 const KEY_PREFIX: &str = "sk_";
 
 /// Generate a new API key: `sk_<64 hex chars>` = 67 characters total.
@@ -14,23 +16,32 @@ pub fn generate_api_key() -> String {
 }
 
 /// Return the user's existing API key, or generate and store a new one if NULL.
+/// Uses a transaction with atomic update to prevent TOCTOU race conditions.
 pub async fn ensure_api_key(pool: &PgPool, user_id: Uuid) -> Result<String> {
-    let existing: Option<(Option<String>,)> =
-        sqlx::query_as("SELECT api_key FROM users WHERE id = $1")
-            .bind(user_id)
-            .fetch_optional(pool)
-            .await?;
+    let mut tx = pool.begin().await?;
 
-    if let Some((Some(key),)) = existing {
+    // Lock the row and check existing key
+    let existing: (Option<String>,) =
+        sqlx::query_as("SELECT api_key FROM users WHERE id = $1 FOR UPDATE")
+            .bind(user_id)
+            .fetch_optional(&mut *tx)
+            .await?
+            .ok_or(AppError::NotFoundUser)?;
+
+    if let Some(key) = existing.0 {
+        tx.commit().await?;
         return Ok(key);
     }
 
+    // Generate and store new key atomically
     let new_key = generate_api_key();
     sqlx::query("UPDATE users SET api_key = $1 WHERE id = $2")
         .bind(&new_key)
         .bind(user_id)
-        .execute(pool)
+        .execute(&mut *tx)
         .await?;
+
+    tx.commit().await?;
     Ok(new_key)
 }
 

crates/secrets-core/src/service/update.rs

@@ -11,7 +11,6 @@ use crate::service::add::{
     collect_field_paths, collect_key_paths, flatten_json_fields, insert_path, parse_key_path,
     parse_kv, remove_path,
 };
-use crate::taxonomy;
 
 #[derive(Debug, serde::Serialize)]
 pub struct UpdateResult {
@@ -25,6 +24,8 @@ pub struct UpdateResult {
     pub remove_meta: Vec<String>,
     pub secret_keys: Vec<String>,
     pub remove_secrets: Vec<String>,
+    pub linked_secrets: Vec<String>,
+    pub unlinked_secrets: Vec<String>,
 }
 
 pub struct UpdateParams<'a> {
@@ -39,6 +40,8 @@ pub struct UpdateParams<'a> {
     pub secret_entries: &'a [String],
     pub secret_types: &'a std::collections::HashMap<String, String>,
     pub remove_secrets: &'a [String],
+    pub link_secret_names: &'a [String],
+    pub unlink_secret_names: &'a [String],
     pub user_id: Option<Uuid>,
 }
 
@@ -295,6 +298,101 @@ pub async fn run(
         }
     }
 
+    // Link existing secrets by name
+    let mut linked_secrets = Vec::new();
+    for link_name in params.link_secret_names {
+        let link_name = link_name.trim();
+        if link_name.is_empty() {
+            anyhow::bail!("link_secret_names contains an empty name");
+        }
+        let secret_ids: Vec<Uuid> = if let Some(uid) = params.user_id {
+            sqlx::query_scalar("SELECT id FROM secrets WHERE user_id = $1 AND name = $2")
+                .bind(uid)
+                .bind(link_name)
+                .fetch_all(&mut *tx)
+                .await?
+        } else {
+            sqlx::query_scalar("SELECT id FROM secrets WHERE user_id IS NULL AND name = $1")
+                .bind(link_name)
+                .fetch_all(&mut *tx)
+                .await?
+        };
+
+        match secret_ids.len() {
+            0 => anyhow::bail!("Not found: secret named '{}'", link_name),
+            1 => {
+                sqlx::query(
+                    "INSERT INTO entry_secrets (entry_id, secret_id) VALUES ($1, $2) ON CONFLICT DO NOTHING",
+                )
+                .bind(row.id)
+                .bind(secret_ids[0])
+                .execute(&mut *tx)
+                .await?;
+                linked_secrets.push(link_name.to_string());
+            }
+            n => anyhow::bail!(
+                "Ambiguous: {} secrets named '{}' found. Please deduplicate names first.",
+                n,
+                link_name
+            ),
+        }
+    }
+
+    // Unlink secrets by name
+    let mut unlinked_secrets = Vec::new();
+    for unlink_name in params.unlink_secret_names {
+        let unlink_name = unlink_name.trim();
+        if unlink_name.is_empty() {
+            continue;
+        }
+
+        #[derive(sqlx::FromRow)]
+        struct SecretToUnlink {
+            id: Uuid,
+            encrypted: Vec<u8>,
+        }
+        let secret: Option<SecretToUnlink> = sqlx::query_as(
+            "SELECT s.id, s.encrypted \
+             FROM entry_secrets es \
+             JOIN secrets s ON s.id = es.secret_id \
+             WHERE es.entry_id = $1 AND s.name = $2",
+        )
+        .bind(row.id)
+        .bind(unlink_name)
+        .fetch_optional(&mut *tx)
+        .await?;
+
+        if let Some(s) = secret {
+            if let Err(e) = db::snapshot_secret_history(
+                &mut tx,
+                db::SecretSnapshotParams {
+                    secret_id: s.id,
+                    name: unlink_name,
+                    encrypted: &s.encrypted,
+                    action: "delete",
+                },
+            )
+            .await
+            {
+                tracing::warn!(error = %e, "failed to snapshot secret field history before unlink");
+            }
+            sqlx::query("DELETE FROM entry_secrets WHERE entry_id = $1 AND secret_id = $2")
+                .bind(row.id)
+                .bind(s.id)
+                .execute(&mut *tx)
+                .await?;
+            sqlx::query(
+                "DELETE FROM secrets s \
+                 WHERE s.id = $1 \
+                   AND NOT EXISTS (SELECT 1 FROM entry_secrets es WHERE es.secret_id = s.id)",
+            )
+            .bind(s.id)
+            .execute(&mut *tx)
+            .await?;
+            unlinked_secrets.push(unlink_name.to_string());
+        }
+    }
+
     let meta_keys = collect_key_paths(params.meta_entries)?;
     let remove_meta_keys = collect_field_paths(params.remove_meta)?;
     let secret_keys = collect_key_paths(params.secret_entries)?;
@@ -314,6 +412,8 @@ pub async fn run(
             "remove_meta": remove_meta_keys,
             "secret_keys": secret_keys,
             "remove_secrets": remove_secret_keys,
+            "linked_secrets": linked_secrets,
+            "unlinked_secrets": unlinked_secrets,
         }),
     )
     .await;
@@ -330,6 +430,8 @@ pub async fn run(
         remove_meta: remove_meta_keys,
         secret_keys,
         remove_secrets: remove_secret_keys,
+        linked_secrets,
+        unlinked_secrets,
     })
 }
 
@@ -398,13 +500,7 @@ pub async fn update_fields_by_id(
         tracing::warn!(error = %e, "failed to snapshot entry history before web update");
     }
 
-    let mut metadata_map = match params.metadata {
-        Value::Object(m) => m.clone(),
-        _ => Map::new(),
-    };
-    let normalized_type =
-        taxonomy::normalize_entry_type_and_metadata(params.entry_type, &mut metadata_map);
-    let normalized_metadata = Value::Object(metadata_map);
+    let entry_type = params.entry_type.trim();
 
     let res = sqlx::query(
         "UPDATE entries SET folder = $1, type = $2, name = $3, notes = $4, tags = $5, metadata = $6, \
@@ -412,11 +508,11 @@ pub async fn update_fields_by_id(
          WHERE id = $7 AND version = $8",
     )
     .bind(params.folder)
-    .bind(&normalized_type)
+    .bind(entry_type)
     .bind(params.name)
     .bind(params.notes)
     .bind(params.tags)
-    .bind(&normalized_metadata)
+    .bind(params.metadata)
     .bind(row.id)
     .bind(row.version)
     .execute(&mut *tx)
@@ -443,7 +539,7 @@ pub async fn update_fields_by_id(
         Some(user_id),
         "update",
         params.folder,
-        &normalized_type,
+        entry_type,
         params.name,
         serde_json::json!({
             "source": "web",

crates/secrets-core/src/service/user.rs

@@ -16,14 +16,17 @@ pub struct OAuthProfile {
 /// Find or create a user from an OAuth profile.
 /// Returns (user, is_new) where is_new indicates first-time registration.
 pub async fn find_or_create_user(pool: &PgPool, profile: OAuthProfile) -> Result<(User, bool)> {
-    // Check if this OAuth account already exists
+    // Use a transaction with FOR UPDATE to prevent TOCTOU race conditions
+    let mut tx = pool.begin().await?;
+
+    // Check if this OAuth account already exists (with row lock)
     let existing: Option<OauthAccount> = sqlx::query_as(
         "SELECT id, user_id, provider, provider_id, email, name, avatar_url, created_at \
-         FROM oauth_accounts WHERE provider = $1 AND provider_id = $2",
+         FROM oauth_accounts WHERE provider = $1 AND provider_id = $2 FOR UPDATE",
     )
     .bind(&profile.provider)
     .bind(&profile.provider_id)
-    .fetch_optional(pool)
+    .fetch_optional(&mut *tx)
     .await?;
 
     if let Some(oa) = existing {
@@ -32,8 +35,9 @@ pub async fn find_or_create_user(pool: &PgPool, profile: OAuthProfile) -> Result
              FROM users WHERE id = $1",
         )
         .bind(oa.user_id)
-        .fetch_one(pool)
+        .fetch_one(&mut *tx)
         .await?;
+        tx.commit().await?;
         return Ok((user, false));
     }
 
@@ -43,8 +47,6 @@ pub async fn find_or_create_user(pool: &PgPool, profile: OAuthProfile) -> Result
         .clone()
         .unwrap_or_else(|| profile.email.clone().unwrap_or_else(|| "User".to_string()));
 
-    let mut tx = pool.begin().await?;
-
     let user: User = sqlx::query_as(
         "INSERT INTO users (email, name, avatar_url) \
          VALUES ($1, $2, $3) \
@@ -125,13 +127,16 @@ pub async fn bind_oauth_account(
     user_id: Uuid,
     profile: OAuthProfile,
 ) -> Result<OauthAccount> {
-    // Check if this provider_id is already linked to someone else
+    // Use a transaction with FOR UPDATE to prevent TOCTOU race conditions
+    let mut tx = pool.begin().await?;
+
+    // Check if this provider_id is already linked to someone else (with row lock)
     let conflict: Option<(Uuid,)> = sqlx::query_as(
-        "SELECT user_id FROM oauth_accounts WHERE provider = $1 AND provider_id = $2",
+        "SELECT user_id FROM oauth_accounts WHERE provider = $1 AND provider_id = $2 FOR UPDATE",
     )
     .bind(&profile.provider)
     .bind(&profile.provider_id)
-    .fetch_optional(pool)
+    .fetch_optional(&mut *tx)
     .await?;
 
     if let Some((existing_user_id,)) = conflict {
@@ -148,11 +153,11 @@ pub async fn bind_oauth_account(
     }
 
     let existing_provider_for_user: Option<(String,)> = sqlx::query_as(
-        "SELECT provider_id FROM oauth_accounts WHERE user_id = $1 AND provider = $2",
+        "SELECT provider_id FROM oauth_accounts WHERE user_id = $1 AND provider = $2 FOR UPDATE",
     )
     .bind(user_id)
     .bind(&profile.provider)
-    .fetch_optional(pool)
+    .fetch_optional(&mut *tx)
     .await?;
 
     if existing_provider_for_user.is_some() {
@@ -174,9 +179,10 @@ pub async fn bind_oauth_account(
     .bind(&profile.email)
     .bind(&profile.name)
     .bind(&profile.avatar_url)
-    .fetch_one(pool)
+    .fetch_one(&mut *tx)
     .await?;
 
+    tx.commit().await?;
     Ok(account)
 }
 

crates/secrets-core/src/taxonomy.rs

@@ -1,111 +1,4 @@
-use serde_json::{Map, Value};
-
-fn normalize_token(input: &str) -> String {
-    input.trim().to_lowercase().replace('_', "-")
-}
-
-fn normalize_subtype_token(input: &str) -> String {
-    normalize_token(input)
-}
-
-fn map_legacy_entry_type(input: &str) -> Option<(&'static str, &'static str)> {
-    match input {
-        "log-ingestion-endpoint" => Some(("service", "log-ingestion")),
-        "cloud-api" => Some(("service", "cloud-api")),
-        "git-server" => Some(("service", "git")),
-        "mqtt-broker" => Some(("service", "mqtt-broker")),
-        "database" => Some(("service", "database")),
-        "monitoring-dashboard" => Some(("service", "monitoring")),
-        "dns-api" => Some(("service", "dns-api")),
-        "notification-webhook" => Some(("service", "webhook")),
-        "api-endpoint" => Some(("service", "api-endpoint")),
-        "credential" | "credential-key" => Some(("service", "credential")),
-        "key" => Some(("service", "credential")),
-        _ => None,
-    }
-}
-
-/// Normalize entry `type` and optionally backfill `metadata.subtype` for legacy values.
-///
-/// This keeps backward compatibility:
-/// - stable primary types stay unchanged
-/// - known legacy long-tail types are mapped to `service` + `metadata.subtype`
-/// - unknown values are kept (normalized to kebab-case) instead of hard failing
-pub fn normalize_entry_type_and_metadata(
-    entry_type: &str,
-    metadata: &mut Map<String, Value>,
-) -> String {
-    let original_raw = entry_type.trim();
-    let normalized = normalize_token(original_raw);
-    if normalized.is_empty() {
-        return String::new();
-    }
-
-    if let Some((mapped_type, mapped_subtype)) = map_legacy_entry_type(&normalized) {
-        if !metadata.contains_key("subtype") {
-            metadata.insert(
-                "subtype".to_string(),
-                Value::String(mapped_subtype.to_string()),
-            );
-        }
-        if !metadata.contains_key("_original_type") && original_raw != mapped_type {
-            metadata.insert(
-                "_original_type".to_string(),
-                Value::String(original_raw.to_string()),
-            );
-        }
-        return mapped_type.to_string();
-    }
-
-    if let Some(subtype) = metadata.get_mut("subtype")
-        && let Some(s) = subtype.as_str()
-    {
-        *subtype = Value::String(normalize_subtype_token(s));
-    }
-
-    normalized
-}
-
 /// Canonical secret type options for UI dropdowns.
 pub const SECRET_TYPE_OPTIONS: &[&str] = &[
     "text", "password", "token", "api-key", "ssh-key", "url", "phone", "id-card",
 ];
-
-#[cfg(test)]
-mod tests {
-    use super::*;
-    use serde_json::{Map, Value};
-
-    #[test]
-    fn normalize_entry_type_maps_legacy_type_and_backfills_metadata() {
-        let mut metadata = Map::new();
-        let normalized = normalize_entry_type_and_metadata("git-server", &mut metadata);
-
-        assert_eq!(normalized, "service");
-        assert_eq!(
-            metadata.get("subtype"),
-            Some(&Value::String("git".to_string()))
-        );
-        assert_eq!(
-            metadata.get("_original_type"),
-            Some(&Value::String("git-server".to_string()))
-        );
-    }
-
-    #[test]
-    fn normalize_entry_type_normalizes_existing_subtype() {
-        let mut metadata = Map::new();
-        metadata.insert(
-            "subtype".to_string(),
-            Value::String("Cloud_API".to_string()),
-        );
-
-        let normalized = normalize_entry_type_and_metadata("service", &mut metadata);
-
-        assert_eq!(normalized, "service");
-        assert_eq!(
-            metadata.get("subtype"),
-            Some(&Value::String("cloud-api".to_string()))
-        );
-    }
-}

crates/secrets-mcp/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "secrets-mcp"
-version = "0.4.0"
+version = "0.5.2"
 edition.workspace = true
 
 [[bin]]
@@ -17,9 +17,10 @@ rmcp = { version = "1", features = ["server", "macros", "transport-streamable-ht
 axum = "0.8"
 axum-extra = { version = "0.10", features = ["typed-header"] }
 tower = "0.5"
-tower-http = { version = "0.6", features = ["cors", "trace"] }
+tower-http = { version = "0.6", features = ["cors", "trace", "limit"] }
 tower-sessions = "0.14"
 tower-sessions-sqlx-store-chrono = { version = "0.14", features = ["postgres"] }
+governor = { version = "0.10", features = ["std", "jitter"] }
 time = "0.3"
 
 # OAuth (manual token exchange via reqwest)
@@ -44,3 +45,4 @@ dotenvy.workspace = true
 urlencoding = "2"
 schemars = "1"
 http = "1"
+url = "2"

crates/secrets-mcp/src/auth.rs

@@ -1,7 +1,5 @@
-use std::net::SocketAddr;
-
 use axum::{
-    extract::{ConnectInfo, Request, State},
+    extract::{Request, State},
     http::StatusCode,
     middleware::Next,
     response::Response,
@@ -11,29 +9,14 @@ use uuid::Uuid;
 
 use secrets_core::service::api_key::validate_api_key;
 
+use crate::client_ip;
+
 /// Injected into request extensions after Bearer token validation.
 #[derive(Clone, Debug)]
 pub struct AuthUser {
     pub user_id: Uuid,
 }
 
-fn log_client_ip(req: &Request) -> Option<String> {
-    if let Some(first) = req
-        .headers()
-        .get("x-forwarded-for")
-        .and_then(|v| v.to_str().ok())
-        .and_then(|s| s.split(',').next())
-    {
-        let s = first.trim();
-        if !s.is_empty() {
-            return Some(s.to_string());
-        }
-    }
-    req.extensions()
-        .get::<ConnectInfo<SocketAddr>>()
-        .map(|c| c.ip().to_string())
-}
-
 /// Axum middleware that validates Bearer API keys for the /mcp route.
 /// Passes all non-MCP paths through without authentication.
 pub async fn bearer_auth_middleware(
@@ -43,7 +26,7 @@ pub async fn bearer_auth_middleware(
 ) -> Result<Response, StatusCode> {
     let path = req.uri().path();
     let method = req.method().as_str();
-    let client_ip = log_client_ip(&req);
+    let client_ip = client_ip::extract_client_ip(&req);
 
     // Only authenticate /mcp paths
     if !path.starts_with("/mcp") {
@@ -66,7 +49,7 @@ pub async fn bearer_auth_middleware(
             tracing::warn!(
                 method,
                 path,
-                client_ip = client_ip.as_deref(),
+                %client_ip,
                 "invalid Authorization header format on /mcp (expected Bearer …)"
             );
             return Err(StatusCode::UNAUTHORIZED);
@@ -75,7 +58,7 @@ pub async fn bearer_auth_middleware(
             tracing::warn!(
                 method,
                 path,
-                client_ip = client_ip.as_deref(),
+                %client_ip,
                 "missing Authorization header on /mcp"
             );
             return Err(StatusCode::UNAUTHORIZED);
@@ -93,7 +76,7 @@ pub async fn bearer_auth_middleware(
             tracing::warn!(
                 method,
                 path,
-                client_ip = client_ip.as_deref(),
+                %client_ip,
                 key_prefix = %&raw_key.chars().take(12).collect::<String>(),
                 key_len = raw_key.len(),
                 "invalid api key (not found in database — e.g. revoked key or DB was reset; update MCP client Bearer token)"
@@ -104,7 +87,7 @@ pub async fn bearer_auth_middleware(
             tracing::error!(
                 method,
                 path,
-                client_ip = client_ip.as_deref(),
+                %client_ip,
                 error = %e,
                 "api key validation error"
             );

crates/secrets-mcp/src/client_ip.rs

@@ -0,0 +1,65 @@
+use axum::extract::Request;
+use std::net::{IpAddr, SocketAddr};
+
+/// Extract the client IP from a request.
+///
+/// When the `TRUST_PROXY` environment variable is set to `1` or `true`, the
+/// `X-Forwarded-For` and `X-Real-IP` headers are consulted first, which is
+/// appropriate when the service runs behind a trusted reverse proxy (e.g.
+/// Caddy). Otherwise — or if those headers are absent/empty — the direct TCP
+/// connection address from `ConnectInfo` is used.
+///
+/// **Important**: only enable `TRUST_PROXY` when the application is guaranteed
+/// to receive traffic exclusively through a controlled reverse proxy. Enabling
+/// it on a directly-exposed port allows clients to spoof their IP address and
+/// bypass per-IP rate limiting.
+pub fn extract_client_ip(req: &Request) -> String {
+    if trust_proxy_enabled() {
+        if let Some(ip) = forwarded_for_ip(req.headers()) {
+            return ip;
+        }
+        if let Some(ip) = real_ip(req.headers()) {
+            return ip;
+        }
+    }
+
+    connect_info_ip(req).unwrap_or_else(|| "unknown".to_string())
+}
+
+fn trust_proxy_enabled() -> bool {
+    static CACHE: std::sync::OnceLock<bool> = std::sync::OnceLock::new();
+    *CACHE.get_or_init(|| {
+        matches!(
+            std::env::var("TRUST_PROXY").as_deref(),
+            Ok("1") | Ok("true") | Ok("yes")
+        )
+    })
+}
+
+fn forwarded_for_ip(headers: &axum::http::HeaderMap) -> Option<String> {
+    let value = headers.get("x-forwarded-for")?.to_str().ok()?;
+    let first = value.split(',').next()?.trim();
+    if first.is_empty() {
+        None
+    } else {
+        validate_ip(first)
+    }
+}
+
+fn real_ip(headers: &axum::http::HeaderMap) -> Option<String> {
+    let value = headers.get("x-real-ip")?.to_str().ok()?;
+    let ip = value.trim();
+    if ip.is_empty() { None } else { validate_ip(ip) }
+}
+
+/// Validate that a string is a valid IP address.
+/// Returns Some(ip) if valid, None otherwise.
+fn validate_ip(s: &str) -> Option<String> {
+    s.parse::<IpAddr>().ok().map(|ip| ip.to_string())
+}
+
+fn connect_info_ip(req: &Request) -> Option<String> {
+    req.extensions()
+        .get::<axum::extract::ConnectInfo<SocketAddr>>()
+        .map(|c| c.0.ip().to_string())
+}

crates/secrets-mcp/src/error.rs

@@ -23,11 +23,29 @@ pub fn app_error_to_mcp(err: &AppError) -> rmcp::ErrorData {
             "Entry not found. Use secrets_find to discover existing entries.",
             None,
         ),
+        AppError::NotFoundUser => rmcp::ErrorData::invalid_request("User not found.", None),
+        AppError::NotFoundSecret => rmcp::ErrorData::invalid_request("Secret not found.", None),
+        AppError::AuthenticationFailed => rmcp::ErrorData::invalid_request(
+            "Authentication failed. Please check your API key or login credentials.",
+            None,
+        ),
+        AppError::Unauthorized => rmcp::ErrorData::invalid_request(
+            "Unauthorized: you do not have permission to access this resource.",
+            None,
+        ),
         AppError::Validation { message } => rmcp::ErrorData::invalid_request(message.clone(), None),
         AppError::ConcurrentModification => rmcp::ErrorData::invalid_request(
             "The entry was modified by another request. Please refresh and try again.",
             None,
         ),
+        AppError::DecryptionFailed => rmcp::ErrorData::invalid_request(
+            "Decryption failed — the encryption key may be incorrect or does not match the data.",
+            None,
+        ),
+        AppError::EncryptionKeyNotSet => rmcp::ErrorData::invalid_request(
+            "Encryption key not set. You must set a passphrase before using this feature.",
+            None,
+        ),
         AppError::Internal(_) => rmcp::ErrorData::internal_error(
             "Request failed due to a server error. Check service logs if you need details.",
             None,

crates/secrets-mcp/src/main.rs

@@ -1,8 +1,11 @@
 mod auth;
+mod client_ip;
 mod error;
 mod logging;
 mod oauth;
+mod rate_limit;
 mod tools;
+mod validation;
 mod web;
 
 use std::net::SocketAddr;
@@ -153,10 +156,43 @@ async fn main() -> Result<()> {
     );
 
     // ── Router ────────────────────────────────────────────────────────────────
-    let cors = CorsLayer::new()
-        .allow_origin(Any)
-        .allow_methods(Any)
-        .allow_headers(Any);
+    // CORS: restrict origins in production, allow all in development
+    let is_production = matches!(
+        load_env_var("SECRETS_ENV")
+            .as_deref()
+            .map(|s| s.to_ascii_lowercase())
+            .as_deref(),
+        Some("prod" | "production")
+    );
+
+    let cors = if is_production {
+        // Only use the origin part (scheme://host:port) of BASE_URL for CORS.
+        // Browsers send Origin without path, so including a path would cause mismatches.
+        let allowed_origin = if let Ok(parsed) = base_url.parse::<url::Url>() {
+            let origin = parsed.origin().ascii_serialization();
+            origin
+                .parse::<axum::http::HeaderValue>()
+                .unwrap_or_else(|_| panic!("invalid BASE_URL origin: {}", origin))
+        } else {
+            base_url
+                .parse::<axum::http::HeaderValue>()
+                .unwrap_or_else(|_| panic!("invalid BASE_URL: {}", base_url))
+        };
+        CorsLayer::new()
+            .allow_origin(allowed_origin)
+            .allow_methods(Any)
+            .allow_headers(Any)
+            .allow_credentials(true)
+    } else {
+        CorsLayer::new()
+            .allow_origin(Any)
+            .allow_methods(Any)
+            .allow_headers(Any)
+    };
+
+    // Rate limiting
+    let rate_limit_state = rate_limit::RateLimitState::new();
+    let rate_limit_cleanup = rate_limit::spawn_cleanup_task(rate_limit_state.ip_limiter.clone());
 
     let router = Router::new()
         .merge(web::web_router())
@@ -168,6 +204,10 @@ async fn main() -> Result<()> {
             pool,
             auth::bearer_auth_middleware,
         ))
+        .layer(axum::middleware::from_fn_with_state(
+            rate_limit_state.clone(),
+            rate_limit::rate_limit_middleware,
+        ))
         .layer(session_layer)
         .layer(cors)
         .with_state(app_state);
@@ -192,12 +232,28 @@ async fn main() -> Result<()> {
     .context("server error")?;
 
     session_cleanup.abort();
+    rate_limit_cleanup.abort();
     Ok(())
 }
 
 async fn shutdown_signal() {
-    tokio::signal::ctrl_c()
-        .await
-        .expect("failed to install CTRL+C signal handler");
+    let ctrl_c = tokio::signal::ctrl_c();
+
+    #[cfg(unix)]
+    let terminate = async {
+        tokio::signal::unix::signal(tokio::signal::unix::SignalKind::terminate())
+            .expect("failed to install SIGTERM handler")
+            .recv()
+            .await;
+    };
+
+    #[cfg(not(unix))]
+    let terminate = std::future::pending::<()>();
+
+    tokio::select! {
+        _ = ctrl_c => {},
+        _ = terminate => {},
+    }
+
     tracing::info!("Shutting down gracefully...");
 }

crates/secrets-mcp/src/rate_limit.rs

@@ -0,0 +1,160 @@
+use std::num::NonZeroU32;
+use std::sync::Arc;
+use std::time::Duration;
+
+use axum::{
+    extract::{Request, State},
+    http::{HeaderMap, HeaderValue, StatusCode},
+    middleware::Next,
+    response::{IntoResponse, Response},
+};
+use governor::{
+    Quota, RateLimiter,
+    clock::{Clock, DefaultClock},
+    state::{InMemoryState, NotKeyed, keyed::DashMapStateStore},
+};
+use serde_json::json;
+
+use crate::client_ip;
+
+/// Per-IP rate limiter (keyed by client IP string)
+type IpRateLimiter = RateLimiter<String, DashMapStateStore<String>, DefaultClock>;
+
+/// Global rate limiter (not keyed)
+type GlobalRateLimiter = RateLimiter<NotKeyed, InMemoryState, DefaultClock>;
+
+/// Parse a u32 env value into NonZeroU32, logging a warning and falling back
+/// to the default if the value is zero.
+fn nz_or_log(value: u32, default: u32, name: &str) -> NonZeroU32 {
+    NonZeroU32::new(value).unwrap_or_else(|| {
+        tracing::warn!(
+            configured = value,
+            default,
+            "{name} must be non-zero, using default"
+        );
+        NonZeroU32::new(default).unwrap()
+    })
+}
+
+#[derive(Clone)]
+pub struct RateLimitState {
+    pub ip_limiter: Arc<IpRateLimiter>,
+    pub global_limiter: Arc<GlobalRateLimiter>,
+}
+
+impl RateLimitState {
+    /// Create a new RateLimitState with default limits.
+    ///
+    /// Default limits (can be overridden via environment variables):
+    /// - Global: 100 req/s, burst 200
+    /// - Per-IP: 20 req/s, burst 40
+    pub fn new() -> Self {
+        let global_rate = std::env::var("RATE_LIMIT_GLOBAL_PER_SECOND")
+            .ok()
+            .and_then(|v| v.parse::<u32>().ok())
+            .unwrap_or(100);
+
+        let global_burst = std::env::var("RATE_LIMIT_GLOBAL_BURST")
+            .ok()
+            .and_then(|v| v.parse::<u32>().ok())
+            .unwrap_or(200);
+
+        let ip_rate = std::env::var("RATE_LIMIT_IP_PER_SECOND")
+            .ok()
+            .and_then(|v| v.parse::<u32>().ok())
+            .unwrap_or(20);
+
+        let ip_burst = std::env::var("RATE_LIMIT_IP_BURST")
+            .ok()
+            .and_then(|v| v.parse::<u32>().ok())
+            .unwrap_or(40);
+
+        let global_rate_nz = nz_or_log(global_rate, 100, "RATE_LIMIT_GLOBAL_PER_SECOND");
+        let global_burst_nz = nz_or_log(global_burst, 200, "RATE_LIMIT_GLOBAL_BURST");
+        let ip_rate_nz = nz_or_log(ip_rate, 20, "RATE_LIMIT_IP_PER_SECOND");
+        let ip_burst_nz = nz_or_log(ip_burst, 40, "RATE_LIMIT_IP_BURST");
+
+        let global_quota = Quota::per_second(global_rate_nz).allow_burst(global_burst_nz);
+        let ip_quota = Quota::per_second(ip_rate_nz).allow_burst(ip_burst_nz);
+
+        tracing::info!(
+            global_rate = global_rate_nz.get(),
+            global_burst = global_burst_nz.get(),
+            ip_rate = ip_rate_nz.get(),
+            ip_burst = ip_burst_nz.get(),
+            "rate limiter initialized"
+        );
+
+        Self {
+            global_limiter: Arc::new(RateLimiter::direct(global_quota)),
+            ip_limiter: Arc::new(RateLimiter::dashmap(ip_quota)),
+        }
+    }
+}
+
+/// Rate limiting middleware function.
+///
+/// Checks both global and per-IP rate limits before allowing the request through.
+/// Returns 429 Too Many Requests if either limit is exceeded.
+pub async fn rate_limit_middleware(
+    State(rl): State<RateLimitState>,
+    req: Request,
+    next: Next,
+) -> Result<Response, Response> {
+    // Check global rate limit first
+    if let Err(negative) = rl.global_limiter.check() {
+        let retry_after = negative.wait_time_from(DefaultClock::default().now());
+        tracing::warn!(
+            retry_after_secs = retry_after.as_secs(),
+            "global rate limit exceeded"
+        );
+        return Err(too_many_requests_response(Some(retry_after)));
+    }
+
+    // Check per-IP rate limit
+    let key = client_ip::extract_client_ip(&req);
+    if let Err(negative) = rl.ip_limiter.check_key(&key) {
+        let retry_after = negative.wait_time_from(DefaultClock::default().now());
+        tracing::warn!(
+            client_ip = %key,
+            retry_after_secs = retry_after.as_secs(),
+            "per-IP rate limit exceeded"
+        );
+        return Err(too_many_requests_response(Some(retry_after)));
+    }
+
+    Ok(next.run(req).await)
+}
+
+/// Start a background task to clean up expired rate limiter entries.
+///
+/// This should be called once during application startup.
+/// The task runs every 60 seconds and will be aborted on shutdown.
+pub fn spawn_cleanup_task(ip_limiter: Arc<IpRateLimiter>) -> tokio::task::JoinHandle<()> {
+    tokio::spawn(async move {
+        let mut interval = tokio::time::interval(Duration::from_secs(60));
+        loop {
+            interval.tick().await;
+            ip_limiter.retain_recent();
+        }
+    })
+}
+
+/// Create a 429 Too Many Requests response.
+fn too_many_requests_response(retry_after: Option<Duration>) -> Response {
+    let mut headers = HeaderMap::new();
+    headers.insert("Content-Type", HeaderValue::from_static("application/json"));
+
+    if let Some(duration) = retry_after {
+        let secs = duration.as_secs().max(1);
+        if let Ok(value) = HeaderValue::from_str(&secs.to_string()) {
+            headers.insert("Retry-After", value);
+        }
+    }
+
+    let body = json!({
+        "error": "Too many requests, please try again later"
+    });
+
+    (StatusCode::TOO_MANY_REQUESTS, headers, body.to_string()).into_response()
+}

crates/secrets-mcp/src/tools.rs

@@ -13,11 +13,155 @@ use rmcp::{
     tool, tool_handler, tool_router,
 };
 use schemars::JsonSchema;
-use serde::Deserialize;
+use serde::{Deserialize, Deserializer, de};
 use serde_json::{Map, Value};
 use sqlx::PgPool;
 use uuid::Uuid;
 
+use crate::validation;
+
+// ── Serde helpers for numeric parameters that may arrive as strings ──────────
+
+mod deser {
+    use super::*;
+
+    /// Deserialize a value that may come as a JSON number or a JSON string.
+    pub fn option_u32_from_string<'de, D>(deserializer: D) -> Result<Option<u32>, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        #[derive(Deserialize)]
+        #[serde(untagged)]
+        enum NumOrStr {
+            Num(u32),
+            Str(String),
+        }
+
+        match Option::<NumOrStr>::deserialize(deserializer)? {
+            None => Ok(None),
+            Some(NumOrStr::Num(n)) => Ok(Some(n)),
+            Some(NumOrStr::Str(s)) => {
+                if s.is_empty() {
+                    return Ok(None);
+                }
+                s.parse::<u32>().map(Some).map_err(de::Error::custom)
+            }
+        }
+    }
+
+    /// Deserialize an i64 that may come as a JSON number or a JSON string.
+    pub fn option_i64_from_string<'de, D>(deserializer: D) -> Result<Option<i64>, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        #[derive(Deserialize)]
+        #[serde(untagged)]
+        enum NumOrStr {
+            Num(i64),
+            Str(String),
+        }
+
+        match Option::<NumOrStr>::deserialize(deserializer)? {
+            None => Ok(None),
+            Some(NumOrStr::Num(n)) => Ok(Some(n)),
+            Some(NumOrStr::Str(s)) => {
+                if s.is_empty() {
+                    return Ok(None);
+                }
+                s.parse::<i64>().map(Some).map_err(de::Error::custom)
+            }
+        }
+    }
+
+    /// Deserialize a bool that may come as a JSON bool or a JSON string ("true"/"false").
+    pub fn option_bool_from_string<'de, D>(deserializer: D) -> Result<Option<bool>, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        #[derive(Deserialize)]
+        #[serde(untagged)]
+        enum BoolOrStr {
+            Bool(bool),
+            Str(String),
+        }
+
+        match Option::<BoolOrStr>::deserialize(deserializer)? {
+            None => Ok(None),
+            Some(BoolOrStr::Bool(b)) => Ok(Some(b)),
+            Some(BoolOrStr::Str(s)) => {
+                if s.is_empty() {
+                    return Ok(None);
+                }
+                s.parse::<bool>().map(Some).map_err(de::Error::custom)
+            }
+        }
+    }
+
+    /// Deserialize a Vec<String> that may come as a JSON array or a JSON string containing an array.
+    pub fn option_vec_string_from_string<'de, D>(
+        deserializer: D,
+    ) -> Result<Option<Vec<String>>, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        #[derive(Deserialize)]
+        #[serde(untagged)]
+        enum VecOrStr {
+            Vec(Vec<String>),
+            Str(String),
+        }
+
+        match Option::<VecOrStr>::deserialize(deserializer)? {
+            None => Ok(None),
+            Some(VecOrStr::Vec(v)) => Ok(Some(v)),
+            Some(VecOrStr::Str(s)) => {
+                if s.is_empty() {
+                    return Ok(None);
+                }
+                serde_json::from_str(&s)
+                    .map(Some)
+                    .map_err(|e| {
+                        de::Error::custom(format!(
+                            "invalid string value for array field: expected a JSON array, e.g. '[\"a\",\"b\"]': {e}"
+                        ))
+                    })
+            }
+        }
+    }
+
+    /// Deserialize a Map<String, Value> that may come as a JSON object or a JSON string containing an object.
+    pub fn option_map_from_string<'de, D>(
+        deserializer: D,
+    ) -> Result<Option<Map<String, Value>>, D::Error>
+    where
+        D: Deserializer<'de>,
+    {
+        #[derive(Deserialize)]
+        #[serde(untagged)]
+        enum MapOrStr {
+            Map(Map<String, Value>),
+            Str(String),
+        }
+
+        match Option::<MapOrStr>::deserialize(deserializer)? {
+            None => Ok(None),
+            Some(MapOrStr::Map(m)) => Ok(Some(m)),
+            Some(MapOrStr::Str(s)) => {
+                if s.is_empty() {
+                    return Ok(None);
+                }
+                serde_json::from_str(&s)
+                    .map(Some)
+                    .map_err(|e| {
+                        de::Error::custom(format!(
+                            "invalid string value for object field: expected a JSON object, e.g. '{{\"key\":\"value\"}}': {e}"
+                        ))
+                    })
+            }
+        }
+    }
+}
+
 use secrets_core::models::ExportFormat;
 use secrets_core::service::{
     add::{AddParams, run as svc_add},
@@ -175,7 +319,7 @@ struct FindInput {
     #[schemars(description = "Exact folder filter (e.g. 'refining', 'ricnsmart')")]
     folder: Option<String>,
     #[schemars(
-        description = "Exact type filter (recommended: 'server', 'service', 'person', 'document')"
+        description = "Exact type filter (e.g. 'server', 'service', 'account', 'person', 'document'). User-defined, any value accepted."
     )]
     #[serde(rename = "type")]
     entry_type: Option<String>,
@@ -186,8 +330,10 @@ struct FindInput {
     )]
     name_query: Option<String>,
     #[schemars(description = "Tag filters (all must match)")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     tags: Option<Vec<String>>,
     #[schemars(description = "Max results (default 20)")]
+    #[serde(default, deserialize_with = "deser::option_u32_from_string")]
     limit: Option<u32>,
 }
 
@@ -198,7 +344,7 @@ struct SearchInput {
     #[schemars(description = "Folder filter (e.g. 'refining', 'personal', 'family')")]
     folder: Option<String>,
     #[schemars(
-        description = "Type filter (recommended: 'server', 'service', 'person', 'document')"
+        description = "Type filter (e.g. 'server', 'service', 'account', 'person', 'document'). User-defined, any value accepted."
     )]
     #[serde(rename = "type")]
     entry_type: Option<String>,
@@ -209,14 +355,18 @@ struct SearchInput {
     )]
     name_query: Option<String>,
     #[schemars(description = "Tag filters (all must match)")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     tags: Option<Vec<String>>,
     #[schemars(description = "Return only summary fields (name/tags/notes/updated_at)")]
+    #[serde(default, deserialize_with = "deser::option_bool_from_string")]
     summary: Option<bool>,
     #[schemars(description = "Sort order: 'name' (default), 'updated', 'created'")]
     sort: Option<String>,
     #[schemars(description = "Max results (default 20)")]
+    #[serde(default, deserialize_with = "deser::option_u32_from_string")]
     limit: Option<u32>,
     #[schemars(description = "Pagination offset (default 0)")]
+    #[serde(default, deserialize_with = "deser::option_u32_from_string")]
     offset: Option<u32>,
 }
 
@@ -235,35 +385,42 @@ struct AddInput {
     #[schemars(description = "Folder for organization (optional, e.g. 'personal', 'refining')")]
     folder: Option<String>,
     #[schemars(
-        description = "Type/category of this entry (optional, recommended: 'server', 'service', 'person', 'document')"
+        description = "Type/category of this entry (optional, e.g. 'server', 'service', 'account', 'person', 'document'). Free-form, choose what best describes the entry."
     )]
     #[serde(rename = "type")]
     entry_type: Option<String>,
     #[schemars(description = "Free-text notes for this entry (optional)")]
     notes: Option<String>,
     #[schemars(description = "Tags for this entry")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     tags: Option<Vec<String>>,
     #[schemars(description = "Metadata fields as 'key=value' or 'key:=json' strings")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     meta: Option<Vec<String>>,
     #[schemars(
         description = "Metadata fields as a JSON object {\"key\": value}. Merged with 'meta' if both provided."
     )]
+    #[serde(default, deserialize_with = "deser::option_map_from_string")]
     meta_obj: Option<Map<String, Value>>,
     #[schemars(
         description = "Secret fields as 'key=value' strings. Reminder: non-sensitive endpoint/address fields should go to metadata.address instead of secrets."
     )]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     secrets: Option<Vec<String>>,
     #[schemars(
         description = "Secret fields as a JSON object {\"key\": \"value\"}. Merged with 'secrets' if both provided. Reminder: non-sensitive endpoint/address fields should go to metadata.address."
     )]
+    #[serde(default, deserialize_with = "deser::option_map_from_string")]
     secrets_obj: Option<Map<String, Value>>,
     #[schemars(
         description = "Secret types as {\"secret_name\": \"type\"}. Keys must match secret field names. Missing keys default to \"text\"."
     )]
+    #[serde(default, deserialize_with = "deser::option_map_from_string")]
     secret_types: Option<Map<String, Value>>,
     #[schemars(
         description = "Link existing secrets by secret name. Names must resolve uniquely under current user."
     )]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     link_secret_names: Option<Vec<String>>,
 }
 
@@ -282,31 +439,50 @@ struct UpdateInput {
     #[schemars(description = "Update the notes field")]
     notes: Option<String>,
     #[schemars(description = "Tags to add")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     add_tags: Option<Vec<String>>,
     #[schemars(description = "Tags to remove")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     remove_tags: Option<Vec<String>>,
     #[schemars(description = "Metadata fields to update/add as 'key=value' strings")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     meta: Option<Vec<String>>,
     #[schemars(
         description = "Metadata fields to update/add as a JSON object {\"key\": value}. Merged with 'meta' if both provided."
     )]
+    #[serde(default, deserialize_with = "deser::option_map_from_string")]
     meta_obj: Option<Map<String, Value>>,
     #[schemars(description = "Metadata field keys to remove")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     remove_meta: Option<Vec<String>>,
     #[schemars(
         description = "Secret fields to update/add as 'key=value' strings. Reminder: non-sensitive endpoint/address fields should go to metadata.address instead of secrets."
     )]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     secrets: Option<Vec<String>>,
     #[schemars(
         description = "Secret fields to update/add as a JSON object {\"key\": \"value\"}. Merged with 'secrets' if both provided. Reminder: non-sensitive endpoint/address fields should go to metadata.address."
     )]
+    #[serde(default, deserialize_with = "deser::option_map_from_string")]
     secrets_obj: Option<Map<String, Value>>,
     #[schemars(
         description = "Secret types as {\"secret_name\": \"type\"}. Keys must match secret field names. Missing keys default to \"text\"."
     )]
+    #[serde(default, deserialize_with = "deser::option_map_from_string")]
     secret_types: Option<Map<String, Value>>,
     #[schemars(description = "Secret field keys to remove")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     remove_secrets: Option<Vec<String>>,
+    #[schemars(
+        description = "Link existing secrets by name to this entry. Names must resolve uniquely under current user."
+    )]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
+    link_secret_names: Option<Vec<String>>,
+    #[schemars(
+        description = "Unlink secrets by name from this entry. Orphaned secrets are auto-deleted."
+    )]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
+    unlink_secret_names: Option<Vec<String>>,
 }
 
 #[derive(Debug, Deserialize, JsonSchema)]
@@ -325,6 +501,7 @@ struct DeleteInput {
     #[serde(rename = "type")]
     entry_type: Option<String>,
     #[schemars(description = "Preview deletions without writing")]
+    #[serde(default, deserialize_with = "deser::option_bool_from_string")]
     dry_run: Option<bool>,
 }
 
@@ -341,6 +518,7 @@ struct HistoryInput {
     )]
     id: Option<String>,
     #[schemars(description = "Max history entries to return (default 20)")]
+    #[serde(default, deserialize_with = "deser::option_u32_from_string")]
     limit: Option<u32>,
 }
 
@@ -357,6 +535,7 @@ struct RollbackInput {
     )]
     id: Option<String>,
     #[schemars(description = "Target version number. Omit to restore the most recent snapshot.")]
+    #[serde(default, deserialize_with = "deser::option_i64_from_string")]
     to_version: Option<i64>,
 }
 
@@ -370,6 +549,7 @@ struct ExportInput {
     #[schemars(description = "Exact name filter")]
     name: Option<String>,
     #[schemars(description = "Tag filters")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     tags: Option<Vec<String>>,
     #[schemars(description = "Fuzzy query")]
     query: Option<String>,
@@ -387,8 +567,10 @@ struct EnvMapInput {
     #[schemars(description = "Exact name filter")]
     name: Option<String>,
     #[schemars(description = "Tag filters")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     tags: Option<Vec<String>>,
     #[schemars(description = "Only include these secret fields")]
+    #[serde(default, deserialize_with = "deser::option_vec_string_from_string")]
     only_fields: Option<Vec<String>>,
     #[schemars(description = "Environment variable name prefix. \
         Variable names are built as UPPER(prefix)_UPPER(entry_name)_UPPER(field_name), \
@@ -413,6 +595,44 @@ fn map_to_kv_strings(map: Map<String, Value>) -> Vec<String> {
         .collect()
 }
 
+/// Check if any KV string would trigger a server-side file read.
+///
+/// `parse_kv` in secrets-core supports two file-read syntaxes:
+///   - `key=@path`  (has `=`, value starts with `@`)
+///   - `key@path`   (no `=`, split on `@`)
+///
+/// Both are legitimate for CLI usage but must be rejected in the MCP context
+/// where the server process runs remotely and the caller controls the path.
+///
+/// Note: `key:=json` is intentionally skipped here. Although the value may
+/// contain `@` characters (e.g. `config:=@/etc/passwd`), the `:=` branch in
+/// `parse_kv` treats the right-hand side as raw JSON and never performs file
+/// reads. The `@` in such cases is just data, not a file reference.
+fn contains_file_reference(entries: &[String]) -> Option<String> {
+    for entry in entries {
+        // key:=json — safe, skip before checking for `=`
+        if entry.contains(":=") {
+            continue;
+        }
+        // key=@path
+        if let Some((_, value)) = entry.split_once('=') {
+            if value.starts_with('@') {
+                return Some(entry.clone());
+            }
+            continue;
+        }
+        // key@path (no `=` present)
+        // parse_kv treats entries without `=` that contain `@` as file-read
+        // syntax (key@path). This includes strings like "user@example.com"
+        // if passed without a `=` separator — which is correct to reject here
+        // since the MCP server runs remotely and cannot read local files.
+        if entry.contains('@') {
+            return Some(entry.clone());
+        }
+    }
+    None
+}
+
 /// Parse a UUID string, returning an MCP error on failure.
 fn parse_uuid(s: &str) -> Result<Uuid, rmcp::ErrorData> {
     s.parse::<Uuid>()
@@ -643,7 +863,7 @@ impl SecretsService {
             let value =
                 get_secret_field_by_id(&self.pool, entry_id, field_name, &user_key, Some(user_id))
                     .await
-                    .map_err(|e| mcp_err_internal_logged("secrets_get", None, e))?;
+                    .map_err(|e| mcp_err_from_anyhow("secrets_get", Some(user_id), e))?;
 
             tracing::info!(
                 tool = "secrets_get",
@@ -657,7 +877,7 @@ impl SecretsService {
         } else {
             let secrets = get_all_secrets_by_id(&self.pool, entry_id, &user_key, Some(user_id))
                 .await
-                .map_err(|e| mcp_err_internal_logged("secrets_get", None, e))?;
+                .map_err(|e| mcp_err_from_anyhow("secrets_get", Some(user_id), e))?;
 
             tracing::info!(
             tool = "secrets_get",
@@ -699,10 +919,33 @@ impl SecretsService {
         if let Some(obj) = input.meta_obj {
             meta.extend(map_to_kv_strings(obj));
         }
+        if let Some(offending) = contains_file_reference(&meta) {
+            return Err(rmcp::ErrorData::invalid_params(
+                format!("@file syntax is not allowed in MCP tools: '{}'", offending),
+                None,
+            ));
+        }
         let mut secrets = input.secrets.unwrap_or_default();
         if let Some(obj) = input.secrets_obj {
             secrets.extend(map_to_kv_strings(obj));
         }
+        if let Some(offending) = contains_file_reference(&secrets) {
+            return Err(rmcp::ErrorData::invalid_params(
+                format!("@file syntax is not allowed in MCP tools: '{}'", offending),
+                None,
+            ));
+        }
+
+        // Input length validation
+        validation::validate_input_lengths(
+            &input.name,
+            input.folder.as_deref(),
+            input.entry_type.as_deref(),
+            input.notes.as_deref(),
+        )?;
+        validation::validate_tags(&tags)?;
+        validation::validate_meta_entries(&meta)?;
+
         let secret_types = input.secret_types.unwrap_or_default();
         let secret_types_map: std::collections::HashMap<String, String> = secret_types
             .into_iter()
@@ -782,17 +1025,42 @@ impl SecretsService {
         if let Some(obj) = input.meta_obj {
             meta.extend(map_to_kv_strings(obj));
         }
+        if let Some(offending) = contains_file_reference(&meta) {
+            return Err(rmcp::ErrorData::invalid_params(
+                format!("@file syntax is not allowed in MCP tools: '{}'", offending),
+                None,
+            ));
+        }
         let remove_meta = input.remove_meta.unwrap_or_default();
         let mut secrets = input.secrets.unwrap_or_default();
         if let Some(obj) = input.secrets_obj {
             secrets.extend(map_to_kv_strings(obj));
         }
+        if let Some(offending) = contains_file_reference(&secrets) {
+            return Err(rmcp::ErrorData::invalid_params(
+                format!("@file syntax is not allowed in MCP tools: '{}'", offending),
+                None,
+            ));
+        }
+
+        // Input length validation
+        validation::validate_input_lengths(
+            &input.name,
+            input.folder.as_deref(),
+            None,
+            input.notes.as_deref(),
+        )?;
+        validation::validate_tags(&add_tags)?;
+        validation::validate_meta_entries(&meta)?;
+
         let secret_types = input.secret_types.unwrap_or_default();
         let secret_types_map: std::collections::HashMap<String, String> = secret_types
             .into_iter()
             .filter_map(|(k, v)| v.as_str().map(|s| (k, s.to_string())))
             .collect();
         let remove_secrets = input.remove_secrets.unwrap_or_default();
+        let link_secret_names = input.link_secret_names.unwrap_or_default();
+        let unlink_secret_names = input.unlink_secret_names.unwrap_or_default();
 
         let result = svc_update(
             &self.pool,
@@ -807,6 +1075,8 @@ impl SecretsService {
                 secret_entries: &secrets,
                 secret_types: &secret_types_map,
                 remove_secrets: &remove_secrets,
+                link_secret_names: &link_secret_names,
+                unlink_secret_names: &unlink_secret_names,
                 user_id: Some(user_id),
             },
             &user_key,
@@ -1048,7 +1318,7 @@ impl SecretsService {
             Some(&user_key),
         )
         .await
-        .map_err(|e| mcp_err_internal_logged("secrets_export", Some(user_id), e))?;
+        .map_err(|e| mcp_err_from_anyhow("secrets_export", Some(user_id), e))?;
 
         let fmt = format.parse::<ExportFormat>().map_err(|e| {
             tracing::warn!(
@@ -1064,7 +1334,7 @@ impl SecretsService {
         })?;
         let serialized = fmt
             .serialize(&data)
-            .map_err(|e| mcp_err_internal_logged("secrets_export", Some(user_id), e))?;
+            .map_err(|e| mcp_err_from_anyhow("secrets_export", Some(user_id), e))?;
 
         tracing::info!(
             tool = "secrets_export",
@@ -1115,7 +1385,7 @@ impl SecretsService {
             Some(user_id),
         )
         .await
-        .map_err(|e| mcp_err_internal_logged("secrets_env_map", Some(user_id), e))?;
+        .map_err(|e| mcp_err_from_anyhow("secrets_env_map", Some(user_id), e))?;
 
         let entry_count = env_map.len();
         tracing::info!(
@@ -1215,3 +1485,202 @@ impl ServerHandler for SecretsService {
         info
     }
 }
+
+#[cfg(test)]
+mod deser_tests {
+    use super::deser;
+    use serde::Deserialize;
+    use serde_json::json;
+
+    #[derive(Deserialize)]
+    struct TestU32 {
+        #[serde(deserialize_with = "deser::option_u32_from_string")]
+        val: Option<u32>,
+    }
+
+    #[derive(Deserialize)]
+    struct TestI64 {
+        #[serde(deserialize_with = "deser::option_i64_from_string")]
+        val: Option<i64>,
+    }
+
+    #[derive(Deserialize)]
+    struct TestBool {
+        #[serde(deserialize_with = "deser::option_bool_from_string")]
+        val: Option<bool>,
+    }
+
+    #[derive(Debug, Deserialize)]
+    struct TestVec {
+        #[serde(deserialize_with = "deser::option_vec_string_from_string")]
+        val: Option<Vec<String>>,
+    }
+
+    #[derive(Debug, Deserialize)]
+    struct TestMap {
+        #[serde(deserialize_with = "deser::option_map_from_string")]
+        val: Option<serde_json::Map<String, serde_json::Value>>,
+    }
+
+    // option_u32_from_string
+    #[test]
+    fn u32_native_number() {
+        let v: TestU32 = serde_json::from_value(json!({"val": 42})).unwrap();
+        assert_eq!(v.val, Some(42));
+    }
+
+    #[test]
+    fn u32_string_number() {
+        let v: TestU32 = serde_json::from_value(json!({"val": "42"})).unwrap();
+        assert_eq!(v.val, Some(42));
+    }
+
+    #[test]
+    fn u32_empty_string() {
+        let v: TestU32 = serde_json::from_value(json!({"val": ""})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    #[test]
+    fn u32_none() {
+        let v: TestU32 = serde_json::from_value(json!({"val": null})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    // option_i64_from_string
+    #[test]
+    fn i64_native_number() {
+        let v: TestI64 = serde_json::from_value(json!({"val": -100})).unwrap();
+        assert_eq!(v.val, Some(-100));
+    }
+
+    #[test]
+    fn i64_string_number() {
+        let v: TestI64 = serde_json::from_value(json!({"val": "999"})).unwrap();
+        assert_eq!(v.val, Some(999));
+    }
+
+    #[test]
+    fn i64_empty_string() {
+        let v: TestI64 = serde_json::from_value(json!({"val": ""})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    #[test]
+    fn i64_none() {
+        let v: TestI64 = serde_json::from_value(json!({"val": null})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    // option_bool_from_string
+    #[test]
+    fn bool_native_true() {
+        let v: TestBool = serde_json::from_value(json!({"val": true})).unwrap();
+        assert_eq!(v.val, Some(true));
+    }
+
+    #[test]
+    fn bool_native_false() {
+        let v: TestBool = serde_json::from_value(json!({"val": false})).unwrap();
+        assert_eq!(v.val, Some(false));
+    }
+
+    #[test]
+    fn bool_string_true() {
+        let v: TestBool = serde_json::from_value(json!({"val": "true"})).unwrap();
+        assert_eq!(v.val, Some(true));
+    }
+
+    #[test]
+    fn bool_string_false() {
+        let v: TestBool = serde_json::from_value(json!({"val": "false"})).unwrap();
+        assert_eq!(v.val, Some(false));
+    }
+
+    #[test]
+    fn bool_empty_string() {
+        let v: TestBool = serde_json::from_value(json!({"val": ""})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    #[test]
+    fn bool_none() {
+        let v: TestBool = serde_json::from_value(json!({"val": null})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    // option_vec_string_from_string
+    #[test]
+    fn vec_native_array() {
+        let v: TestVec = serde_json::from_value(json!({"val": ["a", "b"]})).unwrap();
+        assert_eq!(v.val, Some(vec!["a".to_string(), "b".to_string()]));
+    }
+
+    #[test]
+    fn vec_json_string_array() {
+        let v: TestVec = serde_json::from_value(json!({"val": "[\"x\",\"y\"]"})).unwrap();
+        assert_eq!(v.val, Some(vec!["x".to_string(), "y".to_string()]));
+    }
+
+    #[test]
+    fn vec_empty_string() {
+        let v: TestVec = serde_json::from_value(json!({"val": ""})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    #[test]
+    fn vec_none() {
+        let v: TestVec = serde_json::from_value(json!({"val": null})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    #[test]
+    fn vec_invalid_string_errors() {
+        let err = serde_json::from_value::<TestVec>(json!({"val": "not-json"}))
+            .expect_err("should fail on invalid JSON");
+        let msg = err.to_string();
+        assert!(msg.contains("invalid string value for array field"));
+        assert!(msg.contains("expected a JSON array"));
+    }
+
+    // option_map_from_string
+    #[test]
+    fn map_native_object() {
+        let v: TestMap = serde_json::from_value(json!({"val": {"key": "value"}})).unwrap();
+        assert!(v.val.is_some());
+        let m = v.val.unwrap();
+        assert_eq!(
+            m.get("key"),
+            Some(&serde_json::Value::String("value".to_string()))
+        );
+    }
+
+    #[test]
+    fn map_json_string_object() {
+        let v: TestMap = serde_json::from_value(json!({"val": "{\"a\":1}"})).unwrap();
+        assert!(v.val.is_some());
+        let m = v.val.unwrap();
+        assert_eq!(m.get("a"), Some(&serde_json::Value::Number(1.into())));
+    }
+
+    #[test]
+    fn map_empty_string() {
+        let v: TestMap = serde_json::from_value(json!({"val": ""})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    #[test]
+    fn map_none() {
+        let v: TestMap = serde_json::from_value(json!({"val": null})).unwrap();
+        assert_eq!(v.val, None);
+    }
+
+    #[test]
+    fn map_invalid_string_errors() {
+        let err = serde_json::from_value::<TestMap>(json!({"val": "not-json"}))
+            .expect_err("should fail on invalid JSON");
+        let msg = err.to_string();
+        assert!(msg.contains("invalid string value for object field"));
+        assert!(msg.contains("expected a JSON object"));
+    }
+}

crates/secrets-mcp/src/validation.rs

@@ -0,0 +1,149 @@
+/// Validation constants for input field lengths.
+pub const MAX_NAME_LENGTH: usize = 256;
+pub const MAX_FOLDER_LENGTH: usize = 128;
+pub const MAX_ENTRY_TYPE_LENGTH: usize = 64;
+pub const MAX_NOTES_LENGTH: usize = 10000;
+pub const MAX_TAG_LENGTH: usize = 64;
+pub const MAX_TAG_COUNT: usize = 50;
+pub const MAX_META_KEY_LENGTH: usize = 128;
+pub const MAX_META_VALUE_LENGTH: usize = 4096;
+pub const MAX_META_COUNT: usize = 100;
+
+/// Validate input field lengths for MCP tools.
+///
+/// Returns an error if any field exceeds its maximum length.
+pub fn validate_input_lengths(
+    name: &str,
+    folder: Option<&str>,
+    entry_type: Option<&str>,
+    notes: Option<&str>,
+) -> Result<(), rmcp::ErrorData> {
+    if name.chars().count() > MAX_NAME_LENGTH {
+        return Err(rmcp::ErrorData::invalid_params(
+            format!("name must be at most {} characters", MAX_NAME_LENGTH),
+            None,
+        ));
+    }
+    if let Some(folder) = folder
+        && folder.chars().count() > MAX_FOLDER_LENGTH
+    {
+        return Err(rmcp::ErrorData::invalid_params(
+            format!("folder must be at most {} characters", MAX_FOLDER_LENGTH),
+            None,
+        ));
+    }
+    if let Some(entry_type) = entry_type
+        && entry_type.chars().count() > MAX_ENTRY_TYPE_LENGTH
+    {
+        return Err(rmcp::ErrorData::invalid_params(
+            format!("type must be at most {} characters", MAX_ENTRY_TYPE_LENGTH),
+            None,
+        ));
+    }
+    if let Some(notes) = notes
+        && notes.chars().count() > MAX_NOTES_LENGTH
+    {
+        return Err(rmcp::ErrorData::invalid_params(
+            format!("notes must be at most {} characters", MAX_NOTES_LENGTH),
+            None,
+        ));
+    }
+    Ok(())
+}
+
+/// Validate the tags list.
+///
+/// Checks total count and per-tag character length.
+pub fn validate_tags(tags: &[String]) -> Result<(), rmcp::ErrorData> {
+    if tags.len() > MAX_TAG_COUNT {
+        return Err(rmcp::ErrorData::invalid_params(
+            format!("at most {} tags are allowed", MAX_TAG_COUNT),
+            None,
+        ));
+    }
+    for tag in tags {
+        if tag.chars().count() > MAX_TAG_LENGTH {
+            return Err(rmcp::ErrorData::invalid_params(
+                format!(
+                    "tag '{}' exceeds the maximum length of {} characters",
+                    tag, MAX_TAG_LENGTH
+                ),
+                None,
+            ));
+        }
+    }
+    Ok(())
+}
+
+/// Validate metadata KV strings (key=value / key:=json format).
+///
+/// Checks total count and per-key/per-value character lengths.
+/// This is a best-effort check on the raw KV strings before parsing;
+/// keys containing `:` path separators are checked as a whole.
+pub fn validate_meta_entries(entries: &[String]) -> Result<(), rmcp::ErrorData> {
+    if entries.len() > MAX_META_COUNT {
+        return Err(rmcp::ErrorData::invalid_params(
+            format!("at most {} metadata entries are allowed", MAX_META_COUNT),
+            None,
+        ));
+    }
+    for entry in entries {
+        // key:=json — check both key and JSON value length
+        if let Some((key, value)) = entry.split_once(":=") {
+            if key.chars().count() > MAX_META_KEY_LENGTH {
+                return Err(rmcp::ErrorData::invalid_params(
+                    format!(
+                        "metadata key '{}' exceeds the maximum length of {} characters",
+                        key, MAX_META_KEY_LENGTH
+                    ),
+                    None,
+                ));
+            }
+            if value.chars().count() > MAX_META_VALUE_LENGTH {
+                return Err(rmcp::ErrorData::invalid_params(
+                    format!(
+                        "metadata JSON value for key '{}' exceeds the maximum length of {} characters",
+                        key, MAX_META_VALUE_LENGTH
+                    ),
+                    None,
+                ));
+            }
+            continue;
+        }
+        // key=value or key@path
+        if let Some((key, value)) = entry.split_once('=') {
+            if key.chars().count() > MAX_META_KEY_LENGTH {
+                return Err(rmcp::ErrorData::invalid_params(
+                    format!(
+                        "metadata key '{}' exceeds the maximum length of {} characters",
+                        key, MAX_META_KEY_LENGTH
+                    ),
+                    None,
+                ));
+            }
+            if value.chars().count() > MAX_META_VALUE_LENGTH {
+                return Err(rmcp::ErrorData::invalid_params(
+                    format!(
+                        "metadata value for key '{}' exceeds the maximum length of {} characters",
+                        key, MAX_META_VALUE_LENGTH
+                    ),
+                    None,
+                ));
+            }
+        } else {
+            // Fallback: entry without = or := — check total length
+            let max_total = MAX_META_KEY_LENGTH + MAX_META_VALUE_LENGTH;
+            if entry.chars().count() > max_total {
+                let preview = entry.chars().take(50).collect::<String>();
+                return Err(rmcp::ErrorData::invalid_params(
+                    format!(
+                        "metadata entry '{}' exceeds the maximum length of {} characters",
+                        preview, max_total
+                    ),
+                    None,
+                ));
+            }
+        }
+    }
+    Ok(())
+}

crates/secrets-mcp/src/web.rs

@@ -1134,10 +1134,16 @@ fn map_app_error(err: &AppError, lang: UiLang) -> EntryApiError {
             StatusCode::CONFLICT,
             Json(json!({ "error": err.to_string() })),
         ),
-        AppError::NotFoundEntry => (
+        AppError::NotFoundEntry | AppError::NotFoundUser | AppError::NotFoundSecret => (
             StatusCode::NOT_FOUND,
             Json(
-                json!({ "error": tr(lang, "条目不存在或无权访问", "條目不存在或無權存取", "Entry not found or no access") }),
+                json!({ "error": tr(lang, "资源不存在或无权访问", "資源不存在或無權存取", "Resource not found or no access") }),
+            ),
+        ),
+        AppError::AuthenticationFailed | AppError::Unauthorized => (
+            StatusCode::UNAUTHORIZED,
+            Json(
+                json!({ "error": tr(lang, "认证失败或无权访问", "認證失敗或無權存取", "Authentication failed or unauthorized") }),
             ),
         ),
         AppError::Validation { message } => {
@@ -1149,6 +1155,18 @@ fn map_app_error(err: &AppError, lang: UiLang) -> EntryApiError {
                 json!({ "error": tr(lang, "条目已被修改，请刷新后重试", "條目已被修改，請重新整理後重試", "Entry was modified, please refresh and try again") }),
             ),
         ),
+        AppError::DecryptionFailed => (
+            StatusCode::BAD_REQUEST,
+            Json(
+                json!({ "error": tr(lang, "解密失败，请检查密码短语", "解密失敗，請檢查密碼短語", "Decryption failed — please check your passphrase") }),
+            ),
+        ),
+        AppError::EncryptionKeyNotSet => (
+            StatusCode::BAD_REQUEST,
+            Json(
+                json!({ "error": tr(lang, "请先设置密码短语后再使用此功能", "請先設定密碼短語再使用此功能", "Please set a passphrase before using this feature") }),
+            ),
+        ),
         AppError::Internal(_) => {
             tracing::error!(error = %err, "internal error in entry mutation");
             (

crates/secrets-mcp/templates/audit.html

@@ -50,8 +50,7 @@
         .main { padding: 32px 24px 40px; flex: 1; }
         .card { background: var(--surface); border: 1px solid var(--border); border-radius: 12px;
                 padding: 24px; width: 100%; max-width: 1180px; margin: 0 auto; }
-        .card-title { font-size: 20px; font-weight: 600; margin-bottom: 8px; }
-        .card-subtitle { color: var(--text-muted); font-size: 13px; margin-bottom: 20px; }
+        .card-title { font-size: 20px; font-weight: 600; margin-bottom: 20px; }
         .empty { color: var(--text-muted); font-size: 14px; padding: 20px 0; }
         table { width: 100%; border-collapse: collapse; }
         th, td { text-align: left; vertical-align: top; padding: 12px 10px; border-top: 1px solid var(--border); }
@@ -115,7 +114,6 @@
 <main class="main">
     <section class="card">
         <div class="card-title" data-i18n="auditTitle">我的审计</div>
-        <div class="card-subtitle" data-i18n="auditSubtitle">展示最近 100 条与当前用户相关的新审计记录。时间为浏览器本地时区。</div>
 
         {% if entries.is_empty() %}
         <div class="empty" data-i18n="emptyAudit">暂无审计记录。</div>
@@ -149,9 +147,9 @@
 <script>
 (function () {
   I18N_PAGE = {
-    'zh-CN': { pageTitle: 'Secrets — 审计', auditTitle: '我的审计', auditSubtitle: '展示最近 100 条与当前用户相关的新审计记录。时间为浏览器本地时区。', emptyAudit: '暂无审计记录。', colTime: '时间', colAction: '动作', colTarget: '目标', colDetail: '详情' },
-    'zh-TW': { pageTitle: 'Secrets — 審計', auditTitle: '我的審計', auditSubtitle: '顯示最近 100 筆與目前使用者相關的新審計記錄。時間為瀏覽器本地時區。', emptyAudit: '暫無審計記錄。', colTime: '時間', colAction: '動作', colTarget: '目標', colDetail: '詳情' },
-    en: { pageTitle: 'Secrets — Audit', auditTitle: 'My audit', auditSubtitle: 'Shows the latest 100 audit records related to the current user. Time is in browser local timezone.', emptyAudit: 'No audit records.', colTime: 'Time', colAction: 'Action', colTarget: 'Target', colDetail: 'Detail' }
+    'zh-CN': { pageTitle: 'Secrets — 审计', auditTitle: '我的审计', emptyAudit: '暂无审计记录。', colTime: '时间', colAction: '动作', colTarget: '目标', colDetail: '详情' },
+    'zh-TW': { pageTitle: 'Secrets — 審計', auditTitle: '我的審計', emptyAudit: '暫無審計記錄。', colTime: '時間', colAction: '動作', colTarget: '目標', colDetail: '詳情' },
+    en: { pageTitle: 'Secrets — Audit', auditTitle: 'My audit', emptyAudit: 'No audit records.', colTime: 'Time', colAction: 'Action', colTarget: 'Target', colDetail: 'Detail' }
   };
 
   window.applyPageLang = function () {

crates/secrets-mcp/templates/entries.html

@@ -123,7 +123,7 @@
             background: var(--bg);
         }
         table {
-            width: max-content;
+            width: 100%;
             min-width: 960px;
             border-collapse: separate;
             border-spacing: 0;
@@ -142,12 +142,12 @@
         td { font-size: 13px; line-height: 1.45; }
         tbody tr:nth-child(2n) td { background: rgba(255, 255, 255, 0.01); }
         .mono { font-family: 'JetBrains Mono', monospace; }
-        .col-type { min-width: 108px; }
+        .col-type { min-width: 108px; width: 1%; }
         .col-name { min-width: 180px; max-width: 260px; }
         .col-tags { min-width: 160px; max-width: 220px; }
         .col-secrets { min-width: 220px; max-width: 420px; vertical-align: top; }
         .col-secrets .secret-list { max-height: 120px; overflow: auto; }
-        .col-actions { min-width: 132px; }
+        .col-actions { min-width: 132px; width: 1%; }
         .cell-name, .cell-tags-val {
             overflow-wrap: anywhere;
             word-break: break-word;
@@ -961,6 +961,114 @@ var SECRET_TYPE_OPTIONS = JSON.parse(document.getElementById('secret-type-option
     showDeleteErr('');
   }
 
+  function refreshListAfterSave(entryId, body, secretRows) {
+    var tr = document.querySelector('tr[data-entry-id="' + entryId + '"]');
+    if (!tr) { window.location.reload(); return; }
+    var nameCell = tr.querySelector('.cell-name');
+    if (nameCell) nameCell.textContent = body.name;
+    var typeCell = tr.querySelector('.cell-type');
+    if (typeCell) typeCell.textContent = body.type;
+    var notesCell = tr.querySelector('.cell-notes-val');
+    if (notesCell) {
+      if (body.notes) { notesCell.textContent = body.notes; }
+      else { var notesWrap = tr.querySelector('.cell-notes'); if (notesWrap) notesWrap.innerHTML = ''; }
+    }
+    var tagsCell = tr.querySelector('.cell-tags-val');
+    if (tagsCell) tagsCell.textContent = body.tags.join(', ');
+    var secretsList = tr.querySelector('.secret-list');
+    if (secretsList) {
+      secretsList.innerHTML = '';
+      secretRows.forEach(function (info) {
+        var chip = document.createElement('span');
+        chip.className = 'secret-chip';
+        var nameSpan = document.createElement('span');
+        nameSpan.className = 'secret-name';
+        nameSpan.textContent = info.newName;
+        nameSpan.title = info.newName;
+        var typeSpan = document.createElement('span');
+        typeSpan.className = 'secret-type';
+        typeSpan.textContent = info.newType || 'text';
+        var unlinkBtn = document.createElement('button');
+        unlinkBtn.type = 'button';
+        unlinkBtn.className = 'btn-unlink-secret';
+        unlinkBtn.setAttribute('data-secret-id', info.secretId);
+        unlinkBtn.setAttribute('data-secret-name', info.newName);
+        unlinkBtn.title = t('unlinkTitle');
+        unlinkBtn.textContent = '\u00d7';
+        chip.appendChild(nameSpan);
+        chip.appendChild(typeSpan);
+        chip.appendChild(unlinkBtn);
+        secretsList.appendChild(chip);
+      });
+    }
+    tr.setAttribute('data-entry-folder', body.folder);
+    tr.setAttribute('data-entry-metadata', JSON.stringify(body.metadata));
+    var updatedSecrets = secretRows.map(function (info) {
+      return { id: info.secretId, name: info.newName, secret_type: info.newType || 'text' };
+    });
+    tr.setAttribute('data-entry-secrets', JSON.stringify(updatedSecrets));
+  }
+
+  function refreshListAfterDelete(entryId) {
+    var tr = document.querySelector('tr[data-entry-id="' + entryId + '"]');
+    var folder = tr ? tr.getAttribute('data-entry-folder') : null;
+    if (tr) tr.remove();
+    var tbody = document.querySelector('table tbody');
+    if (tbody && !tbody.querySelector('tr[data-entry-id]')) {
+      var card = document.querySelector('.card');
+      if (card) {
+        var tableWrap = card.querySelector('.table-wrap');
+        if (tableWrap) tableWrap.remove();
+        var existingEmpty = card.querySelector('.empty');
+        if (!existingEmpty) {
+          var emptyDiv = document.createElement('div');
+          emptyDiv.className = 'empty';
+          emptyDiv.setAttribute('data-i18n', 'emptyEntries');
+          emptyDiv.textContent = t('emptyEntries');
+          var filterBar = card.querySelector('.filter-bar');
+          if (filterBar) { card.insertBefore(emptyDiv, filterBar.nextSibling); }
+          else { card.appendChild(emptyDiv); }
+        }
+      }
+    }
+    var allTab = document.querySelector('.folder-tab[data-all-tab="1"]');
+    if (allTab) {
+      var count = parseInt(allTab.getAttribute('data-count') || '0', 10);
+      if (count > 0) {
+        count -= 1;
+        allTab.setAttribute('data-count', String(count));
+        allTab.textContent = t('allTab') + ' (' + count + ')';
+      }
+    }
+    if (folder) {
+      document.querySelectorAll('.folder-tab:not([data-all-tab])').forEach(function (tab) {
+        if (tab.textContent.trim().indexOf(folder) === 0) {
+          var m = tab.textContent.match(/\((\d+)\)/);
+          if (m) {
+            var c = parseInt(m[1], 10);
+            if (c > 0) {
+              c -= 1;
+              tab.textContent = folder + ' (' + c + ')';
+            }
+          }
+        }
+      });
+    }
+  }
+
+  function refreshListAfterUnlink(entryId, secretId) {
+    var tr = document.querySelector('tr[data-entry-id="' + entryId + '"]');
+    if (!tr) return;
+    var chip = tr.querySelector('.btn-unlink-secret[data-secret-id="' + secretId + '"]');
+    if (chip && chip.parentElement) chip.parentElement.remove();
+    var secrets = tr.getAttribute('data-entry-secrets');
+    try {
+      var arr = JSON.parse(secrets);
+      arr = arr.filter(function (s) { return s.id !== secretId; });
+      tr.setAttribute('data-entry-secrets', JSON.stringify(arr));
+    } catch (e) {}
+  }
+
   document.getElementById('delete-cancel').addEventListener('click', closeDelete);
   deleteOverlay.addEventListener('click', function (e) {
     if (e.target === deleteOverlay) closeDelete();
@@ -975,8 +1083,9 @@ var SECRET_TYPE_OPTIONS = JSON.parse(document.getElementById('secret-type-option
         });
       })
       .then(function () {
+        var deletedId = pendingDeleteId;
         closeDelete();
-        window.location.reload();
+        refreshListAfterDelete(deletedId);
       })
       .catch(function (e) { showDeleteErr(e.message || String(e)); });
   });
@@ -1086,7 +1195,7 @@ var SECRET_TYPE_OPTIONS = JSON.parse(document.getElementById('secret-type-option
       }));
     }).then(function () {
       closeEdit();
-      window.location.reload();
+      refreshListAfterSave(currentEntryId, body, secretRows);
     }).catch(function (e) {
       showEditErr(e.message || String(e));
     });
@@ -1102,7 +1211,6 @@ var SECRET_TYPE_OPTIONS = JSON.parse(document.getElementById('secret-type-option
       var secretId = btn.getAttribute('data-secret-id');
       var secretName = btn.getAttribute('data-secret-name') || '';
       if (!entryId || !secretId) return;
-      if (!confirm(tf('confirmUnlinkSecret', { name: secretName }))) return;
       fetch('/api/entries/' + encodeURIComponent(entryId) + '/secrets/' + encodeURIComponent(secretId), {
         method: 'DELETE',
         credentials: 'same-origin'
@@ -1112,7 +1220,7 @@ var SECRET_TYPE_OPTIONS = JSON.parse(document.getElementById('secret-type-option
           return data;
         });
       }).then(function () {
-        window.location.reload();
+        refreshListAfterUnlink(entryId, secretId);
       }).catch(function (err) {
         alert(err.message || String(err));
       });
@@ -1126,7 +1234,6 @@ var SECRET_TYPE_OPTIONS = JSON.parse(document.getElementById('secret-type-option
     var secretId = btn.getAttribute('data-secret-id');
     var secretName = btn.getAttribute('data-secret-name') || '';
     if (!entryId || !secretId) return;
-    if (!confirm(tf('confirmUnlinkSecret', { name: secretName }))) return;
     fetch('/api/entries/' + encodeURIComponent(entryId) + '/secrets/' + encodeURIComponent(secretId), {
       method: 'DELETE',
       credentials: 'same-origin'
@@ -1136,7 +1243,12 @@ var SECRET_TYPE_OPTIONS = JSON.parse(document.getElementById('secret-type-option
         return data;
       });
     }).then(function () {
-      window.location.reload();
+      btn.closest('.secret-edit-row').remove();
+      var tableRow = document.querySelector('tr[data-entry-id="' + entryId + '"]');
+      if (tableRow) {
+        var chip = tableRow.querySelector('.btn-unlink-secret[data-secret-id="' + secretId + '"]');
+        if (chip && chip.parentElement) chip.parentElement.remove();
+      }
     }).catch(function (err) {
       alert(err.message || String(err));
     });