Changelog

All notable changes to Vaulted are documented here.

The format is based on Keep a Changelog, and the project adheres to Semantic Versioning.

0.3.0

2026-07-02

Ground-up rebuild. Vaulted is now a Bun and TypeScript monorepo with a Rust injection primitive, replacing the retired 0.2.x Python implementation. 0.3.0 shares no code with 0.2.x and does not read its data. The full release is tagged as v0.3.0 on GitHub.

Added

  • @vaulted/crypto

    The full key hierarchy. Argon2id master-key derivation (64 MiB, 3 iterations, 4 lanes via hash-wasm), AES-256-GCM value encryption with a pinned frame format, RSA-OAEP-2048 wrapped per-project keys, service-account token generation with HKDF-SHA256 key derivation, and a typed error taxonomy with known-ciphertext fixtures.

  • @vaulted/store

    SQLite vault on bun:sqlite. STRICT tables, WAL mode, 0600 file mode, PRAGMA user_version migrations, projects, environments, nested folders, soft-deleted secrets, service accounts, atomic project-key rotation, and an append-only audit log written in the same transaction as every mutation.

  • packages/runner

    Hardened Rust cdylib for secret injection. RLIMIT_CORE = 0, environment cleared to a 10-variable allowlist plus secrets, Zeroizing secret buffers, PID-reuse-safe SIGTERM and SIGINT forwarding, pre-spawn validation, no disk writes, panic-safe FFI boundary, and a captured mode (10 MiB per stream, stdin on /dev/null) plus a signal_child export for timeout enforcement.

  • @vaulted/redact

    Streaming output sanitizer. In-package Aho-Corasick matcher over plain, base64 (padded and unpadded), and URL-encoded forms of each secret value, [REDACTED:KEY_NAME] replacement, longest-match-wins overlap resolution, and chunk-boundary-safe streaming.

  • apps/cli (vaulted)

    14 commands. init, unlock, lock, set, get, list, rm, import, export, run, projects, envs, rotate, and mcp. Per-directory vaulted.toml project pinning, password resolution across env var, OS keychain (Bun.secrets), 0600 file fallback, and hidden prompt, dotenv import and export with collision strategies, and pipeable stdout-only get.

  • MCP stdio server

    vaulted mcp with five tools. status, list-projects, list-secrets, and get-current-project are read-only and value-free by construction. run-with-secrets carries a destructive annotation, runs on a worker thread with a configurable timeout, and returns output redacted then truncated at 50,000 chars per stream. Client setup documented for Claude Code, Cursor, Codex, Zed, OpenCode, and Claude Desktop.

  • Single-execution-path invariant

    Both vaulted run and MCP run-with-secrets go through the Rust runner via one FFI bridge, enforced by a source-scan test that rejects any JS-level process API in the CLI sources.

  • Audit coverage

    Secret reveals, exports, runs, and MCP access, with run and export entries written before plaintext leaves the vault.

  • CI

    Ubuntu and macOS. oxlint, tsc --noEmit, bun test for all TypeScript packages and CLI e2e, cargo fmt, cargo clippy -D warnings, and cargo test for the runner.

  • Release pipeline

    Tagged builds for darwin-arm64, darwin-x64, linux-x64, and linux-arm64, each tarball carrying the standalone binary plus the runner prebuild, a smoke test of every staged binary, SHA256SUMS, and a checksum-verifying scripts/install.sh.

  • Documentation

    README, architecture, security, and MCP docs, plus per-package contracts in CONTRACTS.md.

Removed

  • The 0.2.x Python implementation

    The entire 0.2.x Python implementation (CLI, keychain helper, and Swift Touch ID helper). Retired, not migrated. The final 0.2.x state is preserved in git history.

PreviousArchitecture