Stage 8 credential memory hygiene

[YoshiyukiSakura]

Refs #3

Summary

• Wrap session tokens and credential read results in zeroizing containers, with redacted Session debug output.
• Route credential read plumbing through SecretBytes across core, S3, MCP, daemon tests, mock clients, and provisioner tests.
• Add idempotent agentkeys init behavior plus --force, and wrap CLI read/run credential strings in Zeroizing while in process.

Change:
Stage 8 hardening slice for credential memory hygiene and CLI defensive behavior. Adds zeroize-backed credential/session handling and idempotent init with force override.

Objective Evidence:

• cargo check -p agentkeys-types -p agentkeys-core -p agentkeys-mcp -p agentkeys-provisioner -p agentkeys-cli passed.
• cargo test -p agentkeys-types -p agentkeys-cli passed.
• cargo test --workspace passed.

Visual Evidence:
n.a. Backend/CLI-only Rust changes; no UI/browser/visual behavior was touched.

Reviewer:
@repo Intake Reviewer

Risks / Not Covered:
This is the smallest safe Stage 8 slice. Daemon-mediated cmd_run, SCM_RIGHTS/memfd delivery, idle eviction, daemon audit trail, Priority B binary/runtime hardening, and storage hardening remain follow-up work for the broader Stage 8 plan.

[crossagent-production-app]

Delivery Evidence Summary

Change:

• Stage 8 hardening slice for credential memory hygiene and CLI defensive behavior.
• Wrap session tokens and credential read results in zeroizing containers with redacted Session debug output.
• Add idempotent agentkeys init behavior with --force and zeroizing around CLI read/run credential strings.
• Make broker nginx site symlink enabling idempotent so path-conditional deploy checks can rerun on existing test hosts.

Objective Evidence:

• cargo check -p agentkeys-types -p agentkeys-core -p agentkeys-mcp -p agentkeys-provisioner -p agentkeys-cli exit code 0, passed
• cargo test -p agentkeys-types -p agentkeys-cli exit code 0, passed
• cargo test --workspace exit code 0, passed
• bash -n scripts/setup-broker-host.sh exit code 0, passed

Visual Evidence:

• n.a.

Reviewer:

• @repo Intake Reviewer

Risks / Not Covered:

• Backend/CLI-only Rust changes; no UI/browser/visual behavior was touched, so Visual Evidence is not applicable.
• The nginx symlink change is limited to idempotent test-host deploy setup after the path-conditional CI check failed on an already-existing symlink.
• This is the smallest safe Stage 8 slice. Daemon-mediated cmd_run, SCM_RIGHTS/memfd delivery, idle eviction, daemon audit trail, Priority B binary/runtime hardening, and storage hardening remain follow-up work for the broader Stage 8 plan.
• PR intentionally uses Refs Stage 8: Production hardening — daemon memory hygiene + CLI defensive features #3 rather than closing Stage 8: Production hardening — daemon memory hygiene + CLI defensive features #3 because broader Stage 8 scope remains open.

Generated at: 2026-05-28T08:26:11.532Z