Development updates

What we've been building

Short notes on how enveigh is coming together, newest first.

July 15, 2026

0.2.7: enveigh lives at enveigh.com now

The site, docs, downloads, and the auto-update feed all moved to enveigh.com. Old khuur.dev links redirect permanently, and updates keep flowing for every existing install: 0.2.7 ships through the old feed address, points the updater at the new one, and the old address keeps redirecting for installs that haven't updated yet. Nothing to do on your end; your copy migrates itself on its next update check.

Release
July 15, 2026

0.2.6: trusted sessions, so long agent runs never stall on a fingerprint

Kick off a long unattended agent task and, depending on your approval policy, it can park itself on a Touch ID prompt the moment it needs a key. The new trusted session is the fix: an "it's me until I lock my screen" window. Start it from the menu-bar icon, confirm once with Touch ID, and the broker serves agent requests without prompting for as long as your presence can be assumed.

The session ends the instant it can't be: screen lock, screensaver, sleep, fast user switch, or locking the vault, and you can end it from the menu bar at any time. It never survives a relaunch and it is never a stored preference, so arming it always costs exactly one fresh Touch ID. While it's active every access is still audited and notified per request, the start and end land in the audit trail themselves, and destructive operations (deleting an environment) still always prompt.

Release
July 1, 2026

0.2.5: add any key to an environment in a click

Keys don't have to live inside an environment, and when you want to group one it's a right-click away. Every secret now has an Add to Environment menu that lists your environments with a checkmark toggle (add or remove the binding) plus New Environment…, so a standalone key becomes part of a .env, or gets shared across several, without opening the environment's detail pane. Multi-select a batch and the selection bar files them all at once.

Agents can do the same through the new add_secret_to_environment tool (and enveigh add on the CLI). It's Touch-ID confirmed and read-only to the agent, so no value is ever seen. Grouping is collision-safe and idempotent: if the env-var name a secret would take is already used by a different secret, enveigh files it under a suffixed name instead of silently repointing the existing binding, and adding a key that's already in the environment does nothing.

Release
June 26, 2026

0.2.4: a pasted key's trailing newline no longer breaks auth

Paste a key and it almost always comes with an invisible trailing return. enveigh used to store the value verbatim, so what it handed back to your shell, or wrote into a .env, carried a stray newline, and the service quietly rejected it as a wrong password. Now every saved value is trimmed of leading and trailing whitespace and line breaks, on both new keys and rotations, whether it arrives through the New-secret sheet, an agent's capture_secret, the clipboard watcher, or a project import.

Multi-line secrets stay intact: only the edges are trimmed, so a PEM private key keeps its internal newlines. Keys saved before this update keep whatever they had: re-paste or re-rotate one once to clean it.

Release
June 11, 2026

0.1.5: the clipboard offer finds you, and enveigh stops nagging itself

When a key lands on your clipboard and no enveigh window is on screen, the offer now comes to you: the Dock icon badges (with a single attention bounce), the menu-bar icon flips to a "key spotted" glyph, and the top menu item becomes "Copied key: add NAME to enveigh…". One click opens the pre-filled New-secret sheet, recreating the window if it was closed. Everything clears together the moment you save or ignore.

Also fixed: copying a value out of enveigh (reveal → copy, the recovery key, a rendered .env) no longer triggers the watcher's own "put the key in enveigh?" offer: every in-app copy is marked so the app never nags about its own output. And the agent-side capture rule is now sized to fit Codex's instruction window, so paste-catching guidance reaches GPT models in full, not just Claude.

Release
June 11, 2026

0.1.4: pasted keys get caught in every client, every session

Two fixes that make the "agent catches a pasted key" promise hold everywhere. First: the helper binaries your agent configs point at now refresh on every app launch. Previously they only updated during installs, so app updates could leave agents talking through a stale proxy that predated capture_secret. Second: the MCP server now ships session instructions that Claude Code, Claude Desktop, and Cursor surface to the model directly. The "vault a pasted credential immediately, then stop using it" rule no longer depends on the agent skill being installed.

One note: agent sessions keep the server they started with, so sessions opened before this update pick up the new behavior on their next restart.

Release
June 10, 2026

0.1.3: agents can import a project, and capture got a proper flow

import_project: an agent (or enveigh import .) can now ask enveigh to scan a project folder's .env files and vault what's missing. The scan runs inside the app, you approve with Touch ID, and only key names ever flow back to the agent. It's idempotent: keys already in the folder's environment are skipped, new ones bind into that same environment.

Clipboard capture grew up too: the notification now asks "Put the key in enveigh?" (naming the provider when the key's shape gives it away), and clicking it, or the in-app banner, opens the New-secret sheet pre-filled with the name, value, and company instead of silently inserting a row. The Expires field is now a preset menu (never / 1 hour / 1 day / 1 week / 30 / 90 days) with a date picker for everything else, and sk-or-… keys are recognized as OpenRouter.

Release
June 10, 2026

0.1.2: Scan for leaks is a drawer now

"Scan for leaks" used to take over the whole window, with no obvious way back. It now slides out as a right-hand panel, same as the Run console, so your secret list stays in view, the window grows to make room, and the ✕ drawers it away. An in-flight scan keeps running if you close the panel; the results are waiting when you reopen it.

Release
June 10, 2026

0.1.1: a hardening pass

We put the whole codebase through a correctness and memory-safety review and shipped everything it found. The headline fixes: a data race in the secret scanner's regex cache, a crash on malformed backup files (a hostile iteration count could trap instead of erroring), and an audit log that now appends in constant time, one encrypted line per event, instead of re-encrypting the whole file on every reveal.

Behavior changes worth knowing: agent run_with_env commands now time out (10 minutes by default, ENVEIGH_MCP_TIMEOUT_SECONDS to change), and the environment scrubber now exempts SSH_AUTH_SOCK, so git-over-SSH inside wrapped builds keeps working. There's also a new docs page answering the most common question: will this break my build? (No.)

Release
June 9, 2026

Black & white, and it follows your system

enveigh is now strictly monochrome and defers entirely to your macOS appearance: Light or Dark, no custom color scheme to fight your desktop. The only hue left is red, reserved for danger (an exposed or overdue key). The brand mark and app icon went black-and-white to match.

Why bother? A secrets tool should feel calm and trustworthy, not loud. Removing color removed a whole class of fiddly theming and let the content carry the weight.

Design
June 8, 2026

Run with your environment, without the keys

The command runner is now a right-hand panel that slides into the main window (⌘R), instead of a separate floating window. Pick an environment, type a command, and it runs with the secrets injected as env vars, with every value redacted from the output and nothing written to disk.

It auto-selects the environment you're viewing and drops your cursor straight in the command field. The whole idea: the secure path is the fast path.

Feature
June 7, 2026

A local broker, not a daemon

Agents reach the vault over a token-gated UNIX-domain socket that only exists while the vault is unlocked: no always-on network service, no port to scan. Each client gets a scoped token, and scope is enforced on the broker side so a client can't reach outside the environment you granted it.

Release builds run under the Hardened Runtime and drop get-task-allow, so another process can't attach and scrape decrypted values from memory. Updates ship signed via Sparkle.

Security