qring-mcp

Retrieve a secret by key. Collapses superposition if the secret has multiple environment states. Records access in audit log (observer effect).

List all secret keys with quantum metadata (scope, decay status, superposition states, entanglement, access count). Values are never exposed. Supports filtering by tag, expiry state, and key pattern.

Store a secret with optional quantum metadata: TTL (decay), environment state (superposition), description, tags.

Remove a secret from the keyring.

Check if a secret exists. Returns boolean. Never reveals the value. Respects decay — expired secrets return false.

Export secrets as .env or JSON format. Collapses superposition. Supports filtering by specific keys or tags.

Import secrets from .env file content. Parses standard dotenv syntax (comments, quotes, multiline escapes) and stores each key/value pair in q-ring.

Validate project secrets against the .q-ring.json manifest. Returns which required secrets are present, missing, expired, or stale. Use this to verify project readiness.

Generate .env file content from the project manifest (.q-ring.json). Resolves each declared secret from q-ring, collapses superposition, and returns .env formatted output. Warns about missing or expired secrets.

Show full quantum state of a secret: superposition states, decay status, entanglement links, access history. Never reveals the actual value.

Detect the current environment context (wavefunction collapse). Returns the detected environment and its source (NODE_ENV, git branch, project config, etc.).

Generate a cryptographic secret (quantum noise). Formats: hex, base64, alphanumeric, uuid, api-key, token, password. Optionally save directly to the keyring.

Create a quantum entanglement between two secrets. When the source is rotated/updated, the target automatically receives the same value.

Remove a quantum entanglement between two secrets. They will no longer synchronize on rotation.

Create an ephemeral secret that exists only in memory (quantum tunneling). Never persisted to disk. Optional TTL and max-reads for self-destruction.

Read an ephemeral tunneled secret by ID. May self-destruct if max-reads is reached.

List active tunneled secrets (IDs and metadata only, never values).

Immediately destroy a tunneled secret.

Pack secrets into an AES-256-GCM encrypted bundle for sharing between machines (quantum teleportation).

Decrypt and import secrets from a teleport bundle.

Query the audit log for secret access history (observer effect). Shows who accessed what and when.

Scan for anomalous secret access patterns: burst reads, unusual-hour access. Returns findings and recommendations.

Run a comprehensive health check on all secrets: decay status, staleness, anomalies, entropy assessment.

Test if a secret is actually valid with its target service (e.g., OpenAI, Stripe, GitHub). Uses provider auto-detection based on key prefixes, or accepts an explicit provider name. Never logs the secret value.

List all available validation providers for secret liveness testing.

Register a webhook/callback that fires when a secret is updated, deleted, or rotated. Supports shell commands, HTTP webhooks, and process signals.

List all registered secret change hooks with their match criteria, type, and status.

Remove a registered hook by ID.

Launch the quantum status dashboard — a local web page showing live health, decay timers, superposition states, entanglement graph, tunnels, audit log, and anomaly alerts. Returns the URL to open in a browser.

Run an autonomous agent health scan: checks decay, staleness, anomalies, and optionally auto-rotates expired secrets. Returns a structured report.