Goal
Support macOS, Linux, and Windows without forking Agentic Secrets into unrelated platform-specific products.
Scope
- Extract a reusable platform-neutral core for policy evaluation, decision manifests, command policy packs, audit construction, redaction, registry schema, rollback detection, and command classification.
- Move platform-specific behavior behind thin native layers for macOS, Linux, and Windows.
- Define protocols for secret storage, local approval, process identity, IPC authorization, service lifecycle, filesystem paths, and secure randomness.
Milestones
- Extract and document platform boundary protocols.
- Move macOS-specific code behind Platform/macOS implementations.
- Add platform contract tests with fake platform providers in CI.
- Build a Linux CLI prototype with local encrypted storage and user service lifecycle.
- Build a Windows CLI prototype with DPAPI or Credential Manager storage and named pipe authorization.
- Add native installer and repair flows after command-line contracts stabilize.
Acceptance criteria
- Core contract tests pass without macOS frameworks.
- Platform code cannot read provider secrets except through the approved secret authority boundary.
- Platform storage, prompt, IPC, and lifecycle behavior are covered by conformance tests.
- Documentation states common vs platform-specific security claims.
Roadmap source: ROADMAP.md, Direction 1.
Goal
Support macOS, Linux, and Windows without forking Agentic Secrets into unrelated platform-specific products.
Scope
Milestones
Acceptance criteria
Roadmap source: ROADMAP.md, Direction 1.