Add EnigmAgent MCP — Local Secrets Vault cursor rules

[Agnuxo1]

Summary

Adds a new .cursorrules rule under Other that teaches the agent to never paste secrets into chat or source files, and to instead route every credential through a local AES-256-GCM encrypted vault — the enigmagent-mcp Model Context Protocol server.

Files added

• rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules — the rule prompt
• rules/enigmagent-mcp-secrets-cursorrules-prompt-file/README.md — overview, benefits, synopsis
• One line in README.md under the Other category, alphabetical order

What the rule does

1. Hard rules: never paste secrets into chat, never echo vault values back, never inline literals into source.
2. Detection heuristics: recognizes sk-..., ghp_..., AWS access keys, BIP-39 mnemonics, PEM blocks, connection strings with embedded passwords.
3. Workflow patterns: for storing (set), reading (get), listing, rotating credentials through MCP tool calls.
4. gitignore discipline: verifies .env, *.pem, ~/.enigmagent/ are gitignored before commits.

Why it's useful

Cursor and Claude Code are great at pasting secrets back into your codebase. This rule turns that off and gives the agent a safe place to put them — encrypted with AES-256-GCM + Argon2id, on disk only, no cloud.

EnigmAgent itself: MIT, npm, Glama security A.

Co-Authored-By: Claude Sonnet 4.6 noreply@anthropic.com

Summary by CodeRabbit

• Documentation

  • Added guide and usage notes for a local encrypted secrets vault integration, including setup, safety guidance, gitignore recommendations, and repository/license links.
  • Updated the project catalog to reference the new vault documentation.

• New Features

  • Added a credential-handling ruleset that detects secret-like input, prevents echoing secrets, and guides storing, retrieving, listing, and rotating secrets via the local encrypted vault.

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 257880f5-8ff7-4b31-9d69-3ac8d54e6c23

📥 Commits

Reviewing files that changed from the base of the PR and between c03c9da and 3265750.

📒 Files selected for processing (1)

• rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules

✅ Files skipped from review due to trivial changes (1)

• rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules

---

📝 Walkthrough

Walkthrough

Adds an EnigmAgent MCP Cursor ruleset and docs plus a README link: detect credential-like inputs, refuse to echo/store them inline, and redirect storage/access to a local AES-256-GCM encrypted vault via mcp set/get/list.

Changes

Cohort / File(s)	Summary
Catalog README README.md	Added an “Other” catalog link to the EnigmAgent MCP .cursorrules entry for local secret-vault handling.
EnigmAgent MCP Rules & Docs rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules, rules/enigmagent-mcp-secrets-cursorrules-prompt-file/README.md	New Cursor ruleset and companion README: credential-detection heuristics, refusal to echo or write secret values, detect-and-redirect flow prompting user for kebab-case name and storing via mcp set, runtime access via mcp get or gitignored .env, names-only list, rotation via set, .gitignore hygiene guidance, init/setup notes and local AES-256-GCM + Argon2id key derivation details.

Sequence Diagram(s)

sequenceDiagram
  participant User as User
  participant Agent as Agent
  participant MCP as EnigmAgent MCP
  participant Vault as Local Vault (encrypted)

  User->>Agent: sends message containing credential
  Agent->>Agent: detect credential (heuristics)
  Agent->>User: request kebab-name to store (do not echo value)
  User->>Agent: confirm name
  Agent->>MCP: mcp set <name> <value>
  MCP->>Vault: encrypt & store entry
  MCP-->>Agent: acknowledge (name stored)
  Agent-->>User: confirm by name only

  alt Runtime use
    Agent->>MCP: mcp get <name>
    MCP->>Vault: retrieve & decrypt
    MCP-->>Agent: return secret (in-memory only)
    Agent->>Service: use secret at runtime (do not write to repo)
  end

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Suggested reviewers

• PatrickJS

Poem

🐰 I found a token near the root,

I hummed a tune and hid the loot,
AES-256 wraps secrets tight,
I keep the name and skip the write,
Hop safe, small key—sleep through the night.

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and specifically describes the main change: adding a new EnigmAgent MCP cursor rules configuration for local secrets vault handling.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@README.md`:
- Line 280: The new README entry "EnigmAgent MCP — Local Secrets Vault" is
appended out of alphabetical order; move the line "- [EnigmAgent MCP — Local
Secrets
Vault](./rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules)" so
it appears between the existing "DragonRuby Best Practices" and "Graphical Apps
Development" entries to restore strict alphabetical order within that "Other"
category, then verify the remaining items in the section remain sorted.

In `@rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules`:
- Line 16: Update the ".gitignore discipline." rule text: remove
`~/.enigmagent/` from the repository `.gitignore` checklist and split the
guidance into two parts — a repository-level list mentioning `.env`,
`.env.local`, `*.pem`, `*.key`, and `id_rsa` that should be committed to the
repo `.gitignore`, and a separate system-level note explaining `~/.enigmagent/`
must be protected outside version control (e.g., added to a user/global
gitignore or otherwise kept out of the repo) so readers know to handle
`~/.enigmagent/` outside the repo `.gitignore`.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 0cbe8d6d-6292-479b-9373-55bdd018511e

📥 Commits

Reviewing files that changed from the base of the PR and between fc2ce04 and 23117ee.

📒 Files selected for processing (3)

• README.md
• rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules
• rules/enigmagent-mcp-secrets-cursorrules-prompt-file/README.md

[Agnuxo1]

Thanks @coderabbitai for the thorough review! Both issues addressed in commit 1a0593f:

1. Alphabetical ordering — moved the EnigmAgent entry between "DragonRuby Best Practices" and "Graphical Apps Development" (D → E → G) as recommended.

2. .gitignore discipline (rule 5) — split into two explicit layers:

   • Repository .gitignore: covers .env, .env.local, *.pem, *.key, id_rsa (repository-relative, committed with the project).
   • System-level (~/.enigmagent/): explained that Git does not support tilde expansion in .gitignore; guidance now points to the user's global gitignore (~/.gitignore_global via git config --global core.excludesfile) or $GIT_DIR/info/exclude for per-repo protection outside the working tree.

[coderabbitai]

Only users with a collaborator, contributor, member, or owner role can interact with CodeRabbit.

[Agnuxo1]

Both CodeRabbit findings addressed:

1. README alphabetical order: moved the EnigmAgent MCP entry from line 280 (appended at the bottom) to its correct position between 'DragonRuby Best Practices' and 'Graphical Apps Development' in the 'Other' category.

2. .cursorrules .gitignore split: rule 5 now distinguishes the repository .gitignore (.env, .env.local, *.pem, *.key, id_rsa) from the system-level ~/.enigmagent/ directory which lives outside any repo and should be protected via the user's global gitignore (git config --global core.excludesfile or $GIT_DIR/info/exclude). Includes a heuristic for the rule itself to flag the misconfiguration if it's ever proposed in a project .gitignore.

Thanks for the review @coderabbitai. Both were correct — the appended-at-the-bottom anomaly was sloppy on submit, and the conflated gitignore guidance was technically wrong (Git doesn't tilde-expand patterns).

[coderabbitai]

Only users with a collaborator, contributor, member, or owner role can interact with CodeRabbit.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules (1)

42-46: Consider noting heuristics are non-exhaustive and may produce false positives.

The regex set is reasonable, but a couple of small notes worth considering (optional):

• AIza[0-9A-Za-z_-]{35} and AKIA[0-9A-Z]{16} are unanchored substrings — fine for a "trigger" heuristic, but worth being explicit that detection is best-effort and intentionally err on the side of pausing.
• Other common providers not listed (Stripe sk_live_…/rk_live_…, Slack xoxa-/xoxs-, GitHub fine-grained PAT github_pat_…, Anthropic sk-ant-…, Google OAuth refresh tokens, JWT eyJ… shape) could be mentioned as additional triggers, since the rule already calls out JWTs and OAuth refresh tokens in Hard Rule 1.
• :password@ will miss connection strings using a different literal username/identifier in the password slot (e.g., mongodb://user:S3cr3t@host/...); a looser pattern like ://[^/\s:]+:[^/\s@]+@ would catch more real cases.

Not blocking — this is a prompt rule, and the model is expected to apply judgment beyond the listed patterns.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules` around
lines 42 - 46, Update the prompt rule text to explicitly state that the
heuristic regexes are non-exhaustive and may produce false positives, and expand
recommendations: note that unanchored patterns like `AIza[0-9A-Za-z_-]{35}` and
`AKIA[0-9A-Z]{16}` are best-effort triggers, suggest adding additional provider
tokens (examples: Stripe `sk_live_…`/`rk_live_…`, Slack `xoxa-`/`xoxs-`, GitHub
fine-grained `github_pat_…`, Anthropic `sk-ant-…`, JWT `eyJ…`) as optional
triggers, and recommend loosening the connection-string pattern `:password@` to
a broader form such as `://[^/\s:]+:[^/\s@]+@` to catch credentials like
`mongodb://user:pass@` while preserving the original examples
(`sk-[A-Za-z0-9]{20,}` etc.) as illustrative triggers.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules`:
- Around line 60-70: The example mcp server config is missing the required
--vault argument which causes enigmagent-mcp to fail at runtime; update the
mcpServers entry for "enigmagent" and add "--vault" plus an absolute vault file
path to the args array for the command invocation (the args array that currently
contains ["-y","enigmagent-mcp"] should include "--vault" and the path),
ensuring the enigmagent-mcp process receives the vault file location.

---

Nitpick comments:
In `@rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules`:
- Around line 42-46: Update the prompt rule text to explicitly state that the
heuristic regexes are non-exhaustive and may produce false positives, and expand
recommendations: note that unanchored patterns like `AIza[0-9A-Za-z_-]{35}` and
`AKIA[0-9A-Z]{16}` are best-effort triggers, suggest adding additional provider
tokens (examples: Stripe `sk_live_…`/`rk_live_…`, Slack `xoxa-`/`xoxs-`, GitHub
fine-grained `github_pat_…`, Anthropic `sk-ant-…`, JWT `eyJ…`) as optional
triggers, and recommend loosening the connection-string pattern `:password@` to
a broader form such as `://[^/\s:]+:[^/\s@]+@` to catch credentials like
`mongodb://user:pass@` while preserving the original examples
(`sk-[A-Za-z0-9]{20,}` etc.) as illustrative triggers.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: dd65e68a-8f35-4f74-9637-f8ef09e057e0

📥 Commits

Reviewing files that changed from the base of the PR and between 1a0593f and 0510710.

📒 Files selected for processing (1)

• rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules

[Agnuxo1]

Thanks again @coderabbitai — both round-2 points addressed in commit c03c9da:

🔴 Critical — --vault argument (lines 60–70)
The MCP config example now includes --vault with an absolute path placeholder, plus concrete macOS/Linux and Windows examples using the default ~/.enigmagent/vault.json location.

🟡 Nitpick — detection heuristics (lines 42–46)

• Added explicit note that patterns are best-effort and non-exhaustive — the model should apply judgment and err on pausing.
• Added provider patterns: Anthropic sk-ant-, GitHub fine-grained github_pat_, Slack xoxa-/xoxs-, Stripe sk_live_/rk_live_, JWT eyJ….
• Broadened connection-string pattern from :password@ to ://[^\s:]+:[^\s@]+@ to catch postgres://, mongodb://, etc.

[coderabbitai]

Only users with a collaborator, contributor, member, or owner role can interact with CodeRabbit.

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules`:
- Around line 83-89: Replace the non-absolute and malformed vault paths in the
mcpServers.enigmagent args array (the "command": "npx", "args": ["-y",
"enigmagent-mcp", "--vault", ...]) with concrete absolute paths (e.g.
"/Users/<you>/.enigmagent/vault.json" for macOS/Linux and
"C:\\Users\\<you>\\.enigmagent\\vault.json" for Windows) and escape backslashes
in the Windows JSON so it is valid JSON; if you intend to rely on enigmagent-mcp
to expand ~ or %USERPROFILE%, first confirm that behavior in the CLI, otherwise
always use explicit absolute paths.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro

Run ID: 8fee6025-fea4-410d-acf3-c74eb2d77aa5

📥 Commits

Reviewing files that changed from the base of the PR and between 0510710 and c03c9da.

📒 Files selected for processing (1)

• rules/enigmagent-mcp-secrets-cursorrules-prompt-file/.cursorrules

[Agnuxo1]

Round 3 addressed in commit 3265750 — I actually verified the published tarball before fixing:

enigmagent-mcp v1.0.4 / index.js line 232:
const VAULT_PATH = process.env.ENIGMAGENT_VAULT || getArg('--vault', './enigmagent-vault.json');

No tilde or %USERPROFILE% expansion anywhere in the CLI. CodeRabbit was right on both counts.

Changes:

• macOS/Linux: ~/.enigmagent/vault.json → /Users/<you>/.enigmagent/vault.json (real absolute path)
• Windows: %USERPROFILE%\.enigmagent\vault.json → C:\Users\<you>\.enigmagent\vault.json (real absolute path + valid JSON escaping)
• Added explicit warning that ~ and %USERPROFILE% are not expanded when passed as argv
• Added ENIGMAGENT_VAULT env-var as the cross-platform alternative to hard-coding the path