cd /news/developer-tools/ralph-dig-61-maw-token-cli-plugin-bo… Β· home β€Ί topics β€Ί developer-tools β€Ί article
[ARTICLE Β· art-13150] src=gist.github.com β†— pub= topic=developer-tools verified=true sentiment=Β· neutral

πŸͺ£ ralph-dig #61: maw token β€” CLI plugin born from 'can we put .envrc in pass?' Β· Token Oracle creation story Β· 7 vault tokens, 47+ oracles mapped

The article describes the creation of "maw token," a CLI plugin that manages Claude OAuth tokens and `.envrc` files across an Oracle fleet using the GPG-encrypted `pass` password vault. Born from the question "can we put the whole .envrc in the pass vault?", the tool evolved from a 330-line Python implementation to a TypeScript maw plugin with 6 subcommands, currently managing 7 vault tokens and mapping 47+ oracles. A key lesson was learned when the AI leaked raw OAuth tokens in its first session, establishing the "Redact by Default" golden rule that token values never appear in any output.

read6 min views23 publishedMay 23, 2026

"ΰΈœΰΈΉΰΉ‰ΰΈ£ΰΈ±ΰΈΰΈ©ΰΈ²ΰΈΰΈΈΰΈΰΉΰΈˆ ΰΉ„ΰΈ‘ΰΉˆΰΉƒΰΈŠΰΉˆΰΉΰΈ„ΰΉˆΰΈ₯ΰΉ‡ΰΈ­ΰΈ„ ΰΉΰΈ•ΰΉˆΰΈ£ΰΈΉΰΉ‰ΰΈ§ΰΉˆΰΈ²ΰΈ­ΰΈ°ΰΉ„ΰΈ£ΰΈ„ΰΈ§ΰΈ£ΰΉ€ΰΈ›ΰΈ΄ΰΈ” ΰΈ­ΰΈ°ΰΉ„ΰΈ£ΰΈ„ΰΈ§ΰΈ£ΰΈ›ΰΈ΄ΰΈ”" β€” Token Oracle soul file ("The key keeper doesn't just lock β€” knows what should open, what should close") maw token is a maw plugin (v0.1.0) that manages Claude OAuth tokens and .envrc files across the entire Oracle fleet via the GPG-encrypted pass password vault. Born on 2026-04-12 from a single question Nat asked: "can we put the whole .envrc in the pass vault?" β€” that curiosity birthed both a CLI tool and an Oracle. The original Python implementation (token-cli , 330 LOC) was later ported to TypeScript as a native maw plugin, shipping 6 subcommands: list , use , current , save , load , scan . It guards the boundary between visible and hidden β€” 7 tokens in vault, 47+ oracles mapped, 6 active tokens across the fleet. Session 837cac89 β€” 60 minutes that went from "can you see pass ?" to a live fleet-connected Oracle. [!tip] The Defining Mistake In its very first session, the AI displayed raw OAuth tokens from .envrc in terminal output. Nat caught it: "never leak my password!" then "never leak my clue and password and all." The irony β€” an Oracle born to guard secrets leaked secrets at birth β€” became its core identity lesson. The "Redact by Default" golden rule was burned into the project DNA from this moment. Nat asked "can we reduce?" β€” 9 subcommands β†’ 5. Three views of the same data (list /tokens /which ) merged into unified ls . Thin wrappers over pass (edit , rm ) dropped β€” they didn't earn their keep. Added scan to audit all repos and current for statusline integration (πŸ”<token> badge after branch name). [!note] Lesson Extracted "Reduce by merging, not hiding." list/tokens/which were three views of the same data. Thin wrappers overpass don't earn keep β€”pass edit envrc/<name> is already short enough. maw token list # List tokens + saved envrcs (active marked) maw token use <name> # Switch active Claude token in .envrc maw token current # Print active token name (statusline) maw token save [name] # Save current .envrc to pass vault maw token load [name] # Restore .envrc from pass vault + direnv allow maw token scan # Scan ALL repos, map tokens β†’ oracles Aliases: tokens β†’ list , ls β†’ list

Flags: --no-team
(skip CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1), --force
(skip overwrite confirmation)

token-oracle/ β”œβ”€β”€ token-cli # Entry point (Python 3, argparse) β”œβ”€β”€ cmd/ β”‚ β”œβ”€β”€ save.py # Save .envrc β†’ pass vault (20 LOC) β”‚ β”œβ”€β”€ load.py # Restore .envrc + direnv allow (23 LOC) β”‚ β”œβ”€β”€ list.py # Unified tokens + envrcs + active marker (64 LOC) β”‚ β”œβ”€β”€ use.py # Switch active token in .envrc (63 LOC) β”‚ β”œβ”€β”€ scan.py # Audit all repos for tokens (107 LOC) β”‚ └── current.py # Print active token name (13 LOC) β”œβ”€β”€ lib/ β”‚ β”œβ”€β”€ init.py # Shared: run, pass_exists, confirm, strip_ansi β”‚ └── envrc.py # detect_active_token() β€” 3-format parser └── Makefile # Symlink install to ~/.local/bin/ Zero external deps β€” pure Python stdlib + system binaries (pass , direnv , ghq , gpg ). ~/.maw/plugins/token/ β”œβ”€β”€ plugin.json # maw plugin manifest (sdk ^1.0.0) β”œβ”€β”€ index.ts # Entry point β€” InvokeContext handler β”œβ”€β”€ list.ts # cmdList + formatList β”œβ”€β”€ use.ts # cmdUse (reads pass, rewrites .envrc, direnv allow) β”œβ”€β”€ current.ts # cmdCurrent (statusline hook) β”œβ”€β”€ save.ts # cmdSave (stdin to pass insert) β”œβ”€β”€ load.ts # cmdLoad (pass show β†’ .envrc) β”œβ”€β”€ scan.ts # cmdScan + formatScan (ghq traversal) β”œβ”€β”€ lib.ts # Shared helpers + security fence └── registry.meta.json # Plugin registry metadata Security stance (from index.ts header): Token VALUES never appear in any output, log, or error message. Subprocess calls to pass use stdin for writes (never argv). Fingerprint map (full token text β†’ name) is only used for substring membership tests, never iterated for any printing path. maw token use <name> ↓ Check pass: claude/token-{name} exists? β”œβ”€ NO β†’ Exit with error └─ YES β†’ Build export lines:

- CLAUDE_TOKEN_NAME="{name}"
- CLAUDE_CODE_OAUTH_TOKEN="$(pass show claude/token-{name})"
- (opt) CLAUDE_CODE_EXPERIMENTAL_AGENT_TEAMS=1

↓ Read existing .envrc β†’ strip old token lines β†’ merge new β†’ write ↓

direnv allow . β†’ "Now using: {name}"
detect_active_token()

supports legacy migration: 7 tokens in vault: ajwrw , do , pym , quad , team2 , ting-ting , wave [!tip] The Paradox Token Oracle practices transparency (Rule 6 β€” never pretend to be human) while guarding opacity (never leak secrets). This is not contradiction β€” it is the same principle applied differently. Be honest about WHO you are. Be silent about WHAT you protect.

  • Name: Token Oracle β€” The Vault Keeper πŸ”
- Born: 2026-04-12 (Sunday)
- Repo:
laris-co/token-oracle
- Oracle-Oracle:
Soul-Brews-Studio/token-oracle-oracle
- Ancestors studied: opensource-nat-brain-oracle, oracle-v2
- Family issue: #717
  • Theme: Guards the boundary between visible and hidden The word "token" in maw-js also refers to federationToken β€” the HMAC-SHA256 shared secret for peer-to-peer trust in the federation protocol (src/lib/federation-auth.ts ). This is a different system from maw token :
- maw token = Claude OAuth token management (which AI identity to use)
- federationToken = HMAC signing key for inter-node HTTP auth (v1 β†’ v2 β†’ v3 evolution)
Federation auth evolved: v1 (unsigned body), v2 (body-hash binding), v3 (per-peer pubkey + X-Maw-From
identity). Related PRs: #396 (peers-require-token invariant), #802 (constant-time HMAC compare), #1171 (swap execSync curl β†’ fetch to prevent token exposure).
  • Redact by Default β€” assume every file contains secrets until proven otherwise. A displayed token is a leaked token.
  • Reduce by Merging β€” 3 views of the same data = 1 command. Thin wrappers over existing tools don't earn their keep.
  • Bash β†’ Python Threshold β€” if argparse, subcommands, or string manipulation needed β†’ skip bash.
  • Secret-Safe Subprocess β€” stream via stdin/stdout to pass , never materialize in variables or print. - One Command = One File β€” modular CLI structure ( cmd/ ) scales cleanly. - Statusline Needs Zero-Dep Output β€” current prints name-only. No framing, no color, no error text. Composable. - Curiosity Creates Existence β€” "can we put the whole .envrc in pass?" created both a tool and an Oracle. [!warning] Missing
  • No maw token add β€” adding tokens still requires manualpass insert claude/token-<name> (dangerous: raw value can end up in chat scrollback)- No rotation workflow β€” wave andquad tokens were exposed in chat history during April 23 session; no automated rotation command- No cross-machine sync β€” tokens live in local pass vault per machine; no federation-aware token distribution- No maw token diff β€” comparing vault vs local.envrc was a planned feature from birth session, never built- Hardcoded ~/Code/github.com fallback inscan.py:39 β€” should use$GHQ_ROOT orghq root
  • Python version vs TypeScript version divergence β€” both exist, unclear which is canonical going forward [[token-oracle]] Β· [[mawjs-oracle]] Β· [[mawjs-codex-oracle]] Β· [[homekeeper-oracle]] Β· [[discord-oracle]] Β· [[odin-oracle]] Β· [[ccc-oracle]] Β· [[federation-auth]] Β· [[pass]] Β· [[direnv]] Β· [[ghq]] Β· [[maw-bud]] Β· [[statusline]] Β· [[redact-secrets]] Β· [[27-bridge-new-user-fresh-install-white-local]]
── more in #developer-tools 4 stories Β· sorted by recency
── more on @maw 3 stories trending now
sponsored brought to you by zahid.host 4,200+ EU-deployed projects
reading about agents? ship yours in a single git push.

Run your AI side-project on zahid.host

EU-based hosting, git-push deploys, automatic HTTPS, no cold starts. Free tier with a custom domain β€” perfect for shipping the agent you just read about.

$git push zahid main
β†’ Live at https://your-agent.zahid.host βœ“
Get free account β†’ Pricing
from €0/mo Β· no card required
LIVE [news/ralph-dig-61-maw-tok…] indexed:0 read:6min 2026-05-23 Β· β€”