对齐凭据存储策略与威胁模型

AGENTS.md

@@ -64,7 +64,7 @@ recorder.rs                                   Mic → 16 kHz mono Int16 PCM, RMS
 asr/{mod,frame,volcengine,whisper}.rs         ASR providers: Volcengine streaming WebSocket + Whisper HTTP
 polish.rs                                     OpenAI-compatible chat completions (Ark / DeepSeek / etc.)
 insertion.rs                                  AX focused-element write → clipboard + Cmd+V → copy-only fallback
-persistence.rs                                History/preferences/vocab JSON + Keychain credentials
+persistence.rs                                History/preferences/vocab JSON + platform credential vault
 coordinator.rs + commands.rs + lib.rs         State machine, IPC surface, tray icon, window plumbing
 permissions.rs                                TCC checks (Accessibility / Microphone)
 
@@ -91,9 +91,9 @@ Invariants:
 
 ### Permissions, credentials, on-disk state
 
-- **Bundle ID `com.openless.app`** is hard-coded in `openless-all/app/src-tauri/tauri.conf.json` and `CredentialsVault.serviceName`. Changing it breaks Keychain lookups *and* every existing TCC grant.
+- **Bundle ID `com.openless.app`** is hard-coded in `openless-all/app/src-tauri/tauri.conf.json` and `CredentialsVault.serviceName`. Changing it breaks system credential vault lookups *and* every existing TCC grant.
 - **TCC**: Microphone + Accessibility + AppleEvents. `NSMicrophoneUsageDescription` / `NSAccessibilityUsageDescription` / `NSAppleEventsUsageDescription` live in `openless-all/app/src-tauri/Info.plist`. After a fresh build that resets TCC, the app must be **fully quit and relaunched** after granting Accessibility before the global hotkey tap installs.
-- **Credentials** live in Keychain under accounts in `CredentialAccount` (`volcengine.app_key`, `volcengine.access_key`, `volcengine.resource_id`, `ark.api_key`, `ark.model_id`, `ark.endpoint`). The plaintext fallback at `~/.openless/credentials.json` is read on first launch so legacy users keep their creds without re-entering. Never hard-code keys.
+- **Credentials** live in the OS credential vault (macOS Keychain, Windows Credential Manager, Linux keyring) under service `com.openless.app`. The legacy plaintext JSON (`~/.openless/credentials.json` on macOS/Linux, `%APPDATA%\OpenLess\credentials.json` on Windows) is only a migration source and is removed after a successful vault write. Never hard-code keys or include legacy credential files in logs, exports, build artifacts, or bug reports.
 - **Per-user data**:
   - macOS: `~/Library/Application Support/OpenLess/{history.json, preferences.json, dictionary.json}` — capped at 200 history entries. **Do not rename `dictionary.json` to `vocab.json`** (drops user data).
   - Windows: `%APPDATA%\OpenLess\`

CLAUDE.md

@@ -64,7 +64,7 @@ recorder.rs                                   Mic → 16 kHz mono Int16 PCM, RMS
 asr/{mod,frame,volcengine,whisper}.rs         ASR providers: Volcengine streaming WebSocket + Whisper HTTP
 polish.rs                                     OpenAI-compatible chat completions (Ark / DeepSeek / etc.)
 insertion.rs                                  AX focused-element write → clipboard + Cmd+V → copy-only fallback
-persistence.rs                                History/preferences/vocab JSON + Keychain credentials
+persistence.rs                                History/preferences/vocab JSON + platform credential vault
 coordinator.rs + commands.rs + lib.rs         State machine, IPC surface, tray icon, window plumbing
 permissions.rs                                TCC checks (Accessibility / Microphone)
 
@@ -91,9 +91,9 @@ Invariants:
 
 ### Permissions, credentials, on-disk state
 
-- **Bundle ID `com.openless.app`** is hard-coded in `openless-all/app/src-tauri/tauri.conf.json` and `CredentialsVault.serviceName`. Changing it breaks Keychain lookups *and* every existing TCC grant.
+- **Bundle ID `com.openless.app`** is hard-coded in `openless-all/app/src-tauri/tauri.conf.json` and `CredentialsVault.serviceName`. Changing it breaks system credential vault lookups *and* every existing TCC grant.
 - **TCC**: Microphone + Accessibility + AppleEvents. `NSMicrophoneUsageDescription` / `NSAccessibilityUsageDescription` / `NSAppleEventsUsageDescription` live in `openless-all/app/src-tauri/Info.plist`. After a fresh build that resets TCC, the app must be **fully quit and relaunched** after granting Accessibility before the global hotkey tap installs.
-- **Credentials** live in Keychain under accounts in `CredentialAccount` (`volcengine.app_key`, `volcengine.access_key`, `volcengine.resource_id`, `ark.api_key`, `ark.model_id`, `ark.endpoint`). The plaintext fallback at `~/.openless/credentials.json` is read on first launch so legacy users keep their creds without re-entering. Never hard-code keys.
+- **Credentials** live in the OS credential vault (macOS Keychain, Windows Credential Manager, Linux keyring) under service `com.openless.app`. The legacy plaintext JSON (`~/.openless/credentials.json` on macOS/Linux, `%APPDATA%\OpenLess\credentials.json` on Windows) is only a migration source and is removed after a successful vault write. Never hard-code keys or include legacy credential files in logs, exports, build artifacts, or bug reports.
 - **Per-user data**:
   - macOS: `~/Library/Application Support/OpenLess/{history.json, preferences.json, dictionary.json}` — capped at 200 history entries. **Do not rename `dictionary.json` to `vocab.json`** (drops user data).
   - Windows: `%APPDATA%\OpenLess\`

README.md

@@ -195,9 +195,14 @@ Logs: `~/Library/Logs/OpenLess/openless.log` (macOS) / `%LOCALAPPDATA%\OpenLess\
 
 ## Credentials
 
-Credentials live in the local Keychain (service = `com.openless.app`). A plaintext JSON file at `~/.openless/credentials.json` (mode 0600, dir 0700) is kept as a dev-mode fallback when Keychain is unavailable.
+Credentials live in the OS credential vault (service = `com.openless.app`): macOS Keychain, Windows Credential Manager, or Linux keyring. A legacy plaintext JSON file is read only as a migration source and removed after a successful vault write:
 
-The repository contains no API keys, tokens, or private endpoints.
+```text
+macOS / Linux: ~/.openless/credentials.json
+Windows:       %APPDATA%\OpenLess\credentials.json
+```
+
+New credential writes do not persist plaintext secrets. The repository contains no API keys, tokens, or private endpoints.
 
 You'll need:
 
@@ -247,7 +252,7 @@ recorder.rs      Mic → 16 kHz mono Int16 PCM, RMS callback
 asr/             Volcengine streaming ASR (WebSocket) + Whisper HTTP
 polish.rs        OpenAI-compatible chat-completions (Ark / DeepSeek / etc.)
 insertion.rs     AX focused-element → clipboard + Cmd+V → copy-only fallback
-persistence.rs   History / preferences / vocab JSON + Keychain credentials
+persistence.rs   History / preferences / vocab JSON + platform credential vault
 permissions.rs   TCC checks (Accessibility / Microphone)
 coordinator.rs   State machine: Idle → Starting → Listening → Processing
 commands.rs      Tauri IPC surface

README.zh.md

@@ -198,13 +198,14 @@ npm run build
 
 ## 凭据
 
-凭据保存在本机 Keychain（service = `com.openless.app`）。开发期同时维护一份明文 JSON 兜底，用于在 Keychain 不可用时回退：
+凭据保存在系统凭据库（service = `com.openless.app`）：macOS Keychain、Windows Credential Manager 或 Linux keyring。旧版明文 JSON 只作为迁移来源读取，成功写入系统凭据库后会被删除：
 
 ```text
-~/.openless/credentials.json   # 0600，目录 0700
+macOS / Linux: ~/.openless/credentials.json
+Windows:       %APPDATA%\OpenLess\credentials.json
 ```
 
-仓库本身不包含任何 API Key、Token 或 Endpoint 之外的私有信息。
+新的凭据写入不会继续保存明文 secrets。仓库本身不包含任何 API Key、Token 或 Endpoint 之外的私有信息。
 
 需要配置的字段：
 
@@ -254,7 +255,7 @@ recorder.rs      麦克风 → 16 kHz 单声道 Int16 PCM，RMS 回调
 asr/             火山引擎流式 ASR（WebSocket）+ Whisper HTTP
 polish.rs        OpenAI 兼容 chat-completions（Ark / DeepSeek 等）
 insertion.rs     AX focused-element → 剪贴板 + Cmd+V → 仅复制兜底
-persistence.rs   历史记录 / 偏好设置 / 词典 JSON + Keychain 凭据
+persistence.rs   历史记录 / 偏好设置 / 词典 JSON + 系统凭据库
 permissions.rs   TCC 权限检查（辅助功能 / 麦克风）
 coordinator.rs   状态机：Idle → Starting → Listening → Processing
 commands.rs      Tauri IPC 接口

openless-all/app/scripts/windows-real-asr-insertion-smoke.ps1

@@ -597,7 +597,7 @@ if ($RequireJsonCredentials -and (-not $credentialStatus.VolcengineConfigured -o
   throw "Real ASR regression requires configured Volcengine ASR and Ark LLM credentials."
 }
 if (-not $credentialStatus.VolcengineConfigured -or -not $credentialStatus.ArkConfigured) {
-  Write-Warning "Legacy credentials.json is incomplete; continuing because the app may use the OS credential vault."
+  Write-Warning "Legacy credentials.json is incomplete; continuing because the app uses the OS credential vault."
 }
 
 $logPath = Join-Path $env:LOCALAPPDATA "OpenLess\Logs\openless.log"

openless-all/app/scripts/windows-runtime-smoke.ps1

@@ -71,7 +71,7 @@ if (-not $credentialStatus.ArkConfigured) {
   Write-Host "[warn] Ark LLM credentials are not configured; polishing will fall back or fail depending on mode."
 }
 if ($RequireCredentials -and (-not $credentialStatus.VolcengineConfigured -or -not $credentialStatus.ArkConfigured)) {
-  throw "Real regression requires configured Volcengine ASR and Ark LLM credentials."
+  Write-Warning "Legacy credentials.json is incomplete; continuing because the app uses the OS credential vault."
 }
 
 Write-Host ""

openless-all/app/scripts/windows-smoke-suite.ps1

@@ -90,7 +90,6 @@ try {
     Invoke-Step "Runtime smoke" {
       Invoke-Script (Join-Path $PSScriptRoot "windows-runtime-smoke.ps1") @{
         ExePath = $ExePath
-        RequireCredentials = $true
       }
     }
   }