feat(oauth): store OAuth credentials in the OS keychain by default

.changeset/keychain-credential-storage.md

@@ -0,0 +1,6 @@
+---
+"@moonshot-ai/kimi-code": minor
+"@moonshot-ai/kimi-code-oauth": minor
+---
+
+Store OAuth credentials in the OS keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service) by default, falling back to the plaintext file store when the keychain is unavailable — unsupported platform, missing/locked backend, native binary not loadable, or `KIMI_DISABLE_KEYRING=1`. Existing plaintext credentials are migrated into the keychain on first read and then deleted, so users stay logged in and the on-disk secret is removed. Set `KIMI_DISABLE_KEYRING=1` to opt out and keep using the plaintext file store.

apps/kimi-code/package.json

@@ -75,6 +75,7 @@
   },
   "optionalDependencies": {
     "@mariozechner/clipboard": "^0.3.2",
+    "@napi-rs/keyring": "1.3.0",
     "chalk": "^5.4.1",
     "cli-highlight": "^2.1.11",
     "commander": "^13.1.0",

apps/kimi-code/scripts/native/check-bundle.mjs

@@ -23,7 +23,7 @@ const optionalRuntimeRequires = new Set([
   'utf-8-validate',
 ]);
 const optionalRelativeRuntimeRequires = new Set(['./crypto/build/Release/sshcrypto.node']);
-const handledNativeRuntimeRequires = new Set(['koffi']);
+const handledNativeRuntimeRequires = new Set(['koffi', '@napi-rs/keyring']);
 
 function isAllowedSpecifier(specifier) {
   if (builtins.has(specifier) || specifier.startsWith('node:')) return true;

apps/kimi-code/scripts/native/native-deps.mjs

@@ -27,6 +27,15 @@ const clipboardSubpackageByTarget = Object.freeze({
   'win32-x64': '@mariozechner/clipboard-win32-x64-msvc',
 });
 
+const keyringSubpackageByTarget = Object.freeze({
+  'darwin-arm64': '@napi-rs/keyring-darwin-arm64',
+  'darwin-x64': '@napi-rs/keyring-darwin-x64',
+  'linux-arm64': '@napi-rs/keyring-linux-arm64-gnu',
+  'linux-x64': '@napi-rs/keyring-linux-x64-gnu',
+  'win32-arm64': '@napi-rs/keyring-win32-arm64-msvc',
+  'win32-x64': '@napi-rs/keyring-win32-x64-msvc',
+});
+
 const koffiTripletByTarget = Object.freeze({
   'darwin-arm64': 'darwin_arm64',
   'darwin-x64': 'darwin_x64',
@@ -68,6 +77,18 @@ export const nativeDeps = Object.freeze([
     collect: 'native-files',
     parent: 'clipboard-host',
   },
+  {
+    id: 'keyring-host',
+    name: () => '@napi-rs/keyring',
+    collect: 'js-only',
+    parent: null,
+  },
+  {
+    id: 'keyring-target',
+    name: (target) => keyringSubpackageByTarget[target],
+    collect: 'native-files',
+    parent: 'keyring-host',
+  },
   {
     id: 'pi-tui',
     name: () => '@earendil-works/pi-tui',

apps/kimi-code/src/native/module-hook.ts

@@ -9,6 +9,7 @@ interface ModuleWithLoad {
 }
 
 const nodeRequire = createRequire(import.meta.url);
+const NATIVE_ASSET_PACKAGES = new Set(['koffi', '@napi-rs/keyring']);
 let installed = false;
 let loadingNativePackage = false;
 
@@ -26,10 +27,10 @@ export function installNativeModuleHook(): void {
     parent: unknown,
     isMain: boolean,
   ): unknown {
-    if (request === 'koffi' && !loadingNativePackage) {
+    if (NATIVE_ASSET_PACKAGES.has(request) && !loadingNativePackage) {
       loadingNativePackage = true;
       try {
-        const pkg = loadNativePackage<unknown>('koffi');
+        const pkg = loadNativePackage<unknown>(request);
         if (pkg !== null) return pkg;
       } finally {
         loadingNativePackage = false;

apps/kimi-code/src/native/smoke.ts

@@ -1,6 +1,6 @@
 import { getEmbeddedNativeAssetManifest, getNativePackageRoot } from './native-assets';
 
-const smokePackages = ['@mariozechner/clipboard', 'koffi'];
+const smokePackages = ['@mariozechner/clipboard', 'koffi', '@napi-rs/keyring'];
 
 export function runNativeAssetSmokeIfRequested(): boolean {
   if (process.env['KIMI_CODE_NATIVE_ASSET_SMOKE'] !== '1') return false;

apps/kimi-code/tsdown.native.config.ts

@@ -16,7 +16,7 @@ const builtins = new Set([
   ...builtinModules,
   ...builtinModules.map((name) => `node:${name}`),
 ]);
-const optionalNativeDependencies = new Set(['cpu-features']);
+const optionalNativeDependencies = new Set(['cpu-features', '@napi-rs/keyring']);
 
 function shouldAlwaysBundle(id: string): boolean {
   if (builtins.has(id) || id.startsWith('node:')) return false;

apps/kimi-code/vitest.config.ts

@@ -14,6 +14,10 @@ export default defineConfig({
     name: 'cli',
     env: {
       KIMI_LOG_LEVEL: 'off',
+      // Keep credential tests hermetic: the OAuth toolkit now defaults to a
+      // keychain-backed store via resolveTokenStorage. Force the file backend
+      // so tests never read/write the developer's real OS keychain.
+      KIMI_DISABLE_KEYRING: '1',
     },
     include: ['test/**/*.test.ts', 'test/**/*.test.tsx'],
   },

docs/en/configuration/config-files.md

@@ -107,6 +107,8 @@ Each entry in the `providers` table defines an API provider, keyed by a unique n
 | `env` | `table<string, string>` | No | Fallback source for provider credentials; see below |
 | `custom_headers` | `table<string, string>` | No | Custom HTTP headers attached to each request |
 
+> **OAuth credential storage**: OAuth tokens are stored in the operating system keychain (macOS Keychain, Windows Credential Manager, Linux Secret Service) by default. Any pre-existing plaintext credential file is migrated into the keychain and then removed. The `oauth.storage` field records where the token lives and is injected automatically — it does not select the backend. Set [`KIMI_DISABLE_KEYRING=1`](./env-vars.md#runtime-switches) to force plaintext-file storage; this is also the automatic fallback when no keychain is available.
+
 **`env` sub-table**: You can write provider-conventional key names (such as `KIMI_API_KEY`) inside `[providers.<name>.env]` as a fallback source for `api_key` / `base_url`. This sub-table is **read only from the config file** and does not modify the shell environment:
 
 ```toml

docs/en/configuration/env-vars.md

@@ -134,6 +134,7 @@ Switches that control the behavior of subsystems such as telemetry, background t
 | `KIMI_MODEL_THINKING_KEEP` | Moonshot preserved-thinking passthrough (`thinking.keep`); applies to the `kimi` provider only, and only while Thinking is on | A value the API accepts, e.g. `all` |
 | `KIMI_CODE_NO_AUTO_UPDATE` | Fully disable the update preflight — no check, background install, or prompt. Legacy alias `KIMI_CLI_NO_AUTO_UPDATE` is also honored | Truthy: `1`/`true`/`yes`/`on` |
 | `KIMI_DISABLE_CRON` | Disable the scheduled-task tool (`CronCreate` rejects new schedules; existing tasks do not fire) | `1` to disable |
+| `KIMI_DISABLE_KEYRING` | Force plaintext-file OAuth credential storage instead of the OS keychain (also the automatic fallback when no keychain is available) | `1` to force the file backend |
 
 ## Diagnostic logs
 

docs/zh/configuration/config-files.md

@@ -107,6 +107,8 @@ timeout = 5
 | `env` | `table<string, string>` | 否 | 供应商凭证的备用来源，详见下文 |
 | `custom_headers` | `table<string, string>` | 否 | 每次请求附加的自定义 HTTP 头 |
 
+> **OAuth 凭据存储**：OAuth 令牌默认存放在操作系统密钥链（macOS Keychain、Windows 凭据管理器、Linux Secret Service）中。已有的明文凭据文件会被迁移到密钥链并随后删除。`oauth.storage` 字段记录令牌所在位置、由登录流程自动注入，并不用于选择后端。设置 [`KIMI_DISABLE_KEYRING=1`](./env-vars.md#运行时开关) 可强制使用明文文件存储；当系统没有可用密钥链时也会自动回退到该方式。
+
 **`env` 子表**：可以把供应商惯用的键名（如 `KIMI_API_KEY`）写在 `[providers.<name>.env]` 里，作为 `api_key` / `base_url` 的备用来源。这个子表**只在配置文件里读取**，不会修改 shell 环境：
 
 ```toml

docs/zh/configuration/env-vars.md

@@ -134,6 +134,7 @@ kimi
 | `KIMI_MODEL_THINKING_KEEP` | Moonshot 保留思考透传（`thinking.keep`），仅对 `kimi` 供应商生效，且仅在 Thinking 开启时注入 | API 接受的值，如 `all` |
 | `KIMI_CODE_NO_AUTO_UPDATE` | 完全禁用更新预检——不检查、不后台安装、不提示。同时兼容旧名 `KIMI_CLI_NO_AUTO_UPDATE` | 真值：`1`/`true`/`yes`/`on` |
 | `KIMI_DISABLE_CRON` | 禁用定时任务工具（`CronCreate` 拒绝新计划，已有任务不触发） | `1` 表示禁用 |
+| `KIMI_DISABLE_KEYRING` | 强制 OAuth 凭据使用明文文件存储而非操作系统密钥链（系统无可用密钥链时也会自动回退到该方式） | `1` 表示强制使用文件后端 |
 
 ## 诊断日志
 

flake.nix

@@ -150,7 +150,7 @@
               inherit (finalAttrs) pname version src pnpmWorkspaces;
               inherit pnpm;
               fetcherVersion = 3;
-              hash = "sha256-u+u5Vm6UgrMW/SwiBoSz2WhKp8GOehk4p6euwlinwFI=";
+              hash = "sha256-XbJ8lTNywbZ+saZ33A7qAa9V3JHYgPBM1Rh2ySenvxs=";
             };
 
             nativeBuildInputs = [

packages/node-sdk/package.json

@@ -57,6 +57,7 @@
   },
   "dependencies": {
     "@antfu/utils": "^9.3.0",
+    "@napi-rs/keyring": "1.3.0",
     "smol-toml": "^1.6.1",
     "yazl": "^3.3.1",
     "zod": "^4.3.6"

packages/node-sdk/vitest.config.ts

@@ -15,6 +15,11 @@ export default defineConfig({
     name: 'kimi-sdk',
     env: {
       KIMI_LOG_LEVEL: 'off',
+      // Keep credential tests hermetic: the OAuth toolkit now defaults to a
+      // keychain-backed store via resolveTokenStorage, and the oauth source
+      // alias resolves the native @napi-rs/keyring binary. Force the file
+      // backend so tests never read/write the developer's real OS keychain.
+      KIMI_DISABLE_KEYRING: '1',
     },
     include: ['test/**/*.test.ts'],
   },

packages/oauth/package.json

@@ -40,9 +40,11 @@
   "scripts": {
     "build": "tsdown",
     "typecheck": "tsc -p tsconfig.json --noEmit",
+    "test": "vitest run",
     "clean": "rm -rf dist"
   },
   "dependencies": {
+    "@napi-rs/keyring": "1.3.0",
     "proper-lockfile": "^4.1.2"
   },
   "devDependencies": {

packages/oauth/src/index.ts

@@ -20,6 +20,9 @@ export { tokenFromWire, tokenToWire } from './types';
 export type { TokenStorage } from './storage';
 export { FileTokenStorage } from './storage';
 
+export { KeyringTokenStorage, resolveTokenStorage } from './keyring-storage';
+export type { KeyringApi, KeyringEntry } from './keyring-storage';
+
 export type { DevicePollResult, RefreshOptions } from './oauth';
 export { pollDeviceToken, refreshAccessToken, requestDeviceAuthorization } from './oauth';