v2.8.0

API keys are now keychain-first and stay local by default — syncing them to codeep.dev is an explicit opt-in (/keysync on), and codeep account purge-keys wipes any keys already on the server.

Added

• /keysync on|off|status — opt in (or out) of syncing API keys to
  codeep.dev. OFF by default: your keys live only in the OS keychain unless
  you enable this. When on, codeep account push/sync upload/download keys;
  the command warns that synced keys are stored server-readable. Also available
  in /settings, and forced off by the CODEEP_NO_KEY_SYNC env var (org policy).
• codeep account purge-keys — delete every API key stored on codeep.dev in
  one shot (cloud-only; your local OS keychain is untouched). A clean exit if you
  synced keys before and want them off the server.

Changed

• codeep account push / account sync no longer move API keys unless cloud
  key sync is enabled (/keysync on). They still push/pull personalities,
  custom commands, and your profile as before — only the secret half is gated.
  Existing users who relied on key sync just run /keysync on once.