vault_status
vault_status returns the current state of the ov mcp serve session. Useful for verifying the bridge is running correctly, confirming which app is active, and checking interceptor activity.
Parameters
Section titled “Parameters”None.
Response
Section titled “Response”{ "unlocked": true, "intercept_mode": "block", "intercepted_count": 0, "session_age_seconds": 142}| Field | Description |
|---|---|
unlocked | true if the session is authenticated and the KEK is loaded |
intercept_mode | Current interceptor mode: block (default) or warn |
intercepted_count | Number of potential secrets intercepted this session |
session_age_seconds | Seconds since ov mcp serve was started |
Confirming the bridge is healthy
Section titled “Confirming the bridge is healthy”Call vault_status at the start of a session to confirm the bridge is running before issuing any vault_run calls:
“Let me verify the vault is unlocked before we start.” → calls
vault_status→ confirmsunlocked: true→ proceeds withvault_run
Checking interceptor activity
Section titled “Checking interceptor activity”If intercepted_count is greater than 0, something triggered the inbound interceptor during this session — either a command that could exfiltrate injected secrets was blocked, or a raw secret pattern was detected in MCP traffic. Check your audit log for details.