Common errors, in plain English

Running unlock / lock / share / ci-token / escrow inside a repo that has no .sealrepo/link.json.

Either you're in the wrong folder, or you skipped the linking step. Run:See Link a project for where to get the project ID.

Trying to unlock with an access code that was revoked from the dashboard.

The code is dead. Ask whoever shared it with you to generate a new one (Project page → Create access code). Any files that were already decrypted in your shell are wiped within seconds.

A CI build that was working last night is now failing.

An admin revoked the token. Create a new one (CI tokens → New token), copy it once, update the SEALREPO_TOKEN secret in your CI provider, re-run the build.

sealrepo unlock claims your passphrase is wrong, but you're sure it isn't.

sealrepo escrow recover bails right before decryption.

The blob was uploaded with a different passphrase than what you just typed (i.e. someone rotated since you backed up). The fix is to recover from your recovery code on the new machine instead:Then re-enable escrow with the current passphrase:

Trying to use --strict on a system without tmpfs / sufficient RAM.

Strict Mode mounts decrypted files in RAM only. If you're on a constrained CI runner or an old kernel, fall back to standard unlock — it's still encrypted on disk between sessions, just not RAM-only during the session:

Rare — usually after running thousands of API calls from one IP.

The CLI honors SEALREPO_APIif you want to bypass Cloudflare during local testing (don't ship this to production). For the normal case, just wait a minute and retry — Cloudflare clears the challenge automatically.

Signed up, accepted an invite, or hit password reset — nothing in inbox.