$ rbw --version
rbw 1.12.1

Bug

When using rbw unlocked to check if your vault is locked or not the expiry timer of the vault gets reset.
Therefore, if you check often enough, your vault never re-locks even though the lock_timeout has expired already.

Steps to reproduce:

rbw config set lock_timeout 10
rbw unlock

# wait 11s and verify vault is now locked
sleep 11
rbw unlocked && echo 'vault is unlocked'

# unlock the vault again and verify it does not get locked as long as `rbw unlocked` is executed inside the `lock_timeout`
# this never prints "rbw unlocked: agent is locked"
rbw unlock
watch -n 1 "rbw unlocked && echo 'unlocked'"

Cause

rbw checks the agents version before checking the unlocked status:

The rbw-agent handling of the rbw::protocol::Action::Version triggers a reset of the lock timer: