feat(cli): two-key role routing + init bootstrap

openStore(role) selects the DEK wrap slot; admin commands require
EMCLI_ADMIN_KEY (admin slot only, no agent fallback); init writes both
slots from both keys. Test helpers seed the wrap slots.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>

internal/cli/role_test.go

@@ -0,0 +1,46 @@
+package cli
+
+import (
+	"path/filepath"
+	"testing"
+
+	"git.dcglab.co.uk/steve/emcli/internal/crypto"
+	"git.dcglab.co.uk/steve/emcli/internal/store"
+)
+
+func TestCommandRole(t *testing.T) {
+	admin := []string{"account", "whitelist", "config", "audit"}
+	agent := []string{"list", "get", "search", "ack", "send", "doctor"}
+	for _, c := range admin {
+		if commandRole(c) != store.RoleAdmin {
+			t.Errorf("%s should be admin", c)
+		}
+	}
+	for _, c := range agent {
+		if commandRole(c) != store.RoleAgent {
+			t.Errorf("%s should be agent", c)
+		}
+	}
+}
+
+func TestAgentCommandWorksWithOnlyAdminKey(t *testing.T) {
+	// A human holding only the admin key can still run agent commands
+	// (admin is a superset → agent-role unlock falls back to the admin slot).
+	db := filepath.Join(t.TempDir(), "emcli.db")
+	t.Setenv("EMCLI_ADMIN_KEY", b64Key())
+	t.Setenv("EMCLI_KEY", b64AgentKey())
+	t.Setenv("EMCLI_DB", db)
+	st, _ := store.Open(db)
+	ak, _ := crypto.AdminKeyFromEnv()
+	gk, _ := crypto.AgentKeyFromEnv()
+	st.InitKeys(ak, gk)
+	st.Close()
+
+	// Only the admin key now; agent command must still open the store.
+	t.Setenv("EMCLI_KEY", "")
+	s2, err := openStore(store.RoleAgent)
+	if err != nil {
+		t.Fatalf("agent role with only admin key should open: %v", err)
+	}
+	s2.Close()
+}