24852c6789
get_runtime() now calls ensure_unlocked(interactive=False) when the keystore is initialized but locked, so HERMES_KEYSTORE_PASSPHRASE and credential-store-cached passphrases work for wallet CLI commands without requiring a separate unlock step. Found during Linux sandbox testing where 'hermes wallet status' failed with KeystoreLocked despite the env var being set.