@caplets/core 0.25.0 → 0.26.0

package/dist/index.js

@@ -1,9 +1,9 @@
-import { $ as decodeDirectResourceUri, $t as ElicitResultSchema, A as nativeCapletToolDescription, An as objectFromShape, At as defaultCacheBaseDir, B as QuickJsCodeModeSandbox, Bt as assertClientRequestTaskCapability, C as resolveRemoteMode, Cn as getLiteralValue, Ct as startOAuthFlow, D as parseServerBaseUrl, Dn as isSchemaOptional, Dt as DEFAULT_AUTH_DIR, E as isLoopbackHost, En as getSchemaDescription, Et as readTokenBundle, F as codeModeRunInputSchema, Ft as resolveConfigPath, G as CodeModeLogStore, Gt as toJsonSchemaCompat, H as createCodeModeCapletsApi, Ht as AjvJsonSchemaValidator, I as codeModeRunParamsSchema, It as resolveProjectCapletsRoot, J as generateCodeModeDeclarations, Jt as CompleteRequestSchema, K as redactCodeModeLogText, Kt as CallToolRequestSchema, L as emptyCodeModeRunMeta, Lt as resolveProjectConfigPath, Mn as safeParseAsync, Mt as defaultConfigPath, Nt as defaultStateBaseDir, O as resolveCapletsServer, On as isZ4Schema, Pt as resolveCapletsRoot, Q as resolveExposure, R as runCodeMode, Rt as ReadBuffer, S as resolveHostedCloudRemote, Sn as isJSONRPCResultResponse, St as startGenericOAuthFlow, T as controlUrlForBase, Tn as getParseErrorMessage, Tt as isTokenBundleExpired, U as listCodeModeCallableCaplets, Ut as Protocol, V as diagnoseCodeModeTypeScript, Vt as assertToolsCallTaskCapability, W as CodeModeJournalStore, Wt as mergeCapabilities, X as minifyCodeModeDeclarationText, Xt as CreateMessageResultWithToolsSchema, Y as generateCodeModeRunToolDescription, Yt as CreateMessageResultSchema, Z as CapletsEngine, Zt as CreateTaskResultSchema, _n as assertCompleteRequestPrompt, _t as markdownCallToolResultContent, a as CloudAuthStore, an as JSONRPCMessageSchema, at as capabilityDescription, b as normalizeRemoteProfileHostUrl, bn as isJSONRPCErrorResponse, bt as runGenericOAuthFlow, c as redactedCloudAuthStatus, cn as ListResourceTemplatesRequestSchema, ct as loadConfigWithSources, d as projectBindingError, dn as ListToolsRequestSchema, dt as loadProjectConfig, en as EmptyResultSchema, et as directResourceUriMatchesTemplate, f as projectBindingRecovery, fn as LoggingLevelSchema, ft as parseConfig, g as buildProjectSyncManifest, gn as SetLevelRequestSchema, gt as hasRenderableStructuredContent, hn as SUPPORTED_PROTOCOL_VERSIONS, ht as loadCapletFilesFromMap, i as createRemoteProfileStore, in as InitializedNotificationSchema, it as ServerRegistry, j as nativeCapletToolName, jn as safeParse, jt as defaultConfigBaseDir, k as nativeCapletPromptGuidance, kn as normalizeObjectSchema, kt as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, l as PROJECT_BINDING_ERROR_CODES, ln as ListResourcesRequestSchema, lt as loadGlobalConfig, mn as ReadResourceRequestSchema, mt as validateCapletFile, n as resolveRemoteSelection, nn as GetPromptRequestSchema, nt as fingerprintProjectRoot, o as cloudAuthPath, on as LATEST_PROTOCOL_VERSION, ot as GoogleDiscoveryManager, p as CloudAuthClient, pn as McpError, pt as discoverCapletFiles, q as codeModeDeclarationHash, qt as CallToolResultSchema, r as cloudCredentialsFromRemoteProfile, rn as InitializeRequestSchema, rt as handleServerTool, s as migrateCredentials, sn as ListPromptsRequestSchema, st as loadConfig, t as createNativeCapletsService, tn as ErrorCode, tt as findProjectRoot, u as ProjectBindingError, un as ListRootsResultSchema, ut as loadLocalOverlayConfigWithSources, v as hostedCloudWorkspaceFromRemoteUrl, vn as assertCompleteRequestResourceTemplate, vt as markdownStructuredContent, w as appendBasePath, wn as getObjectShape, wt as deleteTokenBundle, x as resolveCapletsRemote, xn as isJSONRPCRequest, xt as runOAuthFlow, y as isCapletsCloudUrl, yn as isInitializeRequest, yt as refreshOAuthTokenBundle, z as CodeModeSessionManager, zt as serializeMessage } from "./service-DjwB8aiW.js";
-import { _ as record, b as unknown, d as literal, m as object, n as ZodOptional, o as array, p as number, r as _enum, s as boolean, v as string, x as url } from "./schemas-C0PNPwjS.js";
-import { f as redactSecrets$1, i as SERVER_ID_PATTERN, l as CAPLETS_ERROR_CODES, p as toSafeError, u as CapletsError } from "./validation-DgxCzt-A.js";
+import { $ as resolveExposure, $t as CallToolRequestSchema, A as nativeCapletPromptGuidance, An as getLiteralValue, At as startOAuthFlow, B as CodeModeSessionManager, Bt as defaultStateBaseDir, C as resolveHostedCloudRemote, Cn as SetLevelRequestSchema, Ct as hasRenderableStructuredContent, D as isLoopbackHost, Dn as isJSONRPCErrorResponse, Dt as runGenericOAuthFlow, E as controlUrlForBase, En as isInitializeRequest, Et as refreshOAuthTokenBundle, Fn as isZ4Schema, G as CodeModeJournalStore, Gt as ReadBuffer, H as diagnoseCodeModeTypeScript, Ht as resolveConfigPath, I as codeModeRunInputSchema, In as normalizeObjectSchema, It as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, J as codeModeDeclarationHash, Jt as assertToolsCallTaskCapability, K as CodeModeLogStore, Kt as serializeMessage, L as codeModeRunParamsSchema, Ln as objectFromShape, Lt as defaultCacheBaseDir, M as nativeCapletToolName, Mn as getParseErrorMessage, Mt as isTokenBundleExpired, Nn as getSchemaDescription, Nt as readTokenBundle, O as parseServerBaseUrl, On as isJSONRPCRequest, Ot as runOAuthFlow, Pn as isSchemaOptional, Pt as DEFAULT_AUTH_DIR, Q as CapletsEngine, Qt as toJsonSchemaCompat, R as emptyCodeModeRunMeta, Rn as safeParse, Rt as defaultConfigBaseDir, S as resolveCapletsRemote, Sn as SUPPORTED_PROTOCOL_VERSIONS, St as loadCapletFilesFromMap, T as appendBasePath, Tn as assertCompleteRequestResourceTemplate, Tt as markdownStructuredContent, U as createCodeModeCapletsApi, Ut as resolveProjectCapletsRoot, V as QuickJsCodeModeSandbox, Vt as resolveCapletsRoot, W as listCodeModeCallableCaplets, Wt as resolveProjectConfigPath, X as generateCodeModeRunToolDescription, Xt as Protocol, Y as generateCodeModeDeclarations, Yt as AjvJsonSchemaValidator, Z as minifyCodeModeDeclarationText, Zt as mergeCapabilities, _ as CapletsCloudClient, _n as ListRootsResultSchema, _t as FileVaultStore, a as CloudAuthStore, at as ServerRegistry, b as isCapletsCloudUrl, bn as McpError, bt as discoverCapletFiles, c as redactedCloudAuthStatus, cn as ErrorCode, ct as loadConfig, d as projectBindingError, dn as InitializedNotificationSchema, dt as loadLocalOverlayConfigWithSources, en as CallToolResultSchema, et as decodeDirectResourceUri, f as projectBindingRecovery, fn as JSONRPCMessageSchema, ft as loadProjectConfig, g as buildProjectSyncManifest, gn as ListResourcesRequestSchema, gt as vaultStoreForAuthDir, hn as ListResourceTemplatesRequestSchema, ht as vaultResolverForAuthDir, i as createRemoteProfileStore, in as CreateTaskResultSchema, it as handleServerTool, j as nativeCapletToolDescription, jn as getObjectShape, jt as deleteTokenBundle, k as resolveCapletsServer, kn as isJSONRPCResultResponse, kt as startGenericOAuthFlow, l as PROJECT_BINDING_ERROR_CODES, ln as GetPromptRequestSchema, lt as loadConfigWithSources, mn as ListPromptsRequestSchema, mt as vaultBootstrapResolver, n as resolveRemoteSelection, nn as CreateMessageResultSchema, nt as findProjectRoot, o as cloudAuthPath, on as ElicitResultSchema, ot as capabilityDescription, p as CloudAuthClient, pn as LATEST_PROTOCOL_VERSION, pt as parseConfig, q as redactCodeModeLogText, qt as assertClientRequestTaskCapability, r as cloudCredentialsFromRemoteProfile, rn as CreateMessageResultWithToolsSchema, rt as fingerprintProjectRoot, s as migrateCredentials, sn as EmptyResultSchema, st as GoogleDiscoveryManager, t as createNativeCapletsService, tn as CompleteRequestSchema, tt as directResourceUriMatchesTemplate, u as ProjectBindingError, un as InitializeRequestSchema, ut as loadGlobalConfig, vn as ListToolsRequestSchema, vt as VAULT_MAX_VALUE_BYTES, w as resolveRemoteMode, wn as assertCompleteRequestPrompt, wt as markdownCallToolResultContent, x as normalizeRemoteProfileHostUrl, xn as ReadResourceRequestSchema, xt as validateCapletFile, y as hostedCloudWorkspaceFromRemoteUrl, yn as LoggingLevelSchema, yt as validateVaultKeyName, z as runCodeMode, zn as safeParseAsync, zt as defaultConfigPath } from "./service-rvZ7z6FI.js";
+import { _ as record, b as unknown, d as literal, m as object, n as ZodOptional, o as array, p as number, r as _enum, s as boolean, v as string, x as url } from "./schemas-BoqMu4MG.js";
+import { f as redactSecrets$1, i as SERVER_ID_PATTERN, l as CAPLETS_ERROR_CODES, p as toSafeError, u as CapletsError } from "./validation-C4tYXw6G.js";
 import { generatedToolInputJsonSchemaForCaplet, generatedToolInputSchema, generatedToolInputSchemaForCaplet } from "./generated-tool-input-schema.js";
-import { f as observedOutputShapeKey, g as stableJsonStringify, h as schemaHash, i as observeOutputShape, u as FileObservedOutputShapeStore } from "./observed-output-shapes-D2k2-q8K.js";
-import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-DrPr2vYw.js";
+import { f as observedOutputShapeKey, g as stableJsonStringify, h as schemaHash, i as observeOutputShape, u as FileObservedOutputShapeStore } from "./observed-output-shapes-DuP7mJQf.js";
+import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-DaYL-XQN.js";
 import { n as normalizeCapletSourcePath, t as FilesystemCapletSource } from "./filesystem-Kkg32TOJ.js";
 import { parseConfig as parseConfig$1 } from "./config-runtime.js";
 import fs, { accessSync, chmodSync, closeSync, constants, copyFileSync, cpSync, existsSync, fstatSync, lstatSync, mkdirSync, mkdtempSync, openSync, readFileSync, readSync, readdirSync, readlinkSync, realpathSync, renameSync, rmSync, statSync, watch, writeFileSync, writeSync } from "node:fs";
@@ -14,9 +14,9 @@ import { Readable, Writable } from "node:stream";
 import { STATUS_CODES, createServer } from "node:http";
 import { createHash, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import { homedir, tmpdir, userInfo } from "node:os";
+import { Buffer as Buffer$1 } from "node:buffer";
 import { EventEmitter } from "node:events";
 import { promisify, stripVTControlCharacters } from "node:util";
-import { Buffer as Buffer$1 } from "node:buffer";
 import { createInterface } from "node:readline/promises";
 import { Http2ServerRequest, constants as constants$1 } from "node:http2";
 //#region ../../node_modules/.pnpm/@modelcontextprotocol+sdk@1.29.0_zod@4.4.3/node_modules/@modelcontextprotocol/sdk/dist/esm/experimental/tasks/server.js
@@ -1553,7 +1553,7 @@ const EMPTY_COMPLETION_RESULT = { completion: {
 } };
 //#endregion
 //#region package.json
-var version = "0.25.0";
+var version = "0.26.0";
 //#endregion
 //#region src/serve/session.ts
 var CapletsMcpSession = class {
@@ -4853,7 +4853,7 @@ new Command();
 //#region src/cli/author.ts
 function authorCliCaplet(id, options = {}) {
 	const repo = resolve(options.repo ?? process.cwd());
-	const include = options.include !== void 0 ? parseInclude(options.include) : options.command ? /* @__PURE__ */ new Set() : new Set([
+	const include = options.include !== void 0 ? parseInclude(options.include) : options.command ? /* @__PURE__ */ new Set() : /* @__PURE__ */ new Set([
 		"git",
 		"gh",
 		"package"
@@ -5317,7 +5317,7 @@ function isUrlLike(value) {
 //#endregion
 //#region src/cli/cloud-add.ts
 const MAX_CLOUD_CAPLET_BUNDLE_BYTES = 2 * 1024 * 1024;
-const SKIPPED_DIRECTORY_NAMES = new Set([
+const SKIPPED_DIRECTORY_NAMES = /* @__PURE__ */ new Set([
 	".git",
 	"node_modules",
 	"auth"
@@ -5353,7 +5353,7 @@ function collectFiles(root) {
 //#endregion
 //#region src/cli/auth.ts
 async function loginAuth(serverId, options) {
-	const server = await resolveAuthTarget$1(serverId, options.config ?? loadConfig(options.configPath), options.authDir);
+	const server = await resolveAuthTarget$1(serverId, options.config ?? loadAuthResolvedConfig(options), options.authDir);
 	assertLoginTarget(server, serverId);
 	try {
 		const flowOptions = {
@@ -5375,7 +5375,7 @@ function logoutAuth(serverId, options) {
 	else options.writeOut(`No OAuth credentials found for \`${serverId}\`.\n`);
 }
 function logoutAuthResult(serverId, options) {
-	assertLoginTarget(findAuthTarget(serverId, options.config ?? loadConfig(options.configPath)), serverId);
+	assertLoginTarget(findAuthTarget(serverId, options.config ?? loadConfig(options.configPath, void 0, { vaultResolver: vaultBootstrapResolver })), serverId);
 	return {
 		server: serverId,
 		deleted: deleteTokenBundle(serverId, options.authDir)
@@ -5386,13 +5386,16 @@ async function refreshAuth(serverId, options) {
 	options.writeOut(`Refreshed OAuth credentials for \`${serverId}\`.\n`);
 }
 async function refreshAuthResult(serverId, options) {
-	const target = await resolveAuthTarget$1(serverId, options.config ?? loadConfig(options.configPath), options.authDir);
+	const target = await resolveAuthTarget$1(serverId, options.config ?? loadAuthResolvedConfig(options), options.authDir);
 	assertLoginTarget(target, serverId);
 	await refreshOAuthTokenBundle(target, options.authDir);
 	return { server: serverId };
 }
 function listAuthRows(options) {
-	return authRowsForTargets(authTargets(loadConfig(options.configPath)), options.authDir);
+	return authRowsForTargets(authTargets(loadConfig(options.configPath, void 0, { vaultResolver: vaultBootstrapResolver })), options.authDir);
+}
+function loadAuthResolvedConfig(options) {
+	return loadConfig(options.configPath, void 0, { vaultResolver: vaultResolverForAuthDir(options.authDir) });
 }
 function listLocalAuthRows(options) {
 	return authRowsForTargets(localAuthTargets(options), options.authDir);
@@ -5402,7 +5405,7 @@ function localAuthTargets(options) {
 }
 function localAuthConfigForTarget(options) {
 	assertLoginTarget(localAuthTargets(options).find((candidate) => candidate.server === options.serverId), options.serverId);
-	return loadConfigForSource(options.source, options);
+	return loadConfigForSource(options.source, options, { vaultResolver: vaultResolverForAuthDir(options.authDir) });
 }
 function authTargetsForSource(source, options) {
 	try {
@@ -5415,9 +5418,9 @@ function authTargetsForSource(source, options) {
 		throw error;
 	}
 }
-function loadConfigForSource(source, options) {
-	if (source === "global") return loadGlobalConfig(options.configPath);
-	return loadProjectConfig(options.projectConfigPath);
+function loadConfigForSource(source, options, loadOptions = { vaultResolver: vaultBootstrapResolver }) {
+	if (source === "global") return loadGlobalConfig(options.configPath, loadOptions);
+	return loadProjectConfig(options.projectConfigPath, loadOptions);
 }
 function authRowsForTargets(targets, authDir) {
 	return targets.sort((left, right) => left.server.localeCompare(right.server)).map((server) => {
@@ -6166,7 +6169,7 @@ Description=Caplets daemon
 
 [Service]
 Type=simple
-WorkingDirectory=${systemdQuote(config.command.workingDirectory)}
+WorkingDirectory=${systemdEscape(config.command.workingDirectory, true)}
 ${env ? `${env}\n` : ""}ExecStart=${[command.executable, ...command.args].map((value) => systemdQuote(value)).join(" ")}
 Restart=on-failure
 StandardOutput=append:${systemdEscape(config.paths.stdoutLog, true)}
@@ -7109,7 +7112,7 @@ function isTransientRunnerPath(path) {
 	return /(?:^|\/)_npx(?:\/|$)/u.test(normalized) || /(?:^|\/)dlx-[^/]+(?:\/|$)/u.test(normalized);
 }
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/compose.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/compose.js
 var compose = (middleware, onError, onNotFound) => {
 	return (context, next) => {
 		let index = -1;
@@ -7140,7 +7143,7 @@ var compose = (middleware, onError, onNotFound) => {
 	};
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/http-exception.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/http-exception.js
 var HTTPException = class extends Error {
 	res;
 	status;
@@ -7168,10 +7171,10 @@ var HTTPException = class extends Error {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/request/constants.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/request/constants.js
 var GET_MATCH_RESULT = /* @__PURE__ */ Symbol();
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/utils/body.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/utils/body.js
 var parseBody = async (request, options = /* @__PURE__ */ Object.create(null)) => {
 	const { all = false, dot = false } = options;
 	const contentType = (request instanceof HonoRequest ? request.raw.headers : request.headers).get("Content-Type");
@@ -7219,7 +7222,7 @@ var handleParsingNestedValues = (form, key, value) => {
 	});
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/utils/url.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/utils/url.js
 var splitPath = (path) => {
 	const paths = path.split("/");
 	if (paths[0] === "") paths.shift();
@@ -7383,7 +7386,7 @@ var getQueryParams = (url, key) => {
 };
 var decodeURIComponent_ = decodeURIComponent;
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/request.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/request.js
 var tryDecodeURIComponent = (str) => tryDecode(str, decodeURIComponent_);
 var HonoRequest = class {
 	/**
@@ -7655,7 +7658,7 @@ var HonoRequest = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/utils/html.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/utils/html.js
 var HtmlEscapedCallbackPhase = {
 	Stringify: 1,
 	BeforeStream: 2,
@@ -7685,7 +7688,7 @@ var resolveCallback = async (str, phase, preserveCallbacks, context, buffer) =>
 	else return resStr;
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/context.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/context.js
 var TEXT_PLAIN = "text/plain; charset=UTF-8";
 var setDefaultContentType = (contentType, headers) => {
 	return {
@@ -8046,7 +8049,7 @@ var Context = class {
 	};
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/router.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/router.js
 var METHODS = [
 	"get",
 	"post",
@@ -8058,10 +8061,10 @@ var METHODS = [
 var MESSAGE_MATCHER_IS_ALREADY_BUILT = "Can not add a route since the matcher is already built.";
 var UnsupportedPathError = class extends Error {};
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/utils/constants.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/utils/constants.js
 var COMPOSED_HANDLER = "__COMPOSED_HANDLER";
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/hono-base.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/hono-base.js
 var notFoundHandler = (c) => {
 	return c.text("404 Not Found", 404);
 };
@@ -8395,7 +8398,7 @@ var Hono$1 = class _Hono {
 	};
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/router/reg-exp-router/matcher.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/router/reg-exp-router/matcher.js
 var emptyParam = [];
 function match(method, path) {
 	const matchers = this.buildAllMatchers();
@@ -8412,7 +8415,7 @@ function match(method, path) {
 	return match2(method, path);
 }
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/router/reg-exp-router/node.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/router/reg-exp-router/node.js
 var LABEL_REG_EXP_STR = "[^/]+";
 var ONLY_WILDCARD_REG_EXP_STR = ".*";
 var TAIL_WILDCARD_REG_EXP_STR = "(?:|/.*)";
@@ -8491,7 +8494,7 @@ var Node$1 = class _Node {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/router/reg-exp-router/trie.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/router/reg-exp-router/trie.js
 var Trie = class {
 	#context = { varIndex: 0 };
 	#root = new Node$1();
@@ -8549,7 +8552,7 @@ var Trie = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/router/reg-exp-router/router.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/router/reg-exp-router/router.js
 var nullMatcher = [
 	/^$/,
 	[],
@@ -8680,7 +8683,7 @@ var RegExpRouter = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/router/smart-router/router.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/router/smart-router/router.js
 var SmartRouter = class {
 	name = "SmartRouter";
 	#routers = [];
@@ -8727,7 +8730,7 @@ var SmartRouter = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/router/trie-router/node.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/router/trie-router/node.js
 var emptyParams = /* @__PURE__ */ Object.create(null);
 var hasChildren = (children) => {
 	for (const _ in children) return true;
@@ -8880,7 +8883,7 @@ var Node = class _Node {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/router/trie-router/router.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/router/trie-router/router.js
 var TrieRouter = class {
 	name = "TrieRouter";
 	#node;
@@ -8900,7 +8903,7 @@ var TrieRouter = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/hono.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/hono.js
 var Hono = class extends Hono$1 {
 	/**
 	* Creates an instance of the Hono class.
@@ -8941,7 +8944,7 @@ object({
 	client_secret: string().optional()
 });
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/utils/stream.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/utils/stream.js
 var StreamingApi = class {
 	writer;
 	encoder;
@@ -9014,7 +9017,7 @@ var StreamingApi = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/helper/streaming/sse.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/helper/streaming/sse.js
 var SSEStreamingApi = class extends StreamingApi {
 	constructor(writable, readable) {
 		super(writable, readable);
@@ -9038,7 +9041,7 @@ var SSEStreamingApi = class extends StreamingApi {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/@hono+mcp@0.3.0_@modelcontextprotocol+sdk@1.29.0_zod@4.4.3__hono-rate-limiter@0.5.3_hon_bab5e566be142c737b40f97c4dcddd20/node_modules/@hono/mcp/dist/index.js
+//#region ../../node_modules/.pnpm/@hono+mcp@0.3.0_@modelcontextprotocol+sdk@1.29.0_zod@4.4.3__hono-rate-limiter@0.5.3_hon_a02bf6202dadf168876634e2ff64c917/node_modules/@hono/mcp/dist/index.js
 let isOldBunVersion = () => {
 	const version = typeof Bun !== "undefined" ? Bun.version : void 0;
 	if (version === void 0) return false;
@@ -9479,7 +9482,7 @@ var StreamableHTTPTransport = class {
 	}
 };
 //#endregion
-//#region ../../node_modules/.pnpm/@hono+node-server@2.0.4_hono@4.12.25/node_modules/@hono/node-server/dist/index.mjs
+//#region ../../node_modules/.pnpm/@hono+node-server@2.0.5_hono@4.12.26/node_modules/@hono/node-server/dist/index.mjs
 var RequestError = class extends Error {
 	constructor(message, options) {
 		super(message, options);
@@ -9952,7 +9955,7 @@ const parseRedirectUrl = (url) => {
 	if (validRedirectUrl.test(url)) return url;
 	return new URL(url).href;
 };
-const validRedirectStatuses = new Set([
+const validRedirectStatuses = /* @__PURE__ */ new Set([
 	301,
 	302,
 	303,
@@ -10277,7 +10280,7 @@ const getRequestListener = (fetchCallback, options = {}) => {
 globalThis.CloseEvent;
 const CONNECTION_SYMBOL_KEY = Symbol("CONNECTION_SYMBOL_KEY");
 const WAIT_FOR_WEBSOCKET_SYMBOL = Symbol("WAIT_FOR_WEBSOCKET_SYMBOL");
-const responseHeadersToSkip = new Set([
+const responseHeadersToSkip = /* @__PURE__ */ new Set([
 	"connection",
 	"content-length",
 	"keep-alive",
@@ -10402,7 +10405,7 @@ const serve = (options, listeningListener) => {
 	return server;
 };
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/utils/color.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/utils/color.js
 function getColorEnabled() {
 	const { process, Deno } = globalThis;
 	return !(typeof Deno?.noColor === "boolean" ? Deno.noColor : process !== void 0 ? "NO_COLOR" in process?.env : false);
@@ -10419,7 +10422,7 @@ async function getColorEnabledAsync() {
 	})() : !getColorEnabled());
 }
 //#endregion
-//#region ../../node_modules/.pnpm/hono@4.12.25/node_modules/hono/dist/middleware/logger/index.js
+//#region ../../node_modules/.pnpm/hono@4.12.26/node_modules/hono/dist/middleware/logger/index.js
 var humanize = (times) => {
 	const [delimiter, separator] = [",", "."];
 	return times.map((v) => v.replace(/(\d)(?=(\d\d\d)+(?!\d))/g, "$1" + delimiter)).join(separator);
@@ -11010,7 +11013,7 @@ function nearestExistingParent(path) {
 }
 //#endregion
 //#region src/remote-control/dispatch.ts
-const ENGINE_COMMANDS = new Set([
+const ENGINE_COMMANDS = /* @__PURE__ */ new Set([
 	"inspect",
 	"check",
 	"tools",
@@ -11048,7 +11051,7 @@ async function dispatchRemoteCliRequest(request, context) {
 async function dispatch(request, context) {
 	assertObject(request, "remote control request");
 	assertObject(request.arguments, "remote control request arguments");
-	if (request.command === "list") return listCaplets(loadConfigWithSources(context.configPath, context.projectConfigPath), { includeDisabled: optionalBoolean(request.arguments, "includeDisabled") ?? false });
+	if (request.command === "list") return listCaplets(loadConfigWithSources(context.configPath, context.projectConfigPath, { vaultResolver: vaultBootstrapResolver }), { includeDisabled: optionalBoolean(request.arguments, "includeDisabled") ?? false });
 	if (ENGINE_COMMANDS.has(request.command)) {
 		const caplet = requiredString(request.arguments, "caplet");
 		const toolRequest = requiredEngineRequest(request.arguments, request.command);
@@ -11089,6 +11092,7 @@ async function dispatch(request, context) {
 		...optionalProp("configPath", context.configPath),
 		...optionalProp("authDir", context.authDir)
 	});
+	if (request.command.startsWith("vault_")) return dispatchVault(request, context);
 	if (request.command === "auth_logout") return logoutAuthResult(requiredString(request.arguments, "server"), {
 		...optionalProp("configPath", context.configPath),
 		...optionalProp("authDir", context.authDir)
@@ -11101,9 +11105,76 @@ async function dispatch(request, context) {
 	if (request.command === "auth_login_complete") return completeRemoteAuthLogin(requiredString(request.arguments, "flowId"), requiredString(request.arguments, "callbackUrl"), context);
 	throw new CapletsError("UNKNOWN_OPERATION", `Unsupported remote control command ${request.command}`);
 }
+function dispatchVault(request, context) {
+	const store = remoteVaultStore(context);
+	switch (request.command) {
+		case "vault_set": {
+			const name = requiredString(request.arguments, "name");
+			const value = requiredString(request.arguments, "value");
+			const grant = optionalString(request.arguments, "grant");
+			const grantInput = grant ? {
+				storedKey: validateVaultKeyName(name),
+				referenceName: validateVaultKeyName(optionalString(request.arguments, "referenceName") ?? name),
+				capletId: grant,
+				origin: remoteVaultAccessOrigin(grant, context)
+			} : void 0;
+			const existed = store.getStatus(name).present;
+			const previousValue = existed && grantInput ? store.resolveValue(name) : void 0;
+			const status = store.set(name, value, { force: optionalBoolean(request.arguments, "force") ?? false });
+			try {
+				if (grantInput) store.grantAccess(grantInput);
+			} catch (error) {
+				if (existed && previousValue !== void 0) store.set(name, previousValue, { force: true });
+				else store.delete(name);
+				throw error;
+			}
+			return {
+				remote: true,
+				...status
+			};
+		}
+		case "vault_list": return store.listValues();
+		case "vault_get": {
+			const name = requiredString(request.arguments, "name");
+			if (optionalBoolean(request.arguments, "reveal") ?? false) throw new CapletsError("REQUEST_INVALID", "Self-hosted remote Vault reveal is not supported through remote control.");
+			return store.getStatus(name);
+		}
+		case "vault_delete": return store.delete(requiredString(request.arguments, "name"));
+		case "vault_access_grant": {
+			const storedKey = requiredString(request.arguments, "name");
+			const capletId = requiredString(request.arguments, "capletId");
+			return store.grantAccess({
+				storedKey,
+				referenceName: optionalString(request.arguments, "referenceName") ?? storedKey,
+				capletId,
+				origin: remoteVaultAccessOrigin(capletId, context)
+			});
+		}
+		case "vault_access_revoke": return store.revokeAccess({
+			storedKey: requiredString(request.arguments, "name"),
+			capletId: requiredString(request.arguments, "capletId"),
+			...optionalProp("referenceName", optionalString(request.arguments, "referenceName"))
+		});
+		case "vault_access_list": return store.listAccess({
+			...optionalProp("storedKey", optionalString(request.arguments, "name")),
+			...optionalProp("capletId", optionalString(request.arguments, "capletId"))
+		});
+		default: throw new CapletsError("UNKNOWN_OPERATION", `Unsupported remote control command ${request.command}`);
+	}
+}
+function remoteVaultStore(context) {
+	return vaultStoreForAuthDir(context.authDir);
+}
+function remoteVaultAccessOrigin(capletId, context) {
+	const overlay = loadLocalOverlayConfigWithSources(context.configPath, context.projectConfigPath, { vaultResolver: vaultBootstrapResolver });
+	const origin = overlay.sources[capletId];
+	if (!origin) throw new CapletsError("SERVER_NOT_FOUND", `Caplet ${capletId} is not configured.`);
+	if (overlay.shadows[capletId]?.length) throw new CapletsError("REQUEST_INVALID", `Caplet ${capletId} is shadowed in multiple config sources; resolve the active config before granting Vault access.`);
+	return origin;
+}
 async function startRemoteAuthLogin(serverId, context) {
 	if (!context.authFlowStore || !context.controlCallbackBaseUrl) throw new CapletsError("REQUEST_INVALID", "Remote auth login is not available on this server");
-	const config = loadConfigWithSources(context.configPath, context.projectConfigPath).config;
+	const config = loadConfigWithSources(context.configPath, context.projectConfigPath, { vaultResolver: vaultResolverForAuthDir(context.authDir) }).config;
 	const target = await resolveAuthTarget$1(serverId, config, context.authDir);
 	assertLoginTarget(target, serverId);
 	const flowId = randomUUID();
@@ -11978,6 +12049,7 @@ function attachEventsResponse(engine, activeStreams) {
 async function serveHttp(options, engineOptions = {}, writeErr = (value) => process.stderr.write(value)) {
 	const resolvedEngineOptions = {
 		exposeLocalArtifactPaths: false,
+		vaultRecoveryTarget: "remote",
 		...engineOptions
 	};
 	const engine = new CapletsEngine(resolvedEngineOptions);
@@ -12190,6 +12262,8 @@ function formatHost$1(host) {
 //#endregion
 //#region src/daemon/validation.ts
 async function validateDaemonCommand(config, options = {}) {
+	const bindHost = await validateBindHost(config);
+	if (!bindHost.ok) return bindHost;
 	const { spawn } = await import("node:child_process");
 	const command = validationSpawnCommand(config);
 	const child = spawn(command.command, command.args, {
@@ -12230,6 +12304,7 @@ async function validateDaemonCommand(config, options = {}) {
 			if (processDone) break;
 			last = await Promise.race([probeDaemonHealth(config, {
 				...options.fetch ? { fetch: options.fetch } : {},
+				skipBindHostValidation: true,
 				timeoutMs: 750
 			}), processFailure]);
 			if (last.ok) return await Promise.race([processFailure, sleep$2(options.successSettleMs ?? 1e3).then(() => void 0)]) ?? last;
@@ -12249,7 +12324,35 @@ async function validateDaemonCommand(config, options = {}) {
 		}
 	}
 }
+async function validateBindHost(config) {
+	const { createServer } = await import("node:net");
+	const server = createServer();
+	try {
+		await new Promise((resolve, reject) => {
+			server.once("error", reject);
+			server.listen(0, config.serve.host, () => resolve());
+		});
+		return {
+			ok: true,
+			url: healthUrl(config)
+		};
+	} catch (error) {
+		return {
+			ok: false,
+			url: healthUrl(config),
+			error: `bind host validation failed: ${error instanceof Error ? error.message : String(error)}`
+		};
+	} finally {
+		if (server.listening) await new Promise((resolve, reject) => {
+			server.close((error) => error ? reject(error) : resolve());
+		});
+	}
+}
 async function probeDaemonHealth(config, options = {}) {
+	if (options.skipBindHostValidation !== true) {
+		const bindHost = await validateBindHost(config);
+		if (!bindHost.ok) return bindHost;
+	}
 	const fetchImpl = options.fetch ?? fetch;
 	const url = healthUrl(config, options.port);
 	try {
@@ -12441,7 +12544,7 @@ async function temporaryValidationConfig(config, options) {
 	};
 }
 async function validateInstallCommand(input) {
-	const useTemporaryPort = input.existingNativeRunning && (!input.existing || input.existing.serve.port === input.config.serve.port);
+	const useTemporaryPort = input.existingNativeRunning && runningDaemonMayOccupyRequestedAddress(input.existing, input.config);
 	const attempts = useTemporaryPort ? 3 : 1;
 	let last;
 	for (let attempt = 0; attempt < attempts; attempt += 1) {
@@ -12455,6 +12558,17 @@ async function validateInstallCommand(input) {
 		error: "daemon install validation did not run"
 	};
 }
+function runningDaemonMayOccupyRequestedAddress(existing, config) {
+	if (!existing) return true;
+	return existing.serve.port === config.serve.port && bindHostsMayOverlap(existing.serve.host, config.serve.host);
+}
+function bindHostsMayOverlap(left, right) {
+	return left === right || isWildcardBindHost(left) || isWildcardBindHost(right);
+}
+function isWildcardBindHost(host) {
+	const normalized = host.toLowerCase();
+	return normalized === "0.0.0.0" || normalized === "::" || normalized === "[::]";
+}
 async function waitForDaemonHealth(config, options) {
 	const deadline = Date.now() + (options.healthTimeoutMs ?? 1e4);
 	const intervalMs = options.healthIntervalMs ?? 200;
@@ -12815,6 +12929,7 @@ async function doctorJsonReport(options = {}) {
 		},
 		daemon: await resolveDaemonSection(env, options.daemon),
 		remoteLogin: remoteLogin.report,
+		vault: resolveVaultSection(env, root),
 		exposure: await resolveExposureSection(env),
 		codeMode: await resolveCodeModeSection(options, env)
 	};
@@ -12865,6 +12980,11 @@ async function formatDoctorReport(options = {}) {
 		...report.remoteLogin.workspaceSlug || report.remoteLogin.workspaceId ? [`  Selected Workspace: ${report.remoteLogin.workspaceSlug ?? report.remoteLogin.workspaceId}`] : [],
 		...report.remoteLogin.clientId ? [`  Client: ${report.remoteLogin.clientId}`] : [],
 		"",
+		"Vault",
+		`  OK: ${yesNo(Boolean(report.vault.ok))}`,
+		...!report.vault.ok && typeof report.vault.message === "string" ? [`  Error: ${report.vault.message}`] : [],
+		...Array.isArray(report.vault.issues) ? report.vault.issues.map((issue) => `  ${issue.capletId}: ${issue.reason} ${issue.key} (${issue.recoveryCommand})`) : [],
+		"",
 		"Exposure",
 		`  Default: ${report.exposure.default ?? "unknown"}`,
 		`  Discovery timeout: ${report.exposure.discoveryTimeoutMs ?? "unknown"}ms`,
@@ -12882,6 +13002,37 @@ async function formatDoctorReport(options = {}) {
 		...observedOutputShapePath(report.codeMode.observedOutputShapes) ? [`  Observed output shape cache: ${observedOutputShapePath(report.codeMode.observedOutputShapes)}`] : []
 	].join("\n")}\n`;
 }
+function resolveVaultSection(env, cwd = process.cwd()) {
+	const configPath = env.CAPLETS_CONFIG?.trim() ? env.CAPLETS_CONFIG.trim() : resolveConfigPath();
+	const projectConfigPath = env.CAPLETS_PROJECT_CONFIG?.trim() ? env.CAPLETS_PROJECT_CONFIG.trim() : resolveProjectConfigPath(cwd);
+	try {
+		const issues = loadLocalOverlayConfigWithSources(configPath, projectConfigPath).warnings.filter((warning) => warning.message.includes("Vault key")).map((warning) => vaultIssueFromWarning(warning.message, warning.path)).filter((issue) => issue !== void 0);
+		return {
+			ok: issues.length === 0,
+			issues
+		};
+	} catch (error) {
+		return {
+			ok: false,
+			issues: [],
+			message: error instanceof Error ? error.message : String(error)
+		};
+	}
+}
+function vaultIssueFromWarning(message, path) {
+	const match = message.match(/^Caplet ([^ ]+) references ([^ ]+) Vault key ([^ ]+) at ([^;]+); run `([^`]+)`/u);
+	if (!match) return void 0;
+	const recoveryCommand = match[5] ?? "";
+	return {
+		capletId: match[1],
+		reason: match[2],
+		key: match[3],
+		configPath: path,
+		referencePath: match[4],
+		target: recoveryCommand.includes("--remote") ? "remote" : "global",
+		recoveryCommand
+	};
+}
 async function resolveDaemonSection(env, options) {
 	try {
 		const status = await daemonStatus({
@@ -13216,6 +13367,42 @@ async function openBrowserUrl(url, options = {}) {
 	});
 }
 //#endregion
+//#region src/cli/vault.ts
+function formatVaultValueStatus(status, json = false) {
+	if (json) return `${JSON.stringify(status, null, 2)}\n`;
+	if (!status.present) return `Vault key ${status.key} is not set.\n`;
+	return [
+		`Vault key ${status.key} is set.`,
+		status.valueBytes === void 0 ? void 0 : `Value bytes: ${status.valueBytes}`,
+		status.updatedAt === void 0 ? void 0 : `Updated: ${status.updatedAt}`
+	].filter((line) => line !== void 0).join("\n").concat("\n");
+}
+function formatVaultValueList(statuses, json = false) {
+	if (json) return `${JSON.stringify(statuses, null, 2)}\n`;
+	if (statuses.length === 0) return "No Vault keys set.\n";
+	return `${statuses.map((status) => status.key).join("\n")}\n`;
+}
+function formatVaultDeleteStatus(status, json = false) {
+	if (json) return `${JSON.stringify(status, null, 2)}\n`;
+	return status.deleted ? `Deleted Vault key ${status.key}. ${status.grantsRetained} access grant${status.grantsRetained === 1 ? "" : "s"} retained.\n` : `No Vault key ${status.key} found.\n`;
+}
+function formatVaultAccessGrant(grant, json = false) {
+	if (json) return `${JSON.stringify(grant, null, 2)}\n`;
+	return `Granted Vault key ${grant.storedKey} to ${grant.capletId} as ${grant.referenceName}.\n`;
+}
+function formatVaultAccessList(grants, json = false) {
+	if (json) return `${JSON.stringify(grants, null, 2)}\n`;
+	if (grants.length === 0) return "No Vault access grants.\n";
+	return `${grants.map((grant) => {
+		const origin = grant.origin ? ` (${grant.origin.kind} ${grant.origin.path})` : "";
+		return `${grant.storedKey} -> ${grant.capletId}:${grant.referenceName}${origin}`;
+	}).join("\n")}\n`;
+}
+function formatVaultAccessRevoke(count, json = false) {
+	if (json) return `${JSON.stringify({ revoked: count }, null, 2)}\n`;
+	return `Revoked ${count} Vault access grant${count === 1 ? "" : "s"}.\n`;
+}
+//#endregion
 //#region src/setup/hash.ts
 function capletSetupContentHash(caplet) {
 	return createHash("sha256").update(stableJson(stableCapletForHash(caplet))).digest("hex");
@@ -14585,7 +14772,7 @@ var RemoteControlClient = class {
 		if (response.status === 401 || response.status === 403) throw new CapletsError("AUTH_FAILED", `Caplets remote authentication failed. Run caplets remote login ${safeBaseUrl(resolved.baseUrl)}.`);
 		if (!response.ok) throw new CapletsError("SERVER_UNAVAILABLE", `Caplets server at ${safeBaseUrl(resolved.baseUrl)} returned HTTP ${response.status}.`);
 		const payload = await parseRemoteCliResponse(response);
-		if (!payload.ok) throw new CapletsError(payload.error.code, redactRemoteMessage(payload.error.message), payload.error.nextAction === void 0 ? void 0 : { nextAction: payload.error.nextAction });
+		if (!payload.ok) throw new CapletsError(payload.error.code, redactRemoteMessage(payload.error.message, sensitiveValues(command, args)), payload.error.nextAction === void 0 ? void 0 : { nextAction: payload.error.nextAction });
 		return payload.result;
 	}
 };
@@ -14642,8 +14829,17 @@ function isRecord$1(value) {
 function isCapletsErrorCode(value) {
 	return CAPLETS_ERROR_CODES.includes(value);
 }
-function redactRemoteMessage(message) {
-	return String(redactSecrets$1(message)).replace(/\b(authorization\s*:\s*(?:basic|bearer)\s+)[^\s,;]+/giu, "$1[REDACTED]").replace(/\b((?:access_)?token=)[^\s,;]+/giu, "$1[REDACTED]").replace(/\b((?:token|secret|authorization|auth|api[-_]?key|password|credential|clientsecret|client_secret|code|refresh(?:_token)?)\s*[=:]\s*)[^\s,;]+/giu, "$1[REDACTED]");
+function redactRemoteMessage(message, values = []) {
+	let redacted = String(redactSecrets$1(message));
+	for (const value of values) {
+		if (value.length === 0) continue;
+		redacted = redacted.split(value).join("[REDACTED]");
+	}
+	return redacted.replace(/\b(authorization\s*:\s*(?:basic|bearer)\s+)[^\s,;]+/giu, "$1[REDACTED]").replace(/\b((?:access_)?token=)[^\s,;]+/giu, "$1[REDACTED]").replace(/\b((?:token|secret|authorization|auth|api[-_]?key|password|credential|clientsecret|client_secret|code|refresh(?:_token)?)\s*[=:]\s*)[^\s,;]+/giu, "$1[REDACTED]");
+}
+function sensitiveValues(command, args) {
+	if (command === "vault_set" && typeof args.value === "string") return [args.value];
+	return [];
 }
 //#endregion
 //#region src/serve/stdio.ts
@@ -15575,6 +15771,135 @@ function createProgram(io = {}) {
 			...io.daemon ? { daemon: io.daemon } : {}
 		}));
 	});
+	const vault = program.command(cliCommands$1.vault).description("Manage Caplets Vault values.");
+	vault.command("set").description("Set a local/global Vault value.").argument("<name>", "Vault key name").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--force", "overwrite an existing Vault value").option("--grant <capletId>", "grant this key to a configured Caplet after setting it").option("--as <referenceName>", "reference name the Caplet uses in config").option("--json", "print JSON output").action(async (name, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			const value = await readVaultValue(io);
+			assertVaultTransportValueSize(value);
+			const status = await remoteVaultSet(io, {
+				name,
+				value,
+				force: Boolean(options.force),
+				...options.grant ? { grant: options.grant } : {},
+				...options.as ?? options.grant ? { referenceName: options.as ?? name } : {}
+			});
+			if (options.json) {
+				writeOut(`${JSON.stringify(status, null, 2)}\n`);
+				return;
+			}
+			writeOut(`Set remote Vault key ${validateVaultKeyName(name)}.\n`);
+			if (options.grant) writeOut(`Granted remote Vault key ${validateVaultKeyName(name)} to ${options.grant} as ${validateVaultKeyName(options.as ?? name)}.\n`);
+			return;
+		}
+		const value = await readVaultValue(io);
+		const store = new FileVaultStore({ env });
+		const existed = store.getStatus(name).present;
+		const previousValue = existed && options.grant ? store.resolveValue(name) : void 0;
+		const status = store.set(name, value, { force: Boolean(options.force) });
+		try {
+			if (options.grant) {
+				const origin = resolveVaultAccessOrigin(options.grant, io);
+				store.grantAccess({
+					storedKey: name,
+					referenceName: options.as ?? name,
+					capletId: options.grant,
+					origin
+				});
+			}
+		} catch (error) {
+			if (existed && previousValue !== void 0) store.set(name, previousValue, { force: true });
+			else store.delete(name);
+			throw error;
+		}
+		if (options.json) {
+			writeOut(`${JSON.stringify(status, null, 2)}\n`);
+			return;
+		}
+		writeOut(`Set Vault key ${validateVaultKeyName(name)}.\n`);
+		if (options.grant) writeOut(`Granted Vault key ${validateVaultKeyName(name)} to ${options.grant} as ${validateVaultKeyName(options.as ?? name)}.\n`);
+	});
+	vault.command("get").description("Show local/global Vault metadata, or reveal with --show.").argument("<name>", "Vault key name").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--show", "reveal the raw Vault value").option("--json", "print JSON output").action(async (name, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			const result = await remoteVaultGet(io, {
+				name,
+				reveal: Boolean(options.show)
+			});
+			if (options.show) {
+				const value = result && typeof result === "object" && "value" in result ? String(result.value) : "";
+				writeOut(options.json ? `${JSON.stringify(result, null, 2)}\n` : `${value}\n`);
+				return;
+			}
+			writeOut(formatVaultValueStatus(result, Boolean(options.json)));
+			return;
+		}
+		const store = new FileVaultStore({ env });
+		if (options.show) {
+			const value = store.resolveValue(name);
+			writeOut(options.json ? `${JSON.stringify({
+				key: name,
+				value
+			}, null, 2)}\n` : `${value}\n`);
+			return;
+		}
+		writeOut(formatVaultValueStatus(store.getStatus(name), Boolean(options.json)));
+	});
+	vault.command("list").description("List local/global Vault keys without revealing values.").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--json", "print JSON output").action(async (options) => {
+		if (parseVaultTarget(options) === "remote") {
+			writeOut(formatVaultValueList(await remoteVaultList(io), Boolean(options.json)));
+			return;
+		}
+		writeOut(formatVaultValueList(new FileVaultStore({ env }).listValues(), Boolean(options.json)));
+	});
+	vault.command("delete").description("Delete a local/global Vault value without revealing it.").argument("<name>", "Vault key name").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--json", "print JSON output").action(async (name, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			writeOut(formatVaultDeleteStatus(await remoteVaultDelete(io, name), Boolean(options.json)));
+			return;
+		}
+		writeOut(formatVaultDeleteStatus(new FileVaultStore({ env }).delete(name), Boolean(options.json)));
+	});
+	const vaultAccess = vault.command("access").description("Manage Vault access grants.");
+	vaultAccess.command("grant").description("Grant a Vault key to a configured Caplet.").argument("<name>", "stored Vault key name").argument("<capletId>", "configured Caplet ID").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--as <referenceName>", "reference name the Caplet uses in config").option("--json", "print JSON output").action(async (name, capletId, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			writeOut(formatVaultAccessGrant(await remoteVaultAccessGrant(io, {
+				name,
+				capletId,
+				referenceName: options.as ?? name
+			}), Boolean(options.json)));
+			return;
+		}
+		const origin = resolveVaultAccessOrigin(capletId, io);
+		writeOut(formatVaultAccessGrant(new FileVaultStore({ env }).grantAccess({
+			storedKey: name,
+			referenceName: options.as ?? name,
+			capletId,
+			origin
+		}), Boolean(options.json)));
+	});
+	vaultAccess.command("list").description("List Vault access grants without revealing values.").argument("[name]", "optional stored Vault key name").argument("[capletId]", "optional configured Caplet ID").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--caplet <capletId>", "filter by configured Caplet ID").option("--json", "print JSON output").action(async (name, capletId, options) => {
+		if (options.caplet && capletId && options.caplet !== capletId) throw new CapletsError("REQUEST_INVALID", "Use either positional capletId or --caplet, not both.");
+		const capletFilter = options.caplet ?? capletId;
+		if (parseVaultTarget(options) === "remote") {
+			writeOut(formatVaultAccessList(await remoteVaultAccessList(io, {
+				...name ? { name } : {},
+				...capletFilter ? { capletId: capletFilter } : {}
+			}), Boolean(options.json)));
+			return;
+		}
+		writeOut(formatVaultAccessList(new FileVaultStore({ env }).listAccess(vaultAccessFilter(name, capletFilter)), Boolean(options.json)));
+	});
+	vaultAccess.command("revoke").description("Revoke Vault access grants.").argument("<name>", "stored Vault key name").argument("<capletId>", "configured Caplet ID").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--as <referenceName>", "reference name the Caplet uses in config").option("--json", "print JSON output").action(async (name, capletId, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			const revoked = await remoteVaultAccessRevoke(io, {
+				name,
+				capletId,
+				...options.as ? { referenceName: options.as } : {}
+			});
+			writeOut(formatVaultAccessRevoke(Array.isArray(revoked) ? revoked.length : 0, Boolean(options.json)));
+			return;
+		}
+		const filter = vaultAccessFilter(name, capletId, options.as);
+		writeOut(formatVaultAccessRevoke(new FileVaultStore({ env }).revokeAccess(filter).length, Boolean(options.json)));
+	});
 	program.command(cliCommands$1.list).description("List configured Caplets.").option("--all", "include disabled Caplets").option("--json", "print JSON output").option("--format <format>", "output format: plain, markdown, md, or json", parseOutputFormat).action(async (options) => {
 		const includeDisabled = Boolean(options.all);
 		const remote = remoteClientForCli(io);
@@ -15590,7 +15915,7 @@ function createProgram(io = {}) {
 			writeOut(formatCapletList(rows, options.format ?? "plain"));
 			return;
 		}
-		const rows = listCaplets(loadConfigWithSources(currentConfigPath(), envProjectConfigPath(env)), { includeDisabled });
+		const rows = listCaplets(loadConfigWithSources(currentConfigPath(), envProjectConfigPath(env), { vaultResolver: vaultBootstrapResolver }), { includeDisabled });
 		if (options.json || options.format === "json") {
 			writeOut(`${JSON.stringify(rows, null, 2)}\n`);
 			return;
@@ -15940,6 +16265,7 @@ function createProgram(io = {}) {
 			...projectConfigPath ? { projectConfigPath } : {},
 			config: localAuthConfigForTarget({
 				serverId,
+				...io.authDir ? { authDir: io.authDir } : {},
 				...configPath ? { configPath } : {},
 				...projectConfigPath ? { projectConfigPath } : {},
 				source: target
@@ -15960,6 +16286,7 @@ function createProgram(io = {}) {
 			...configPath ? { configPath } : {},
 			config: localAuthConfigForTarget({
 				serverId,
+				...io.authDir ? { authDir: io.authDir } : {},
 				...configPath ? { configPath } : {},
 				...projectConfigPath ? { projectConfigPath } : {},
 				source: target
@@ -15981,6 +16308,7 @@ function createProgram(io = {}) {
 			...configPath ? { configPath } : {},
 			config: localAuthConfigForTarget({
 				serverId,
+				...io.authDir ? { authDir: io.authDir } : {},
 				...configPath ? { configPath } : {},
 				...projectConfigPath ? { projectConfigPath } : {},
 				source: target
@@ -16075,6 +16403,136 @@ function parseMutationTarget(options) {
 	if (options.remote) return "remote";
 	return "project";
 }
+function parseVaultTarget(options) {
+	const selected = [options.global ? "--global" : void 0, options.remote ? "--remote" : void 0].filter((value) => value !== void 0);
+	if (selected.length > 1) throw new CapletsError("REQUEST_INVALID", `Cannot combine Vault target flags: ${selected.join(", ")}`);
+	if (options.remote) return "remote";
+	return "global";
+}
+async function resolveVaultRemoteTarget(io) {
+	const env = io.env ?? process.env;
+	const mode = resolveRemoteMode({}, env).mode;
+	if (mode === "remote") return {
+		kind: "self_hosted",
+		client: requireRemoteClientForTarget(io)
+	};
+	if (mode !== "cloud") throw new CapletsError("REQUEST_INVALID", "--remote requires CAPLETS_MODE=remote or CAPLETS_MODE=cloud and CAPLETS_REMOTE_URL");
+	const selection = await resolveRemoteSelection({
+		mode: "cloud",
+		...io.authDir ? { authDir: io.authDir } : {},
+		...io.fetch ? { fetch: io.fetch } : {}
+	}, env);
+	if (selection.kind !== "hosted_cloud") throw new CapletsError("REQUEST_INVALID", "--remote Vault target did not resolve to Cloud.");
+	return {
+		kind: "cloud",
+		workspace: selection.selectedWorkspace,
+		client: new CapletsCloudClient({
+			baseUrl: selection.remote.baseUrl,
+			accessToken: selection.credentials.accessToken,
+			...selection.remote.fetch ? { fetch: selection.remote.fetch } : {}
+		})
+	};
+}
+async function remoteVaultSet(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_set", input);
+	return await target.client.setVaultValue({
+		workspace: target.workspace,
+		...input
+	});
+}
+async function remoteVaultGet(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_get", {
+		name: input.name,
+		reveal: input.reveal
+	});
+	return await target.client.getVaultValue({
+		workspace: target.workspace,
+		name: input.name,
+		reveal: input.reveal
+	});
+}
+async function remoteVaultList(io) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_list", {});
+	return await target.client.listVaultValues({ workspace: target.workspace });
+}
+async function remoteVaultDelete(io, name) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_delete", { name });
+	return await target.client.deleteVaultValue({
+		workspace: target.workspace,
+		name
+	});
+}
+async function remoteVaultAccessGrant(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_access_grant", input);
+	return await target.client.grantVaultAccess({
+		workspace: target.workspace,
+		...input
+	});
+}
+async function remoteVaultAccessList(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_access_list", input);
+	return await target.client.listVaultAccess({
+		workspace: target.workspace,
+		...input
+	});
+}
+async function remoteVaultAccessRevoke(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_access_revoke", input);
+	return await target.client.revokeVaultAccess({
+		workspace: target.workspace,
+		...input
+	});
+}
+async function readVaultValue(io) {
+	let value;
+	if (io.readStdin) value = stripOneTrailingNewline(await io.readStdin());
+	else if (!process.stdin.isTTY && !io.writeOut && !io.writeErr) value = stripOneTrailingNewline(await readAllStdin());
+	else if (io.writeOut || io.writeErr || !process.stdin.isTTY || !process.stdout.isTTY) throw new CapletsError("REQUEST_INVALID", "Vault value input is required. Run interactively or provide stdin.");
+	else {
+		const output = new HiddenPromptOutput(process.stdout);
+		const readline = createInterface({
+			input: process.stdin,
+			output,
+			terminal: true
+		});
+		try {
+			value = await readline.question("Vault value: ");
+		} finally {
+			readline.close();
+			process.stdout.write("\n");
+		}
+	}
+	if (value.length === 0) throw new CapletsError("REQUEST_INVALID", "Vault value input is required.");
+	return value;
+}
+function stripOneTrailingNewline(value) {
+	return value.replace(/\r?\n$/u, "");
+}
+function assertVaultTransportValueSize(value) {
+	if (Buffer$1.byteLength(value, "utf8") > 65536) throw new CapletsError("REQUEST_INVALID", `Vault values must be ${VAULT_MAX_VALUE_BYTES} bytes or smaller.`);
+}
+function resolveVaultAccessOrigin(capletId, io) {
+	const env = io.env ?? process.env;
+	const config = loadConfigWithSources(envConfigPath(env), envProjectConfigPath(env), { vaultResolver: vaultBootstrapResolver });
+	if (config.shadows[capletId]?.length) throw new CapletsError("REQUEST_INVALID", `Caplet ${capletId} is shadowed in multiple config sources; resolve the active config before granting Vault access.`);
+	const origin = config.sources[capletId];
+	if (!origin) throw new CapletsError("SERVER_NOT_FOUND", `Caplet ${capletId} is not configured.`);
+	return origin;
+}
+function vaultAccessFilter(storedKey, capletId, referenceName) {
+	return {
+		...storedKey ? { storedKey: validateVaultKeyName(storedKey) } : {},
+		...capletId ? { capletId } : {},
+		...referenceName ? { referenceName: validateVaultKeyName(referenceName) } : {}
+	};
+}
 function localMutationTargetLabel(target, io) {
 	return remoteClientForCli(io) ? `${target} ` : "";
 }
@@ -16214,12 +16672,12 @@ function localShadowedCompletionTarget(words, config) {
 	const command = words[0];
 	const target = words[1];
 	if (!command || !target || target.startsWith("-")) return;
-	const qualifiedCommands = new Set([
+	const qualifiedCommands = /* @__PURE__ */ new Set([
 		cliCommands$1.getTool,
 		cliCommands$1.callTool,
 		cliCommands$1.getPrompt
 	]);
-	const capletCommands = new Set([
+	const capletCommands = /* @__PURE__ */ new Set([
 		cliCommands$1.inspect,
 		cliCommands$1.checkBackend,
 		cliCommands$1.listTools,
@@ -16345,7 +16803,8 @@ function mergePartialLocalOverlays(globalOverlay, projectOverlay) {
 		config,
 		sources,
 		shadows,
-		warnings: [...globalOverlay.warnings, ...projectOverlay.warnings]
+		warnings: [...globalOverlay.warnings, ...projectOverlay.warnings],
+		sourceFound: globalOverlay.sourceFound || projectOverlay.sourceFound
 	};
 }
 const capletConfigKinds = [
@@ -17214,12 +17673,12 @@ function trimTrailingSlash(pathname) {
 }
 //#endregion
 //#region src/project-binding/mutagen.ts
-const readyStatuses = new Set([
+const readyStatuses = /* @__PURE__ */ new Set([
 	"watching",
 	"ready",
 	"ok"
 ]);
-const syncingStatuses = new Set([
+const syncingStatuses = /* @__PURE__ */ new Set([
 	"connecting",
 	"halted on root",
 	"reconciling",