npm - @caplets/core - Versions diffs - 0.25.1 → 0.26.1 - Mend

@caplets/core 0.25.1 → 0.26.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/dist/caplet-source.js +12 -12
package/dist/cli/auth.d.ts +1 -0
package/dist/cli/commands.d.ts +6 -1
package/dist/cli/doctor.d.ts +1 -0
package/dist/cli/vault.d.ts +7 -0
package/dist/cli.d.ts +5 -0
package/dist/cloud/client.d.ts +59 -0
package/dist/{completion-De4t5MtT.js → completion-CFOJucl5.js} +24 -8
package/dist/config-runtime.js +1 -1
package/dist/config.d.ts +39 -6
package/dist/daemon/host-path.d.ts +8 -0
package/dist/engine.d.ts +6 -2
package/dist/errors.d.ts +1 -1
package/dist/index.js +1239 -174
package/dist/native.js +1 -1
package/dist/project-binding/errors.d.ts +1 -1
package/dist/remote/profile-store.d.ts +2 -0
package/dist/remote/profiles.d.ts +2 -0
package/dist/remote/server-credential-store.d.ts +100 -1
package/dist/remote/server-credentials.d.ts +18 -0
package/dist/remote-control/types.d.ts +1 -1
package/dist/serve/http.d.ts +5 -0
package/dist/{service-Ut6dN9M8.js → service-aBIn4nrw.js} +809 -85
package/dist/{validation-C4tYXw6G.js → validation-GD2x5HW1.js} +1 -0
package/dist/vault/access.d.ts +5 -0
package/dist/vault/crypto.d.ts +19 -0
package/dist/vault/index.d.ts +40 -0
package/dist/vault/keys.d.ts +15 -0
package/dist/vault/store.d.ts +4 -0
package/dist/vault/types.d.ts +68 -0
package/package.json +1 -1

package/dist/caplet-source.js CHANGED Viewed

@@ -10243,7 +10243,7 @@ const capletMcpServerSchema = object({
 		path: ["url"],
 		message: "remote servers require url"
 	});
-	if (server.url && !hasEnvReference$2(server.url) && !isAllowedRemoteUrl(server.url)) ctx.addIssue({
+	if (server.url && !hasInterpolationReference(server.url) && !isAllowedRemoteUrl(server.url)) ctx.addIssue({
 		code: "custom",
 		path: ["url"],
 		message: "remote url must use https except loopback development urls"
@@ -10256,7 +10256,7 @@ const capletMcpServerSchema = object({
 		"redirectUri"
 	]) {
 		const value = server.auth[field];
-		if (value && !hasEnvReference$2(value) && !isUrl(value)) ctx.addIssue({
+		if (value && !hasInterpolationReference(value) && !isUrl(value)) ctx.addIssue({
 			code: "custom",
 			path: ["auth", field],
 			message: `${field} must be a URL or environment reference`
@@ -10290,12 +10290,12 @@ const capletOpenApiEndpointSchema = object({
 		code: "custom",
 		message: "openapiEndpoint must define exactly one spec source: specPath or specUrl"
 	});
-	if (endpoint.specUrl && !hasEnvReference$2(endpoint.specUrl) && !isAllowedRemoteUrl(endpoint.specUrl)) ctx.addIssue({
+	if (endpoint.specUrl && !hasInterpolationReference(endpoint.specUrl) && !isAllowedRemoteUrl(endpoint.specUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["specUrl"],
 		message: "OpenAPI specUrl must use https except loopback development urls"
 	});
-	if (endpoint.baseUrl && !hasEnvReference$2(endpoint.baseUrl) && !isAllowedRemoteUrl(endpoint.baseUrl)) ctx.addIssue({
+	if (endpoint.baseUrl && !hasInterpolationReference(endpoint.baseUrl) && !isAllowedRemoteUrl(endpoint.baseUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["baseUrl"],
 		message: "OpenAPI baseUrl must use https except loopback development urls"
@@ -10320,12 +10320,12 @@ const capletGoogleDiscoveryApiSchema = object({
 		code: "custom",
 		message: "googleDiscoveryApi must define exactly one discovery source: discoveryPath or discoveryUrl"
 	});
-	if (api.discoveryUrl && !hasEnvReference$2(api.discoveryUrl) && !isAllowedRemoteUrl(api.discoveryUrl)) ctx.addIssue({
+	if (api.discoveryUrl && !hasInterpolationReference(api.discoveryUrl) && !isAllowedRemoteUrl(api.discoveryUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["discoveryUrl"],
 		message: "Google Discovery discoveryUrl must use https except loopback development urls"
 	});
-	if (api.baseUrl && !hasEnvReference$2(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) ctx.addIssue({
+	if (api.baseUrl && !hasInterpolationReference(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["baseUrl"],
 		message: "Google Discovery baseUrl must use https except loopback development urls and must not include credentials, query, or fragment"
@@ -10362,12 +10362,12 @@ const capletGraphQlEndpointSchema = object({
 		code: "custom",
 		message: "graphqlEndpoint must define exactly one schema source: schemaPath, schemaUrl, or introspection"
 	});
-	if (endpoint.endpointUrl && !hasEnvReference$2(endpoint.endpointUrl) && !isAllowedRemoteUrl(endpoint.endpointUrl)) ctx.addIssue({
+	if (endpoint.endpointUrl && !hasInterpolationReference(endpoint.endpointUrl) && !isAllowedRemoteUrl(endpoint.endpointUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["endpointUrl"],
 		message: "GraphQL endpointUrl must use https except loopback development urls"
 	});
-	if (endpoint.schemaUrl && !hasEnvReference$2(endpoint.schemaUrl) && !isAllowedRemoteUrl(endpoint.schemaUrl)) ctx.addIssue({
+	if (endpoint.schemaUrl && !hasInterpolationReference(endpoint.schemaUrl) && !isAllowedRemoteUrl(endpoint.schemaUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["schemaUrl"],
 		message: "GraphQL schemaUrl must use https except loopback development urls"
@@ -10411,7 +10411,7 @@ const capletHttpApiSchema = object({
 	projectBinding: capletProjectBindingSchema.optional(),
 	runtime: capletRuntimeRequirementsSchema.optional()
 }).strict().superRefine((api, ctx) => {
-	if (api.baseUrl && !hasEnvReference$2(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) ctx.addIssue({
+	if (api.baseUrl && !hasInterpolationReference(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["baseUrl"],
 		message: "HTTP API baseUrl must use https except loopback development urls and must not include credentials, query, or fragment"
@@ -10716,7 +10716,7 @@ function normalizeGraphQlOperations(operations, baseDir, normalizePath) {
 	}]));
 }
 function normalizeBundleLocalPath(value, baseDir) {
-	if (!value || isMapAbsolutePath(value) || hasEnvReference$2(value)) return value;
+	if (!value || isMapAbsolutePath(value) || hasInterpolationReference(value)) return value;
 	const parts = [...baseDir ? baseDir.split("/") : [], ...value.split("/")];
 	const normalized = [];
 	for (const part of parts) {
@@ -10796,8 +10796,8 @@ function validateCapletId(id, path) {
 function errorMessage$1(error) {
 	return error instanceof Error ? error.message : String(error);
 }
-function hasEnvReference$2(value) {
-	return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*/.test(value);
+function hasInterpolationReference(value) {
+	return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*|\$\{vault:[^}]+\}|\$vault:[A-Za-z0-9_-]+/.test(value);
 }
 //#endregion
 //#region src/config-runtime.ts

package/dist/cli/auth.d.ts CHANGED Viewed

@@ -70,6 +70,7 @@ export declare function localAuthTargets(options: {
 })[];
 export declare function localAuthConfigForTarget(options: {
     serverId: string;
+    authDir?: string | undefined;
     configPath?: string;
     projectConfigPath?: string;
     source: Exclude<AuthSource, "remote">;

package/dist/cli/commands.d.ts CHANGED Viewed

@@ -31,8 +31,9 @@ export declare const cliCommands: {
     readonly complete: "complete";
     readonly config: "config";
     readonly auth: "auth";
+    readonly vault: "vault";
 };
-export declare const topLevelCommandNames: readonly ["serve", "daemon", "code-mode", "attach", "remote", "cloud", "init", "setup", "doctor", "list", "install", "add", "inspect", "check-backend", "list-tools", "search-tools", "get-tool", "call-tool", "list-resources", "search-resources", "list-resource-templates", "read-resource", "list-prompts", "search-prompts", "get-prompt", "complete", "config", "auth", "completion"];
+export declare const topLevelCommandNames: readonly ["serve", "daemon", "code-mode", "attach", "remote", "cloud", "init", "setup", "doctor", "list", "install", "add", "inspect", "check-backend", "list-tools", "search-tools", "get-tool", "call-tool", "list-resources", "search-resources", "list-resource-templates", "read-resource", "list-prompts", "search-prompts", "get-prompt", "complete", "config", "auth", "vault", "completion"];
 export declare const cliSubcommands: {
     readonly add: readonly ["cli", "mcp", "openapi", "google-discovery", "graphql", "http"];
     readonly auth: readonly ["login", "logout", "list", "refresh"];
@@ -43,11 +44,15 @@ export declare const cliSubcommands: {
     readonly config: readonly ["path", "paths"];
     readonly daemon: readonly ["install", "uninstall", "start", "restart", "stop", "status", "logs"];
     readonly setup: readonly ["codex", "claude-code", "opencode", "pi", "mcp-client"];
+    readonly vault: readonly ["set", "get", "list", "delete", "access"];
 };
 export declare const cliNestedSubcommands: {
     readonly remote: {
         readonly host: readonly ["pair", "clients", "revoke"];
     };
+    readonly vault: {
+        readonly access: readonly ["grant", "list", "revoke"];
+    };
 };
 export declare const capletIdCommands: Set<string>;
 export declare const qualifiedToolCommands: Set<string>;

package/dist/cli/doctor.d.ts CHANGED Viewed

@@ -17,6 +17,7 @@ export type DoctorJsonReport = {
     sync: Record<string, unknown>;
     daemon: Record<string, unknown>;
     remoteLogin: Record<string, unknown>;
+    vault: Record<string, unknown>;
     exposure: Record<string, unknown>;
     codeMode: Record<string, unknown>;
 };

package/dist/cli/vault.d.ts ADDED Viewed

@@ -0,0 +1,7 @@
+import type { VaultAccessGrant, VaultDeleteStatus, VaultValueStatus } from "../vault";
+export declare function formatVaultValueStatus(status: VaultValueStatus, json?: boolean): string;
+export declare function formatVaultValueList(statuses: VaultValueStatus[], json?: boolean): string;
+export declare function formatVaultDeleteStatus(status: VaultDeleteStatus, json?: boolean): string;
+export declare function formatVaultAccessGrant(grant: VaultAccessGrant, json?: boolean): string;
+export declare function formatVaultAccessList(grants: VaultAccessGrant[], json?: boolean): string;
+export declare function formatVaultAccessRevoke(count: number, json?: boolean): string;

package/dist/cli.d.ts CHANGED Viewed

@@ -24,4 +24,9 @@ type CliIO = {
     readStdin?: () => Promise<string>;
 };
 export declare function runCli(args: string[], io?: CliIO): Promise<void>;
+export declare const readHiddenInputForTest: typeof readHiddenInput;
+declare function readHiddenInput(label: string, options?: {
+    input?: NodeJS.ReadableStream;
+    output?: Pick<NodeJS.WriteStream, "write">;
+}): Promise<string>;
 export declare function createProgram(io?: CliIO): Command;

package/dist/cloud/client.d.ts CHANGED Viewed

@@ -17,6 +17,49 @@ export type RegisterPresenceResult = {
     expiresAt: string;
 };
 export type HeartbeatPresenceResult = RegisterPresenceResult;
+export type CloudVaultValueStatus = {
+    key: string;
+    present: boolean;
+    valueBytes?: number | undefined;
+    createdAt?: string | undefined;
+    updatedAt?: string | undefined;
+};
+export type CloudVaultAccessGrant = {
+    storedKey: string;
+    referenceName: string;
+    capletId: string;
+    origin?: {
+        kind: string;
+        path: string;
+    } | undefined;
+    createdAt?: string | undefined;
+    updatedAt?: string | undefined;
+};
+export type CloudVaultSetInput = {
+    workspace: string;
+    name: string;
+    value: string;
+    force?: boolean | undefined;
+    grant?: string | undefined;
+    referenceName?: string | undefined;
+};
+export type CloudVaultNameInput = {
+    workspace: string;
+    name: string;
+};
+export type CloudVaultGetInput = CloudVaultNameInput & {
+    reveal?: boolean | undefined;
+    revealContext?: "human-cli" | undefined;
+};
+export type CloudVaultAccessGrantInput = CloudVaultNameInput & {
+    capletId: string;
+    referenceName?: string | undefined;
+};
+export type CloudVaultAccessListInput = {
+    workspace: string;
+    name?: string | undefined;
+    capletId?: string | undefined;
+};
 export declare class CapletsCloudClient {
     private readonly options;
     private readonly fetchImpl;
@@ -25,6 +68,22 @@ export declare class CapletsCloudClient {
     stopPresence(presenceId: string): Promise<void>;
     heartbeatPresence(presenceId: string): Promise<HeartbeatPresenceResult>;
     updatePresenceCaplets(presenceId: string, allowedCapletIds: string[]): Promise<void>;
+    setVaultValue(input: CloudVaultSetInput): Promise<CloudVaultValueStatus>;
+    getVaultValue(input: CloudVaultGetInput): Promise<CloudVaultValueStatus | {
+        key: string;
+        value: string;
+    }>;
+    listVaultValues(input: {
+        workspace: string;
+    }): Promise<CloudVaultValueStatus[]>;
+    deleteVaultValue(input: CloudVaultNameInput): Promise<{
+        key: string;
+        deleted: boolean;
+        grantsRetained?: number | undefined;
+    }>;
+    grantVaultAccess(input: CloudVaultAccessGrantInput): Promise<CloudVaultAccessGrant>;
+    listVaultAccess(input: CloudVaultAccessListInput): Promise<CloudVaultAccessGrant[]>;
+    revokeVaultAccess(input: CloudVaultAccessGrantInput): Promise<CloudVaultAccessGrant[]>;
     private headers;
     private endpoint;
 }

package/dist/{completion-De4t5MtT.js → completion-CFOJucl5.js} RENAMED Viewed

@@ -1,5 +1,5 @@
-import { Dt as DEFAULT_AUTH_DIR, Ft as resolveConfigPath, Lt as resolveProjectConfigPath, Nn as __exportAll, Ot as DEFAULT_COMPLETION_CACHE_DIR, Pt as resolveCapletsRoot, ct as loadConfigWithSources } from "./service-Ut6dN9M8.js";
-import { u as CapletsError } from "./validation-C4tYXw6G.js";
+import { Hn as __exportAll, It as DEFAULT_AUTH_DIR, Kt as resolveProjectConfigPath, Lt as DEFAULT_COMPLETION_CACHE_DIR, Ut as resolveCapletsRoot, Wt as resolveConfigPath, lt as loadConfigWithSources } from "./service-aBIn4nrw.js";
+import { u as CapletsError } from "./validation-GD2x5HW1.js";
 import { mkdirSync, readFileSync, renameSync, writeFileSync } from "node:fs";
 import { dirname, join } from "node:path";
 import { createHash } from "node:crypto";
@@ -41,7 +41,8 @@ const cliCommands = {
 	getPrompt: "get-prompt",
 	complete: "complete",
 	config: "config",
-	auth: "auth"
+	auth: "auth",
+	vault: "vault"
 };
 const topLevelCommandNames = [
 	cliCommands.serve,
@@ -72,6 +73,7 @@ const topLevelCommandNames = [
 	cliCommands.complete,
 	cliCommands.config,
 	cliCommands.auth,
+	cliCommands.vault,
 	cliCommands.completion
 ];
 const cliSubcommands = {
@@ -114,13 +116,27 @@ const cliSubcommands = {
 		"opencode",
 		"pi",
 		"mcp-client"
+	],
+	[cliCommands.vault]: [
+		"set",
+		"get",
+		"list",
+		"delete",
+		"access"
 	]
 };
-const cliNestedSubcommands = { [cliCommands.remote]: { host: [
-	"pair",
-	"clients",
-	"revoke"
-] } };
+const cliNestedSubcommands = {
+	[cliCommands.remote]: { host: [
+		"pair",
+		"clients",
+		"revoke"
+	] },
+	[cliCommands.vault]: { access: [
+		"grant",
+		"list",
+		"revoke"
+	] }
+};
 const capletIdCommands = /* @__PURE__ */ new Set([
 	cliCommands.inspect,
 	cliCommands.checkBackend,

package/dist/config-runtime.js CHANGED Viewed

@@ -1,5 +1,5 @@
 import { _ as record, b as unknown, d as literal, l as discriminatedUnion, m as object, o as array, p as number, r as _enum, s as boolean, v as string, y as union } from "./schemas-BoqMu4MG.js";
-import { a as isAllowedHttpBaseUrl, c as validateHttpActionHeaders, i as SERVER_ID_PATTERN, n as HEADER_NAME_PATTERN, o as isAllowedRemoteUrl, r as HTTP_BASE_URL_PATTERN, s as isUrl, t as FORBIDDEN_HEADERS, u as CapletsError } from "./validation-C4tYXw6G.js";
+import { a as isAllowedHttpBaseUrl, c as validateHttpActionHeaders, i as SERVER_ID_PATTERN, n as HEADER_NAME_PATTERN, o as isAllowedRemoteUrl, r as HTTP_BASE_URL_PATTERN, s as isUrl, t as FORBIDDEN_HEADERS, u as CapletsError } from "./validation-GD2x5HW1.js";
 //#region src/config-runtime.ts
 const stringMapSchema = record(string(), string());
 const authSchema = discriminatedUnion("type", [

package/dist/config.d.ts CHANGED Viewed

@@ -1,4 +1,5 @@
 import { z } from "zod";
+import { FileVaultStore, type VaultConfigOrigin } from "./vault";
 export { DEFAULT_AUTH_DIR, DEFAULT_COMPLETION_CACHE_DIR, DEFAULT_CONFIG_PATH, PROJECT_CONFIG_FILE, defaultCacheBaseDir, defaultCompletionCacheDir, resolveCapletsRoot, resolveConfigPath, resolveProjectCapletsRoot, resolveProjectConfigPath, } from "./config/paths";
 export type RemoteAuthConfig = {
     type: "none";
@@ -303,6 +304,29 @@ export type LocalOverlayConfigWarning = {
 };
 export type LocalOverlayConfigWithSources = ConfigWithSources & {
     warnings: LocalOverlayConfigWarning[];
+    sourceFound: boolean;
+};
+export type ConfigVaultReference = {
+    referenceName: string;
+    capletId: string;
+    origin: VaultConfigOrigin;
+    path: string;
+};
+export type ConfigVaultResolution = {
+    storedKey: string;
+    value: string;
+} | {
+    reason: "missing" | "ungranted" | "unavailable" | "invalid-key-source";
+    storedKey?: string | undefined;
+    referenceName: string;
+    capletId: string;
+    origin: VaultConfigOrigin;
+};
+export type ConfigVaultResolver = (reference: ConfigVaultReference) => ConfigVaultResolution;
+export type ConfigParseOptions = {
+    sources?: Record<string, ConfigSource> | undefined;
+    vaultResolver?: ConfigVaultResolver | undefined;
+    vaultRecoveryTarget?: "global" | "remote" | undefined;
 };
 export declare const configFileSchema: z.ZodObject<{
     $schema: z.ZodOptional<z.ZodString>;
@@ -335,16 +359,25 @@ export declare const configFileSchema: z.ZodObject<{
     capletSets: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodType<unknown, unknown, z.core.$ZodTypeInternals<unknown, unknown>>>>;
 }, z.core.$strict>;
 export declare function configJsonSchema(): unknown;
-export declare function loadConfig(path?: string, projectPath?: string): CapletsConfig;
-export declare function loadConfigWithSources(path?: string, projectPath?: string): ConfigWithSources;
-export declare function loadGlobalConfig(path?: string): CapletsConfig;
-export declare function loadProjectConfig(projectPath?: string): CapletsConfig;
-export declare function loadLocalOverlayConfigWithSources(path?: string, projectPath?: string): LocalOverlayConfigWithSources;
+export declare function loadConfig(path?: string, projectPath?: string, options?: Pick<ConfigParseOptions, "vaultResolver">): CapletsConfig;
+export declare function loadConfigWithSources(path?: string, projectPath?: string, options?: Pick<ConfigParseOptions, "vaultResolver">): ConfigWithSources;
+export declare function loadGlobalConfig(path?: string, options?: Pick<ConfigParseOptions, "vaultResolver">): CapletsConfig;
+export declare function loadProjectConfig(projectPath?: string, options?: Pick<ConfigParseOptions, "vaultResolver">): CapletsConfig;
+export declare function loadLocalOverlayConfigWithSources(path?: string, projectPath?: string, options?: Pick<ConfigParseOptions, "vaultResolver" | "vaultRecoveryTarget">): LocalOverlayConfigWithSources;
+export declare function loadLocalRuntimeConfig(path?: string, projectPath?: string, options?: Pick<ConfigParseOptions, "vaultResolver" | "vaultRecoveryTarget"> & {
+    writeWarning?: ((warning: LocalOverlayConfigWarning) => void) | undefined;
+}): CapletsConfig;
+export declare function defaultVaultResolver(store?: FileVaultStore): ConfigVaultResolver;
+export declare function vaultStoreForAuthDir(authDir: string | undefined): FileVaultStore;
+export declare function vaultResolverForAuthDir(authDir: string | undefined): ConfigVaultResolver;
+export declare const vaultBootstrapResolver: ConfigVaultResolver;
 export declare function loadIsolatedConfig(options: {
     configPath?: string;
     capletsRoot?: string;
     defaultSearchLimit: number;
     maxSearchLimit: number;
+    vaultResolver?: ConfigVaultResolver | undefined;
+    vaultRecoveryTarget?: ConfigParseOptions["vaultRecoveryTarget"];
 }): CapletsConfig;
-export declare function parseConfig(input: unknown): CapletsConfig;
+export declare function parseConfig(input: unknown, options?: ConfigParseOptions): CapletsConfig;
 export declare function interpolateEnv(value: string): string;

package/dist/daemon/host-path.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Node's POSIX filesystem APIs do not treat backslashes as path separators. Tests
+ * sometimes emulate Windows daemon operations with POSIX temp directories, which
+ * `node:path.win32` renders as drive-less absolute paths such as
+ * `\tmp\caplets-...`. On POSIX hosts those strings would otherwise be created as
+ * single backslash-named entries in the current working directory.
+ */
+export declare function daemonHostPath(path: string): string;

package/dist/engine.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-import { type CapletConfig, type CapletsConfig } from "./config";
+import { type CapletConfig, type CapletsConfig, type LocalOverlayConfigWarning } from "./config";
 import { type ObservedOutputShapeKey, type ObservedOutputShapeStore } from "./observed-output-shapes";
 import { type ExposureSnapshot } from "./exposure/discovery";
 export type CapletsEngineOptions = {
@@ -10,11 +10,14 @@ export type CapletsEngineOptions = {
     watchDebounceMs?: number;
     watch?: boolean;
     writeErr?: (value: string) => void;
-    configLoader?: (configPath: string, projectConfigPath: string) => CapletsConfig;
+    configLoader?: (configPath: string, projectConfigPath: string, options?: {
+        writeWarning?: ((warning: LocalOverlayConfigWarning) => void) | undefined;
+    }) => CapletsConfig;
     observedOutputShapeStore?: ObservedOutputShapeStore | undefined;
     observedOutputShapeScope?: ObservedOutputShapeKey["scope"] | undefined;
     observedOutputShapeCacheDir?: string | undefined;
     projectFingerprint?: string | undefined;
+    vaultRecoveryTarget?: "global" | "remote" | undefined;
 };
 export type CapletsEngineReloadEvent = {
     previous: CapletsConfig;
@@ -68,6 +71,7 @@ export declare class CapletsEngine {
     private callTool;
     private optionalMcpList;
     private reloadOnce;
+    private loadConfigWithWarnings;
     private reloadUntilSettled;
     private emitReload;
     private invalidateChangedBackends;

package/dist/errors.d.ts CHANGED Viewed

@@ -1,4 +1,4 @@
-export declare const CAPLETS_ERROR_CODES: readonly ["CONFIG_NOT_FOUND", "CONFIG_EXISTS", "CONFIG_INVALID", "REQUEST_INVALID", "SERVER_NOT_FOUND", "SERVER_UNAVAILABLE", "SERVER_START_TIMEOUT", "UNKNOWN_OPERATION", "TOOL_NOT_FOUND", "TOOL_CALL_TIMEOUT", "AUTH_REQUIRED", "AUTH_FAILED", "AUTH_REFRESH_FAILED", "DOWNSTREAM_PROTOCOL_ERROR", "DOWNSTREAM_TOOL_ERROR", "UNSUPPORTED_OPERATION", "UNSUPPORTED_CAPABILITY", "PROMPT_NOT_FOUND", "DOWNSTREAM_RESOURCE_ERROR", "DOWNSTREAM_PROMPT_ERROR", "DOWNSTREAM_COMPLETION_ERROR", "ATTACH_MANIFEST_STALE", "ATTACH_EXPORT_NOT_FOUND", "UNSUPPORTED_TRANSPORT", "INTERNAL_ERROR"];
+export declare const CAPLETS_ERROR_CODES: readonly ["CONFIG_NOT_FOUND", "CONFIG_EXISTS", "CONFIG_INVALID", "REQUEST_INVALID", "SERVER_NOT_FOUND", "SERVER_UNAVAILABLE", "SERVER_START_TIMEOUT", "UNKNOWN_OPERATION", "TOOL_NOT_FOUND", "TOOL_CALL_TIMEOUT", "AUTH_REQUIRED", "AUTH_FAILED", "REMOTE_CREDENTIALS_REVOKED", "AUTH_REFRESH_FAILED", "DOWNSTREAM_PROTOCOL_ERROR", "DOWNSTREAM_TOOL_ERROR", "UNSUPPORTED_OPERATION", "UNSUPPORTED_CAPABILITY", "PROMPT_NOT_FOUND", "DOWNSTREAM_RESOURCE_ERROR", "DOWNSTREAM_PROMPT_ERROR", "DOWNSTREAM_COMPLETION_ERROR", "ATTACH_MANIFEST_STALE", "ATTACH_EXPORT_NOT_FOUND", "UNSUPPORTED_TRANSPORT", "INTERNAL_ERROR"];
 export type CapletsErrorCode = (typeof CAPLETS_ERROR_CODES)[number];
 export type SafeErrorSummary = {
     code: CapletsErrorCode;