@caplets/core 0.25.1 → 0.26.1

package/dist/index.js

@@ -1,9 +1,9 @@
-import { $ as decodeDirectResourceUri, $t as ElicitResultSchema, A as nativeCapletToolDescription, An as objectFromShape, At as defaultCacheBaseDir, B as QuickJsCodeModeSandbox, Bt as assertClientRequestTaskCapability, C as resolveRemoteMode, Cn as getLiteralValue, Ct as startOAuthFlow, D as parseServerBaseUrl, Dn as isSchemaOptional, Dt as DEFAULT_AUTH_DIR, E as isLoopbackHost, En as getSchemaDescription, Et as readTokenBundle, F as codeModeRunInputSchema, Ft as resolveConfigPath, G as CodeModeLogStore, Gt as toJsonSchemaCompat, H as createCodeModeCapletsApi, Ht as AjvJsonSchemaValidator, I as codeModeRunParamsSchema, It as resolveProjectCapletsRoot, J as generateCodeModeDeclarations, Jt as CompleteRequestSchema, K as redactCodeModeLogText, Kt as CallToolRequestSchema, L as emptyCodeModeRunMeta, Lt as resolveProjectConfigPath, Mn as safeParseAsync, Mt as defaultConfigPath, Nt as defaultStateBaseDir, O as resolveCapletsServer, On as isZ4Schema, Pt as resolveCapletsRoot, Q as resolveExposure, R as runCodeMode, Rt as ReadBuffer, S as resolveHostedCloudRemote, Sn as isJSONRPCResultResponse, St as startGenericOAuthFlow, T as controlUrlForBase, Tn as getParseErrorMessage, Tt as isTokenBundleExpired, U as listCodeModeCallableCaplets, Ut as Protocol, V as diagnoseCodeModeTypeScript, Vt as assertToolsCallTaskCapability, W as CodeModeJournalStore, Wt as mergeCapabilities, X as minifyCodeModeDeclarationText, Xt as CreateMessageResultWithToolsSchema, Y as generateCodeModeRunToolDescription, Yt as CreateMessageResultSchema, Z as CapletsEngine, Zt as CreateTaskResultSchema, _n as assertCompleteRequestPrompt, _t as markdownCallToolResultContent, a as CloudAuthStore, an as JSONRPCMessageSchema, at as capabilityDescription, b as normalizeRemoteProfileHostUrl, bn as isJSONRPCErrorResponse, bt as runGenericOAuthFlow, c as redactedCloudAuthStatus, cn as ListResourceTemplatesRequestSchema, ct as loadConfigWithSources, d as projectBindingError, dn as ListToolsRequestSchema, dt as loadProjectConfig, en as EmptyResultSchema, et as directResourceUriMatchesTemplate, f as projectBindingRecovery, fn as LoggingLevelSchema, ft as parseConfig, g as buildProjectSyncManifest, gn as SetLevelRequestSchema, gt as hasRenderableStructuredContent, hn as SUPPORTED_PROTOCOL_VERSIONS, ht as loadCapletFilesFromMap, i as createRemoteProfileStore, in as InitializedNotificationSchema, it as ServerRegistry, j as nativeCapletToolName, jn as safeParse, jt as defaultConfigBaseDir, k as nativeCapletPromptGuidance, kn as normalizeObjectSchema, kt as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, l as PROJECT_BINDING_ERROR_CODES, ln as ListResourcesRequestSchema, lt as loadGlobalConfig, mn as ReadResourceRequestSchema, mt as validateCapletFile, n as resolveRemoteSelection, nn as GetPromptRequestSchema, nt as fingerprintProjectRoot, o as cloudAuthPath, on as LATEST_PROTOCOL_VERSION, ot as GoogleDiscoveryManager, p as CloudAuthClient, pn as McpError, pt as discoverCapletFiles, q as codeModeDeclarationHash, qt as CallToolResultSchema, r as cloudCredentialsFromRemoteProfile, rn as InitializeRequestSchema, rt as handleServerTool, s as migrateCredentials, sn as ListPromptsRequestSchema, st as loadConfig, t as createNativeCapletsService, tn as ErrorCode, tt as findProjectRoot, u as ProjectBindingError, un as ListRootsResultSchema, ut as loadLocalOverlayConfigWithSources, v as hostedCloudWorkspaceFromRemoteUrl, vn as assertCompleteRequestResourceTemplate, vt as markdownStructuredContent, w as appendBasePath, wn as getObjectShape, wt as deleteTokenBundle, x as resolveCapletsRemote, xn as isJSONRPCRequest, xt as runOAuthFlow, y as isCapletsCloudUrl, yn as isInitializeRequest, yt as refreshOAuthTokenBundle, z as CodeModeSessionManager, zt as serializeMessage } from "./service-Ut6dN9M8.js";
+import { $ as resolveExposure, $t as mergeCapabilities, A as nativeCapletPromptGuidance, An as isJSONRPCRequest, At as runOAuthFlow, B as CodeModeSessionManager, Bn as safeParse, Bt as defaultConfigBaseDir, C as resolveHostedCloudRemote, Cn as ReadResourceRequestSchema, Ct as validateCapletFile, D as isLoopbackHost, Dn as assertCompleteRequestResourceTemplate, Dt as markdownStructuredContent, E as controlUrlForBase, En as assertCompleteRequestPrompt, Et as markdownCallToolResultContent, Fn as getSchemaDescription, Ft as readTokenBundle, G as CodeModeJournalStore, Gt as resolveProjectCapletsRoot, H as diagnoseCodeModeTypeScript, Ht as defaultStateBaseDir, I as codeModeRunInputSchema, In as isSchemaOptional, It as DEFAULT_AUTH_DIR, J as codeModeDeclarationHash, Jt as serializeMessage, K as CodeModeLogStore, Kt as resolveProjectConfigPath, L as codeModeRunParamsSchema, Ln as isZ4Schema, M as nativeCapletToolName, Mn as getLiteralValue, Mt as startOAuthFlow, Nn as getObjectShape, Nt as deleteTokenBundle, O as parseServerBaseUrl, On as isInitializeRequest, Ot as refreshOAuthTokenBundle, Pn as getParseErrorMessage, Pt as isTokenBundleExpired, Q as CapletsEngine, Qt as Protocol, R as emptyCodeModeRunMeta, Rn as normalizeObjectSchema, Rt as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, S as resolveCapletsRemote, Sn as McpError, St as discoverCapletFiles, T as appendBasePath, Tn as SetLevelRequestSchema, Tt as hasRenderableStructuredContent, U as createCodeModeCapletsApi, Ut as resolveCapletsRoot, V as QuickJsCodeModeSandbox, Vn as safeParseAsync, Vt as defaultConfigPath, W as listCodeModeCallableCaplets, Wt as resolveConfigPath, X as generateCodeModeRunToolDescription, Xt as assertToolsCallTaskCapability, Y as generateCodeModeDeclarations, Yt as assertClientRequestTaskCapability, Z as minifyCodeModeDeclarationText, Zt as AjvJsonSchemaValidator, _ as CapletsCloudClient, _n as ListResourceTemplatesRequestSchema, _t as FileVaultStore, a as CloudAuthStore, an as CreateMessageResultWithToolsSchema, at as ServerRegistry, b as isCapletsCloudUrl, bn as ListToolsRequestSchema, bt as decryptVaultValue, c as redactedCloudAuthStatus, cn as ElicitResultSchema, ct as loadConfig, d as projectBindingError, dn as GetPromptRequestSchema, dt as loadLocalOverlayConfigWithSources, en as toJsonSchemaCompat, et as decodeDirectResourceUri, f as projectBindingRecovery, fn as InitializeRequestSchema, ft as loadProjectConfig, g as buildProjectSyncManifest, gn as ListPromptsRequestSchema, gt as vaultStoreForAuthDir, hn as LATEST_PROTOCOL_VERSION, ht as vaultResolverForAuthDir, i as createRemoteProfileStore, in as CreateMessageResultSchema, it as handleServerTool, j as nativeCapletToolDescription, jn as isJSONRPCResultResponse, jt as startGenericOAuthFlow, k as resolveCapletsServer, kn as isJSONRPCErrorResponse, kt as runGenericOAuthFlow, l as PROJECT_BINDING_ERROR_CODES, ln as EmptyResultSchema, lt as loadConfigWithSources, mn as JSONRPCMessageSchema, mt as vaultBootstrapResolver, n as resolveRemoteSelection, nn as CallToolResultSchema, nt as findProjectRoot, o as cloudAuthPath, on as CreateTaskResultSchema, ot as capabilityDescription, p as CloudAuthClient, pn as InitializedNotificationSchema, pt as parseConfig, q as redactCodeModeLogText, qt as ReadBuffer, r as cloudCredentialsFromRemoteProfile, rn as CompleteRequestSchema, rt as fingerprintProjectRoot, s as migrateCredentials, st as GoogleDiscoveryManager, t as createNativeCapletsService, tn as CallToolRequestSchema, tt as directResourceUriMatchesTemplate, u as ProjectBindingError, un as ErrorCode, ut as loadGlobalConfig, vn as ListResourcesRequestSchema, vt as VAULT_MAX_VALUE_BYTES, w as resolveRemoteMode, wn as SUPPORTED_PROTOCOL_VERSIONS, wt as loadCapletFilesFromMap, x as normalizeRemoteProfileHostUrl, xn as LoggingLevelSchema, xt as encryptVaultValue, y as hostedCloudWorkspaceFromRemoteUrl, yn as ListRootsResultSchema, yt as validateVaultKeyName, z as runCodeMode, zn as objectFromShape, zt as defaultCacheBaseDir } from "./service-aBIn4nrw.js";
 import { _ as record, b as unknown, d as literal, m as object, n as ZodOptional, o as array, p as number, r as _enum, s as boolean, v as string, x as url } from "./schemas-BoqMu4MG.js";
-import { f as redactSecrets$1, i as SERVER_ID_PATTERN, l as CAPLETS_ERROR_CODES, p as toSafeError, u as CapletsError } from "./validation-C4tYXw6G.js";
+import { f as redactSecrets$1, i as SERVER_ID_PATTERN, l as CAPLETS_ERROR_CODES, p as toSafeError, u as CapletsError } from "./validation-GD2x5HW1.js";
 import { generatedToolInputJsonSchemaForCaplet, generatedToolInputSchema, generatedToolInputSchemaForCaplet } from "./generated-tool-input-schema.js";
 import { f as observedOutputShapeKey, g as stableJsonStringify, h as schemaHash, i as observeOutputShape, u as FileObservedOutputShapeStore } from "./observed-output-shapes-DuP7mJQf.js";
-import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-De4t5MtT.js";
+import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-CFOJucl5.js";
 import { n as normalizeCapletSourcePath, t as FilesystemCapletSource } from "./filesystem-Kkg32TOJ.js";
 import { parseConfig as parseConfig$1 } from "./config-runtime.js";
 import fs, { accessSync, chmodSync, closeSync, constants, copyFileSync, cpSync, existsSync, fstatSync, lstatSync, mkdirSync, mkdtempSync, openSync, readFileSync, readSync, readdirSync, readlinkSync, realpathSync, renameSync, rmSync, statSync, watch, writeFileSync, writeSync } from "node:fs";
@@ -14,9 +14,9 @@ import { Readable, Writable } from "node:stream";
 import { STATUS_CODES, createServer } from "node:http";
 import { createHash, randomBytes, randomUUID, timingSafeEqual } from "node:crypto";
 import { homedir, tmpdir, userInfo } from "node:os";
+import { Buffer as Buffer$1 } from "node:buffer";
 import { EventEmitter } from "node:events";
 import { promisify, stripVTControlCharacters } from "node:util";
-import { Buffer as Buffer$1 } from "node:buffer";
 import { createInterface } from "node:readline/promises";
 import { Http2ServerRequest, constants as constants$1 } from "node:http2";
 //#region ../../node_modules/.pnpm/@modelcontextprotocol+sdk@1.29.0_zod@4.4.3/node_modules/@modelcontextprotocol/sdk/dist/esm/experimental/tasks/server.js
@@ -1553,7 +1553,7 @@ const EMPTY_COMPLETION_RESULT = { completion: {
 } };
 //#endregion
 //#region package.json
-var version = "0.25.1";
+var version = "0.26.1";
 //#endregion
 //#region src/serve/session.ts
 var CapletsMcpSession = class {
@@ -5353,7 +5353,7 @@ function collectFiles(root) {
 //#endregion
 //#region src/cli/auth.ts
 async function loginAuth(serverId, options) {
-	const server = await resolveAuthTarget$1(serverId, options.config ?? loadConfig(options.configPath), options.authDir);
+	const server = await resolveAuthTarget$1(serverId, options.config ?? loadAuthResolvedConfig(options), options.authDir);
 	assertLoginTarget(server, serverId);
 	try {
 		const flowOptions = {
@@ -5375,7 +5375,7 @@ function logoutAuth(serverId, options) {
 	else options.writeOut(`No OAuth credentials found for \`${serverId}\`.\n`);
 }
 function logoutAuthResult(serverId, options) {
-	assertLoginTarget(findAuthTarget(serverId, options.config ?? loadConfig(options.configPath)), serverId);
+	assertLoginTarget(findAuthTarget(serverId, options.config ?? loadConfig(options.configPath, void 0, { vaultResolver: vaultBootstrapResolver })), serverId);
 	return {
 		server: serverId,
 		deleted: deleteTokenBundle(serverId, options.authDir)
@@ -5386,13 +5386,16 @@ async function refreshAuth(serverId, options) {
 	options.writeOut(`Refreshed OAuth credentials for \`${serverId}\`.\n`);
 }
 async function refreshAuthResult(serverId, options) {
-	const target = await resolveAuthTarget$1(serverId, options.config ?? loadConfig(options.configPath), options.authDir);
+	const target = await resolveAuthTarget$1(serverId, options.config ?? loadAuthResolvedConfig(options), options.authDir);
 	assertLoginTarget(target, serverId);
 	await refreshOAuthTokenBundle(target, options.authDir);
 	return { server: serverId };
 }
 function listAuthRows(options) {
-	return authRowsForTargets(authTargets(loadConfig(options.configPath)), options.authDir);
+	return authRowsForTargets(authTargets(loadConfig(options.configPath, void 0, { vaultResolver: vaultBootstrapResolver })), options.authDir);
+}
+function loadAuthResolvedConfig(options) {
+	return loadConfig(options.configPath, void 0, { vaultResolver: vaultResolverForAuthDir(options.authDir) });
 }
 function listLocalAuthRows(options) {
 	return authRowsForTargets(localAuthTargets(options), options.authDir);
@@ -5402,7 +5405,7 @@ function localAuthTargets(options) {
 }
 function localAuthConfigForTarget(options) {
 	assertLoginTarget(localAuthTargets(options).find((candidate) => candidate.server === options.serverId), options.serverId);
-	return loadConfigForSource(options.source, options);
+	return loadConfigForSource(options.source, options, { vaultResolver: vaultResolverForAuthDir(options.authDir) });
 }
 function authTargetsForSource(source, options) {
 	try {
@@ -5415,9 +5418,9 @@ function authTargetsForSource(source, options) {
 		throw error;
 	}
 }
-function loadConfigForSource(source, options) {
-	if (source === "global") return loadGlobalConfig(options.configPath);
-	return loadProjectConfig(options.projectConfigPath);
+function loadConfigForSource(source, options, loadOptions = { vaultResolver: vaultBootstrapResolver }) {
+	if (source === "global") return loadGlobalConfig(options.configPath, loadOptions);
+	return loadProjectConfig(options.projectConfigPath, loadOptions);
 }
 function authRowsForTargets(targets, authDir) {
 	return targets.sort((left, right) => left.server.localeCompare(right.server)).map((server) => {
@@ -5861,6 +5864,21 @@ function assertPathSegment(value, label) {
 	if (!value || value.includes("/") || value.includes("\\") || value.includes("\0") || value === "." || value === "..") throw new Error(`Invalid ${label}: ${value}`);
 }
 //#endregion
+//#region src/daemon/host-path.ts
+/**
+* Node's POSIX filesystem APIs do not treat backslashes as path separators. Tests
+* sometimes emulate Windows daemon operations with POSIX temp directories, which
+* `node:path.win32` renders as drive-less absolute paths such as
+* `\tmp\caplets-...`. On POSIX hosts those strings would otherwise be created as
+* single backslash-named entries in the current working directory.
+*/
+function daemonHostPath(path) {
+	if (process.platform === "win32") return path;
+	if (!path.startsWith("\\") || path.startsWith("\\\\")) return path;
+	if (/^[A-Za-z]:/u.test(path)) return path;
+	return path.replaceAll("\\", "/");
+}
+//#endregion
 //#region src/daemon/config.ts
 function readDaemonConfig(paths) {
 	return readJson(paths.configFile);
@@ -5874,10 +5892,10 @@ function writeDaemonState(paths, state) {
 	return state;
 }
 function removeDaemonConfig(paths) {
-	rmSync(paths.configFile, { force: true });
+	rmSync(daemonHostPath(paths.configFile), { force: true });
 }
 function removeDaemonState(paths) {
-	rmSync(paths.stateFile, { force: true });
+	rmSync(daemonHostPath(paths.stateFile), { force: true });
 }
 function mergeDaemonEnv(existing, install) {
 	const values = { ...existing?.values };
@@ -5901,20 +5919,22 @@ function validateEnvName(value) {
 	if (!/^[A-Za-z_][A-Za-z0-9_]*$/u.test(value)) throw new CapletsError("REQUEST_INVALID", `Invalid environment variable name: ${value}`);
 }
 function readJson(path) {
+	const hostPath = daemonHostPath(path);
 	try {
-		return JSON.parse(readFileSync(path, "utf8"));
+		return JSON.parse(readFileSync(hostPath, "utf8"));
 	} catch (error) {
 		if (error.code === "ENOENT") return void 0;
 		throw error;
 	}
 }
 function writeJson(path, value) {
-	mkdirSync(dirname(path), {
+	const hostPath = daemonHostPath(path);
+	mkdirSync(dirname(hostPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(path, `${JSON.stringify(value, null, 2)}\n`, { mode: 384 });
-	chmodSync(path, 384);
+	writeFileSync(hostPath, `${JSON.stringify(value, null, 2)}\n`, { mode: 384 });
+	chmodSync(hostPath, 384);
 }
 //#endregion
 //#region src/daemon/logs.ts
@@ -5949,9 +5969,10 @@ async function followDaemonLogs(paths, options) {
 	}).entries) options.write(entry);
 	const watchers = selectedStreams(options.stream ?? "all").map((stream) => {
 		const file = paths[stream === "stdout" ? "stdoutLog" : "stderrLog"];
+		const hostFile = daemonHostPath(file);
 		ensureLogFile(file);
-		let offset = existsSync(file) ? statSync(file).size : 0;
-		return watch(file, { persistent: true }, () => {
+		let offset = existsSync(hostFile) ? statSync(hostFile).size : 0;
+		return watch(hostFile, { persistent: true }, () => {
 			const { content, nextOffset } = readFromOffset(file, offset);
 			offset = nextOffset;
 			for (const line of content.split(/\r?\n/u).filter(Boolean)) options.write({
@@ -5974,13 +5995,14 @@ function selectedStreams(stream) {
 	return stream === "all" ? ["stdout", "stderr"] : [stream];
 }
 function tailLines(path, count) {
-	if (count === 0 || !existsSync(path)) return [];
-	const lines = count < 0 ? readFileSync(path, "utf8").split(/\r?\n/u) : readTailContent(path, count);
+	const hostPath = daemonHostPath(path);
+	if (count === 0 || !existsSync(hostPath)) return [];
+	const lines = count < 0 ? readFileSync(hostPath, "utf8").split(/\r?\n/u) : readTailContent(path, count);
 	if (lines.at(-1) === "") lines.pop();
 	return count < 0 ? lines : lines.slice(-count);
 }
 function readTailContent(path, count) {
-	const fd = openSync(path, "r");
+	const fd = openSync(daemonHostPath(path), "r");
 	try {
 		const size = fstatSync(fd).size;
 		const chunks = [];
@@ -6001,11 +6023,12 @@ function readTailContent(path, count) {
 	}
 }
 function readFromOffset(path, offset) {
-	if (!existsSync(path)) return {
+	const hostPath = daemonHostPath(path);
+	if (!existsSync(hostPath)) return {
 		content: "",
 		nextOffset: 0
 	};
-	const fd = openSync(path, "r");
+	const fd = openSync(hostPath, "r");
 	try {
 		const size = fstatSync(fd).size;
 		if (size <= offset) return {
@@ -6046,12 +6069,13 @@ function logTimestamp(line) {
 	return Number.isNaN(timestamp) ? void 0 : timestamp;
 }
 function ensureLogFile(path) {
-	if (existsSync(path)) return;
-	mkdirSync(dirname(path), {
+	const hostPath = daemonHostPath(path);
+	if (existsSync(hostPath)) return;
+	mkdirSync(dirname(hostPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(path, "", { mode: 384 });
+	writeFileSync(hostPath, "", { mode: 384 });
 }
 //#endregion
 //#region src/daemon/xml.ts
@@ -6242,9 +6266,9 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 	return {
 		descriptor: buildLaunchdDescriptor,
 		status: async (config, paths) => {
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const result = await runner.exec("launchctl", ["print", target]);
-			if (result.code !== 0) return existsSync(paths.descriptorFile) ? stopped({ stderr: result.stderr }) : notInstalled({ stderr: result.stderr });
+			if (result.code !== 0) return existsSync(daemonHostPath(paths.descriptorFile)) ? stopped({ stderr: result.stderr }) : notInstalled({ stderr: result.stderr });
 			const pid = parseNumberMatch(result.stdout, /\bpid\s*=\s*(\d+)/u);
 			if (pid !== void 0) return runningOrStopped(pid, {
 				stdout: result.stdout,
@@ -6270,7 +6294,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 			};
 		},
 		uninstall: async (config, paths) => {
-			const hasDescriptor = existsSync(paths.descriptorFile);
+			const hasDescriptor = existsSync(daemonHostPath(paths.descriptorFile));
 			if (!hasDescriptor && !config) return {
 				action: "uninstall",
 				native: notInstalled(),
@@ -6288,7 +6312,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 			]];
 			const result = await runner.exec(commands[0][0], commands[0].slice(1));
 			if (result.code !== 0 && !/No such process|not found|Could not find service|No such file or directory/iu.test(result.stderr)) throw new CapletsError("SERVER_UNAVAILABLE", `launchd unregister failed: ${result.stderr || result.stdout || result.code}`);
-			rmSync(paths.descriptorFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
 			return {
 				action: "uninstall",
 				native: notInstalled({
@@ -6301,7 +6325,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 		start: async (config) => launchdStartLifecycle(runner, domain, target, config.paths.descriptorFile),
 		restart: async (config) => launchdRestartLifecycle(runner, domain, target, config.paths.descriptorFile),
 		stop: async (config) => {
-			const command = config && existsSync(config.paths.descriptorFile) ? [
+			const command = config && existsSync(daemonHostPath(config.paths.descriptorFile)) ? [
 				"launchctl",
 				"bootout",
 				domain,
@@ -6326,7 +6350,7 @@ function systemdManager(runner, serviceAvailable = true) {
 		descriptor: buildSystemdDescriptor,
 		status: async (config, paths) => {
 			if (!serviceAvailable) return unavailable("systemd --user is not available.");
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const show = await runner.exec("systemctl", [
 				"--user",
 				"show",
@@ -6335,13 +6359,13 @@ function systemdManager(runner, serviceAvailable = true) {
 			if (show.code !== 0) {
 				const message = show.stderr || show.stdout || String(show.code);
 				if (isSystemdUnavailable(message)) return unavailable(`systemd --user is not available: ${message}`);
-				return existsSync(paths.descriptorFile) ? stopped({
+				return existsSync(daemonHostPath(paths.descriptorFile)) ? stopped({
 					stderr: show.stderr,
 					stdout: show.stdout
 				}) : notInstalled({ stderr: show.stderr });
 			}
 			const raw = parseSystemdShow(show.stdout);
-			if (!existsSync(paths.descriptorFile) && raw.LoadState === "not-found") return notInstalled({
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && raw.LoadState === "not-found") return notInstalled({
 				raw,
 				stderr: show.stderr
 			});
@@ -6407,7 +6431,7 @@ function systemdManager(runner, serviceAvailable = true) {
 			]];
 			await assertExecUnless(runner, commands[0], "systemd unregister failed", /not loaded|not found|No such file|does not exist/iu);
 			const descriptorBackup = backupPath(paths.descriptorFile);
-			rmSync(paths.descriptorFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
 			try {
 				await assertExec(runner, commands[1], "systemd unregister failed");
 			} catch (error) {
@@ -6430,7 +6454,7 @@ function windowsTaskManager(runner) {
 	return {
 		descriptor: buildWindowsTaskDescriptor,
 		status: async (config, paths) => {
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const result = await runner.exec("schtasks", [
 				"/Query",
 				"/TN",
@@ -6485,8 +6509,8 @@ function windowsTaskManager(runner) {
 				"/F"
 			];
 			await assertExecUnless(runner, command, "Scheduled Task unregister failed", /cannot find|does not exist|not found/iu);
-			rmSync(paths.descriptorFile, { force: true });
-			rmSync(paths.wrapperFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
+			rmSync(daemonHostPath(paths.wrapperFile), { force: true });
 			return {
 				action: "uninstall",
 				native: notInstalled(),
@@ -6558,19 +6582,21 @@ function unsupportedManager(platform) {
 	};
 }
 function writeDescriptor(descriptor) {
-	mkdirSync(dirname(descriptor.path), {
+	const descriptorPath = daemonHostPath(descriptor.path);
+	mkdirSync(dirname(descriptorPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(descriptor.path, descriptor.kind === "windows-scheduled-task" ? descriptor.xml : descriptor.contents, { mode: 384 });
-	chmodSync(descriptor.path, 384);
+	writeFileSync(descriptorPath, descriptor.kind === "windows-scheduled-task" ? descriptor.xml : descriptor.contents, { mode: 384 });
+	chmodSync(descriptorPath, 384);
 	if (descriptor.kind === "windows-scheduled-task") {
-		mkdirSync(dirname(descriptor.wrapper.path), {
+		const wrapperPath = daemonHostPath(descriptor.wrapper.path);
+		mkdirSync(dirname(wrapperPath), {
 			recursive: true,
 			mode: 448
 		});
-		writeFileSync(descriptor.wrapper.path, descriptor.wrapper.contents, { mode: 448 });
-		chmodSync(descriptor.wrapper.path, 448);
+		writeFileSync(wrapperPath, descriptor.wrapper.contents, { mode: 448 });
+		chmodSync(wrapperPath, 448);
 	}
 }
 async function writeDescriptorForInstall(descriptor, register, afterRestore) {
@@ -6590,23 +6616,27 @@ function backupDescriptorFiles(descriptor) {
 	return (descriptor.kind === "windows-scheduled-task" ? [descriptor.path, descriptor.wrapper.path] : [descriptor.path]).map(backupPath);
 }
 function backupPath(path) {
-	const existed = existsSync(path);
+	const hostPath = daemonHostPath(path);
+	const existed = existsSync(hostPath);
 	return {
 		path,
 		existed,
-		...existed ? { contents: readFileSync(path) } : {},
-		...existed ? { mode: statSync(path).mode & 511 } : {}
+		...existed ? { contents: readFileSync(hostPath) } : {},
+		...existed ? { mode: statSync(hostPath).mode & 511 } : {}
 	};
 }
 function restoreDescriptorFiles(backups) {
-	for (const backup of backups) if (backup.existed && backup.contents) {
-		mkdirSync(dirname(backup.path), {
-			recursive: true,
-			mode: 448
-		});
-		writeFileSync(backup.path, backup.contents, { mode: backup.mode ?? 384 });
-		chmodSync(backup.path, backup.mode ?? 384);
-	} else rmSync(backup.path, { force: true });
+	for (const backup of backups) {
+		const hostPath = daemonHostPath(backup.path);
+		if (backup.existed && backup.contents) {
+			mkdirSync(dirname(hostPath), {
+				recursive: true,
+				mode: 448
+			});
+			writeFileSync(hostPath, backup.contents, { mode: backup.mode ?? 384 });
+			chmodSync(hostPath, backup.mode ?? 384);
+		} else rmSync(hostPath, { force: true });
+	}
 }
 async function assertExec(runner, command, message) {
 	const result = await runner.exec(command[0], command.slice(1));
@@ -11048,7 +11078,7 @@ async function dispatchRemoteCliRequest(request, context) {
 async function dispatch(request, context) {
 	assertObject(request, "remote control request");
 	assertObject(request.arguments, "remote control request arguments");
-	if (request.command === "list") return listCaplets(loadConfigWithSources(context.configPath, context.projectConfigPath), { includeDisabled: optionalBoolean(request.arguments, "includeDisabled") ?? false });
+	if (request.command === "list") return listCaplets(loadConfigWithSources(context.configPath, context.projectConfigPath, { vaultResolver: vaultBootstrapResolver }), { includeDisabled: optionalBoolean(request.arguments, "includeDisabled") ?? false });
 	if (ENGINE_COMMANDS.has(request.command)) {
 		const caplet = requiredString(request.arguments, "caplet");
 		const toolRequest = requiredEngineRequest(request.arguments, request.command);
@@ -11089,6 +11119,7 @@ async function dispatch(request, context) {
 		...optionalProp("configPath", context.configPath),
 		...optionalProp("authDir", context.authDir)
 	});
+	if (request.command.startsWith("vault_")) return dispatchVault(request, context);
 	if (request.command === "auth_logout") return logoutAuthResult(requiredString(request.arguments, "server"), {
 		...optionalProp("configPath", context.configPath),
 		...optionalProp("authDir", context.authDir)
@@ -11101,9 +11132,76 @@ async function dispatch(request, context) {
 	if (request.command === "auth_login_complete") return completeRemoteAuthLogin(requiredString(request.arguments, "flowId"), requiredString(request.arguments, "callbackUrl"), context);
 	throw new CapletsError("UNKNOWN_OPERATION", `Unsupported remote control command ${request.command}`);
 }
+function dispatchVault(request, context) {
+	const store = remoteVaultStore(context);
+	switch (request.command) {
+		case "vault_set": {
+			const name = requiredString(request.arguments, "name");
+			const value = requiredString(request.arguments, "value");
+			const grant = optionalString(request.arguments, "grant");
+			const grantInput = grant ? {
+				storedKey: validateVaultKeyName(name),
+				referenceName: validateVaultKeyName(optionalString(request.arguments, "referenceName") ?? name),
+				capletId: grant,
+				origin: remoteVaultAccessOrigin(grant, context)
+			} : void 0;
+			const existed = store.getStatus(name).present;
+			const previousValue = existed && grantInput ? store.resolveValue(name) : void 0;
+			const status = store.set(name, value, { force: optionalBoolean(request.arguments, "force") ?? false });
+			try {
+				if (grantInput) store.grantAccess(grantInput);
+			} catch (error) {
+				if (existed && previousValue !== void 0) store.set(name, previousValue, { force: true });
+				else store.delete(name);
+				throw error;
+			}
+			return {
+				remote: true,
+				...status
+			};
+		}
+		case "vault_list": return store.listValues();
+		case "vault_get": {
+			const name = requiredString(request.arguments, "name");
+			if (optionalBoolean(request.arguments, "reveal") ?? false) throw new CapletsError("REQUEST_INVALID", "Self-hosted remote Vault reveal is not supported through remote control.");
+			return store.getStatus(name);
+		}
+		case "vault_delete": return store.delete(requiredString(request.arguments, "name"));
+		case "vault_access_grant": {
+			const storedKey = requiredString(request.arguments, "name");
+			const capletId = requiredString(request.arguments, "capletId");
+			return store.grantAccess({
+				storedKey,
+				referenceName: optionalString(request.arguments, "referenceName") ?? storedKey,
+				capletId,
+				origin: remoteVaultAccessOrigin(capletId, context)
+			});
+		}
+		case "vault_access_revoke": return store.revokeAccess({
+			storedKey: requiredString(request.arguments, "name"),
+			capletId: requiredString(request.arguments, "capletId"),
+			...optionalProp("referenceName", optionalString(request.arguments, "referenceName"))
+		});
+		case "vault_access_list": return store.listAccess({
+			...optionalProp("storedKey", optionalString(request.arguments, "name")),
+			...optionalProp("capletId", optionalString(request.arguments, "capletId"))
+		});
+		default: throw new CapletsError("UNKNOWN_OPERATION", `Unsupported remote control command ${request.command}`);
+	}
+}
+function remoteVaultStore(context) {
+	return vaultStoreForAuthDir(context.authDir);
+}
+function remoteVaultAccessOrigin(capletId, context) {
+	const overlay = loadLocalOverlayConfigWithSources(context.configPath, context.projectConfigPath, { vaultResolver: vaultBootstrapResolver });
+	const origin = overlay.sources[capletId];
+	if (!origin) throw new CapletsError("SERVER_NOT_FOUND", `Caplet ${capletId} is not configured.`);
+	if (overlay.shadows[capletId]?.length) throw new CapletsError("REQUEST_INVALID", `Caplet ${capletId} is shadowed in multiple config sources; resolve the active config before granting Vault access.`);
+	return origin;
+}
 async function startRemoteAuthLogin(serverId, context) {
 	if (!context.authFlowStore || !context.controlCallbackBaseUrl) throw new CapletsError("REQUEST_INVALID", "Remote auth login is not available on this server");
-	const config = loadConfigWithSources(context.configPath, context.projectConfigPath).config;
+	const config = loadConfigWithSources(context.configPath, context.projectConfigPath, { vaultResolver: vaultResolverForAuthDir(context.authDir) }).config;
 	const target = await resolveAuthTarget$1(serverId, config, context.authDir);
 	assertLoginTarget(target, serverId);
 	const flowId = randomUUID();
@@ -11399,6 +11497,12 @@ function randomPairingPart(bytes) {
 const DEFAULT_PAIRING_CODE_TTL_MS = 10 * 6e4;
 const DEFAULT_PAIRING_CODE_MAX_ATTEMPTS = 5;
 const DEFAULT_ACCESS_TOKEN_TTL_MS = 15 * 6e4;
+const DEFAULT_PENDING_OPERATOR_CODE_TTL_MS = 10 * 6e4;
+const DEFAULT_PENDING_FLOW_TTL_MS = 1440 * 6e4;
+const DEFAULT_PENDING_POLL_INTERVAL_SECONDS = 5;
+const DEFAULT_PENDING_MAX_ACTIVE_FLOWS = 64;
+const DEFAULT_PENDING_MAX_ACTIVE_FLOWS_PER_SOURCE = 8;
+const PENDING_TERMINAL_RETENTION_MS = 1440 * 6e4;
 const STALE_REFRESH_REVOKE_GRACE_MS = 3e4;
 const SUPERSEDED_REFRESH_TOKEN_RETENTION_MS = 1440 * 6e4;
 const STATE_FILE = "remote-server-credentials.json";
@@ -11410,6 +11514,199 @@ var RemoteServerCredentialStore = class {
 	constructor(options) {
 		this.dir = options.dir;
 	}
+	createPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const flowId = `rlogin_${randomToken(12)}`;
+			const operatorCode = `cap_login_${randomToken(5)}`;
+			const pendingRefreshSecret = `cap_pending_refresh_${randomToken(32)}`;
+			const pendingCompletionSecret = `cap_pending_complete_${randomToken(32)}`;
+			const codeExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_OPERATOR_CODE_TTL_MS).toISOString();
+			const flowExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_FLOW_TTL_MS).toISOString();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const clientLabel = boundedPendingLoginDisplayValue(input.clientLabel, PENDING_CLIENT_LABEL_MAX_LENGTH) ?? "Caplets Remote Client";
+			const clientFingerprint = boundedPendingLoginDisplayValue(input.clientFingerprint, PENDING_CLIENT_FINGERPRINT_MAX_LENGTH);
+			const sourceHint = boundedPendingLoginDisplayValue(input.sourceHint, PENDING_SOURCE_HINT_MAX_LENGTH);
+			enforcePendingLoginQuota(state, sourceHint);
+			state.pendingLogins.push({
+				flowId,
+				hostUrl: normalizeRemoteProfileHostUrl(input.hostUrl),
+				...input.hostIdentity ? { hostIdentity: input.hostIdentity } : {},
+				operatorCodeHash: hashSecret(operatorCode),
+				pendingRefreshHash: hashSecret(pendingRefreshSecret),
+				supersededPendingRefreshHashes: [],
+				pendingCompletionHash: hashSecret(pendingCompletionSecret),
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				clientLabel,
+				...clientFingerprint ? { clientFingerprint } : {},
+				...sourceHint ? { sourceHint } : {},
+				createdAt: now.toISOString(),
+				codeExpiresAt,
+				flowExpiresAt,
+				status: "pending"
+			});
+			this.saveState(state);
+			return {
+				flowId,
+				operatorCode,
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				pendingRefreshSecret,
+				pendingCompletionSecret,
+				codeExpiresAt,
+				flowExpiresAt,
+				intervalSeconds: DEFAULT_PENDING_POLL_INTERVAL_SECONDS
+			};
+		});
+	}
+	pollPendingLogin(input) {
+		const now = input.now ?? /* @__PURE__ */ new Date();
+		const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now);
+		return {
+			flowId: flow.flowId,
+			status: flow.status
+		};
+	}
+	refreshPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			const refreshHash = hashSecret(input.pendingRefreshSecret);
+			if (!safeHashEqual(refreshHash, flow.pendingRefreshHash)) {
+				if (flow.pendingRefreshReplay && safeHashEqual(refreshHash, flow.pendingRefreshReplay.refreshHash) && Date.parse(flow.pendingRefreshReplay.expiresAt) > now.getTime()) return decryptPendingRefreshReplay(flow.pendingRefreshReplay, input.pendingCompletionSecret);
+				if (flow.supersededPendingRefreshHashes.some((entry) => safeHashEqual(refreshHash, entry.hash))) throw new CapletsError("AUTH_FAILED", "Pending login refresh material is stale.");
+				throw new CapletsError("AUTH_FAILED", "Pending login refresh material is invalid.");
+			}
+			const operatorCode = `cap_login_${randomToken(5)}`;
+			const pendingRefreshSecret = `cap_pending_refresh_${randomToken(32)}`;
+			const codeExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_OPERATOR_CODE_TTL_MS).toISOString();
+			const response = {
+				flowId: flow.flowId,
+				operatorCode,
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				pendingRefreshSecret,
+				codeExpiresAt,
+				flowExpiresAt: flow.flowExpiresAt,
+				intervalSeconds: DEFAULT_PENDING_POLL_INTERVAL_SECONDS
+			};
+			flow.operatorCodeHash = hashSecret(operatorCode);
+			flow.operatorCodeFingerprint = response.operatorCodeFingerprint;
+			flow.supersededPendingRefreshHashes = pruneSupersededRefreshTokens(flow.supersededPendingRefreshHashes, now);
+			flow.pendingRefreshReplay = {
+				refreshHash: flow.pendingRefreshHash,
+				expiresAt: new Date(now.getTime() + STALE_REFRESH_REVOKE_GRACE_MS).toISOString(),
+				encryptedResponse: encryptReplayValue(response, input.pendingCompletionSecret, now)
+			};
+			flow.supersededPendingRefreshHashes.push({
+				hash: flow.pendingRefreshHash,
+				supersededAt: now.toISOString()
+			});
+			flow.supersededPendingRefreshHashes = capSupersededRefreshTokens(flow.supersededPendingRefreshHashes);
+			flow.pendingRefreshHash = hashSecret(pendingRefreshSecret);
+			flow.codeExpiresAt = codeExpiresAt;
+			this.saveState(state);
+			return response;
+		});
+	}
+	denyPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const operatorCodeHash = hashSecret(input.operatorCode);
+			const flow = state.pendingLogins.find((candidate) => safeHashEqual(operatorCodeHash, candidate.operatorCodeHash));
+			if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login code is unknown.");
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			if (Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+				flow.status = "expired";
+				this.saveState(state);
+				throw new CapletsError("AUTH_FAILED", "Pending login has expired.");
+			}
+			flow.status = "denied";
+			flow.deniedAt = now.toISOString();
+			this.saveState(state);
+			return {
+				flowId: flow.flowId,
+				status: "denied"
+			};
+		});
+	}
+	cancelPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.status !== "pending" && flow.status !== "approved") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			flow.status = "cancelled";
+			flow.cancelledAt = now.toISOString();
+			this.saveState(state);
+			return {
+				flowId: flow.flowId,
+				status: "cancelled"
+			};
+		});
+	}
+	approvePendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const operatorCodeHash = hashSecret(input.operatorCode);
+			const flow = state.pendingLogins.find((candidate) => safeHashEqual(operatorCodeHash, candidate.operatorCodeHash));
+			if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login code is unknown.");
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			if (Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+				flow.status = "expired";
+				this.saveState(state);
+				throw new CapletsError("AUTH_FAILED", "Pending login has expired.");
+			}
+			assertPendingOperatorCodeFresh(flow, now);
+			flow.status = "approved";
+			flow.approvedAt = now.toISOString();
+			this.saveState(state);
+			return pendingApprovalStatus(flow);
+		});
+	}
+	completePendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.hostUrl !== normalizeRemoteProfileHostUrl(input.hostUrl)) throw new CapletsError("AUTH_FAILED", "Pending login belongs to a different host.");
+			if (flow.status !== "approved") {
+				if (flow.status === "exchanged" && flow.completionReplay && Date.parse(flow.completionReplay.expiresAt) > now.getTime()) return decryptCompletionReplay(flow.completionReplay, input.pendingCompletionSecret);
+				throw new CapletsError("AUTH_FAILED", flow.status === "exchanged" ? "Pending login has already been exchanged." : `Pending login is ${flow.status}, not approved.`);
+			}
+			const accessToken = `cap_remote_access_${randomToken(32)}`;
+			const refreshToken = `cap_remote_refresh_${randomToken(32)}`;
+			const client = {
+				clientId: `rcli_${randomToken(12)}`,
+				clientLabel: flow.clientLabel,
+				hostUrl: flow.hostUrl,
+				accessTokenHash: hashSecret(accessToken),
+				accessExpiresAt: new Date(now.getTime() + DEFAULT_ACCESS_TOKEN_TTL_MS).toISOString(),
+				refreshTokenHash: hashSecret(refreshToken),
+				supersededRefreshTokenHashes: [],
+				refreshFamilyId: randomUUID(),
+				createdAt: now.toISOString()
+			};
+			state.clients.push(client);
+			flow.status = "exchanged";
+			flow.exchangedAt = now.toISOString();
+			const credentials = credentialsFromClient(client, accessToken, refreshToken);
+			flow.completionReplay = {
+				expiresAt: new Date(now.getTime() + STALE_REFRESH_REVOKE_GRACE_MS).toISOString(),
+				encryptedCredentials: encryptReplayValue(credentials, input.pendingCompletionSecret, now)
+			};
+			this.saveState(state);
+			return credentials;
+		});
+	}
 	createPairingCode(input) {
 		return this.withStateLock(() => {
 			const now = input.now ?? /* @__PURE__ */ new Date();
@@ -11474,6 +11771,13 @@ var RemoteServerCredentialStore = class {
 	listClients() {
 		return this.loadState().clients.map(clientStatus).sort((left, right) => left.createdAt.localeCompare(right.createdAt));
 	}
+	listPendingLogins(now = /* @__PURE__ */ new Date()) {
+		return this.withStateLock(() => {
+			const state = this.loadState();
+			if (cleanupPendingLogins(state, now)) this.saveState(state);
+			return state.pendingLogins.map(pendingLoginStatus).sort((left, right) => left.createdAt.localeCompare(right.createdAt));
+		});
+	}
 	revokeClient(clientId, now = /* @__PURE__ */ new Date()) {
 		return this.withStateLock(() => {
 			const state = this.loadState();
@@ -11509,7 +11813,7 @@ var RemoteServerCredentialStore = class {
 					const supersededAt = superseded ? Date.parse(superseded.supersededAt) : NaN;
 					if (Number.isFinite(supersededAt) && now.getTime() - supersededAt >= STALE_REFRESH_REVOKE_GRACE_MS) replayedClient.revokedAt = now.toISOString();
 					this.saveState(state);
-					throw new CapletsError("AUTH_FAILED", "Remote refresh credential is stale.");
+					throw new CapletsError("REMOTE_CREDENTIALS_REVOKED", "Remote refresh credential is stale.");
 				}
 				throw new CapletsError("AUTH_FAILED", "Remote refresh credential is invalid.");
 			}
@@ -11537,12 +11841,17 @@ var RemoteServerCredentialStore = class {
 		if (!existsSync(path)) return {
 			version: 1,
 			pairingCodes: [],
+			pendingLogins: [],
 			clients: []
 		};
 		const parsed = JSON.parse(readFileSync(path, "utf8"));
 		return {
 			version: 1,
 			pairingCodes: parsed.pairingCodes ?? [],
+			pendingLogins: (parsed.pendingLogins ?? []).map((pending) => ({
+				...pending,
+				supersededPendingRefreshHashes: parseSupersededRefreshTokens(pending.supersededPendingRefreshHashes)
+			})),
 			clients: (parsed.clients ?? []).map((client) => ({
 				...client,
 				supersededRefreshTokenHashes: parseSupersededRefreshTokens(client.supersededRefreshTokenHashes)
@@ -11612,6 +11921,13 @@ var RemoteServerCredentialStore = class {
 			return false;
 		}
 	}
+	pendingLoginForCompletion(flowId, pendingCompletionSecret, now, state = this.loadState()) {
+		const flow = state.pendingLogins.find((candidate) => candidate.flowId === flowId);
+		if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login is unknown.");
+		if (!safeHashEqual(hashSecret(pendingCompletionSecret), flow.pendingCompletionHash)) throw new CapletsError("AUTH_FAILED", "Pending login possession material is invalid.");
+		if (Date.parse(flow.flowExpiresAt) <= now.getTime() && isActivePendingLogin(flow)) flow.status = "expired";
+		return flow;
+	}
 };
 function sleepSync(ms) {
 	Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
@@ -11620,14 +11936,92 @@ function isFileExistsError(error) {
 	return typeof error === "object" && error !== null && "code" in error && error.code === "EEXIST";
 }
 function pruneSupersededRefreshTokens(entries, now) {
-	return entries.filter((entry) => {
+	return capSupersededRefreshTokens(entries.filter((entry) => {
 		const supersededAt = Date.parse(entry.supersededAt);
 		return Number.isFinite(supersededAt) && now.getTime() - supersededAt < SUPERSEDED_REFRESH_TOKEN_RETENTION_MS;
+	}));
+}
+function capSupersededRefreshTokens(entries) {
+	return entries.slice(-16);
+}
+function cleanupPendingLogins(state, now) {
+	let changed = false;
+	for (const flow of state.pendingLogins) if (isActivePendingLogin(flow) && Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+		flow.status = "expired";
+		changed = true;
+	}
+	const retained = state.pendingLogins.filter((flow) => shouldRetainPendingLogin(flow, now));
+	if (retained.length !== state.pendingLogins.length) changed = true;
+	state.pendingLogins = retained;
+	return changed;
+}
+function enforcePendingLoginQuota(state, sourceHint) {
+	const active = state.pendingLogins.filter(isActivePendingLogin);
+	if (active.length >= DEFAULT_PENDING_MAX_ACTIVE_FLOWS) throw new CapletsError("AUTH_FAILED", "Too many active pending logins.");
+	if (!sourceHint) return;
+	const sourceKey = sourceHint;
+	if (active.filter((flow) => (flow.sourceHint ?? "") === sourceKey).length >= DEFAULT_PENDING_MAX_ACTIVE_FLOWS_PER_SOURCE) throw new CapletsError("AUTH_FAILED", "Too many active pending logins for this source.");
+}
+function isActivePendingLogin(flow) {
+	return flow.status === "pending" || flow.status === "approved";
+}
+function shouldRetainPendingLogin(flow, now) {
+	if (isActivePendingLogin(flow)) return true;
+	const terminalAt = pendingLoginTerminalTime(flow);
+	return Number.isFinite(terminalAt) && now.getTime() - terminalAt < PENDING_TERMINAL_RETENTION_MS;
+}
+function pendingLoginTerminalTime(flow) {
+	switch (flow.status) {
+		case "denied": return Date.parse(flow.deniedAt ?? flow.flowExpiresAt);
+		case "cancelled": return Date.parse(flow.cancelledAt ?? flow.flowExpiresAt);
+		case "exchanged": return Date.parse(flow.exchangedAt ?? flow.flowExpiresAt);
+		case "expired": return Date.parse(flow.flowExpiresAt);
+		default: return NaN;
+	}
+}
+function assertPendingOperatorCodeFresh(flow, now) {
+	if (Date.parse(flow.codeExpiresAt) <= now.getTime()) throw new CapletsError("AUTH_FAILED", "Pending login code has expired. Refresh the pending login for a new code.");
+}
+function encryptReplayValue(value, pendingCompletionSecret, now) {
+	return encryptVaultValue({
+		plaintext: JSON.stringify(value),
+		key: replayEncryptionKey(pendingCompletionSecret),
+		now
 	});
 }
+function decryptPendingRefreshReplay(replay, pendingCompletionSecret) {
+	const parsed = JSON.parse(decryptVaultValue(replay.encryptedResponse, replayEncryptionKey(pendingCompletionSecret)));
+	if (typeof parsed.flowId !== "string" || typeof parsed.operatorCode !== "string" || typeof parsed.pendingRefreshSecret !== "string" || typeof parsed.codeExpiresAt !== "string" || typeof parsed.flowExpiresAt !== "string" || typeof parsed.intervalSeconds !== "number") throw new CapletsError("CONFIG_INVALID", "Pending login refresh replay record is malformed.");
+	return {
+		flowId: parsed.flowId,
+		operatorCode: parsed.operatorCode,
+		operatorCodeFingerprint: typeof parsed.operatorCodeFingerprint === "string" ? parsed.operatorCodeFingerprint : pendingOperatorCodeFingerprint(parsed.operatorCode),
+		pendingRefreshSecret: parsed.pendingRefreshSecret,
+		codeExpiresAt: parsed.codeExpiresAt,
+		flowExpiresAt: parsed.flowExpiresAt,
+		intervalSeconds: parsed.intervalSeconds
+	};
+}
+function decryptCompletionReplay(replay, pendingCompletionSecret) {
+	const parsed = JSON.parse(decryptVaultValue(replay.encryptedCredentials, replayEncryptionKey(pendingCompletionSecret)));
+	if (typeof parsed.clientId !== "string" || typeof parsed.clientLabel !== "string" || typeof parsed.hostUrl !== "string" || typeof parsed.accessToken !== "string" || typeof parsed.refreshToken !== "string" || typeof parsed.expiresAt !== "string" || typeof parsed.createdAt !== "string" || parsed.tokenType !== "Bearer") throw new CapletsError("CONFIG_INVALID", "Pending login completion replay record is malformed.");
+	return {
+		clientId: parsed.clientId,
+		clientLabel: parsed.clientLabel,
+		hostUrl: parsed.hostUrl,
+		accessToken: parsed.accessToken,
+		refreshToken: parsed.refreshToken,
+		expiresAt: parsed.expiresAt,
+		createdAt: parsed.createdAt,
+		tokenType: "Bearer"
+	};
+}
+function replayEncryptionKey(pendingCompletionSecret) {
+	return createHash("sha256").update(`caplets-pending-login-replay:${pendingCompletionSecret}`).digest();
+}
 function validateClient(client, hostUrl, now, options = {}) {
 	if (client.hostUrl !== hostUrl) throw new CapletsError("AUTH_FAILED", "Remote client credential is for a different host.");
-	if (client.revokedAt) throw new CapletsError("AUTH_FAILED", "Remote client credential has been revoked.");
+	if (client.revokedAt) throw new CapletsError("REMOTE_CREDENTIALS_REVOKED", "Remote client credential has been revoked.");
 	if (!options.allowExpiredAccess && Date.parse(client.accessExpiresAt) <= now.getTime()) throw new CapletsError("AUTH_FAILED", "Remote client credential has expired.");
 }
 function credentialsFromClient(client, accessToken, refreshToken) {
@@ -11652,9 +12046,48 @@ function clientStatus(client) {
 		...client.revokedAt ? { revokedAt: client.revokedAt } : {}
 	};
 }
+function pendingLoginStatus(flow) {
+	return {
+		flowId: flow.flowId,
+		hostUrl: flow.hostUrl,
+		...flow.hostIdentity ? { hostIdentity: flow.hostIdentity } : {},
+		status: flow.status,
+		...flow.operatorCodeFingerprint ? { operatorCodeFingerprint: flow.operatorCodeFingerprint } : {},
+		clientLabel: flow.clientLabel,
+		...flow.clientFingerprint ? { clientFingerprint: flow.clientFingerprint } : {},
+		...flow.sourceHint ? { sourceHint: flow.sourceHint } : {},
+		createdAt: flow.createdAt,
+		codeExpiresAt: flow.codeExpiresAt,
+		flowExpiresAt: flow.flowExpiresAt,
+		...flow.approvedAt ? { approvedAt: flow.approvedAt } : {},
+		...flow.deniedAt ? { deniedAt: flow.deniedAt } : {},
+		...flow.cancelledAt ? { cancelledAt: flow.cancelledAt } : {},
+		...flow.exchangedAt ? { exchangedAt: flow.exchangedAt } : {}
+	};
+}
+function pendingApprovalStatus(flow) {
+	return {
+		flowId: flow.flowId,
+		status: "approved",
+		clientLabel: flow.clientLabel,
+		...flow.clientFingerprint ? { clientFingerprint: flow.clientFingerprint } : {},
+		...flow.sourceHint ? { sourceHint: flow.sourceHint } : {}
+	};
+}
 function hashSecret(secret) {
 	return createHash("sha256").update(secret).digest("base64url");
 }
+const PENDING_CLIENT_LABEL_MAX_LENGTH = 120;
+const PENDING_CLIENT_FINGERPRINT_MAX_LENGTH = 256;
+const PENDING_SOURCE_HINT_MAX_LENGTH = 256;
+function boundedPendingLoginDisplayValue(value, maxLength) {
+	const trimmed = value?.trim();
+	if (!trimmed) return void 0;
+	return trimmed.length > maxLength ? trimmed.slice(0, maxLength) : trimmed;
+}
+function pendingOperatorCodeFingerprint(operatorCode) {
+	return hashSecret(operatorCode).slice(0, 8);
+}
 function safeHashEqual(left, right) {
 	const leftBuffer = Buffer$1.from(left);
 	const rightBuffer = Buffer$1.from(right);
@@ -11687,41 +12120,95 @@ function createHttpServeApp(options, engine, io = {}) {
 	const remoteCredentialStore = remoteCredentialStoreForOptions(options, io.remoteCredentialStore);
 	if (options.auth.type === "remote_credentials" && options.trustProxy === true && options.publicOrigin === void 0) throw new CapletsError("REQUEST_INVALID", "Remote credential auth with --trust-proxy requires CAPLETS_SERVER_URL.");
 	const protectedRouteAuth = routeAuth(options, remoteCredentialStore, paths.base);
+	const attachHostProtection = dnsRebindingProtection(options);
 	app.use("*", logger((message, ...rest) => {
 		writeErr(`${[message, ...rest].join(" ")}\n`);
 	}));
-	app.get(paths.base, (c) => c.json({
-		name: "caplets",
-		transport: "http",
-		base: paths.base,
-		versions: [versionDiscovery(paths, exposeAttach)],
-		auth: { type: options.auth.type }
-	}));
-	app.get(paths.version, (c) => c.json(versionDiscovery(paths, exposeAttach)));
+	app.get(paths.base, (c) => {
+		const remote = remoteCredentialStore ? remoteHostMetadata(c.req.url, paths.base, options, (name) => c.req.header(name)) : void 0;
+		return c.json({
+			name: "caplets",
+			transport: "http",
+			base: paths.base,
+			versions: [versionDiscovery(paths, exposeAttach, remote)],
+			auth: { type: options.auth.type },
+			...remote ? { remote } : {}
+		});
+	});
+	app.get(paths.version, (c) => {
+		const remote = remoteCredentialStore ? remoteHostMetadata(c.req.url, paths.base, options, (name) => c.req.header(name)) : void 0;
+		return c.json(versionDiscovery(paths, exposeAttach, remote));
+	});
 	app.get(paths.health, (c) => c.json({ status: "ok" }));
 	if (remoteCredentialStore) {
-		app.post(paths.pairingExchange, async (c) => {
+		app.post(paths.remoteLoginStart, attachHostProtection, async (c) => {
 			try {
-				const parsed = await parseJsonObject(c.req.json(), "Pairing exchange request");
-				const code = stringField(parsed, "code");
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login start request");
 				const clientLabel = optionalStringField(parsed, "clientLabel");
-				const credentials = remoteCredentialStore.exchangePairingCode({
-					hostUrl: remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name)),
-					code,
-					...clientLabel ? { clientLabel } : {}
+				const clientFingerprint = optionalStringField(parsed, "clientFingerprint");
+				const hostUrl = remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name));
+				const pending = remoteCredentialStore.createPendingLogin({
+					hostUrl,
+					hostIdentity: hostUrl,
+					...clientLabel ? { clientLabel } : {},
+					...remoteCredentialSourceHint(options.trustProxy, (name) => c.req.header(name)),
+					...clientFingerprint ? { clientFingerprint } : {}
 				});
-				return c.json({
-					clientId: credentials.clientId,
-					clientLabel: credentials.clientLabel,
-					accessToken: credentials.accessToken,
-					refreshToken: credentials.refreshToken,
-					tokenType: credentials.tokenType,
-					expiresAt: credentials.expiresAt
+				return c.json(pending);
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginPoll, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login poll request");
+				return c.json(remoteCredentialStore.pollPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginRefresh, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login refresh request");
+				return c.json(remoteCredentialStore.refreshPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingRefreshSecret: stringField(parsed, "pendingRefreshSecret"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginComplete, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login complete request");
+				const credentials = remoteCredentialStore.completePendingLogin({
+					hostUrl: remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name)),
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
 				});
+				return c.json(credentials);
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginCancel, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login cancel request");
+				return c.json(remoteCredentialStore.cancelPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
 			} catch (error) {
 				return remoteCredentialErrorResponse(error);
 			}
 		});
+		app.post(paths.pairingExchange, async (_c) => {
+			return remoteCredentialErrorResponse(legacyPairingCodeUnsupportedError());
+		});
 		app.post(paths.remoteRefresh, async (c) => {
 			try {
 				const refreshToken = stringField(await parseJsonObject(c.req.json(), "Remote refresh request"), "refreshToken");
@@ -11784,7 +12271,6 @@ function createHttpServeApp(options, engine, io = {}) {
 		sessions.set(nextSessionId, session);
 		return session.transport.handleRequest(c);
 	});
-	const attachHostProtection = dnsRebindingProtection(options);
 	if (exposeAttach) {
 		app.get(paths.attachManifest, attachHostProtection, protectedRouteAuth, async (c) => {
 			const attachProjection = await buildAttachProjection(engine);
@@ -11899,13 +12385,26 @@ function remoteCredentialHostUrl(requestUrl, basePath, publicOrigin, trustProxy,
 	if (trustProxy && !publicOrigin) throw new CapletsError("REQUEST_INVALID", "Remote credential auth with --trust-proxy requires CAPLETS_SERVER_URL.");
 	return publicHostUrl(requestUrl, basePath, publicOrigin, trustProxy, header);
 }
+function remoteCredentialSourceHint(trustProxy, header) {
+	if (!trustProxy) return {};
+	const sourceHint = firstForwardedValue(header("x-forwarded-for")) ?? firstForwardedValue(header("x-real-ip")) ?? firstForwardedValue(header("cf-connecting-ip"));
+	return sourceHint ? { sourceHint } : {};
+}
 function firstForwardedValue(value) {
 	return value?.split(",", 1)[0]?.trim() || void 0;
 }
-function versionDiscovery(paths, exposeAttach = true) {
+function remoteHostMetadata(requestUrl, basePath, options, header) {
+	const audience = remoteCredentialHostUrl(requestUrl, basePath, options.publicOrigin, options.trustProxy, header);
+	return {
+		hostIdentity: audience,
+		audience
+	};
+}
+function versionDiscovery(paths, exposeAttach = true, remote) {
 	return {
 		version: 1,
 		path: paths.version,
+		...remote ? { remote } : {},
 		links: {
 			mcp: paths.mcp,
 			admin: paths.control,
@@ -11978,6 +12477,7 @@ function attachEventsResponse(engine, activeStreams) {
 async function serveHttp(options, engineOptions = {}, writeErr = (value) => process.stderr.write(value)) {
 	const resolvedEngineOptions = {
 		exposeLocalArtifactPaths: false,
+		vaultRecoveryTarget: "remote",
 		...engineOptions
 	};
 	const engine = new CapletsEngine(resolvedEngineOptions);
@@ -12054,6 +12554,11 @@ function servicePaths(base) {
 		attachInvoke: routePath(attach, "invoke"),
 		projectBindings: routePath(attach, "project-bindings"),
 		pairingExchange: routePath(remote, "pairing/exchange"),
+		remoteLoginStart: routePath(remote, "login/start"),
+		remoteLoginPoll: routePath(remote, "login/poll"),
+		remoteLoginRefresh: routePath(remote, "login/refresh"),
+		remoteLoginComplete: routePath(remote, "login/complete"),
+		remoteLoginCancel: routePath(remote, "login/cancel"),
 		remoteRefresh: routePath(remote, "refresh"),
 		remoteClient: routePath(remote, "client"),
 		health: routePath(version, "healthz")
@@ -12138,6 +12643,9 @@ function remoteCredentialErrorResponse(error) {
 		error: safe
 	}, { status });
 }
+function legacyPairingCodeUnsupportedError() {
+	return new CapletsError("REQUEST_INVALID", "Self-hosted Pairing Code exchange is no longer supported. Run caplets remote login <url> and approve the pending login from the host.");
+}
 function dnsRebindingProtection(options) {
 	if (!options.loopback) return async (_c, next) => {
 		await next();
@@ -12366,7 +12874,7 @@ async function installDaemon(install = {}, options = {}) {
 		"write-descriptor",
 		"register-service"
 	];
-	const existingNative = persisted || existsSync(paths.descriptorFile) ? await manager.status(persisted, paths) : void 0;
+	const existingNative = persisted || existsSync(daemonHostPath(paths.descriptorFile)) ? await manager.status(persisted, paths) : void 0;
 	const restartDecisionRequired = existingNative?.running === true && !install.start && !install.restart && !install.noRestart;
 	if (restartDecisionRequired && !install.dryRun && (!options.isInteractive || !options.readPrompt)) throw new CapletsError("REQUEST_INVALID", "Daemon is already running; rerun with --restart, --start, or --no-restart.");
 	if (install.dryRun) return {
@@ -12387,13 +12895,13 @@ async function installDaemon(install = {}, options = {}) {
 		});
 		assertDaemonHealth(validation, "Daemon install validation");
 	}
-	mkdirSync(paths.logDir, {
+	mkdirSync(daemonHostPath(paths.logDir), {
 		recursive: true,
 		mode: 448
 	});
 	ensureDaemonLogFiles(paths);
 	const persistenceBackups = backupPersistenceFiles([paths.configFile, paths.stateFile]);
-	const hadExistingDescriptor = existsSync(paths.descriptorFile);
+	const hadExistingDescriptor = existsSync(daemonHostPath(paths.descriptorFile));
 	let native;
 	try {
 		writeDaemonConfig(paths, config);
@@ -12543,11 +13051,11 @@ async function uninstallDaemon(uninstall = {}, options = {}) {
 	if (uninstall.purge) {
 		removeDaemonConfig(paths);
 		removeDaemonState(paths);
-		rmSync(paths.logDir, {
+		rmSync(daemonHostPath(paths.logDir), {
 			recursive: true,
 			force: true
 		});
-		rmSync(dirname(paths.configFile), {
+		rmSync(dirname(daemonHostPath(paths.configFile)), {
 			recursive: true,
 			force: true
 		});
@@ -12787,25 +13295,32 @@ function mergeServeOptions(existing, install) {
 	};
 }
 function backupPersistenceFiles(paths) {
-	return paths.map((path) => ({
-		path,
-		existed: existsSync(path),
-		...existsSync(path) ? { contents: readFileSync(path) } : {},
-		...existsSync(path) ? { mode: statSync(path).mode & 511 } : {}
-	}));
+	return paths.map((path) => {
+		const hostPath = daemonHostPath(path);
+		const existed = existsSync(hostPath);
+		return {
+			path,
+			existed,
+			...existed ? { contents: readFileSync(hostPath) } : {},
+			...existed ? { mode: statSync(hostPath).mode & 511 } : {}
+		};
+	});
 }
 function restorePersistenceFiles(backups) {
-	for (const backup of backups) if (backup.existed && backup.contents) {
-		mkdirSync(dirname(backup.path), {
+	for (const backup of backups) {
+		const hostPath = daemonHostPath(backup.path);
+		if (backup.existed && backup.contents) {
+			mkdirSync(dirname(hostPath), {
+				recursive: true,
+				mode: 448
+			});
+			writeFileSync(hostPath, backup.contents, { mode: backup.mode ?? 384 });
+			chmodSync(hostPath, backup.mode ?? 384);
+		} else rmSync(hostPath, {
 			recursive: true,
-			mode: 448
+			force: true
 		});
-		writeFileSync(backup.path, backup.contents, { mode: backup.mode ?? 384 });
-		chmodSync(backup.path, backup.mode ?? 384);
-	} else rmSync(backup.path, {
-		recursive: true,
-		force: true
-	});
+	}
 }
 async function rollbackNativeInstall(manager, persisted, paths, hadExistingDescriptor) {
 	try {
@@ -12857,6 +13372,7 @@ async function doctorJsonReport(options = {}) {
 		},
 		daemon: await resolveDaemonSection(env, options.daemon),
 		remoteLogin: remoteLogin.report,
+		vault: resolveVaultSection(env, root),
 		exposure: await resolveExposureSection(env),
 		codeMode: await resolveCodeModeSection(options, env)
 	};
@@ -12907,6 +13423,11 @@ async function formatDoctorReport(options = {}) {
 		...report.remoteLogin.workspaceSlug || report.remoteLogin.workspaceId ? [`  Selected Workspace: ${report.remoteLogin.workspaceSlug ?? report.remoteLogin.workspaceId}`] : [],
 		...report.remoteLogin.clientId ? [`  Client: ${report.remoteLogin.clientId}`] : [],
 		"",
+		"Vault",
+		`  OK: ${yesNo(Boolean(report.vault.ok))}`,
+		...!report.vault.ok && typeof report.vault.message === "string" ? [`  Error: ${report.vault.message}`] : [],
+		...Array.isArray(report.vault.issues) ? report.vault.issues.map((issue) => `  ${issue.capletId}: ${issue.reason} ${issue.key} (${issue.recoveryCommand})`) : [],
+		"",
 		"Exposure",
 		`  Default: ${report.exposure.default ?? "unknown"}`,
 		`  Discovery timeout: ${report.exposure.discoveryTimeoutMs ?? "unknown"}ms`,
@@ -12924,6 +13445,37 @@ async function formatDoctorReport(options = {}) {
 		...observedOutputShapePath(report.codeMode.observedOutputShapes) ? [`  Observed output shape cache: ${observedOutputShapePath(report.codeMode.observedOutputShapes)}`] : []
 	].join("\n")}\n`;
 }
+function resolveVaultSection(env, cwd = process.cwd()) {
+	const configPath = env.CAPLETS_CONFIG?.trim() ? env.CAPLETS_CONFIG.trim() : resolveConfigPath();
+	const projectConfigPath = env.CAPLETS_PROJECT_CONFIG?.trim() ? env.CAPLETS_PROJECT_CONFIG.trim() : resolveProjectConfigPath(cwd);
+	try {
+		const issues = loadLocalOverlayConfigWithSources(configPath, projectConfigPath).warnings.filter((warning) => warning.message.includes("Vault key")).map((warning) => vaultIssueFromWarning(warning.message, warning.path)).filter((issue) => issue !== void 0);
+		return {
+			ok: issues.length === 0,
+			issues
+		};
+	} catch (error) {
+		return {
+			ok: false,
+			issues: [],
+			message: error instanceof Error ? error.message : String(error)
+		};
+	}
+}
+function vaultIssueFromWarning(message, path) {
+	const match = message.match(/^Caplet ([^ ]+) references ([^ ]+) Vault key ([^ ]+) at ([^;]+); run `([^`]+)`/u);
+	if (!match) return void 0;
+	const recoveryCommand = match[5] ?? "";
+	return {
+		capletId: match[1],
+		reason: match[2],
+		key: match[3],
+		configPath: path,
+		referencePath: match[4],
+		target: recoveryCommand.includes("--remote") ? "remote" : "global",
+		recoveryCommand
+	};
+}
 async function resolveDaemonSection(env, options) {
 	try {
 		const status = await daemonStatus({
@@ -13258,6 +13810,42 @@ async function openBrowserUrl(url, options = {}) {
 	});
 }
 //#endregion
+//#region src/cli/vault.ts
+function formatVaultValueStatus(status, json = false) {
+	if (json) return `${JSON.stringify(status, null, 2)}\n`;
+	if (!status.present) return `Vault key ${status.key} is not set.\n`;
+	return [
+		`Vault key ${status.key} is set.`,
+		status.valueBytes === void 0 ? void 0 : `Value bytes: ${status.valueBytes}`,
+		status.updatedAt === void 0 ? void 0 : `Updated: ${status.updatedAt}`
+	].filter((line) => line !== void 0).join("\n").concat("\n");
+}
+function formatVaultValueList(statuses, json = false) {
+	if (json) return `${JSON.stringify(statuses, null, 2)}\n`;
+	if (statuses.length === 0) return "No Vault keys set.\n";
+	return `${statuses.map((status) => status.key).join("\n")}\n`;
+}
+function formatVaultDeleteStatus(status, json = false) {
+	if (json) return `${JSON.stringify(status, null, 2)}\n`;
+	return status.deleted ? `Deleted Vault key ${status.key}. ${status.grantsRetained} access grant${status.grantsRetained === 1 ? "" : "s"} retained.\n` : `No Vault key ${status.key} found.\n`;
+}
+function formatVaultAccessGrant(grant, json = false) {
+	if (json) return `${JSON.stringify(grant, null, 2)}\n`;
+	return `Granted Vault key ${grant.storedKey} to ${grant.capletId} as ${grant.referenceName}.\n`;
+}
+function formatVaultAccessList(grants, json = false) {
+	if (json) return `${JSON.stringify(grants, null, 2)}\n`;
+	if (grants.length === 0) return "No Vault access grants.\n";
+	return `${grants.map((grant) => {
+		const origin = grant.origin ? ` (${grant.origin.kind} ${grant.origin.path})` : "";
+		return `${grant.storedKey} -> ${grant.capletId}:${grant.referenceName}${origin}`;
+	}).join("\n")}\n`;
+}
+function formatVaultAccessRevoke(count, json = false) {
+	if (json) return `${JSON.stringify({ revoked: count }, null, 2)}\n`;
+	return `Revoked ${count} Vault access grant${count === 1 ? "" : "s"}.\n`;
+}
+//#endregion
 //#region src/setup/hash.ts
 function capletSetupContentHash(caplet) {
 	return createHash("sha256").update(stableJson(stableCapletForHash(caplet))).digest("hex");
@@ -13820,11 +14408,7 @@ function remoteSetupDefinition(id, options) {
 			type: "command",
 			label: "Add remote-backed Caplets MCP server to Codex",
 			command: "codex",
-			args: codexMcpAddArgs([
-				"attach",
-				"--remote-url",
-				serverUrl
-			])
+			args: codexMcpAddArgs(["attach", serverUrl])
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "In Codex, run /mcp to confirm the caplets server is connected."]
 	};
@@ -13834,11 +14418,7 @@ function remoteSetupDefinition(id, options) {
 			type: "command",
 			label: "Add remote-backed Caplets MCP server to Claude Code",
 			command: "claude",
-			args: claudeMcpAddArgs([
-				"attach",
-				"--remote-url",
-				serverUrl
-			])
+			args: claudeMcpAddArgs(["attach", serverUrl])
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "In Claude Code, run /mcp to confirm the caplets server is connected."]
 	};
@@ -13851,11 +14431,7 @@ function remoteSetupDefinition(id, options) {
 			path: options.output,
 			content: `${JSON.stringify({ mcpServers: { caplets: {
 				command: "caplets",
-				args: [
-					"attach",
-					"--remote-url",
-					serverUrl
-				]
+				args: ["attach", serverUrl]
 			} } }, null, 2)}\n`
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "Import the written MCP config into your MCP client."]
@@ -14627,7 +15203,7 @@ var RemoteControlClient = class {
 		if (response.status === 401 || response.status === 403) throw new CapletsError("AUTH_FAILED", `Caplets remote authentication failed. Run caplets remote login ${safeBaseUrl(resolved.baseUrl)}.`);
 		if (!response.ok) throw new CapletsError("SERVER_UNAVAILABLE", `Caplets server at ${safeBaseUrl(resolved.baseUrl)} returned HTTP ${response.status}.`);
 		const payload = await parseRemoteCliResponse(response);
-		if (!payload.ok) throw new CapletsError(payload.error.code, redactRemoteMessage(payload.error.message), payload.error.nextAction === void 0 ? void 0 : { nextAction: payload.error.nextAction });
+		if (!payload.ok) throw new CapletsError(payload.error.code, redactRemoteMessage(payload.error.message, sensitiveValues(command, args)), payload.error.nextAction === void 0 ? void 0 : { nextAction: payload.error.nextAction });
 		return payload.result;
 	}
 };
@@ -14684,8 +15260,17 @@ function isRecord$1(value) {
 function isCapletsErrorCode(value) {
 	return CAPLETS_ERROR_CODES.includes(value);
 }
-function redactRemoteMessage(message) {
-	return String(redactSecrets$1(message)).replace(/\b(authorization\s*:\s*(?:basic|bearer)\s+)[^\s,;]+/giu, "$1[REDACTED]").replace(/\b((?:access_)?token=)[^\s,;]+/giu, "$1[REDACTED]").replace(/\b((?:token|secret|authorization|auth|api[-_]?key|password|credential|clientsecret|client_secret|code|refresh(?:_token)?)\s*[=:]\s*)[^\s,;]+/giu, "$1[REDACTED]");
+function redactRemoteMessage(message, values = []) {
+	let redacted = String(redactSecrets$1(message));
+	for (const value of values) {
+		if (value.length === 0) continue;
+		redacted = redacted.split(value).join("[REDACTED]");
+	}
+	return redacted.replace(/\b(authorization\s*:\s*(?:basic|bearer)\s+)[^\s,;]+/giu, "$1[REDACTED]").replace(/\b((?:access_)?token=)[^\s,;]+/giu, "$1[REDACTED]").replace(/\b((?:token|secret|authorization|auth|api[-_]?key|password|credential|clientsecret|client_secret|code|refresh(?:_token)?)\s*[=:]\s*)[^\s,;]+/giu, "$1[REDACTED]");
+}
+function sensitiveValues(command, args) {
+	if (command === "vault_set" && typeof args.value === "string") return [args.value];
+	return [];
 }
 //#endregion
 //#region src/serve/stdio.ts
@@ -14784,12 +15369,17 @@ function addServeMigrationCommand(parent, name, replacement) {
 function collectValues(value, previous) {
 	return [...previous, value];
 }
+const HIDDEN_INPUT_PROMPT_LABELS = { vaultValue: "Value: " };
 function remoteProfileStore(authDir, env) {
 	return createRemoteProfileStore({
 		authDir,
 		env
 	});
 }
+function attachRemoteUrlFromArgs(positionalUrl, legacyRemoteUrl) {
+	if (positionalUrl && legacyRemoteUrl && positionalUrl !== legacyRemoteUrl) throw new CapletsError("REQUEST_INVALID", "Pass either attach URL or --remote-url, not both. Use caplets attach <url> for new configs.");
+	return positionalUrl ?? legacyRemoteUrl;
+}
 function remoteServerCredentialStore(statePath, env) {
 	return new RemoteServerCredentialStore({ dir: statePath ?? env.CAPLETS_REMOTE_SERVER_STATE_DIR ?? join(DEFAULT_AUTH_DIR, "remote-server") });
 }
@@ -14878,40 +15468,33 @@ async function loginCloudRemoteProfile(url, options, store, io) {
 		}
 	});
 }
-async function pairingCodeFromOptions(options, readStdin, writeErr) {
-	if (options.code?.trim()) {
-		writeErr("Warning: --code may store the Pairing Code in shell history; prefer the hidden prompt or --code-stdin for automation.\n");
-		return options.code.trim();
-	}
-	if (options.codeStdin) {
-		const code = (readStdin ? await readStdin() : await readAllStdin()).trim();
-		if (code) return code;
-		throw new CapletsError("REQUEST_INVALID", "Pairing Code is required when --code-stdin is used.");
-	}
-	const output = new HiddenPromptOutput(process.stdout);
+async function readHiddenInput(label, options = {}) {
+	const input = options.input ?? process.stdin;
+	const output = options.output ?? process.stdout;
+	output.write(label);
 	const readline = createInterface({
-		input: process.stdin,
-		output,
+		input,
+		output: new HiddenPromptOutput(output, { echoFirstChunk: false }),
 		terminal: true
 	});
 	try {
-		const code = (await readline.question("Pairing Code: ")).trim();
-		if (code) return code;
+		return await readline.question("");
 	} finally {
 		readline.close();
-		process.stdout.write("\n");
+		output.write("\n");
 	}
-	throw new CapletsError("REQUEST_INVALID", "Pairing Code is required for self-hosted Remote Login.");
 }
 var HiddenPromptOutput = class extends Writable {
 	output;
+	options;
 	wrotePrompt = false;
-	constructor(output) {
+	constructor(output, options = { echoFirstChunk: true }) {
 		super();
 		this.output = output;
+		this.options = options;
 	}
 	_write(chunk, _encoding, callback) {
-		if (!this.wrotePrompt) {
+		if (this.options.echoFirstChunk !== false && !this.wrotePrompt) {
 			this.output.write(chunk);
 			this.wrotePrompt = true;
 		}
@@ -14929,6 +15512,7 @@ async function parseRemoteLoginCredentials(response) {
 	const record = parsed;
 	if (typeof record.clientId !== "string" || typeof record.accessToken !== "string" || typeof record.refreshToken !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Remote Login response is missing credentials.");
 	return {
+		...typeof record.hostUrl === "string" ? { hostUrl: record.hostUrl } : {},
 		clientId: record.clientId,
 		clientLabel: typeof record.clientLabel === "string" ? record.clientLabel : "Caplets CLI",
 		accessToken: record.accessToken,
@@ -14937,6 +15521,170 @@ async function parseRemoteLoginCredentials(response) {
 		...typeof record.expiresAt === "string" ? { expiresAt: record.expiresAt } : {}
 	};
 }
+async function parsePendingRemoteLoginStart(response, options = {}) {
+	const parsed = await response.json();
+	if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response must be an object.");
+	const record = parsed;
+	if (typeof record.flowId !== "string" || typeof record.operatorCode !== "string" || typeof record.pendingRefreshSecret !== "string" || typeof record.codeExpiresAt !== "string" || typeof record.flowExpiresAt !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response is missing pending material.");
+	const pendingCompletionSecret = typeof record.pendingCompletionSecret === "string" ? record.pendingCompletionSecret : options.pendingCompletionSecret;
+	if (!pendingCompletionSecret) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response is missing completion material.");
+	return {
+		flowId: record.flowId,
+		operatorCode: record.operatorCode,
+		...typeof record.operatorCodeFingerprint === "string" ? { operatorCodeFingerprint: record.operatorCodeFingerprint } : {},
+		pendingRefreshSecret: record.pendingRefreshSecret,
+		pendingCompletionSecret,
+		codeExpiresAt: record.codeExpiresAt,
+		flowExpiresAt: record.flowExpiresAt,
+		intervalSeconds: typeof record.intervalSeconds === "number" ? record.intervalSeconds : 5
+	};
+}
+async function parsePendingRemoteLoginStatus(response) {
+	const parsed = await response.json();
+	if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login status response must be an object.");
+	const status = parsed.status;
+	if (typeof status !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login status response is missing status.");
+	return status;
+}
+async function selfHostedPendingRemoteLogin(url, input) {
+	const fetchImpl = input.fetch ?? fetch;
+	const baseUrl = new URL(normalizeRemoteProfileHostUrl(url));
+	const startBody = input.clientLabel ? { clientLabel: input.clientLabel } : {};
+	const start = await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/start"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify(startBody)
+	});
+	if (!start.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending start failed.");
+	let pending = await parsePendingRemoteLoginStart(start);
+	if (input.json) input.writeOut(`${JSON.stringify({
+		code: "pending_login_started",
+		flowId: pending.flowId,
+		operatorCode: pending.operatorCode,
+		operatorCodeFingerprint: pending.operatorCodeFingerprint,
+		codeExpiresAt: pending.codeExpiresAt,
+		flowExpiresAt: pending.flowExpiresAt
+	})}\n`);
+	else {
+		input.writeOut(`Remote Login Code: ${pending.operatorCode}\n`);
+		if (pending.operatorCodeFingerprint) input.writeOut(`Code fingerprint: ${pending.operatorCodeFingerprint}\n`);
+		input.writeOut(`Approve from the host with caplets remote host approve ${pending.operatorCode} --yes\n`);
+	}
+	const intervalMs = numberEnv(input.env.CAPLETS_REMOTE_LOGIN_POLL_INTERVAL_MS, pending.intervalSeconds * 1e3);
+	try {
+		while (true) {
+			const poll = await fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending, input.signal);
+			if (!poll.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending poll failed.");
+			const status = await parsePendingRemoteLoginStatus(poll);
+			if (status === "approved") {
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: "pending_login_approved",
+					flowId: pending.flowId
+				})}\n`);
+				break;
+			}
+			if (status !== "pending") {
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: `pending_login_${status}`,
+					flowId: pending.flowId
+				})}\n`);
+				throw new CapletsError("AUTH_FAILED", `Remote Login pending flow ${status}.`);
+			}
+			if (Date.parse(pending.codeExpiresAt) <= Date.now()) {
+				const refresh = await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/refresh"), {
+					method: "POST",
+					headers: { "content-type": "application/json" },
+					body: JSON.stringify({
+						flowId: pending.flowId,
+						pendingRefreshSecret: pending.pendingRefreshSecret,
+						pendingCompletionSecret: pending.pendingCompletionSecret
+					}),
+					...input.signal ? { signal: input.signal } : {}
+				});
+				if (!refresh.ok) {
+					const retryPoll = await fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending);
+					if (retryPoll.ok && await parsePendingRemoteLoginStatus(retryPoll) === "approved") {
+						if (input.json) input.writeOut(`${JSON.stringify({
+							code: "pending_login_approved",
+							flowId: pending.flowId
+						})}\n`);
+						break;
+					}
+					throw new CapletsError("AUTH_FAILED", "Remote Login pending refresh failed.");
+				}
+				pending = await parsePendingRemoteLoginStart(refresh, { pendingCompletionSecret: pending.pendingCompletionSecret });
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: "pending_login_code_refreshed",
+					flowId: pending.flowId,
+					operatorCode: pending.operatorCode,
+					operatorCodeFingerprint: pending.operatorCodeFingerprint,
+					codeExpiresAt: pending.codeExpiresAt,
+					flowExpiresAt: pending.flowExpiresAt
+				})}\n`);
+				else {
+					input.writeOut(`Remote Login Code refreshed: ${pending.operatorCode}\n`);
+					if (pending.operatorCodeFingerprint) input.writeOut(`Code fingerprint: ${pending.operatorCodeFingerprint}\n`);
+				}
+			}
+			await sleep(intervalMs, input.signal);
+		}
+		const complete = await completePendingRemoteLogin(fetchImpl, baseUrl, pending, input.signal);
+		if (!complete.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending complete failed.");
+		return parseRemoteLoginCredentials(complete);
+	} catch (error) {
+		if (input.signal?.aborted || isAbortError(error)) {
+			await cancelPendingRemoteLogin(fetchImpl, baseUrl, pending);
+			if (input.json) input.writeOut(`${JSON.stringify({
+				code: "pending_login_cancelled",
+				flowId: pending.flowId
+			})}\n`);
+			throw new CapletsError("REQUEST_INVALID", "Remote Login pending flow cancelled.");
+		}
+		throw error;
+	}
+}
+async function completePendingRemoteLogin(fetchImpl, baseUrl, pending, signal) {
+	try {
+		return await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/complete"), pendingRemoteLoginCompletionRequest(pending, signal));
+	} catch {
+		return fetchImpl(appendBasePath(baseUrl, "v1/remote/login/complete"), pendingRemoteLoginCompletionRequest(pending));
+	}
+}
+function pendingRemoteLoginCompletionRequest(pending, signal) {
+	return {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		}),
+		...signal ? { signal } : {}
+	};
+}
+async function fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending, signal) {
+	return fetchImpl(appendBasePath(baseUrl, "v1/remote/login/poll"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		}),
+		...signal ? { signal } : {}
+	});
+}
+async function cancelPendingRemoteLogin(fetchImpl, baseUrl, pending) {
+	await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/cancel"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		})
+	}).catch(() => void 0);
+}
+function isAbortError(error) {
+	return error instanceof Error && error.name === "AbortError" || typeof DOMException !== "undefined" && error instanceof DOMException && error.name === "AbortError";
+}
 async function revokeSelfHostedRemoteClient(remoteUrl, accessToken, fetchImpl = fetch) {
 	await fetchImpl(appendBasePath(new URL(normalizeRemoteProfileHostUrl(remoteUrl)), "v1/remote/client"), {
 		method: "DELETE",
@@ -15018,9 +15766,35 @@ function createSetupPromptHandle(io, writeOut) {
 		close: () => readline.close()
 	};
 }
-async function sleep(ms) {
-	if (ms <= 0) return;
-	await new Promise((resolve) => setTimeout(resolve, ms));
+async function sleep(ms, signal) {
+	if (ms <= 0 || signal?.aborted) return;
+	await new Promise((resolve) => {
+		const timeout = setTimeout(done, ms);
+		const abort = () => done();
+		function done() {
+			clearTimeout(timeout);
+			signal?.removeEventListener("abort", abort);
+			resolve();
+		}
+		signal?.addEventListener("abort", abort, { once: true });
+	});
+}
+function cliInterruptSignal(existing) {
+	if (existing) return {
+		signal: existing,
+		dispose: () => {}
+	};
+	const controller = new AbortController();
+	const abort = () => controller.abort();
+	process.once("SIGINT", abort);
+	process.once("SIGTERM", abort);
+	return {
+		signal: controller.signal,
+		dispose: () => {
+			process.off("SIGINT", abort);
+			process.off("SIGTERM", abort);
+		}
+	};
 }
 function createProgram(io = {}) {
 	const writeOut = io.writeOut ?? ((value) => process.stdout.write(value));
@@ -15249,10 +16023,12 @@ function createProgram(io = {}) {
 		}
 		for (const entry of result.entries) writeOut(stream === "all" ? `[${entry.stream}] ${entry.line}\n` : `${entry.line}\n`);
 	});
-	program.command(cliCommands$1.attach).description("Start a remote-backed Caplets MCP server.").option("--transport <transport>", "server transport: stdio or http").option("--host <host>", "HTTP bind host").option("--port <port>", "HTTP bind port").option("--path <path>", "HTTP service base path").option("--remote-url <url>", "remote Caplets service base URL").option("--workspace <workspace>", "hosted Cloud workspace ID or slug").option("--allow-unauthenticated-http", "allow unauthenticated HTTP serving on non-loopback hosts").option("--trust-proxy", "trust X-Forwarded-* headers from a reverse proxy").option("--json", "print JSON status events").option("--verbose", "print detailed attach diagnostics").option("--once", "validate Project Binding once and exit").option("--project-root <path>", "test-only project root override").action(async (options) => {
+	program.command(cliCommands$1.attach).description("Start a remote-backed Caplets MCP server.").argument("[url]", "remote Caplets service base URL").option("--transport <transport>", "server transport: stdio or http").option("--host <host>", "HTTP bind host").option("--port <port>", "HTTP bind port").option("--path <path>", "HTTP service base path").addOption(new Option("--remote-url <url>", "legacy alias for the remote Caplets service base URL").hideHelp()).option("--workspace <workspace>", "hosted Cloud workspace ID or slug").option("--allow-unauthenticated-http", "allow unauthenticated HTTP serving on non-loopback hosts").option("--trust-proxy", "trust X-Forwarded-* headers from a reverse proxy").option("--json", "print JSON status events").option("--verbose", "print detailed attach diagnostics").option("--once", "validate Project Binding once and exit").option("--project-root <path>", "test-only project root override").action(async (url, options) => {
 		try {
+			const remoteUrl = attachRemoteUrlFromArgs(url, options.remoteUrl);
 			const attachOptions = {
 				...options,
+				...remoteUrl ? { remoteUrl } : {},
 				...io.fetch ? { fetch: io.fetch } : {},
 				...io.authDir ? { authDir: io.authDir } : {}
 			};
@@ -15307,7 +16083,7 @@ function createProgram(io = {}) {
 		}
 	});
 	const remote = program.command(cliCommands$1.remote).description("Manage Caplets Remote Login.");
-	remote.command("login").description("Log this machine into a Caplets host.").argument("<url>", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug to select").option("--client-label <label>", "client label for this machine").option("--device-name <name>", "Cloud device label for this machine").option("--code <code>", "Pairing Code for explicit noninteractive self-hosted login").option("--code-stdin", "read the Pairing Code from stdin").option("--no-open", "print the Cloud login URL without opening a browser").option("--json", "print JSON output").action(async (url, options) => {
+	remote.command("login").description("Log this machine into a Caplets host.").argument("<url>", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug to select").option("--client-label <label>", "client label for this machine").option("--device-name <name>", "Cloud device label for this machine").addOption(new Option("--code <code>", "legacy Pairing Code input").hideHelp()).addOption(new Option("--code-stdin", "legacy Pairing Code stdin input").hideHelp()).option("--no-open", "print the Cloud login URL without opening a browser").option("--json", "print JSON output").action(async (url, options) => {
 		const store = remoteProfileStore(io.authDir, env);
 		if (isCapletsCloudUrl(url)) {
 			writeRemoteStatus(await loginCloudRemoteProfile(url, options, store, {
@@ -15317,20 +16093,24 @@ function createProgram(io = {}) {
 			}), options.json === true, writeOut);
 			return;
 		}
-		const code = await pairingCodeFromOptions(options, io.readStdin, writeErr);
-		const exchangeUrl = appendBasePath(new URL(normalizeRemoteProfileHostUrl(url)), "v1/remote/pairing/exchange");
-		const response = await (io.fetch ?? fetch)(exchangeUrl, {
-			method: "POST",
-			headers: { "content-type": "application/json" },
-			body: JSON.stringify({
-				code,
-				...options.clientLabel ? { clientLabel: options.clientLabel } : {}
-			})
-		});
-		if (!response.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pairing exchange failed.");
-		const credentials = await parseRemoteLoginCredentials(response);
-		writeRemoteStatus(await store.saveSelfHostedProfile({
+		if (options.code?.trim() || options.codeStdin) throw new CapletsError("REQUEST_INVALID", `Self-hosted Remote Login no longer accepts Pairing Codes. Run caplets remote login ${normalizeRemoteProfileHostUrl(url)} without --code and approve the pending login from the host.`);
+		const interrupt = cliInterruptSignal(io.signal);
+		let credentials;
+		try {
+			credentials = await selfHostedPendingRemoteLogin(url, {
+				...options.clientLabel ? { clientLabel: options.clientLabel } : {},
+				json: options.json,
+				...io.fetch ? { fetch: io.fetch } : {},
+				...interrupt.signal ? { signal: interrupt.signal } : {},
+				writeOut,
+				env
+			});
+		} finally {
+			interrupt.dispose();
+		}
+		const status = await store.saveSelfHostedProfile({
 			hostUrl: url,
+			hostIdentity: normalizeRemoteProfileHostUrl(credentials.hostUrl ?? url),
 			clientId: credentials.clientId,
 			clientLabel: credentials.clientLabel,
 			credentials: {
@@ -15339,7 +16119,12 @@ function createProgram(io = {}) {
 				tokenType: credentials.tokenType,
 				expiresAt: credentials.expiresAt
 			}
-		}), options.json === true, writeOut);
+		});
+		if (options.json === true) writeOut(`${JSON.stringify({
+			code: "remote_profile_saved",
+			...status
+		})}\n`);
+		else writeRemoteStatus(status, false, writeOut);
 	});
 	remote.command("status").description("Show saved Remote Login status.").argument("[url]", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug").option("--json", "print JSON output").action(async (url, options) => {
 		if (!url) {
@@ -15400,18 +16185,19 @@ function createProgram(io = {}) {
 		writeOut(removed ? `Logged out of ${normalizeRemoteProfileHostUrl(url)}.\n` : `No Remote Login profile found for ${normalizeRemoteProfileHostUrl(url)}.\n`);
 	});
 	const remoteHost = remote.command("host").description("Manage self-hosted remote credentials.");
-	remoteHost.command("pair").description("Create a short-lived self-hosted Pairing Code from the server environment.").requiredOption("--host-url <url>", "public Caplets host URL").option("--state-path <path>", "server-owned remote credential state directory").option("--client-label <label>", "suggested client label").option("--json", "print JSON output").action(async (options) => {
-		const issued = remoteServerCredentialStore(options.statePath, env).createPairingCode({
-			hostUrl: options.hostUrl,
-			...options.clientLabel ? { clientLabel: options.clientLabel } : {}
-		});
+	remoteHost.command("pair", { hidden: true }).description("Deprecated. Pairing Code bootstrap is no longer supported.").option("--host-url <url>", "public Caplets host URL; defaults to CAPLETS_SERVER_URL").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action(async (options) => {
+		const hostUrl = options.hostUrl ?? env.CAPLETS_SERVER_URL;
+		const guidance = "Self-hosted Pairing Code bootstrap is no longer supported. Run caplets remote login <url> from the client, then approve the pending login with caplets remote host logins and caplets remote host approve <code> from the host.";
 		if (options.json) {
-			writeOut(`${JSON.stringify(issued, null, 2)}\n`);
+			writeOut(`${JSON.stringify({
+				supported: false,
+				deprecated: true,
+				...hostUrl ? { hostUrl: normalizeRemoteProfileHostUrl(hostUrl) } : {},
+				message: guidance
+			}, null, 2)}\n`);
 			return;
 		}
-		writeOut(`Pairing Code: ${issued.code}\n`);
-		writeOut(`Expires At: ${issued.expiresAt}\n`);
-		writeOut(`Run caplets remote login ${normalizeRemoteProfileHostUrl(options.hostUrl)} and enter the Pairing Code when prompted.\n`);
+		writeOut(`${guidance}\n`);
 	});
 	remoteHost.command("clients").description("List paired self-hosted remote clients from server state.").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((options) => {
 		const clients = remoteServerCredentialStore(options.statePath, env).listClients();
@@ -15425,6 +16211,35 @@ function createProgram(io = {}) {
 		}
 		for (const client of clients) writeOut(`${client.clientId}\t${terminalSafeText(client.clientLabel)}\t${client.hostUrl}\t${client.revokedAt ? "revoked" : "active"}\n`);
 	});
+	remoteHost.command("logins").description("List pending self-hosted Remote Login approvals from server state.").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((options) => {
+		const pendingLogins = remoteServerCredentialStore(options.statePath, env).listPendingLogins();
+		if (options.json) {
+			writeOut(`${JSON.stringify({ pendingLogins }, null, 2)}\n`);
+			return;
+		}
+		if (pendingLogins.length === 0) {
+			writeOut("No pending Remote Login approvals.\n");
+			return;
+		}
+		for (const pending of pendingLogins) writeOut(`${pending.flowId}\t${pending.operatorCodeFingerprint ?? "-"}\t${terminalSafeText(pending.clientLabel)}\t${pending.hostUrl}\t${pending.status}\n`);
+	});
+	remoteHost.command("approve").description("Approve one pending self-hosted Remote Login code from server state.").argument("<code>", "operator-visible Remote Login code").option("--state-path <path>", "server-owned remote credential state directory").option("--yes", "approve without an interactive confirmation prompt").option("--json", "print JSON output").action((code, options) => {
+		if (!options.yes && !options.json) throw new CapletsError("REQUEST_INVALID", "Use --yes to approve this pending login.");
+		const approved = remoteServerCredentialStore(options.statePath, env).approvePendingLogin({ operatorCode: code });
+		if (options.json) {
+			writeOut(`${JSON.stringify(approved, null, 2)}\n`);
+			return;
+		}
+		writeOut(`Approved pending Remote Login ${approved.flowId}.\n`);
+	});
+	remoteHost.command("deny").description("Deny one pending self-hosted Remote Login code from server state.").argument("<code>", "operator-visible Remote Login code").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((code, options) => {
+		const denied = remoteServerCredentialStore(options.statePath, env).denyPendingLogin({ operatorCode: code });
+		if (options.json) {
+			writeOut(`${JSON.stringify(denied, null, 2)}\n`);
+			return;
+		}
+		writeOut(`Denied pending Remote Login ${denied.flowId}.\n`);
+	});
 	remoteHost.command("revoke").description("Revoke one paired self-hosted remote client from server state.").argument("<client-id>", "remote client ID").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((clientId, options) => {
 		const revoked = remoteServerCredentialStore(options.statePath, env).revokeClient(clientId);
 		if (options.json) {
@@ -15617,6 +16432,135 @@ function createProgram(io = {}) {
 			...io.daemon ? { daemon: io.daemon } : {}
 		}));
 	});
+	const vault = program.command(cliCommands$1.vault).description("Manage Caplets Vault values.");
+	vault.command("set").description("Set a local/global Vault value.").argument("<name>", "Vault key name").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--force", "overwrite an existing Vault value").option("--grant <capletId>", "grant this key to a configured Caplet after setting it").option("--as <referenceName>", "reference name the Caplet uses in config").option("--json", "print JSON output").action(async (name, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			const value = await readVaultValue(io);
+			assertVaultTransportValueSize(value);
+			const status = await remoteVaultSet(io, {
+				name,
+				value,
+				force: Boolean(options.force),
+				...options.grant ? { grant: options.grant } : {},
+				...options.as ?? options.grant ? { referenceName: options.as ?? name } : {}
+			});
+			if (options.json) {
+				writeOut(`${JSON.stringify(status, null, 2)}\n`);
+				return;
+			}
+			writeOut(`Set remote Vault key ${validateVaultKeyName(name)}.\n`);
+			if (options.grant) writeOut(`Granted remote Vault key ${validateVaultKeyName(name)} to ${options.grant} as ${validateVaultKeyName(options.as ?? name)}.\n`);
+			return;
+		}
+		const value = await readVaultValue(io);
+		const store = new FileVaultStore({ env });
+		const existed = store.getStatus(name).present;
+		const previousValue = existed && options.grant ? store.resolveValue(name) : void 0;
+		const status = store.set(name, value, { force: Boolean(options.force) });
+		try {
+			if (options.grant) {
+				const origin = resolveVaultAccessOrigin(options.grant, io);
+				store.grantAccess({
+					storedKey: name,
+					referenceName: options.as ?? name,
+					capletId: options.grant,
+					origin
+				});
+			}
+		} catch (error) {
+			if (existed && previousValue !== void 0) store.set(name, previousValue, { force: true });
+			else store.delete(name);
+			throw error;
+		}
+		if (options.json) {
+			writeOut(`${JSON.stringify(status, null, 2)}\n`);
+			return;
+		}
+		writeOut(`Set Vault key ${validateVaultKeyName(name)}.\n`);
+		if (options.grant) writeOut(`Granted Vault key ${validateVaultKeyName(name)} to ${options.grant} as ${validateVaultKeyName(options.as ?? name)}.\n`);
+	});
+	vault.command("get").description("Show local/global Vault metadata, or reveal with --show.").argument("<name>", "Vault key name").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--show", "reveal the raw Vault value").option("--json", "print JSON output").action(async (name, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			const result = await remoteVaultGet(io, {
+				name,
+				reveal: Boolean(options.show)
+			});
+			if (options.show) {
+				const value = result && typeof result === "object" && "value" in result ? String(result.value) : "";
+				writeOut(options.json ? `${JSON.stringify(result, null, 2)}\n` : `${value}\n`);
+				return;
+			}
+			writeOut(formatVaultValueStatus(result, Boolean(options.json)));
+			return;
+		}
+		const store = new FileVaultStore({ env });
+		if (options.show) {
+			const value = store.resolveValue(name);
+			writeOut(options.json ? `${JSON.stringify({
+				key: name,
+				value
+			}, null, 2)}\n` : `${value}\n`);
+			return;
+		}
+		writeOut(formatVaultValueStatus(store.getStatus(name), Boolean(options.json)));
+	});
+	vault.command("list").description("List local/global Vault keys without revealing values.").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--json", "print JSON output").action(async (options) => {
+		if (parseVaultTarget(options) === "remote") {
+			writeOut(formatVaultValueList(await remoteVaultList(io), Boolean(options.json)));
+			return;
+		}
+		writeOut(formatVaultValueList(new FileVaultStore({ env }).listValues(), Boolean(options.json)));
+	});
+	vault.command("delete").description("Delete a local/global Vault value without revealing it.").argument("<name>", "Vault key name").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--json", "print JSON output").action(async (name, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			writeOut(formatVaultDeleteStatus(await remoteVaultDelete(io, name), Boolean(options.json)));
+			return;
+		}
+		writeOut(formatVaultDeleteStatus(new FileVaultStore({ env }).delete(name), Boolean(options.json)));
+	});
+	const vaultAccess = vault.command("access").description("Manage Vault access grants.");
+	vaultAccess.command("grant").description("Grant a Vault key to a configured Caplet.").argument("<name>", "stored Vault key name").argument("<capletId>", "configured Caplet ID").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--as <referenceName>", "reference name the Caplet uses in config").option("--json", "print JSON output").action(async (name, capletId, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			writeOut(formatVaultAccessGrant(await remoteVaultAccessGrant(io, {
+				name,
+				capletId,
+				referenceName: options.as ?? name
+			}), Boolean(options.json)));
+			return;
+		}
+		const origin = resolveVaultAccessOrigin(capletId, io);
+		writeOut(formatVaultAccessGrant(new FileVaultStore({ env }).grantAccess({
+			storedKey: name,
+			referenceName: options.as ?? name,
+			capletId,
+			origin
+		}), Boolean(options.json)));
+	});
+	vaultAccess.command("list").description("List Vault access grants without revealing values.").argument("[name]", "optional stored Vault key name").argument("[capletId]", "optional configured Caplet ID").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--caplet <capletId>", "filter by configured Caplet ID").option("--json", "print JSON output").action(async (name, capletId, options) => {
+		if (options.caplet && capletId && options.caplet !== capletId) throw new CapletsError("REQUEST_INVALID", "Use either positional capletId or --caplet, not both.");
+		const capletFilter = options.caplet ?? capletId;
+		if (parseVaultTarget(options) === "remote") {
+			writeOut(formatVaultAccessList(await remoteVaultAccessList(io, {
+				...name ? { name } : {},
+				...capletFilter ? { capletId: capletFilter } : {}
+			}), Boolean(options.json)));
+			return;
+		}
+		writeOut(formatVaultAccessList(new FileVaultStore({ env }).listAccess(vaultAccessFilter(name, capletFilter)), Boolean(options.json)));
+	});
+	vaultAccess.command("revoke").description("Revoke Vault access grants.").argument("<name>", "stored Vault key name").argument("<capletId>", "configured Caplet ID").option("-g, --global", "target the local/global Vault").option("--remote", "target the selected remote Vault").option("--as <referenceName>", "reference name the Caplet uses in config").option("--json", "print JSON output").action(async (name, capletId, options) => {
+		if (parseVaultTarget(options) === "remote") {
+			const revoked = await remoteVaultAccessRevoke(io, {
+				name,
+				capletId,
+				...options.as ? { referenceName: options.as } : {}
+			});
+			writeOut(formatVaultAccessRevoke(Array.isArray(revoked) ? revoked.length : 0, Boolean(options.json)));
+			return;
+		}
+		const filter = vaultAccessFilter(name, capletId, options.as);
+		writeOut(formatVaultAccessRevoke(new FileVaultStore({ env }).revokeAccess(filter).length, Boolean(options.json)));
+	});
 	program.command(cliCommands$1.list).description("List configured Caplets.").option("--all", "include disabled Caplets").option("--json", "print JSON output").option("--format <format>", "output format: plain, markdown, md, or json", parseOutputFormat).action(async (options) => {
 		const includeDisabled = Boolean(options.all);
 		const remote = remoteClientForCli(io);
@@ -15632,7 +16576,7 @@ function createProgram(io = {}) {
 			writeOut(formatCapletList(rows, options.format ?? "plain"));
 			return;
 		}
-		const rows = listCaplets(loadConfigWithSources(currentConfigPath(), envProjectConfigPath(env)), { includeDisabled });
+		const rows = listCaplets(loadConfigWithSources(currentConfigPath(), envProjectConfigPath(env), { vaultResolver: vaultBootstrapResolver }), { includeDisabled });
 		if (options.json || options.format === "json") {
 			writeOut(`${JSON.stringify(rows, null, 2)}\n`);
 			return;
@@ -15982,6 +16926,7 @@ function createProgram(io = {}) {
 			...projectConfigPath ? { projectConfigPath } : {},
 			config: localAuthConfigForTarget({
 				serverId,
+				...io.authDir ? { authDir: io.authDir } : {},
 				...configPath ? { configPath } : {},
 				...projectConfigPath ? { projectConfigPath } : {},
 				source: target
@@ -16002,6 +16947,7 @@ function createProgram(io = {}) {
 			...configPath ? { configPath } : {},
 			config: localAuthConfigForTarget({
 				serverId,
+				...io.authDir ? { authDir: io.authDir } : {},
 				...configPath ? { configPath } : {},
 				...projectConfigPath ? { projectConfigPath } : {},
 				source: target
@@ -16023,6 +16969,7 @@ function createProgram(io = {}) {
 			...configPath ? { configPath } : {},
 			config: localAuthConfigForTarget({
 				serverId,
+				...io.authDir ? { authDir: io.authDir } : {},
 				...configPath ? { configPath } : {},
 				...projectConfigPath ? { projectConfigPath } : {},
 				source: target
@@ -16117,6 +17064,123 @@ function parseMutationTarget(options) {
 	if (options.remote) return "remote";
 	return "project";
 }
+function parseVaultTarget(options) {
+	const selected = [options.global ? "--global" : void 0, options.remote ? "--remote" : void 0].filter((value) => value !== void 0);
+	if (selected.length > 1) throw new CapletsError("REQUEST_INVALID", `Cannot combine Vault target flags: ${selected.join(", ")}`);
+	if (options.remote) return "remote";
+	return "global";
+}
+async function resolveVaultRemoteTarget(io) {
+	const env = io.env ?? process.env;
+	const mode = resolveRemoteMode({}, env).mode;
+	if (mode === "remote") return {
+		kind: "self_hosted",
+		client: requireRemoteClientForTarget(io)
+	};
+	if (mode !== "cloud") throw new CapletsError("REQUEST_INVALID", "--remote requires CAPLETS_MODE=remote or CAPLETS_MODE=cloud and CAPLETS_REMOTE_URL");
+	const selection = await resolveRemoteSelection({
+		mode: "cloud",
+		...io.authDir ? { authDir: io.authDir } : {},
+		...io.fetch ? { fetch: io.fetch } : {}
+	}, env);
+	if (selection.kind !== "hosted_cloud") throw new CapletsError("REQUEST_INVALID", "--remote Vault target did not resolve to Cloud.");
+	return {
+		kind: "cloud",
+		workspace: selection.selectedWorkspace,
+		client: new CapletsCloudClient({
+			baseUrl: selection.remote.baseUrl,
+			accessToken: selection.credentials.accessToken,
+			...selection.remote.fetch ? { fetch: selection.remote.fetch } : {}
+		})
+	};
+}
+async function remoteVaultSet(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_set", input);
+	return await target.client.setVaultValue({
+		workspace: target.workspace,
+		...input
+	});
+}
+async function remoteVaultGet(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_get", {
+		name: input.name,
+		reveal: input.reveal
+	});
+	return await target.client.getVaultValue({
+		workspace: target.workspace,
+		name: input.name,
+		reveal: input.reveal
+	});
+}
+async function remoteVaultList(io) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_list", {});
+	return await target.client.listVaultValues({ workspace: target.workspace });
+}
+async function remoteVaultDelete(io, name) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_delete", { name });
+	return await target.client.deleteVaultValue({
+		workspace: target.workspace,
+		name
+	});
+}
+async function remoteVaultAccessGrant(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_access_grant", input);
+	return await target.client.grantVaultAccess({
+		workspace: target.workspace,
+		...input
+	});
+}
+async function remoteVaultAccessList(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_access_list", input);
+	return await target.client.listVaultAccess({
+		workspace: target.workspace,
+		...input
+	});
+}
+async function remoteVaultAccessRevoke(io, input) {
+	const target = await resolveVaultRemoteTarget(io);
+	if (target.kind === "self_hosted") return await target.client.request("vault_access_revoke", input);
+	return await target.client.revokeVaultAccess({
+		workspace: target.workspace,
+		...input
+	});
+}
+async function readVaultValue(io) {
+	let value;
+	if (io.readStdin) value = stripOneTrailingNewline(await io.readStdin());
+	else if (!process.stdin.isTTY && !io.writeOut && !io.writeErr) value = stripOneTrailingNewline(await readAllStdin());
+	else if (io.writeOut || io.writeErr || !process.stdin.isTTY || !process.stdout.isTTY) throw new CapletsError("REQUEST_INVALID", "Vault value input is required. Run interactively or provide stdin.");
+	else value = await readHiddenInput(HIDDEN_INPUT_PROMPT_LABELS.vaultValue);
+	if (value.length === 0) throw new CapletsError("REQUEST_INVALID", "Vault value input is required.");
+	return value;
+}
+function stripOneTrailingNewline(value) {
+	return value.replace(/\r?\n$/u, "");
+}
+function assertVaultTransportValueSize(value) {
+	if (Buffer$1.byteLength(value, "utf8") > 65536) throw new CapletsError("REQUEST_INVALID", `Vault values must be ${VAULT_MAX_VALUE_BYTES} bytes or smaller.`);
+}
+function resolveVaultAccessOrigin(capletId, io) {
+	const env = io.env ?? process.env;
+	const config = loadConfigWithSources(envConfigPath(env), envProjectConfigPath(env), { vaultResolver: vaultBootstrapResolver });
+	if (config.shadows[capletId]?.length) throw new CapletsError("REQUEST_INVALID", `Caplet ${capletId} is shadowed in multiple config sources; resolve the active config before granting Vault access.`);
+	const origin = config.sources[capletId];
+	if (!origin) throw new CapletsError("SERVER_NOT_FOUND", `Caplet ${capletId} is not configured.`);
+	return origin;
+}
+function vaultAccessFilter(storedKey, capletId, referenceName) {
+	return {
+		...storedKey ? { storedKey: validateVaultKeyName(storedKey) } : {},
+		...capletId ? { capletId } : {},
+		...referenceName ? { referenceName: validateVaultKeyName(referenceName) } : {}
+	};
+}
 function localMutationTargetLabel(target, io) {
 	return remoteClientForCli(io) ? `${target} ` : "";
 }
@@ -16387,7 +17451,8 @@ function mergePartialLocalOverlays(globalOverlay, projectOverlay) {
 		config,
 		sources,
 		shadows,
-		warnings: [...globalOverlay.warnings, ...projectOverlay.warnings]
+		warnings: [...globalOverlay.warnings, ...projectOverlay.warnings],
+		sourceFound: globalOverlay.sourceFound || projectOverlay.sourceFound
 	};
 }
 const capletConfigKinds = [