@caplets/core 0.25.1 → 0.26.1

package/dist/{service-Ut6dN9M8.js → service-aBIn4nrw.js}

@@ -1,5 +1,5 @@
 import { A as safeParseAsync$1, C as toJSONSchema, D as parse$3, E as $ZodType, F as NEVER, M as defineLazy, N as normalizeParams, O as parseAsync, P as $constructor, S as datetime, T as $ZodObject, _ as record, a as any, b as unknown, c as custom, d as literal, f as looseObject, g as preprocess, h as optional, i as _null, j as clone, k as safeParse$1, l as discriminatedUnion, m as object$1, o as array, p as number$1, r as _enum, s as boolean, t as ZodNumber$1, u as intersection, v as string, w as _coercedNumber, x as url, y as union } from "./schemas-BoqMu4MG.js";
-import { a as isAllowedHttpBaseUrl, c as validateHttpActionHeaders, d as errorResult, f as redactSecrets, i as SERVER_ID_PATTERN, n as HEADER_NAME_PATTERN, o as isAllowedRemoteUrl, p as toSafeError, r as HTTP_BASE_URL_PATTERN, s as isUrl, t as FORBIDDEN_HEADERS, u as CapletsError } from "./validation-C4tYXw6G.js";
+import { a as isAllowedHttpBaseUrl, c as validateHttpActionHeaders, d as errorResult, f as redactSecrets, i as SERVER_ID_PATTERN, n as HEADER_NAME_PATTERN, o as isAllowedRemoteUrl, p as toSafeError, r as HTTP_BASE_URL_PATTERN, s as isUrl, t as FORBIDDEN_HEADERS, u as CapletsError } from "./validation-GD2x5HW1.js";
 import { generatedToolInputJsonSchema, generatedToolInputJsonSchemaForCaplet, generatedToolInputSchemaForCaplet, mcpOperations, operations } from "./generated-tool-input-schema.js";
 import { f as observedOutputShapeKey, i as observeOutputShape, r as normalizedObservableValue, t as usefulOutputSchema, u as FileObservedOutputShapeStore } from "./observed-output-shapes-DuP7mJQf.js";
 import { createRequire } from "node:module";
@@ -9,8 +9,9 @@ import { spawn } from "node:child_process";
 import process$1 from "node:process";
 import { PassThrough } from "node:stream";
 import { createServer } from "node:http";
-import { createHash, createHmac, randomBytes, randomUUID } from "node:crypto";
+import { createCipheriv, createDecipheriv, createHash, createHmac, randomBytes, randomUUID } from "node:crypto";
 import { homedir } from "node:os";
+import { Buffer as Buffer$1 } from "node:buffer";
 import { readFile } from "node:fs/promises";
 import ts from "typescript";
 import { getQuickJS, shouldInterruptAfterDeadline } from "quickjs-emscripten";
@@ -26078,7 +26079,7 @@ const capletMcpServerSchema = object$1({
 		path: ["url"],
 		message: "remote servers require url"
 	});
-	if (server.url && !hasEnvReference$2(server.url) && !isAllowedRemoteUrl(server.url)) ctx.addIssue({
+	if (server.url && !hasInterpolationReference$2(server.url) && !isAllowedRemoteUrl(server.url)) ctx.addIssue({
 		code: "custom",
 		path: ["url"],
 		message: "remote url must use https except loopback development urls"
@@ -26091,7 +26092,7 @@ const capletMcpServerSchema = object$1({
 		"redirectUri"
 	]) {
 		const value = server.auth[field];
-		if (value && !hasEnvReference$2(value) && !isUrl(value)) ctx.addIssue({
+		if (value && !hasInterpolationReference$2(value) && !isUrl(value)) ctx.addIssue({
 			code: "custom",
 			path: ["auth", field],
 			message: `${field} must be a URL or environment reference`
@@ -26125,12 +26126,12 @@ const capletOpenApiEndpointSchema = object$1({
 		code: "custom",
 		message: "openapiEndpoint must define exactly one spec source: specPath or specUrl"
 	});
-	if (endpoint.specUrl && !hasEnvReference$2(endpoint.specUrl) && !isAllowedRemoteUrl(endpoint.specUrl)) ctx.addIssue({
+	if (endpoint.specUrl && !hasInterpolationReference$2(endpoint.specUrl) && !isAllowedRemoteUrl(endpoint.specUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["specUrl"],
 		message: "OpenAPI specUrl must use https except loopback development urls"
 	});
-	if (endpoint.baseUrl && !hasEnvReference$2(endpoint.baseUrl) && !isAllowedRemoteUrl(endpoint.baseUrl)) ctx.addIssue({
+	if (endpoint.baseUrl && !hasInterpolationReference$2(endpoint.baseUrl) && !isAllowedRemoteUrl(endpoint.baseUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["baseUrl"],
 		message: "OpenAPI baseUrl must use https except loopback development urls"
@@ -26155,12 +26156,12 @@ const capletGoogleDiscoveryApiSchema = object$1({
 		code: "custom",
 		message: "googleDiscoveryApi must define exactly one discovery source: discoveryPath or discoveryUrl"
 	});
-	if (api.discoveryUrl && !hasEnvReference$2(api.discoveryUrl) && !isAllowedRemoteUrl(api.discoveryUrl)) ctx.addIssue({
+	if (api.discoveryUrl && !hasInterpolationReference$2(api.discoveryUrl) && !isAllowedRemoteUrl(api.discoveryUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["discoveryUrl"],
 		message: "Google Discovery discoveryUrl must use https except loopback development urls"
 	});
-	if (api.baseUrl && !hasEnvReference$2(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) ctx.addIssue({
+	if (api.baseUrl && !hasInterpolationReference$2(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["baseUrl"],
 		message: "Google Discovery baseUrl must use https except loopback development urls and must not include credentials, query, or fragment"
@@ -26197,12 +26198,12 @@ const capletGraphQlEndpointSchema = object$1({
 		code: "custom",
 		message: "graphqlEndpoint must define exactly one schema source: schemaPath, schemaUrl, or introspection"
 	});
-	if (endpoint.endpointUrl && !hasEnvReference$2(endpoint.endpointUrl) && !isAllowedRemoteUrl(endpoint.endpointUrl)) ctx.addIssue({
+	if (endpoint.endpointUrl && !hasInterpolationReference$2(endpoint.endpointUrl) && !isAllowedRemoteUrl(endpoint.endpointUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["endpointUrl"],
 		message: "GraphQL endpointUrl must use https except loopback development urls"
 	});
-	if (endpoint.schemaUrl && !hasEnvReference$2(endpoint.schemaUrl) && !isAllowedRemoteUrl(endpoint.schemaUrl)) ctx.addIssue({
+	if (endpoint.schemaUrl && !hasInterpolationReference$2(endpoint.schemaUrl) && !isAllowedRemoteUrl(endpoint.schemaUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["schemaUrl"],
 		message: "GraphQL schemaUrl must use https except loopback development urls"
@@ -26246,7 +26247,7 @@ const capletHttpApiSchema = object$1({
 	projectBinding: capletProjectBindingSchema.optional(),
 	runtime: capletRuntimeRequirementsSchema.optional()
 }).strict().superRefine((api, ctx) => {
-	if (api.baseUrl && !hasEnvReference$2(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) ctx.addIssue({
+	if (api.baseUrl && !hasInterpolationReference$2(api.baseUrl) && !isAllowedHttpBaseUrl(api.baseUrl)) ctx.addIssue({
 		code: "custom",
 		path: ["baseUrl"],
 		message: "HTTP API baseUrl must use https except loopback development urls and must not include credentials, query, or fragment"
@@ -26445,7 +26446,7 @@ function discoverCapletFileMapCandidates(paths) {
 		});
 	}
 	return candidates.map(({ id, path }) => {
-		validateCapletId(id, path);
+		validateCapletId$1(id, path);
 		return {
 			id,
 			path
@@ -26551,7 +26552,7 @@ function normalizeGraphQlOperations(operations, baseDir, normalizePath) {
 	}]));
 }
 function normalizeBundleLocalPath(value, baseDir) {
-	if (!value || isMapAbsolutePath(value) || hasEnvReference$2(value)) return value;
+	if (!value || isMapAbsolutePath(value) || hasInterpolationReference$2(value)) return value;
 	const parts = [...baseDir ? baseDir.split("/") : [], ...value.split("/")];
 	const normalized = [];
 	for (const part of parts) {
@@ -26625,21 +26626,18 @@ function parseFrontmatter(text, path) {
 function isPlainObject$6(value) {
 	return Boolean(value) && typeof value === "object" && !Array.isArray(value);
 }
-function validateCapletId(id, path) {
+function validateCapletId$1(id, path) {
 	if (!SERVER_ID_PATTERN.test(id)) throw new CapletsError("CONFIG_INVALID", `Caplet file at ${path} derives invalid ID ${id}; ID must match ^[a-zA-Z0-9_-]{1,64}$`);
 }
 function errorMessage$4(error) {
 	return error instanceof Error ? error.message : String(error);
 }
-function hasEnvReference$2(value) {
-	return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*/.test(value);
+function hasInterpolationReference$2(value) {
+	return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*|\$\{vault:[^}]+\}|\$vault:[A-Za-z0-9_-]+/.test(value);
 }
 //#endregion
 //#region src/caplet-files.ts
 const MAX_CAPLET_FILE_BYTES = 128 * 1024;
-function loadCapletFiles(root) {
-	return loadCapletFilesWithPaths(root)?.config;
-}
 function loadCapletFilesWithPaths(root) {
 	if (!existsSync(root)) return;
 	return buildCapletFileLoadResultFromEntries(root, discoverCapletFiles(root), (path) => readCapletFile(path));
@@ -26653,7 +26651,7 @@ function discoverCapletFiles(root) {
 	const entries = readdirSync(root, { withFileTypes: true }).sort((left, right) => left.name.localeCompare(right.name));
 	const candidates = [];
 	function addCandidate(id, path) {
-		validateCapletId(id, path);
+		validateCapletId$1(id, path);
 		candidates.push({
 			id,
 			path
@@ -26679,7 +26677,7 @@ function discoverCapletFilesBestEffort(root, warnings) {
 	const duplicateIds = /* @__PURE__ */ new Set();
 	function addCandidate(id, path, isDirectoryCaplet) {
 		try {
-			validateCapletId(id, path);
+			validateCapletId$1(id, path);
 		} catch (error) {
 			warnings.push({
 				path,
@@ -26754,11 +26752,420 @@ function validateCapletFile(path) {
 	readCapletFile(path);
 }
 function normalizeLocalPath$1(value, baseDir) {
-	if (!value || isAbsolute(value) || hasEnvReference$1(value)) return value;
+	if (!value || isAbsolute(value) || hasInterpolationReference$1(value)) return value;
 	return join(baseDir, value);
 }
-function hasEnvReference$1(value) {
-	return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*/.test(value);
+function hasInterpolationReference$1(value) {
+	return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*|\$\{vault:[^}]+\}|\$vault:[A-Za-z0-9_-]+/.test(value);
+}
+//#endregion
+//#region src/vault/crypto.ts
+const NONCE_BYTES = 12;
+function encryptVaultValue(input) {
+	const nonce = randomBytes(NONCE_BYTES);
+	const cipher = createCipheriv("aes-256-gcm", input.key, nonce);
+	const ciphertext = Buffer$1.concat([cipher.update(input.plaintext, "utf8"), cipher.final()]);
+	const authTag = cipher.getAuthTag();
+	const timestamp = input.now.toISOString();
+	return {
+		version: 1,
+		algorithm: "aes-256-gcm",
+		nonce: nonce.toString("base64url"),
+		ciphertext: ciphertext.toString("base64url"),
+		authTag: authTag.toString("base64url"),
+		valueBytes: Buffer$1.byteLength(input.plaintext, "utf8"),
+		createdAt: input.existing?.createdAt ?? timestamp,
+		updatedAt: timestamp
+	};
+}
+function decryptVaultValue(record, key) {
+	const parsed = parseEncryptedRecord(record);
+	try {
+		const decipher = createDecipheriv("aes-256-gcm", key, Buffer$1.from(parsed.nonce, "base64url"));
+		decipher.setAuthTag(Buffer$1.from(parsed.authTag, "base64url"));
+		return Buffer$1.concat([decipher.update(Buffer$1.from(parsed.ciphertext, "base64url")), decipher.final()]).toString("utf8");
+	} catch {
+		throw new CapletsError("CONFIG_INVALID", "Vault encrypted record could not be decrypted.");
+	}
+}
+function parseEncryptedRecord(record) {
+	if (!record || typeof record !== "object" || Array.isArray(record)) throw new CapletsError("CONFIG_INVALID", "Vault encrypted record must be an object.");
+	const value = record;
+	if (value.version !== 1 || value.algorithm !== "aes-256-gcm") throw new CapletsError("CONFIG_INVALID", "Vault encrypted record version is unsupported.");
+	if (typeof value.nonce !== "string" || typeof value.ciphertext !== "string" || typeof value.authTag !== "string" || typeof value.valueBytes !== "number" || typeof value.createdAt !== "string" || typeof value.updatedAt !== "string") throw new CapletsError("CONFIG_INVALID", "Vault encrypted record is malformed.");
+	return value;
+}
+//#endregion
+//#region src/vault/store.ts
+function ensurePrivateDir(path) {
+	mkdirSync(path, {
+		recursive: true,
+		mode: 448
+	});
+	try {
+		chmodSync(path, 448);
+	} catch {}
+}
+function writePrivateFileAtomic(path, contents) {
+	ensurePrivateDir(dirname(path));
+	const tempPath = `${path}.${process.pid}.${Date.now()}.tmp`;
+	writeFileSync(tempPath, contents, { mode: 384 });
+	try {
+		chmodSync(tempPath, 384);
+	} catch {}
+	renameSync(tempPath, path);
+}
+function readJsonFile(path, fallback) {
+	if (!existsSync(path)) return fallback;
+	return JSON.parse(readFileSync(path, "utf8"));
+}
+function deleteFile(path) {
+	if (!existsSync(path)) return false;
+	rmSync(path, { force: true });
+	return true;
+}
+//#endregion
+//#region src/vault/keys.ts
+const VAULT_KEY_PATTERN = /^[A-Z_][A-Z0-9_]{0,127}$/;
+const KEY_FILE_PREFIX = "caplets-vault-key-v1.";
+const KEY_BYTES = 32;
+function validateVaultKeyName(name) {
+	if (!VAULT_KEY_PATTERN.test(name)) throw new CapletsError("REQUEST_INVALID", "Vault key names must match ^[A-Z_][A-Z0-9_]{0,127}$");
+	return name;
+}
+function loadVaultKey(input) {
+	const envKey = input.env?.CAPLETS_ENCRYPTION_KEY;
+	if (envKey !== void 0) return decodeExactKey(envKey, "CAPLETS_ENCRYPTION_KEY");
+	const status = vaultKeySourceStatus(input);
+	if (!status.available) throw new CapletsError("CONFIG_INVALID", `Vault key source is unavailable: ${"reason" in status ? status.reason : "invalid"}`);
+	return parseKeyFile(readFileSync(input.keyFile, "utf8"));
+}
+function ensureVaultKey(input) {
+	const envKey = input.env?.CAPLETS_ENCRYPTION_KEY;
+	if (envKey !== void 0) return decodeExactKey(envKey, "CAPLETS_ENCRYPTION_KEY");
+	if (!existsSync(input.keyFile)) {
+		ensurePrivateDir(dirname(input.keyFile));
+		const encoded = randomBytes(KEY_BYTES).toString("base64url");
+		writePrivateFileAtomic(input.keyFile, `${KEY_FILE_PREFIX}${encoded}\n`);
+		try {
+			chmodSync(input.keyFile, 384);
+		} catch {}
+	}
+	return loadVaultKey(input);
+}
+function vaultKeySourceStatus(input) {
+	const envKey = input.env?.CAPLETS_ENCRYPTION_KEY;
+	if (envKey !== void 0) try {
+		decodeExactKey(envKey, "CAPLETS_ENCRYPTION_KEY");
+		return {
+			available: true,
+			source: "env"
+		};
+	} catch {
+		return {
+			available: false,
+			source: "env",
+			reason: "invalid"
+		};
+	}
+	if (!existsSync(input.keyFile)) return {
+		available: false,
+		source: "file",
+		reason: "missing",
+		keyFile: input.keyFile
+	};
+	let mode;
+	try {
+		mode = statSync(input.keyFile).mode;
+	} catch (error) {
+		return unavailableKeyFileStatus(input.keyFile, error);
+	}
+	if (process.platform !== "win32" && (mode & 63) !== 0) return {
+		available: false,
+		source: "file",
+		reason: "wrong-permissions",
+		keyFile: input.keyFile
+	};
+	let contents;
+	try {
+		contents = readFileSync(input.keyFile, "utf8");
+	} catch (error) {
+		return unavailableKeyFileStatus(input.keyFile, error);
+	}
+	try {
+		parseKeyFile(contents);
+		return {
+			available: true,
+			source: "file",
+			keyFile: input.keyFile
+		};
+	} catch (error) {
+		return {
+			available: false,
+			source: "file",
+			reason: error instanceof CapletsError && error.message.includes("unsupported") ? "unsupported-version" : "invalid",
+			keyFile: input.keyFile
+		};
+	}
+}
+function unavailableKeyFileStatus(keyFile, error) {
+	return {
+		available: false,
+		source: "file",
+		reason: (error && typeof error === "object" && "code" in error ? String(error.code) : "") === "ENOENT" ? "missing" : "unreadable",
+		keyFile
+	};
+}
+function parseKeyFile(contents) {
+	const trimmed = contents.trim();
+	if (!trimmed.startsWith(KEY_FILE_PREFIX)) throw new CapletsError("CONFIG_INVALID", "Vault key file has an unsupported format version.");
+	return decodeExactKey(trimmed.slice(21), "Vault key file");
+}
+function decodeExactKey(encoded, label) {
+	let decoded;
+	try {
+		decoded = Buffer$1.from(encoded, "base64url");
+	} catch {
+		throw new CapletsError("REQUEST_INVALID", `${label} must be a base64url-encoded 32-byte key.`);
+	}
+	if (decoded.length !== KEY_BYTES || decoded.toString("base64url") !== encoded.replace(/=+$/u, "")) throw new CapletsError("REQUEST_INVALID", `${label} must be a base64url-encoded 32-byte key.`);
+	return decoded;
+}
+//#endregion
+//#region src/vault/access.ts
+function normalizeVaultGrant(input) {
+	const now = (input.now ?? /* @__PURE__ */ new Date()).toISOString();
+	return {
+		storedKey: validateVaultKeyName(input.storedKey),
+		referenceName: validateVaultKeyName(input.referenceName),
+		capletId: validateCapletId(input.capletId),
+		origin: normalizeOrigin(input.origin),
+		createdAt: now,
+		updatedAt: now
+	};
+}
+function upsertVaultGrant(grants, input) {
+	const next = normalizeVaultGrant(input);
+	return [...grants.filter((grant) => !sameGrantIdentity(grant, next)), {
+		...next,
+		createdAt: grants.find((grant) => sameGrantIdentity(grant, next))?.createdAt ?? next.createdAt
+	}].sort(compareGrants);
+}
+function filterVaultGrants(grants, filter = {}) {
+	return grants.filter((grant) => {
+		if (filter.storedKey !== void 0 && grant.storedKey !== filter.storedKey) return false;
+		if (filter.referenceName !== void 0 && grant.referenceName !== filter.referenceName) return false;
+		if (filter.capletId !== void 0 && grant.capletId !== filter.capletId) return false;
+		if (filter.origin !== void 0 && !sameOrigin(grant.origin, filter.origin)) return false;
+		return true;
+	});
+}
+function sameOrigin(left, right) {
+	return left.kind === right.kind && left.path === right.path;
+}
+function sameGrantIdentity(left, right) {
+	return left.referenceName === right.referenceName && left.capletId === right.capletId && sameOrigin(left.origin, right.origin);
+}
+function normalizeOrigin(origin) {
+	if (!origin.path) throw new CapletsError("REQUEST_INVALID", "Vault access grants require a config origin path.");
+	return {
+		kind: origin.kind,
+		path: origin.path
+	};
+}
+function validateCapletId(capletId) {
+	if (!/^[a-zA-Z0-9_-]{1,64}$/u.test(capletId)) throw new CapletsError("REQUEST_INVALID", "Vault access grants require a valid Caplet ID.");
+	return capletId;
+}
+function compareGrants(left, right) {
+	return left.capletId.localeCompare(right.capletId) || left.referenceName.localeCompare(right.referenceName) || left.storedKey.localeCompare(right.storedKey) || left.origin.kind.localeCompare(right.origin.kind) || left.origin.path.localeCompare(right.origin.path);
+}
+//#endregion
+//#region src/vault/types.ts
+const VAULT_MAX_VALUE_BYTES = 64 * 1024;
+//#endregion
+//#region src/vault/index.ts
+var FileVaultStore = class {
+	root;
+	env;
+	paths;
+	constructor(options = {}) {
+		this.root = options.root ?? join(defaultStateBaseDir(options.env), "caplets", "vault");
+		this.env = options.env ?? process.env;
+		this.paths = {
+			keyFile: join(this.root, "vault-key"),
+			valuesDir: join(this.root, "values"),
+			grantsFile: join(this.root, "access-grants.json")
+		};
+	}
+	valuePath(key) {
+		return join(this.paths.valuesDir, `${encodeURIComponent(validateVaultKeyName(key))}.json`);
+	}
+	set(key, value, options = {}) {
+		const normalizedKey = validateVaultKeyName(key);
+		if (Buffer$1.byteLength(value, "utf8") > 65536) throw new CapletsError("REQUEST_INVALID", `Vault values must be ${VAULT_MAX_VALUE_BYTES} bytes or smaller.`);
+		const path = this.valuePath(normalizedKey);
+		const existing = this.loadValueRecord(normalizedKey);
+		if (existing && !options.force) throw new CapletsError("CONFIG_EXISTS", `Vault key ${normalizedKey} already exists.`);
+		ensurePrivateDir(this.root);
+		ensurePrivateDir(this.paths.valuesDir);
+		const encrypted = encryptVaultValue({
+			plaintext: value,
+			key: ensureVaultKey({
+				keyFile: this.paths.keyFile,
+				env: this.env
+			}),
+			now: options.now ?? /* @__PURE__ */ new Date(),
+			...existing ? { existing } : {}
+		});
+		writePrivateFileAtomic(path, `${JSON.stringify(encrypted, null, 2)}\n`);
+		return this.statusForRecord(normalizedKey, encrypted);
+	}
+	getStatus(key) {
+		const normalizedKey = validateVaultKeyName(key);
+		const record = this.loadValueRecord(normalizedKey);
+		return record ? this.statusForRecord(normalizedKey, record) : {
+			key: normalizedKey,
+			present: false
+		};
+	}
+	listValues() {
+		if (!existsSync(this.paths.valuesDir)) return [];
+		return readdirSync(this.paths.valuesDir).filter((entry) => entry.endsWith(".json")).map((entry) => decodeURIComponent(basename(entry, ".json"))).map((key) => this.getStatus(key)).filter((status) => status.present).sort((left, right) => left.key.localeCompare(right.key));
+	}
+	resolveValue(key) {
+		const normalizedKey = validateVaultKeyName(key);
+		const record = this.loadValueRecord(normalizedKey);
+		if (!record) throw new CapletsError("CONFIG_INVALID", `Vault key ${normalizedKey} is missing.`);
+		return decryptVaultValue(record, loadVaultKey({
+			keyFile: this.paths.keyFile,
+			env: this.env
+		}));
+	}
+	delete(key) {
+		const normalizedKey = validateVaultKeyName(key);
+		return {
+			key: normalizedKey,
+			deleted: deleteFile(this.valuePath(normalizedKey)),
+			grantsRetained: this.listAccess({ storedKey: normalizedKey }).length
+		};
+	}
+	keySourceStatus() {
+		return vaultKeySourceStatus({
+			keyFile: this.paths.keyFile,
+			env: this.env
+		});
+	}
+	grantAccess(input) {
+		const next = normalizeVaultGrant(input);
+		const grants = upsertVaultGrant(this.loadAccessGrants(), input);
+		this.saveAccessGrants(grants);
+		return grants.find((grant) => grant.storedKey === next.storedKey && grant.referenceName === next.referenceName && grant.capletId === next.capletId && sameOrigin(grant.origin, next.origin));
+	}
+	listAccess(filter = {}) {
+		return filterVaultGrants(this.loadAccessGrants(), filter);
+	}
+	revokeAccess(filter) {
+		const removed = this.listAccess(filter);
+		if (removed.length === 0) return [];
+		const removedKeys = new Set(removed.map(accessGrantIdentity));
+		const remaining = this.loadAccessGrants().filter((grant) => !removedKeys.has(accessGrantIdentity(grant)));
+		this.saveAccessGrants(remaining);
+		return removed;
+	}
+	resolveGrantedValue(input) {
+		const referenceName = validateVaultKeyName(input.referenceName);
+		const grant = this.listAccess({
+			referenceName,
+			capletId: input.capletId,
+			origin: input.origin
+		})[0];
+		if (!grant) return {
+			reason: "ungranted",
+			referenceName,
+			capletId: input.capletId,
+			origin: input.origin
+		};
+		if (!existsSync(this.valuePath(grant.storedKey))) return {
+			reason: "missing",
+			storedKey: grant.storedKey,
+			referenceName,
+			capletId: input.capletId,
+			origin: input.origin
+		};
+		return {
+			storedKey: grant.storedKey,
+			value: this.resolveValue(grant.storedKey)
+		};
+	}
+	loadValueRecord(key) {
+		const path = this.valuePath(key);
+		if (!existsSync(path)) return void 0;
+		let raw;
+		try {
+			raw = readJsonFile(path, {});
+		} catch {
+			throw new CapletsError("CONFIG_INVALID", `Vault value record for ${key} is not valid JSON.`);
+		}
+		return parseEncryptedRecord(raw);
+	}
+	statusForRecord(key, record) {
+		return {
+			key,
+			present: true,
+			valueBytes: record.valueBytes,
+			createdAt: record.createdAt,
+			updatedAt: record.updatedAt
+		};
+	}
+	loadAccessGrants() {
+		let raw;
+		try {
+			raw = readJsonFile(this.paths.grantsFile, []);
+		} catch {
+			throw new CapletsError("CONFIG_INVALID", "Vault access grants file is not valid JSON.");
+		}
+		if (!Array.isArray(raw)) throw new CapletsError("CONFIG_INVALID", "Vault access grants file must contain an array.");
+		return raw.map(parseStoredGrant);
+	}
+	saveAccessGrants(grants) {
+		ensurePrivateDir(this.root);
+		writePrivateFileAtomic(this.paths.grantsFile, `${JSON.stringify(grants, null, 2)}\n`);
+	}
+};
+function accessGrantIdentity(grant) {
+	return [
+		grant.storedKey,
+		grant.referenceName,
+		grant.capletId,
+		grant.origin.kind,
+		grant.origin.path
+	].join("\0");
+}
+function parseStoredGrant(value) {
+	if (!value || typeof value !== "object" || Array.isArray(value)) throw new CapletsError("CONFIG_INVALID", "Vault access grant must be an object.");
+	const record = value;
+	if (typeof record.storedKey !== "string" || typeof record.referenceName !== "string" || typeof record.capletId !== "string" || typeof record.createdAt !== "string" || typeof record.updatedAt !== "string" || !record.origin || typeof record.origin !== "object" || Array.isArray(record.origin)) throw new CapletsError("CONFIG_INVALID", "Vault access grant is malformed.");
+	const originRecord = record.origin;
+	if (typeof originRecord.kind !== "string" || typeof originRecord.path !== "string" || ![
+		"global-config",
+		"global-file",
+		"project-config",
+		"project-file"
+	].includes(originRecord.kind)) throw new CapletsError("CONFIG_INVALID", "Vault access grant origin is malformed.");
+	return {
+		...normalizeVaultGrant({
+			storedKey: record.storedKey,
+			referenceName: record.referenceName,
+			capletId: record.capletId,
+			origin: {
+				kind: originRecord.kind,
+				path: originRecord.path
+			}
+		}),
+		createdAt: record.createdAt,
+		updatedAt: record.updatedAt
+	};
 }
 //#endregion
 //#region src/config.ts
@@ -26768,6 +27175,7 @@ const NON_INTERPOLATED_SERVER_FIELDS = /* @__PURE__ */ new Set([
 	"tags",
 	"body"
 ]);
+const VAULT_BARE_REFERENCE = "[A-Za-z0-9_-]+";
 const remoteAuthSchema = discriminatedUnion("type", [
 	object$1({ type: literal("none") }).strict(),
 	object$1({
@@ -27430,10 +27838,10 @@ function configSchemaFor(serverValueSchema, openApiEndpointValueSchema, googleDi
 }
 const configFileSchema = configSchemaFor(publicServerSchema, publicOpenApiEndpointSchema, publicGoogleDiscoveryApiSchema, publicGraphQlEndpointSchema, publicHttpApiSchema, publicCliToolsSchema, publicCapletSetSchema);
 const normalizedConfigFileSchema = configSchemaFor(normalizedServerSchema, normalizedOpenApiEndpointSchema, normalizedGoogleDiscoveryApiSchema, normalizedGraphQlEndpointSchema, normalizedHttpApiSchema, normalizedCliToolsSchema, normalizedCapletSetSchema);
-function loadConfig(path = resolveConfigPath(), projectPath = resolveProjectConfigPath()) {
-	return loadConfigWithSources(path, projectPath).config;
+function loadConfig(path = resolveConfigPath(), projectPath = resolveProjectConfigPath(), options = {}) {
+	return loadConfigWithSources(path, projectPath, options).config;
 }
-function loadConfigWithSources(path = resolveConfigPath(), projectPath = resolveProjectConfigPath()) {
+function loadConfigWithSources(path = resolveConfigPath(), projectPath = resolveProjectConfigPath(), options = {}) {
 	const hasUserConfig = existsSync(path);
 	const hasProjectConfig = existsSync(projectPath);
 	const userConfig = hasUserConfig ? readPublicConfigInput(path) : void 0;
@@ -27470,9 +27878,9 @@ function loadConfigWithSources(path = resolveConfigPath(), projectPath = resolve
 				path: projectCaplets.paths
 			}
 		} : void 0
-	], `Caplets config not found at ${path} or ${projectPath}`, "Caplets config must define at least one MCP server, OpenAPI endpoint, Google Discovery API, GraphQL endpoint, HTTP API, CLI tools backend, or Caplet set");
+	], `Caplets config not found at ${path} or ${projectPath}`, "Caplets config must define at least one MCP server, OpenAPI endpoint, Google Discovery API, GraphQL endpoint, HTTP API, CLI tools backend, or Caplet set", options);
 }
-function loadGlobalConfig(path = resolveConfigPath()) {
+function loadGlobalConfig(path = resolveConfigPath(), options = {}) {
 	const userConfig = existsSync(path) ? readPublicConfigInput(path) : void 0;
 	const userCaplets = loadCapletFilesWithPaths(resolveCapletsRoot(path));
 	return buildConfigWithSources([{
@@ -27487,9 +27895,9 @@ function loadGlobalConfig(path = resolveConfigPath()) {
 			kind: "global-file",
 			path: userCaplets.paths
 		}
-	} : void 0], `Caplets user config not found at ${path}`, void 0).config;
+	} : void 0], `Caplets user config not found at ${path}`, void 0, options).config;
 }
-function loadProjectConfig(projectPath = resolveProjectConfigPath()) {
+function loadProjectConfig(projectPath = resolveProjectConfigPath(), options = {}) {
 	const projectConfig = existsSync(projectPath) ? rejectProjectConfigExecutableBackendMaps(readPublicConfigInput(projectPath), projectPath) : void 0;
 	const projectCapletsRoot = resolveProjectCapletsRootForConfigPath(projectPath);
 	const projectCaplets = projectCapletsRoot ? loadCapletFilesWithPaths(projectCapletsRoot) : void 0;
@@ -27505,13 +27913,16 @@ function loadProjectConfig(projectPath = resolveProjectConfigPath()) {
 			kind: "project-file",
 			path: projectCaplets.paths
 		}
-	} : void 0], `Caplets project config not found at ${projectPath}`, void 0).config;
+	} : void 0], `Caplets project config not found at ${projectPath}`, void 0, options).config;
 }
-function buildConfigWithSources(inputs, notFoundMessage, emptyMessage) {
+function buildConfigWithSources(inputs, notFoundMessage, emptyMessage, options = {}) {
 	if (!inputs.some((entry) => entry?.input !== void 0)) throw new CapletsError("CONFIG_NOT_FOUND", notFoundMessage);
 	try {
 		const { input, sources, shadows } = mergeConfigInputsWithSources(...inputs);
-		const config = parseConfig(input);
+		const config = parseConfig(input, {
+			sources,
+			vaultResolver: options.vaultResolver ?? defaultVaultResolver()
+		});
 		if (emptyMessage && Object.keys(config.mcpServers).length === 0 && Object.keys(config.openapiEndpoints).length === 0 && Object.keys(config.googleDiscoveryApis).length === 0 && Object.keys(config.graphqlEndpoints).length === 0 && Object.keys(config.httpApis).length === 0 && Object.keys(config.cliTools).length === 0 && Object.keys(config.capletSets).length === 0) throw new CapletsError("CONFIG_INVALID", emptyMessage);
 		return {
 			config,
@@ -27523,13 +27934,18 @@ function buildConfigWithSources(inputs, notFoundMessage, emptyMessage) {
 		throw new CapletsError("CONFIG_INVALID", "Caplets config is not valid JSON", redactSecrets(error));
 	}
 }
-function loadLocalOverlayConfigWithSources(path = resolveConfigPath(), projectPath = resolveProjectConfigPath()) {
+function loadLocalOverlayConfigWithSources(path = resolveConfigPath(), projectPath = resolveProjectConfigPath(), options = {}) {
+	const parseOptions = {
+		vaultResolver: options.vaultResolver ?? defaultVaultResolver(),
+		vaultRecoveryTarget: options.vaultRecoveryTarget
+	};
 	const warnings = [];
-	const userConfig = existsSync(path) ? readBestEffortConfigInput(path, "global-config", warnings) : void 0;
-	const userCaplets = loadBestEffortCapletFiles(resolveCapletsRoot(path), "global-file", warnings);
-	const projectConfig = existsSync(projectPath) ? readBestEffortConfigInput(projectPath, "project-config", warnings, (input) => rejectProjectConfigExecutableBackendMaps(input, projectPath)) : void 0;
+	const userConfig = existsSync(path) ? readBestEffortConfigInput(path, "global-config", warnings, void 0, parseOptions) : void 0;
+	const userCaplets = loadBestEffortCapletFiles(resolveCapletsRoot(path), "global-file", warnings, parseOptions);
+	const projectConfig = existsSync(projectPath) ? readBestEffortConfigInput(projectPath, "project-config", warnings, (input) => rejectProjectConfigExecutableBackendMaps(input, projectPath), parseOptions) : void 0;
 	const projectCapletsRoot = resolveProjectCapletsRootForConfigPath(projectPath);
-	const projectCaplets = projectCapletsRoot ? loadBestEffortCapletFiles(projectCapletsRoot, "project-file", warnings) : void 0;
+	const projectCaplets = projectCapletsRoot ? loadBestEffortCapletFiles(projectCapletsRoot, "project-file", warnings, parseOptions) : void 0;
+	const sourceFound = Boolean(userConfig || userCaplets || projectConfig || projectCaplets);
 	const { input, sources, shadows } = mergeConfigInputsWithSources({
 		input: userConfig,
 		source: {
@@ -27556,17 +27972,40 @@ function loadLocalOverlayConfigWithSources(path = resolveConfigPath(), projectPa
 		}
 	} : void 0);
 	return {
-		config: parseConfig(input),
+		config: parseConfig(input, {
+			sources,
+			vaultResolver: parseOptions.vaultResolver
+		}),
 		sources,
 		shadows,
-		warnings
+		warnings,
+		sourceFound
 	};
 }
-function readBestEffortConfigInput(path, kind, warnings, transform) {
+function loadLocalRuntimeConfig(path = resolveConfigPath(), projectPath = resolveProjectConfigPath(), options = {}) {
+	const overlay = loadLocalOverlayConfigWithSources(path, projectPath, {
+		vaultResolver: options.vaultResolver,
+		vaultRecoveryTarget: options.vaultRecoveryTarget
+	});
+	for (const warning of overlay.warnings) options.writeWarning?.(warning);
+	const blockingWarning = overlay.warnings.find((warning) => !warning.recoverable && (warning.kind === "global-config" || warning.kind === "project-config"));
+	if (blockingWarning) throw new CapletsError("CONFIG_INVALID", blockingWarning.message);
+	if (!overlay.sourceFound) throw new CapletsError("CONFIG_NOT_FOUND", `Caplets config not found at ${path} or ${projectPath}`);
+	if (!configHasAnyCaplets(overlay.config) && !overlay.warnings.some((warning) => warning.recoverable)) throw new CapletsError("CONFIG_INVALID", "Caplets config must define at least one MCP server, OpenAPI endpoint, Google Discovery API, GraphQL endpoint, HTTP API, CLI tools backend, or Caplet set");
+	return overlay.config;
+}
+function readBestEffortConfigInput(path, kind, warnings, transform, options = {}) {
 	try {
 		const normalized = normalizeLocalPaths(readBestEffortJsonConfigInput(path), dirname(path));
-		const filtered = quarantineMissingEnvCaplets(transform ? transform(normalized) : normalized, kind, path, warnings);
-		const parsed = configFileSchema.safeParse(interpolateConfig(filtered));
+		const filtered = quarantineUnresolvedReferenceCaplets(transform ? transform(normalized) : normalized, kind, path, warnings, options);
+		const validationOptions = {
+			...options,
+			sources: Object.fromEntries(capletIds(filtered).map((id) => [id, {
+				kind,
+				path
+			}]))
+		};
+		const parsed = configFileSchema.safeParse(interpolateConfig(filtered, [], validationOptions));
 		if (!parsed.success) throw new CapletsError("CONFIG_INVALID", `Caplets config at ${path} is invalid`, parsed.error.issues);
 		return filtered;
 	} catch (error) {
@@ -27585,21 +28024,35 @@ function readBestEffortJsonConfigInput(path) {
 		throw new CapletsError("CONFIG_INVALID", `Caplets config at ${path} is not valid JSON`, redactSecrets(error));
 	}
 }
-function quarantineMissingEnvCaplets(input, kind, sourcePath, warnings) {
+function quarantineUnresolvedReferenceCaplets(input, kind, sourcePath, warnings, options = {}) {
 	let filtered = input;
 	for (const backend of CAPLET_BACKEND_KEYS) {
 		const caplets = filtered[backend];
 		if (!isPlainObject$5(caplets)) continue;
 		for (const [id, caplet] of Object.entries(caplets)) {
-			const missing = missingEnvReferences(caplet, [backend, id]);
-			if (missing.length === 0) continue;
+			const envMissing = missingEnvReferences(caplet, [backend, id]);
+			const capletSourcePath = typeof sourcePath === "function" ? sourcePath(id) : sourcePath;
+			const vaultIssues = unresolvedVaultReferences(caplet, [backend, id], {
+				capletId: id,
+				origin: {
+					kind,
+					path: capletSourcePath
+				}
+			}, options);
+			if (envMissing.length === 0 && vaultIssues.length === 0) continue;
 			filtered = removeCapletBackendId(filtered, backend, id);
-			warnings.push({
+			for (const missing of groupMissingEnvReferences(envMissing)) warnings.push({
 				kind,
-				path: typeof sourcePath === "function" ? sourcePath(id) : sourcePath,
+				path: capletSourcePath,
 				message: formatMissingEnvWarning(id, missing),
 				recoverable: true
 			});
+			for (const issue of vaultIssues) warnings.push({
+				kind,
+				path: capletSourcePath,
+				message: formatVaultReferenceWarning(id, issue, options.vaultRecoveryTarget),
+				recoverable: true
+			});
 		}
 	}
 	return filtered;
@@ -27627,7 +28080,90 @@ function formatMissingEnvWarning(id, missing) {
 	const paths = [...new Set(missing.map((reference) => reference.path))];
 	return `Caplet ${id} references missing ${names.length === 1 ? "environment variable" : "environment variables"} ${names.join(", ")} at ${paths.join(", ")}; skipping Caplet ${id}.`;
 }
-function loadBestEffortCapletFiles(root, kind, warnings) {
+function groupMissingEnvReferences(missing) {
+	return missing.length === 0 ? [] : [missing];
+}
+function configHasAnyCaplets(config) {
+	return Object.keys(config.mcpServers).length > 0 || Object.keys(config.openapiEndpoints).length > 0 || Object.keys(config.googleDiscoveryApis).length > 0 || Object.keys(config.graphqlEndpoints).length > 0 || Object.keys(config.httpApis).length > 0 || Object.keys(config.cliTools).length > 0 || Object.keys(config.capletSets).length > 0;
+}
+function unresolvedVaultReferences(value, path, context, options) {
+	if (isPublicMetadataPath(path)) return [];
+	if (typeof value === "string") return unresolvedVaultReferencesInString(value, path.join("."), context, options);
+	if (Array.isArray(value)) return value.flatMap((item, index) => unresolvedVaultReferences(item, [...path, String(index)], context, options));
+	if (isPlainObject$5(value)) return Object.entries(value).flatMap(([key, nested]) => unresolvedVaultReferences(nested, [...path, key], context, options));
+	return [];
+}
+function unresolvedVaultReferencesInString(value, path, context, options) {
+	const issues = [];
+	for (const match of value.matchAll(VAULT_REFERENCE_PATTERN)) {
+		const name = match[1] ?? match[2];
+		if (!name) continue;
+		try {
+			validateVaultKeyName(name);
+		} catch {
+			issues.push({
+				name,
+				path,
+				reason: "invalid-key-source"
+			});
+			continue;
+		}
+		const resolution = options.vaultResolver?.({
+			referenceName: name,
+			capletId: context.capletId,
+			origin: context.origin,
+			path
+		});
+		if (!resolution || !("value" in resolution)) {
+			const reason = resolution && "reason" in resolution ? resolution.reason : "unavailable";
+			issues.push({
+				name,
+				path,
+				reason,
+				...resolution && "storedKey" in resolution && resolution.storedKey ? { storedKey: resolution.storedKey } : {}
+			});
+		}
+	}
+	return issues;
+}
+function formatVaultReferenceWarning(id, issue, target) {
+	const key = issue.storedKey ?? issue.name;
+	const targetFlag = target === "remote" ? " --remote" : "";
+	if (issue.reason === "invalid-key-source") return `Caplet ${id} references invalid-key-source Vault key ${key} at ${issue.path}; run \`caplets doctor\` for key-source details, then reload Caplets; skipping Caplet ${id}.`;
+	if (issue.reason === "missing") return `Caplet ${id} references missing Vault key ${key} at ${issue.path}; run \`caplets vault set ${key}${targetFlag}\`, then reload Caplets; skipping Caplet ${id}.`;
+	const grantCommand = `caplets vault access grant ${key} ${id}${targetFlag}${key !== issue.name ? ` --as ${issue.name}` : ""}`;
+	return `Caplet ${id} references ${issue.reason} Vault key ${key} at ${issue.path}; run \`${grantCommand}\` after setting the value, then reload Caplets; skipping Caplet ${id}.`;
+}
+function defaultVaultResolver(store = new FileVaultStore()) {
+	return (reference) => {
+		try {
+			return store.resolveGrantedValue(reference);
+		} catch (error) {
+			return {
+				reason: error instanceof CapletsError ? "invalid-key-source" : "unavailable",
+				referenceName: reference.referenceName,
+				capletId: reference.capletId,
+				origin: reference.origin
+			};
+		}
+	};
+}
+function vaultStoreForAuthDir(authDir) {
+	return new FileVaultStore(authDir ? { root: join(authDir, "vault") } : {});
+}
+function vaultResolverForAuthDir(authDir) {
+	return defaultVaultResolver(vaultStoreForAuthDir(authDir));
+}
+const vaultBootstrapResolver = (reference) => ({
+	storedKey: reference.referenceName,
+	value: vaultBootstrapPlaceholderValue(reference.path)
+});
+function vaultBootstrapPlaceholderValue(path) {
+	const leaf = path.split(".").at(-1)?.toLowerCase() ?? "";
+	if (leaf.endsWith("url") || leaf.endsWith("uri") || leaf === "issuer") return "https://caplets.local/vault-placeholder";
+	return "caplets-vault-placeholder";
+}
+function loadBestEffortCapletFiles(root, kind, warnings, options = {}) {
 	const result = loadCapletFilesWithPathsBestEffort(root);
 	if (!result) return;
 	for (const warning of result.warnings) warnings.push({
@@ -27635,7 +28171,7 @@ function loadBestEffortCapletFiles(root, kind, warnings) {
 		path: warning.path ?? root,
 		message: warning.message
 	});
-	const config = quarantineMissingEnvCaplets(result.config, kind, (id) => result.paths[id] ?? root, warnings);
+	const config = quarantineUnresolvedReferenceCaplets(result.config, kind, (id) => result.paths[id] ?? root, warnings, options);
 	const retainedIds = new Set(capletIds(config));
 	return {
 		config,
@@ -27647,14 +28183,44 @@ function errorMessage$3(error) {
 }
 function loadIsolatedConfig(options) {
 	if (!options.configPath && !options.capletsRoot) throw new CapletsError("CONFIG_INVALID", "Nested Caplet set must define at least one source: configPath or capletsRoot");
-	const configInput = options.configPath ? readPublicConfigInput(options.configPath) : void 0;
-	const capletInput = options.capletsRoot ? loadCapletFiles(options.capletsRoot) : void 0;
-	if (!configInput && !capletInput) throw new CapletsError("CONFIG_NOT_FOUND", `Nested Caplet set sources not found: ${[options.configPath, options.capletsRoot].filter(Boolean).join(", ")}`);
-	const config = parseConfig(mergeConfigInputs(configInput, capletInput, {
-		version: 1,
-		defaultSearchLimit: options.defaultSearchLimit,
-		maxSearchLimit: options.maxSearchLimit
-	}));
+	const warnings = [];
+	const parseOptions = {
+		vaultResolver: options.vaultResolver ?? defaultVaultResolver(),
+		vaultRecoveryTarget: options.vaultRecoveryTarget
+	};
+	const configExists = Boolean(options.configPath && existsSync(options.configPath));
+	const configInput = configExists ? readBestEffortConfigInput(options.configPath, "global-config", warnings, void 0, parseOptions) : void 0;
+	const capletInput = options.capletsRoot ? loadBestEffortCapletFiles(options.capletsRoot, "global-file", warnings, parseOptions) : void 0;
+	if (!configExists && !capletInput) throw new CapletsError("CONFIG_NOT_FOUND", `Nested Caplet set sources not found: ${[options.configPath, options.capletsRoot].filter(Boolean).join(", ")}`);
+	const blockingWarning = warnings.find((warning) => !warning.recoverable);
+	if (blockingWarning) throw new CapletsError("CONFIG_INVALID", blockingWarning.message);
+	const { input, sources } = mergeConfigInputsWithSources({
+		input: configInput,
+		source: {
+			kind: "global-config",
+			path: options.configPath ?? ""
+		}
+	}, capletInput ? {
+		input: capletInput.config,
+		source: {
+			kind: "global-file",
+			path: capletInput.paths
+		}
+	} : void 0, {
+		input: {
+			version: 1,
+			defaultSearchLimit: options.defaultSearchLimit,
+			maxSearchLimit: options.maxSearchLimit
+		},
+		source: {
+			kind: "global-config",
+			path: options.configPath ?? ""
+		}
+	});
+	const config = parseConfig(input, {
+		sources,
+		vaultResolver: parseOptions.vaultResolver
+	});
 	if (Object.keys(config.mcpServers).length === 0 && Object.keys(config.openapiEndpoints).length === 0 && Object.keys(config.googleDiscoveryApis).length === 0 && Object.keys(config.graphqlEndpoints).length === 0 && Object.keys(config.httpApis).length === 0 && Object.keys(config.cliTools).length === 0 && Object.keys(config.capletSets).length === 0) throw new CapletsError("CONFIG_INVALID", "Nested Caplet set must define at least one Caplet");
 	return config;
 }
@@ -27665,7 +28231,14 @@ function resolveProjectCapletsRootForConfigPath(projectPath) {
 function readPublicConfigInput(path) {
 	try {
 		const normalized = normalizeLocalPaths(JSON.parse(readFileSync(path, "utf8")), dirname(path));
-		const parsed = configFileSchema.safeParse(interpolateConfig(normalized));
+		const validationOptions = {
+			sources: Object.fromEntries(capletIds(normalized).map((id) => [id, {
+				kind: "global-config",
+				path
+			}])),
+			vaultResolver: vaultBootstrapResolver
+		};
+		const parsed = configFileSchema.safeParse(interpolateConfig(normalized, [], validationOptions));
 		if (!parsed.success) throw new CapletsError("CONFIG_INVALID", `Caplets config at ${path} is invalid`, parsed.error.issues);
 		return normalized;
 	} catch (error) {
@@ -27729,7 +28302,7 @@ function normalizeCapletSetPaths(endpoint, baseDir) {
 	};
 }
 function normalizeLocalPath(value, baseDir) {
-	if (typeof value !== "string" || !value || isAbsolute(value) || hasEnvReference(value)) return value;
+	if (typeof value !== "string" || !value || isAbsolute(value) || hasInterpolationReference(value)) return value;
 	return join(baseDir, value);
 }
 function rejectProjectConfigExecutableBackendMaps(input, path) {
@@ -27845,8 +28418,8 @@ function sourceForId(source, id) {
 		path: typeof source.path === "string" ? source.path : source.path[id] ?? ""
 	};
 }
-function parseConfig(input) {
-	const parsed = normalizedConfigFileSchema.safeParse(interpolateConfig(input));
+function parseConfig(input, options = {}) {
+	const parsed = normalizedConfigFileSchema.safeParse(interpolateConfig(input, [], options));
 	if (!parsed.success) throw new CapletsError("CONFIG_INVALID", "Caplets config is invalid", parsed.error.issues);
 	const servers = {};
 	for (const [server, raw] of Object.entries(parsed.data.mcpServers)) {
@@ -27931,11 +28504,11 @@ function validateEndpointAuthHeaders(auth, ctx, path) {
 function stripUndefined(value) {
 	return Object.fromEntries(Object.entries(value).filter(([, nested]) => nested !== void 0));
 }
-function interpolateConfig(value, path = []) {
+function interpolateConfig(value, path = [], options = {}) {
 	if (isPublicMetadataPath(path)) return value;
-	if (typeof value === "string") return interpolateEnv(value);
-	if (Array.isArray(value)) return value.map((item, index) => interpolateConfig(item, [...path, String(index)]));
-	if (value && typeof value === "object") return Object.fromEntries(Object.entries(value).map(([nestedKey, nested]) => [nestedKey, interpolateConfig(nested, [...path, nestedKey])]));
+	if (typeof value === "string") return interpolateVault(interpolateEnv(value), path, options);
+	if (Array.isArray(value)) return value.map((item, index) => interpolateConfig(item, [...path, String(index)], options));
+	if (value && typeof value === "object") return Object.fromEntries(Object.entries(value).map(([nestedKey, nested]) => [nestedKey, interpolateConfig(nested, [...path, nestedKey], options)]));
 	return value;
 }
 function isPublicMetadataPath(path) {
@@ -27945,8 +28518,28 @@ function isPublicMetadataPath(path) {
 function isPlainObject$5(value) {
 	return Boolean(value) && typeof value === "object" && !Array.isArray(value);
 }
-function hasEnvReference(value) {
-	return /\$\{[A-Za-z_][A-Za-z0-9_]*\}|\$env:[A-Za-z_][A-Za-z0-9_]*/.test(value);
+function hasInterpolationReference(value) {
+	return new RegExp(`\\$\\{[A-Za-z_][A-Za-z0-9_]*\\}|\\$env:[A-Za-z_][A-Za-z0-9_]*|\\$\\{vault:[^}]+\\}|\\$vault:${VAULT_BARE_REFERENCE}`).test(value);
+}
+const VAULT_REFERENCE_PATTERN = new RegExp(`\\$\\{vault:([^}]+)\\}|\\$vault:(${VAULT_BARE_REFERENCE})`, "g");
+function interpolateVault(value, path, options) {
+	if (!options.vaultResolver) return value;
+	const backend = path[0];
+	const capletId = path[1];
+	if (!backend || !capletId || !CAPLET_BACKEND_KEY_SET.has(backend)) return value;
+	const origin = options.sources?.[capletId];
+	if (!origin) return value;
+	return value.replace(VAULT_REFERENCE_PATTERN, (_match, braced, bare) => {
+		const referenceName = validateVaultKeyName(braced ?? bare);
+		const resolution = options.vaultResolver?.({
+			referenceName,
+			capletId,
+			origin,
+			path: path.join(".")
+		});
+		if (!resolution || !("value" in resolution)) throw new CapletsError("CONFIG_INVALID", `Vault key ${referenceName} is unresolved for Caplet ${capletId}`);
+		return resolution.value;
+	});
 }
 function interpolateEnv(value) {
 	return value.replace(/\$\{([A-Za-z_][A-Za-z0-9_]*)\}/g, (_match, name) => process.env[name] ?? "").replace(/\$env:([A-Za-z_][A-Za-z0-9_]*)/g, (_match, name) => process.env[name] ?? "");
@@ -62987,7 +63580,8 @@ var CapletSetManager = class CapletSetManager {
 				...config.configPath ? { configPath: config.configPath } : {},
 				...config.capletsRoot ? { capletsRoot: config.capletsRoot } : {},
 				defaultSearchLimit: config.defaultSearchLimit,
-				maxSearchLimit: config.maxSearchLimit
+				maxSearchLimit: config.maxSearchLimit,
+				vaultResolver: vaultResolverForAuthDir(this.options.authDir)
 			}));
 			const sharedOptions = {
 				...this.options.authDir ? { authDir: this.options.authDir } : {},
@@ -63329,8 +63923,9 @@ var CapletsEngine = class {
 			configPath: resolveConfigPath(options.configPath),
 			projectConfigPath: options.projectConfigPath ?? resolveProjectConfigPath()
 		};
-		this.configLoader = options.configLoader ?? loadConfig;
-		const config = this.configLoader(this.paths.configPath, this.paths.projectConfigPath);
+		this.writeErr = options.writeErr ?? ((value) => process.stderr.write(value));
+		this.configLoader = options.configLoader ?? runtimeConfigLoader(options.authDir, options.vaultRecoveryTarget);
+		const config = this.loadConfigWithWarnings();
 		this.registry = new ServerRegistry(config);
 		this.downstream = new DownstreamManager(this.registry, selectAuthOptions(options.authDir));
 		this.openapi = new OpenApiManager(this.registry, selectHttpLikeOptions(options));
@@ -63341,7 +63936,6 @@ var CapletsEngine = class {
 		this.capletSets = new CapletSetManager(this.registry, selectHttpLikeOptions(options));
 		this.watchDebounceMs = options.watchDebounceMs ?? 250;
 		this.watchEnabled = options.watch ?? true;
-		this.writeErr = options.writeErr ?? ((value) => process.stderr.write(value));
 		this.observedOutputShapeStore = options.observedOutputShapeStore ?? new FileObservedOutputShapeStore(options.observedOutputShapeCacheDir ?? DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR);
 		this.observedOutputShapeScope = options.observedOutputShapeScope ?? "local";
 		this.projectFingerprint = options.projectFingerprint ?? safeProjectFingerprint();
@@ -63434,7 +64028,7 @@ var CapletsEngine = class {
 		}
 	}
 	async completeCliWords(words) {
-		const { completeCliWords } = await import("./completion-De4t5MtT.js").then((n) => n.r);
+		const { completeCliWords } = await import("./completion-CFOJucl5.js").then((n) => n.r);
 		return await completeCliWords(words, {
 			config: this.registry.config,
 			managers: {
@@ -63508,7 +64102,7 @@ var CapletsEngine = class {
 		if (this.closed) return false;
 		let nextConfig;
 		try {
-			nextConfig = this.configLoader(this.paths.configPath, this.paths.projectConfigPath);
+			nextConfig = this.loadConfigWithWarnings();
 		} catch (error) {
 			this.writeErr(`Caplets config reload failed; keeping last known-good config.\n`);
 			this.writeErr(`${JSON.stringify(toSafeError(error, "CONFIG_INVALID"), null, 2)}\n`);
@@ -63542,6 +64136,11 @@ var CapletsEngine = class {
 		});
 		return invalidated;
 	}
+	loadConfigWithWarnings() {
+		return this.configLoader(this.paths.configPath, this.paths.projectConfigPath, { writeWarning: (warning) => {
+			this.writeErr(`Warning: ${warning.kind} at ${warning.path}: ${warning.message}\n`);
+		} });
+	}
 	async reloadUntilSettled() {
 		let succeeded = true;
 		do {
@@ -63631,6 +64230,14 @@ var CapletsEngine = class {
 		}, this.watchDebounceMs);
 	}
 };
+function runtimeConfigLoader(authDir, vaultRecoveryTarget) {
+	const vaultResolver = vaultResolverForAuthDir(authDir);
+	return (configPath, projectConfigPath, options) => loadLocalRuntimeConfig(configPath, projectConfigPath, {
+		...options,
+		vaultResolver,
+		vaultRecoveryTarget
+	});
+}
 function selectAuthOptions(authDir) {
 	return authDir ? { authDir } : {};
 }
@@ -80061,6 +80668,79 @@ var CapletsCloudClient = class {
 		});
 		if (!response.ok) throw new Error(`Caplets Cloud Project Binding update failed: HTTP ${response.status}`);
 	}
+	async setVaultValue(input) {
+		const response = await this.fetchImpl(this.endpoint(`api/workspaces/${encodeURIComponent(input.workspace)}/vault/values/${encodeURIComponent(input.name)}`), {
+			method: "PUT",
+			headers: this.headers({ json: true }),
+			body: JSON.stringify({
+				value: input.value,
+				force: Boolean(input.force),
+				...input.grant ? { grant: input.grant } : {},
+				...input.referenceName ? { referenceName: input.referenceName } : {}
+			})
+		});
+		if (!response.ok) throw new Error(`Caplets Cloud Vault set failed: HTTP ${response.status}`);
+		return await response.json();
+	}
+	async getVaultValue(input) {
+		const url = this.endpoint(`api/workspaces/${encodeURIComponent(input.workspace)}/vault/values/${encodeURIComponent(input.name)}`);
+		if (input.reveal) {
+			url.searchParams.set("reveal", "true");
+			url.searchParams.set("revealContext", input.revealContext ?? "human-cli");
+		}
+		const response = await this.fetchImpl(url, {
+			method: "GET",
+			headers: this.headers()
+		});
+		if (!response.ok) throw new Error(`Caplets Cloud Vault get failed: HTTP ${response.status}`);
+		return await response.json();
+	}
+	async listVaultValues(input) {
+		const response = await this.fetchImpl(this.endpoint(`api/workspaces/${encodeURIComponent(input.workspace)}/vault/values`), {
+			method: "GET",
+			headers: this.headers()
+		});
+		if (!response.ok) throw new Error(`Caplets Cloud Vault list failed: HTTP ${response.status}`);
+		return await response.json();
+	}
+	async deleteVaultValue(input) {
+		const response = await this.fetchImpl(this.endpoint(`api/workspaces/${encodeURIComponent(input.workspace)}/vault/values/${encodeURIComponent(input.name)}`), {
+			method: "DELETE",
+			headers: this.headers()
+		});
+		if (!response.ok) throw new Error(`Caplets Cloud Vault delete failed: HTTP ${response.status}`);
+		return await response.json();
+	}
+	async grantVaultAccess(input) {
+		const response = await this.fetchImpl(this.endpoint(`api/workspaces/${encodeURIComponent(input.workspace)}/vault/access/${encodeURIComponent(input.name)}/${encodeURIComponent(input.capletId)}`), {
+			method: "PUT",
+			headers: this.headers({ json: true }),
+			body: JSON.stringify({ referenceName: input.referenceName ?? input.name })
+		});
+		if (!response.ok) throw new Error(`Caplets Cloud Vault access grant failed: HTTP ${response.status}`);
+		return await response.json();
+	}
+	async listVaultAccess(input) {
+		const url = this.endpoint(`api/workspaces/${encodeURIComponent(input.workspace)}/vault/access`);
+		if (input.name) url.searchParams.set("name", input.name);
+		if (input.capletId) url.searchParams.set("capletId", input.capletId);
+		const response = await this.fetchImpl(url, {
+			method: "GET",
+			headers: this.headers()
+		});
+		if (!response.ok) throw new Error(`Caplets Cloud Vault access list failed: HTTP ${response.status}`);
+		return await response.json();
+	}
+	async revokeVaultAccess(input) {
+		const url = this.endpoint(`api/workspaces/${encodeURIComponent(input.workspace)}/vault/access/${encodeURIComponent(input.name)}/${encodeURIComponent(input.capletId)}`);
+		if (input.referenceName) url.searchParams.set("referenceName", input.referenceName);
+		const response = await this.fetchImpl(url, {
+			method: "DELETE",
+			headers: this.headers()
+		});
+		if (!response.ok) throw new Error(`Caplets Cloud Vault access revoke failed: HTTP ${response.status}`);
+		return await response.json();
+	}
 	headers(options = {}) {
 		const headers = new Headers();
 		headers.set("authorization", `Bearer ${this.options.accessToken}`);
@@ -81020,13 +81700,16 @@ function isAuthFailure(error) {
 }
 function isPermanentRemoteCredentialsError(error) {
 	const candidate = error;
-	if (candidate?.projectBindingCode === "remote_credentials_required" || candidate?.projectBindingCode === "remote_auth_failed") return true;
+	if (isPermanentRemoteCredentialsCode(candidate?.projectBindingCode)) return true;
 	if (isPlainObject(candidate?.details)) {
 		const code = candidate.details.code;
-		if (code === "remote_credentials_required" || code === "remote_auth_failed") return true;
+		if (isPermanentRemoteCredentialsCode(code)) return true;
 	}
 	return isAuthFailure(error);
 }
+function isPermanentRemoteCredentialsCode(code) {
+	return code === "remote_credentials_required" || code === "remote_credentials_revoked" || code === "remote_auth_failed";
+}
 //#endregion
 //#region src/cloud-auth/errors.ts
 const SECRET_PATTERN = /(cap_access_[a-z0-9._~+/=-]+|cap_refresh_[a-z0-9._~+/=-]+|one_time_code_[a-z0-9._~+/=-]+|Bearer\s+)[^\s"]*/giu;
@@ -81189,6 +81872,7 @@ const PROJECT_BINDING_ERROR_CODES = [
 	"subscription_past_due",
 	"email_verification_required",
 	"remote_credentials_required",
+	"remote_credentials_revoked",
 	"remote_auth_failed"
 ];
 var ProjectBindingError = class extends CapletsError {
@@ -81222,6 +81906,7 @@ function recoveryCommandFor(code) {
 		case "workspace_switch_required": return "caplets remote login <cloud-url> --workspace <workspace>";
 		case "sync_size_limit_exceeded": return "Add exclusions to .capletsignore or upgrade the workspace plan.";
 		case "remote_credentials_required":
+		case "remote_credentials_revoked":
 		case "remote_auth_failed": return "caplets remote login <url>";
 		case "endpoint_unavailable":
 		case "websocket_upgrade_required": return "caplets doctor";
@@ -81399,6 +82084,7 @@ function remoteProfileStatus(input) {
 		kind: input.kind,
 		key,
 		hostUrl,
+		...input.hostIdentity ? { hostIdentity: input.hostIdentity } : {},
 		...input.workspaceId ? { workspaceId: input.workspaceId } : {},
 		...input.workspaceSlug ? { workspaceSlug: input.workspaceSlug } : {},
 		...input.clientId ? { clientId: input.clientId } : {},
@@ -81456,7 +82142,9 @@ var FileRemoteProfileStore = class {
 			kind: "self-hosted",
 			hostUrl: normalizeRemoteProfileHostUrl(input.hostUrl)
 		});
-		return this.statusByKey(key, false);
+		const status = await this.statusByKey(key, false);
+		assertHostIdentityMatches(status, input.hostIdentity);
+		return status;
 	}
 	async logoutSelfHostedProfile(input) {
 		return await this.withMutationLock(async () => {
@@ -81525,7 +82213,7 @@ var FileRemoteProfileStore = class {
 		}
 		const selected = this.readSelectedWorkspace(hostUrl);
 		if (selected) return this.statusByKey(selected.profileKey, true);
-		if (this.listProfilesForHost(hostUrl).length > 0) throw new CapletsError("REQUEST_INVALID", "Cloud Remote Profile requires a selected or explicit workspace.");
+		if (this.listProfilesForHost(hostUrl).length > 0) throw cloudWorkspaceAmbiguityError();
 		return this.migrateLegacyCloudProfile(hostUrl);
 	}
 	async listCloudProfileStatuses(hostUrlInput) {
@@ -81553,7 +82241,7 @@ var FileRemoteProfileStore = class {
 			let key;
 			if (workspace) key = this.listProfilesForHost(hostUrl).find((profile) => profileMatchesWorkspace(profile, workspace))?.key;
 			else if (selected) key = selected.profileKey;
-			else if (this.listProfilesForHost(hostUrl).length > 0) throw new CapletsError("REQUEST_INVALID", "Cloud Remote Profile requires a selected or explicit workspace.");
+			else if (this.listProfilesForHost(hostUrl).length > 0) throw cloudWorkspaceAmbiguityError();
 			if (!key) return false;
 			const profile = this.readProfile(key);
 			await this.credentials.delete(key);
@@ -81593,7 +82281,7 @@ var FileRemoteProfileStore = class {
 		else {
 			const selected = this.readSelectedWorkspace(hostUrl);
 			if (selected) status = await this.statusByKey(selected.profileKey, true);
-			else if (this.listProfilesForHost(hostUrl).length > 0) throw new CapletsError("REQUEST_INVALID", "Cloud Remote Profile requires a selected or explicit workspace.");
+			else if (this.listProfilesForHost(hostUrl).length > 0) throw cloudWorkspaceAmbiguityError();
 		}
 		if (!status) return void 0;
 		const credential = await this.credentials.load(status.key);
@@ -81646,6 +82334,7 @@ var FileRemoteProfileStore = class {
 			kind: profile.kind,
 			key: profile.key,
 			hostUrl: profile.hostUrl,
+			hostIdentity: profile.hostIdentity,
 			workspaceId: profile.workspaceId,
 			workspaceSlug: profile.workspaceSlug,
 			clientId: profile.clientId,
@@ -81666,11 +82355,13 @@ var FileRemoteProfileStore = class {
 		});
 		const now = (input.now ?? /* @__PURE__ */ new Date()).toISOString();
 		const existing = this.readProfile(key);
+		const hostIdentity = input.hostIdentity ?? existing?.hostIdentity;
 		const profile = {
 			version: 1,
 			kind: "self-hosted",
 			key,
 			hostUrl,
+			...hostIdentity ? { hostIdentity } : {},
 			clientId: input.clientId,
 			...input.clientLabel ? { clientLabel: input.clientLabel } : {},
 			createdAt: existing?.createdAt ?? now,
@@ -81843,6 +82534,14 @@ function legacyCredential(credentials) {
 		...credentials.tokenType ? { tokenType: credentials.tokenType } : {}
 	};
 }
+function assertHostIdentityMatches(status, expectedHostIdentity) {
+	if (!status || !expectedHostIdentity || !status.hostIdentity) return;
+	if (status.hostIdentity === expectedHostIdentity) return;
+	throw new CapletsError("AUTH_FAILED", "Remote Profile belongs to a different host identity.");
+}
+function cloudWorkspaceAmbiguityError() {
+	return new CapletsError("REQUEST_INVALID", "Cloud Remote Profile requires a selected or explicit workspace.", { reason: "cloud_workspace_ambiguous" });
+}
 function parseStoredRemoteProfile(value) {
 	if (!isRecord$1(value)) return void 0;
 	if (value.version !== 1) return void 0;
@@ -81855,6 +82554,7 @@ function parseStoredRemoteProfile(value) {
 		kind: value.kind,
 		key: value.key,
 		hostUrl: value.hostUrl,
+		...typeof value.hostIdentity === "string" ? { hostIdentity: value.hostIdentity } : {},
 		...typeof value.workspaceId === "string" ? { workspaceId: value.workspaceId } : {},
 		...typeof value.workspaceSlug === "string" ? { workspaceSlug: value.workspaceSlug } : {},
 		...typeof value.clientId === "string" ? { clientId: value.clientId } : {},
@@ -81941,11 +82641,11 @@ async function resolveRemoteSelection(input = {}, env = process.env) {
 	const explicitWorkspace = input.workspace ?? (workspaceFromRemoteUrl ? void 0 : env.CAPLETS_REMOTE_WORKSPACE);
 	const profileWorkspace = workspaceFromRemoteUrl ?? explicitWorkspace;
 	const normalizedRemoteUrl = normalizeRemoteProfileHostUrl(remoteUrl);
-	let status = await store.getCloudProfileStatus({
+	let status = await getCloudProfileStatusForSelection(store, {
 		hostUrl: normalizedRemoteUrl,
 		workspace: profileWorkspace
 	});
-	if (!status && profileWorkspace) status = await store.getCloudProfileStatus({ hostUrl: normalizedRemoteUrl });
+	if (!status && profileWorkspace) status = await getCloudProfileStatusForSelection(store, { hostUrl: normalizedRemoteUrl });
 	let credential = status ? await store.credentials.load(status.key) : void 0;
 	if (!status || !credential?.accessToken) throw projectBindingError("cloud_auth_required");
 	let credentials = cloudCredentialsFromRemoteProfile(status, credential);
@@ -82023,7 +82723,7 @@ async function refreshSelfHostedCredentials(remoteUrl, refreshToken, options) {
 }
 async function selfHostedRefreshError(remoteUrl, response) {
 	const summary = await parseSelfHostedRefreshError(response);
-	if (response.status === 401 || summary?.code === "AUTH_FAILED") return remoteLoginRequired(remoteUrl);
+	if (response.status === 401 || summary?.code === "AUTH_FAILED" || summary?.code === "REMOTE_CREDENTIALS_REVOKED") return selfHostedRefreshLooksRevoked(summary) ? remoteLoginRevoked(remoteUrl) : remoteLoginRequired(remoteUrl);
 	if (response.status === 503 || summary?.code === "SERVER_UNAVAILABLE") return new CapletsError("SERVER_UNAVAILABLE", summary?.message ?? "Remote credential refresh is temporarily unavailable.");
 	return new CapletsError("AUTH_REFRESH_FAILED", summary?.message ?? `Remote credential refresh failed with HTTP ${response.status}.`);
 }
@@ -82069,6 +82769,30 @@ function remoteLoginRequired(remoteUrl) {
 		recoveryCommand: `caplets remote login ${normalizeRemoteProfileHostUrl(remoteUrl)}`
 	});
 }
+function remoteLoginRevoked(remoteUrl) {
+	const normalizedUrl = normalizeRemoteProfileHostUrl(remoteUrl);
+	return new ProjectBindingError({
+		code: "remote_credentials_revoked",
+		message: `Remote credentials for ${normalizedUrl} were revoked or rejected. Run Remote Login again and ask the server operator to approve the pending login.`,
+		recoveryCommand: `caplets remote login ${normalizedUrl}`
+	});
+}
+function selfHostedRefreshLooksRevoked(summary) {
+	if (summary?.code === "REMOTE_CREDENTIALS_REVOKED") return true;
+	return /revoked|rejected|stale/iu.test(summary?.message ?? "");
+}
+async function getCloudProfileStatusForSelection(store, input) {
+	try {
+		return await store.getCloudProfileStatus(input);
+	} catch (error) {
+		if (isCloudWorkspaceAmbiguity(error)) throw projectBindingError("workspace_switch_required", "Cloud Remote Profile requires a selected or explicit workspace.");
+		throw error;
+	}
+}
+function isCloudWorkspaceAmbiguity(error) {
+	const details = error instanceof CapletsError ? error.details : void 0;
+	return error instanceof CapletsError && error.code === "REQUEST_INVALID" && typeof details === "object" && details !== null && !Array.isArray(details) && details.reason === "cloud_workspace_ambiguous";
+}
 async function parseSelfHostedRefreshCredentials(response) {
 	const parsed = await response.json();
 	if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Remote refresh response must be an object.");
@@ -82867,4 +83591,4 @@ function errorMessage(error) {
 	return error instanceof Error ? error.message : String(error);
 }
 //#endregion
-export { decodeDirectResourceUri as $, ElicitResultSchema as $t, nativeCapletToolDescription as A, objectFromShape as An, defaultCacheBaseDir as At, QuickJsCodeModeSandbox as B, assertClientRequestTaskCapability as Bt, resolveRemoteMode as C, getLiteralValue as Cn, startOAuthFlow as Ct, parseServerBaseUrl as D, isSchemaOptional as Dn, DEFAULT_AUTH_DIR as Dt, isLoopbackHost as E, getSchemaDescription as En, readTokenBundle as Et, codeModeRunInputSchema as F, resolveConfigPath as Ft, CodeModeLogStore as G, toJsonSchemaCompat as Gt, createCodeModeCapletsApi as H, AjvJsonSchemaValidator as Ht, codeModeRunParamsSchema as I, resolveProjectCapletsRoot as It, generateCodeModeDeclarations as J, CompleteRequestSchema as Jt, redactCodeModeLogText as K, CallToolRequestSchema as Kt, emptyCodeModeRunMeta as L, resolveProjectConfigPath as Lt, nativeCapletsSystemGuidance as M, safeParseAsync as Mn, defaultConfigPath as Mt, nativeCodeModeToolId as N, __exportAll as Nn, defaultStateBaseDir as Nt, resolveCapletsServer as O, isZ4Schema as On, DEFAULT_COMPLETION_CACHE_DIR as Ot, nativeCodeModeToolName as P, resolveCapletsRoot as Pt, resolveExposure as Q, DEFAULT_NEGOTIATED_PROTOCOL_VERSION as Qt, runCodeMode as R, ReadBuffer as Rt, resolveHostedCloudRemote as S, isJSONRPCResultResponse as Sn, startGenericOAuthFlow as St, controlUrlForBase as T, getParseErrorMessage as Tn, isTokenBundleExpired as Tt, listCodeModeCallableCaplets as U, Protocol as Ut, diagnoseCodeModeTypeScript as V, assertToolsCallTaskCapability as Vt, CodeModeJournalStore as W, mergeCapabilities as Wt, minifyCodeModeDeclarationText as X, CreateMessageResultWithToolsSchema as Xt, generateCodeModeRunToolDescription as Y, CreateMessageResultSchema as Yt, CapletsEngine as Z, CreateTaskResultSchema as Zt, resolveNativeCapletsServiceOptions as _, assertCompleteRequestPrompt as _n, markdownCallToolResultContent as _t, CloudAuthStore as a, JSONRPCMessageSchema as an, capabilityDescription as at, normalizeRemoteProfileHostUrl as b, isJSONRPCErrorResponse as bn, runGenericOAuthFlow as bt, redactedCloudAuthStatus as c, ListResourceTemplatesRequestSchema as cn, loadConfigWithSources as ct, projectBindingError as d, ListToolsRequestSchema as dn, loadProjectConfig as dt, EmptyResultSchema as en, directResourceUriMatchesTemplate as et, projectBindingRecovery as f, LoggingLevelSchema as fn, parseConfig as ft, buildProjectSyncManifest as g, SetLevelRequestSchema as gn, hasRenderableStructuredContent as gt, createSdkRemoteCapletsClient as h, SUPPORTED_PROTOCOL_VERSIONS as hn, loadCapletFilesFromMap as ht, createRemoteProfileStore as i, InitializedNotificationSchema as in, ServerRegistry as it, nativeCapletToolName as j, safeParse as jn, defaultConfigBaseDir as jt, nativeCapletPromptGuidance as k, normalizeObjectSchema as kn, DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR as kt, PROJECT_BINDING_ERROR_CODES as l, ListResourcesRequestSchema as ln, loadGlobalConfig as lt, RemoteNativeCapletsService as m, ReadResourceRequestSchema as mn, validateCapletFile as mt, resolveRemoteSelection as n, GetPromptRequestSchema as nn, fingerprintProjectRoot as nt, cloudAuthPath as o, LATEST_PROTOCOL_VERSION as on, GoogleDiscoveryManager as ot, CloudAuthClient as p, McpError as pn, discoverCapletFiles as pt, codeModeDeclarationHash as q, CallToolResultSchema as qt, cloudCredentialsFromRemoteProfile as r, InitializeRequestSchema as rn, handleServerTool as rt, migrateCredentials as s, ListPromptsRequestSchema as sn, loadConfig as st, createNativeCapletsService as t, ErrorCode as tn, findProjectRoot as tt, ProjectBindingError as u, ListRootsResultSchema as un, loadLocalOverlayConfigWithSources as ut, hostedCloudWorkspaceFromRemoteUrl as v, assertCompleteRequestResourceTemplate as vn, markdownStructuredContent as vt, appendBasePath as w, getObjectShape as wn, deleteTokenBundle as wt, resolveCapletsRemote as x, isJSONRPCRequest as xn, runOAuthFlow as xt, isCapletsCloudUrl as y, isInitializeRequest as yn, refreshOAuthTokenBundle as yt, CodeModeSessionManager as z, serializeMessage as zt };
+export { resolveExposure as $, mergeCapabilities as $t, nativeCapletPromptGuidance as A, isJSONRPCRequest as An, runOAuthFlow as At, CodeModeSessionManager as B, safeParse as Bn, defaultConfigBaseDir as Bt, resolveHostedCloudRemote as C, ReadResourceRequestSchema as Cn, validateCapletFile as Ct, isLoopbackHost as D, assertCompleteRequestResourceTemplate as Dn, markdownStructuredContent as Dt, controlUrlForBase as E, assertCompleteRequestPrompt as En, markdownCallToolResultContent as Et, nativeCodeModeToolName as F, getSchemaDescription as Fn, readTokenBundle as Ft, CodeModeJournalStore as G, resolveProjectCapletsRoot as Gt, diagnoseCodeModeTypeScript as H, __exportAll as Hn, defaultStateBaseDir as Ht, codeModeRunInputSchema as I, isSchemaOptional as In, DEFAULT_AUTH_DIR as It, codeModeDeclarationHash as J, serializeMessage as Jt, CodeModeLogStore as K, resolveProjectConfigPath as Kt, codeModeRunParamsSchema as L, isZ4Schema as Ln, DEFAULT_COMPLETION_CACHE_DIR as Lt, nativeCapletToolName as M, getLiteralValue as Mn, startOAuthFlow as Mt, nativeCapletsSystemGuidance as N, getObjectShape as Nn, deleteTokenBundle as Nt, parseServerBaseUrl as O, isInitializeRequest as On, refreshOAuthTokenBundle as Ot, nativeCodeModeToolId as P, getParseErrorMessage as Pn, isTokenBundleExpired as Pt, CapletsEngine as Q, Protocol as Qt, emptyCodeModeRunMeta as R, normalizeObjectSchema as Rn, DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR as Rt, resolveCapletsRemote as S, McpError as Sn, discoverCapletFiles as St, appendBasePath as T, SetLevelRequestSchema as Tn, hasRenderableStructuredContent as Tt, createCodeModeCapletsApi as U, resolveCapletsRoot as Ut, QuickJsCodeModeSandbox as V, safeParseAsync as Vn, defaultConfigPath as Vt, listCodeModeCallableCaplets as W, resolveConfigPath as Wt, generateCodeModeRunToolDescription as X, assertToolsCallTaskCapability as Xt, generateCodeModeDeclarations as Y, assertClientRequestTaskCapability as Yt, minifyCodeModeDeclarationText as Z, AjvJsonSchemaValidator as Zt, CapletsCloudClient as _, ListResourceTemplatesRequestSchema as _n, FileVaultStore as _t, CloudAuthStore as a, CreateMessageResultWithToolsSchema as an, ServerRegistry as at, isCapletsCloudUrl as b, ListToolsRequestSchema as bn, decryptVaultValue as bt, redactedCloudAuthStatus as c, ElicitResultSchema as cn, loadConfig as ct, projectBindingError as d, GetPromptRequestSchema as dn, loadLocalOverlayConfigWithSources as dt, toJsonSchemaCompat as en, decodeDirectResourceUri as et, projectBindingRecovery as f, InitializeRequestSchema as fn, loadProjectConfig as ft, buildProjectSyncManifest as g, ListPromptsRequestSchema as gn, vaultStoreForAuthDir as gt, createSdkRemoteCapletsClient as h, LATEST_PROTOCOL_VERSION as hn, vaultResolverForAuthDir as ht, createRemoteProfileStore as i, CreateMessageResultSchema as in, handleServerTool as it, nativeCapletToolDescription as j, isJSONRPCResultResponse as jn, startGenericOAuthFlow as jt, resolveCapletsServer as k, isJSONRPCErrorResponse as kn, runGenericOAuthFlow as kt, PROJECT_BINDING_ERROR_CODES as l, EmptyResultSchema as ln, loadConfigWithSources as lt, RemoteNativeCapletsService as m, JSONRPCMessageSchema as mn, vaultBootstrapResolver as mt, resolveRemoteSelection as n, CallToolResultSchema as nn, findProjectRoot as nt, cloudAuthPath as o, CreateTaskResultSchema as on, capabilityDescription as ot, CloudAuthClient as p, InitializedNotificationSchema as pn, parseConfig as pt, redactCodeModeLogText as q, ReadBuffer as qt, cloudCredentialsFromRemoteProfile as r, CompleteRequestSchema as rn, fingerprintProjectRoot as rt, migrateCredentials as s, DEFAULT_NEGOTIATED_PROTOCOL_VERSION as sn, GoogleDiscoveryManager as st, createNativeCapletsService as t, CallToolRequestSchema as tn, directResourceUriMatchesTemplate as tt, ProjectBindingError as u, ErrorCode as un, loadGlobalConfig as ut, resolveNativeCapletsServiceOptions as v, ListResourcesRequestSchema as vn, VAULT_MAX_VALUE_BYTES as vt, resolveRemoteMode as w, SUPPORTED_PROTOCOL_VERSIONS as wn, loadCapletFilesFromMap as wt, normalizeRemoteProfileHostUrl as x, LoggingLevelSchema as xn, encryptVaultValue as xt, hostedCloudWorkspaceFromRemoteUrl as y, ListRootsResultSchema as yn, validateVaultKeyName as yt, runCodeMode as z, objectFromShape as zn, defaultCacheBaseDir as zt };