npm - @caplets/core - Versions diffs - 0.26.0 → 0.26.1 - Mend

@caplets/core 0.26.0 → 0.26.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (16) hide show

package/dist/cli.d.ts +5 -0
package/dist/{completion-DaYL-XQN.js → completion-CFOJucl5.js} +2 -2
package/dist/config-runtime.js +1 -1
package/dist/daemon/host-path.d.ts +8 -0
package/dist/errors.d.ts +1 -1
package/dist/index.js +820 -172
package/dist/native.js +1 -1
package/dist/project-binding/errors.d.ts +1 -1
package/dist/remote/profile-store.d.ts +2 -0
package/dist/remote/profiles.d.ts +2 -0
package/dist/remote/server-credential-store.d.ts +100 -1
package/dist/remote/server-credentials.d.ts +18 -0
package/dist/serve/http.d.ts +5 -0
package/dist/{service-rvZ7z6FI.js → service-aBIn4nrw.js} +56 -12
package/dist/{validation-C4tYXw6G.js → validation-GD2x5HW1.js} +1 -0
package/package.json +1 -1

package/dist/index.js CHANGED Viewed

@@ -1,9 +1,9 @@
-import { $ as resolveExposure, $t as CallToolRequestSchema, A as nativeCapletPromptGuidance, An as getLiteralValue, At as startOAuthFlow, B as CodeModeSessionManager, Bt as defaultStateBaseDir, C as resolveHostedCloudRemote, Cn as SetLevelRequestSchema, Ct as hasRenderableStructuredContent, D as isLoopbackHost, Dn as isJSONRPCErrorResponse, Dt as runGenericOAuthFlow, E as controlUrlForBase, En as isInitializeRequest, Et as refreshOAuthTokenBundle, Fn as isZ4Schema, G as CodeModeJournalStore, Gt as ReadBuffer, H as diagnoseCodeModeTypeScript, Ht as resolveConfigPath, I as codeModeRunInputSchema, In as normalizeObjectSchema, It as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, J as codeModeDeclarationHash, Jt as assertToolsCallTaskCapability, K as CodeModeLogStore, Kt as serializeMessage, L as codeModeRunParamsSchema, Ln as objectFromShape, Lt as defaultCacheBaseDir, M as nativeCapletToolName, Mn as getParseErrorMessage, Mt as isTokenBundleExpired, Nn as getSchemaDescription, Nt as readTokenBundle, O as parseServerBaseUrl, On as isJSONRPCRequest, Ot as runOAuthFlow, Pn as isSchemaOptional, Pt as DEFAULT_AUTH_DIR, Q as CapletsEngine, Qt as toJsonSchemaCompat, R as emptyCodeModeRunMeta, Rn as safeParse, Rt as defaultConfigBaseDir, S as resolveCapletsRemote, Sn as SUPPORTED_PROTOCOL_VERSIONS, St as loadCapletFilesFromMap, T as appendBasePath, Tn as assertCompleteRequestResourceTemplate, Tt as markdownStructuredContent, U as createCodeModeCapletsApi, Ut as resolveProjectCapletsRoot, V as QuickJsCodeModeSandbox, Vt as resolveCapletsRoot, W as listCodeModeCallableCaplets, Wt as resolveProjectConfigPath, X as generateCodeModeRunToolDescription, Xt as Protocol, Y as generateCodeModeDeclarations, Yt as AjvJsonSchemaValidator, Z as minifyCodeModeDeclarationText, Zt as mergeCapabilities, _ as CapletsCloudClient, _n as ListRootsResultSchema, _t as FileVaultStore, a as CloudAuthStore, at as ServerRegistry, b as isCapletsCloudUrl, bn as McpError, bt as discoverCapletFiles, c as redactedCloudAuthStatus, cn as ErrorCode, ct as loadConfig, d as projectBindingError, dn as InitializedNotificationSchema, dt as loadLocalOverlayConfigWithSources, en as CallToolResultSchema, et as decodeDirectResourceUri, f as projectBindingRecovery, fn as JSONRPCMessageSchema, ft as loadProjectConfig, g as buildProjectSyncManifest, gn as ListResourcesRequestSchema, gt as vaultStoreForAuthDir, hn as ListResourceTemplatesRequestSchema, ht as vaultResolverForAuthDir, i as createRemoteProfileStore, in as CreateTaskResultSchema, it as handleServerTool, j as nativeCapletToolDescription, jn as getObjectShape, jt as deleteTokenBundle, k as resolveCapletsServer, kn as isJSONRPCResultResponse, kt as startGenericOAuthFlow, l as PROJECT_BINDING_ERROR_CODES, ln as GetPromptRequestSchema, lt as loadConfigWithSources, mn as ListPromptsRequestSchema, mt as vaultBootstrapResolver, n as resolveRemoteSelection, nn as CreateMessageResultSchema, nt as findProjectRoot, o as cloudAuthPath, on as ElicitResultSchema, ot as capabilityDescription, p as CloudAuthClient, pn as LATEST_PROTOCOL_VERSION, pt as parseConfig, q as redactCodeModeLogText, qt as assertClientRequestTaskCapability, r as cloudCredentialsFromRemoteProfile, rn as CreateMessageResultWithToolsSchema, rt as fingerprintProjectRoot, s as migrateCredentials, sn as EmptyResultSchema, st as GoogleDiscoveryManager, t as createNativeCapletsService, tn as CompleteRequestSchema, tt as directResourceUriMatchesTemplate, u as ProjectBindingError, un as InitializeRequestSchema, ut as loadGlobalConfig, vn as ListToolsRequestSchema, vt as VAULT_MAX_VALUE_BYTES, w as resolveRemoteMode, wn as assertCompleteRequestPrompt, wt as markdownCallToolResultContent, x as normalizeRemoteProfileHostUrl, xn as ReadResourceRequestSchema, xt as validateCapletFile, y as hostedCloudWorkspaceFromRemoteUrl, yn as LoggingLevelSchema, yt as validateVaultKeyName, z as runCodeMode, zn as safeParseAsync, zt as defaultConfigPath } from "./service-rvZ7z6FI.js";
+import { $ as resolveExposure, $t as mergeCapabilities, A as nativeCapletPromptGuidance, An as isJSONRPCRequest, At as runOAuthFlow, B as CodeModeSessionManager, Bn as safeParse, Bt as defaultConfigBaseDir, C as resolveHostedCloudRemote, Cn as ReadResourceRequestSchema, Ct as validateCapletFile, D as isLoopbackHost, Dn as assertCompleteRequestResourceTemplate, Dt as markdownStructuredContent, E as controlUrlForBase, En as assertCompleteRequestPrompt, Et as markdownCallToolResultContent, Fn as getSchemaDescription, Ft as readTokenBundle, G as CodeModeJournalStore, Gt as resolveProjectCapletsRoot, H as diagnoseCodeModeTypeScript, Ht as defaultStateBaseDir, I as codeModeRunInputSchema, In as isSchemaOptional, It as DEFAULT_AUTH_DIR, J as codeModeDeclarationHash, Jt as serializeMessage, K as CodeModeLogStore, Kt as resolveProjectConfigPath, L as codeModeRunParamsSchema, Ln as isZ4Schema, M as nativeCapletToolName, Mn as getLiteralValue, Mt as startOAuthFlow, Nn as getObjectShape, Nt as deleteTokenBundle, O as parseServerBaseUrl, On as isInitializeRequest, Ot as refreshOAuthTokenBundle, Pn as getParseErrorMessage, Pt as isTokenBundleExpired, Q as CapletsEngine, Qt as Protocol, R as emptyCodeModeRunMeta, Rn as normalizeObjectSchema, Rt as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, S as resolveCapletsRemote, Sn as McpError, St as discoverCapletFiles, T as appendBasePath, Tn as SetLevelRequestSchema, Tt as hasRenderableStructuredContent, U as createCodeModeCapletsApi, Ut as resolveCapletsRoot, V as QuickJsCodeModeSandbox, Vn as safeParseAsync, Vt as defaultConfigPath, W as listCodeModeCallableCaplets, Wt as resolveConfigPath, X as generateCodeModeRunToolDescription, Xt as assertToolsCallTaskCapability, Y as generateCodeModeDeclarations, Yt as assertClientRequestTaskCapability, Z as minifyCodeModeDeclarationText, Zt as AjvJsonSchemaValidator, _ as CapletsCloudClient, _n as ListResourceTemplatesRequestSchema, _t as FileVaultStore, a as CloudAuthStore, an as CreateMessageResultWithToolsSchema, at as ServerRegistry, b as isCapletsCloudUrl, bn as ListToolsRequestSchema, bt as decryptVaultValue, c as redactedCloudAuthStatus, cn as ElicitResultSchema, ct as loadConfig, d as projectBindingError, dn as GetPromptRequestSchema, dt as loadLocalOverlayConfigWithSources, en as toJsonSchemaCompat, et as decodeDirectResourceUri, f as projectBindingRecovery, fn as InitializeRequestSchema, ft as loadProjectConfig, g as buildProjectSyncManifest, gn as ListPromptsRequestSchema, gt as vaultStoreForAuthDir, hn as LATEST_PROTOCOL_VERSION, ht as vaultResolverForAuthDir, i as createRemoteProfileStore, in as CreateMessageResultSchema, it as handleServerTool, j as nativeCapletToolDescription, jn as isJSONRPCResultResponse, jt as startGenericOAuthFlow, k as resolveCapletsServer, kn as isJSONRPCErrorResponse, kt as runGenericOAuthFlow, l as PROJECT_BINDING_ERROR_CODES, ln as EmptyResultSchema, lt as loadConfigWithSources, mn as JSONRPCMessageSchema, mt as vaultBootstrapResolver, n as resolveRemoteSelection, nn as CallToolResultSchema, nt as findProjectRoot, o as cloudAuthPath, on as CreateTaskResultSchema, ot as capabilityDescription, p as CloudAuthClient, pn as InitializedNotificationSchema, pt as parseConfig, q as redactCodeModeLogText, qt as ReadBuffer, r as cloudCredentialsFromRemoteProfile, rn as CompleteRequestSchema, rt as fingerprintProjectRoot, s as migrateCredentials, st as GoogleDiscoveryManager, t as createNativeCapletsService, tn as CallToolRequestSchema, tt as directResourceUriMatchesTemplate, u as ProjectBindingError, un as ErrorCode, ut as loadGlobalConfig, vn as ListResourcesRequestSchema, vt as VAULT_MAX_VALUE_BYTES, w as resolveRemoteMode, wn as SUPPORTED_PROTOCOL_VERSIONS, wt as loadCapletFilesFromMap, x as normalizeRemoteProfileHostUrl, xn as LoggingLevelSchema, xt as encryptVaultValue, y as hostedCloudWorkspaceFromRemoteUrl, yn as ListRootsResultSchema, yt as validateVaultKeyName, z as runCodeMode, zn as objectFromShape, zt as defaultCacheBaseDir } from "./service-aBIn4nrw.js";
 import { _ as record, b as unknown, d as literal, m as object, n as ZodOptional, o as array, p as number, r as _enum, s as boolean, v as string, x as url } from "./schemas-BoqMu4MG.js";
-import { f as redactSecrets$1, i as SERVER_ID_PATTERN, l as CAPLETS_ERROR_CODES, p as toSafeError, u as CapletsError } from "./validation-C4tYXw6G.js";
+import { f as redactSecrets$1, i as SERVER_ID_PATTERN, l as CAPLETS_ERROR_CODES, p as toSafeError, u as CapletsError } from "./validation-GD2x5HW1.js";
 import { generatedToolInputJsonSchemaForCaplet, generatedToolInputSchema, generatedToolInputSchemaForCaplet } from "./generated-tool-input-schema.js";
 import { f as observedOutputShapeKey, g as stableJsonStringify, h as schemaHash, i as observeOutputShape, u as FileObservedOutputShapeStore } from "./observed-output-shapes-DuP7mJQf.js";
-import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-DaYL-XQN.js";
+import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-CFOJucl5.js";
 import { n as normalizeCapletSourcePath, t as FilesystemCapletSource } from "./filesystem-Kkg32TOJ.js";
 import { parseConfig as parseConfig$1 } from "./config-runtime.js";
 import fs, { accessSync, chmodSync, closeSync, constants, copyFileSync, cpSync, existsSync, fstatSync, lstatSync, mkdirSync, mkdtempSync, openSync, readFileSync, readSync, readdirSync, readlinkSync, realpathSync, renameSync, rmSync, statSync, watch, writeFileSync, writeSync } from "node:fs";
@@ -1553,7 +1553,7 @@ const EMPTY_COMPLETION_RESULT = { completion: {
 } };
 //#endregion
 //#region package.json
-var version = "0.26.0";
+var version = "0.26.1";
 //#endregion
 //#region src/serve/session.ts
 var CapletsMcpSession = class {
@@ -5864,6 +5864,21 @@ function assertPathSegment(value, label) {
 	if (!value || value.includes("/") || value.includes("\\") || value.includes("\0") || value === "." || value === "..") throw new Error(`Invalid ${label}: ${value}`);
 }
 //#endregion
+//#region src/daemon/host-path.ts
+/**
+* Node's POSIX filesystem APIs do not treat backslashes as path separators. Tests
+* sometimes emulate Windows daemon operations with POSIX temp directories, which
+* `node:path.win32` renders as drive-less absolute paths such as
+* `\tmp\caplets-...`. On POSIX hosts those strings would otherwise be created as
+* single backslash-named entries in the current working directory.
+*/
+function daemonHostPath(path) {
+	if (process.platform === "win32") return path;
+	if (!path.startsWith("\\") || path.startsWith("\\\\")) return path;
+	if (/^[A-Za-z]:/u.test(path)) return path;
+	return path.replaceAll("\\", "/");
+}
+//#endregion
 //#region src/daemon/config.ts
 function readDaemonConfig(paths) {
 	return readJson(paths.configFile);
@@ -5877,10 +5892,10 @@ function writeDaemonState(paths, state) {
 	return state;
 }
 function removeDaemonConfig(paths) {
-	rmSync(paths.configFile, { force: true });
+	rmSync(daemonHostPath(paths.configFile), { force: true });
 }
 function removeDaemonState(paths) {
-	rmSync(paths.stateFile, { force: true });
+	rmSync(daemonHostPath(paths.stateFile), { force: true });
 }
 function mergeDaemonEnv(existing, install) {
 	const values = { ...existing?.values };
@@ -5904,20 +5919,22 @@ function validateEnvName(value) {
 	if (!/^[A-Za-z_][A-Za-z0-9_]*$/u.test(value)) throw new CapletsError("REQUEST_INVALID", `Invalid environment variable name: ${value}`);
 }
 function readJson(path) {
+	const hostPath = daemonHostPath(path);
 	try {
-		return JSON.parse(readFileSync(path, "utf8"));
+		return JSON.parse(readFileSync(hostPath, "utf8"));
 	} catch (error) {
 		if (error.code === "ENOENT") return void 0;
 		throw error;
 	}
 }
 function writeJson(path, value) {
-	mkdirSync(dirname(path), {
+	const hostPath = daemonHostPath(path);
+	mkdirSync(dirname(hostPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(path, `${JSON.stringify(value, null, 2)}\n`, { mode: 384 });
-	chmodSync(path, 384);
+	writeFileSync(hostPath, `${JSON.stringify(value, null, 2)}\n`, { mode: 384 });
+	chmodSync(hostPath, 384);
 }
 //#endregion
 //#region src/daemon/logs.ts
@@ -5952,9 +5969,10 @@ async function followDaemonLogs(paths, options) {
 	}).entries) options.write(entry);
 	const watchers = selectedStreams(options.stream ?? "all").map((stream) => {
 		const file = paths[stream === "stdout" ? "stdoutLog" : "stderrLog"];
+		const hostFile = daemonHostPath(file);
 		ensureLogFile(file);
-		let offset = existsSync(file) ? statSync(file).size : 0;
-		return watch(file, { persistent: true }, () => {
+		let offset = existsSync(hostFile) ? statSync(hostFile).size : 0;
+		return watch(hostFile, { persistent: true }, () => {
 			const { content, nextOffset } = readFromOffset(file, offset);
 			offset = nextOffset;
 			for (const line of content.split(/\r?\n/u).filter(Boolean)) options.write({
@@ -5977,13 +5995,14 @@ function selectedStreams(stream) {
 	return stream === "all" ? ["stdout", "stderr"] : [stream];
 }
 function tailLines(path, count) {
-	if (count === 0 || !existsSync(path)) return [];
-	const lines = count < 0 ? readFileSync(path, "utf8").split(/\r?\n/u) : readTailContent(path, count);
+	const hostPath = daemonHostPath(path);
+	if (count === 0 || !existsSync(hostPath)) return [];
+	const lines = count < 0 ? readFileSync(hostPath, "utf8").split(/\r?\n/u) : readTailContent(path, count);
 	if (lines.at(-1) === "") lines.pop();
 	return count < 0 ? lines : lines.slice(-count);
 }
 function readTailContent(path, count) {
-	const fd = openSync(path, "r");
+	const fd = openSync(daemonHostPath(path), "r");
 	try {
 		const size = fstatSync(fd).size;
 		const chunks = [];
@@ -6004,11 +6023,12 @@ function readTailContent(path, count) {
 	}
 }
 function readFromOffset(path, offset) {
-	if (!existsSync(path)) return {
+	const hostPath = daemonHostPath(path);
+	if (!existsSync(hostPath)) return {
 		content: "",
 		nextOffset: 0
 	};
-	const fd = openSync(path, "r");
+	const fd = openSync(hostPath, "r");
 	try {
 		const size = fstatSync(fd).size;
 		if (size <= offset) return {
@@ -6049,12 +6069,13 @@ function logTimestamp(line) {
 	return Number.isNaN(timestamp) ? void 0 : timestamp;
 }
 function ensureLogFile(path) {
-	if (existsSync(path)) return;
-	mkdirSync(dirname(path), {
+	const hostPath = daemonHostPath(path);
+	if (existsSync(hostPath)) return;
+	mkdirSync(dirname(hostPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(path, "", { mode: 384 });
+	writeFileSync(hostPath, "", { mode: 384 });
 }
 //#endregion
 //#region src/daemon/xml.ts
@@ -6245,9 +6266,9 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 	return {
 		descriptor: buildLaunchdDescriptor,
 		status: async (config, paths) => {
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const result = await runner.exec("launchctl", ["print", target]);
-			if (result.code !== 0) return existsSync(paths.descriptorFile) ? stopped({ stderr: result.stderr }) : notInstalled({ stderr: result.stderr });
+			if (result.code !== 0) return existsSync(daemonHostPath(paths.descriptorFile)) ? stopped({ stderr: result.stderr }) : notInstalled({ stderr: result.stderr });
 			const pid = parseNumberMatch(result.stdout, /\bpid\s*=\s*(\d+)/u);
 			if (pid !== void 0) return runningOrStopped(pid, {
 				stdout: result.stdout,
@@ -6273,7 +6294,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 			};
 		},
 		uninstall: async (config, paths) => {
-			const hasDescriptor = existsSync(paths.descriptorFile);
+			const hasDescriptor = existsSync(daemonHostPath(paths.descriptorFile));
 			if (!hasDescriptor && !config) return {
 				action: "uninstall",
 				native: notInstalled(),
@@ -6291,7 +6312,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 			]];
 			const result = await runner.exec(commands[0][0], commands[0].slice(1));
 			if (result.code !== 0 && !/No such process|not found|Could not find service|No such file or directory/iu.test(result.stderr)) throw new CapletsError("SERVER_UNAVAILABLE", `launchd unregister failed: ${result.stderr || result.stdout || result.code}`);
-			rmSync(paths.descriptorFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
 			return {
 				action: "uninstall",
 				native: notInstalled({
@@ -6304,7 +6325,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 		start: async (config) => launchdStartLifecycle(runner, domain, target, config.paths.descriptorFile),
 		restart: async (config) => launchdRestartLifecycle(runner, domain, target, config.paths.descriptorFile),
 		stop: async (config) => {
-			const command = config && existsSync(config.paths.descriptorFile) ? [
+			const command = config && existsSync(daemonHostPath(config.paths.descriptorFile)) ? [
 				"launchctl",
 				"bootout",
 				domain,
@@ -6329,7 +6350,7 @@ function systemdManager(runner, serviceAvailable = true) {
 		descriptor: buildSystemdDescriptor,
 		status: async (config, paths) => {
 			if (!serviceAvailable) return unavailable("systemd --user is not available.");
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const show = await runner.exec("systemctl", [
 				"--user",
 				"show",
@@ -6338,13 +6359,13 @@ function systemdManager(runner, serviceAvailable = true) {
 			if (show.code !== 0) {
 				const message = show.stderr || show.stdout || String(show.code);
 				if (isSystemdUnavailable(message)) return unavailable(`systemd --user is not available: ${message}`);
-				return existsSync(paths.descriptorFile) ? stopped({
+				return existsSync(daemonHostPath(paths.descriptorFile)) ? stopped({
 					stderr: show.stderr,
 					stdout: show.stdout
 				}) : notInstalled({ stderr: show.stderr });
 			}
 			const raw = parseSystemdShow(show.stdout);
-			if (!existsSync(paths.descriptorFile) && raw.LoadState === "not-found") return notInstalled({
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && raw.LoadState === "not-found") return notInstalled({
 				raw,
 				stderr: show.stderr
 			});
@@ -6410,7 +6431,7 @@ function systemdManager(runner, serviceAvailable = true) {
 			]];
 			await assertExecUnless(runner, commands[0], "systemd unregister failed", /not loaded|not found|No such file|does not exist/iu);
 			const descriptorBackup = backupPath(paths.descriptorFile);
-			rmSync(paths.descriptorFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
 			try {
 				await assertExec(runner, commands[1], "systemd unregister failed");
 			} catch (error) {
@@ -6433,7 +6454,7 @@ function windowsTaskManager(runner) {
 	return {
 		descriptor: buildWindowsTaskDescriptor,
 		status: async (config, paths) => {
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const result = await runner.exec("schtasks", [
 				"/Query",
 				"/TN",
@@ -6488,8 +6509,8 @@ function windowsTaskManager(runner) {
 				"/F"
 			];
 			await assertExecUnless(runner, command, "Scheduled Task unregister failed", /cannot find|does not exist|not found/iu);
-			rmSync(paths.descriptorFile, { force: true });
-			rmSync(paths.wrapperFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
+			rmSync(daemonHostPath(paths.wrapperFile), { force: true });
 			return {
 				action: "uninstall",
 				native: notInstalled(),
@@ -6561,19 +6582,21 @@ function unsupportedManager(platform) {
 	};
 }
 function writeDescriptor(descriptor) {
-	mkdirSync(dirname(descriptor.path), {
+	const descriptorPath = daemonHostPath(descriptor.path);
+	mkdirSync(dirname(descriptorPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(descriptor.path, descriptor.kind === "windows-scheduled-task" ? descriptor.xml : descriptor.contents, { mode: 384 });
-	chmodSync(descriptor.path, 384);
+	writeFileSync(descriptorPath, descriptor.kind === "windows-scheduled-task" ? descriptor.xml : descriptor.contents, { mode: 384 });
+	chmodSync(descriptorPath, 384);
 	if (descriptor.kind === "windows-scheduled-task") {
-		mkdirSync(dirname(descriptor.wrapper.path), {
+		const wrapperPath = daemonHostPath(descriptor.wrapper.path);
+		mkdirSync(dirname(wrapperPath), {
 			recursive: true,
 			mode: 448
 		});
-		writeFileSync(descriptor.wrapper.path, descriptor.wrapper.contents, { mode: 448 });
-		chmodSync(descriptor.wrapper.path, 448);
+		writeFileSync(wrapperPath, descriptor.wrapper.contents, { mode: 448 });
+		chmodSync(wrapperPath, 448);
 	}
 }
 async function writeDescriptorForInstall(descriptor, register, afterRestore) {
@@ -6593,23 +6616,27 @@ function backupDescriptorFiles(descriptor) {
 	return (descriptor.kind === "windows-scheduled-task" ? [descriptor.path, descriptor.wrapper.path] : [descriptor.path]).map(backupPath);
 }
 function backupPath(path) {
-	const existed = existsSync(path);
+	const hostPath = daemonHostPath(path);
+	const existed = existsSync(hostPath);
 	return {
 		path,
 		existed,
-		...existed ? { contents: readFileSync(path) } : {},
-		...existed ? { mode: statSync(path).mode & 511 } : {}
+		...existed ? { contents: readFileSync(hostPath) } : {},
+		...existed ? { mode: statSync(hostPath).mode & 511 } : {}
 	};
 }
 function restoreDescriptorFiles(backups) {
-	for (const backup of backups) if (backup.existed && backup.contents) {
-		mkdirSync(dirname(backup.path), {
-			recursive: true,
-			mode: 448
-		});
-		writeFileSync(backup.path, backup.contents, { mode: backup.mode ?? 384 });
-		chmodSync(backup.path, backup.mode ?? 384);
-	} else rmSync(backup.path, { force: true });
+	for (const backup of backups) {
+		const hostPath = daemonHostPath(backup.path);
+		if (backup.existed && backup.contents) {
+			mkdirSync(dirname(hostPath), {
+				recursive: true,
+				mode: 448
+			});
+			writeFileSync(hostPath, backup.contents, { mode: backup.mode ?? 384 });
+			chmodSync(hostPath, backup.mode ?? 384);
+		} else rmSync(hostPath, { force: true });
+	}
 }
 async function assertExec(runner, command, message) {
 	const result = await runner.exec(command[0], command.slice(1));
@@ -11470,6 +11497,12 @@ function randomPairingPart(bytes) {
 const DEFAULT_PAIRING_CODE_TTL_MS = 10 * 6e4;
 const DEFAULT_PAIRING_CODE_MAX_ATTEMPTS = 5;
 const DEFAULT_ACCESS_TOKEN_TTL_MS = 15 * 6e4;
+const DEFAULT_PENDING_OPERATOR_CODE_TTL_MS = 10 * 6e4;
+const DEFAULT_PENDING_FLOW_TTL_MS = 1440 * 6e4;
+const DEFAULT_PENDING_POLL_INTERVAL_SECONDS = 5;
+const DEFAULT_PENDING_MAX_ACTIVE_FLOWS = 64;
+const DEFAULT_PENDING_MAX_ACTIVE_FLOWS_PER_SOURCE = 8;
+const PENDING_TERMINAL_RETENTION_MS = 1440 * 6e4;
 const STALE_REFRESH_REVOKE_GRACE_MS = 3e4;
 const SUPERSEDED_REFRESH_TOKEN_RETENTION_MS = 1440 * 6e4;
 const STATE_FILE = "remote-server-credentials.json";
@@ -11481,6 +11514,199 @@ var RemoteServerCredentialStore = class {
 	constructor(options) {
 		this.dir = options.dir;
 	}
+	createPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const flowId = `rlogin_${randomToken(12)}`;
+			const operatorCode = `cap_login_${randomToken(5)}`;
+			const pendingRefreshSecret = `cap_pending_refresh_${randomToken(32)}`;
+			const pendingCompletionSecret = `cap_pending_complete_${randomToken(32)}`;
+			const codeExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_OPERATOR_CODE_TTL_MS).toISOString();
+			const flowExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_FLOW_TTL_MS).toISOString();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const clientLabel = boundedPendingLoginDisplayValue(input.clientLabel, PENDING_CLIENT_LABEL_MAX_LENGTH) ?? "Caplets Remote Client";
+			const clientFingerprint = boundedPendingLoginDisplayValue(input.clientFingerprint, PENDING_CLIENT_FINGERPRINT_MAX_LENGTH);
+			const sourceHint = boundedPendingLoginDisplayValue(input.sourceHint, PENDING_SOURCE_HINT_MAX_LENGTH);
+			enforcePendingLoginQuota(state, sourceHint);
+			state.pendingLogins.push({
+				flowId,
+				hostUrl: normalizeRemoteProfileHostUrl(input.hostUrl),
+				...input.hostIdentity ? { hostIdentity: input.hostIdentity } : {},
+				operatorCodeHash: hashSecret(operatorCode),
+				pendingRefreshHash: hashSecret(pendingRefreshSecret),
+				supersededPendingRefreshHashes: [],
+				pendingCompletionHash: hashSecret(pendingCompletionSecret),
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				clientLabel,
+				...clientFingerprint ? { clientFingerprint } : {},
+				...sourceHint ? { sourceHint } : {},
+				createdAt: now.toISOString(),
+				codeExpiresAt,
+				flowExpiresAt,
+				status: "pending"
+			});
+			this.saveState(state);
+			return {
+				flowId,
+				operatorCode,
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				pendingRefreshSecret,
+				pendingCompletionSecret,
+				codeExpiresAt,
+				flowExpiresAt,
+				intervalSeconds: DEFAULT_PENDING_POLL_INTERVAL_SECONDS
+			};
+		});
+	}
+	pollPendingLogin(input) {
+		const now = input.now ?? /* @__PURE__ */ new Date();
+		const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now);
+		return {
+			flowId: flow.flowId,
+			status: flow.status
+		};
+	}
+	refreshPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			const refreshHash = hashSecret(input.pendingRefreshSecret);
+			if (!safeHashEqual(refreshHash, flow.pendingRefreshHash)) {
+				if (flow.pendingRefreshReplay && safeHashEqual(refreshHash, flow.pendingRefreshReplay.refreshHash) && Date.parse(flow.pendingRefreshReplay.expiresAt) > now.getTime()) return decryptPendingRefreshReplay(flow.pendingRefreshReplay, input.pendingCompletionSecret);
+				if (flow.supersededPendingRefreshHashes.some((entry) => safeHashEqual(refreshHash, entry.hash))) throw new CapletsError("AUTH_FAILED", "Pending login refresh material is stale.");
+				throw new CapletsError("AUTH_FAILED", "Pending login refresh material is invalid.");
+			}
+			const operatorCode = `cap_login_${randomToken(5)}`;
+			const pendingRefreshSecret = `cap_pending_refresh_${randomToken(32)}`;
+			const codeExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_OPERATOR_CODE_TTL_MS).toISOString();
+			const response = {
+				flowId: flow.flowId,
+				operatorCode,
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				pendingRefreshSecret,
+				codeExpiresAt,
+				flowExpiresAt: flow.flowExpiresAt,
+				intervalSeconds: DEFAULT_PENDING_POLL_INTERVAL_SECONDS
+			};
+			flow.operatorCodeHash = hashSecret(operatorCode);
+			flow.operatorCodeFingerprint = response.operatorCodeFingerprint;
+			flow.supersededPendingRefreshHashes = pruneSupersededRefreshTokens(flow.supersededPendingRefreshHashes, now);
+			flow.pendingRefreshReplay = {
+				refreshHash: flow.pendingRefreshHash,
+				expiresAt: new Date(now.getTime() + STALE_REFRESH_REVOKE_GRACE_MS).toISOString(),
+				encryptedResponse: encryptReplayValue(response, input.pendingCompletionSecret, now)
+			};
+			flow.supersededPendingRefreshHashes.push({
+				hash: flow.pendingRefreshHash,
+				supersededAt: now.toISOString()
+			});
+			flow.supersededPendingRefreshHashes = capSupersededRefreshTokens(flow.supersededPendingRefreshHashes);
+			flow.pendingRefreshHash = hashSecret(pendingRefreshSecret);
+			flow.codeExpiresAt = codeExpiresAt;
+			this.saveState(state);
+			return response;
+		});
+	}
+	denyPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const operatorCodeHash = hashSecret(input.operatorCode);
+			const flow = state.pendingLogins.find((candidate) => safeHashEqual(operatorCodeHash, candidate.operatorCodeHash));
+			if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login code is unknown.");
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			if (Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+				flow.status = "expired";
+				this.saveState(state);
+				throw new CapletsError("AUTH_FAILED", "Pending login has expired.");
+			}
+			flow.status = "denied";
+			flow.deniedAt = now.toISOString();
+			this.saveState(state);
+			return {
+				flowId: flow.flowId,
+				status: "denied"
+			};
+		});
+	}
+	cancelPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.status !== "pending" && flow.status !== "approved") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			flow.status = "cancelled";
+			flow.cancelledAt = now.toISOString();
+			this.saveState(state);
+			return {
+				flowId: flow.flowId,
+				status: "cancelled"
+			};
+		});
+	}
+	approvePendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const operatorCodeHash = hashSecret(input.operatorCode);
+			const flow = state.pendingLogins.find((candidate) => safeHashEqual(operatorCodeHash, candidate.operatorCodeHash));
+			if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login code is unknown.");
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			if (Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+				flow.status = "expired";
+				this.saveState(state);
+				throw new CapletsError("AUTH_FAILED", "Pending login has expired.");
+			}
+			assertPendingOperatorCodeFresh(flow, now);
+			flow.status = "approved";
+			flow.approvedAt = now.toISOString();
+			this.saveState(state);
+			return pendingApprovalStatus(flow);
+		});
+	}
+	completePendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.hostUrl !== normalizeRemoteProfileHostUrl(input.hostUrl)) throw new CapletsError("AUTH_FAILED", "Pending login belongs to a different host.");
+			if (flow.status !== "approved") {
+				if (flow.status === "exchanged" && flow.completionReplay && Date.parse(flow.completionReplay.expiresAt) > now.getTime()) return decryptCompletionReplay(flow.completionReplay, input.pendingCompletionSecret);
+				throw new CapletsError("AUTH_FAILED", flow.status === "exchanged" ? "Pending login has already been exchanged." : `Pending login is ${flow.status}, not approved.`);
+			}
+			const accessToken = `cap_remote_access_${randomToken(32)}`;
+			const refreshToken = `cap_remote_refresh_${randomToken(32)}`;
+			const client = {
+				clientId: `rcli_${randomToken(12)}`,
+				clientLabel: flow.clientLabel,
+				hostUrl: flow.hostUrl,
+				accessTokenHash: hashSecret(accessToken),
+				accessExpiresAt: new Date(now.getTime() + DEFAULT_ACCESS_TOKEN_TTL_MS).toISOString(),
+				refreshTokenHash: hashSecret(refreshToken),
+				supersededRefreshTokenHashes: [],
+				refreshFamilyId: randomUUID(),
+				createdAt: now.toISOString()
+			};
+			state.clients.push(client);
+			flow.status = "exchanged";
+			flow.exchangedAt = now.toISOString();
+			const credentials = credentialsFromClient(client, accessToken, refreshToken);
+			flow.completionReplay = {
+				expiresAt: new Date(now.getTime() + STALE_REFRESH_REVOKE_GRACE_MS).toISOString(),
+				encryptedCredentials: encryptReplayValue(credentials, input.pendingCompletionSecret, now)
+			};
+			this.saveState(state);
+			return credentials;
+		});
+	}
 	createPairingCode(input) {
 		return this.withStateLock(() => {
 			const now = input.now ?? /* @__PURE__ */ new Date();
@@ -11545,6 +11771,13 @@ var RemoteServerCredentialStore = class {
 	listClients() {
 		return this.loadState().clients.map(clientStatus).sort((left, right) => left.createdAt.localeCompare(right.createdAt));
 	}
+	listPendingLogins(now = /* @__PURE__ */ new Date()) {
+		return this.withStateLock(() => {
+			const state = this.loadState();
+			if (cleanupPendingLogins(state, now)) this.saveState(state);
+			return state.pendingLogins.map(pendingLoginStatus).sort((left, right) => left.createdAt.localeCompare(right.createdAt));
+		});
+	}
 	revokeClient(clientId, now = /* @__PURE__ */ new Date()) {
 		return this.withStateLock(() => {
 			const state = this.loadState();
@@ -11580,7 +11813,7 @@ var RemoteServerCredentialStore = class {
 					const supersededAt = superseded ? Date.parse(superseded.supersededAt) : NaN;
 					if (Number.isFinite(supersededAt) && now.getTime() - supersededAt >= STALE_REFRESH_REVOKE_GRACE_MS) replayedClient.revokedAt = now.toISOString();
 					this.saveState(state);
-					throw new CapletsError("AUTH_FAILED", "Remote refresh credential is stale.");
+					throw new CapletsError("REMOTE_CREDENTIALS_REVOKED", "Remote refresh credential is stale.");
 				}
 				throw new CapletsError("AUTH_FAILED", "Remote refresh credential is invalid.");
 			}
@@ -11608,12 +11841,17 @@ var RemoteServerCredentialStore = class {
 		if (!existsSync(path)) return {
 			version: 1,
 			pairingCodes: [],
+			pendingLogins: [],
 			clients: []
 		};
 		const parsed = JSON.parse(readFileSync(path, "utf8"));
 		return {
 			version: 1,
 			pairingCodes: parsed.pairingCodes ?? [],
+			pendingLogins: (parsed.pendingLogins ?? []).map((pending) => ({
+				...pending,
+				supersededPendingRefreshHashes: parseSupersededRefreshTokens(pending.supersededPendingRefreshHashes)
+			})),
 			clients: (parsed.clients ?? []).map((client) => ({
 				...client,
 				supersededRefreshTokenHashes: parseSupersededRefreshTokens(client.supersededRefreshTokenHashes)
@@ -11683,6 +11921,13 @@ var RemoteServerCredentialStore = class {
 			return false;
 		}
 	}
+	pendingLoginForCompletion(flowId, pendingCompletionSecret, now, state = this.loadState()) {
+		const flow = state.pendingLogins.find((candidate) => candidate.flowId === flowId);
+		if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login is unknown.");
+		if (!safeHashEqual(hashSecret(pendingCompletionSecret), flow.pendingCompletionHash)) throw new CapletsError("AUTH_FAILED", "Pending login possession material is invalid.");
+		if (Date.parse(flow.flowExpiresAt) <= now.getTime() && isActivePendingLogin(flow)) flow.status = "expired";
+		return flow;
+	}
 };
 function sleepSync(ms) {
 	Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
@@ -11691,14 +11936,92 @@ function isFileExistsError(error) {
 	return typeof error === "object" && error !== null && "code" in error && error.code === "EEXIST";
 }
 function pruneSupersededRefreshTokens(entries, now) {
-	return entries.filter((entry) => {
+	return capSupersededRefreshTokens(entries.filter((entry) => {
 		const supersededAt = Date.parse(entry.supersededAt);
 		return Number.isFinite(supersededAt) && now.getTime() - supersededAt < SUPERSEDED_REFRESH_TOKEN_RETENTION_MS;
+	}));
+}
+function capSupersededRefreshTokens(entries) {
+	return entries.slice(-16);
+}
+function cleanupPendingLogins(state, now) {
+	let changed = false;
+	for (const flow of state.pendingLogins) if (isActivePendingLogin(flow) && Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+		flow.status = "expired";
+		changed = true;
+	}
+	const retained = state.pendingLogins.filter((flow) => shouldRetainPendingLogin(flow, now));
+	if (retained.length !== state.pendingLogins.length) changed = true;
+	state.pendingLogins = retained;
+	return changed;
+}
+function enforcePendingLoginQuota(state, sourceHint) {
+	const active = state.pendingLogins.filter(isActivePendingLogin);
+	if (active.length >= DEFAULT_PENDING_MAX_ACTIVE_FLOWS) throw new CapletsError("AUTH_FAILED", "Too many active pending logins.");
+	if (!sourceHint) return;
+	const sourceKey = sourceHint;
+	if (active.filter((flow) => (flow.sourceHint ?? "") === sourceKey).length >= DEFAULT_PENDING_MAX_ACTIVE_FLOWS_PER_SOURCE) throw new CapletsError("AUTH_FAILED", "Too many active pending logins for this source.");
+}
+function isActivePendingLogin(flow) {
+	return flow.status === "pending" || flow.status === "approved";
+}
+function shouldRetainPendingLogin(flow, now) {
+	if (isActivePendingLogin(flow)) return true;
+	const terminalAt = pendingLoginTerminalTime(flow);
+	return Number.isFinite(terminalAt) && now.getTime() - terminalAt < PENDING_TERMINAL_RETENTION_MS;
+}
+function pendingLoginTerminalTime(flow) {
+	switch (flow.status) {
+		case "denied": return Date.parse(flow.deniedAt ?? flow.flowExpiresAt);
+		case "cancelled": return Date.parse(flow.cancelledAt ?? flow.flowExpiresAt);
+		case "exchanged": return Date.parse(flow.exchangedAt ?? flow.flowExpiresAt);
+		case "expired": return Date.parse(flow.flowExpiresAt);
+		default: return NaN;
+	}
+}
+function assertPendingOperatorCodeFresh(flow, now) {
+	if (Date.parse(flow.codeExpiresAt) <= now.getTime()) throw new CapletsError("AUTH_FAILED", "Pending login code has expired. Refresh the pending login for a new code.");
+}
+function encryptReplayValue(value, pendingCompletionSecret, now) {
+	return encryptVaultValue({
+		plaintext: JSON.stringify(value),
+		key: replayEncryptionKey(pendingCompletionSecret),
+		now
 	});
 }
+function decryptPendingRefreshReplay(replay, pendingCompletionSecret) {
+	const parsed = JSON.parse(decryptVaultValue(replay.encryptedResponse, replayEncryptionKey(pendingCompletionSecret)));
+	if (typeof parsed.flowId !== "string" || typeof parsed.operatorCode !== "string" || typeof parsed.pendingRefreshSecret !== "string" || typeof parsed.codeExpiresAt !== "string" || typeof parsed.flowExpiresAt !== "string" || typeof parsed.intervalSeconds !== "number") throw new CapletsError("CONFIG_INVALID", "Pending login refresh replay record is malformed.");
+	return {
+		flowId: parsed.flowId,
+		operatorCode: parsed.operatorCode,
+		operatorCodeFingerprint: typeof parsed.operatorCodeFingerprint === "string" ? parsed.operatorCodeFingerprint : pendingOperatorCodeFingerprint(parsed.operatorCode),
+		pendingRefreshSecret: parsed.pendingRefreshSecret,
+		codeExpiresAt: parsed.codeExpiresAt,
+		flowExpiresAt: parsed.flowExpiresAt,
+		intervalSeconds: parsed.intervalSeconds
+	};
+}
+function decryptCompletionReplay(replay, pendingCompletionSecret) {
+	const parsed = JSON.parse(decryptVaultValue(replay.encryptedCredentials, replayEncryptionKey(pendingCompletionSecret)));
+	if (typeof parsed.clientId !== "string" || typeof parsed.clientLabel !== "string" || typeof parsed.hostUrl !== "string" || typeof parsed.accessToken !== "string" || typeof parsed.refreshToken !== "string" || typeof parsed.expiresAt !== "string" || typeof parsed.createdAt !== "string" || parsed.tokenType !== "Bearer") throw new CapletsError("CONFIG_INVALID", "Pending login completion replay record is malformed.");
+	return {
+		clientId: parsed.clientId,
+		clientLabel: parsed.clientLabel,
+		hostUrl: parsed.hostUrl,
+		accessToken: parsed.accessToken,
+		refreshToken: parsed.refreshToken,
+		expiresAt: parsed.expiresAt,
+		createdAt: parsed.createdAt,
+		tokenType: "Bearer"
+	};
+}
+function replayEncryptionKey(pendingCompletionSecret) {
+	return createHash("sha256").update(`caplets-pending-login-replay:${pendingCompletionSecret}`).digest();
+}
 function validateClient(client, hostUrl, now, options = {}) {
 	if (client.hostUrl !== hostUrl) throw new CapletsError("AUTH_FAILED", "Remote client credential is for a different host.");
-	if (client.revokedAt) throw new CapletsError("AUTH_FAILED", "Remote client credential has been revoked.");
+	if (client.revokedAt) throw new CapletsError("REMOTE_CREDENTIALS_REVOKED", "Remote client credential has been revoked.");
 	if (!options.allowExpiredAccess && Date.parse(client.accessExpiresAt) <= now.getTime()) throw new CapletsError("AUTH_FAILED", "Remote client credential has expired.");
 }
 function credentialsFromClient(client, accessToken, refreshToken) {
@@ -11723,9 +12046,48 @@ function clientStatus(client) {
 		...client.revokedAt ? { revokedAt: client.revokedAt } : {}
 	};
 }
+function pendingLoginStatus(flow) {
+	return {
+		flowId: flow.flowId,
+		hostUrl: flow.hostUrl,
+		...flow.hostIdentity ? { hostIdentity: flow.hostIdentity } : {},
+		status: flow.status,
+		...flow.operatorCodeFingerprint ? { operatorCodeFingerprint: flow.operatorCodeFingerprint } : {},
+		clientLabel: flow.clientLabel,
+		...flow.clientFingerprint ? { clientFingerprint: flow.clientFingerprint } : {},
+		...flow.sourceHint ? { sourceHint: flow.sourceHint } : {},
+		createdAt: flow.createdAt,
+		codeExpiresAt: flow.codeExpiresAt,
+		flowExpiresAt: flow.flowExpiresAt,
+		...flow.approvedAt ? { approvedAt: flow.approvedAt } : {},
+		...flow.deniedAt ? { deniedAt: flow.deniedAt } : {},
+		...flow.cancelledAt ? { cancelledAt: flow.cancelledAt } : {},
+		...flow.exchangedAt ? { exchangedAt: flow.exchangedAt } : {}
+	};
+}
+function pendingApprovalStatus(flow) {
+	return {
+		flowId: flow.flowId,
+		status: "approved",
+		clientLabel: flow.clientLabel,
+		...flow.clientFingerprint ? { clientFingerprint: flow.clientFingerprint } : {},
+		...flow.sourceHint ? { sourceHint: flow.sourceHint } : {}
+	};
+}
 function hashSecret(secret) {
 	return createHash("sha256").update(secret).digest("base64url");
 }
+const PENDING_CLIENT_LABEL_MAX_LENGTH = 120;
+const PENDING_CLIENT_FINGERPRINT_MAX_LENGTH = 256;
+const PENDING_SOURCE_HINT_MAX_LENGTH = 256;
+function boundedPendingLoginDisplayValue(value, maxLength) {
+	const trimmed = value?.trim();
+	if (!trimmed) return void 0;
+	return trimmed.length > maxLength ? trimmed.slice(0, maxLength) : trimmed;
+}
+function pendingOperatorCodeFingerprint(operatorCode) {
+	return hashSecret(operatorCode).slice(0, 8);
+}
 function safeHashEqual(left, right) {
 	const leftBuffer = Buffer$1.from(left);
 	const rightBuffer = Buffer$1.from(right);
@@ -11758,41 +12120,95 @@ function createHttpServeApp(options, engine, io = {}) {
 	const remoteCredentialStore = remoteCredentialStoreForOptions(options, io.remoteCredentialStore);
 	if (options.auth.type === "remote_credentials" && options.trustProxy === true && options.publicOrigin === void 0) throw new CapletsError("REQUEST_INVALID", "Remote credential auth with --trust-proxy requires CAPLETS_SERVER_URL.");
 	const protectedRouteAuth = routeAuth(options, remoteCredentialStore, paths.base);
+	const attachHostProtection = dnsRebindingProtection(options);
 	app.use("*", logger((message, ...rest) => {
 		writeErr(`${[message, ...rest].join(" ")}\n`);
 	}));
-	app.get(paths.base, (c) => c.json({
-		name: "caplets",
-		transport: "http",
-		base: paths.base,
-		versions: [versionDiscovery(paths, exposeAttach)],
-		auth: { type: options.auth.type }
-	}));
-	app.get(paths.version, (c) => c.json(versionDiscovery(paths, exposeAttach)));
+	app.get(paths.base, (c) => {
+		const remote = remoteCredentialStore ? remoteHostMetadata(c.req.url, paths.base, options, (name) => c.req.header(name)) : void 0;
+		return c.json({
+			name: "caplets",
+			transport: "http",
+			base: paths.base,
+			versions: [versionDiscovery(paths, exposeAttach, remote)],
+			auth: { type: options.auth.type },
+			...remote ? { remote } : {}
+		});
+	});
+	app.get(paths.version, (c) => {
+		const remote = remoteCredentialStore ? remoteHostMetadata(c.req.url, paths.base, options, (name) => c.req.header(name)) : void 0;
+		return c.json(versionDiscovery(paths, exposeAttach, remote));
+	});
 	app.get(paths.health, (c) => c.json({ status: "ok" }));
 	if (remoteCredentialStore) {
-		app.post(paths.pairingExchange, async (c) => {
+		app.post(paths.remoteLoginStart, attachHostProtection, async (c) => {
 			try {
-				const parsed = await parseJsonObject(c.req.json(), "Pairing exchange request");
-				const code = stringField(parsed, "code");
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login start request");
 				const clientLabel = optionalStringField(parsed, "clientLabel");
-				const credentials = remoteCredentialStore.exchangePairingCode({
-					hostUrl: remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name)),
-					code,
-					...clientLabel ? { clientLabel } : {}
+				const clientFingerprint = optionalStringField(parsed, "clientFingerprint");
+				const hostUrl = remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name));
+				const pending = remoteCredentialStore.createPendingLogin({
+					hostUrl,
+					hostIdentity: hostUrl,
+					...clientLabel ? { clientLabel } : {},
+					...remoteCredentialSourceHint(options.trustProxy, (name) => c.req.header(name)),
+					...clientFingerprint ? { clientFingerprint } : {}
 				});
-				return c.json({
-					clientId: credentials.clientId,
-					clientLabel: credentials.clientLabel,
-					accessToken: credentials.accessToken,
-					refreshToken: credentials.refreshToken,
-					tokenType: credentials.tokenType,
-					expiresAt: credentials.expiresAt
+				return c.json(pending);
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginPoll, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login poll request");
+				return c.json(remoteCredentialStore.pollPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginRefresh, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login refresh request");
+				return c.json(remoteCredentialStore.refreshPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingRefreshSecret: stringField(parsed, "pendingRefreshSecret"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginComplete, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login complete request");
+				const credentials = remoteCredentialStore.completePendingLogin({
+					hostUrl: remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name)),
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
 				});
+				return c.json(credentials);
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginCancel, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login cancel request");
+				return c.json(remoteCredentialStore.cancelPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
 			} catch (error) {
 				return remoteCredentialErrorResponse(error);
 			}
 		});
+		app.post(paths.pairingExchange, async (_c) => {
+			return remoteCredentialErrorResponse(legacyPairingCodeUnsupportedError());
+		});
 		app.post(paths.remoteRefresh, async (c) => {
 			try {
 				const refreshToken = stringField(await parseJsonObject(c.req.json(), "Remote refresh request"), "refreshToken");
@@ -11855,7 +12271,6 @@ function createHttpServeApp(options, engine, io = {}) {
 		sessions.set(nextSessionId, session);
 		return session.transport.handleRequest(c);
 	});
-	const attachHostProtection = dnsRebindingProtection(options);
 	if (exposeAttach) {
 		app.get(paths.attachManifest, attachHostProtection, protectedRouteAuth, async (c) => {
 			const attachProjection = await buildAttachProjection(engine);
@@ -11970,13 +12385,26 @@ function remoteCredentialHostUrl(requestUrl, basePath, publicOrigin, trustProxy,
 	if (trustProxy && !publicOrigin) throw new CapletsError("REQUEST_INVALID", "Remote credential auth with --trust-proxy requires CAPLETS_SERVER_URL.");
 	return publicHostUrl(requestUrl, basePath, publicOrigin, trustProxy, header);
 }
+function remoteCredentialSourceHint(trustProxy, header) {
+	if (!trustProxy) return {};
+	const sourceHint = firstForwardedValue(header("x-forwarded-for")) ?? firstForwardedValue(header("x-real-ip")) ?? firstForwardedValue(header("cf-connecting-ip"));
+	return sourceHint ? { sourceHint } : {};
+}
 function firstForwardedValue(value) {
 	return value?.split(",", 1)[0]?.trim() || void 0;
 }
-function versionDiscovery(paths, exposeAttach = true) {
+function remoteHostMetadata(requestUrl, basePath, options, header) {
+	const audience = remoteCredentialHostUrl(requestUrl, basePath, options.publicOrigin, options.trustProxy, header);
+	return {
+		hostIdentity: audience,
+		audience
+	};
+}
+function versionDiscovery(paths, exposeAttach = true, remote) {
 	return {
 		version: 1,
 		path: paths.version,
+		...remote ? { remote } : {},
 		links: {
 			mcp: paths.mcp,
 			admin: paths.control,
@@ -12126,6 +12554,11 @@ function servicePaths(base) {
 		attachInvoke: routePath(attach, "invoke"),
 		projectBindings: routePath(attach, "project-bindings"),
 		pairingExchange: routePath(remote, "pairing/exchange"),
+		remoteLoginStart: routePath(remote, "login/start"),
+		remoteLoginPoll: routePath(remote, "login/poll"),
+		remoteLoginRefresh: routePath(remote, "login/refresh"),
+		remoteLoginComplete: routePath(remote, "login/complete"),
+		remoteLoginCancel: routePath(remote, "login/cancel"),
 		remoteRefresh: routePath(remote, "refresh"),
 		remoteClient: routePath(remote, "client"),
 		health: routePath(version, "healthz")
@@ -12210,6 +12643,9 @@ function remoteCredentialErrorResponse(error) {
 		error: safe
 	}, { status });
 }
+function legacyPairingCodeUnsupportedError() {
+	return new CapletsError("REQUEST_INVALID", "Self-hosted Pairing Code exchange is no longer supported. Run caplets remote login <url> and approve the pending login from the host.");
+}
 function dnsRebindingProtection(options) {
 	if (!options.loopback) return async (_c, next) => {
 		await next();
@@ -12438,7 +12874,7 @@ async function installDaemon(install = {}, options = {}) {
 		"write-descriptor",
 		"register-service"
 	];
-	const existingNative = persisted || existsSync(paths.descriptorFile) ? await manager.status(persisted, paths) : void 0;
+	const existingNative = persisted || existsSync(daemonHostPath(paths.descriptorFile)) ? await manager.status(persisted, paths) : void 0;
 	const restartDecisionRequired = existingNative?.running === true && !install.start && !install.restart && !install.noRestart;
 	if (restartDecisionRequired && !install.dryRun && (!options.isInteractive || !options.readPrompt)) throw new CapletsError("REQUEST_INVALID", "Daemon is already running; rerun with --restart, --start, or --no-restart.");
 	if (install.dryRun) return {
@@ -12459,13 +12895,13 @@ async function installDaemon(install = {}, options = {}) {
 		});
 		assertDaemonHealth(validation, "Daemon install validation");
 	}
-	mkdirSync(paths.logDir, {
+	mkdirSync(daemonHostPath(paths.logDir), {
 		recursive: true,
 		mode: 448
 	});
 	ensureDaemonLogFiles(paths);
 	const persistenceBackups = backupPersistenceFiles([paths.configFile, paths.stateFile]);
-	const hadExistingDescriptor = existsSync(paths.descriptorFile);
+	const hadExistingDescriptor = existsSync(daemonHostPath(paths.descriptorFile));
 	let native;
 	try {
 		writeDaemonConfig(paths, config);
@@ -12615,11 +13051,11 @@ async function uninstallDaemon(uninstall = {}, options = {}) {
 	if (uninstall.purge) {
 		removeDaemonConfig(paths);
 		removeDaemonState(paths);
-		rmSync(paths.logDir, {
+		rmSync(daemonHostPath(paths.logDir), {
 			recursive: true,
 			force: true
 		});
-		rmSync(dirname(paths.configFile), {
+		rmSync(dirname(daemonHostPath(paths.configFile)), {
 			recursive: true,
 			force: true
 		});
@@ -12859,25 +13295,32 @@ function mergeServeOptions(existing, install) {
 	};
 }
 function backupPersistenceFiles(paths) {
-	return paths.map((path) => ({
-		path,
-		existed: existsSync(path),
-		...existsSync(path) ? { contents: readFileSync(path) } : {},
-		...existsSync(path) ? { mode: statSync(path).mode & 511 } : {}
-	}));
+	return paths.map((path) => {
+		const hostPath = daemonHostPath(path);
+		const existed = existsSync(hostPath);
+		return {
+			path,
+			existed,
+			...existed ? { contents: readFileSync(hostPath) } : {},
+			...existed ? { mode: statSync(hostPath).mode & 511 } : {}
+		};
+	});
 }
 function restorePersistenceFiles(backups) {
-	for (const backup of backups) if (backup.existed && backup.contents) {
-		mkdirSync(dirname(backup.path), {
+	for (const backup of backups) {
+		const hostPath = daemonHostPath(backup.path);
+		if (backup.existed && backup.contents) {
+			mkdirSync(dirname(hostPath), {
+				recursive: true,
+				mode: 448
+			});
+			writeFileSync(hostPath, backup.contents, { mode: backup.mode ?? 384 });
+			chmodSync(hostPath, backup.mode ?? 384);
+		} else rmSync(hostPath, {
 			recursive: true,
-			mode: 448
+			force: true
 		});
-		writeFileSync(backup.path, backup.contents, { mode: backup.mode ?? 384 });
-		chmodSync(backup.path, backup.mode ?? 384);
-	} else rmSync(backup.path, {
-		recursive: true,
-		force: true
-	});
+	}
 }
 async function rollbackNativeInstall(manager, persisted, paths, hadExistingDescriptor) {
 	try {
@@ -13965,11 +14408,7 @@ function remoteSetupDefinition(id, options) {
 			type: "command",
 			label: "Add remote-backed Caplets MCP server to Codex",
 			command: "codex",
-			args: codexMcpAddArgs([
-				"attach",
-				"--remote-url",
-				serverUrl
-			])
+			args: codexMcpAddArgs(["attach", serverUrl])
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "In Codex, run /mcp to confirm the caplets server is connected."]
 	};
@@ -13979,11 +14418,7 @@ function remoteSetupDefinition(id, options) {
 			type: "command",
 			label: "Add remote-backed Caplets MCP server to Claude Code",
 			command: "claude",
-			args: claudeMcpAddArgs([
-				"attach",
-				"--remote-url",
-				serverUrl
-			])
+			args: claudeMcpAddArgs(["attach", serverUrl])
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "In Claude Code, run /mcp to confirm the caplets server is connected."]
 	};
@@ -13996,11 +14431,7 @@ function remoteSetupDefinition(id, options) {
 			path: options.output,
 			content: `${JSON.stringify({ mcpServers: { caplets: {
 				command: "caplets",
-				args: [
-					"attach",
-					"--remote-url",
-					serverUrl
-				]
+				args: ["attach", serverUrl]
 			} } }, null, 2)}\n`
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "Import the written MCP config into your MCP client."]
@@ -14938,12 +15369,17 @@ function addServeMigrationCommand(parent, name, replacement) {
 function collectValues(value, previous) {
 	return [...previous, value];
 }
+const HIDDEN_INPUT_PROMPT_LABELS = { vaultValue: "Value: " };
 function remoteProfileStore(authDir, env) {
 	return createRemoteProfileStore({
 		authDir,
 		env
 	});
 }
+function attachRemoteUrlFromArgs(positionalUrl, legacyRemoteUrl) {
+	if (positionalUrl && legacyRemoteUrl && positionalUrl !== legacyRemoteUrl) throw new CapletsError("REQUEST_INVALID", "Pass either attach URL or --remote-url, not both. Use caplets attach <url> for new configs.");
+	return positionalUrl ?? legacyRemoteUrl;
+}
 function remoteServerCredentialStore(statePath, env) {
 	return new RemoteServerCredentialStore({ dir: statePath ?? env.CAPLETS_REMOTE_SERVER_STATE_DIR ?? join(DEFAULT_AUTH_DIR, "remote-server") });
 }
@@ -15032,40 +15468,33 @@ async function loginCloudRemoteProfile(url, options, store, io) {
 		}
 	});
 }
-async function pairingCodeFromOptions(options, readStdin, writeErr) {
-	if (options.code?.trim()) {
-		writeErr("Warning: --code may store the Pairing Code in shell history; prefer the hidden prompt or --code-stdin for automation.\n");
-		return options.code.trim();
-	}
-	if (options.codeStdin) {
-		const code = (readStdin ? await readStdin() : await readAllStdin()).trim();
-		if (code) return code;
-		throw new CapletsError("REQUEST_INVALID", "Pairing Code is required when --code-stdin is used.");
-	}
-	const output = new HiddenPromptOutput(process.stdout);
+async function readHiddenInput(label, options = {}) {
+	const input = options.input ?? process.stdin;
+	const output = options.output ?? process.stdout;
+	output.write(label);
 	const readline = createInterface({
-		input: process.stdin,
-		output,
+		input,
+		output: new HiddenPromptOutput(output, { echoFirstChunk: false }),
 		terminal: true
 	});
 	try {
-		const code = (await readline.question("Pairing Code: ")).trim();
-		if (code) return code;
+		return await readline.question("");
 	} finally {
 		readline.close();
-		process.stdout.write("\n");
+		output.write("\n");
 	}
-	throw new CapletsError("REQUEST_INVALID", "Pairing Code is required for self-hosted Remote Login.");
 }
 var HiddenPromptOutput = class extends Writable {
 	output;
+	options;
 	wrotePrompt = false;
-	constructor(output) {
+	constructor(output, options = { echoFirstChunk: true }) {
 		super();
 		this.output = output;
+		this.options = options;
 	}
 	_write(chunk, _encoding, callback) {
-		if (!this.wrotePrompt) {
+		if (this.options.echoFirstChunk !== false && !this.wrotePrompt) {
 			this.output.write(chunk);
 			this.wrotePrompt = true;
 		}
@@ -15083,6 +15512,7 @@ async function parseRemoteLoginCredentials(response) {
 	const record = parsed;
 	if (typeof record.clientId !== "string" || typeof record.accessToken !== "string" || typeof record.refreshToken !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Remote Login response is missing credentials.");
 	return {
+		...typeof record.hostUrl === "string" ? { hostUrl: record.hostUrl } : {},
 		clientId: record.clientId,
 		clientLabel: typeof record.clientLabel === "string" ? record.clientLabel : "Caplets CLI",
 		accessToken: record.accessToken,
@@ -15091,6 +15521,170 @@ async function parseRemoteLoginCredentials(response) {
 		...typeof record.expiresAt === "string" ? { expiresAt: record.expiresAt } : {}
 	};
 }
+async function parsePendingRemoteLoginStart(response, options = {}) {
+	const parsed = await response.json();
+	if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response must be an object.");
+	const record = parsed;
+	if (typeof record.flowId !== "string" || typeof record.operatorCode !== "string" || typeof record.pendingRefreshSecret !== "string" || typeof record.codeExpiresAt !== "string" || typeof record.flowExpiresAt !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response is missing pending material.");
+	const pendingCompletionSecret = typeof record.pendingCompletionSecret === "string" ? record.pendingCompletionSecret : options.pendingCompletionSecret;
+	if (!pendingCompletionSecret) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response is missing completion material.");
+	return {
+		flowId: record.flowId,
+		operatorCode: record.operatorCode,
+		...typeof record.operatorCodeFingerprint === "string" ? { operatorCodeFingerprint: record.operatorCodeFingerprint } : {},
+		pendingRefreshSecret: record.pendingRefreshSecret,
+		pendingCompletionSecret,
+		codeExpiresAt: record.codeExpiresAt,
+		flowExpiresAt: record.flowExpiresAt,
+		intervalSeconds: typeof record.intervalSeconds === "number" ? record.intervalSeconds : 5
+	};
+}
+async function parsePendingRemoteLoginStatus(response) {
+	const parsed = await response.json();
+	if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login status response must be an object.");
+	const status = parsed.status;
+	if (typeof status !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login status response is missing status.");
+	return status;
+}
+async function selfHostedPendingRemoteLogin(url, input) {
+	const fetchImpl = input.fetch ?? fetch;
+	const baseUrl = new URL(normalizeRemoteProfileHostUrl(url));
+	const startBody = input.clientLabel ? { clientLabel: input.clientLabel } : {};
+	const start = await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/start"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify(startBody)
+	});
+	if (!start.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending start failed.");
+	let pending = await parsePendingRemoteLoginStart(start);
+	if (input.json) input.writeOut(`${JSON.stringify({
+		code: "pending_login_started",
+		flowId: pending.flowId,
+		operatorCode: pending.operatorCode,
+		operatorCodeFingerprint: pending.operatorCodeFingerprint,
+		codeExpiresAt: pending.codeExpiresAt,
+		flowExpiresAt: pending.flowExpiresAt
+	})}\n`);
+	else {
+		input.writeOut(`Remote Login Code: ${pending.operatorCode}\n`);
+		if (pending.operatorCodeFingerprint) input.writeOut(`Code fingerprint: ${pending.operatorCodeFingerprint}\n`);
+		input.writeOut(`Approve from the host with caplets remote host approve ${pending.operatorCode} --yes\n`);
+	}
+	const intervalMs = numberEnv(input.env.CAPLETS_REMOTE_LOGIN_POLL_INTERVAL_MS, pending.intervalSeconds * 1e3);
+	try {
+		while (true) {
+			const poll = await fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending, input.signal);
+			if (!poll.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending poll failed.");
+			const status = await parsePendingRemoteLoginStatus(poll);
+			if (status === "approved") {
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: "pending_login_approved",
+					flowId: pending.flowId
+				})}\n`);
+				break;
+			}
+			if (status !== "pending") {
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: `pending_login_${status}`,
+					flowId: pending.flowId
+				})}\n`);
+				throw new CapletsError("AUTH_FAILED", `Remote Login pending flow ${status}.`);
+			}
+			if (Date.parse(pending.codeExpiresAt) <= Date.now()) {
+				const refresh = await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/refresh"), {
+					method: "POST",
+					headers: { "content-type": "application/json" },
+					body: JSON.stringify({
+						flowId: pending.flowId,
+						pendingRefreshSecret: pending.pendingRefreshSecret,
+						pendingCompletionSecret: pending.pendingCompletionSecret
+					}),
+					...input.signal ? { signal: input.signal } : {}
+				});
+				if (!refresh.ok) {
+					const retryPoll = await fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending);
+					if (retryPoll.ok && await parsePendingRemoteLoginStatus(retryPoll) === "approved") {
+						if (input.json) input.writeOut(`${JSON.stringify({
+							code: "pending_login_approved",
+							flowId: pending.flowId
+						})}\n`);
+						break;
+					}
+					throw new CapletsError("AUTH_FAILED", "Remote Login pending refresh failed.");
+				}
+				pending = await parsePendingRemoteLoginStart(refresh, { pendingCompletionSecret: pending.pendingCompletionSecret });
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: "pending_login_code_refreshed",
+					flowId: pending.flowId,
+					operatorCode: pending.operatorCode,
+					operatorCodeFingerprint: pending.operatorCodeFingerprint,
+					codeExpiresAt: pending.codeExpiresAt,
+					flowExpiresAt: pending.flowExpiresAt
+				})}\n`);
+				else {
+					input.writeOut(`Remote Login Code refreshed: ${pending.operatorCode}\n`);
+					if (pending.operatorCodeFingerprint) input.writeOut(`Code fingerprint: ${pending.operatorCodeFingerprint}\n`);
+				}
+			}
+			await sleep(intervalMs, input.signal);
+		}
+		const complete = await completePendingRemoteLogin(fetchImpl, baseUrl, pending, input.signal);
+		if (!complete.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending complete failed.");
+		return parseRemoteLoginCredentials(complete);
+	} catch (error) {
+		if (input.signal?.aborted || isAbortError(error)) {
+			await cancelPendingRemoteLogin(fetchImpl, baseUrl, pending);
+			if (input.json) input.writeOut(`${JSON.stringify({
+				code: "pending_login_cancelled",
+				flowId: pending.flowId
+			})}\n`);
+			throw new CapletsError("REQUEST_INVALID", "Remote Login pending flow cancelled.");
+		}
+		throw error;
+	}
+}
+async function completePendingRemoteLogin(fetchImpl, baseUrl, pending, signal) {
+	try {
+		return await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/complete"), pendingRemoteLoginCompletionRequest(pending, signal));
+	} catch {
+		return fetchImpl(appendBasePath(baseUrl, "v1/remote/login/complete"), pendingRemoteLoginCompletionRequest(pending));
+	}
+}
+function pendingRemoteLoginCompletionRequest(pending, signal) {
+	return {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		}),
+		...signal ? { signal } : {}
+	};
+}
+async function fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending, signal) {
+	return fetchImpl(appendBasePath(baseUrl, "v1/remote/login/poll"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		}),
+		...signal ? { signal } : {}
+	});
+}
+async function cancelPendingRemoteLogin(fetchImpl, baseUrl, pending) {
+	await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/cancel"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		})
+	}).catch(() => void 0);
+}
+function isAbortError(error) {
+	return error instanceof Error && error.name === "AbortError" || typeof DOMException !== "undefined" && error instanceof DOMException && error.name === "AbortError";
+}
 async function revokeSelfHostedRemoteClient(remoteUrl, accessToken, fetchImpl = fetch) {
 	await fetchImpl(appendBasePath(new URL(normalizeRemoteProfileHostUrl(remoteUrl)), "v1/remote/client"), {
 		method: "DELETE",
@@ -15172,9 +15766,35 @@ function createSetupPromptHandle(io, writeOut) {
 		close: () => readline.close()
 	};
 }
-async function sleep(ms) {
-	if (ms <= 0) return;
-	await new Promise((resolve) => setTimeout(resolve, ms));
+async function sleep(ms, signal) {
+	if (ms <= 0 || signal?.aborted) return;
+	await new Promise((resolve) => {
+		const timeout = setTimeout(done, ms);
+		const abort = () => done();
+		function done() {
+			clearTimeout(timeout);
+			signal?.removeEventListener("abort", abort);
+			resolve();
+		}
+		signal?.addEventListener("abort", abort, { once: true });
+	});
+}
+function cliInterruptSignal(existing) {
+	if (existing) return {
+		signal: existing,
+		dispose: () => {}
+	};
+	const controller = new AbortController();
+	const abort = () => controller.abort();
+	process.once("SIGINT", abort);
+	process.once("SIGTERM", abort);
+	return {
+		signal: controller.signal,
+		dispose: () => {
+			process.off("SIGINT", abort);
+			process.off("SIGTERM", abort);
+		}
+	};
 }
 function createProgram(io = {}) {
 	const writeOut = io.writeOut ?? ((value) => process.stdout.write(value));
@@ -15403,10 +16023,12 @@ function createProgram(io = {}) {
 		}
 		for (const entry of result.entries) writeOut(stream === "all" ? `[${entry.stream}] ${entry.line}\n` : `${entry.line}\n`);
 	});
-	program.command(cliCommands$1.attach).description("Start a remote-backed Caplets MCP server.").option("--transport <transport>", "server transport: stdio or http").option("--host <host>", "HTTP bind host").option("--port <port>", "HTTP bind port").option("--path <path>", "HTTP service base path").option("--remote-url <url>", "remote Caplets service base URL").option("--workspace <workspace>", "hosted Cloud workspace ID or slug").option("--allow-unauthenticated-http", "allow unauthenticated HTTP serving on non-loopback hosts").option("--trust-proxy", "trust X-Forwarded-* headers from a reverse proxy").option("--json", "print JSON status events").option("--verbose", "print detailed attach diagnostics").option("--once", "validate Project Binding once and exit").option("--project-root <path>", "test-only project root override").action(async (options) => {
+	program.command(cliCommands$1.attach).description("Start a remote-backed Caplets MCP server.").argument("[url]", "remote Caplets service base URL").option("--transport <transport>", "server transport: stdio or http").option("--host <host>", "HTTP bind host").option("--port <port>", "HTTP bind port").option("--path <path>", "HTTP service base path").addOption(new Option("--remote-url <url>", "legacy alias for the remote Caplets service base URL").hideHelp()).option("--workspace <workspace>", "hosted Cloud workspace ID or slug").option("--allow-unauthenticated-http", "allow unauthenticated HTTP serving on non-loopback hosts").option("--trust-proxy", "trust X-Forwarded-* headers from a reverse proxy").option("--json", "print JSON status events").option("--verbose", "print detailed attach diagnostics").option("--once", "validate Project Binding once and exit").option("--project-root <path>", "test-only project root override").action(async (url, options) => {
 		try {
+			const remoteUrl = attachRemoteUrlFromArgs(url, options.remoteUrl);
 			const attachOptions = {
 				...options,
+				...remoteUrl ? { remoteUrl } : {},
 				...io.fetch ? { fetch: io.fetch } : {},
 				...io.authDir ? { authDir: io.authDir } : {}
 			};
@@ -15461,7 +16083,7 @@ function createProgram(io = {}) {
 		}
 	});
 	const remote = program.command(cliCommands$1.remote).description("Manage Caplets Remote Login.");
-	remote.command("login").description("Log this machine into a Caplets host.").argument("<url>", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug to select").option("--client-label <label>", "client label for this machine").option("--device-name <name>", "Cloud device label for this machine").option("--code <code>", "Pairing Code for explicit noninteractive self-hosted login").option("--code-stdin", "read the Pairing Code from stdin").option("--no-open", "print the Cloud login URL without opening a browser").option("--json", "print JSON output").action(async (url, options) => {
+	remote.command("login").description("Log this machine into a Caplets host.").argument("<url>", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug to select").option("--client-label <label>", "client label for this machine").option("--device-name <name>", "Cloud device label for this machine").addOption(new Option("--code <code>", "legacy Pairing Code input").hideHelp()).addOption(new Option("--code-stdin", "legacy Pairing Code stdin input").hideHelp()).option("--no-open", "print the Cloud login URL without opening a browser").option("--json", "print JSON output").action(async (url, options) => {
 		const store = remoteProfileStore(io.authDir, env);
 		if (isCapletsCloudUrl(url)) {
 			writeRemoteStatus(await loginCloudRemoteProfile(url, options, store, {
@@ -15471,20 +16093,24 @@ function createProgram(io = {}) {
 			}), options.json === true, writeOut);
 			return;
 		}
-		const code = await pairingCodeFromOptions(options, io.readStdin, writeErr);
-		const exchangeUrl = appendBasePath(new URL(normalizeRemoteProfileHostUrl(url)), "v1/remote/pairing/exchange");
-		const response = await (io.fetch ?? fetch)(exchangeUrl, {
-			method: "POST",
-			headers: { "content-type": "application/json" },
-			body: JSON.stringify({
-				code,
-				...options.clientLabel ? { clientLabel: options.clientLabel } : {}
-			})
-		});
-		if (!response.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pairing exchange failed.");
-		const credentials = await parseRemoteLoginCredentials(response);
-		writeRemoteStatus(await store.saveSelfHostedProfile({
+		if (options.code?.trim() || options.codeStdin) throw new CapletsError("REQUEST_INVALID", `Self-hosted Remote Login no longer accepts Pairing Codes. Run caplets remote login ${normalizeRemoteProfileHostUrl(url)} without --code and approve the pending login from the host.`);
+		const interrupt = cliInterruptSignal(io.signal);
+		let credentials;
+		try {
+			credentials = await selfHostedPendingRemoteLogin(url, {
+				...options.clientLabel ? { clientLabel: options.clientLabel } : {},
+				json: options.json,
+				...io.fetch ? { fetch: io.fetch } : {},
+				...interrupt.signal ? { signal: interrupt.signal } : {},
+				writeOut,
+				env
+			});
+		} finally {
+			interrupt.dispose();
+		}
+		const status = await store.saveSelfHostedProfile({
 			hostUrl: url,
+			hostIdentity: normalizeRemoteProfileHostUrl(credentials.hostUrl ?? url),
 			clientId: credentials.clientId,
 			clientLabel: credentials.clientLabel,
 			credentials: {
@@ -15493,7 +16119,12 @@ function createProgram(io = {}) {
 				tokenType: credentials.tokenType,
 				expiresAt: credentials.expiresAt
 			}
-		}), options.json === true, writeOut);
+		});
+		if (options.json === true) writeOut(`${JSON.stringify({
+			code: "remote_profile_saved",
+			...status
+		})}\n`);
+		else writeRemoteStatus(status, false, writeOut);
 	});
 	remote.command("status").description("Show saved Remote Login status.").argument("[url]", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug").option("--json", "print JSON output").action(async (url, options) => {
 		if (!url) {
@@ -15554,18 +16185,19 @@ function createProgram(io = {}) {
 		writeOut(removed ? `Logged out of ${normalizeRemoteProfileHostUrl(url)}.\n` : `No Remote Login profile found for ${normalizeRemoteProfileHostUrl(url)}.\n`);
 	});
 	const remoteHost = remote.command("host").description("Manage self-hosted remote credentials.");
-	remoteHost.command("pair").description("Create a short-lived self-hosted Pairing Code from the server environment.").requiredOption("--host-url <url>", "public Caplets host URL").option("--state-path <path>", "server-owned remote credential state directory").option("--client-label <label>", "suggested client label").option("--json", "print JSON output").action(async (options) => {
-		const issued = remoteServerCredentialStore(options.statePath, env).createPairingCode({
-			hostUrl: options.hostUrl,
-			...options.clientLabel ? { clientLabel: options.clientLabel } : {}
-		});
+	remoteHost.command("pair", { hidden: true }).description("Deprecated. Pairing Code bootstrap is no longer supported.").option("--host-url <url>", "public Caplets host URL; defaults to CAPLETS_SERVER_URL").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action(async (options) => {
+		const hostUrl = options.hostUrl ?? env.CAPLETS_SERVER_URL;
+		const guidance = "Self-hosted Pairing Code bootstrap is no longer supported. Run caplets remote login <url> from the client, then approve the pending login with caplets remote host logins and caplets remote host approve <code> from the host.";
 		if (options.json) {
-			writeOut(`${JSON.stringify(issued, null, 2)}\n`);
+			writeOut(`${JSON.stringify({
+				supported: false,
+				deprecated: true,
+				...hostUrl ? { hostUrl: normalizeRemoteProfileHostUrl(hostUrl) } : {},
+				message: guidance
+			}, null, 2)}\n`);
 			return;
 		}
-		writeOut(`Pairing Code: ${issued.code}\n`);
-		writeOut(`Expires At: ${issued.expiresAt}\n`);
-		writeOut(`Run caplets remote login ${normalizeRemoteProfileHostUrl(options.hostUrl)} and enter the Pairing Code when prompted.\n`);
+		writeOut(`${guidance}\n`);
 	});
 	remoteHost.command("clients").description("List paired self-hosted remote clients from server state.").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((options) => {
 		const clients = remoteServerCredentialStore(options.statePath, env).listClients();
@@ -15579,6 +16211,35 @@ function createProgram(io = {}) {
 		}
 		for (const client of clients) writeOut(`${client.clientId}\t${terminalSafeText(client.clientLabel)}\t${client.hostUrl}\t${client.revokedAt ? "revoked" : "active"}\n`);
 	});
+	remoteHost.command("logins").description("List pending self-hosted Remote Login approvals from server state.").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((options) => {
+		const pendingLogins = remoteServerCredentialStore(options.statePath, env).listPendingLogins();
+		if (options.json) {
+			writeOut(`${JSON.stringify({ pendingLogins }, null, 2)}\n`);
+			return;
+		}
+		if (pendingLogins.length === 0) {
+			writeOut("No pending Remote Login approvals.\n");
+			return;
+		}
+		for (const pending of pendingLogins) writeOut(`${pending.flowId}\t${pending.operatorCodeFingerprint ?? "-"}\t${terminalSafeText(pending.clientLabel)}\t${pending.hostUrl}\t${pending.status}\n`);
+	});
+	remoteHost.command("approve").description("Approve one pending self-hosted Remote Login code from server state.").argument("<code>", "operator-visible Remote Login code").option("--state-path <path>", "server-owned remote credential state directory").option("--yes", "approve without an interactive confirmation prompt").option("--json", "print JSON output").action((code, options) => {
+		if (!options.yes && !options.json) throw new CapletsError("REQUEST_INVALID", "Use --yes to approve this pending login.");
+		const approved = remoteServerCredentialStore(options.statePath, env).approvePendingLogin({ operatorCode: code });
+		if (options.json) {
+			writeOut(`${JSON.stringify(approved, null, 2)}\n`);
+			return;
+		}
+		writeOut(`Approved pending Remote Login ${approved.flowId}.\n`);
+	});
+	remoteHost.command("deny").description("Deny one pending self-hosted Remote Login code from server state.").argument("<code>", "operator-visible Remote Login code").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((code, options) => {
+		const denied = remoteServerCredentialStore(options.statePath, env).denyPendingLogin({ operatorCode: code });
+		if (options.json) {
+			writeOut(`${JSON.stringify(denied, null, 2)}\n`);
+			return;
+		}
+		writeOut(`Denied pending Remote Login ${denied.flowId}.\n`);
+	});
 	remoteHost.command("revoke").description("Revoke one paired self-hosted remote client from server state.").argument("<client-id>", "remote client ID").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((clientId, options) => {
 		const revoked = remoteServerCredentialStore(options.statePath, env).revokeClient(clientId);
 		if (options.json) {
@@ -16495,20 +17156,7 @@ async function readVaultValue(io) {
 	if (io.readStdin) value = stripOneTrailingNewline(await io.readStdin());
 	else if (!process.stdin.isTTY && !io.writeOut && !io.writeErr) value = stripOneTrailingNewline(await readAllStdin());
 	else if (io.writeOut || io.writeErr || !process.stdin.isTTY || !process.stdout.isTTY) throw new CapletsError("REQUEST_INVALID", "Vault value input is required. Run interactively or provide stdin.");
-	else {
-		const output = new HiddenPromptOutput(process.stdout);
-		const readline = createInterface({
-			input: process.stdin,
-			output,
-			terminal: true
-		});
-		try {
-			value = await readline.question("Vault value: ");
-		} finally {
-			readline.close();
-			process.stdout.write("\n");
-		}
-	}
+	else value = await readHiddenInput(HIDDEN_INPUT_PROMPT_LABELS.vaultValue);
 	if (value.length === 0) throw new CapletsError("REQUEST_INVALID", "Vault value input is required.");
 	return value;
 }