@caplets/core 0.26.0 → 0.27.0

package/dist/index.js

@@ -1,9 +1,9 @@
-import { $ as resolveExposure, $t as CallToolRequestSchema, A as nativeCapletPromptGuidance, An as getLiteralValue, At as startOAuthFlow, B as CodeModeSessionManager, Bt as defaultStateBaseDir, C as resolveHostedCloudRemote, Cn as SetLevelRequestSchema, Ct as hasRenderableStructuredContent, D as isLoopbackHost, Dn as isJSONRPCErrorResponse, Dt as runGenericOAuthFlow, E as controlUrlForBase, En as isInitializeRequest, Et as refreshOAuthTokenBundle, Fn as isZ4Schema, G as CodeModeJournalStore, Gt as ReadBuffer, H as diagnoseCodeModeTypeScript, Ht as resolveConfigPath, I as codeModeRunInputSchema, In as normalizeObjectSchema, It as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, J as codeModeDeclarationHash, Jt as assertToolsCallTaskCapability, K as CodeModeLogStore, Kt as serializeMessage, L as codeModeRunParamsSchema, Ln as objectFromShape, Lt as defaultCacheBaseDir, M as nativeCapletToolName, Mn as getParseErrorMessage, Mt as isTokenBundleExpired, Nn as getSchemaDescription, Nt as readTokenBundle, O as parseServerBaseUrl, On as isJSONRPCRequest, Ot as runOAuthFlow, Pn as isSchemaOptional, Pt as DEFAULT_AUTH_DIR, Q as CapletsEngine, Qt as toJsonSchemaCompat, R as emptyCodeModeRunMeta, Rn as safeParse, Rt as defaultConfigBaseDir, S as resolveCapletsRemote, Sn as SUPPORTED_PROTOCOL_VERSIONS, St as loadCapletFilesFromMap, T as appendBasePath, Tn as assertCompleteRequestResourceTemplate, Tt as markdownStructuredContent, U as createCodeModeCapletsApi, Ut as resolveProjectCapletsRoot, V as QuickJsCodeModeSandbox, Vt as resolveCapletsRoot, W as listCodeModeCallableCaplets, Wt as resolveProjectConfigPath, X as generateCodeModeRunToolDescription, Xt as Protocol, Y as generateCodeModeDeclarations, Yt as AjvJsonSchemaValidator, Z as minifyCodeModeDeclarationText, Zt as mergeCapabilities, _ as CapletsCloudClient, _n as ListRootsResultSchema, _t as FileVaultStore, a as CloudAuthStore, at as ServerRegistry, b as isCapletsCloudUrl, bn as McpError, bt as discoverCapletFiles, c as redactedCloudAuthStatus, cn as ErrorCode, ct as loadConfig, d as projectBindingError, dn as InitializedNotificationSchema, dt as loadLocalOverlayConfigWithSources, en as CallToolResultSchema, et as decodeDirectResourceUri, f as projectBindingRecovery, fn as JSONRPCMessageSchema, ft as loadProjectConfig, g as buildProjectSyncManifest, gn as ListResourcesRequestSchema, gt as vaultStoreForAuthDir, hn as ListResourceTemplatesRequestSchema, ht as vaultResolverForAuthDir, i as createRemoteProfileStore, in as CreateTaskResultSchema, it as handleServerTool, j as nativeCapletToolDescription, jn as getObjectShape, jt as deleteTokenBundle, k as resolveCapletsServer, kn as isJSONRPCResultResponse, kt as startGenericOAuthFlow, l as PROJECT_BINDING_ERROR_CODES, ln as GetPromptRequestSchema, lt as loadConfigWithSources, mn as ListPromptsRequestSchema, mt as vaultBootstrapResolver, n as resolveRemoteSelection, nn as CreateMessageResultSchema, nt as findProjectRoot, o as cloudAuthPath, on as ElicitResultSchema, ot as capabilityDescription, p as CloudAuthClient, pn as LATEST_PROTOCOL_VERSION, pt as parseConfig, q as redactCodeModeLogText, qt as assertClientRequestTaskCapability, r as cloudCredentialsFromRemoteProfile, rn as CreateMessageResultWithToolsSchema, rt as fingerprintProjectRoot, s as migrateCredentials, sn as EmptyResultSchema, st as GoogleDiscoveryManager, t as createNativeCapletsService, tn as CompleteRequestSchema, tt as directResourceUriMatchesTemplate, u as ProjectBindingError, un as InitializeRequestSchema, ut as loadGlobalConfig, vn as ListToolsRequestSchema, vt as VAULT_MAX_VALUE_BYTES, w as resolveRemoteMode, wn as assertCompleteRequestPrompt, wt as markdownCallToolResultContent, x as normalizeRemoteProfileHostUrl, xn as ReadResourceRequestSchema, xt as validateCapletFile, y as hostedCloudWorkspaceFromRemoteUrl, yn as LoggingLevelSchema, yt as validateVaultKeyName, z as runCodeMode, zn as safeParseAsync, zt as defaultConfigPath } from "./service-rvZ7z6FI.js";
+import { $ as resolveExposure, $t as mergeCapabilities, A as nativeCapletPromptGuidance, An as isJSONRPCRequest, At as runOAuthFlow, B as CodeModeSessionManager, Bn as safeParse, Bt as defaultConfigBaseDir, C as resolveHostedCloudRemote, Cn as ReadResourceRequestSchema, Ct as validateCapletFile, D as isLoopbackHost, Dn as assertCompleteRequestResourceTemplate, Dt as markdownStructuredContent, E as controlUrlForBase, En as assertCompleteRequestPrompt, Et as markdownCallToolResultContent, Fn as getSchemaDescription, Ft as readTokenBundle, G as CodeModeJournalStore, Gt as resolveProjectCapletsRoot, H as diagnoseCodeModeTypeScript, Ht as defaultStateBaseDir, I as codeModeRunInputSchema, In as isSchemaOptional, It as DEFAULT_AUTH_DIR, J as codeModeDeclarationHash, Jt as serializeMessage, K as CodeModeLogStore, Kt as resolveProjectConfigPath, L as codeModeRunParamsSchema, Ln as isZ4Schema, M as nativeCapletToolName, Mn as getLiteralValue, Mt as startOAuthFlow, Nn as getObjectShape, Nt as deleteTokenBundle, O as parseServerBaseUrl, On as isInitializeRequest, Ot as refreshOAuthTokenBundle, Pn as getParseErrorMessage, Pt as isTokenBundleExpired, Q as CapletsEngine, Qt as Protocol, R as emptyCodeModeRunMeta, Rn as normalizeObjectSchema, Rt as DEFAULT_OBSERVED_OUTPUT_SHAPE_CACHE_DIR, S as resolveCapletsRemote, Sn as McpError, St as discoverCapletFiles, T as appendBasePath, Tn as SetLevelRequestSchema, Tt as hasRenderableStructuredContent, U as createCodeModeCapletsApi, Ut as resolveCapletsRoot, V as QuickJsCodeModeSandbox, Vn as safeParseAsync, Vt as defaultConfigPath, W as listCodeModeCallableCaplets, Wt as resolveConfigPath, X as generateCodeModeRunToolDescription, Xt as assertToolsCallTaskCapability, Y as generateCodeModeDeclarations, Yt as assertClientRequestTaskCapability, Z as minifyCodeModeDeclarationText, Zt as AjvJsonSchemaValidator, _ as CapletsCloudClient, _n as ListResourceTemplatesRequestSchema, _t as FileVaultStore, a as CloudAuthStore, an as CreateMessageResultWithToolsSchema, at as ServerRegistry, b as isCapletsCloudUrl, bn as ListToolsRequestSchema, bt as decryptVaultValue, c as redactedCloudAuthStatus, cn as ElicitResultSchema, ct as loadConfig, d as projectBindingError, dn as GetPromptRequestSchema, dt as loadLocalOverlayConfigWithSources, en as toJsonSchemaCompat, et as decodeDirectResourceUri, f as projectBindingRecovery, fn as InitializeRequestSchema, ft as loadProjectConfig, g as buildProjectSyncManifest, gn as ListPromptsRequestSchema, gt as vaultStoreForAuthDir, hn as LATEST_PROTOCOL_VERSION, ht as vaultResolverForAuthDir, i as createRemoteProfileStore, in as CreateMessageResultSchema, it as handleServerTool, j as nativeCapletToolDescription, jn as isJSONRPCResultResponse, jt as startGenericOAuthFlow, k as resolveCapletsServer, kn as isJSONRPCErrorResponse, kt as runGenericOAuthFlow, l as PROJECT_BINDING_ERROR_CODES, ln as EmptyResultSchema, lt as loadConfigWithSources, mn as JSONRPCMessageSchema, mt as vaultBootstrapResolver, n as resolveRemoteSelection, nn as CallToolResultSchema, nt as findProjectRoot, o as cloudAuthPath, on as CreateTaskResultSchema, ot as capabilityDescription, p as CloudAuthClient, pn as InitializedNotificationSchema, pt as parseConfig, q as redactCodeModeLogText, qt as ReadBuffer, r as cloudCredentialsFromRemoteProfile, rn as CompleteRequestSchema, rt as fingerprintProjectRoot, s as migrateCredentials, st as GoogleDiscoveryManager, t as createNativeCapletsService, tn as CallToolRequestSchema, tt as directResourceUriMatchesTemplate, u as ProjectBindingError, un as ErrorCode, ut as loadGlobalConfig, vn as ListResourcesRequestSchema, vt as VAULT_MAX_VALUE_BYTES, w as resolveRemoteMode, wn as SUPPORTED_PROTOCOL_VERSIONS, wt as loadCapletFilesFromMap, x as normalizeRemoteProfileHostUrl, xn as LoggingLevelSchema, xt as encryptVaultValue, y as hostedCloudWorkspaceFromRemoteUrl, yn as ListRootsResultSchema, yt as validateVaultKeyName, z as runCodeMode, zn as objectFromShape, zt as defaultCacheBaseDir } from "./service-BGGiZLHa.js";
 import { _ as record, b as unknown, d as literal, m as object, n as ZodOptional, o as array, p as number, r as _enum, s as boolean, v as string, x as url } from "./schemas-BoqMu4MG.js";
-import { f as redactSecrets$1, i as SERVER_ID_PATTERN, l as CAPLETS_ERROR_CODES, p as toSafeError, u as CapletsError } from "./validation-C4tYXw6G.js";
+import { a as SERVER_ID_PATTERN, d as CapletsError, m as toSafeError, p as redactSecrets$1, u as CAPLETS_ERROR_CODES } from "./validation-CWzd2gtn.js";
 import { generatedToolInputJsonSchemaForCaplet, generatedToolInputSchema, generatedToolInputSchemaForCaplet } from "./generated-tool-input-schema.js";
 import { f as observedOutputShapeKey, g as stableJsonStringify, h as schemaHash, i as observeOutputShape, u as FileObservedOutputShapeStore } from "./observed-output-shapes-DuP7mJQf.js";
-import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-DaYL-XQN.js";
+import { a as formatCapletList, c as resolveCliConfigPaths, l as cliCommands$1, n as completionScript, o as formatConfigPaths, s as listCaplets, t as completeCliWords, u as completionShells } from "./completion-1wDjwHkC.js";
 import { n as normalizeCapletSourcePath, t as FilesystemCapletSource } from "./filesystem-Kkg32TOJ.js";
 import { parseConfig as parseConfig$1 } from "./config-runtime.js";
 import fs, { accessSync, chmodSync, closeSync, constants, copyFileSync, cpSync, existsSync, fstatSync, lstatSync, mkdirSync, mkdtempSync, openSync, readFileSync, readSync, readdirSync, readlinkSync, realpathSync, renameSync, rmSync, statSync, watch, writeFileSync, writeSync } from "node:fs";
@@ -1553,7 +1553,7 @@ const EMPTY_COMPLETION_RESULT = { completion: {
 } };
 //#endregion
 //#region package.json
-var version = "0.26.0";
+var version = "0.27.0";
 //#endregion
 //#region src/serve/session.ts
 var CapletsMcpSession = class {
@@ -5864,6 +5864,21 @@ function assertPathSegment(value, label) {
 	if (!value || value.includes("/") || value.includes("\\") || value.includes("\0") || value === "." || value === "..") throw new Error(`Invalid ${label}: ${value}`);
 }
 //#endregion
+//#region src/daemon/host-path.ts
+/**
+* Node's POSIX filesystem APIs do not treat backslashes as path separators. Tests
+* sometimes emulate Windows daemon operations with POSIX temp directories, which
+* `node:path.win32` renders as drive-less absolute paths such as
+* `\tmp\caplets-...`. On POSIX hosts those strings would otherwise be created as
+* single backslash-named entries in the current working directory.
+*/
+function daemonHostPath(path) {
+	if (process.platform === "win32") return path;
+	if (!path.startsWith("\\") || path.startsWith("\\\\")) return path;
+	if (/^[A-Za-z]:/u.test(path)) return path;
+	return path.replaceAll("\\", "/");
+}
+//#endregion
 //#region src/daemon/config.ts
 function readDaemonConfig(paths) {
 	return readJson(paths.configFile);
@@ -5877,10 +5892,10 @@ function writeDaemonState(paths, state) {
 	return state;
 }
 function removeDaemonConfig(paths) {
-	rmSync(paths.configFile, { force: true });
+	rmSync(daemonHostPath(paths.configFile), { force: true });
 }
 function removeDaemonState(paths) {
-	rmSync(paths.stateFile, { force: true });
+	rmSync(daemonHostPath(paths.stateFile), { force: true });
 }
 function mergeDaemonEnv(existing, install) {
 	const values = { ...existing?.values };
@@ -5904,20 +5919,22 @@ function validateEnvName(value) {
 	if (!/^[A-Za-z_][A-Za-z0-9_]*$/u.test(value)) throw new CapletsError("REQUEST_INVALID", `Invalid environment variable name: ${value}`);
 }
 function readJson(path) {
+	const hostPath = daemonHostPath(path);
 	try {
-		return JSON.parse(readFileSync(path, "utf8"));
+		return JSON.parse(readFileSync(hostPath, "utf8"));
 	} catch (error) {
 		if (error.code === "ENOENT") return void 0;
 		throw error;
 	}
 }
 function writeJson(path, value) {
-	mkdirSync(dirname(path), {
+	const hostPath = daemonHostPath(path);
+	mkdirSync(dirname(hostPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(path, `${JSON.stringify(value, null, 2)}\n`, { mode: 384 });
-	chmodSync(path, 384);
+	writeFileSync(hostPath, `${JSON.stringify(value, null, 2)}\n`, { mode: 384 });
+	chmodSync(hostPath, 384);
 }
 //#endregion
 //#region src/daemon/logs.ts
@@ -5952,9 +5969,10 @@ async function followDaemonLogs(paths, options) {
 	}).entries) options.write(entry);
 	const watchers = selectedStreams(options.stream ?? "all").map((stream) => {
 		const file = paths[stream === "stdout" ? "stdoutLog" : "stderrLog"];
+		const hostFile = daemonHostPath(file);
 		ensureLogFile(file);
-		let offset = existsSync(file) ? statSync(file).size : 0;
-		return watch(file, { persistent: true }, () => {
+		let offset = existsSync(hostFile) ? statSync(hostFile).size : 0;
+		return watch(hostFile, { persistent: true }, () => {
 			const { content, nextOffset } = readFromOffset(file, offset);
 			offset = nextOffset;
 			for (const line of content.split(/\r?\n/u).filter(Boolean)) options.write({
@@ -5977,13 +5995,14 @@ function selectedStreams(stream) {
 	return stream === "all" ? ["stdout", "stderr"] : [stream];
 }
 function tailLines(path, count) {
-	if (count === 0 || !existsSync(path)) return [];
-	const lines = count < 0 ? readFileSync(path, "utf8").split(/\r?\n/u) : readTailContent(path, count);
+	const hostPath = daemonHostPath(path);
+	if (count === 0 || !existsSync(hostPath)) return [];
+	const lines = count < 0 ? readFileSync(hostPath, "utf8").split(/\r?\n/u) : readTailContent(path, count);
 	if (lines.at(-1) === "") lines.pop();
 	return count < 0 ? lines : lines.slice(-count);
 }
 function readTailContent(path, count) {
-	const fd = openSync(path, "r");
+	const fd = openSync(daemonHostPath(path), "r");
 	try {
 		const size = fstatSync(fd).size;
 		const chunks = [];
@@ -6004,11 +6023,12 @@ function readTailContent(path, count) {
 	}
 }
 function readFromOffset(path, offset) {
-	if (!existsSync(path)) return {
+	const hostPath = daemonHostPath(path);
+	if (!existsSync(hostPath)) return {
 		content: "",
 		nextOffset: 0
 	};
-	const fd = openSync(path, "r");
+	const fd = openSync(hostPath, "r");
 	try {
 		const size = fstatSync(fd).size;
 		if (size <= offset) return {
@@ -6049,12 +6069,13 @@ function logTimestamp(line) {
 	return Number.isNaN(timestamp) ? void 0 : timestamp;
 }
 function ensureLogFile(path) {
-	if (existsSync(path)) return;
-	mkdirSync(dirname(path), {
+	const hostPath = daemonHostPath(path);
+	if (existsSync(hostPath)) return;
+	mkdirSync(dirname(hostPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(path, "", { mode: 384 });
+	writeFileSync(hostPath, "", { mode: 384 });
 }
 //#endregion
 //#region src/daemon/xml.ts
@@ -6245,9 +6266,9 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 	return {
 		descriptor: buildLaunchdDescriptor,
 		status: async (config, paths) => {
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const result = await runner.exec("launchctl", ["print", target]);
-			if (result.code !== 0) return existsSync(paths.descriptorFile) ? stopped({ stderr: result.stderr }) : notInstalled({ stderr: result.stderr });
+			if (result.code !== 0) return existsSync(daemonHostPath(paths.descriptorFile)) ? stopped({ stderr: result.stderr }) : notInstalled({ stderr: result.stderr });
 			const pid = parseNumberMatch(result.stdout, /\bpid\s*=\s*(\d+)/u);
 			if (pid !== void 0) return runningOrStopped(pid, {
 				stdout: result.stdout,
@@ -6273,7 +6294,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 			};
 		},
 		uninstall: async (config, paths) => {
-			const hasDescriptor = existsSync(paths.descriptorFile);
+			const hasDescriptor = existsSync(daemonHostPath(paths.descriptorFile));
 			if (!hasDescriptor && !config) return {
 				action: "uninstall",
 				native: notInstalled(),
@@ -6291,7 +6312,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 			]];
 			const result = await runner.exec(commands[0][0], commands[0].slice(1));
 			if (result.code !== 0 && !/No such process|not found|Could not find service|No such file or directory/iu.test(result.stderr)) throw new CapletsError("SERVER_UNAVAILABLE", `launchd unregister failed: ${result.stderr || result.stdout || result.code}`);
-			rmSync(paths.descriptorFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
 			return {
 				action: "uninstall",
 				native: notInstalled({
@@ -6304,7 +6325,7 @@ function launchdManager(runner, uid = typeof process.getuid === "function" ? pro
 		start: async (config) => launchdStartLifecycle(runner, domain, target, config.paths.descriptorFile),
 		restart: async (config) => launchdRestartLifecycle(runner, domain, target, config.paths.descriptorFile),
 		stop: async (config) => {
-			const command = config && existsSync(config.paths.descriptorFile) ? [
+			const command = config && existsSync(daemonHostPath(config.paths.descriptorFile)) ? [
 				"launchctl",
 				"bootout",
 				domain,
@@ -6329,7 +6350,7 @@ function systemdManager(runner, serviceAvailable = true) {
 		descriptor: buildSystemdDescriptor,
 		status: async (config, paths) => {
 			if (!serviceAvailable) return unavailable("systemd --user is not available.");
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const show = await runner.exec("systemctl", [
 				"--user",
 				"show",
@@ -6338,13 +6359,13 @@ function systemdManager(runner, serviceAvailable = true) {
 			if (show.code !== 0) {
 				const message = show.stderr || show.stdout || String(show.code);
 				if (isSystemdUnavailable(message)) return unavailable(`systemd --user is not available: ${message}`);
-				return existsSync(paths.descriptorFile) ? stopped({
+				return existsSync(daemonHostPath(paths.descriptorFile)) ? stopped({
 					stderr: show.stderr,
 					stdout: show.stdout
 				}) : notInstalled({ stderr: show.stderr });
 			}
 			const raw = parseSystemdShow(show.stdout);
-			if (!existsSync(paths.descriptorFile) && raw.LoadState === "not-found") return notInstalled({
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && raw.LoadState === "not-found") return notInstalled({
 				raw,
 				stderr: show.stderr
 			});
@@ -6410,7 +6431,7 @@ function systemdManager(runner, serviceAvailable = true) {
 			]];
 			await assertExecUnless(runner, commands[0], "systemd unregister failed", /not loaded|not found|No such file|does not exist/iu);
 			const descriptorBackup = backupPath(paths.descriptorFile);
-			rmSync(paths.descriptorFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
 			try {
 				await assertExec(runner, commands[1], "systemd unregister failed");
 			} catch (error) {
@@ -6433,7 +6454,7 @@ function windowsTaskManager(runner) {
 	return {
 		descriptor: buildWindowsTaskDescriptor,
 		status: async (config, paths) => {
-			if (!existsSync(paths.descriptorFile) && !config) return notInstalled();
+			if (!existsSync(daemonHostPath(paths.descriptorFile)) && !config) return notInstalled();
 			const result = await runner.exec("schtasks", [
 				"/Query",
 				"/TN",
@@ -6488,8 +6509,8 @@ function windowsTaskManager(runner) {
 				"/F"
 			];
 			await assertExecUnless(runner, command, "Scheduled Task unregister failed", /cannot find|does not exist|not found/iu);
-			rmSync(paths.descriptorFile, { force: true });
-			rmSync(paths.wrapperFile, { force: true });
+			rmSync(daemonHostPath(paths.descriptorFile), { force: true });
+			rmSync(daemonHostPath(paths.wrapperFile), { force: true });
 			return {
 				action: "uninstall",
 				native: notInstalled(),
@@ -6561,19 +6582,21 @@ function unsupportedManager(platform) {
 	};
 }
 function writeDescriptor(descriptor) {
-	mkdirSync(dirname(descriptor.path), {
+	const descriptorPath = daemonHostPath(descriptor.path);
+	mkdirSync(dirname(descriptorPath), {
 		recursive: true,
 		mode: 448
 	});
-	writeFileSync(descriptor.path, descriptor.kind === "windows-scheduled-task" ? descriptor.xml : descriptor.contents, { mode: 384 });
-	chmodSync(descriptor.path, 384);
+	writeFileSync(descriptorPath, descriptor.kind === "windows-scheduled-task" ? descriptor.xml : descriptor.contents, { mode: 384 });
+	chmodSync(descriptorPath, 384);
 	if (descriptor.kind === "windows-scheduled-task") {
-		mkdirSync(dirname(descriptor.wrapper.path), {
+		const wrapperPath = daemonHostPath(descriptor.wrapper.path);
+		mkdirSync(dirname(wrapperPath), {
 			recursive: true,
 			mode: 448
 		});
-		writeFileSync(descriptor.wrapper.path, descriptor.wrapper.contents, { mode: 448 });
-		chmodSync(descriptor.wrapper.path, 448);
+		writeFileSync(wrapperPath, descriptor.wrapper.contents, { mode: 448 });
+		chmodSync(wrapperPath, 448);
 	}
 }
 async function writeDescriptorForInstall(descriptor, register, afterRestore) {
@@ -6593,23 +6616,27 @@ function backupDescriptorFiles(descriptor) {
 	return (descriptor.kind === "windows-scheduled-task" ? [descriptor.path, descriptor.wrapper.path] : [descriptor.path]).map(backupPath);
 }
 function backupPath(path) {
-	const existed = existsSync(path);
+	const hostPath = daemonHostPath(path);
+	const existed = existsSync(hostPath);
 	return {
 		path,
 		existed,
-		...existed ? { contents: readFileSync(path) } : {},
-		...existed ? { mode: statSync(path).mode & 511 } : {}
+		...existed ? { contents: readFileSync(hostPath) } : {},
+		...existed ? { mode: statSync(hostPath).mode & 511 } : {}
 	};
 }
 function restoreDescriptorFiles(backups) {
-	for (const backup of backups) if (backup.existed && backup.contents) {
-		mkdirSync(dirname(backup.path), {
-			recursive: true,
-			mode: 448
-		});
-		writeFileSync(backup.path, backup.contents, { mode: backup.mode ?? 384 });
-		chmodSync(backup.path, backup.mode ?? 384);
-	} else rmSync(backup.path, { force: true });
+	for (const backup of backups) {
+		const hostPath = daemonHostPath(backup.path);
+		if (backup.existed && backup.contents) {
+			mkdirSync(dirname(hostPath), {
+				recursive: true,
+				mode: 448
+			});
+			writeFileSync(hostPath, backup.contents, { mode: backup.mode ?? 384 });
+			chmodSync(hostPath, backup.mode ?? 384);
+		} else rmSync(hostPath, { force: true });
+	}
 }
 async function assertExec(runner, command, message) {
 	const result = await runner.exec(command[0], command.slice(1));
@@ -11470,6 +11497,12 @@ function randomPairingPart(bytes) {
 const DEFAULT_PAIRING_CODE_TTL_MS = 10 * 6e4;
 const DEFAULT_PAIRING_CODE_MAX_ATTEMPTS = 5;
 const DEFAULT_ACCESS_TOKEN_TTL_MS = 15 * 6e4;
+const DEFAULT_PENDING_OPERATOR_CODE_TTL_MS = 10 * 6e4;
+const DEFAULT_PENDING_FLOW_TTL_MS = 1440 * 6e4;
+const DEFAULT_PENDING_POLL_INTERVAL_SECONDS = 5;
+const DEFAULT_PENDING_MAX_ACTIVE_FLOWS = 64;
+const DEFAULT_PENDING_MAX_ACTIVE_FLOWS_PER_SOURCE = 8;
+const PENDING_TERMINAL_RETENTION_MS = 1440 * 6e4;
 const STALE_REFRESH_REVOKE_GRACE_MS = 3e4;
 const SUPERSEDED_REFRESH_TOKEN_RETENTION_MS = 1440 * 6e4;
 const STATE_FILE = "remote-server-credentials.json";
@@ -11481,6 +11514,199 @@ var RemoteServerCredentialStore = class {
 	constructor(options) {
 		this.dir = options.dir;
 	}
+	createPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const flowId = `rlogin_${randomToken(12)}`;
+			const operatorCode = `cap_login_${randomToken(5)}`;
+			const pendingRefreshSecret = `cap_pending_refresh_${randomToken(32)}`;
+			const pendingCompletionSecret = `cap_pending_complete_${randomToken(32)}`;
+			const codeExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_OPERATOR_CODE_TTL_MS).toISOString();
+			const flowExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_FLOW_TTL_MS).toISOString();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const clientLabel = boundedPendingLoginDisplayValue(input.clientLabel, PENDING_CLIENT_LABEL_MAX_LENGTH) ?? "Caplets Remote Client";
+			const clientFingerprint = boundedPendingLoginDisplayValue(input.clientFingerprint, PENDING_CLIENT_FINGERPRINT_MAX_LENGTH);
+			const sourceHint = boundedPendingLoginDisplayValue(input.sourceHint, PENDING_SOURCE_HINT_MAX_LENGTH);
+			enforcePendingLoginQuota(state, sourceHint);
+			state.pendingLogins.push({
+				flowId,
+				hostUrl: normalizeRemoteProfileHostUrl(input.hostUrl),
+				...input.hostIdentity ? { hostIdentity: input.hostIdentity } : {},
+				operatorCodeHash: hashSecret(operatorCode),
+				pendingRefreshHash: hashSecret(pendingRefreshSecret),
+				supersededPendingRefreshHashes: [],
+				pendingCompletionHash: hashSecret(pendingCompletionSecret),
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				clientLabel,
+				...clientFingerprint ? { clientFingerprint } : {},
+				...sourceHint ? { sourceHint } : {},
+				createdAt: now.toISOString(),
+				codeExpiresAt,
+				flowExpiresAt,
+				status: "pending"
+			});
+			this.saveState(state);
+			return {
+				flowId,
+				operatorCode,
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				pendingRefreshSecret,
+				pendingCompletionSecret,
+				codeExpiresAt,
+				flowExpiresAt,
+				intervalSeconds: DEFAULT_PENDING_POLL_INTERVAL_SECONDS
+			};
+		});
+	}
+	pollPendingLogin(input) {
+		const now = input.now ?? /* @__PURE__ */ new Date();
+		const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now);
+		return {
+			flowId: flow.flowId,
+			status: flow.status
+		};
+	}
+	refreshPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			const refreshHash = hashSecret(input.pendingRefreshSecret);
+			if (!safeHashEqual(refreshHash, flow.pendingRefreshHash)) {
+				if (flow.pendingRefreshReplay && safeHashEqual(refreshHash, flow.pendingRefreshReplay.refreshHash) && Date.parse(flow.pendingRefreshReplay.expiresAt) > now.getTime()) return decryptPendingRefreshReplay(flow.pendingRefreshReplay, input.pendingCompletionSecret);
+				if (flow.supersededPendingRefreshHashes.some((entry) => safeHashEqual(refreshHash, entry.hash))) throw new CapletsError("AUTH_FAILED", "Pending login refresh material is stale.");
+				throw new CapletsError("AUTH_FAILED", "Pending login refresh material is invalid.");
+			}
+			const operatorCode = `cap_login_${randomToken(5)}`;
+			const pendingRefreshSecret = `cap_pending_refresh_${randomToken(32)}`;
+			const codeExpiresAt = new Date(now.getTime() + DEFAULT_PENDING_OPERATOR_CODE_TTL_MS).toISOString();
+			const response = {
+				flowId: flow.flowId,
+				operatorCode,
+				operatorCodeFingerprint: pendingOperatorCodeFingerprint(operatorCode),
+				pendingRefreshSecret,
+				codeExpiresAt,
+				flowExpiresAt: flow.flowExpiresAt,
+				intervalSeconds: DEFAULT_PENDING_POLL_INTERVAL_SECONDS
+			};
+			flow.operatorCodeHash = hashSecret(operatorCode);
+			flow.operatorCodeFingerprint = response.operatorCodeFingerprint;
+			flow.supersededPendingRefreshHashes = pruneSupersededRefreshTokens(flow.supersededPendingRefreshHashes, now);
+			flow.pendingRefreshReplay = {
+				refreshHash: flow.pendingRefreshHash,
+				expiresAt: new Date(now.getTime() + STALE_REFRESH_REVOKE_GRACE_MS).toISOString(),
+				encryptedResponse: encryptReplayValue(response, input.pendingCompletionSecret, now)
+			};
+			flow.supersededPendingRefreshHashes.push({
+				hash: flow.pendingRefreshHash,
+				supersededAt: now.toISOString()
+			});
+			flow.supersededPendingRefreshHashes = capSupersededRefreshTokens(flow.supersededPendingRefreshHashes);
+			flow.pendingRefreshHash = hashSecret(pendingRefreshSecret);
+			flow.codeExpiresAt = codeExpiresAt;
+			this.saveState(state);
+			return response;
+		});
+	}
+	denyPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const operatorCodeHash = hashSecret(input.operatorCode);
+			const flow = state.pendingLogins.find((candidate) => safeHashEqual(operatorCodeHash, candidate.operatorCodeHash));
+			if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login code is unknown.");
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			if (Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+				flow.status = "expired";
+				this.saveState(state);
+				throw new CapletsError("AUTH_FAILED", "Pending login has expired.");
+			}
+			flow.status = "denied";
+			flow.deniedAt = now.toISOString();
+			this.saveState(state);
+			return {
+				flowId: flow.flowId,
+				status: "denied"
+			};
+		});
+	}
+	cancelPendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.status !== "pending" && flow.status !== "approved") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			flow.status = "cancelled";
+			flow.cancelledAt = now.toISOString();
+			this.saveState(state);
+			return {
+				flowId: flow.flowId,
+				status: "cancelled"
+			};
+		});
+	}
+	approvePendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const operatorCodeHash = hashSecret(input.operatorCode);
+			const flow = state.pendingLogins.find((candidate) => safeHashEqual(operatorCodeHash, candidate.operatorCodeHash));
+			if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login code is unknown.");
+			if (flow.status !== "pending") throw new CapletsError("AUTH_FAILED", `Pending login is already ${flow.status}.`);
+			if (Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+				flow.status = "expired";
+				this.saveState(state);
+				throw new CapletsError("AUTH_FAILED", "Pending login has expired.");
+			}
+			assertPendingOperatorCodeFresh(flow, now);
+			flow.status = "approved";
+			flow.approvedAt = now.toISOString();
+			this.saveState(state);
+			return pendingApprovalStatus(flow);
+		});
+	}
+	completePendingLogin(input) {
+		return this.withStateLock(() => {
+			const now = input.now ?? /* @__PURE__ */ new Date();
+			const state = this.loadState();
+			cleanupPendingLogins(state, now);
+			const flow = this.pendingLoginForCompletion(input.flowId, input.pendingCompletionSecret, now, state);
+			if (flow.hostUrl !== normalizeRemoteProfileHostUrl(input.hostUrl)) throw new CapletsError("AUTH_FAILED", "Pending login belongs to a different host.");
+			if (flow.status !== "approved") {
+				if (flow.status === "exchanged" && flow.completionReplay && Date.parse(flow.completionReplay.expiresAt) > now.getTime()) return decryptCompletionReplay(flow.completionReplay, input.pendingCompletionSecret);
+				throw new CapletsError("AUTH_FAILED", flow.status === "exchanged" ? "Pending login has already been exchanged." : `Pending login is ${flow.status}, not approved.`);
+			}
+			const accessToken = `cap_remote_access_${randomToken(32)}`;
+			const refreshToken = `cap_remote_refresh_${randomToken(32)}`;
+			const client = {
+				clientId: `rcli_${randomToken(12)}`,
+				clientLabel: flow.clientLabel,
+				hostUrl: flow.hostUrl,
+				accessTokenHash: hashSecret(accessToken),
+				accessExpiresAt: new Date(now.getTime() + DEFAULT_ACCESS_TOKEN_TTL_MS).toISOString(),
+				refreshTokenHash: hashSecret(refreshToken),
+				supersededRefreshTokenHashes: [],
+				refreshFamilyId: randomUUID(),
+				createdAt: now.toISOString()
+			};
+			state.clients.push(client);
+			flow.status = "exchanged";
+			flow.exchangedAt = now.toISOString();
+			const credentials = credentialsFromClient(client, accessToken, refreshToken);
+			flow.completionReplay = {
+				expiresAt: new Date(now.getTime() + STALE_REFRESH_REVOKE_GRACE_MS).toISOString(),
+				encryptedCredentials: encryptReplayValue(credentials, input.pendingCompletionSecret, now)
+			};
+			this.saveState(state);
+			return credentials;
+		});
+	}
 	createPairingCode(input) {
 		return this.withStateLock(() => {
 			const now = input.now ?? /* @__PURE__ */ new Date();
@@ -11545,6 +11771,13 @@ var RemoteServerCredentialStore = class {
 	listClients() {
 		return this.loadState().clients.map(clientStatus).sort((left, right) => left.createdAt.localeCompare(right.createdAt));
 	}
+	listPendingLogins(now = /* @__PURE__ */ new Date()) {
+		return this.withStateLock(() => {
+			const state = this.loadState();
+			if (cleanupPendingLogins(state, now)) this.saveState(state);
+			return state.pendingLogins.map(pendingLoginStatus).sort((left, right) => left.createdAt.localeCompare(right.createdAt));
+		});
+	}
 	revokeClient(clientId, now = /* @__PURE__ */ new Date()) {
 		return this.withStateLock(() => {
 			const state = this.loadState();
@@ -11580,7 +11813,7 @@ var RemoteServerCredentialStore = class {
 					const supersededAt = superseded ? Date.parse(superseded.supersededAt) : NaN;
 					if (Number.isFinite(supersededAt) && now.getTime() - supersededAt >= STALE_REFRESH_REVOKE_GRACE_MS) replayedClient.revokedAt = now.toISOString();
 					this.saveState(state);
-					throw new CapletsError("AUTH_FAILED", "Remote refresh credential is stale.");
+					throw new CapletsError("REMOTE_CREDENTIALS_REVOKED", "Remote refresh credential is stale.");
 				}
 				throw new CapletsError("AUTH_FAILED", "Remote refresh credential is invalid.");
 			}
@@ -11608,12 +11841,17 @@ var RemoteServerCredentialStore = class {
 		if (!existsSync(path)) return {
 			version: 1,
 			pairingCodes: [],
+			pendingLogins: [],
 			clients: []
 		};
 		const parsed = JSON.parse(readFileSync(path, "utf8"));
 		return {
 			version: 1,
 			pairingCodes: parsed.pairingCodes ?? [],
+			pendingLogins: (parsed.pendingLogins ?? []).map((pending) => ({
+				...pending,
+				supersededPendingRefreshHashes: parseSupersededRefreshTokens(pending.supersededPendingRefreshHashes)
+			})),
 			clients: (parsed.clients ?? []).map((client) => ({
 				...client,
 				supersededRefreshTokenHashes: parseSupersededRefreshTokens(client.supersededRefreshTokenHashes)
@@ -11683,6 +11921,13 @@ var RemoteServerCredentialStore = class {
 			return false;
 		}
 	}
+	pendingLoginForCompletion(flowId, pendingCompletionSecret, now, state = this.loadState()) {
+		const flow = state.pendingLogins.find((candidate) => candidate.flowId === flowId);
+		if (!flow) throw new CapletsError("AUTH_FAILED", "Pending login is unknown.");
+		if (!safeHashEqual(hashSecret(pendingCompletionSecret), flow.pendingCompletionHash)) throw new CapletsError("AUTH_FAILED", "Pending login possession material is invalid.");
+		if (Date.parse(flow.flowExpiresAt) <= now.getTime() && isActivePendingLogin(flow)) flow.status = "expired";
+		return flow;
+	}
 };
 function sleepSync(ms) {
 	Atomics.wait(new Int32Array(new SharedArrayBuffer(4)), 0, 0, ms);
@@ -11691,14 +11936,92 @@ function isFileExistsError(error) {
 	return typeof error === "object" && error !== null && "code" in error && error.code === "EEXIST";
 }
 function pruneSupersededRefreshTokens(entries, now) {
-	return entries.filter((entry) => {
+	return capSupersededRefreshTokens(entries.filter((entry) => {
 		const supersededAt = Date.parse(entry.supersededAt);
 		return Number.isFinite(supersededAt) && now.getTime() - supersededAt < SUPERSEDED_REFRESH_TOKEN_RETENTION_MS;
+	}));
+}
+function capSupersededRefreshTokens(entries) {
+	return entries.slice(-16);
+}
+function cleanupPendingLogins(state, now) {
+	let changed = false;
+	for (const flow of state.pendingLogins) if (isActivePendingLogin(flow) && Date.parse(flow.flowExpiresAt) <= now.getTime()) {
+		flow.status = "expired";
+		changed = true;
+	}
+	const retained = state.pendingLogins.filter((flow) => shouldRetainPendingLogin(flow, now));
+	if (retained.length !== state.pendingLogins.length) changed = true;
+	state.pendingLogins = retained;
+	return changed;
+}
+function enforcePendingLoginQuota(state, sourceHint) {
+	const active = state.pendingLogins.filter(isActivePendingLogin);
+	if (active.length >= DEFAULT_PENDING_MAX_ACTIVE_FLOWS) throw new CapletsError("AUTH_FAILED", "Too many active pending logins.");
+	if (!sourceHint) return;
+	const sourceKey = sourceHint;
+	if (active.filter((flow) => (flow.sourceHint ?? "") === sourceKey).length >= DEFAULT_PENDING_MAX_ACTIVE_FLOWS_PER_SOURCE) throw new CapletsError("AUTH_FAILED", "Too many active pending logins for this source.");
+}
+function isActivePendingLogin(flow) {
+	return flow.status === "pending" || flow.status === "approved";
+}
+function shouldRetainPendingLogin(flow, now) {
+	if (isActivePendingLogin(flow)) return true;
+	const terminalAt = pendingLoginTerminalTime(flow);
+	return Number.isFinite(terminalAt) && now.getTime() - terminalAt < PENDING_TERMINAL_RETENTION_MS;
+}
+function pendingLoginTerminalTime(flow) {
+	switch (flow.status) {
+		case "denied": return Date.parse(flow.deniedAt ?? flow.flowExpiresAt);
+		case "cancelled": return Date.parse(flow.cancelledAt ?? flow.flowExpiresAt);
+		case "exchanged": return Date.parse(flow.exchangedAt ?? flow.flowExpiresAt);
+		case "expired": return Date.parse(flow.flowExpiresAt);
+		default: return NaN;
+	}
+}
+function assertPendingOperatorCodeFresh(flow, now) {
+	if (Date.parse(flow.codeExpiresAt) <= now.getTime()) throw new CapletsError("AUTH_FAILED", "Pending login code has expired. Refresh the pending login for a new code.");
+}
+function encryptReplayValue(value, pendingCompletionSecret, now) {
+	return encryptVaultValue({
+		plaintext: JSON.stringify(value),
+		key: replayEncryptionKey(pendingCompletionSecret),
+		now
 	});
 }
+function decryptPendingRefreshReplay(replay, pendingCompletionSecret) {
+	const parsed = JSON.parse(decryptVaultValue(replay.encryptedResponse, replayEncryptionKey(pendingCompletionSecret)));
+	if (typeof parsed.flowId !== "string" || typeof parsed.operatorCode !== "string" || typeof parsed.pendingRefreshSecret !== "string" || typeof parsed.codeExpiresAt !== "string" || typeof parsed.flowExpiresAt !== "string" || typeof parsed.intervalSeconds !== "number") throw new CapletsError("CONFIG_INVALID", "Pending login refresh replay record is malformed.");
+	return {
+		flowId: parsed.flowId,
+		operatorCode: parsed.operatorCode,
+		operatorCodeFingerprint: typeof parsed.operatorCodeFingerprint === "string" ? parsed.operatorCodeFingerprint : pendingOperatorCodeFingerprint(parsed.operatorCode),
+		pendingRefreshSecret: parsed.pendingRefreshSecret,
+		codeExpiresAt: parsed.codeExpiresAt,
+		flowExpiresAt: parsed.flowExpiresAt,
+		intervalSeconds: parsed.intervalSeconds
+	};
+}
+function decryptCompletionReplay(replay, pendingCompletionSecret) {
+	const parsed = JSON.parse(decryptVaultValue(replay.encryptedCredentials, replayEncryptionKey(pendingCompletionSecret)));
+	if (typeof parsed.clientId !== "string" || typeof parsed.clientLabel !== "string" || typeof parsed.hostUrl !== "string" || typeof parsed.accessToken !== "string" || typeof parsed.refreshToken !== "string" || typeof parsed.expiresAt !== "string" || typeof parsed.createdAt !== "string" || parsed.tokenType !== "Bearer") throw new CapletsError("CONFIG_INVALID", "Pending login completion replay record is malformed.");
+	return {
+		clientId: parsed.clientId,
+		clientLabel: parsed.clientLabel,
+		hostUrl: parsed.hostUrl,
+		accessToken: parsed.accessToken,
+		refreshToken: parsed.refreshToken,
+		expiresAt: parsed.expiresAt,
+		createdAt: parsed.createdAt,
+		tokenType: "Bearer"
+	};
+}
+function replayEncryptionKey(pendingCompletionSecret) {
+	return createHash("sha256").update(`caplets-pending-login-replay:${pendingCompletionSecret}`).digest();
+}
 function validateClient(client, hostUrl, now, options = {}) {
 	if (client.hostUrl !== hostUrl) throw new CapletsError("AUTH_FAILED", "Remote client credential is for a different host.");
-	if (client.revokedAt) throw new CapletsError("AUTH_FAILED", "Remote client credential has been revoked.");
+	if (client.revokedAt) throw new CapletsError("REMOTE_CREDENTIALS_REVOKED", "Remote client credential has been revoked.");
 	if (!options.allowExpiredAccess && Date.parse(client.accessExpiresAt) <= now.getTime()) throw new CapletsError("AUTH_FAILED", "Remote client credential has expired.");
 }
 function credentialsFromClient(client, accessToken, refreshToken) {
@@ -11723,9 +12046,48 @@ function clientStatus(client) {
 		...client.revokedAt ? { revokedAt: client.revokedAt } : {}
 	};
 }
+function pendingLoginStatus(flow) {
+	return {
+		flowId: flow.flowId,
+		hostUrl: flow.hostUrl,
+		...flow.hostIdentity ? { hostIdentity: flow.hostIdentity } : {},
+		status: flow.status,
+		...flow.operatorCodeFingerprint ? { operatorCodeFingerprint: flow.operatorCodeFingerprint } : {},
+		clientLabel: flow.clientLabel,
+		...flow.clientFingerprint ? { clientFingerprint: flow.clientFingerprint } : {},
+		...flow.sourceHint ? { sourceHint: flow.sourceHint } : {},
+		createdAt: flow.createdAt,
+		codeExpiresAt: flow.codeExpiresAt,
+		flowExpiresAt: flow.flowExpiresAt,
+		...flow.approvedAt ? { approvedAt: flow.approvedAt } : {},
+		...flow.deniedAt ? { deniedAt: flow.deniedAt } : {},
+		...flow.cancelledAt ? { cancelledAt: flow.cancelledAt } : {},
+		...flow.exchangedAt ? { exchangedAt: flow.exchangedAt } : {}
+	};
+}
+function pendingApprovalStatus(flow) {
+	return {
+		flowId: flow.flowId,
+		status: "approved",
+		clientLabel: flow.clientLabel,
+		...flow.clientFingerprint ? { clientFingerprint: flow.clientFingerprint } : {},
+		...flow.sourceHint ? { sourceHint: flow.sourceHint } : {}
+	};
+}
 function hashSecret(secret) {
 	return createHash("sha256").update(secret).digest("base64url");
 }
+const PENDING_CLIENT_LABEL_MAX_LENGTH = 120;
+const PENDING_CLIENT_FINGERPRINT_MAX_LENGTH = 256;
+const PENDING_SOURCE_HINT_MAX_LENGTH = 256;
+function boundedPendingLoginDisplayValue(value, maxLength) {
+	const trimmed = value?.trim();
+	if (!trimmed) return void 0;
+	return trimmed.length > maxLength ? trimmed.slice(0, maxLength) : trimmed;
+}
+function pendingOperatorCodeFingerprint(operatorCode) {
+	return hashSecret(operatorCode).slice(0, 8);
+}
 function safeHashEqual(left, right) {
 	const leftBuffer = Buffer$1.from(left);
 	const rightBuffer = Buffer$1.from(right);
@@ -11758,41 +12120,95 @@ function createHttpServeApp(options, engine, io = {}) {
 	const remoteCredentialStore = remoteCredentialStoreForOptions(options, io.remoteCredentialStore);
 	if (options.auth.type === "remote_credentials" && options.trustProxy === true && options.publicOrigin === void 0) throw new CapletsError("REQUEST_INVALID", "Remote credential auth with --trust-proxy requires CAPLETS_SERVER_URL.");
 	const protectedRouteAuth = routeAuth(options, remoteCredentialStore, paths.base);
+	const attachHostProtection = dnsRebindingProtection(options);
 	app.use("*", logger((message, ...rest) => {
 		writeErr(`${[message, ...rest].join(" ")}\n`);
 	}));
-	app.get(paths.base, (c) => c.json({
-		name: "caplets",
-		transport: "http",
-		base: paths.base,
-		versions: [versionDiscovery(paths, exposeAttach)],
-		auth: { type: options.auth.type }
-	}));
-	app.get(paths.version, (c) => c.json(versionDiscovery(paths, exposeAttach)));
+	app.get(paths.base, (c) => {
+		const remote = remoteCredentialStore ? remoteHostMetadata(c.req.url, paths.base, options, (name) => c.req.header(name)) : void 0;
+		return c.json({
+			name: "caplets",
+			transport: "http",
+			base: paths.base,
+			versions: [versionDiscovery(paths, exposeAttach, remote)],
+			auth: { type: options.auth.type },
+			...remote ? { remote } : {}
+		});
+	});
+	app.get(paths.version, (c) => {
+		const remote = remoteCredentialStore ? remoteHostMetadata(c.req.url, paths.base, options, (name) => c.req.header(name)) : void 0;
+		return c.json(versionDiscovery(paths, exposeAttach, remote));
+	});
 	app.get(paths.health, (c) => c.json({ status: "ok" }));
 	if (remoteCredentialStore) {
-		app.post(paths.pairingExchange, async (c) => {
+		app.post(paths.remoteLoginStart, attachHostProtection, async (c) => {
 			try {
-				const parsed = await parseJsonObject(c.req.json(), "Pairing exchange request");
-				const code = stringField(parsed, "code");
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login start request");
 				const clientLabel = optionalStringField(parsed, "clientLabel");
-				const credentials = remoteCredentialStore.exchangePairingCode({
-					hostUrl: remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name)),
-					code,
-					...clientLabel ? { clientLabel } : {}
+				const clientFingerprint = optionalStringField(parsed, "clientFingerprint");
+				const hostUrl = remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name));
+				const pending = remoteCredentialStore.createPendingLogin({
+					hostUrl,
+					hostIdentity: hostUrl,
+					...clientLabel ? { clientLabel } : {},
+					...remoteCredentialSourceHint(options.trustProxy, (name) => c.req.header(name)),
+					...clientFingerprint ? { clientFingerprint } : {}
 				});
-				return c.json({
-					clientId: credentials.clientId,
-					clientLabel: credentials.clientLabel,
-					accessToken: credentials.accessToken,
-					refreshToken: credentials.refreshToken,
-					tokenType: credentials.tokenType,
-					expiresAt: credentials.expiresAt
+				return c.json(pending);
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginPoll, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login poll request");
+				return c.json(remoteCredentialStore.pollPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginRefresh, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login refresh request");
+				return c.json(remoteCredentialStore.refreshPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingRefreshSecret: stringField(parsed, "pendingRefreshSecret"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginComplete, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login complete request");
+				const credentials = remoteCredentialStore.completePendingLogin({
+					hostUrl: remoteCredentialHostUrl(c.req.url, paths.base, options.publicOrigin, options.trustProxy, (name) => c.req.header(name)),
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
 				});
+				return c.json(credentials);
+			} catch (error) {
+				return remoteCredentialErrorResponse(error);
+			}
+		});
+		app.post(paths.remoteLoginCancel, attachHostProtection, async (c) => {
+			try {
+				const parsed = await parseJsonObject(c.req.json(), "Pending remote login cancel request");
+				return c.json(remoteCredentialStore.cancelPendingLogin({
+					flowId: stringField(parsed, "flowId"),
+					pendingCompletionSecret: stringField(parsed, "pendingCompletionSecret")
+				}));
 			} catch (error) {
 				return remoteCredentialErrorResponse(error);
 			}
 		});
+		app.post(paths.pairingExchange, async (_c) => {
+			return remoteCredentialErrorResponse(legacyPairingCodeUnsupportedError());
+		});
 		app.post(paths.remoteRefresh, async (c) => {
 			try {
 				const refreshToken = stringField(await parseJsonObject(c.req.json(), "Remote refresh request"), "refreshToken");
@@ -11855,7 +12271,6 @@ function createHttpServeApp(options, engine, io = {}) {
 		sessions.set(nextSessionId, session);
 		return session.transport.handleRequest(c);
 	});
-	const attachHostProtection = dnsRebindingProtection(options);
 	if (exposeAttach) {
 		app.get(paths.attachManifest, attachHostProtection, protectedRouteAuth, async (c) => {
 			const attachProjection = await buildAttachProjection(engine);
@@ -11970,13 +12385,26 @@ function remoteCredentialHostUrl(requestUrl, basePath, publicOrigin, trustProxy,
 	if (trustProxy && !publicOrigin) throw new CapletsError("REQUEST_INVALID", "Remote credential auth with --trust-proxy requires CAPLETS_SERVER_URL.");
 	return publicHostUrl(requestUrl, basePath, publicOrigin, trustProxy, header);
 }
+function remoteCredentialSourceHint(trustProxy, header) {
+	if (!trustProxy) return {};
+	const sourceHint = firstForwardedValue(header("x-forwarded-for")) ?? firstForwardedValue(header("x-real-ip")) ?? firstForwardedValue(header("cf-connecting-ip"));
+	return sourceHint ? { sourceHint } : {};
+}
 function firstForwardedValue(value) {
 	return value?.split(",", 1)[0]?.trim() || void 0;
 }
-function versionDiscovery(paths, exposeAttach = true) {
+function remoteHostMetadata(requestUrl, basePath, options, header) {
+	const audience = remoteCredentialHostUrl(requestUrl, basePath, options.publicOrigin, options.trustProxy, header);
+	return {
+		hostIdentity: audience,
+		audience
+	};
+}
+function versionDiscovery(paths, exposeAttach = true, remote) {
 	return {
 		version: 1,
 		path: paths.version,
+		...remote ? { remote } : {},
 		links: {
 			mcp: paths.mcp,
 			admin: paths.control,
@@ -12126,6 +12554,11 @@ function servicePaths(base) {
 		attachInvoke: routePath(attach, "invoke"),
 		projectBindings: routePath(attach, "project-bindings"),
 		pairingExchange: routePath(remote, "pairing/exchange"),
+		remoteLoginStart: routePath(remote, "login/start"),
+		remoteLoginPoll: routePath(remote, "login/poll"),
+		remoteLoginRefresh: routePath(remote, "login/refresh"),
+		remoteLoginComplete: routePath(remote, "login/complete"),
+		remoteLoginCancel: routePath(remote, "login/cancel"),
 		remoteRefresh: routePath(remote, "refresh"),
 		remoteClient: routePath(remote, "client"),
 		health: routePath(version, "healthz")
@@ -12210,6 +12643,9 @@ function remoteCredentialErrorResponse(error) {
 		error: safe
 	}, { status });
 }
+function legacyPairingCodeUnsupportedError() {
+	return new CapletsError("REQUEST_INVALID", "Self-hosted Pairing Code exchange is no longer supported. Run caplets remote login <url> and approve the pending login from the host.");
+}
 function dnsRebindingProtection(options) {
 	if (!options.loopback) return async (_c, next) => {
 		await next();
@@ -12438,7 +12874,7 @@ async function installDaemon(install = {}, options = {}) {
 		"write-descriptor",
 		"register-service"
 	];
-	const existingNative = persisted || existsSync(paths.descriptorFile) ? await manager.status(persisted, paths) : void 0;
+	const existingNative = persisted || existsSync(daemonHostPath(paths.descriptorFile)) ? await manager.status(persisted, paths) : void 0;
 	const restartDecisionRequired = existingNative?.running === true && !install.start && !install.restart && !install.noRestart;
 	if (restartDecisionRequired && !install.dryRun && (!options.isInteractive || !options.readPrompt)) throw new CapletsError("REQUEST_INVALID", "Daemon is already running; rerun with --restart, --start, or --no-restart.");
 	if (install.dryRun) return {
@@ -12459,13 +12895,13 @@ async function installDaemon(install = {}, options = {}) {
 		});
 		assertDaemonHealth(validation, "Daemon install validation");
 	}
-	mkdirSync(paths.logDir, {
+	mkdirSync(daemonHostPath(paths.logDir), {
 		recursive: true,
 		mode: 448
 	});
 	ensureDaemonLogFiles(paths);
 	const persistenceBackups = backupPersistenceFiles([paths.configFile, paths.stateFile]);
-	const hadExistingDescriptor = existsSync(paths.descriptorFile);
+	const hadExistingDescriptor = existsSync(daemonHostPath(paths.descriptorFile));
 	let native;
 	try {
 		writeDaemonConfig(paths, config);
@@ -12615,11 +13051,11 @@ async function uninstallDaemon(uninstall = {}, options = {}) {
 	if (uninstall.purge) {
 		removeDaemonConfig(paths);
 		removeDaemonState(paths);
-		rmSync(paths.logDir, {
+		rmSync(daemonHostPath(paths.logDir), {
 			recursive: true,
 			force: true
 		});
-		rmSync(dirname(paths.configFile), {
+		rmSync(dirname(daemonHostPath(paths.configFile)), {
 			recursive: true,
 			force: true
 		});
@@ -12859,25 +13295,32 @@ function mergeServeOptions(existing, install) {
 	};
 }
 function backupPersistenceFiles(paths) {
-	return paths.map((path) => ({
-		path,
-		existed: existsSync(path),
-		...existsSync(path) ? { contents: readFileSync(path) } : {},
-		...existsSync(path) ? { mode: statSync(path).mode & 511 } : {}
-	}));
+	return paths.map((path) => {
+		const hostPath = daemonHostPath(path);
+		const existed = existsSync(hostPath);
+		return {
+			path,
+			existed,
+			...existed ? { contents: readFileSync(hostPath) } : {},
+			...existed ? { mode: statSync(hostPath).mode & 511 } : {}
+		};
+	});
 }
 function restorePersistenceFiles(backups) {
-	for (const backup of backups) if (backup.existed && backup.contents) {
-		mkdirSync(dirname(backup.path), {
+	for (const backup of backups) {
+		const hostPath = daemonHostPath(backup.path);
+		if (backup.existed && backup.contents) {
+			mkdirSync(dirname(hostPath), {
+				recursive: true,
+				mode: 448
+			});
+			writeFileSync(hostPath, backup.contents, { mode: backup.mode ?? 384 });
+			chmodSync(hostPath, backup.mode ?? 384);
+		} else rmSync(hostPath, {
 			recursive: true,
-			mode: 448
+			force: true
 		});
-		writeFileSync(backup.path, backup.contents, { mode: backup.mode ?? 384 });
-		chmodSync(backup.path, backup.mode ?? 384);
-	} else rmSync(backup.path, {
-		recursive: true,
-		force: true
-	});
+	}
 }
 async function rollbackNativeInstall(manager, persisted, paths, hadExistingDescriptor) {
 	try {
@@ -13965,11 +14408,7 @@ function remoteSetupDefinition(id, options) {
 			type: "command",
 			label: "Add remote-backed Caplets MCP server to Codex",
 			command: "codex",
-			args: codexMcpAddArgs([
-				"attach",
-				"--remote-url",
-				serverUrl
-			])
+			args: codexMcpAddArgs(["attach", serverUrl])
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "In Codex, run /mcp to confirm the caplets server is connected."]
 	};
@@ -13979,11 +14418,7 @@ function remoteSetupDefinition(id, options) {
 			type: "command",
 			label: "Add remote-backed Caplets MCP server to Claude Code",
 			command: "claude",
-			args: claudeMcpAddArgs([
-				"attach",
-				"--remote-url",
-				serverUrl
-			])
+			args: claudeMcpAddArgs(["attach", serverUrl])
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "In Claude Code, run /mcp to confirm the caplets server is connected."]
 	};
@@ -13996,11 +14431,7 @@ function remoteSetupDefinition(id, options) {
 			path: options.output,
 			content: `${JSON.stringify({ mcpServers: { caplets: {
 				command: "caplets",
-				args: [
-					"attach",
-					"--remote-url",
-					serverUrl
-				]
+				args: ["attach", serverUrl]
 			} } }, null, 2)}\n`
 		}],
 		nextSteps: [`Run caplets remote login ${serverUrl} before using this MCP config.`, "Import the written MCP config into your MCP client."]
@@ -14938,12 +15369,17 @@ function addServeMigrationCommand(parent, name, replacement) {
 function collectValues(value, previous) {
 	return [...previous, value];
 }
+const HIDDEN_INPUT_PROMPT_LABELS = { vaultValue: "Value: " };
 function remoteProfileStore(authDir, env) {
 	return createRemoteProfileStore({
 		authDir,
 		env
 	});
 }
+function attachRemoteUrlFromArgs(positionalUrl, legacyRemoteUrl) {
+	if (positionalUrl && legacyRemoteUrl && positionalUrl !== legacyRemoteUrl) throw new CapletsError("REQUEST_INVALID", "Pass either attach URL or --remote-url, not both. Use caplets attach <url> for new configs.");
+	return positionalUrl ?? legacyRemoteUrl;
+}
 function remoteServerCredentialStore(statePath, env) {
 	return new RemoteServerCredentialStore({ dir: statePath ?? env.CAPLETS_REMOTE_SERVER_STATE_DIR ?? join(DEFAULT_AUTH_DIR, "remote-server") });
 }
@@ -15032,40 +15468,33 @@ async function loginCloudRemoteProfile(url, options, store, io) {
 		}
 	});
 }
-async function pairingCodeFromOptions(options, readStdin, writeErr) {
-	if (options.code?.trim()) {
-		writeErr("Warning: --code may store the Pairing Code in shell history; prefer the hidden prompt or --code-stdin for automation.\n");
-		return options.code.trim();
-	}
-	if (options.codeStdin) {
-		const code = (readStdin ? await readStdin() : await readAllStdin()).trim();
-		if (code) return code;
-		throw new CapletsError("REQUEST_INVALID", "Pairing Code is required when --code-stdin is used.");
-	}
-	const output = new HiddenPromptOutput(process.stdout);
+async function readHiddenInput(label, options = {}) {
+	const input = options.input ?? process.stdin;
+	const output = options.output ?? process.stdout;
+	output.write(label);
 	const readline = createInterface({
-		input: process.stdin,
-		output,
+		input,
+		output: new HiddenPromptOutput(output, { echoFirstChunk: false }),
 		terminal: true
 	});
 	try {
-		const code = (await readline.question("Pairing Code: ")).trim();
-		if (code) return code;
+		return await readline.question("");
 	} finally {
 		readline.close();
-		process.stdout.write("\n");
+		output.write("\n");
 	}
-	throw new CapletsError("REQUEST_INVALID", "Pairing Code is required for self-hosted Remote Login.");
 }
 var HiddenPromptOutput = class extends Writable {
 	output;
+	options;
 	wrotePrompt = false;
-	constructor(output) {
+	constructor(output, options = { echoFirstChunk: true }) {
 		super();
 		this.output = output;
+		this.options = options;
 	}
 	_write(chunk, _encoding, callback) {
-		if (!this.wrotePrompt) {
+		if (this.options.echoFirstChunk !== false && !this.wrotePrompt) {
 			this.output.write(chunk);
 			this.wrotePrompt = true;
 		}
@@ -15083,6 +15512,7 @@ async function parseRemoteLoginCredentials(response) {
 	const record = parsed;
 	if (typeof record.clientId !== "string" || typeof record.accessToken !== "string" || typeof record.refreshToken !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Remote Login response is missing credentials.");
 	return {
+		...typeof record.hostUrl === "string" ? { hostUrl: record.hostUrl } : {},
 		clientId: record.clientId,
 		clientLabel: typeof record.clientLabel === "string" ? record.clientLabel : "Caplets CLI",
 		accessToken: record.accessToken,
@@ -15091,6 +15521,170 @@ async function parseRemoteLoginCredentials(response) {
 		...typeof record.expiresAt === "string" ? { expiresAt: record.expiresAt } : {}
 	};
 }
+async function parsePendingRemoteLoginStart(response, options = {}) {
+	const parsed = await response.json();
+	if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response must be an object.");
+	const record = parsed;
+	if (typeof record.flowId !== "string" || typeof record.operatorCode !== "string" || typeof record.pendingRefreshSecret !== "string" || typeof record.codeExpiresAt !== "string" || typeof record.flowExpiresAt !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response is missing pending material.");
+	const pendingCompletionSecret = typeof record.pendingCompletionSecret === "string" ? record.pendingCompletionSecret : options.pendingCompletionSecret;
+	if (!pendingCompletionSecret) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login response is missing completion material.");
+	return {
+		flowId: record.flowId,
+		operatorCode: record.operatorCode,
+		...typeof record.operatorCodeFingerprint === "string" ? { operatorCodeFingerprint: record.operatorCodeFingerprint } : {},
+		pendingRefreshSecret: record.pendingRefreshSecret,
+		pendingCompletionSecret,
+		codeExpiresAt: record.codeExpiresAt,
+		flowExpiresAt: record.flowExpiresAt,
+		intervalSeconds: typeof record.intervalSeconds === "number" ? record.intervalSeconds : 5
+	};
+}
+async function parsePendingRemoteLoginStatus(response) {
+	const parsed = await response.json();
+	if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login status response must be an object.");
+	const status = parsed.status;
+	if (typeof status !== "string") throw new CapletsError("DOWNSTREAM_PROTOCOL_ERROR", "Pending Remote Login status response is missing status.");
+	return status;
+}
+async function selfHostedPendingRemoteLogin(url, input) {
+	const fetchImpl = input.fetch ?? fetch;
+	const baseUrl = new URL(normalizeRemoteProfileHostUrl(url));
+	const startBody = input.clientLabel ? { clientLabel: input.clientLabel } : {};
+	const start = await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/start"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify(startBody)
+	});
+	if (!start.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending start failed.");
+	let pending = await parsePendingRemoteLoginStart(start);
+	if (input.json) input.writeOut(`${JSON.stringify({
+		code: "pending_login_started",
+		flowId: pending.flowId,
+		operatorCode: pending.operatorCode,
+		operatorCodeFingerprint: pending.operatorCodeFingerprint,
+		codeExpiresAt: pending.codeExpiresAt,
+		flowExpiresAt: pending.flowExpiresAt
+	})}\n`);
+	else {
+		input.writeOut(`Remote Login Code: ${pending.operatorCode}\n`);
+		if (pending.operatorCodeFingerprint) input.writeOut(`Code fingerprint: ${pending.operatorCodeFingerprint}\n`);
+		input.writeOut(`Approve from the host with caplets remote host approve ${pending.operatorCode} --yes\n`);
+	}
+	const intervalMs = numberEnv(input.env.CAPLETS_REMOTE_LOGIN_POLL_INTERVAL_MS, pending.intervalSeconds * 1e3);
+	try {
+		while (true) {
+			const poll = await fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending, input.signal);
+			if (!poll.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending poll failed.");
+			const status = await parsePendingRemoteLoginStatus(poll);
+			if (status === "approved") {
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: "pending_login_approved",
+					flowId: pending.flowId
+				})}\n`);
+				break;
+			}
+			if (status !== "pending") {
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: `pending_login_${status}`,
+					flowId: pending.flowId
+				})}\n`);
+				throw new CapletsError("AUTH_FAILED", `Remote Login pending flow ${status}.`);
+			}
+			if (Date.parse(pending.codeExpiresAt) <= Date.now()) {
+				const refresh = await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/refresh"), {
+					method: "POST",
+					headers: { "content-type": "application/json" },
+					body: JSON.stringify({
+						flowId: pending.flowId,
+						pendingRefreshSecret: pending.pendingRefreshSecret,
+						pendingCompletionSecret: pending.pendingCompletionSecret
+					}),
+					...input.signal ? { signal: input.signal } : {}
+				});
+				if (!refresh.ok) {
+					const retryPoll = await fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending);
+					if (retryPoll.ok && await parsePendingRemoteLoginStatus(retryPoll) === "approved") {
+						if (input.json) input.writeOut(`${JSON.stringify({
+							code: "pending_login_approved",
+							flowId: pending.flowId
+						})}\n`);
+						break;
+					}
+					throw new CapletsError("AUTH_FAILED", "Remote Login pending refresh failed.");
+				}
+				pending = await parsePendingRemoteLoginStart(refresh, { pendingCompletionSecret: pending.pendingCompletionSecret });
+				if (input.json) input.writeOut(`${JSON.stringify({
+					code: "pending_login_code_refreshed",
+					flowId: pending.flowId,
+					operatorCode: pending.operatorCode,
+					operatorCodeFingerprint: pending.operatorCodeFingerprint,
+					codeExpiresAt: pending.codeExpiresAt,
+					flowExpiresAt: pending.flowExpiresAt
+				})}\n`);
+				else {
+					input.writeOut(`Remote Login Code refreshed: ${pending.operatorCode}\n`);
+					if (pending.operatorCodeFingerprint) input.writeOut(`Code fingerprint: ${pending.operatorCodeFingerprint}\n`);
+				}
+			}
+			await sleep(intervalMs, input.signal);
+		}
+		const complete = await completePendingRemoteLogin(fetchImpl, baseUrl, pending, input.signal);
+		if (!complete.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pending complete failed.");
+		return parseRemoteLoginCredentials(complete);
+	} catch (error) {
+		if (input.signal?.aborted || isAbortError(error)) {
+			await cancelPendingRemoteLogin(fetchImpl, baseUrl, pending);
+			if (input.json) input.writeOut(`${JSON.stringify({
+				code: "pending_login_cancelled",
+				flowId: pending.flowId
+			})}\n`);
+			throw new CapletsError("REQUEST_INVALID", "Remote Login pending flow cancelled.");
+		}
+		throw error;
+	}
+}
+async function completePendingRemoteLogin(fetchImpl, baseUrl, pending, signal) {
+	try {
+		return await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/complete"), pendingRemoteLoginCompletionRequest(pending, signal));
+	} catch {
+		return fetchImpl(appendBasePath(baseUrl, "v1/remote/login/complete"), pendingRemoteLoginCompletionRequest(pending));
+	}
+}
+function pendingRemoteLoginCompletionRequest(pending, signal) {
+	return {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		}),
+		...signal ? { signal } : {}
+	};
+}
+async function fetchPendingRemoteLoginStatus(fetchImpl, baseUrl, pending, signal) {
+	return fetchImpl(appendBasePath(baseUrl, "v1/remote/login/poll"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		}),
+		...signal ? { signal } : {}
+	});
+}
+async function cancelPendingRemoteLogin(fetchImpl, baseUrl, pending) {
+	await fetchImpl(appendBasePath(baseUrl, "v1/remote/login/cancel"), {
+		method: "POST",
+		headers: { "content-type": "application/json" },
+		body: JSON.stringify({
+			flowId: pending.flowId,
+			pendingCompletionSecret: pending.pendingCompletionSecret
+		})
+	}).catch(() => void 0);
+}
+function isAbortError(error) {
+	return error instanceof Error && error.name === "AbortError" || typeof DOMException !== "undefined" && error instanceof DOMException && error.name === "AbortError";
+}
 async function revokeSelfHostedRemoteClient(remoteUrl, accessToken, fetchImpl = fetch) {
 	await fetchImpl(appendBasePath(new URL(normalizeRemoteProfileHostUrl(remoteUrl)), "v1/remote/client"), {
 		method: "DELETE",
@@ -15172,9 +15766,35 @@ function createSetupPromptHandle(io, writeOut) {
 		close: () => readline.close()
 	};
 }
-async function sleep(ms) {
-	if (ms <= 0) return;
-	await new Promise((resolve) => setTimeout(resolve, ms));
+async function sleep(ms, signal) {
+	if (ms <= 0 || signal?.aborted) return;
+	await new Promise((resolve) => {
+		const timeout = setTimeout(done, ms);
+		const abort = () => done();
+		function done() {
+			clearTimeout(timeout);
+			signal?.removeEventListener("abort", abort);
+			resolve();
+		}
+		signal?.addEventListener("abort", abort, { once: true });
+	});
+}
+function cliInterruptSignal(existing) {
+	if (existing) return {
+		signal: existing,
+		dispose: () => {}
+	};
+	const controller = new AbortController();
+	const abort = () => controller.abort();
+	process.once("SIGINT", abort);
+	process.once("SIGTERM", abort);
+	return {
+		signal: controller.signal,
+		dispose: () => {
+			process.off("SIGINT", abort);
+			process.off("SIGTERM", abort);
+		}
+	};
 }
 function createProgram(io = {}) {
 	const writeOut = io.writeOut ?? ((value) => process.stdout.write(value));
@@ -15403,10 +16023,12 @@ function createProgram(io = {}) {
 		}
 		for (const entry of result.entries) writeOut(stream === "all" ? `[${entry.stream}] ${entry.line}\n` : `${entry.line}\n`);
 	});
-	program.command(cliCommands$1.attach).description("Start a remote-backed Caplets MCP server.").option("--transport <transport>", "server transport: stdio or http").option("--host <host>", "HTTP bind host").option("--port <port>", "HTTP bind port").option("--path <path>", "HTTP service base path").option("--remote-url <url>", "remote Caplets service base URL").option("--workspace <workspace>", "hosted Cloud workspace ID or slug").option("--allow-unauthenticated-http", "allow unauthenticated HTTP serving on non-loopback hosts").option("--trust-proxy", "trust X-Forwarded-* headers from a reverse proxy").option("--json", "print JSON status events").option("--verbose", "print detailed attach diagnostics").option("--once", "validate Project Binding once and exit").option("--project-root <path>", "test-only project root override").action(async (options) => {
+	program.command(cliCommands$1.attach).description("Start a remote-backed Caplets MCP server.").argument("[url]", "remote Caplets service base URL").option("--transport <transport>", "server transport: stdio or http").option("--host <host>", "HTTP bind host").option("--port <port>", "HTTP bind port").option("--path <path>", "HTTP service base path").addOption(new Option("--remote-url <url>", "legacy alias for the remote Caplets service base URL").hideHelp()).option("--workspace <workspace>", "hosted Cloud workspace ID or slug").option("--allow-unauthenticated-http", "allow unauthenticated HTTP serving on non-loopback hosts").option("--trust-proxy", "trust X-Forwarded-* headers from a reverse proxy").option("--json", "print JSON status events").option("--verbose", "print detailed attach diagnostics").option("--once", "validate Project Binding once and exit").option("--project-root <path>", "test-only project root override").action(async (url, options) => {
 		try {
+			const remoteUrl = attachRemoteUrlFromArgs(url, options.remoteUrl);
 			const attachOptions = {
 				...options,
+				...remoteUrl ? { remoteUrl } : {},
 				...io.fetch ? { fetch: io.fetch } : {},
 				...io.authDir ? { authDir: io.authDir } : {}
 			};
@@ -15461,7 +16083,7 @@ function createProgram(io = {}) {
 		}
 	});
 	const remote = program.command(cliCommands$1.remote).description("Manage Caplets Remote Login.");
-	remote.command("login").description("Log this machine into a Caplets host.").argument("<url>", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug to select").option("--client-label <label>", "client label for this machine").option("--device-name <name>", "Cloud device label for this machine").option("--code <code>", "Pairing Code for explicit noninteractive self-hosted login").option("--code-stdin", "read the Pairing Code from stdin").option("--no-open", "print the Cloud login URL without opening a browser").option("--json", "print JSON output").action(async (url, options) => {
+	remote.command("login").description("Log this machine into a Caplets host.").argument("<url>", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug to select").option("--client-label <label>", "client label for this machine").option("--device-name <name>", "Cloud device label for this machine").addOption(new Option("--code <code>", "legacy Pairing Code input").hideHelp()).addOption(new Option("--code-stdin", "legacy Pairing Code stdin input").hideHelp()).option("--no-open", "print the Cloud login URL without opening a browser").option("--json", "print JSON output").action(async (url, options) => {
 		const store = remoteProfileStore(io.authDir, env);
 		if (isCapletsCloudUrl(url)) {
 			writeRemoteStatus(await loginCloudRemoteProfile(url, options, store, {
@@ -15471,20 +16093,24 @@ function createProgram(io = {}) {
 			}), options.json === true, writeOut);
 			return;
 		}
-		const code = await pairingCodeFromOptions(options, io.readStdin, writeErr);
-		const exchangeUrl = appendBasePath(new URL(normalizeRemoteProfileHostUrl(url)), "v1/remote/pairing/exchange");
-		const response = await (io.fetch ?? fetch)(exchangeUrl, {
-			method: "POST",
-			headers: { "content-type": "application/json" },
-			body: JSON.stringify({
-				code,
-				...options.clientLabel ? { clientLabel: options.clientLabel } : {}
-			})
-		});
-		if (!response.ok) throw new CapletsError("AUTH_FAILED", "Remote Login pairing exchange failed.");
-		const credentials = await parseRemoteLoginCredentials(response);
-		writeRemoteStatus(await store.saveSelfHostedProfile({
+		if (options.code?.trim() || options.codeStdin) throw new CapletsError("REQUEST_INVALID", `Self-hosted Remote Login no longer accepts Pairing Codes. Run caplets remote login ${normalizeRemoteProfileHostUrl(url)} without --code and approve the pending login from the host.`);
+		const interrupt = cliInterruptSignal(io.signal);
+		let credentials;
+		try {
+			credentials = await selfHostedPendingRemoteLogin(url, {
+				...options.clientLabel ? { clientLabel: options.clientLabel } : {},
+				json: options.json,
+				...io.fetch ? { fetch: io.fetch } : {},
+				...interrupt.signal ? { signal: interrupt.signal } : {},
+				writeOut,
+				env
+			});
+		} finally {
+			interrupt.dispose();
+		}
+		const status = await store.saveSelfHostedProfile({
 			hostUrl: url,
+			hostIdentity: normalizeRemoteProfileHostUrl(credentials.hostUrl ?? url),
 			clientId: credentials.clientId,
 			clientLabel: credentials.clientLabel,
 			credentials: {
@@ -15493,7 +16119,12 @@ function createProgram(io = {}) {
 				tokenType: credentials.tokenType,
 				expiresAt: credentials.expiresAt
 			}
-		}), options.json === true, writeOut);
+		});
+		if (options.json === true) writeOut(`${JSON.stringify({
+			code: "remote_profile_saved",
+			...status
+		})}\n`);
+		else writeRemoteStatus(status, false, writeOut);
 	});
 	remote.command("status").description("Show saved Remote Login status.").argument("[url]", "Caplets host URL").option("--workspace <workspace>", "Cloud workspace ID or slug").option("--json", "print JSON output").action(async (url, options) => {
 		if (!url) {
@@ -15554,18 +16185,19 @@ function createProgram(io = {}) {
 		writeOut(removed ? `Logged out of ${normalizeRemoteProfileHostUrl(url)}.\n` : `No Remote Login profile found for ${normalizeRemoteProfileHostUrl(url)}.\n`);
 	});
 	const remoteHost = remote.command("host").description("Manage self-hosted remote credentials.");
-	remoteHost.command("pair").description("Create a short-lived self-hosted Pairing Code from the server environment.").requiredOption("--host-url <url>", "public Caplets host URL").option("--state-path <path>", "server-owned remote credential state directory").option("--client-label <label>", "suggested client label").option("--json", "print JSON output").action(async (options) => {
-		const issued = remoteServerCredentialStore(options.statePath, env).createPairingCode({
-			hostUrl: options.hostUrl,
-			...options.clientLabel ? { clientLabel: options.clientLabel } : {}
-		});
+	remoteHost.command("pair", { hidden: true }).description("Deprecated. Pairing Code bootstrap is no longer supported.").option("--host-url <url>", "public Caplets host URL; defaults to CAPLETS_SERVER_URL").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action(async (options) => {
+		const hostUrl = options.hostUrl ?? env.CAPLETS_SERVER_URL;
+		const guidance = "Self-hosted Pairing Code bootstrap is no longer supported. Run caplets remote login <url> from the client, then approve the pending login with caplets remote host logins and caplets remote host approve <code> from the host.";
 		if (options.json) {
-			writeOut(`${JSON.stringify(issued, null, 2)}\n`);
+			writeOut(`${JSON.stringify({
+				supported: false,
+				deprecated: true,
+				...hostUrl ? { hostUrl: normalizeRemoteProfileHostUrl(hostUrl) } : {},
+				message: guidance
+			}, null, 2)}\n`);
 			return;
 		}
-		writeOut(`Pairing Code: ${issued.code}\n`);
-		writeOut(`Expires At: ${issued.expiresAt}\n`);
-		writeOut(`Run caplets remote login ${normalizeRemoteProfileHostUrl(options.hostUrl)} and enter the Pairing Code when prompted.\n`);
+		writeOut(`${guidance}\n`);
 	});
 	remoteHost.command("clients").description("List paired self-hosted remote clients from server state.").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((options) => {
 		const clients = remoteServerCredentialStore(options.statePath, env).listClients();
@@ -15579,6 +16211,35 @@ function createProgram(io = {}) {
 		}
 		for (const client of clients) writeOut(`${client.clientId}\t${terminalSafeText(client.clientLabel)}\t${client.hostUrl}\t${client.revokedAt ? "revoked" : "active"}\n`);
 	});
+	remoteHost.command("logins").description("List pending self-hosted Remote Login approvals from server state.").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((options) => {
+		const pendingLogins = remoteServerCredentialStore(options.statePath, env).listPendingLogins();
+		if (options.json) {
+			writeOut(`${JSON.stringify({ pendingLogins }, null, 2)}\n`);
+			return;
+		}
+		if (pendingLogins.length === 0) {
+			writeOut("No pending Remote Login approvals.\n");
+			return;
+		}
+		for (const pending of pendingLogins) writeOut(`${pending.flowId}\t${pending.operatorCodeFingerprint ?? "-"}\t${terminalSafeText(pending.clientLabel)}\t${pending.hostUrl}\t${pending.status}\n`);
+	});
+	remoteHost.command("approve").description("Approve one pending self-hosted Remote Login code from server state.").argument("<code>", "operator-visible Remote Login code").option("--state-path <path>", "server-owned remote credential state directory").option("--yes", "approve without an interactive confirmation prompt").option("--json", "print JSON output").action((code, options) => {
+		if (!options.yes && !options.json) throw new CapletsError("REQUEST_INVALID", "Use --yes to approve this pending login.");
+		const approved = remoteServerCredentialStore(options.statePath, env).approvePendingLogin({ operatorCode: code });
+		if (options.json) {
+			writeOut(`${JSON.stringify(approved, null, 2)}\n`);
+			return;
+		}
+		writeOut(`Approved pending Remote Login ${approved.flowId}.\n`);
+	});
+	remoteHost.command("deny").description("Deny one pending self-hosted Remote Login code from server state.").argument("<code>", "operator-visible Remote Login code").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((code, options) => {
+		const denied = remoteServerCredentialStore(options.statePath, env).denyPendingLogin({ operatorCode: code });
+		if (options.json) {
+			writeOut(`${JSON.stringify(denied, null, 2)}\n`);
+			return;
+		}
+		writeOut(`Denied pending Remote Login ${denied.flowId}.\n`);
+	});
 	remoteHost.command("revoke").description("Revoke one paired self-hosted remote client from server state.").argument("<client-id>", "remote client ID").option("--state-path <path>", "server-owned remote credential state directory").option("--json", "print JSON output").action((clientId, options) => {
 		const revoked = remoteServerCredentialStore(options.statePath, env).revokeClient(clientId);
 		if (options.json) {
@@ -16495,20 +17156,7 @@ async function readVaultValue(io) {
 	if (io.readStdin) value = stripOneTrailingNewline(await io.readStdin());
 	else if (!process.stdin.isTTY && !io.writeOut && !io.writeErr) value = stripOneTrailingNewline(await readAllStdin());
 	else if (io.writeOut || io.writeErr || !process.stdin.isTTY || !process.stdout.isTTY) throw new CapletsError("REQUEST_INVALID", "Vault value input is required. Run interactively or provide stdin.");
-	else {
-		const output = new HiddenPromptOutput(process.stdout);
-		const readline = createInterface({
-			input: process.stdin,
-			output,
-			terminal: true
-		});
-		try {
-			value = await readline.question("Vault value: ");
-		} finally {
-			readline.close();
-			process.stdout.write("\n");
-		}
-	}
+	else value = await readHiddenInput(HIDDEN_INPUT_PROMPT_LABELS.vaultValue);
 	if (value.length === 0) throw new CapletsError("REQUEST_INVALID", "Vault value input is required.");
 	return value;
 }
@@ -16839,8 +17487,17 @@ function mergeRemoteAndLocalRows(remoteRows, localOverlay, options) {
 	});
 	if (!localOverlay) return [...rows.values()].filter((row) => options.includeDisabled || !row.disabled).sort((left, right) => left.server.localeCompare(right.server));
 	for (const row of listCaplets(localOverlay, { includeDisabled: true })) {
-		if (rows.get(row.server)) {
+		const remote = rows.get(row.server);
+		if (remote) {
 			if (row.disabled) continue;
+			if (remote.shadowing === "namespace") {
+				options.writeErr(`Local Caplet '${row.server}' is exposed under a qualified ID because the remote Caplet uses namespace shadowing for that Caplet ID.\n`);
+				continue;
+			}
+			if (remote.shadowing !== "allow") {
+				options.writeErr(`Local Caplet '${row.server}' is suppressed because the remote Caplet forbids shadowing that Caplet ID.\n`);
+				continue;
+			}
 			options.writeErr(`Warning: ${formatOverlaySource(row.source)} Caplet ${row.server} shadows remote Caplet\n`);
 		}
 		rows.set(row.server, row);