@gmickel/gno 0.42.0 → 1.0.1

package/README.md

@@ -9,7 +9,7 @@
 [![Discord](./assets/badges/discord.svg)](https://discord.gg/nHEmyJB5tg)
 
 > [!TIP]
-> **[gno.sh/publish](https://gno.sh/publish) is live.** Turn any GNO note or collection into a polished, reader-first URL — editorial typography, scoped search, and four visibility modes from public to end-to-end encrypted. **[See the reader →](#publish-to-gnosh)**
+> **[gno.sh/publish](https://gno.sh/publish) is live.** Turn any GNO note or collection into a polished, reader-first URL — editorial typography, scoped search, and four visibility modes from public to encrypted-before-upload. **[See the reader →](#publish-to-gnosh)**
 
 > **ClawdHub**: GNO skills bundled for Clawdbot — [clawdhub.com/gmickel/gno](https://clawdhub.com/gmickel/gno)
 
@@ -30,7 +30,7 @@ Use it when:
 - **Real retrieval surfaces**: CLI, Web UI, REST API, MCP, SDK
 - **Local-first answers**: grounded synthesis with citations when you want answers, raw retrieval when you do not
 - **Connected knowledge**: backlinks, related notes, graph view, cross-collection navigation
-- **Shareable, not synced**: export a note or collection to [gno.sh](https://gno.sh/publish) as a polished reader page — public, secret, invite-only, or end-to-end encrypted
+- **Shareable, not synced**: export a note or collection to [gno.sh](https://gno.sh/publish) as a polished reader page — public, secret, invite-only, or locally encrypted before upload
 - **Operational fit**: daemon mode, model presets, remote GPU backends, safe config/state on disk
 
 ### One-Minute Tour
@@ -92,10 +92,10 @@ gno daemon
 
 ## What's New
 
-> Latest release: [v0.40.2](./CHANGELOG.md#0402---2026-04-06)  
+> Latest release: [v1.0.0](./CHANGELOG.md#100---2026-04-16)  
 > Full release history: [CHANGELOG.md](./CHANGELOG.md)
 
-- **Publish to [gno.sh](https://gno.sh/publish)**: new `gno publish export` CLI and Web UI action produce a self-contained artifact you upload to the hosted reader — public, secret, invite-only, or end-to-end encrypted
+- **Publish to [gno.sh](https://gno.sh/publish)**: new `gno publish export` CLI and Web UI action produce a self-contained artifact you upload to the hosted reader — public, secret, invite-only, or locally encrypted before upload
 - **Retrieval Quality Upgrade**: stronger BM25 lexical handling, code-aware chunking, terminal result hyperlinks, and per-collection model overrides
 - **Code Embedding Benchmarks**: new benchmark workflow across canonical, real-GNO, and pinned OSS slices for comparing alternate embedding models
 - **Default Embed Model**: built-in presets now use `Qwen3-Embedding-0.6B-GGUF` after it beat `bge-m3` on both code and multilingual prose benchmark lanes
@@ -625,6 +625,12 @@ gno publish export "gno://work-docs/runbooks/deploy.md" --out ~/Downloads/deploy
 # Export a whole collection
 gno publish export work-docs --out ~/Downloads/work-docs.json
 
+# Export an encrypted note (ciphertext is created locally before upload)
+gno publish export "gno://work-docs/runbooks/deploy.md" \
+  --visibility encrypted \
+  --passphrase "correct horse battery staple" \
+  --out ~/Downloads/deploy-encrypted.json
+
 # Let GNO pick the path (~/Downloads/<slug>-<YYYYMMDD>.json)
 gno publish export work-docs
 ```
@@ -636,16 +642,21 @@ Or use the Web UI:
 
 Upload the artifact at [gno.sh/studio](https://gno.sh/studio) and pick a visibility mode:
 
-| Mode                     | Use When                                            |
-| :----------------------- | :-------------------------------------------------- |
-| **Public**               | Open URL, indexable — talks, blog posts, portfolios |
-| **Secret link**          | Unguessable token, rotate / revoke / expire         |
-| **Invite-only**          | Private space for specific people                   |
-| **End-to-end encrypted** | WebCrypto bundle, passphrase decrypts in-browser    |
+| Mode            | Use When                                                       |
+| :-------------- | :------------------------------------------------------------- |
+| **Public**      | Open URL, indexable — talks, blog posts, portfolios            |
+| **Secret link** | Unguessable token, rotate / revoke / expire                    |
+| **Invite-only** | Private space for specific people                              |
+| **Encrypted**   | GNO encrypts locally before upload; readers decrypt in-browser |
 
 **Reader experience**: editorial serif typography, drop caps, hanging punctuation, table of contents, keyboard shortcuts (`j/k`, `/`), scoped Pagefind-style search, and backlinks restricted to the published subset. Nothing leaks that you didn't publish.
 
-Republishing an artifact updates the same URL — no churn for your readers.
+Republishing a public, secret-link, or invite-only artifact updates the same URL. Encrypted shares should be replaced from a fresh local export so the server never needs your plaintext.
+
+Encrypted source-backed publish on `gno.sh` is intentionally disabled. For encrypted shares, use:
+
+- `gno publish export --visibility encrypted --passphrase ...`, or
+- the browser-side encrypted markdown upload path in `gno.sh/studio`
 
 > **Full story**: [gno.sh/publish](https://gno.sh/publish) · **Try it**: [gno.sh/studio](https://gno.sh/studio)
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gmickel/gno",
-  "version": "0.42.0",
+  "version": "1.0.1",
   "description": "Local semantic search for your documents. Index Markdown, PDF, and Office files with hybrid BM25 + vector search.",
   "keywords": [
     "embeddings",

package/src/cli/commands/publish.ts

@@ -20,6 +20,7 @@ import { initStore } from "./shared";
 
 export interface PublishExportOptions {
   configPath?: string;
+  encryptionPassphrase?: string;
   json?: boolean;
   out?: string;
   slug?: string;
@@ -76,6 +77,7 @@ export async function publishExport(
       collections,
       options: {
         routeSlug: options.slug,
+        encryptionPassphrase: options.encryptionPassphrase,
         summary: options.summary,
         title: options.title,
         visibility: options.visibility,

package/src/cli/program.ts

@@ -1641,9 +1641,13 @@ function wirePublishCommand(program: Command): void {
     .option("--out <path>", "output artifact path")
     .option(
       "--visibility <mode>",
-      "visibility hint (public, secret-link, invite-only, encrypted)",
+      "visibility mode (public, secret-link, invite-only, encrypted)",
       "public"
     )
+    .option(
+      "--passphrase <value>",
+      "required for encrypted export; encrypts locally before upload"
+    )
     .option("--slug <slug>", "route slug override")
     .option("--title <title>", "space title override")
     .option("--summary <summary>", "space summary override")
@@ -1654,6 +1658,8 @@ function wirePublishCommand(program: Command): void {
       const globals = getGlobals();
 
       const visibility = cmdOpts.visibility as string;
+      const passphrase =
+        typeof cmdOpts.passphrase === "string" ? cmdOpts.passphrase : undefined;
       if (
         !visibilityValues.includes(
           visibility as (typeof visibilityValues)[number]
@@ -1664,6 +1670,12 @@ function wirePublishCommand(program: Command): void {
           `Invalid visibility: ${visibility}. Must be public, secret-link, invite-only, or encrypted.`
         );
       }
+      if (visibility === "encrypted" && !passphrase?.trim()) {
+        throw new CliError(
+          "VALIDATION",
+          "Encrypted publish export requires --passphrase."
+        );
+      }
 
       const { formatPublishExport, publishExport } =
         await import("./commands/publish");
@@ -1671,6 +1683,7 @@ function wirePublishCommand(program: Command): void {
         configPath: globals.config,
         json: format === "json",
         out: typeof cmdOpts.out === "string" ? cmdOpts.out : undefined,
+        encryptionPassphrase: passphrase,
         slug: cmdOpts.slug as string | undefined,
         summary: cmdOpts.summary as string | undefined,
         title: cmdOpts.title as string | undefined,

package/src/converters/adapters/markitdownTs/adapter.ts

@@ -15,6 +15,7 @@ import type {
 import {
   adapterError,
   corruptError,
+  permissionError,
   timeoutError,
   tooLargeError,
 } from "../../errors";
@@ -33,6 +34,15 @@ const SUPPORTED_MIMES = [
   "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet",
 ];
 
+const PDF_SIGNATURE = new Uint8Array([0x25, 0x50, 0x44, 0x46, 0x2d]);
+const CFB_SIGNATURE = new Uint8Array([
+  0xd0, 0xcf, 0x11, 0xe0, 0xa1, 0xb1, 0x1a, 0xe1,
+]);
+const ENCRYPTION_INFO = utf16le("EncryptionInfo");
+const ENCRYPTED_PACKAGE = utf16le("EncryptedPackage");
+const MAX_MESSAGE_LENGTH = 200;
+const PASSWORD_ERROR_REGEX = /password(?:-protected)?|no password given/i;
+
 /**
  * Create zero-copy Buffer view of Uint8Array.
  * Assumes input.bytes is immutable (contract requirement).
@@ -41,6 +51,103 @@ function toBuffer(bytes: Uint8Array): Buffer {
   return Buffer.from(bytes.buffer, bytes.byteOffset, bytes.byteLength);
 }
 
+function utf16le(value: string): Uint8Array {
+  return new Uint8Array(Buffer.from(value, "utf16le"));
+}
+
+function hasPrefix(bytes: Uint8Array, prefix: Uint8Array): boolean {
+  if (bytes.length < prefix.length) {
+    return false;
+  }
+
+  for (let index = 0; index < prefix.length; index += 1) {
+    if (bytes[index] !== prefix[index]) {
+      return false;
+    }
+  }
+
+  return true;
+}
+
+function includesBytes(bytes: Uint8Array, needle: Uint8Array): boolean {
+  if (needle.length === 0 || bytes.length < needle.length) {
+    return false;
+  }
+
+  outer: for (
+    let index = 0;
+    index <= bytes.length - needle.length;
+    index += 1
+  ) {
+    for (let offset = 0; offset < needle.length; offset += 1) {
+      if (bytes[index + offset] !== needle[offset]) {
+        continue outer;
+      }
+    }
+    return true;
+  }
+
+  return false;
+}
+
+function isPasswordProtectedPdf(bytes: Uint8Array): boolean {
+  if (!hasPrefix(bytes, PDF_SIGNATURE)) {
+    return false;
+  }
+
+  const tailStart = Math.max(0, bytes.length - 64 * 1024);
+  const tail = Buffer.from(bytes.subarray(tailStart)).toString("latin1");
+  return /\/Encrypt\b/.test(tail);
+}
+
+function isPasswordProtectedXlsx(bytes: Uint8Array): boolean {
+  return (
+    hasPrefix(bytes, CFB_SIGNATURE) &&
+    includesBytes(bytes, ENCRYPTION_INFO) &&
+    includesBytes(bytes, ENCRYPTED_PACKAGE)
+  );
+}
+
+function isPasswordProtected(input: ConvertInput): boolean {
+  if (input.ext === ".pdf") {
+    return isPasswordProtectedPdf(input.bytes);
+  }
+
+  if (input.ext === ".xlsx") {
+    return isPasswordProtectedXlsx(input.bytes);
+  }
+
+  return false;
+}
+
+function sanitizeErrorMessage(message: string, input: ConvertInput): string {
+  const normalized = message.trim();
+
+  let hasControlChars = false;
+  for (const char of normalized) {
+    const code = char.charCodeAt(0);
+    if (
+      (code >= 0 && code <= 8) ||
+      code === 11 ||
+      code === 12 ||
+      (code >= 14 && code <= 31)
+    ) {
+      hasControlChars = true;
+      break;
+    }
+  }
+
+  if (
+    normalized.length === 0 ||
+    normalized.length > MAX_MESSAGE_LENGTH ||
+    hasControlChars
+  ) {
+    return `Could not convert ${input.ext} file to markdown`;
+  }
+
+  return normalized;
+}
+
 export const markitdownAdapter: Converter = {
   id: CONVERTER_ID,
   version: CONVERTER_VERSION,
@@ -55,6 +162,21 @@ export const markitdownAdapter: Converter = {
       return { ok: false, error: tooLargeError(input, CONVERTER_ID) };
     }
 
+    // 1b. Detect password-protected documents before calling markitdown-ts.
+    // markitdown-ts logs dependency stack traces to stderr for these files.
+    if (isPasswordProtected(input)) {
+      return {
+        ok: false,
+        error: permissionError(
+          input,
+          CONVERTER_ID,
+          "File is password-protected",
+          undefined,
+          { protection: input.ext.slice(1) }
+        ),
+      };
+    }
+
     // 2. Setup timeout handling
     // Note: markitdown-ts doesn't support AbortSignal, so underlying
     // work may continue after timeout (known limitation; process isolation future work)
@@ -128,14 +250,27 @@ export const markitdownAdapter: Converter = {
       }
 
       // Map adapter errors
+      const message =
+        err instanceof Error
+          ? sanitizeErrorMessage(err.message, input)
+          : `Could not convert ${input.ext} file to markdown`;
+
+      if (PASSWORD_ERROR_REGEX.test(message)) {
+        return {
+          ok: false,
+          error: permissionError(
+            input,
+            CONVERTER_ID,
+            "File is password-protected",
+            err,
+            { protection: input.ext.slice(1) }
+          ),
+        };
+      }
+
       return {
         ok: false,
-        error: adapterError(
-          input,
-          CONVERTER_ID,
-          err instanceof Error ? err.message : "Unknown error",
-          err
-        ),
+        error: adapterError(input, CONVERTER_ID, message, err),
       };
     }
   },

package/src/converters/errors.ts

@@ -179,6 +179,29 @@ export function corruptError(
   });
 }
 
+/**
+ * Create an error for permission-gated files (for example password-protected documents).
+ */
+export function permissionError(
+  input: Pick<ConvertInput, "sourcePath" | "mime" | "ext">,
+  converterId: string,
+  message: string,
+  cause?: unknown,
+  details?: Record<string, unknown>
+): ConvertError {
+  return convertError("PERMISSION", {
+    message,
+    retryable: false,
+    fatal: false,
+    converterId,
+    sourcePath: input.sourcePath,
+    mime: input.mime,
+    ext: input.ext,
+    cause,
+    details,
+  });
+}
+
 /**
  * Create an error for adapter-level failures.
  */

package/src/publish/artifact.ts

@@ -32,13 +32,37 @@ export interface PublishArtifactSpace {
   visibility: PublishVisibility;
 }
 
-export interface PublishArtifact {
+export interface EncryptedArtifactPayload {
+  ciphertext: string;
+  iterations: number;
+  iv: string;
+  salt: string;
+}
+
+export interface EncryptedPublishArtifactSpace {
+  encryptedPayload: EncryptedArtifactPayload;
+  routeSlug: string;
+  secretToken: string;
+  sourceType: "note" | "collection";
+  visibility: "encrypted";
+}
+
+export interface PublishArtifactV1 {
   exportedAt: string;
   source: string;
   spaces: PublishArtifactSpace[];
   version: 1;
 }
 
+export interface PublishArtifactV2 {
+  exportedAt: string;
+  source: string;
+  spaces: EncryptedPublishArtifactSpace[];
+  version: 2;
+}
+
+export type PublishArtifact = PublishArtifactV1 | PublishArtifactV2;
+
 export const PUBLISH_VISIBILITY_VALUES = [
   "public",
   "secret-link",
@@ -244,6 +268,27 @@ export const buildPublishArtifact = (input: {
   version: 1 as const,
 });
 
+export const buildEncryptedPublishArtifact = (input: {
+  encryptedPayload: EncryptedArtifactPayload;
+  routeSlug: string;
+  secretToken: string;
+  source: string;
+  sourceType: "note" | "collection";
+}) => ({
+  exportedAt: new Date().toISOString(),
+  source: input.source,
+  spaces: [
+    {
+      encryptedPayload: input.encryptedPayload,
+      routeSlug: input.routeSlug,
+      secretToken: input.secretToken,
+      sourceType: input.sourceType,
+      visibility: "encrypted" as const,
+    },
+  ],
+  version: 2 as const,
+});
+
 export const derivePublishArtifactFilename = (artifact: PublishArtifact) => {
   const routeSlug =
     artifact.spaces[0]?.routeSlug.trim() ||

package/src/publish/encrypted-export.ts

@@ -0,0 +1,275 @@
+import { randomBytes, webcrypto } from "node:crypto";
+
+import type { EncryptedArtifactPayload, PublishArtifactNote } from "./artifact";
+
+const { subtle } = webcrypto;
+
+const PBKDF2_ITERATIONS = 210_000;
+const IV_BYTES = 12;
+const SALT_BYTES = 16;
+
+const encoder = new TextEncoder();
+
+type MetadataEntry = {
+  label: string;
+  value: string;
+};
+
+type NoteBlock =
+  | { type: "paragraph"; text: string }
+  | { type: "markdown"; markdown: string }
+  | { type: "heading"; depth: 2 | 3; id: string; text: string }
+  | { type: "list"; items: string[]; style: "ordered" | "unordered" }
+  | { code: string; language: string; type: "code" }
+  | { alt: string; caption: string; src: string; type: "image" };
+
+type ReaderNoteCard = {
+  backlinks: Array<{
+    excerpt: string;
+    noteId: string;
+    slug: string;
+    title: string;
+  }>;
+  blocks: NoteBlock[];
+  excerpt: string;
+  metadata: MetadataEntry[];
+  noteId: string;
+  outline: Array<{ depth: 2 | 3; id: string; text: string }>;
+  related: Array<{
+    excerpt: string;
+    noteId: string;
+    score: number;
+    slug: string;
+    title: string;
+  }>;
+  slug: string;
+  summary: string;
+  title: string;
+};
+
+type ReaderSpaceData = {
+  assetManifest: [];
+  currentNote: ReaderNoteCard;
+  homeNoteSlug?: string;
+  metadataPreview: MetadataEntry[];
+  nextNoteSlug?: string;
+  noteCards: ReaderNoteCard[];
+  previousNoteSlug?: string;
+  searchIndex: Array<{
+    excerpt: string;
+    haystack: string;
+    noteId: string;
+    slug: string;
+    title: string;
+  }>;
+  shareLabel: string;
+  sharePath: string;
+  snapshot: {
+    createdAt: string;
+    id: string;
+    lastIndexedAt: string;
+    searchEnabled: boolean;
+    version: number;
+  };
+  sourceType: "note" | "collection";
+  summary: string;
+  title: string;
+  visibility: "encrypted";
+};
+
+const toBase64 = (value: Uint8Array) => Buffer.from(value).toString("base64");
+
+const stripFrontmatter = (markdown: string) => {
+  if (!markdown.startsWith("---\n")) {
+    return markdown;
+  }
+
+  const endIndex = markdown.indexOf("\n---\n");
+  if (endIndex === -1) {
+    return markdown;
+  }
+
+  return markdown.slice(endIndex + 5);
+};
+
+const filterMetadata = (
+  metadata?: Record<string, string | string[]>
+): MetadataEntry[] => {
+  if (!metadata) {
+    return [];
+  }
+
+  return Object.entries(metadata).map(([key, value]) => ({
+    label: key
+      .replace(/([A-Z])/g, " $1")
+      .replace(/^./, (char) => char.toUpperCase()),
+    value: Array.isArray(value) ? value.join(", ") : value,
+  }));
+};
+
+const parseMarkdownBlocks = (markdown: string): NoteBlock[] => [
+  {
+    type: "markdown",
+    markdown: stripFrontmatter(markdown).trim(),
+  },
+];
+
+const getOutline = (blocks: NoteBlock[]) =>
+  blocks.flatMap((block) =>
+    block.type === "heading"
+      ? [{ depth: block.depth, id: block.id, text: block.text }]
+      : []
+  );
+
+const makeToken = (slug: string) =>
+  `${slug}-${Date.now().toString(36)}-${Math.random().toString(36).slice(2, 8)}`;
+
+const deriveExcerpt = (summary: string, blocks: NoteBlock[]) => {
+  if (summary.trim()) {
+    return summary.trim();
+  }
+
+  const paragraph = blocks.find((block) => block.type === "paragraph");
+  return paragraph?.text.slice(0, 160) ?? "";
+};
+
+const deriveReaderPayload = (input: {
+  exportedAt: string;
+  homeNoteSlug?: string;
+  notes: PublishArtifactNote[];
+  routeSlug: string;
+  sourceType: "note" | "collection";
+  summary: string;
+  title: string;
+}) => {
+  const noteCards: ReaderNoteCard[] = input.notes.map((note) => {
+    const blocks = parseMarkdownBlocks(note.markdown);
+    return {
+      noteId: `${input.routeSlug}:${note.slug}`,
+      slug: note.slug,
+      title: note.title,
+      excerpt: deriveExcerpt(note.summary, blocks),
+      summary: note.summary,
+      blocks,
+      metadata: filterMetadata(note.metadata),
+      outline: getOutline(blocks),
+      backlinks: [],
+      related: [],
+    };
+  });
+
+  const currentNote =
+    (input.homeNoteSlug
+      ? noteCards.find((note) => note.slug === input.homeNoteSlug)
+      : undefined) ?? noteCards[0];
+
+  if (!currentNote) {
+    throw new Error(
+      `Encrypted publish "${input.routeSlug}" requires at least one note`
+    );
+  }
+
+  const currentIndex = noteCards.findIndex(
+    (note) => note.noteId === currentNote.noteId
+  );
+  const sharePath = `/locked/${makeToken(input.routeSlug)}`;
+
+  return {
+    payload: {
+      sharePath,
+      shareLabel: "Encrypted share",
+      visibility: "encrypted" as const,
+      sourceType: input.sourceType,
+      title: input.title,
+      summary: input.summary,
+      snapshot: {
+        id: `snapshot-${input.routeSlug}-encrypted-v1`,
+        version: 1,
+        createdAt: input.exportedAt,
+        lastIndexedAt: input.exportedAt,
+        searchEnabled: noteCards.length > 1,
+      },
+      metadataPreview: [],
+      assetManifest: [],
+      searchIndex: noteCards.map((note) => ({
+        noteId: note.noteId,
+        slug: note.slug,
+        title: note.title,
+        excerpt: note.excerpt,
+        haystack: `${note.title} ${note.summary}`.toLowerCase(),
+      })),
+      noteCards,
+      currentNote,
+      previousNoteSlug: noteCards[currentIndex - 1]?.slug,
+      nextNoteSlug: noteCards[currentIndex + 1]?.slug,
+      homeNoteSlug: input.homeNoteSlug ?? noteCards[0]?.slug,
+    } satisfies ReaderSpaceData,
+    secretToken: sharePath.replace("/locked/", ""),
+  };
+};
+
+const deriveKey = async (passphrase: string, salt: Uint8Array) => {
+  const material = await subtle.importKey(
+    "raw",
+    encoder.encode(passphrase),
+    "PBKDF2",
+    false,
+    ["deriveKey"]
+  );
+
+  return subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      hash: "SHA-256",
+      salt,
+      iterations: PBKDF2_ITERATIONS,
+    },
+    material,
+    {
+      name: "AES-GCM",
+      length: 256,
+    },
+    false,
+    ["encrypt"]
+  );
+};
+
+const encryptJson = async (
+  passphrase: string,
+  payload: unknown
+): Promise<EncryptedArtifactPayload> => {
+  const salt = randomBytes(SALT_BYTES);
+  const iv = randomBytes(IV_BYTES);
+  const key = await deriveKey(passphrase, salt);
+  const plaintext = encoder.encode(JSON.stringify(payload));
+  const ciphertext = await subtle.encrypt(
+    { name: "AES-GCM", iv },
+    key,
+    plaintext
+  );
+
+  return {
+    ciphertext: toBase64(new Uint8Array(ciphertext)),
+    iv: toBase64(iv),
+    salt: toBase64(salt),
+    iterations: PBKDF2_ITERATIONS,
+  };
+};
+
+export const buildEncryptedArtifactPayload = async (input: {
+  exportedAt: string;
+  homeNoteSlug?: string;
+  notes: PublishArtifactNote[];
+  passphrase: string;
+  routeSlug: string;
+  sourceType: "note" | "collection";
+  summary: string;
+  title: string;
+}) => {
+  const { payload, secretToken } = deriveReaderPayload(input);
+
+  return {
+    encryptedPayload: await encryptJson(input.passphrase, payload),
+    secretToken,
+  };
+};

package/src/publish/export-service.ts

@@ -10,6 +10,7 @@ import type { DocumentRow, StorePort, TagRow } from "../store/types";
 import { parseRef } from "../cli/commands/ref-parser";
 import { parseFrontmatter } from "../ingestion/frontmatter";
 import {
+  buildEncryptedPublishArtifact,
   buildPublishArtifact,
   buildExportedMetadata,
   derivePublishSlug,
@@ -21,8 +22,10 @@ import {
   type PublishArtifactNote,
   type PublishVisibility,
 } from "./artifact";
+import { buildEncryptedArtifactPayload } from "./encrypted-export";
 
 export interface PublishExportCoreOptions {
+  encryptionPassphrase?: string;
   routeSlug?: string;
   summary?: string;
   title?: string;
@@ -170,6 +173,34 @@ async function exportCollectionArtifact(
     collection.name,
     target,
   ]);
+  const visibility = resolveVisibility(options.visibility);
+
+  if (visibility === "encrypted") {
+    if (!options.encryptionPassphrase) {
+      throw new Error(
+        "Encrypted publish export requires --passphrase or encryptionPassphrase."
+      );
+    }
+
+    const encrypted = await buildEncryptedArtifactPayload({
+      exportedAt: new Date().toISOString(),
+      homeNoteSlug: chooseHomeNoteSlug(notes),
+      notes,
+      passphrase: options.encryptionPassphrase,
+      routeSlug,
+      sourceType: "collection",
+      summary,
+      title,
+    });
+
+    return buildEncryptedPublishArtifact({
+      encryptedPayload: encrypted.encryptedPayload,
+      routeSlug,
+      secretToken: encrypted.secretToken,
+      source: collection.name,
+      sourceType: "collection",
+    });
+  }
 
   return buildPublishArtifact({
     homeNoteSlug: chooseHomeNoteSlug(notes),
@@ -179,7 +210,7 @@ async function exportCollectionArtifact(
     sourceType: "collection",
     summary,
     title,
-    visibility: resolveVisibility(options.visibility),
+    visibility,
   });
 }
 
@@ -200,6 +231,42 @@ async function exportDocumentArtifact(
   const summary =
     options.summary ?? deriveExportedSummary(markdown, frontmatter);
   const slug = deriveExportedSlug(doc);
+  const visibility = resolveVisibility(options.visibility);
+  const routeSlug = derivePublishSlug([options.routeSlug ?? "", slug, target]);
+
+  if (visibility === "encrypted") {
+    if (!options.encryptionPassphrase) {
+      throw new Error(
+        "Encrypted publish export requires --passphrase or encryptionPassphrase."
+      );
+    }
+
+    const encrypted = await buildEncryptedArtifactPayload({
+      exportedAt: new Date().toISOString(),
+      notes: [
+        {
+          markdown,
+          metadata: buildExportedMetadata(doc, frontmatter, tags),
+          slug,
+          summary,
+          title,
+        },
+      ],
+      passphrase: options.encryptionPassphrase,
+      routeSlug,
+      sourceType: "note",
+      summary,
+      title,
+    });
+
+    return buildEncryptedPublishArtifact({
+      encryptedPayload: encrypted.encryptedPayload,
+      routeSlug,
+      secretToken: encrypted.secretToken,
+      source: doc.uri,
+      sourceType: "note",
+    });
+  }
 
   return buildPublishArtifact({
     notes: [
@@ -211,12 +278,12 @@ async function exportDocumentArtifact(
         title,
       },
     ],
-    routeSlug: derivePublishSlug([options.routeSlug ?? "", slug, target]),
+    routeSlug,
     source: doc.uri,
     sourceType: "note",
     summary,
     title,
-    visibility: resolveVisibility(options.visibility),
+    visibility,
   });
 }
 

package/src/serve/routes/api.ts

@@ -340,6 +340,7 @@ export interface CreateEditableCopyRequestBody {
 }
 
 export interface PublishExportRequestBody {
+  encryptionPassphrase?: string;
   slug?: string;
   summary?: string;
   target: string;
@@ -765,6 +766,12 @@ export async function handlePublishExport(
   if (body.summary !== undefined && typeof body.summary !== "string") {
     return errorResponse("VALIDATION", "summary must be a string");
   }
+  if (
+    body.encryptionPassphrase !== undefined &&
+    typeof body.encryptionPassphrase !== "string"
+  ) {
+    return errorResponse("VALIDATION", "encryptionPassphrase must be a string");
+  }
   if (body.title !== undefined && typeof body.title !== "string") {
     return errorResponse("VALIDATION", "title must be a string");
   }
@@ -779,6 +786,7 @@ export async function handlePublishExport(
     const artifact = await exportPublishArtifact({
       collections: config.collections,
       options: {
+        encryptionPassphrase: body.encryptionPassphrase,
         routeSlug: body.slug,
         summary: body.summary,
         title: body.title,