@hasna/mcps 0.0.15 → 0.0.17

package/dist/index.js

@@ -9492,7 +9492,7 @@ var init_provider_profile_seeds = __esm(() => {
       provenance: {
         source: "curated",
         sourceUrl: "https://developers.notion.com/guides/mcp/build-mcp-client",
-        verifiedAt: "2026-05-10"
+        verifiedAt: "2026-05-11"
       }
     },
     {
@@ -9524,7 +9524,384 @@ var init_provider_profile_seeds = __esm(() => {
       provenance: {
         source: "curated",
         sourceUrl: "https://linear.app/docs/mcp",
-        verifiedAt: "2026-05-10"
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "github",
+      displayName: "GitHub",
+      description: "Connect GitHub so agents can inspect repositories, manage issues and pull requests, analyze Actions runs, and work with project metadata.",
+      endpoint: "https://api.githubcopilot.com/mcp/",
+      transport: "streamable-http",
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.0",
+        pkce: true,
+        dynamicClientRegistration: false,
+        bearerToken: "optional",
+        notes: "GitHub hosts the remote server. OAuth requires host-side GitHub App/OAuth App setup; clients that cannot complete OAuth can use an Authorization bearer GitHub PAT."
+      },
+      scopes: ["repo", "read:org", "read:user", "user:email", "workflow", "notifications", "project"],
+      tokenMode: "user",
+      installFallback: {
+        command: "docker",
+        args: ["run", "-i", "--rm", "-e", "GITHUB_PERSONAL_ACCESS_TOKEN", "ghcr.io/github/github-mcp-server"],
+        env: { GITHUB_PERSONAL_ACCESS_TOKEN: "GITHUB_PERSONAL_ACCESS_TOKEN" },
+        packageName: "ghcr.io/github/github-mcp-server",
+        url: "https://api.githubcopilot.com/mcp/"
+      },
+      docsUrl: "https://github.com/github/github-mcp-server",
+      safety: {
+        requiresApproval: true,
+        sensitiveScopes: ["repo", "workflow", "project"],
+        dataClasses: ["repositories", "issues", "pull_requests", "actions", "security_alerts", "organization_members"],
+        notes: "GitHub tools can read private source and mutate repository objects. Prefer least-privilege OAuth scopes or fine-grained PATs and approval-gate write operations."
+      },
+      provenance: {
+        source: "curated",
+        sourceUrl: "https://github.com/github/github-mcp-server",
+        repositoryUrl: "https://github.com/github/github-mcp-server",
+        packageName: "ghcr.io/github/github-mcp-server",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "slack",
+      displayName: "Slack",
+      description: "Connect Slack so agents can search workspace messages and files, inspect conversations, read user context, and draft or send approved messages.",
+      endpoint: "https://mcp.slack.com/mcp",
+      transport: "streamable-http",
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.0",
+        pkce: true,
+        dynamicClientRegistration: false,
+        bearerToken: "none",
+        notes: "Slack's remote MCP endpoint uses Streamable HTTP, requires a registered Slack app identity, and does not support SSE or dynamic client registration."
+      },
+      scopes: [
+        "search:read.public",
+        "search:read.private",
+        "search:read.mpim",
+        "search:read.im",
+        "search:read.files",
+        "search:read.users",
+        "channels:history",
+        "groups:history",
+        "mpim:history",
+        "im:history",
+        "chat:write",
+        "canvases:read",
+        "canvases:write",
+        "users:read",
+        "users:read.email"
+      ],
+      tokenMode: "user",
+      docsUrl: "https://docs.slack.dev/ai/slack-mcp-server/",
+      safety: {
+        requiresApproval: true,
+        sensitiveScopes: ["chat:write", "canvases:write", "users:read.email"],
+        dataClasses: ["messages", "files", "channels", "users", "canvases"],
+        notes: "Slack data often includes confidential team communication. Search/read access should stay tenant-scoped and message/canvas writes should require explicit approval."
+      },
+      provenance: {
+        source: "curated",
+        sourceUrl: "https://docs.slack.dev/ai/slack-mcp-server/",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "gmail",
+      displayName: "Gmail",
+      description: "Connect Gmail through the open Workspace MCP server for mail search, message retrieval, drafts, labels, filters, and approved send workflows.",
+      transport: "stdio",
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.1",
+        pkce: true,
+        dynamicClientRegistration: false,
+        bearerToken: "optional",
+        notes: "Workspace MCP is an independent open-source Google Workspace server. Configure your own Google OAuth client and storage backend for Gmail access."
+      },
+      scopes: [
+        "https://www.googleapis.com/auth/gmail.readonly",
+        "https://www.googleapis.com/auth/gmail.modify",
+        "https://www.googleapis.com/auth/gmail.compose",
+        "https://www.googleapis.com/auth/gmail.send"
+      ],
+      tokenMode: "user",
+      installFallback: {
+        command: "uvx",
+        args: ["workspace-mcp"],
+        env: { WORKSPACE_MCP_PERMISSIONS: "gmail:send" },
+        packageName: "workspace-mcp",
+        url: "http://127.0.0.1:8000/mcp"
+      },
+      docsUrl: "https://workspacemcp.com/docs",
+      safety: {
+        requiresApproval: true,
+        sensitiveScopes: [
+          "https://www.googleapis.com/auth/gmail.modify",
+          "https://www.googleapis.com/auth/gmail.compose",
+          "https://www.googleapis.com/auth/gmail.send"
+        ],
+        dataClasses: ["email_messages", "threads", "attachments", "labels", "contacts"],
+        notes: "Email content and sending are high-impact actions. Prefer read-only permissions until a user intentionally enables drafts or sends."
+      },
+      provenance: {
+        source: "github",
+        sourceUrl: "https://workspacemcp.com/docs",
+        repositoryUrl: "https://github.com/taylorwilsdon/google_workspace_mcp",
+        packageName: "workspace-mcp",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "google-drive",
+      displayName: "Google Drive",
+      description: "Connect Google Drive through the open Workspace MCP server for file search, folder navigation, content reads, and approved file operations.",
+      transport: "stdio",
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.1",
+        pkce: true,
+        dynamicClientRegistration: false,
+        bearerToken: "optional",
+        notes: "Workspace MCP is an independent open-source Google Workspace server. Configure your own Google OAuth client and storage backend for Drive access."
+      },
+      scopes: [
+        "https://www.googleapis.com/auth/drive.readonly",
+        "https://www.googleapis.com/auth/drive.file",
+        "https://www.googleapis.com/auth/drive"
+      ],
+      tokenMode: "user",
+      installFallback: {
+        command: "uvx",
+        args: ["workspace-mcp"],
+        env: { WORKSPACE_MCP_PERMISSIONS: "drive:readonly" },
+        packageName: "workspace-mcp",
+        url: "http://127.0.0.1:8000/mcp"
+      },
+      docsUrl: "https://workspacemcp.com/docs",
+      safety: {
+        requiresApproval: true,
+        sensitiveScopes: [
+          "https://www.googleapis.com/auth/drive.file",
+          "https://www.googleapis.com/auth/drive"
+        ],
+        dataClasses: ["drive_files", "folders", "documents", "spreadsheets", "attachments", "sharing_permissions"],
+        notes: "Drive access can expose broad business documents. Keep tenant allowlists and approval-gate creation, movement, and permission changes."
+      },
+      provenance: {
+        source: "github",
+        sourceUrl: "https://workspacemcp.com/docs",
+        repositoryUrl: "https://github.com/taylorwilsdon/google_workspace_mcp",
+        packageName: "workspace-mcp",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "google-calendar",
+      displayName: "Google Calendar",
+      description: "Connect Google Calendar through the open Workspace MCP server for calendar discovery, event reads, and approved scheduling changes.",
+      transport: "stdio",
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.1",
+        pkce: true,
+        dynamicClientRegistration: false,
+        bearerToken: "optional",
+        notes: "Workspace MCP is an independent open-source Google Workspace server. Configure your own Google OAuth client and storage backend for Calendar access."
+      },
+      scopes: [
+        "https://www.googleapis.com/auth/calendar.readonly",
+        "https://www.googleapis.com/auth/calendar.events",
+        "https://www.googleapis.com/auth/calendar"
+      ],
+      tokenMode: "user",
+      installFallback: {
+        command: "uvx",
+        args: ["workspace-mcp"],
+        env: { WORKSPACE_MCP_PERMISSIONS: "calendar:readonly" },
+        packageName: "workspace-mcp",
+        url: "http://127.0.0.1:8000/mcp"
+      },
+      docsUrl: "https://workspacemcp.com/docs",
+      safety: {
+        requiresApproval: true,
+        sensitiveScopes: [
+          "https://www.googleapis.com/auth/calendar.events",
+          "https://www.googleapis.com/auth/calendar"
+        ],
+        dataClasses: ["calendars", "events", "attendees", "attachments", "availability"],
+        notes: "Calendar writes can invite people, reveal availability, and alter operational schedules. Gate creates, updates, and deletes with user approval."
+      },
+      provenance: {
+        source: "github",
+        sourceUrl: "https://workspacemcp.com/docs",
+        repositoryUrl: "https://github.com/taylorwilsdon/google_workspace_mcp",
+        packageName: "workspace-mcp",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "stripe",
+      displayName: "Stripe",
+      description: "Connect Stripe so agents can inspect accounts, balances, customers, prices, subscriptions, invoices, disputes, and perform approved Stripe API operations.",
+      endpoint: "https://mcp.stripe.com",
+      transport: "streamable-http",
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.0",
+        pkce: true,
+        dynamicClientRegistration: false,
+        bearerToken: "optional",
+        notes: "Stripe supports OAuth MCP sessions and restricted API keys as Authorization bearer tokens for clients that do not support OAuth."
+      },
+      tokenMode: "workspace",
+      installFallback: {
+        command: "npx",
+        args: ["-y", "@stripe/mcp"],
+        env: { STRIPE_SECRET_KEY: "STRIPE_SECRET_KEY" },
+        packageName: "@stripe/mcp",
+        url: "https://mcp.stripe.com"
+      },
+      docsUrl: "https://docs.stripe.com/mcp",
+      safety: {
+        requiresApproval: true,
+        sensitiveScopes: ["restricted_api_key", "live_mode"],
+        dataClasses: ["payments", "customers", "subscriptions", "invoices", "disputes", "account_balances"],
+        notes: "Use restricted keys, separate sandbox/live mode, and require approval for any operation that creates, updates, refunds, cancels, or exposes customer data."
+      },
+      provenance: {
+        source: "curated",
+        sourceUrl: "https://docs.stripe.com/mcp",
+        repositoryUrl: "https://github.com/stripe/ai",
+        packageName: "@stripe/mcp",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "cloudflare",
+      displayName: "Cloudflare",
+      description: "Connect Cloudflare's remote MCP server for account, zone, developer platform, logs, analytics, and approved infrastructure operations.",
+      endpoint: "https://mcp.cloudflare.com/mcp",
+      transport: "streamable-http",
+      authType: "oauth2",
+      authMetadata: {
+        oauthVersion: "2.0",
+        pkce: true,
+        dynamicClientRegistration: false,
+        bearerToken: "none",
+        notes: "Cloudflare's remote MCP server redirects users through Cloudflare authorization and permission selection."
+      },
+      tokenMode: "workspace",
+      docsUrl: "https://developers.cloudflare.com/agents/model-context-protocol/mcp-servers-for-cloudflare/",
+      safety: {
+        requiresApproval: true,
+        sensitiveScopes: ["account_admin", "zone_write", "workers_write", "dns_write"],
+        dataClasses: ["accounts", "zones", "dns_records", "workers", "logs", "analytics", "security_events"],
+        notes: "Cloudflare tools can affect live infrastructure. Require account scoping, least-privilege permissions, and approval for write operations."
+      },
+      provenance: {
+        source: "curated",
+        sourceUrl: "https://github.com/cloudflare/mcp",
+        repositoryUrl: "https://github.com/cloudflare/mcp",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "postgres",
+      displayName: "PostgreSQL",
+      description: "Connect a PostgreSQL database through the reference read-only MCP server for schema inspection and SQL query analysis.",
+      transport: "stdio",
+      authType: "api_key",
+      authMetadata: {
+        bearerToken: "none",
+        notes: "The stdio server takes a PostgreSQL connection URL argument. Store the URL in a secret manager or environment variable and grant read-only database credentials."
+      },
+      tokenMode: "service",
+      installFallback: {
+        command: "npx",
+        args: ["-y", "@modelcontextprotocol/server-postgres", "${POSTGRES_URL}"],
+        packageName: "@modelcontextprotocol/server-postgres"
+      },
+      docsUrl: "https://www.npmjs.com/package/@modelcontextprotocol/server-postgres",
+      safety: {
+        readOnly: true,
+        requiresApproval: false,
+        sensitiveScopes: ["database_connection_url"],
+        dataClasses: ["database_schema", "table_rows", "query_results"],
+        notes: "Use read-only database users and network allowlists. Treat query results as sensitive even when the server enforces read-only transactions."
+      },
+      provenance: {
+        source: "npm",
+        sourceUrl: "https://www.npmjs.com/package/@modelcontextprotocol/server-postgres",
+        repositoryUrl: "https://github.com/modelcontextprotocol/servers",
+        packageName: "@modelcontextprotocol/server-postgres",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "filesystem",
+      displayName: "Filesystem",
+      description: "Connect the reference filesystem MCP server for scoped local file and directory reads, writes, searches, metadata, and move operations.",
+      transport: "stdio",
+      authType: "none",
+      authMetadata: {
+        bearerToken: "none",
+        notes: "Filesystem access is bounded by explicit root directories passed to the local stdio server."
+      },
+      tokenMode: "none",
+      installFallback: {
+        command: "npx",
+        args: ["-y", "@modelcontextprotocol/server-filesystem", "${workspaceFolder}"],
+        packageName: "@modelcontextprotocol/server-filesystem"
+      },
+      docsUrl: "https://www.npmjs.com/package/@modelcontextprotocol/server-filesystem",
+      safety: {
+        requiresApproval: true,
+        destructiveTools: ["write_file", "delete_file", "move_file", "create_directory"],
+        dataClasses: ["local_files", "source_code", "documents", "directory_metadata"],
+        notes: "Always constrain roots to intended project directories and approval-gate write, delete, and move operations."
+      },
+      provenance: {
+        source: "npm",
+        sourceUrl: "https://www.npmjs.com/package/@modelcontextprotocol/server-filesystem",
+        repositoryUrl: "https://github.com/modelcontextprotocol/servers",
+        packageName: "@modelcontextprotocol/server-filesystem",
+        verifiedAt: "2026-05-11"
+      }
+    },
+    {
+      id: "browser",
+      displayName: "Browser Automation",
+      description: "Connect Playwright MCP so agents can navigate pages, inspect accessibility snapshots, fill forms, capture screenshots, and run browser automation.",
+      transport: "stdio",
+      authType: "none",
+      authMetadata: {
+        bearerToken: "none",
+        notes: "Playwright MCP runs browser automation locally and may reuse browser profile state unless configured for isolation."
+      },
+      tokenMode: "none",
+      installFallback: {
+        command: "npx",
+        args: ["-y", "@playwright/mcp"],
+        packageName: "@playwright/mcp"
+      },
+      docsUrl: "https://playwright.dev/docs/getting-started-mcp",
+      safety: {
+        requiresApproval: true,
+        destructiveTools: ["browser_click", "browser_type", "browser_file_upload", "browser_run_code"],
+        dataClasses: ["web_pages", "forms", "cookies", "local_storage", "screenshots", "browser_profiles"],
+        notes: "Browser automation can submit forms, alter accounts, and expose logged-in sessions. Prefer isolated profiles and require approval for side-effecting actions."
+      },
+      provenance: {
+        source: "curated",
+        sourceUrl: "https://playwright.dev/docs/getting-started-mcp",
+        repositoryUrl: "https://github.com/microsoft/playwright-mcp",
+        packageName: "@playwright/mcp",
+        verifiedAt: "2026-05-11"
       }
     }
   ];
@@ -9547,6 +9924,7 @@ function getDb() {
       command TEXT NOT NULL,
       args TEXT NOT NULL DEFAULT '[]',
       env TEXT NOT NULL DEFAULT '{}',
+      credential_refs TEXT NOT NULL DEFAULT '{}',
       transport TEXT NOT NULL DEFAULT 'stdio',
       url TEXT,
       source TEXT NOT NULL DEFAULT 'local',
@@ -9573,6 +9951,9 @@ function getDb() {
   try {
     db.exec("ALTER TABLE servers ADD COLUMN last_error TEXT");
   } catch {}
+  try {
+    db.exec("ALTER TABLE servers ADD COLUMN credential_refs TEXT NOT NULL DEFAULT '{}'");
+  } catch {}
   db.exec(`
     CREATE TABLE IF NOT EXISTS sources (
       id TEXT PRIMARY KEY,
@@ -9643,22 +10024,19 @@ function getDb() {
     db.exec("ALTER TABLE provider_profiles ADD COLUMN auth_metadata TEXT NOT NULL DEFAULT '{}'");
   } catch {}
   db.exec("CREATE INDEX IF NOT EXISTS idx_provider_profiles_enabled ON provider_profiles(enabled)");
-  const providerProfileCount = db.query("SELECT COUNT(*) as c FROM provider_profiles").get().c;
-  if (providerProfileCount === 0) {
-    const insertProviderProfile = db.prepare(`
-      INSERT OR IGNORE INTO provider_profiles (
-        id, display_name, description, endpoint, transport, fallback_endpoints,
-        auth_type, auth_metadata, scopes, token_mode, install_fallback,
-        docs_url, safety, provenance, enabled
-      ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
-    `);
-    const run = db.transaction(() => {
-      for (const profile of DEFAULT_PROVIDER_PROFILE_SEEDS) {
-        insertProviderProfile.run(profile.id, profile.displayName, profile.description ?? null, profile.endpoint ?? null, profile.transport, JSON.stringify(profile.fallbackEndpoints ?? []), profile.authType, JSON.stringify(profile.authMetadata ?? {}), JSON.stringify(profile.scopes ?? []), profile.tokenMode ?? "none", JSON.stringify(profile.installFallback ?? null), profile.docsUrl ?? null, JSON.stringify(profile.safety ?? {}), JSON.stringify(profile.provenance), profile.enabled === false ? 0 : 1);
-      }
-    });
-    run();
-  }
+  const insertProviderProfile = db.prepare(`
+    INSERT OR IGNORE INTO provider_profiles (
+      id, display_name, description, endpoint, transport, fallback_endpoints,
+      auth_type, auth_metadata, scopes, token_mode, install_fallback,
+      docs_url, safety, provenance, enabled
+    ) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+  `);
+  const seedProviderProfiles = db.transaction(() => {
+    for (const profile of DEFAULT_PROVIDER_PROFILE_SEEDS) {
+      insertProviderProfile.run(profile.id, profile.displayName, profile.description ?? null, profile.endpoint ?? null, profile.transport, JSON.stringify(profile.fallbackEndpoints ?? []), profile.authType, JSON.stringify(profile.authMetadata ?? {}), JSON.stringify(profile.scopes ?? []), profile.tokenMode ?? "none", JSON.stringify(profile.installFallback ?? null), profile.docsUrl ?? null, JSON.stringify(profile.safety ?? {}), JSON.stringify(profile.provenance), profile.enabled === false ? 0 : 1);
+    }
+  });
+  seedProviderProfiles();
   db.exec(`
     CREATE TABLE IF NOT EXISTS feedback (
       id TEXT PRIMARY KEY DEFAULT (lower(hex(randomblob(16)))),
@@ -16627,17 +17005,17 @@ __export(exports_sources, {
   clearCache: () => clearCache,
   addSource: () => addSource
 });
-import { mkdirSync as mkdirSync6, existsSync as existsSync6, readFileSync as readFileSync2, writeFileSync as writeFileSync2, readdirSync as readdirSync3, unlinkSync } from "fs";
-import { join as join7 } from "path";
+import { mkdirSync as mkdirSync6, existsSync as existsSync7, readFileSync as readFileSync3, writeFileSync as writeFileSync2, readdirSync as readdirSync3, unlinkSync } from "fs";
+import { join as join8 } from "path";
 function getCacheFile(sourceId) {
-  return join7(CACHE_DIR, `${sourceId}.json`);
+  return join8(CACHE_DIR, `${sourceId}.json`);
 }
 function readCache(sourceId) {
   try {
     const file = getCacheFile(sourceId);
-    if (!existsSync6(file))
+    if (!existsSync7(file))
       return null;
-    const data = JSON.parse(readFileSync2(file, "utf-8"));
+    const data = JSON.parse(readFileSync3(file, "utf-8"));
     return data;
   } catch {
     return null;
@@ -16651,7 +17029,7 @@ function writeCache(sourceId, results) {
 }
 function clearCache(sourceId) {
   try {
-    if (!existsSync6(CACHE_DIR))
+    if (!existsSync7(CACHE_DIR))
       return;
     const files = readdirSync3(CACHE_DIR);
     for (const file of files) {
@@ -16659,7 +17037,7 @@ function clearCache(sourceId) {
         continue;
       if (!sourceId || file.startsWith(`${sourceId}.`)) {
         try {
-          unlinkSync(join7(CACHE_DIR, file));
+          unlinkSync(join8(CACHE_DIR, file));
         } catch {}
       }
     }
@@ -16905,12 +17283,166 @@ var CACHE_DIR, DEFAULT_TTL_MS;
 var init_sources = __esm(() => {
   init_db();
   init_config2();
-  CACHE_DIR = join7(MCPS_DIR, "cache");
+  CACHE_DIR = join8(MCPS_DIR, "cache");
   DEFAULT_TTL_MS = 10 * 60 * 1000;
 });
 
 // src/lib/registry.ts
 init_db();
+
+// src/lib/credentials.ts
+init_config2();
+import { existsSync as existsSync6, readFileSync as readFileSync2 } from "fs";
+import { join as join7 } from "path";
+
+class CredentialReferenceError extends Error {
+  constructor(message) {
+    super(message);
+    this.name = "CredentialReferenceError";
+  }
+}
+var SECRET_KEY_PATTERN = /(?:^|[_-])(api[_-]?key|token|secret|password|passwd|credential|auth|private[_-]?key)(?:$|[_-])/i;
+var SECRET_VALUE_PATTERN = /^(sk_(?:live|test)_[A-Za-z0-9_]+|ghp_[A-Za-z0-9_]+|github_pat_[A-Za-z0-9_]+|xox[baprs]-[A-Za-z0-9-]+|AIza[A-Za-z0-9_-]{20,}|eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+)$/;
+var REDACTED_CREDENTIAL_VALUE = "<redacted>";
+function normalizeKey(key) {
+  return key.trim();
+}
+function isRecord(value) {
+  return typeof value === "object" && value !== null && !Array.isArray(value);
+}
+function isSecretLikeEnvKey(key) {
+  return SECRET_KEY_PATTERN.test(key);
+}
+function isSecretLikeValue(value) {
+  return SECRET_VALUE_PATTERN.test(value.trim());
+}
+function normalizeCredentialRef(ref) {
+  const source = ref.source;
+  if (source !== "env" && source !== "local-vault" && source !== "hosted") {
+    throw new CredentialReferenceError(`Unsupported credential reference source: ${String(source)}`);
+  }
+  const name = ref.name?.trim();
+  if (!name) {
+    throw new CredentialReferenceError("Credential reference name is required");
+  }
+  return {
+    source,
+    name,
+    required: ref.required !== false,
+    ...ref.description ? { description: ref.description } : {}
+  };
+}
+function normalizeCredentialRefs(refs) {
+  const normalized = {};
+  for (const [rawKey, ref] of Object.entries(refs ?? {})) {
+    const key = normalizeKey(rawKey);
+    if (!key)
+      throw new CredentialReferenceError("Credential reference env key is required");
+    normalized[key] = normalizeCredentialRef(ref);
+  }
+  return normalized;
+}
+function parseCredentialRefs(value) {
+  if (!isRecord(value))
+    return {};
+  const refs = {};
+  for (const [key, ref] of Object.entries(value)) {
+    if (!isRecord(ref))
+      continue;
+    const source = ref.source;
+    const name = ref.name;
+    if ((source === "env" || source === "local-vault" || source === "hosted") && typeof name === "string" && name.trim()) {
+      refs[key] = normalizeCredentialRef({
+        source,
+        name,
+        required: typeof ref.required === "boolean" ? ref.required : true,
+        description: typeof ref.description === "string" ? ref.description : undefined
+      });
+    }
+  }
+  return refs;
+}
+function normalizeLiteralEnv(env) {
+  const normalized = {};
+  for (const [rawKey, rawValue] of Object.entries(env ?? {})) {
+    const key = normalizeKey(rawKey);
+    if (!key)
+      continue;
+    const value = String(rawValue);
+    if (isSecretLikeEnvKey(key) || isSecretLikeValue(value)) {
+      throw new CredentialReferenceError(`Refusing to store raw secret-like env value for "${key}". Use a credential reference instead.`);
+    }
+    normalized[key] = value;
+  }
+  return normalized;
+}
+function redactEnv(env) {
+  const redacted = {};
+  for (const [key, value] of Object.entries(env)) {
+    redacted[key] = isSecretLikeEnvKey(key) || isSecretLikeValue(value) ? REDACTED_CREDENTIAL_VALUE : value;
+  }
+  return redacted;
+}
+function redactServerCredentials(server) {
+  return {
+    ...server,
+    env: redactEnv(server.env),
+    credentialRefs: normalizeCredentialRefs(server.credentialRefs)
+  };
+}
+function readLocalVault() {
+  const path = process.env.HASNA_MCPS_CREDENTIAL_VAULT_PATH ?? join7(MCPS_DIR, "credentials.local.json");
+  if (!existsSync6(path))
+    return {};
+  const parsed = JSON.parse(readFileSync2(path, "utf-8"));
+  if (!isRecord(parsed))
+    return {};
+  const values = {};
+  for (const [key, value] of Object.entries(parsed)) {
+    if (typeof value === "string")
+      values[key] = value;
+  }
+  return values;
+}
+function resolveCredentialRef(envKey, ref) {
+  if (ref.source === "env") {
+    const value = process.env[ref.name];
+    if (value === undefined && ref.required !== false) {
+      throw new CredentialReferenceError(`Missing required environment credential "${ref.name}" for "${envKey}"`);
+    }
+    return value;
+  }
+  if (ref.source === "local-vault") {
+    const value = readLocalVault()[ref.name];
+    if (value === undefined && ref.required !== false) {
+      throw new CredentialReferenceError(`Missing required local vault credential "${ref.name}" for "${envKey}"`);
+    }
+    return value;
+  }
+  if (ref.required !== false) {
+    throw new CredentialReferenceError(`Hosted credential "${ref.name}" for "${envKey}" cannot be resolved by the local runtime`);
+  }
+  return;
+}
+function resolveServerEnv(server) {
+  const resolved = { ...server.env };
+  const refs = normalizeCredentialRefs(server.credentialRefs);
+  for (const [envKey, ref] of Object.entries(refs)) {
+    const value = resolveCredentialRef(envKey, ref);
+    if (value !== undefined)
+      resolved[envKey] = value;
+  }
+  return resolved;
+}
+function credentialRefPlaceholders(refs) {
+  const placeholders = {};
+  for (const key of Object.keys(refs ?? {})) {
+    placeholders[key] = REDACTED_CREDENTIAL_VALUE;
+  }
+  return placeholders;
+}
+
+// src/lib/registry.ts
 function parseRow(row) {
   return {
     id: row.id,
@@ -16919,6 +17451,7 @@ function parseRow(row) {
     command: row.command,
     args: safeJsonParse(row.args, []),
     env: safeJsonParse(row.env, {}),
+    credentialRefs: parseCredentialRefs(safeJsonParse(row.credential_refs, {})),
     transport: row.transport,
     url: row.url || null,
     source: row.source,
@@ -16986,9 +17519,9 @@ function addServer(opts) {
   if (!id) {
     throw new Error("Unable to generate a valid server ID");
   }
-  const row = db2.prepare(`INSERT INTO servers (id, name, description, command, args, env, transport, url, source)
-       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)
-       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(opts.env || {}), opts.transport || "stdio", opts.url || null, opts.source || "local");
+  const row = db2.prepare(`INSERT INTO servers (id, name, description, command, args, env, credential_refs, transport, url, source)
+       VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)
+       RETURNING *`).get(id, name, opts.description || null, command, JSON.stringify(opts.args || []), JSON.stringify(normalizeLiteralEnv(opts.env)), JSON.stringify(normalizeCredentialRefs(opts.credentialRefs)), opts.transport || "stdio", opts.url || null, opts.source || "local");
   return parseRow(row);
 }
 function removeServer(id) {
@@ -17027,7 +17560,11 @@ function updateServer(id, updates) {
   }
   if (updates.env !== undefined) {
     sets.push("env = ?");
-    values.push(JSON.stringify(updates.env));
+    values.push(JSON.stringify(normalizeLiteralEnv(updates.env)));
+  }
+  if (updates.credentialRefs !== undefined) {
+    sets.push("credential_refs = ?");
+    values.push(JSON.stringify(normalizeCredentialRefs(updates.credentialRefs)));
   }
   if (updates.transport !== undefined) {
     sets.push("transport = ?");
@@ -17061,7 +17598,7 @@ function setServerEnv(id, key, value) {
   if (!server)
     throw new Error(`Server "${id}" not found`);
   const env = { ...server.env, [key]: value };
-  db2.prepare("UPDATE servers SET env = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(env), id);
+  db2.prepare("UPDATE servers SET env = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(normalizeLiteralEnv(env)), id);
 }
 function unsetServerEnv(id, key) {
   const db2 = getDb();
@@ -17072,6 +17609,23 @@ function unsetServerEnv(id, key) {
   delete env[key];
   db2.prepare("UPDATE servers SET env = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(env), id);
 }
+function setServerCredentialRef(id, key, ref) {
+  const db2 = getDb();
+  const server = getServer(id);
+  if (!server)
+    throw new Error(`Server "${id}" not found`);
+  const credentialRefs = normalizeCredentialRefs({ ...server.credentialRefs ?? {}, [key]: ref });
+  db2.prepare("UPDATE servers SET credential_refs = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(credentialRefs), id);
+}
+function unsetServerCredentialRef(id, key) {
+  const db2 = getDb();
+  const server = getServer(id);
+  if (!server)
+    throw new Error(`Server "${id}" not found`);
+  const credentialRefs = { ...server.credentialRefs ?? {} };
+  delete credentialRefs[key];
+  db2.prepare("UPDATE servers SET credential_refs = ?, updated_at = datetime('now') WHERE id = ?").run(JSON.stringify(normalizeCredentialRefs(credentialRefs)), id);
+}
 function cacheTools(serverId, tools) {
   const db2 = getDb();
   const insert = db2.prepare("INSERT INTO tool_cache (server_id, name, description, input_schema) VALUES (?, ?, ?, ?)");
@@ -17111,6 +17665,7 @@ function cloneServer(id, newName) {
     command: server.command,
     args: server.args,
     env: server.env,
+    credentialRefs: server.credentialRefs,
     transport: server.transport,
     url: server.url ?? undefined,
     source: server.source
@@ -25266,8 +25821,8 @@ var DESTRUCTIVE_COMMANDS = new Set([
 ]);
 var SHELL_EVAL_FLAGS = new Set(["-c", "/c", "-Command", "-command", "-EncodedCommand", "-encodedcommand"]);
 var SECRET_FLAG_PATTERN = /(?:^|[-_])(api[-_]?key|token|secret|password|passwd|credential|auth|private[-_]?key)(?:$|[-_])/i;
-var SECRET_KEY_PATTERN = /(?:^|[_-])(api[_-]?key|token|secret|password|passwd|credential|auth|private[_-]?key)(?:$|[_-])/i;
-var SECRET_VALUE_PATTERN = /^(sk_(?:live|test)_[A-Za-z0-9_]+|ghp_[A-Za-z0-9_]+|github_pat_[A-Za-z0-9_]+|xox[baprs]-[A-Za-z0-9-]+|AIza[A-Za-z0-9_-]{20,}|eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+)$/;
+var SECRET_KEY_PATTERN2 = /(?:^|[_-])(api[_-]?key|token|secret|password|passwd|credential|auth|private[_-]?key)(?:$|[_-])/i;
+var SECRET_VALUE_PATTERN2 = /^(sk_(?:live|test)_[A-Za-z0-9_]+|ghp_[A-Za-z0-9_]+|github_pat_[A-Za-z0-9_]+|xox[baprs]-[A-Za-z0-9-]+|AIza[A-Za-z0-9_-]{20,}|eyJ[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+\.[A-Za-z0-9_-]+)$/;
 var SHELL_META_PATTERN = /[;&|`<>]|\$\(/;
 function commandBase(command) {
   return command.trim().split(/[\\/]/).pop()?.toLowerCase() || command.trim().toLowerCase();
@@ -25276,10 +25831,10 @@ function normalizeArgs(args) {
   return (args ?? []).map((arg) => String(arg));
 }
 function isSecretKey(key) {
-  return SECRET_KEY_PATTERN.test(key) || SECRET_FLAG_PATTERN.test(key);
+  return SECRET_KEY_PATTERN2.test(key) || SECRET_FLAG_PATTERN.test(key);
 }
 function isSecretValue(value) {
-  return SECRET_VALUE_PATTERN.test(value.trim());
+  return SECRET_VALUE_PATTERN2.test(value.trim());
 }
 function isSecretAssignment(arg) {
   const eqIdx = arg.indexOf("=");
@@ -25465,14 +26020,14 @@ async function connectToServer(entry, options = {}) {
         assertLocalCommandConsent({
           command: entry.command,
           args: entry.args,
-          env: entry.env,
+          env: { ...entry.env, ...credentialRefPlaceholders(entry.credentialRefs) },
           transport: entry.transport,
           operation: "launch"
         }, options.localCommandConsent);
         transport = new StdioClientTransport({
           command: entry.command,
           args: entry.args,
-          env: buildEnv(entry.env)
+          env: buildEnv(resolveServerEnv(entry))
         });
       } else if (entry.transport === "sse") {
         transport = new SSEClientTransport(requireUrl(entry));
@@ -25612,7 +26167,7 @@ async function diagnoseServer(server, options = {}) {
       assertLocalCommandConsent({
         command: server.command,
         args: server.args,
-        env: server.env,
+        env: { ...server.env, ...credentialRefPlaceholders(server.credentialRefs) },
         transport: server.transport,
         operation: "diagnose"
       }, options.localCommandConsent);
@@ -25641,12 +26196,29 @@ async function diagnoseServer(server, options = {}) {
     }
   }
   const missingEnv = Object.entries(server.env).filter(([, v]) => !v);
-  if (Object.keys(server.env).length === 0) {
-    checks3.push({ name: "env vars", pass: true, message: "no env vars required" });
-  } else if (missingEnv.length > 0) {
-    checks3.push({ name: "env vars", pass: false, message: `missing values for: ${missingEnv.map(([k]) => k).join(", ")}` });
+  const credentialRefCount = Object.keys(server.credentialRefs ?? {}).length;
+  let credentialError = null;
+  try {
+    resolveServerEnv(server);
+  } catch (err) {
+    credentialError = err.message;
+  }
+  if (Object.keys(server.env).length === 0 && credentialRefCount === 0) {
+    checks3.push({ name: "env vars", pass: true, message: "no env vars or credential refs required" });
+  } else if (missingEnv.length > 0 || credentialError) {
+    const parts = [];
+    if (missingEnv.length > 0)
+      parts.push(`missing literal values for: ${missingEnv.map(([k]) => k).join(", ")}`);
+    if (credentialError)
+      parts.push(credentialError);
+    checks3.push({ name: "env vars", pass: false, message: parts.join("; ") });
   } else {
-    checks3.push({ name: "env vars", pass: true, message: `${Object.keys(server.env).length} env var(s) set` });
+    const literalCount = Object.keys(server.env).length;
+    checks3.push({
+      name: "env vars",
+      pass: true,
+      message: `${literalCount} literal env var(s), ${credentialRefCount} credential ref(s) available`
+    });
   }
   if (server.transport !== "stdio" && server.url) {
     try {
@@ -26005,8 +26577,8 @@ init_provider_profile_seeds();
 
 // src/lib/install.ts
 import { execFileSync as execFileSync2 } from "child_process";
-import { existsSync as existsSync7, readFileSync as readFileSync3, writeFileSync as writeFileSync3, mkdirSync as mkdirSync7 } from "fs";
-import { join as join8 } from "path";
+import { existsSync as existsSync8, readFileSync as readFileSync4, writeFileSync as writeFileSync3, mkdirSync as mkdirSync7 } from "fs";
+import { join as join9 } from "path";
 import { homedir as homedir8 } from "os";
 function installToClaude(entry) {
   try {
@@ -26018,7 +26590,7 @@ function installToClaude(entry) {
       "--scope",
       "user"
     ];
-    for (const [k, v] of Object.entries(entry.env)) {
+    for (const [k, v] of Object.entries(assertAgentInstallEnv(entry))) {
       args.push("--env", `${k}=${v}`);
     }
     args.push(entry.id, "--", entry.command, ...entry.args);
@@ -26030,9 +26602,9 @@ function installToClaude(entry) {
 }
 function installToCodex(entry) {
   try {
-    const configDir = join8(homedir8(), ".codex");
-    const configPath = join8(configDir, "config.toml");
-    if (!existsSync7(configDir)) {
+    const configDir = join9(homedir8(), ".codex");
+    const configPath = join9(configDir, "config.toml");
+    if (!existsSync8(configDir)) {
       mkdirSync7(configDir, { recursive: true });
     }
     const block = `
@@ -26040,7 +26612,7 @@ function installToCodex(entry) {
 ` + `command = ${JSON.stringify(entry.command)}
 ` + `args = [${entry.args.map((a) => JSON.stringify(a)).join(", ")}]
 `;
-    const existing = existsSync7(configPath) ? readFileSync3(configPath, "utf-8") : "";
+    const existing = existsSync8(configPath) ? readFileSync4(configPath, "utf-8") : "";
     if (existing.includes(`[mcp_servers.${entry.id}]`)) {
       return { agent: "codex", success: true };
     }
@@ -26052,21 +26624,22 @@ function installToCodex(entry) {
 }
 function installToGemini(entry) {
   try {
-    const configDir = join8(homedir8(), ".gemini");
-    const configPath = join8(configDir, "settings.json");
-    if (!existsSync7(configDir)) {
+    const configDir = join9(homedir8(), ".gemini");
+    const configPath = join9(configDir, "settings.json");
+    if (!existsSync8(configDir)) {
       mkdirSync7(configDir, { recursive: true });
     }
     let settings = {};
-    if (existsSync7(configPath)) {
-      settings = JSON.parse(readFileSync3(configPath, "utf-8"));
+    if (existsSync8(configPath)) {
+      settings = JSON.parse(readFileSync4(configPath, "utf-8"));
     }
     if (!settings.mcpServers)
       settings.mcpServers = {};
+    const env = assertAgentInstallEnv(entry);
     settings.mcpServers[entry.id] = {
       command: entry.command,
       args: entry.args,
-      ...Object.keys(entry.env).length > 0 ? { env: entry.env } : {}
+      ...Object.keys(env).length > 0 ? { env } : {}
     };
     writeFileSync3(configPath, JSON.stringify(settings, null, 2), "utf-8");
     return { agent: "gemini", success: true };
@@ -26074,12 +26647,24 @@ function installToGemini(entry) {
     return { agent: "gemini", success: false, error: err.message };
   }
 }
+function assertAgentInstallEnv(entry) {
+  const refs = entry.credentialRefs ?? {};
+  if (Object.keys(refs).length > 0) {
+    throw new CredentialReferenceError(`Server "${entry.id}" uses credential references; refusing to materialize secrets into local agent config files`);
+  }
+  for (const [key, value] of Object.entries(entry.env)) {
+    if (isSecretLikeEnvKey(key) || isSecretLikeValue(value)) {
+      throw new CredentialReferenceError(`Server "${entry.id}" has legacy raw secret-like env "${key}"; move it to a credential reference before installing to agents`);
+    }
+  }
+  return entry.env;
+}
 function installToAgents(entry, targets = ["claude", "codex", "gemini"], options = {}) {
   try {
     assertLocalCommandConsent({
       command: entry.command,
       args: entry.args,
-      env: entry.env,
+      env: { ...entry.env, ...credentialRefPlaceholders(entry.credentialRefs) },
       transport: entry.transport,
       operation: "install"
     }, options.localCommandConsent);
@@ -26090,6 +26675,15 @@ function installToAgents(entry, targets = ["claude", "codex", "gemini"], options
       error: err.message
     }));
   }
+  try {
+    assertAgentInstallEnv(entry);
+  } catch (err) {
+    return targets.map((target) => ({
+      agent: target,
+      success: false,
+      error: err.message
+    }));
+  }
   return targets.map((target) => {
     if (target === "claude")
       return installToClaude(entry);
@@ -26299,11 +26893,11 @@ function seedDefaultMachines() {
 // src/lib/fleet.ts
 init_config2();
 import { spawn as spawn2 } from "child_process";
-import { existsSync as existsSync8, mkdirSync as mkdirSync8, readFileSync as readFileSync4, writeFileSync as writeFileSync4 } from "fs";
-import { join as join9 } from "path";
+import { existsSync as existsSync9, mkdirSync as mkdirSync8, readFileSync as readFileSync5, writeFileSync as writeFileSync4 } from "fs";
+import { join as join10 } from "path";
 var NPM_SEARCH_URL = "https://registry.npmjs.org/-/v1/search";
 var NPM_REGISTRY_URL = "https://registry.npmjs.org";
-var CATALOG_CACHE_PATH = join9(MCPS_DIR, "cache", "hasna-catalog.json");
+var CATALOG_CACHE_PATH = join10(MCPS_DIR, "cache", "hasna-catalog.json");
 var DEFAULT_CATALOG_CACHE_TTL_MS = 60 * 60 * 1000;
 var DEFAULT_REMOTE_TIMEOUT_MS = 180000;
 var DEFAULT_HANDSHAKE_TIMEOUT_MS = 2500;
@@ -26313,9 +26907,9 @@ function normalizeQueryList(values) {
 }
 function readCatalogCache(maxAgeMs) {
   try {
-    if (!existsSync8(CATALOG_CACHE_PATH))
+    if (!existsSync9(CATALOG_CACHE_PATH))
       return null;
-    const parsed = JSON.parse(readFileSync4(CATALOG_CACHE_PATH, "utf-8"));
+    const parsed = JSON.parse(readFileSync5(CATALOG_CACHE_PATH, "utf-8"));
     if (!parsed.cachedAt || !Array.isArray(parsed.entries))
       return null;
     if (Date.now() - parsed.cachedAt > maxAgeMs)
@@ -26327,7 +26921,7 @@ function readCatalogCache(maxAgeMs) {
 }
 function writeCatalogCache(entries) {
   try {
-    mkdirSync8(join9(MCPS_DIR, "cache"), { recursive: true });
+    mkdirSync8(join10(MCPS_DIR, "cache"), { recursive: true });
     writeFileSync4(CATALOG_CACHE_PATH, JSON.stringify({ cachedAt: Date.now(), entries }, null, 2), "utf-8");
   } catch {}
 }
@@ -26998,22 +27592,22 @@ async function runFleetInstall(options = {}, dependencies = {}) {
   }));
 }
 // src/lib/version.ts
-import { existsSync as existsSync9, readFileSync as readFileSync5 } from "fs";
-import { dirname as dirname3, join as join10 } from "path";
+import { existsSync as existsSync10, readFileSync as readFileSync6 } from "fs";
+import { dirname as dirname3, join as join11 } from "path";
 import { fileURLToPath } from "url";
 var FALLBACK_VERSION = "0.0.1";
 function readPackageVersion(moduleUrl, fallback = FALLBACK_VERSION) {
   const baseDir = dirname3(fileURLToPath(moduleUrl));
   const candidates = [
-    join10(baseDir, "..", "..", "package.json"),
-    join10(baseDir, "..", "package.json"),
-    join10(baseDir, "package.json")
+    join11(baseDir, "..", "..", "package.json"),
+    join11(baseDir, "..", "package.json"),
+    join11(baseDir, "package.json")
   ];
   for (const candidate of candidates) {
-    if (!existsSync9(candidate))
+    if (!existsSync10(candidate))
       continue;
     try {
-      const pkg = JSON.parse(readFileSync5(candidate, "utf-8"));
+      const pkg = JSON.parse(readFileSync6(candidate, "utf-8"));
       if (pkg.version)
         return pkg.version;
     } catch {}
@@ -27029,19 +27623,27 @@ export {
   updateServer,
   updateMachine,
   unsetServerEnv,
+  unsetServerCredentialRef,
   setServerEnv,
+  setServerCredentialRef,
   seedDefaultProviderProfiles,
   seedDefaultMachines,
   searchRegistry,
   searchProviderProfiles,
   runFleetInstall,
   runFleetHealthCheck,
+  resolveServerEnv,
   removeSource,
   removeServer,
   removeProviderProfile,
   removeMachine,
   refreshTools,
+  redactServerCredentials,
+  redactEnv,
   readPackageVersion,
+  normalizeLiteralEnv,
+  normalizeCredentialRefs,
+  normalizeCredentialRef,
   listSources,
   listServers,
   listProviderProfiles,
@@ -27049,6 +27651,8 @@ export {
   listHasnaMcpCatalog,
   listAwesomeServers,
   listAllTools,
+  isSecretLikeValue,
+  isSecretLikeEnvKey,
   installToAgents,
   installProviderProfile,
   installFromRegistry,
@@ -27072,6 +27676,7 @@ export {
   disableServer,
   disableProviderProfile,
   diagnoseServer,
+  credentialRefPlaceholders,
   connectToServer,
   closeDb,
   cloneServer,
@@ -27080,7 +27685,9 @@ export {
   addSource,
   addServer,
   addMachine,
+  REDACTED_CREDENTIAL_VALUE,
   LocalCommandConsentError,
   DEFAULT_PROVIDER_PROFILE_SEEDS,
-  DEFAULT_MACHINE_SEEDS
+  DEFAULT_MACHINE_SEEDS,
+  CredentialReferenceError
 };