@kitsy/cnos 1.1.2 → 1.3.0

package/dist/{chunk-33ZDYDQJ.js → chunk-DRKDNY4I.js}

@@ -1,8 +1,3 @@
-// ../core/src/utils/path.ts
-import { access } from "fs/promises";
-import os from "os";
-import path from "path";
-
 // ../core/src/errors.ts
 var CnosError = class extends Error {
   constructor(message) {
@@ -17,6 +12,16 @@ var CnosManifestError = class extends CnosError {
   }
   manifestPath;
 };
+var CnosSecurityError = class extends CnosError {
+  constructor(message) {
+    super(message);
+  }
+};
+var CnosAuthenticationError = class extends CnosError {
+  constructor(message) {
+    super(message);
+  }
+};
 var CnosKeyNotFoundError = class extends CnosError {
   constructor(key) {
     super(`Missing required CNOS config key: ${key}`);
@@ -25,7 +30,149 @@ var CnosKeyNotFoundError = class extends CnosError {
   key;
 };
 
+// ../core/src/runtime/inspect.ts
+function inspectValue(graph, key) {
+  const entry = graph.entries.get(key);
+  if (!entry) {
+    throw new CnosKeyNotFoundError(key);
+  }
+  return {
+    key: entry.key,
+    value: entry.value,
+    namespace: entry.namespace,
+    profile: graph.profile,
+    profileSource: graph.profileSource,
+    workspace: {
+      id: graph.workspace.workspaceId,
+      source: graph.workspace.workspaceSource,
+      chain: graph.workspace.workspaceChain
+    },
+    winner: {
+      sourceId: entry.winner.sourceId,
+      pluginId: entry.winner.pluginId,
+      workspaceId: entry.winner.workspaceId,
+      ...entry.winner.origin ? { origin: entry.winner.origin } : {}
+    },
+    overridden: entry.overridden.map((override) => ({
+      sourceId: override.sourceId,
+      pluginId: override.pluginId,
+      workspaceId: override.workspaceId,
+      value: override.value,
+      ...override.origin ? { origin: override.origin } : {}
+    }))
+  };
+}
+
+// ../core/src/keychain/linux.ts
+import { execFile, spawn } from "child_process";
+import { promisify } from "util";
+var execFileAsync = promisify(execFile);
+async function readLinuxKeychain(entry) {
+  try {
+    const { stdout } = await execFileAsync("secret-tool", ["lookup", "service", "cnos", "account", entry]);
+    const value = stdout.trim();
+    return value.length > 0 ? value : void 0;
+  } catch {
+    return void 0;
+  }
+}
+async function writeLinuxKeychain(entry, value) {
+  await new Promise((resolve, reject) => {
+    const child = spawn("secret-tool", ["store", "--label", `CNOS ${entry}`, "service", "cnos", "account", entry], {
+      stdio: ["pipe", "ignore", "pipe"]
+    });
+    let stderr = "";
+    child.stdin?.end(value);
+    child.stderr?.on("data", (chunk) => {
+      stderr += chunk.toString();
+    });
+    child.on("error", reject);
+    child.on("close", (code) => {
+      if (code === 0) {
+        resolve();
+        return;
+      }
+      reject(new Error(stderr || `secret-tool exited with code ${code ?? 1}`));
+    });
+  });
+}
+
+// ../core/src/keychain/macos.ts
+import { execFile as execFile2 } from "child_process";
+import { promisify as promisify2 } from "util";
+var execFileAsync2 = promisify2(execFile2);
+async function readMacosKeychain(entry) {
+  try {
+    const { stdout } = await execFileAsync2("security", ["find-generic-password", "-a", "cnos", "-s", entry, "-w"]);
+    const value = stdout.trim();
+    return value.length > 0 ? value : void 0;
+  } catch {
+    return void 0;
+  }
+}
+async function writeMacosKeychain(entry, value) {
+  await execFileAsync2("security", ["add-generic-password", "-a", "cnos", "-s", entry, "-w", value, "-U"]);
+}
+
+// ../core/src/keychain/windows.ts
+import { execFile as execFile3 } from "child_process";
+import { promisify as promisify3 } from "util";
+var execFileAsync3 = promisify3(execFile3);
+function wrap(script) {
+  return ["-NoProfile", "-Command", script];
+}
+async function readWindowsKeychain(entry) {
+  try {
+    const { stdout } = await execFileAsync3(
+      "powershell",
+      wrap(`Add-Type -AssemblyName System.Runtime.WindowsRuntime; [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime] > $null; $vault = New-Object Windows.Security.Credentials.PasswordVault; $credential = $vault.Retrieve('cnos','${entry}'); $credential.RetrievePassword(); Write-Output $credential.Password`)
+    );
+    const value = stdout.trim();
+    return value.length > 0 ? value : void 0;
+  } catch {
+    return void 0;
+  }
+}
+async function writeWindowsKeychain(entry, value) {
+  await execFileAsync3(
+    "powershell",
+    wrap(`Add-Type -AssemblyName System.Runtime.WindowsRuntime; [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime] > $null; $vault = New-Object Windows.Security.Credentials.PasswordVault; try { $existing = $vault.Retrieve('cnos','${entry}'); $vault.Remove($existing) } catch {}; $credential = New-Object Windows.Security.Credentials.PasswordCredential('cnos','${entry}','${value}'); $vault.Add($credential)`)
+  );
+}
+
+// ../core/src/keychain/index.ts
+async function readKeychain(entry) {
+  if (process.platform === "win32") {
+    return readWindowsKeychain(entry);
+  }
+  if (process.platform === "darwin") {
+    return readMacosKeychain(entry);
+  }
+  if (process.platform === "linux") {
+    return readLinuxKeychain(entry);
+  }
+  return void 0;
+}
+async function writeKeychain(entry, value) {
+  if (process.platform === "win32") {
+    await writeWindowsKeychain(entry, value);
+    return;
+  }
+  if (process.platform === "darwin") {
+    await writeMacosKeychain(entry, value);
+    return;
+  }
+  if (process.platform === "linux") {
+    await writeLinuxKeychain(entry, value);
+    return;
+  }
+  throw new CnosAuthenticationError(`OS keychain is not supported on platform "${process.platform}".`);
+}
+
 // ../core/src/utils/path.ts
+import { access } from "fs/promises";
+import os from "os";
+import path from "path";
 var PRIMARY_CNOS_DIR = ".cnos";
 var LEGACY_CNOS_DIR = "cnos";
 async function exists(filePath) {
@@ -120,10 +267,401 @@ function stringifyYaml(value) {
   return stringify(value);
 }
 
-// ../core/src/utils/secretStore.ts
-import { createCipheriv, createDecipheriv, randomBytes, scryptSync } from "crypto";
-import { mkdir, readdir, readFile, writeFile } from "fs/promises";
+// ../core/src/manifest/loadManifest.ts
+import { readFile } from "fs/promises";
 import path2 from "path";
+
+// ../core/src/manifest/normalizeManifest.ts
+var DEFAULT_RESOLVE_FROM = ["cli.profile", "env.CNOS_PROFILE", "default"];
+var DEFAULT_LOADERS = [
+  "filesystem-values",
+  "filesystem-secrets",
+  "dotenv",
+  "process-env",
+  "cli-args"
+];
+var DEFAULT_VALIDATORS = ["basic-schema"];
+var DEFAULT_EXPORTERS = ["env", "public-env"];
+var DEFAULT_INSPECTORS = ["provenance"];
+var DEFAULT_FRAMEWORK_PREFIXES = {
+  next: "NEXT_PUBLIC_",
+  vite: "VITE_",
+  nuxt: "NUXT_PUBLIC_"
+};
+var DEFAULT_NAMESPACES = {
+  value: {
+    kind: "data",
+    shareable: true
+  },
+  secret: {
+    kind: "data",
+    shareable: false,
+    sensitive: true
+  },
+  meta: {
+    kind: "system",
+    shareable: false,
+    readonly: true
+  },
+  public: {
+    kind: "projection",
+    source: "promote",
+    shareable: true,
+    readonly: true
+  },
+  env: {
+    kind: "projection",
+    source: "envMapping",
+    shareable: true,
+    readonly: true
+  }
+};
+function validateResolveFrom(resolveFrom) {
+  const validValues = ["cli.profile", "env.CNOS_PROFILE", "default"];
+  for (const entry of resolveFrom) {
+    if (!validValues.includes(entry)) {
+      throw new CnosManifestError(`Unsupported profiles.resolveFrom entry: ${entry}`);
+    }
+  }
+  return resolveFrom;
+}
+function normalizeWorkspaceItems(items) {
+  return Object.fromEntries(
+    Object.entries(items ?? {}).map(([workspaceId, item]) => [
+      workspaceId,
+      {
+        extends: Array.isArray(item?.extends) ? item.extends.map((entry) => entry.trim()).filter(Boolean) : item?.extends ? [item.extends.trim()].filter(Boolean) : [],
+        ...item?.globalId?.trim() ? { globalId: item.globalId.trim() } : {}
+      }
+    ])
+  );
+}
+function normalizeNamespaces(namespaces) {
+  const normalized = Object.fromEntries(
+    Object.entries(namespaces ?? {}).map(([namespace, definition]) => [
+      namespace,
+      {
+        kind: definition.kind ?? "data",
+        shareable: definition.shareable ?? false,
+        ...definition.sensitive !== void 0 ? { sensitive: definition.sensitive } : {},
+        ...definition.readonly !== void 0 ? { readonly: definition.readonly } : {},
+        ...definition.source ? { source: definition.source } : {}
+      }
+    ])
+  );
+  return {
+    ...DEFAULT_NAMESPACES,
+    ...normalized
+  };
+}
+function normalizeVaults(vaults) {
+  return Object.fromEntries(
+    Object.entries(vaults ?? {}).map(([name, definition]) => {
+      const legacyPassphrase = definition.passphrase;
+      if (legacyPassphrase !== void 0) {
+        throw new CnosManifestError(
+          `Vault "${name}" uses legacy passphrase configuration. Use vaults.${name}.auth instead.`
+        );
+      }
+      const provider = definition.provider?.trim();
+      if (!provider) {
+        throw new CnosManifestError(`Vault "${name}" requires a provider`);
+      }
+      const normalizedAuth = normalizeVaultAuth(name, provider, definition.auth);
+      const normalizedMapping = Object.fromEntries(
+        Object.entries(definition.mapping ?? {}).filter(
+          (entry) => typeof entry[0] === "string" && typeof entry[1] === "string"
+        ).map(([envVar, logicalRef]) => [envVar.trim(), logicalRef.trim()]).filter(([envVar, logicalRef]) => envVar.length > 0 && logicalRef.length > 0)
+      );
+      return [
+        name,
+        {
+          provider,
+          auth: normalizedAuth,
+          ...Object.keys(normalizedMapping).length > 0 ? {
+            mapping: normalizedMapping
+          } : {}
+        }
+      ];
+    })
+  );
+}
+function normalizeAuthSources(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return void 0;
+  }
+  const sources = Array.isArray(value.from) ? value.from : void 0;
+  const normalized = (sources ?? []).map((entry) => typeof entry === "string" ? entry.trim() : "").filter(Boolean);
+  return normalized.length > 0 ? normalized : void 0;
+}
+function normalizeVaultAuth(vaultName, provider, auth) {
+  if (provider === "local") {
+    const passphraseSources = normalizeAuthSources(auth?.passphrase);
+    const defaultToken = vaultName.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
+    const defaultSources = [
+      ...defaultToken ? [`env:CNOS_SECRET_PASSPHRASE_${defaultToken}`] : [],
+      "env:CNOS_SECRET_PASSPHRASE",
+      `keychain:cnos/${vaultName}`,
+      "prompt"
+    ];
+    return {
+      method: auth?.method ?? "passphrase",
+      passphrase: {
+        from: passphraseSources ?? defaultSources
+      },
+      ...auth?.config ? { config: auth.config } : {}
+    };
+  }
+  if (provider === "github-secrets") {
+    return {
+      method: auth?.method ?? "environment",
+      ...auth?.config ? { config: auth.config } : {}
+    };
+  }
+  return {
+    ...auth?.method ? { method: auth.method } : {},
+    ...normalizeAuthSources(auth?.passphrase) ? {
+      passphrase: {
+        from: normalizeAuthSources(auth?.passphrase) ?? []
+      }
+    } : {},
+    ...normalizeAuthSources(auth?.token) ? {
+      token: {
+        from: normalizeAuthSources(auth?.token) ?? []
+      }
+    } : {},
+    ...auth?.config ? { config: auth.config } : {}
+  };
+}
+function normalizeManifest(manifest) {
+  const version = manifest.version ?? 1;
+  if (version !== 1) {
+    throw new CnosManifestError(`Unsupported CNOS manifest version: ${version}`);
+  }
+  const projectName = manifest.project?.name?.trim();
+  if (!projectName) {
+    throw new CnosManifestError("Manifest requires project.name");
+  }
+  const defaultProfile = manifest.profiles?.default?.trim() || "base";
+  const workspaceItems = normalizeWorkspaceItems(manifest.workspaces?.items);
+  const resolveFrom = validateResolveFrom(manifest.profiles?.resolveFrom ?? DEFAULT_RESOLVE_FROM);
+  const filesystemValues = {
+    root: "./",
+    format: "yaml",
+    ...manifest.sources?.["filesystem-values"] ?? {}
+  };
+  const filesystemSecrets = {
+    root: "./",
+    format: "yaml",
+    ...manifest.sources?.["filesystem-secrets"] ?? {}
+  };
+  const dotenv = {
+    root: "./env",
+    ...manifest.sources?.dotenv ?? {}
+  };
+  return {
+    version: 1,
+    project: {
+      name: projectName
+    },
+    workspaces: {
+      ...manifest.workspaces?.default?.trim() ? {
+        default: manifest.workspaces.default.trim()
+      } : {},
+      global: {
+        enabled: manifest.workspaces?.global?.enabled ?? false,
+        ...manifest.workspaces?.global?.root?.trim() ? {
+          root: manifest.workspaces.global.root.trim()
+        } : {},
+        allowWrite: manifest.workspaces?.global?.allowWrite ?? false
+      },
+      items: workspaceItems
+    },
+    profiles: {
+      default: defaultProfile,
+      resolveFrom
+    },
+    plugins: {
+      loaders: manifest.plugins?.loaders ?? DEFAULT_LOADERS,
+      resolver: manifest.plugins?.resolver ?? "profile-aware",
+      validators: manifest.plugins?.validators ?? DEFAULT_VALIDATORS,
+      exporters: manifest.plugins?.exporters ?? DEFAULT_EXPORTERS,
+      inspectors: manifest.plugins?.inspectors ?? DEFAULT_INSPECTORS
+    },
+    sources: {
+      ...manifest.sources ?? {},
+      "filesystem-values": filesystemValues,
+      "filesystem-secrets": filesystemSecrets,
+      dotenv
+    },
+    resolution: {
+      precedence: manifest.resolution?.precedence ?? [
+        "filesystem-values",
+        "filesystem-secrets",
+        "dotenv",
+        "process-env",
+        "cli-args"
+      ],
+      arrayPolicy: manifest.resolution?.arrayPolicy ?? "replace"
+    },
+    envMapping: {
+      ...manifest.envMapping?.convention ? {
+        convention: manifest.envMapping.convention
+      } : {},
+      explicit: manifest.envMapping?.explicit ?? {}
+    },
+    public: {
+      promote: manifest.public?.promote ?? [],
+      frameworks: {
+        ...DEFAULT_FRAMEWORK_PREFIXES,
+        ...manifest.public?.frameworks ?? {}
+      }
+    },
+    namespaces: normalizeNamespaces(manifest.namespaces),
+    vaults: normalizeVaults(manifest.vaults),
+    writePolicy: {
+      define: {
+        defaultProfile: manifest.writePolicy?.define?.defaultProfile ?? defaultProfile,
+        targets: {
+          value: manifest.writePolicy?.define?.targets?.value ?? "./values/app.yml",
+          secret: manifest.writePolicy?.define?.targets?.secret ?? "./secrets/app.yml"
+        }
+      }
+    },
+    schema: manifest.schema ?? {}
+  };
+}
+
+// ../core/src/manifest/loadManifest.ts
+async function loadManifest(options = {}) {
+  const manifestRoot = await resolveManifestRoot(options.root);
+  const manifestPath = path2.join(manifestRoot, "cnos.yml");
+  let source;
+  try {
+    source = await readFile(manifestPath, "utf8");
+  } catch {
+    throw new CnosManifestError("Unable to read CNOS manifest", manifestPath);
+  }
+  const rawManifest = parseYaml(source);
+  if (!rawManifest || typeof rawManifest !== "object") {
+    throw new CnosManifestError("CNOS manifest must be a YAML object", manifestPath);
+  }
+  return {
+    manifestRoot,
+    repoRoot: path2.dirname(manifestRoot),
+    manifestPath,
+    manifest: normalizeManifest(rawManifest),
+    rawManifest
+  };
+}
+
+// ../core/src/promotions/validatePromotion.ts
+var DEFAULT_DATA_NAMESPACE = {
+  kind: "data",
+  shareable: false
+};
+function getNamespaceNameForKey(key) {
+  const [namespace] = key.split(".");
+  if (!namespace || !key.includes(".")) {
+    throw new CnosManifestError(`Logical key must be namespace-qualified: ${key}`);
+  }
+  return namespace;
+}
+function getNamespaceDefinition(manifest, namespaceOrKey) {
+  const namespace = namespaceOrKey.includes(".") ? getNamespaceNameForKey(namespaceOrKey) : namespaceOrKey;
+  return manifest.namespaces[namespace] ?? DEFAULT_DATA_NAMESPACE;
+}
+function ensureProjectionAllowed(manifest, key, target) {
+  const namespace = getNamespaceNameForKey(key);
+  const definition = getNamespaceDefinition(manifest, namespace);
+  if (definition.kind !== "data") {
+    throw new CnosManifestError(
+      `Cannot promote ${key} to ${target} because namespace "${namespace}" is not a data namespace.`
+    );
+  }
+  if (definition.sensitive) {
+    throw new CnosSecurityError(
+      `Cannot promote ${key} to ${target} because namespace "${namespace}" is sensitive.`
+    );
+  }
+  if (!definition.shareable) {
+    throw new CnosSecurityError(
+      `Cannot promote ${key} to ${target} because namespace "${namespace}" is not shareable.`
+    );
+  }
+}
+function validateProjectionIssue(manifest, key, target) {
+  try {
+    ensureProjectionAllowed(manifest, key, target);
+    return void 0;
+  } catch (error) {
+    return {
+      code: target === "public" ? "public.invalid-promotion" : "env.invalid-mapping",
+      key,
+      message: error instanceof Error ? error.message : String(error)
+    };
+  }
+}
+
+// ../core/src/secrets/sessionStore.ts
+import { mkdir, readFile as readFile2, readdir, rm, writeFile } from "fs/promises";
+import path3 from "path";
+function buildSessionRoot(processEnv = process.env) {
+  return path3.join(path3.resolve(expandHomePath(processEnv.CNOS_SECRET_HOME ?? "~/.cnos/secrets")), "sessions");
+}
+function buildSessionPath(vault, processEnv) {
+  return path3.join(buildSessionRoot(processEnv), `${vault}.json`);
+}
+async function writeVaultSessionKey(vault, derivedKey, processEnv) {
+  const filePath = buildSessionPath(vault, processEnv);
+  await mkdir(path3.dirname(filePath), { recursive: true });
+  const document = {
+    version: 1,
+    vault,
+    derivedKey: derivedKey.toString("hex"),
+    createdAt: (/* @__PURE__ */ new Date()).toISOString()
+  };
+  await writeFile(filePath, JSON.stringify(document, null, 2), "utf8");
+  return filePath;
+}
+async function readVaultSessionKey(vault, processEnv) {
+  try {
+    const source = await readFile2(buildSessionPath(vault, processEnv), "utf8");
+    const document = JSON.parse(source);
+    if (document.version !== 1 || typeof document.derivedKey !== "string") {
+      return void 0;
+    }
+    const key = Buffer.from(document.derivedKey, "hex");
+    return key.length > 0 ? key : void 0;
+  } catch {
+    return void 0;
+  }
+}
+async function clearVaultSessionKey(vault, processEnv) {
+  await rm(buildSessionPath(vault, processEnv), { force: true });
+}
+async function clearAllVaultSessionKeys(processEnv) {
+  const root = buildSessionRoot(processEnv);
+  try {
+    const entries = await readdir(root);
+    await Promise.all(entries.map((entry) => rm(path3.join(root, entry), { force: true })));
+  } catch {
+  }
+}
+
+// ../core/src/utils/secretStore.ts
+import { createCipheriv, createDecipheriv, pbkdf2Sync, randomBytes } from "crypto";
+import { mkdir as mkdir2, readdir as readdir2, readFile as readFile3, rm as rm2, stat, writeFile as writeFile2 } from "fs/promises";
+import path4 from "path";
+var KEY_LENGTH = 32;
+var SALT_LENGTH = 32;
+var IV_LENGTH = 12;
+var AUTH_TAG_LENGTH = 16;
+var PBKDF2_ITERATIONS = 6e5;
+var KEYSTORE_VERSION = 1;
+var METADATA_VERSION = 1;
+var META_FILENAME = "meta.yml";
+var KEYSTORE_FILENAME = "keystore.enc";
 function isObject(value) {
   return Boolean(value) && typeof value === "object" && !Array.isArray(value);
 }
@@ -131,103 +669,657 @@ function isSecretReference(value) {
   return isObject(value) && typeof value.provider === "string" && value.provider.trim().length > 0 && typeof value.ref === "string" && value.ref.trim().length > 0 && (value.vault === void 0 && true || typeof value.vault === "string" && value.vault.trim().length > 0) && Object.keys(value).every((key) => ["provider", "ref", "vault"].includes(key));
 }
 function resolveSecretStoreRoot(processEnv = process.env) {
-  return path2.resolve(expandHomePath(processEnv.CNOS_SECRET_HOME ?? "~/.cnos/secrets"));
+  return path4.resolve(expandHomePath(processEnv.CNOS_SECRET_HOME ?? "~/.cnos/secrets"));
 }
-function resolveSecretVaultFile(storeRoot, vault = "default") {
-  return path2.join(storeRoot, "vaults", `${vault}.json`);
+function normalizeVaultToken(vault = "default") {
+  return vault.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
 }
-function resolveSecretStoreFile(storeRoot, ref, vault = "default") {
-  return path2.join(storeRoot, "vaults", vault, "store", ...ref.split("/")).concat(".json");
+function getVaultPassphraseEnvVar(vault = "default") {
+  const vaultToken = normalizeVaultToken(vault);
+  return vaultToken && vaultToken !== "DEFAULT" ? `CNOS_SECRET_PASSPHRASE_${vaultToken}` : "CNOS_SECRET_PASSPHRASE";
 }
-function deriveKey(passphrase, salt) {
-  return scryptSync(passphrase, salt, 32);
+function isPassphraseEnvRef(value) {
+  return typeof value === "string" && value.startsWith("env:") && value.length > 4;
+}
+function getVaultSessionKeyEnvVar(vault = "default") {
+  const vaultToken = normalizeVaultToken(vault);
+  return `__CNOS_VAULT_KEY_${vaultToken || "DEFAULT"}__`;
 }
 function resolveSecretPassphrase(vault = "default", processEnv = process.env) {
-  const vaultToken = vault.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
-  return processEnv[`CNOS_SECRET_PASSPHRASE_${vaultToken}`] ?? processEnv.CNOS_SECRET_PASSPHRASE;
+  return processEnv[getVaultPassphraseEnvVar(vault)] ?? processEnv.CNOS_SECRET_PASSPHRASE;
+}
+function resolveVaultSessionKey(vault = "default", processEnv = process.env) {
+  const encoded = processEnv[getVaultSessionKeyEnvVar(vault)];
+  if (!encoded) {
+    return readVaultSessionKey(vault, processEnv);
+  }
+  try {
+    const key = Buffer.from(encoded, "hex");
+    return key.length === KEY_LENGTH ? key : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function deriveVaultKey(passphrase, salt, iterations = PBKDF2_ITERATIONS) {
+  return pbkdf2Sync(passphrase, salt, iterations, KEY_LENGTH, "sha512");
+}
+function buildMetaPath(storeRoot, vault = "default") {
+  return path4.join(storeRoot, "vaults", vault, META_FILENAME);
+}
+function resolveSecretVaultFile(storeRoot, vault = "default") {
+  return buildMetaPath(storeRoot, vault);
+}
+function buildKeystorePath(storeRoot, vault = "default") {
+  return path4.join(storeRoot, "vaults", vault, KEYSTORE_FILENAME);
+}
+function buildLegacyVaultFile(storeRoot, vault = "default") {
+  return path4.join(storeRoot, "vaults", `${vault}.json`);
+}
+function buildLegacyVaultStoreRoot(storeRoot, vault = "default") {
+  return path4.join(storeRoot, "vaults", vault, "store");
+}
+function assertVaultMetadata(value, filePath) {
+  if (!isObject(value)) {
+    throw new CnosManifestError("Invalid CNOS vault metadata", filePath);
+  }
+  if (value.version !== METADATA_VERSION || value.algorithm !== "aes-256-gcm" || value.kdf !== "pbkdf2-sha512" || typeof value.iterations !== "number" || typeof value.salt !== "string" || typeof value.createdAt !== "string" || typeof value.secretCount !== "number") {
+    throw new CnosManifestError("Invalid CNOS vault metadata", filePath);
+  }
+  return value;
+}
+async function exists2(targetPath) {
+  try {
+    await stat(targetPath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function detectLegacyVaultFormat(storeRoot, vault = "default") {
+  const legacyFile = buildLegacyVaultFile(storeRoot, vault);
+  const legacyStore = buildLegacyVaultStoreRoot(storeRoot, vault);
+  if (await exists2(legacyFile)) {
+    return legacyFile;
+  }
+  if (await exists2(legacyStore)) {
+    return legacyStore;
+  }
+  return void 0;
+}
+async function assertNoLegacyVaultFormat(storeRoot, vault = "default") {
+  const legacyPath = await detectLegacyVaultFormat(storeRoot, vault);
+  if (!legacyPath) {
+    return;
+  }
+  throw new CnosSecurityError(
+    `Legacy CNOS local vault format detected for vault "${vault}" at ${legacyPath}. CNOS 1.4 requires the new keystore format. Remove and recreate the vault.`
+  );
 }
-function encryptDocument(value, passphrase) {
-  const salt = randomBytes(16);
-  const iv = randomBytes(12);
-  const key = deriveKey(passphrase, salt);
+function encryptPayload(payload, key) {
+  const iv = randomBytes(IV_LENGTH);
   const cipher = createCipheriv("aes-256-gcm", key, iv);
-  const ciphertext = Buffer.concat([cipher.update(value, "utf8"), cipher.final()]);
+  const plaintext = Buffer.from(JSON.stringify(payload), "utf8");
+  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
   const tag = cipher.getAuthTag();
+  return Buffer.concat([
+    Buffer.from(Uint32Array.of(KEYSTORE_VERSION).buffer),
+    iv,
+    tag,
+    ciphertext
+  ]);
+}
+function decryptPayload(buffer, key) {
+  if (buffer.length < 4 + IV_LENGTH + AUTH_TAG_LENGTH) {
+    throw new CnosSecurityError("Invalid CNOS local vault keystore");
+  }
+  const version = buffer.readUInt32LE(0);
+  if (version !== KEYSTORE_VERSION) {
+    throw new CnosSecurityError(`Unsupported CNOS local vault keystore version: ${version}`);
+  }
+  const ivOffset = 4;
+  const tagOffset = ivOffset + IV_LENGTH;
+  const cipherOffset = tagOffset + AUTH_TAG_LENGTH;
+  const iv = buffer.subarray(ivOffset, tagOffset);
+  const tag = buffer.subarray(tagOffset, cipherOffset);
+  const ciphertext = buffer.subarray(cipherOffset);
+  const decipher = createDecipheriv("aes-256-gcm", key, iv);
+  decipher.setAuthTag(tag);
+  try {
+    const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
+    const payload = JSON.parse(plaintext);
+    if (!payload || !isObject(payload.secrets) || !isObject(payload.metadata)) {
+      throw new Error("invalid");
+    }
+    return {
+      secrets: Object.fromEntries(
+        Object.entries(payload.secrets).filter((entry) => typeof entry[1] === "string")
+      ),
+      metadata: Object.fromEntries(
+        Object.entries(payload.metadata).filter(
+          (entry) => isObject(entry[1]) && typeof entry[1].createdAt === "string" && typeof entry[1].updatedAt === "string"
+        )
+      )
+    };
+  } catch {
+    throw new CnosAuthenticationError("Failed to decrypt CNOS local vault. Check vault authentication.");
+  }
+}
+function buildInitialPayload() {
   return {
-    version: 1,
+    secrets: {},
+    metadata: {}
+  };
+}
+async function writeVaultFiles(storeRoot, vault, meta, payload, key) {
+  const metaPath = buildMetaPath(storeRoot, vault);
+  const keystorePath = buildKeystorePath(storeRoot, vault);
+  await mkdir2(path4.dirname(metaPath), { recursive: true });
+  await writeFile2(metaPath, stringifyYaml(meta), "utf8");
+  await writeFile2(keystorePath, encryptPayload(payload, key));
+}
+async function readVaultMetadata(storeRoot, vault = "default") {
+  await assertNoLegacyVaultFormat(storeRoot, vault);
+  const metaPath = buildMetaPath(storeRoot, vault);
+  try {
+    const source = await readFile3(metaPath, "utf8");
+    return assertVaultMetadata(parseYaml(source), metaPath);
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return void 0;
+    }
+    throw error;
+  }
+}
+async function listSecretVaults(storeRoot) {
+  const vaultRoot = path4.join(storeRoot, "vaults");
+  try {
+    const entries = await readdir2(vaultRoot, { withFileTypes: true });
+    const vaults = await Promise.all(
+      entries.filter((entry) => entry.isDirectory()).map(async (entry) => await exists2(path4.join(vaultRoot, entry.name, META_FILENAME)) ? entry.name : void 0)
+    );
+    return vaults.filter((value) => Boolean(value)).sort((left, right) => left.localeCompare(right));
+  } catch {
+    return [];
+  }
+}
+async function createSecretVault(storeRoot, vault, passphrase) {
+  const normalizedVault = vault.trim() || "default";
+  await assertNoLegacyVaultFormat(storeRoot, normalizedVault);
+  const salt = randomBytes(SALT_LENGTH);
+  const key = deriveVaultKey(passphrase, salt, PBKDF2_ITERATIONS);
+  const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+  const meta = {
+    version: METADATA_VERSION,
     algorithm: "aes-256-gcm",
+    kdf: "pbkdf2-sha512",
+    iterations: PBKDF2_ITERATIONS,
     salt: salt.toString("base64"),
-    iv: iv.toString("base64"),
-    tag: tag.toString("base64"),
-    ciphertext: ciphertext.toString("base64")
+    createdAt,
+    secretCount: 0
   };
+  await writeVaultFiles(storeRoot, normalizedVault, meta, buildInitialPayload(), key);
+  return buildMetaPath(storeRoot, normalizedVault);
 }
-function decryptDocument(document, passphrase) {
-  const salt = Buffer.from(document.salt, "base64");
-  const iv = Buffer.from(document.iv, "base64");
-  const tag = Buffer.from(document.tag, "base64");
-  const ciphertext = Buffer.from(document.ciphertext, "base64");
-  const key = deriveKey(passphrase, salt);
-  const decipher = createDecipheriv("aes-256-gcm", key, iv);
-  decipher.setAuthTag(tag);
-  const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-  return plaintext.toString("utf8");
+async function ensureSecretVault(storeRoot, vault, passphrase) {
+  const normalizedVault = vault.trim() || "default";
+  const meta = await readVaultMetadata(storeRoot, normalizedVault);
+  if (meta) {
+    return buildMetaPath(storeRoot, normalizedVault);
+  }
+  return createSecretVault(storeRoot, normalizedVault, passphrase);
+}
+function resolveConfiguredVaultPassphrase(definition, vault = "default", processEnv = process.env) {
+  if (definition?.provider !== "local") {
+    return void 0;
+  }
+  const configuredSources = definition.auth?.passphrase?.from ?? [];
+  for (const source of configuredSources) {
+    if (source.startsWith("env:")) {
+      const value = processEnv[source.slice(4)];
+      if (value) {
+        return value;
+      }
+    }
+  }
+  return resolveSecretPassphrase(vault, processEnv);
+}
+async function resolveVaultAccessKey(storeRoot, definition, vault = "default", processEnv = process.env) {
+  if (definition?.provider !== "local") {
+    return definition?.provider === "github-secrets" ? {
+      method: definition.auth?.method ?? "environment",
+      ...definition?.auth?.config ? { config: definition.auth.config } : {}
+    } : void 0;
+  }
+  const sessionKey = await resolveVaultSessionKey(vault, processEnv);
+  if (sessionKey) {
+    return {
+      derivedKey: sessionKey,
+      method: "keychain",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  const passphrase = resolveConfiguredVaultPassphrase(definition, vault, processEnv);
+  if (passphrase) {
+    return {
+      passphrase,
+      method: "passphrase",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  const metadata = await readVaultMetadata(storeRoot, vault);
+  if (!metadata) {
+    return void 0;
+  }
+  throw new CnosAuthenticationError(
+    `Cannot authenticate to vault "${vault}". Set ${getVaultPassphraseEnvVar(vault)} or run cnos vault auth ${vault}.`
+  );
+}
+async function loadVaultPayload(storeRoot, vault, auth) {
+  const meta = await readVaultMetadata(storeRoot, vault);
+  if (!meta) {
+    throw new CnosManifestError(`Missing CNOS vault metadata for "${vault}"`);
+  }
+  const salt = Buffer.from(meta.salt, "base64");
+  const key = auth.derivedKey ?? (auth.passphrase ? deriveVaultKey(auth.passphrase, salt, meta.iterations) : void 0);
+  if (!key) {
+    throw new CnosAuthenticationError(`Vault "${vault}" requires authentication before access.`);
+  }
+  const buffer = await readFile3(buildKeystorePath(storeRoot, vault));
+  return {
+    meta,
+    payload: decryptPayload(buffer, key),
+    key
+  };
+}
+async function writeLocalSecret(storeRoot, ref, value, authOrPassphrase, vault = "default") {
+  const auth = typeof authOrPassphrase === "string" ? {
+    passphrase: authOrPassphrase,
+    method: "passphrase"
+  } : authOrPassphrase;
+  if (auth.passphrase) {
+    await ensureSecretVault(storeRoot, vault, auth.passphrase);
+  } else {
+    const meta2 = await readVaultMetadata(storeRoot, vault);
+    if (!meta2) {
+      throw new CnosAuthenticationError(`Vault "${vault}" requires passphrase-based authentication for initial creation.`);
+    }
+  }
+  const { meta, payload, key } = await loadVaultPayload(storeRoot, vault, auth);
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const existing = payload.metadata[ref];
+  payload.secrets[ref] = value;
+  payload.metadata[ref] = {
+    createdAt: existing?.createdAt ?? now,
+    updatedAt: now
+  };
+  const nextMeta = {
+    ...meta,
+    secretCount: Object.keys(payload.secrets).length
+  };
+  await writeVaultFiles(storeRoot, vault, nextMeta, payload, key);
+  return buildKeystorePath(storeRoot, vault);
+}
+async function deleteLocalSecret(storeRoot, ref, auth, vault = "default") {
+  const { meta, payload, key } = await loadVaultPayload(storeRoot, vault, auth);
+  if (!(ref in payload.secrets)) {
+    return false;
+  }
+  delete payload.secrets[ref];
+  delete payload.metadata[ref];
+  const nextMeta = {
+    ...meta,
+    secretCount: Object.keys(payload.secrets).length
+  };
+  await writeVaultFiles(storeRoot, vault, nextMeta, payload, key);
+  return true;
+}
+async function readLocalSecret(storeRoot, ref, auth, vault = "default") {
+  const { payload } = await loadVaultPayload(storeRoot, vault, auth);
+  const value = payload.secrets[ref];
+  if (value === void 0) {
+    throw new CnosManifestError(`Missing local secret ref "${ref}" in vault "${vault}"`);
+  }
+  return value;
+}
+async function listLocalSecrets(storeRoot, auth, vault = "default") {
+  const { payload } = await loadVaultPayload(storeRoot, vault, auth);
+  return Object.keys(payload.secrets).sort((left, right) => left.localeCompare(right));
+}
+function resolveVaultDefinition(vaults, vault = "default") {
+  const definition = vaults?.[vault];
+  const provider = definition?.provider ?? "local";
+  return {
+    name: vault,
+    provider,
+    ...definition?.auth ? { auth: definition.auth } : {},
+    ...definition?.mapping ? { mapping: definition.mapping } : {},
+    requiresAuthentication: provider === "local"
+  };
+}
+async function removeLocalVaultFiles(storeRoot, vault = "default") {
+  await rm2(path4.join(storeRoot, "vaults", vault), { recursive: true, force: true });
+}
+
+// ../core/src/secrets/providers/github.ts
+var GithubSecretsVaultProvider = class {
+  constructor(vaultId, definition, processEnv = process.env) {
+    this.vaultId = vaultId;
+    this.definition = definition;
+    this.processEnv = processEnv;
+  }
+  vaultId;
+  definition;
+  processEnv;
+  authenticated = false;
+  async authenticate(_authConfig) {
+    void _authConfig;
+    this.authenticated = true;
+  }
+  isAuthenticated() {
+    return this.authenticated;
+  }
+  resolveEnvVar(ref) {
+    if (this.processEnv[ref] !== void 0) {
+      return ref;
+    }
+    return Object.entries(this.definition.mapping ?? {}).find(([, logicalRef]) => logicalRef === ref)?.[0];
+  }
+  async batchGet(refs) {
+    this.authenticated = true;
+    const resolved = /* @__PURE__ */ new Map();
+    for (const ref of Array.from(new Set(refs)).sort((left, right) => left.localeCompare(right))) {
+      const envVar = this.resolveEnvVar(ref);
+      const value = envVar ? this.processEnv[envVar] : void 0;
+      if (value !== void 0) {
+        resolved.set(ref, value);
+      }
+    }
+    return resolved;
+  }
+  async get(ref) {
+    const envVar = this.resolveEnvVar(ref);
+    this.authenticated = true;
+    return envVar ? this.processEnv[envVar] : void 0;
+  }
+  async set(ref, value) {
+    void ref;
+    void value;
+    throw new Error(`Vault "${this.vaultId}" is environment-backed and cannot be written by CNOS.`);
+  }
+  async delete(ref) {
+    void ref;
+    throw new Error(`Vault "${this.vaultId}" is environment-backed and cannot be mutated by CNOS.`);
+  }
+  async list() {
+    return Object.values(this.definition.mapping ?? {}).sort((left, right) => left.localeCompare(right));
+  }
+};
+
+// ../core/src/secrets/auditLog.ts
+import { appendFile, mkdir as mkdir3 } from "fs/promises";
+import path5 from "path";
+async function appendAuditEvent(event, processEnv = process.env) {
+  const auditFile = processEnv.CNOS_AUDIT_FILE ?? path5.join(resolveSecretStoreRoot(processEnv), "audit", "access.log");
+  await mkdir3(path5.dirname(auditFile), { recursive: true });
+  await appendFile(
+    auditFile,
+    `${JSON.stringify({
+      ts: (/* @__PURE__ */ new Date()).toISOString(),
+      ...event
+    })}
+`,
+    "utf8"
+  );
+}
+
+// ../core/src/secrets/providers/local.ts
+var LocalSecretVaultProvider = class _LocalSecretVaultProvider {
+  constructor(vaultId, definition, processEnv = process.env, storeRoot = resolveSecretStoreRoot(processEnv)) {
+    this.vaultId = vaultId;
+    this.processEnv = processEnv;
+    this.storeRoot = storeRoot;
+    this.definition = definition;
+  }
+  vaultId;
+  processEnv;
+  storeRoot;
+  authConfig;
+  definition;
+  static fromVaults(vaults, vaultId, processEnv) {
+    const definition = resolveVaultDefinition(vaults, vaultId);
+    return new _LocalSecretVaultProvider(vaultId, definition, processEnv);
+  }
+  async authenticate(authConfig) {
+    this.authConfig = authConfig;
+    await this.list();
+  }
+  isAuthenticated() {
+    return Boolean(this.authConfig);
+  }
+  async requireAuth() {
+    if (this.authConfig) {
+      return this.authConfig;
+    }
+    const resolved = await resolveVaultAccessKey(this.storeRoot, this.definition, this.vaultId, this.processEnv);
+    if (!resolved) {
+      throw new CnosAuthenticationError(
+        `Cannot authenticate to vault "${this.vaultId}". Set the configured passphrase env var or run cnos vault auth ${this.vaultId}.`
+      );
+    }
+    this.authConfig = resolved;
+    return resolved;
+  }
+  async batchGet(refs) {
+    const auth = await this.requireAuth();
+    const entries = await Promise.all(
+      Array.from(new Set(refs)).sort((left, right) => left.localeCompare(right)).map(async (ref) => [ref, await readLocalSecret(this.storeRoot, ref, auth, this.vaultId)])
+    );
+    return new Map(entries);
+  }
+  async get(ref) {
+    const auth = await this.requireAuth();
+    try {
+      return await readLocalSecret(this.storeRoot, ref, auth, this.vaultId);
+    } catch {
+      return void 0;
+    }
+  }
+  async set(ref, value) {
+    const auth = await this.requireAuth();
+    await writeLocalSecret(this.storeRoot, ref, value, auth, this.vaultId);
+    await appendAuditEvent(
+      {
+        action: "write",
+        vault: this.vaultId,
+        ref,
+        caller: "cli"
+      },
+      this.processEnv
+    );
+  }
+  async delete(ref) {
+    const auth = await this.requireAuth();
+    await deleteLocalSecret(this.storeRoot, ref, auth, this.vaultId);
+    await appendAuditEvent(
+      {
+        action: "delete",
+        vault: this.vaultId,
+        ref,
+        caller: "cli"
+      },
+      this.processEnv
+    );
+  }
+  async list() {
+    const auth = this.authConfig ?? await resolveVaultAccessKey(this.storeRoot, this.definition, this.vaultId, this.processEnv);
+    if (!auth) {
+      throw new CnosAuthenticationError(
+        `Cannot authenticate to vault "${this.vaultId}". Set the configured passphrase env var or run cnos vault auth ${this.vaultId}.`
+      );
+    }
+    this.authConfig = auth;
+    return listLocalSecrets(this.storeRoot, auth, this.vaultId);
+  }
+};
+
+// ../core/src/secrets/providers/registry.ts
+function createSecretVaultProvider(vaultId, definition, processEnv) {
+  if (definition.provider === "local") {
+    return new LocalSecretVaultProvider(vaultId, definition, processEnv);
+  }
+  if (definition.provider === "github-secrets") {
+    return new GithubSecretsVaultProvider(vaultId, definition, processEnv);
+  }
+  throw new CnosManifestError(`Unsupported vault provider: ${definition.provider}`);
+}
+
+// ../core/src/secrets/prompt.ts
+import readline from "readline";
+import { Writable } from "stream";
+async function promptHidden(message) {
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    return void 0;
+  }
+  const mutableStdout = new WritableMask();
+  const rl = readline.createInterface({
+    input: process.stdin,
+    output: mutableStdout,
+    terminal: true
+  });
+  try {
+    mutableStdout.muted = true;
+    const value = await new Promise((resolve) => {
+      rl.question(message, resolve);
+    });
+    process.stdout.write("\n");
+    return value;
+  } finally {
+    rl.close();
+  }
+}
+var WritableMask = class extends Writable {
+  muted = false;
+  _write(chunk, _encoding, callback) {
+    if (!this.muted) {
+      process.stdout.write(chunk);
+    }
+    callback();
+  }
+};
+
+// ../core/src/secrets/resolveAuth.ts
+function toAuthError(vaultId, sources) {
+  return new CnosAuthenticationError(
+    `Cannot authenticate to vault "${vaultId}". Tried: ${sources.join(", ")}. Set ${getVaultPassphraseEnvVar(vaultId)} or run cnos vault auth ${vaultId}.`
+  );
+}
+async function resolveVaultAuth(vaultId, definition, processEnv = process.env) {
+  const sessionKey = await resolveVaultSessionKey(vaultId, processEnv);
+  if (sessionKey) {
+    return {
+      derivedKey: sessionKey,
+      method: "keychain",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  if (definition.provider === "github-secrets") {
+    return {
+      method: definition.auth?.method ?? "environment",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  const sources = definition.auth?.passphrase?.from ?? [getVaultPassphraseEnvVar(vaultId)];
+  for (const source of sources) {
+    if (source.startsWith("env:")) {
+      const value = processEnv[source.slice(4)];
+      if (value) {
+        return {
+          passphrase: value,
+          method: "passphrase",
+          ...definition.auth?.config ? { config: definition.auth.config } : {}
+        };
+      }
+    }
+    if (source.startsWith("keychain:")) {
+      const value = await readKeychain(source.slice("keychain:".length));
+      if (value) {
+        return {
+          derivedKey: Buffer.from(value, "hex"),
+          method: "keychain",
+          ...definition.auth?.config ? { config: definition.auth.config } : {}
+        };
+      }
+    }
+    if (source === "prompt") {
+      const value = await promptHidden(`Enter passphrase for vault "${vaultId}": `);
+      if (value) {
+        return {
+          passphrase: value,
+          method: "passphrase",
+          ...definition.auth?.config ? { config: definition.auth.config } : {}
+        };
+      }
+    }
+  }
+  const fallback = resolveSecretPassphrase(vaultId, processEnv);
+  if (fallback) {
+    return {
+      passphrase: fallback,
+      method: "passphrase",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  throw toAuthError(vaultId, [getVaultSessionKeyEnvVar(vaultId), ...sources]);
 }
-async function createSecretVault(storeRoot, vault, passphrase) {
-  const normalizedVault = vault.trim() || "default";
-  const filePath = resolveSecretVaultFile(storeRoot, normalizedVault);
-  await mkdir(path2.dirname(filePath), { recursive: true });
-  const document = {
-    version: 1,
-    name: normalizedVault,
-    createdAt: (/* @__PURE__ */ new Date()).toISOString(),
-    verifier: encryptDocument(`cnos-vault:${normalizedVault}`, passphrase)
-  };
-  await writeFile(filePath, JSON.stringify(document, null, 2), "utf8");
-  return filePath;
+
+// ../core/src/runtime/projection.ts
+function setNestedValue(target, pathSegments, value) {
+  const [head, ...tail] = pathSegments;
+  if (!head) {
+    return;
+  }
+  if (tail.length === 0) {
+    target[head] = value;
+    return;
+  }
+  const current = target[head];
+  const nextTarget = current && typeof current === "object" && !Array.isArray(current) ? current : {};
+  target[head] = nextTarget;
+  setNestedValue(nextTarget, tail, value);
 }
-async function ensureSecretVault(storeRoot, vault, passphrase) {
-  const normalizedVault = vault.trim() || "default";
-  const filePath = resolveSecretVaultFile(storeRoot, normalizedVault);
-  try {
-    await readFile(filePath, "utf8");
-    return filePath;
-  } catch (error) {
-    if (error.code !== "ENOENT") {
-      throw error;
+function toNamespaceObject(graph, namespace) {
+  const output = {};
+  const resolvedEntries = Array.from(graph.entries.values()).sort(
+    (left, right) => left.key.localeCompare(right.key)
+  );
+  for (const entry of resolvedEntries) {
+    if (namespace && entry.namespace !== namespace) {
+      continue;
     }
+    const valuePath = namespace ? stripNamespace(entry.key) : entry.key;
+    setNestedValue(output, valuePath.split("."), entry.value);
   }
-  return createSecretVault(storeRoot, normalizedVault, passphrase);
+  return output;
 }
-async function listSecretVaults(storeRoot) {
-  const vaultRoot = path2.join(storeRoot, "vaults");
-  try {
-    const entries = await readdir(vaultRoot, { withFileTypes: true });
-    return entries.filter((entry) => entry.isFile() && entry.name.endsWith(".json")).map((entry) => entry.name.replace(/\.json$/, "")).sort((left, right) => left.localeCompare(right));
-  } catch {
-    return [];
-  }
+
+// ../core/src/runtime/read.ts
+function readValue(graph, key) {
+  return graph.entries.get(key)?.value;
 }
-async function writeLocalSecret(storeRoot, ref, value, passphrase, vault = "default") {
-  await ensureSecretVault(storeRoot, vault, passphrase);
-  const filePath = resolveSecretStoreFile(storeRoot, ref, vault);
-  await mkdir(path2.dirname(filePath), { recursive: true });
-  await writeFile(filePath, JSON.stringify(encryptDocument(value, passphrase), null, 2), "utf8");
-  return filePath;
+
+// ../core/src/runtime/readOr.ts
+function readOrValue(graph, key, fallback) {
+  const value = readValue(graph, key);
+  return value === void 0 ? fallback : value;
 }
-async function readLocalSecret(storeRoot, ref, passphrase, vault = "default") {
-  if (!passphrase) {
-    throw new CnosManifestError(
-      `Missing CNOS secret passphrase for local secret ref "${ref}". Set CNOS_SECRET_PASSPHRASE or pass processEnv explicitly.`
-    );
-  }
-  const filePath = resolveSecretStoreFile(storeRoot, ref, vault);
-  const source = await readFile(filePath, "utf8");
-  const document = JSON.parse(source);
-  if (document.version !== 1 || document.algorithm !== "aes-256-gcm" || typeof document.salt !== "string" || typeof document.iv !== "string" || typeof document.tag !== "string" || typeof document.ciphertext !== "string") {
-    throw new CnosManifestError("Invalid local secret document", filePath);
+
+// ../core/src/runtime/require.ts
+function requireValue(graph, key) {
+  const value = readValue(graph, key);
+  if (value === void 0) {
+    throw new CnosKeyNotFoundError(key);
   }
-  return decryptDocument(document, passphrase);
+  return value;
 }
 
 // ../core/src/runtime/toEnv.ts
@@ -254,6 +1346,10 @@ function toEnv(graph, manifest, options = {}) {
     if (!entry) {
       continue;
     }
+    const namespaceDefinition = getNamespaceDefinition(manifest, entry.namespace);
+    if (namespaceDefinition.kind !== "data" || !namespaceDefinition.shareable || namespaceDefinition.sensitive) {
+      continue;
+    }
     if (entry.namespace === "secret" && !includeSecrets) {
       continue;
     }
@@ -265,64 +1361,9 @@ function toEnv(graph, manifest, options = {}) {
   return output;
 }
 
-// ../core/src/utils/envNaming.ts
-function normalizeMappingConfig(config = {}) {
-  return {
-    convention: config.convention,
-    explicit: config.explicit ?? {}
-  };
-}
-function toScreamingSnakeSegment(segment) {
-  return segment.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[^A-Za-z0-9]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
-}
-function toScreamingSnake(path8) {
-  return path8.split(".").map((segment) => toScreamingSnakeSegment(segment)).filter(Boolean).join("_");
-}
-function fromScreamingSnake(path8) {
-  return path8.split("_").map((segment) => segment.trim().toLowerCase()).filter(Boolean).join(".");
-}
-function logicalKeyToEnvVar(key, config = {}) {
-  const normalized = normalizeMappingConfig(config);
-  const explicitEntry = Object.entries(normalized.explicit).find(([, logicalKey]) => logicalKey === key);
-  if (explicitEntry) {
-    return explicitEntry[0];
-  }
-  if (normalized.convention !== "SCREAMING_SNAKE") {
-    return void 0;
-  }
-  if (key.startsWith("value.")) {
-    return toScreamingSnake(key.slice("value.".length));
-  }
-  if (key.startsWith("secret.")) {
-    return `SECRET_${toScreamingSnake(key.slice("secret.".length))}`;
-  }
-  return void 0;
-}
-function envVarToLogicalKey(envVar, config = {}) {
-  const normalized = normalizeMappingConfig(config);
-  const explicitMatch = normalized.explicit[envVar];
-  if (explicitMatch) {
-    return explicitMatch;
-  }
-  if (normalized.convention !== "SCREAMING_SNAKE") {
-    return void 0;
-  }
-  if (envVar.startsWith("SECRET_")) {
-    const stripped = envVar.slice("SECRET_".length);
-    if (!stripped) {
-      return void 0;
-    }
-    return `secret.${fromScreamingSnake(stripped)}`;
-  }
-  if (!/^[A-Z][A-Z0-9_]*$/.test(envVar)) {
-    return void 0;
-  }
-  return `value.${fromScreamingSnake(envVar)}`;
-}
-
 // ../core/src/runtime/toPublicEnv.ts
-function fallbackValueEnvVar(key) {
-  return key.replace(/^value\./, "").replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[^A-Za-z0-9]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
+function fallbackPublicEnvVar(valuePath) {
+  return valuePath.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[^A-Za-z0-9]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
 }
 function normalizeEnvValue2(value) {
   if (value === void 0 || value === null) {
@@ -349,22 +1390,12 @@ function resolvePublicPrefix(manifest, options) {
   }
   return configuredPrefix;
 }
-function ensurePublicPromotionKey(key) {
-  if (!key.startsWith("value.")) {
-    throw new CnosManifestError(`public.promote may only contain value.* keys: ${key}`);
-  }
-}
 function toPublicEnv(graph, manifest, options = {}) {
   const prefix = resolvePublicPrefix(manifest, options);
   const output = {};
-  const promotions = [...manifest.public.promote].sort((left, right) => left.localeCompare(right));
-  for (const key of promotions) {
-    ensurePublicPromotionKey(key);
-    const resolved = graph.entries.get(key);
-    if (!resolved) {
-      continue;
-    }
-    const baseEnvVar = logicalKeyToEnvVar(key, manifest.envMapping) ?? fallbackValueEnvVar(key);
+  const promotions = Array.from(graph.entries.values()).filter((entry) => entry.namespace === "public").sort((left, right) => left.key.localeCompare(right.key));
+  for (const resolved of promotions) {
+    const baseEnvVar = fallbackPublicEnvVar(stripNamespace(resolved.key));
     const envVar = prefix && !baseEnvVar.startsWith(prefix) ? `${prefix}${baseEnvVar}` : baseEnvVar;
     output[envVar] = normalizeEnvValue2(resolved.value);
   }
@@ -372,55 +1403,23 @@ function toPublicEnv(graph, manifest, options = {}) {
 }
 
 // ../core/src/runtime/dump.ts
-import { mkdir as mkdir2, writeFile as writeFile2 } from "fs/promises";
-import path3 from "path";
-
-// ../core/src/runtime/projection.ts
-function setNestedValue(target, pathSegments, value) {
-  const [head, ...tail] = pathSegments;
-  if (!head) {
-    return;
-  }
-  if (tail.length === 0) {
-    target[head] = value;
-    return;
-  }
-  const current = target[head];
-  const nextTarget = current && typeof current === "object" && !Array.isArray(current) ? current : {};
-  target[head] = nextTarget;
-  setNestedValue(nextTarget, tail, value);
-}
-function toNamespaceObject(graph, namespace) {
-  const output = {};
-  const resolvedEntries = Array.from(graph.entries.values()).sort(
-    (left, right) => left.key.localeCompare(right.key)
-  );
-  for (const entry of resolvedEntries) {
-    if (namespace && entry.namespace !== namespace) {
-      continue;
-    }
-    const valuePath = namespace ? stripNamespace(entry.key) : entry.key;
-    setNestedValue(output, valuePath.split("."), entry.value);
-  }
-  return output;
-}
-
-// ../core/src/runtime/dump.ts
+import { mkdir as mkdir4, writeFile as writeFile3 } from "fs/promises";
+import path6 from "path";
 function buildDumpFiles(graph, options = {}) {
-  const basePath = options.flatten ? "" : path3.posix.join("workspaces", graph.workspace.workspaceId);
+  const basePath = options.flatten ? "" : path6.posix.join("workspaces", graph.workspace.workspaceId);
   const values = toNamespaceObject(graph, "value");
   const secrets = toNamespaceObject(graph, "secret");
   const files = [];
   if (Object.keys(values).length > 0) {
     files.push({
-      path: path3.posix.join(basePath, "values", graph.profile, "app.yml"),
+      path: path6.posix.join(basePath, "values", graph.profile, "app.yml"),
       namespace: "value",
       content: stringifyYaml(values)
     });
   }
   if (Object.keys(secrets).length > 0) {
     files.push({
-      path: path3.posix.join(basePath, "secrets", graph.profile, "app.yml"),
+      path: path6.posix.join(basePath, "secrets", graph.profile, "app.yml"),
       namespace: "secret",
       content: stringifyYaml(secrets)
     });
@@ -436,12 +1435,12 @@ function planDump(graph, options = {}) {
   };
 }
 async function writeDump(graph, options) {
-  const root = path3.resolve(options.to);
+  const root = path6.resolve(options.to);
   const plan = planDump(graph, options);
   for (const file of plan.files) {
-    const destination = path3.join(root, file.path);
-    await mkdir2(path3.dirname(destination), { recursive: true });
-    await writeFile2(destination, file.content, "utf8");
+    const destination = path6.join(root, file.path);
+    await mkdir4(path6.dirname(destination), { recursive: true });
+    await writeFile3(destination, file.content, "utf8");
   }
   return {
     ...plan,
@@ -462,6 +1461,61 @@ function flattenObject(value, prefix = "") {
   }, {});
 }
 
+// ../core/src/utils/envNaming.ts
+function normalizeMappingConfig(config = {}) {
+  return {
+    convention: config.convention,
+    explicit: config.explicit ?? {}
+  };
+}
+function toScreamingSnakeSegment(segment) {
+  return segment.replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[^A-Za-z0-9]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
+}
+function toScreamingSnake(path10) {
+  return path10.split(".").map((segment) => toScreamingSnakeSegment(segment)).filter(Boolean).join("_");
+}
+function fromScreamingSnake(path10) {
+  return path10.split("_").map((segment) => segment.trim().toLowerCase()).filter(Boolean).join(".");
+}
+function logicalKeyToEnvVar(key, config = {}) {
+  const normalized = normalizeMappingConfig(config);
+  const explicitEntry = Object.entries(normalized.explicit).find(([, logicalKey]) => logicalKey === key);
+  if (explicitEntry) {
+    return explicitEntry[0];
+  }
+  if (normalized.convention !== "SCREAMING_SNAKE") {
+    return void 0;
+  }
+  if (key.startsWith("value.")) {
+    return toScreamingSnake(key.slice("value.".length));
+  }
+  if (key.startsWith("secret.")) {
+    return `SECRET_${toScreamingSnake(key.slice("secret.".length))}`;
+  }
+  return void 0;
+}
+function envVarToLogicalKey(envVar, config = {}) {
+  const normalized = normalizeMappingConfig(config);
+  const explicitMatch = normalized.explicit[envVar];
+  if (explicitMatch) {
+    return explicitMatch;
+  }
+  if (normalized.convention !== "SCREAMING_SNAKE") {
+    return void 0;
+  }
+  if (envVar.startsWith("SECRET_")) {
+    const stripped = envVar.slice("SECRET_".length);
+    if (!stripped) {
+      return void 0;
+    }
+    return `secret.${fromScreamingSnake(stripped)}`;
+  }
+  if (!/^[A-Z][A-Z0-9_]*$/.test(envVar)) {
+    return void 0;
+  }
+  return `value.${fromScreamingSnake(envVar)}`;
+}
+
 // ../core/src/validation/envMapping.ts
 function fallbackLogicalKeyToEnvVar(key) {
   return key.replace(/^(value|secret)\./, "").replace(/([a-z0-9])([A-Z])/g, "$1_$2").replace(/[^A-Za-z0-9]+/g, "_").replace(/_+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
@@ -475,7 +1529,8 @@ function validateEnvMappingCollisions(manifest, graph) {
   ]);
   const collisions = /* @__PURE__ */ new Map();
   for (const key of candidates) {
-    if (key.startsWith("meta.")) {
+    const definition = getNamespaceDefinition(manifest, key);
+    if (definition.kind !== "data") {
       continue;
     }
     const envVar = logicalKeyToEnvVar(key, manifest.envMapping) ?? (key.startsWith("value.") || key.startsWith("secret.") ? fallbackLogicalKeyToEnvVar(key) : void 0);
@@ -494,11 +1549,7 @@ function validateEnvMappingCollisions(manifest, graph) {
 
 // ../core/src/validation/publicSafety.ts
 function validatePublicSafety(manifest) {
-  return manifest.public.promote.filter((key) => !key.startsWith("value.")).map((key) => ({
-    code: "public.invalid-promotion",
-    key,
-    message: `public.promote may only include value.* keys: ${key}`
-  }));
+  return manifest.public.promote.map((key) => validateProjectionIssue(manifest, key, "public")).filter((issue) => Boolean(issue));
 }
 
 // ../core/src/validation/workspaceSafety.ts
@@ -542,58 +1593,25 @@ async function validateRuntime(runtime) {
       issues: validatePublicSafety(runtime.manifest)
     },
     {
-      pluginId: "env-mapping",
-      valid: true,
-      issues: validateEnvMappingCollisions(runtime.manifest, runtime.graph)
-    },
-    {
-      pluginId: "workspace-safety",
-      valid: true,
-      issues: validateWorkspaceSafety(runtime.manifest, runtime.graph)
-    }
-  ].map((result) => ({
-    ...result,
-    valid: result.issues.length === 0
-  }));
-  const results = [...pluginResults, ...builtInResults];
-  const issues = results.flatMap((result) => result.issues);
-  return {
-    valid: issues.length === 0,
-    issues,
-    results
-  };
-}
-
-// ../core/src/runtime/inspect.ts
-function inspectValue(graph, key) {
-  const entry = graph.entries.get(key);
-  if (!entry) {
-    throw new CnosKeyNotFoundError(key);
-  }
-  return {
-    key: entry.key,
-    value: entry.value,
-    namespace: entry.namespace,
-    profile: graph.profile,
-    profileSource: graph.profileSource,
-    workspace: {
-      id: graph.workspace.workspaceId,
-      source: graph.workspace.workspaceSource,
-      chain: graph.workspace.workspaceChain
-    },
-    winner: {
-      sourceId: entry.winner.sourceId,
-      pluginId: entry.winner.pluginId,
-      workspaceId: entry.winner.workspaceId,
-      ...entry.winner.origin ? { origin: entry.winner.origin } : {}
+      pluginId: "env-mapping",
+      valid: true,
+      issues: validateEnvMappingCollisions(runtime.manifest, runtime.graph)
     },
-    overridden: entry.overridden.map((override) => ({
-      sourceId: override.sourceId,
-      pluginId: override.pluginId,
-      workspaceId: override.workspaceId,
-      value: override.value,
-      ...override.origin ? { origin: override.origin } : {}
-    }))
+    {
+      pluginId: "workspace-safety",
+      valid: true,
+      issues: validateWorkspaceSafety(runtime.manifest, runtime.graph)
+    }
+  ].map((result) => ({
+    ...result,
+    valid: result.issues.length === 0
+  }));
+  const results = [...pluginResults, ...builtInResults];
+  const issues = results.flatMap((result) => result.issues);
+  return {
+    valid: issues.length === 0,
+    issues,
+    results
   };
 }
 
@@ -608,174 +1626,13 @@ function createProvenanceInspector() {
   };
 }
 
-// ../core/src/manifest/loadManifest.ts
-import { readFile as readFile2 } from "fs/promises";
-import path4 from "path";
-
-// ../core/src/manifest/normalizeManifest.ts
-var DEFAULT_RESOLVE_FROM = ["cli.profile", "env.CNOS_PROFILE", "default"];
-var DEFAULT_LOADERS = [
-  "filesystem-values",
-  "filesystem-secrets",
-  "dotenv",
-  "process-env",
-  "cli-args"
-];
-var DEFAULT_VALIDATORS = ["basic-schema"];
-var DEFAULT_EXPORTERS = ["env", "public-env"];
-var DEFAULT_INSPECTORS = ["provenance"];
-var DEFAULT_FRAMEWORK_PREFIXES = {
-  next: "NEXT_PUBLIC_",
-  vite: "VITE_",
-  nuxt: "NUXT_PUBLIC_"
-};
-function validateResolveFrom(resolveFrom) {
-  const validValues = ["cli.profile", "env.CNOS_PROFILE", "default"];
-  for (const entry of resolveFrom) {
-    if (!validValues.includes(entry)) {
-      throw new CnosManifestError(`Unsupported profiles.resolveFrom entry: ${entry}`);
-    }
-  }
-  return resolveFrom;
-}
-function normalizeWorkspaceItems(items) {
-  return Object.fromEntries(
-    Object.entries(items ?? {}).map(([workspaceId, item]) => [
-      workspaceId,
-      {
-        extends: Array.isArray(item?.extends) ? item.extends.map((entry) => entry.trim()).filter(Boolean) : item?.extends ? [item.extends.trim()].filter(Boolean) : [],
-        ...item?.globalId?.trim() ? { globalId: item.globalId.trim() } : {}
-      }
-    ])
-  );
-}
-function normalizeManifest(manifest) {
-  const version = manifest.version ?? 1;
-  if (version !== 1) {
-    throw new CnosManifestError(`Unsupported CNOS manifest version: ${version}`);
-  }
-  const projectName = manifest.project?.name?.trim();
-  if (!projectName) {
-    throw new CnosManifestError("Manifest requires project.name");
-  }
-  const defaultProfile = manifest.profiles?.default?.trim() || "base";
-  const workspaceItems = normalizeWorkspaceItems(manifest.workspaces?.items);
-  const resolveFrom = validateResolveFrom(manifest.profiles?.resolveFrom ?? DEFAULT_RESOLVE_FROM);
-  const filesystemValues = {
-    root: "./",
-    format: "yaml",
-    ...manifest.sources?.["filesystem-values"] ?? {}
-  };
-  const filesystemSecrets = {
-    root: "./",
-    format: "yaml",
-    ...manifest.sources?.["filesystem-secrets"] ?? {}
-  };
-  const dotenv = {
-    root: "./env",
-    ...manifest.sources?.dotenv ?? {}
-  };
-  return {
-    version: 1,
-    project: {
-      name: projectName
-    },
-    workspaces: {
-      ...manifest.workspaces?.default?.trim() ? {
-        default: manifest.workspaces.default.trim()
-      } : {},
-      global: {
-        enabled: manifest.workspaces?.global?.enabled ?? false,
-        ...manifest.workspaces?.global?.root?.trim() ? {
-          root: manifest.workspaces.global.root.trim()
-        } : {},
-        allowWrite: manifest.workspaces?.global?.allowWrite ?? false
-      },
-      items: workspaceItems
-    },
-    profiles: {
-      default: defaultProfile,
-      resolveFrom
-    },
-    plugins: {
-      loaders: manifest.plugins?.loaders ?? DEFAULT_LOADERS,
-      resolver: manifest.plugins?.resolver ?? "profile-aware",
-      validators: manifest.plugins?.validators ?? DEFAULT_VALIDATORS,
-      exporters: manifest.plugins?.exporters ?? DEFAULT_EXPORTERS,
-      inspectors: manifest.plugins?.inspectors ?? DEFAULT_INSPECTORS
-    },
-    sources: {
-      ...manifest.sources ?? {},
-      "filesystem-values": filesystemValues,
-      "filesystem-secrets": filesystemSecrets,
-      dotenv
-    },
-    resolution: {
-      precedence: manifest.resolution?.precedence ?? [
-        "filesystem-values",
-        "filesystem-secrets",
-        "dotenv",
-        "process-env",
-        "cli-args"
-      ],
-      arrayPolicy: manifest.resolution?.arrayPolicy ?? "replace"
-    },
-    envMapping: {
-      ...manifest.envMapping?.convention ? {
-        convention: manifest.envMapping.convention
-      } : {},
-      explicit: manifest.envMapping?.explicit ?? {}
-    },
-    public: {
-      promote: manifest.public?.promote ?? [],
-      frameworks: {
-        ...DEFAULT_FRAMEWORK_PREFIXES,
-        ...manifest.public?.frameworks ?? {}
-      }
-    },
-    writePolicy: {
-      define: {
-        defaultProfile: manifest.writePolicy?.define?.defaultProfile ?? defaultProfile,
-        targets: {
-          value: manifest.writePolicy?.define?.targets?.value ?? "./values/app.yml",
-          secret: manifest.writePolicy?.define?.targets?.secret ?? "./secrets/app.yml"
-        }
-      }
-    },
-    schema: manifest.schema ?? {}
-  };
-}
-
-// ../core/src/manifest/loadManifest.ts
-async function loadManifest(options = {}) {
-  const manifestRoot = await resolveManifestRoot(options.root);
-  const manifestPath = path4.join(manifestRoot, "cnos.yml");
-  let source;
-  try {
-    source = await readFile2(manifestPath, "utf8");
-  } catch {
-    throw new CnosManifestError("Unable to read CNOS manifest", manifestPath);
-  }
-  const rawManifest = parseYaml(source);
-  if (!rawManifest || typeof rawManifest !== "object") {
-    throw new CnosManifestError("CNOS manifest must be a YAML object", manifestPath);
-  }
-  return {
-    manifestRoot,
-    repoRoot: path4.dirname(manifestRoot),
-    manifestPath,
-    manifest: normalizeManifest(rawManifest),
-    rawManifest
-  };
-}
-
 // ../core/src/manifest/loadWorkspaceFile.ts
-import { readFile as readFile3 } from "fs/promises";
-import path5 from "path";
+import { readFile as readFile4 } from "fs/promises";
+import path7 from "path";
 async function loadWorkspaceFile(repoRoot) {
-  const workspaceFilePath = path5.join(repoRoot, ".cnos-workspace.yml");
+  const workspaceFilePath = path7.join(repoRoot, ".cnos-workspace.yml");
   try {
-    const source = await readFile3(workspaceFilePath, "utf8");
+    const source = await readFile4(workspaceFilePath, "utf8");
     const parsed = parseYaml(source);
     if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
       throw new CnosManifestError(".cnos-workspace.yml must be a YAML object", workspaceFilePath);
@@ -798,8 +1655,8 @@ async function loadWorkspaceFile(repoRoot) {
 }
 
 // ../core/src/profiles/expandProfileChain.ts
-import { access as access2, readFile as readFile4 } from "fs/promises";
-import path6 from "path";
+import { access as access2, readFile as readFile5 } from "fs/promises";
+import path8 from "path";
 async function fileExists(targetPath) {
   try {
     await access2(targetPath);
@@ -836,11 +1693,11 @@ async function loadProfileDefinition(profileName, options) {
     return normalizeProfileDefinition(profileName, void 0);
   }
   for (const workspaceRoot of [...workspaceRoots].reverse()) {
-    const profilePath = path6.join(workspaceRoot.path, "profiles", `${profileName}.yml`);
+    const profilePath = path8.join(workspaceRoot.path, "profiles", `${profileName}.yml`);
     if (!await fileExists(profilePath)) {
       continue;
     }
-    const document = await readFile4(profilePath, "utf8");
+    const document = await readFile5(profilePath, "utf8");
     const parsed = parseYaml(document);
     if (!parsed || typeof parsed !== "object" || Array.isArray(parsed)) {
       throw new CnosManifestError("Profile definition must be a YAML object", profilePath);
@@ -848,7 +1705,7 @@ async function loadProfileDefinition(profileName, options) {
     const definition = normalizeProfileDefinition(
       profileName,
       parsed,
-      options.manifestRoot ? toPortablePath(path6.relative(path6.dirname(options.manifestRoot), profilePath)) : toPortablePath(profilePath)
+      options.manifestRoot ? toPortablePath(path8.relative(path8.dirname(options.manifestRoot), profilePath)) : toPortablePath(profilePath)
     );
     if (definition.name !== profileName) {
       throw new CnosManifestError(
@@ -936,6 +1793,50 @@ async function expandProfileChain(activeProfile, options = {}) {
   };
 }
 
+// ../core/src/promotions/promoteToPublic.ts
+function toPublicKey(key) {
+  const namespace = getNamespaceNameForKey(key);
+  return namespace === "value" ? `public.${stripNamespace(key)}` : `public.${key}`;
+}
+function toPromotedConfigEntry(entry, key, promotedFrom) {
+  return {
+    ...entry,
+    key,
+    namespace: "public",
+    sourceId: "public-promote",
+    pluginId: "core",
+    metadata: {
+      ...entry.metadata ?? {},
+      promotedFrom
+    }
+  };
+}
+function toPromotedResolvedEntry(entry) {
+  const key = toPublicKey(entry.key);
+  return {
+    key,
+    value: entry.value,
+    namespace: "public",
+    winner: toPromotedConfigEntry(entry.winner, key, entry.key),
+    overridden: entry.overridden.map((override) => toPromotedConfigEntry(override, key, entry.key))
+  };
+}
+function promoteToPublic(graph, manifest) {
+  const entries = new Map(graph.entries);
+  for (const key of manifest.public.promote) {
+    ensureProjectionAllowed(manifest, key, "public");
+    const resolved = graph.entries.get(key);
+    if (!resolved) {
+      continue;
+    }
+    entries.set(toPublicKey(key), toPromotedResolvedEntry(resolved));
+  }
+  return {
+    ...graph,
+    entries
+  };
+}
+
 // ../core/src/profiles/resolveActiveProfile.ts
 function resolveActiveProfile(manifest, options = {}) {
   for (const source of manifest.profiles.resolveFrom) {
@@ -1051,7 +1952,7 @@ function createProfileAwareResolver() {
 
 // ../core/src/workspaces/resolveWorkspaceContext.ts
 import { access as access3 } from "fs/promises";
-import path7 from "path";
+import path9 from "path";
 
 // ../core/src/workspaces/expandWorkspaceChain.ts
 function expandWorkspaceChain(workspaceId, items) {
@@ -1088,7 +1989,7 @@ function expandWorkspaceChain(workspaceId, items) {
 }
 
 // ../core/src/workspaces/resolveWorkspaceContext.ts
-async function exists2(targetPath) {
+async function exists3(targetPath) {
   try {
     await access3(targetPath);
     return true;
@@ -1097,14 +1998,14 @@ async function exists2(targetPath) {
   }
 }
 async function resolveLocalWorkspaceRoot(manifestRoot, workspaceId) {
-  const workspaceRoot = path7.join(manifestRoot, "workspaces", workspaceId);
-  if (await exists2(workspaceRoot)) {
+  const workspaceRoot = path9.join(manifestRoot, "workspaces", workspaceId);
+  if (await exists3(workspaceRoot)) {
     return workspaceRoot;
   }
   const legacyMarkers = ["values", "secrets", "env", "profiles"].map(
-    (segment) => path7.join(manifestRoot, segment)
+    (segment) => path9.join(manifestRoot, segment)
   );
-  if ((await Promise.all(legacyMarkers.map((marker) => exists2(marker)))).some(Boolean)) {
+  if ((await Promise.all(legacyMarkers.map((marker) => exists3(marker)))).some(Boolean)) {
     return manifestRoot;
   }
   return workspaceRoot;
@@ -1144,26 +2045,26 @@ function resolveGlobalRoot(manifest, workspaceFile, options) {
   }
   if (options.globalRoot) {
     return {
-      value: path7.resolve(expandHomePath(options.globalRoot)),
+      value: path9.resolve(expandHomePath(options.globalRoot)),
       source: "cli"
     };
   }
   if (workspaceFile?.globalRoot) {
     return {
-      value: path7.resolve(expandHomePath(workspaceFile.globalRoot)),
+      value: path9.resolve(expandHomePath(workspaceFile.globalRoot)),
       source: "workspace-file"
     };
   }
   if (manifest.workspaces.global.root) {
     return {
-      value: path7.resolve(expandHomePath(manifest.workspaces.global.root)),
+      value: path9.resolve(expandHomePath(manifest.workspaces.global.root)),
       source: "manifest"
     };
   }
   const cnosHome = options.processEnv?.CNOS_HOME;
   if (cnosHome) {
     return {
-      value: path7.resolve(expandHomePath(cnosHome)),
+      value: path9.resolve(expandHomePath(cnosHome)),
       source: "CNOS_HOME"
     };
   }
@@ -1180,7 +2081,7 @@ async function resolveWorkspaceContext(manifest, options) {
       workspaceRoots.push({
         scope: "global",
         workspaceId: chainWorkspaceId,
-        path: path7.join(globalRoot.value, "workspaces", globalWorkspaceId)
+        path: path9.join(globalRoot.value, "workspaces", globalWorkspaceId)
       });
     }
   }
@@ -1370,49 +2271,120 @@ async function runPipeline(options) {
   return collectedEntries.flat();
 }
 
-// ../core/src/runtime/read.ts
-function readValue(graph, key) {
-  return graph.entries.get(key)?.value;
-}
+// ../core/src/secrets/secretCache.ts
+var SecretCache = class {
+  cache = /* @__PURE__ */ new Map();
+  authenticated = /* @__PURE__ */ new Set();
+  load(vaultId, secrets) {
+    this.authenticated.add(vaultId);
+    for (const [ref, value] of secrets) {
+      this.cache.set(`${vaultId}:${ref}`, value);
+    }
+  }
+  isVaultAuthenticated(vaultId) {
+    return this.authenticated.has(vaultId);
+  }
+  get(vaultId, ref) {
+    return this.cache.get(`${vaultId}:${ref}`);
+  }
+  clear(vaultId) {
+    if (!vaultId) {
+      this.cache.clear();
+      this.authenticated.clear();
+      return;
+    }
+    this.authenticated.delete(vaultId);
+    for (const key of Array.from(this.cache.keys())) {
+      if (key.startsWith(`${vaultId}:`)) {
+        this.cache.delete(key);
+      }
+    }
+  }
+};
 
-// ../core/src/runtime/readOr.ts
-function readOrValue(graph, key, fallback) {
-  const value = readValue(graph, key);
-  return value === void 0 ? fallback : value;
+// ../core/src/secrets/batchResolve.ts
+function collectSecretDescriptors(graph) {
+  return Array.from(graph.entries.values()).filter((entry) => entry.namespace === "secret" && isSecretReference(entry.value)).map((entry) => ({
+    logicalKey: entry.key,
+    ref: entry.value
+  }));
 }
-
-// ../core/src/runtime/require.ts
-function requireValue(graph, key) {
-  const value = readValue(graph, key);
-  if (value === void 0) {
-    throw new CnosKeyNotFoundError(key);
+async function batchResolveSecrets(graph, manifest, processEnv = process.env) {
+  const cache = new SecretCache();
+  const descriptors = collectSecretDescriptors(graph);
+  const grouped = descriptors.reduce((accumulator, descriptor) => {
+    const vaultId = descriptor.ref.vault ?? "default";
+    const bucket = accumulator.get(vaultId) ?? [];
+    bucket.push(descriptor);
+    accumulator.set(vaultId, bucket);
+    return accumulator;
+  }, /* @__PURE__ */ new Map());
+  for (const [vaultId, refs] of grouped) {
+    const definition = manifest.vaults[vaultId] ?? { provider: "local", auth: { passphrase: { from: [] } } };
+    const provider = createSecretVaultProvider(vaultId, definition, processEnv);
+    const auth = await resolveVaultAuth(vaultId, definition, processEnv);
+    await provider.authenticate(auth);
+    const resolved = await provider.batchGet(refs.map((entry) => entry.ref.ref));
+    cache.load(vaultId, resolved);
+    await appendAuditEvent(
+      {
+        action: "batch_read",
+        vault: vaultId,
+        refs: Array.from(resolved.keys()).sort((left, right) => left.localeCompare(right)),
+        caller: "runtime",
+        workspace: graph.workspace.workspaceId,
+        profile: graph.profile
+      },
+      processEnv
+    );
   }
-  return value;
+  return cache;
+}
+function resolveSecretEntryValue(key, value, cache) {
+  if (!key.startsWith("secret.") || !isSecretReference(value)) {
+    return value;
+  }
+  const vaultId = value.vault ?? "default";
+  return cache.get(vaultId, value.ref) ?? value;
 }
 
 // ../core/src/orchestrator/runtime.ts
-function createRuntime(manifest, graph, plugins = []) {
+function createRuntime(manifest, graph, plugins = [], secretCache) {
+  function readLogicalKey(key) {
+    const entry = graph.entries.get(key);
+    if (!entry) {
+      return void 0;
+    }
+    if (!secretCache) {
+      return entry.value;
+    }
+    return resolveSecretEntryValue(key, entry.value, secretCache);
+  }
   return {
     manifest,
     plugins,
     graph,
     read(key) {
-      return readValue(graph, key);
+      return readLogicalKey(key);
     },
     require(key) {
-      return requireValue(graph, key);
+      const value = readLogicalKey(key);
+      if (value === void 0) {
+        return requireValue(graph, key);
+      }
+      return value;
     },
     readOr(key, fallback) {
       return readOrValue(graph, key, fallback);
     },
-    value(path8) {
-      return readValue(graph, toLogicalKey("value", path8));
+    value(path10) {
+      return readLogicalKey(toLogicalKey("value", path10));
     },
-    secret(path8) {
-      return readValue(graph, toLogicalKey("secret", path8));
+    secret(path10) {
+      return readLogicalKey(toLogicalKey("secret", path10));
     },
-    meta(path8) {
-      return readValue(graph, toLogicalKey("meta", path8));
+    meta(path10) {
+      return readLogicalKey(toLogicalKey("meta", path10));
     },
     inspect(key) {
       return inspectValue(graph, key);
@@ -1527,6 +2499,9 @@ function appendMetaEntries(graph, cnosVersion) {
 }
 async function createCnos(options = {}) {
   const loadedManifest = await loadManifest(options.root ? { root: options.root } : {});
+  for (const key of loadedManifest.manifest.public.promote) {
+    ensureProjectionAllowed(loadedManifest.manifest, key, "public");
+  }
   const workspaceFile = await loadWorkspaceFile(loadedManifest.repoRoot);
   const workspace = await resolveWorkspaceContext(loadedManifest.manifest, {
     manifestRoot: loadedManifest.manifestRoot,
@@ -1566,40 +2541,73 @@ async function createCnos(options = {}) {
     workspace
   });
   const schemaApplied = applySchemaRules(graph, loadedManifest.manifest.schema);
+  const promotedGraph = promoteToPublic(schemaApplied.graph, loadedManifest.manifest);
+  const secretCache = options.secretResolution === "lazy" ? void 0 : await batchResolveSecrets(promotedGraph, loadedManifest.manifest, options.processEnv);
   return createRuntime(
     loadedManifest.manifest,
     appendMetaEntries({
-      ...schemaApplied.graph,
+      ...promotedGraph,
       profileSource: activeProfile.source
     }, options.cnosVersion),
-    plugins
+    plugins,
+    secretCache
   );
 }
 
 export {
   CnosManifestError,
+  CnosSecurityError,
+  CnosAuthenticationError,
+  inspectValue,
   createProvenanceInspector,
+  readKeychain,
+  writeKeychain,
+  resolveManifestRoot,
   resolveWorkspaceScopedPath,
   resolveConfigDocumentPath,
   toPortablePath,
   joinConfigPath,
+  toLogicalKey,
   parseYaml,
   stringifyYaml,
+  loadManifest,
+  ensureProjectionAllowed,
   applySchemaRules,
+  writeVaultSessionKey,
+  clearVaultSessionKey,
+  clearAllVaultSessionKeys,
   isSecretReference,
   resolveSecretStoreRoot,
-  resolveSecretVaultFile,
+  getVaultPassphraseEnvVar,
+  isPassphraseEnvRef,
+  getVaultSessionKeyEnvVar,
   resolveSecretPassphrase,
-  createSecretVault,
+  deriveVaultKey,
+  resolveSecretVaultFile,
+  detectLegacyVaultFormat,
+  readVaultMetadata,
   listSecretVaults,
+  createSecretVault,
+  resolveConfiguredVaultPassphrase,
+  resolveVaultAccessKey,
   writeLocalSecret,
+  deleteLocalSecret,
   readLocalSecret,
+  listLocalSecrets,
+  resolveVaultDefinition,
+  removeLocalVaultFiles,
+  createSecretVaultProvider,
+  resolveVaultAuth,
+  toNamespaceObject,
+  readValue,
+  readOrValue,
+  requireValue,
   toEnv,
-  envVarToLogicalKey,
   toPublicEnv,
   createCnos,
   planDump,
   writeDump,
+  envVarToLogicalKey,
   flattenObject,
   validateRuntime
 };