@kitsy/cnos 1.2.0 → 1.3.0

package/dist/runtime/index.cjs

@@ -53,6 +53,11 @@ var CnosSecurityError = class extends CnosError {
     super(message);
   }
 };
+var CnosAuthenticationError = class extends CnosError {
+  constructor(message) {
+    super(message);
+  }
+};
 var CnosKeyNotFoundError = class extends CnosError {
   constructor(key) {
     super(`Missing required CNOS config key: ${key}`);
@@ -105,6 +110,68 @@ function createProvenanceInspector() {
   };
 }
 
+// ../core/src/keychain/linux.ts
+var import_node_child_process = require("child_process");
+var import_node_util = require("util");
+var execFileAsync = (0, import_node_util.promisify)(import_node_child_process.execFile);
+async function readLinuxKeychain(entry) {
+  try {
+    const { stdout } = await execFileAsync("secret-tool", ["lookup", "service", "cnos", "account", entry]);
+    const value = stdout.trim();
+    return value.length > 0 ? value : void 0;
+  } catch {
+    return void 0;
+  }
+}
+
+// ../core/src/keychain/macos.ts
+var import_node_child_process2 = require("child_process");
+var import_node_util2 = require("util");
+var execFileAsync2 = (0, import_node_util2.promisify)(import_node_child_process2.execFile);
+async function readMacosKeychain(entry) {
+  try {
+    const { stdout } = await execFileAsync2("security", ["find-generic-password", "-a", "cnos", "-s", entry, "-w"]);
+    const value = stdout.trim();
+    return value.length > 0 ? value : void 0;
+  } catch {
+    return void 0;
+  }
+}
+
+// ../core/src/keychain/windows.ts
+var import_node_child_process3 = require("child_process");
+var import_node_util3 = require("util");
+var execFileAsync3 = (0, import_node_util3.promisify)(import_node_child_process3.execFile);
+function wrap(script) {
+  return ["-NoProfile", "-Command", script];
+}
+async function readWindowsKeychain(entry) {
+  try {
+    const { stdout } = await execFileAsync3(
+      "powershell",
+      wrap(`Add-Type -AssemblyName System.Runtime.WindowsRuntime; [Windows.Security.Credentials.PasswordVault,Windows.Security.Credentials,ContentType=WindowsRuntime] > $null; $vault = New-Object Windows.Security.Credentials.PasswordVault; $credential = $vault.Retrieve('cnos','${entry}'); $credential.RetrievePassword(); Write-Output $credential.Password`)
+    );
+    const value = stdout.trim();
+    return value.length > 0 ? value : void 0;
+  } catch {
+    return void 0;
+  }
+}
+
+// ../core/src/keychain/index.ts
+async function readKeychain(entry) {
+  if (process.platform === "win32") {
+    return readWindowsKeychain(entry);
+  }
+  if (process.platform === "darwin") {
+    return readMacosKeychain(entry);
+  }
+  if (process.platform === "linux") {
+    return readLinuxKeychain(entry);
+  }
+  return void 0;
+}
+
 // ../core/src/manifest/loadManifest.ts
 var import_promises2 = require("fs/promises");
 var import_node_path2 = __toESM(require("path"), 1);
@@ -191,6 +258,9 @@ var import_yaml = require("yaml");
 function parseYaml(source) {
   return (0, import_yaml.parse)(source);
 }
+function stringifyYaml(value) {
+  return (0, import_yaml.stringify)(value);
+}
 
 // ../core/src/manifest/normalizeManifest.ts
 var DEFAULT_RESOLVE_FROM = ["cli.profile", "env.CNOS_PROFILE", "default"];
@@ -278,22 +348,82 @@ function normalizeNamespaces(namespaces) {
 function normalizeVaults(vaults) {
   return Object.fromEntries(
     Object.entries(vaults ?? {}).map(([name, definition]) => {
+      const legacyPassphrase = definition.passphrase;
+      if (legacyPassphrase !== void 0) {
+        throw new CnosManifestError(
+          `Vault "${name}" uses legacy passphrase configuration. Use vaults.${name}.auth instead.`
+        );
+      }
       const provider = definition.provider?.trim();
       if (!provider) {
         throw new CnosManifestError(`Vault "${name}" requires a provider`);
       }
+      const normalizedAuth = normalizeVaultAuth(name, provider, definition.auth);
+      const normalizedMapping = Object.fromEntries(
+        Object.entries(definition.mapping ?? {}).filter(
+          (entry) => typeof entry[0] === "string" && typeof entry[1] === "string"
+        ).map(([envVar, logicalRef]) => [envVar.trim(), logicalRef.trim()]).filter(([envVar, logicalRef]) => envVar.length > 0 && logicalRef.length > 0)
+      );
       return [
         name,
         {
           provider,
-          ...definition.passphrase?.trim() ? {
-            passphrase: definition.passphrase.trim()
+          auth: normalizedAuth,
+          ...Object.keys(normalizedMapping).length > 0 ? {
+            mapping: normalizedMapping
           } : {}
         }
       ];
     })
   );
 }
+function normalizeAuthSources(value) {
+  if (!value || typeof value !== "object" || Array.isArray(value)) {
+    return void 0;
+  }
+  const sources = Array.isArray(value.from) ? value.from : void 0;
+  const normalized = (sources ?? []).map((entry) => typeof entry === "string" ? entry.trim() : "").filter(Boolean);
+  return normalized.length > 0 ? normalized : void 0;
+}
+function normalizeVaultAuth(vaultName, provider, auth) {
+  if (provider === "local") {
+    const passphraseSources = normalizeAuthSources(auth?.passphrase);
+    const defaultToken = vaultName.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
+    const defaultSources = [
+      ...defaultToken ? [`env:CNOS_SECRET_PASSPHRASE_${defaultToken}`] : [],
+      "env:CNOS_SECRET_PASSPHRASE",
+      `keychain:cnos/${vaultName}`,
+      "prompt"
+    ];
+    return {
+      method: auth?.method ?? "passphrase",
+      passphrase: {
+        from: passphraseSources ?? defaultSources
+      },
+      ...auth?.config ? { config: auth.config } : {}
+    };
+  }
+  if (provider === "github-secrets") {
+    return {
+      method: auth?.method ?? "environment",
+      ...auth?.config ? { config: auth.config } : {}
+    };
+  }
+  return {
+    ...auth?.method ? { method: auth.method } : {},
+    ...normalizeAuthSources(auth?.passphrase) ? {
+      passphrase: {
+        from: normalizeAuthSources(auth?.passphrase) ?? []
+      }
+    } : {},
+    ...normalizeAuthSources(auth?.token) ? {
+      token: {
+        from: normalizeAuthSources(auth?.token) ?? []
+      }
+    } : {},
+    ...auth?.config ? { config: auth.config } : {}
+  };
+}
 function normalizeManifest(manifest) {
   const version = manifest.version ?? 1;
   if (version !== 1) {
@@ -1097,6 +1227,712 @@ async function runPipeline(options) {
   return collectedEntries.flat();
 }
 
+// ../core/src/secrets/auditLog.ts
+var import_promises8 = require("fs/promises");
+var import_node_path8 = __toESM(require("path"), 1);
+
+// ../core/src/utils/secretStore.ts
+var import_node_crypto = require("crypto");
+var import_promises7 = require("fs/promises");
+var import_node_path7 = __toESM(require("path"), 1);
+
+// ../core/src/secrets/sessionStore.ts
+var import_promises6 = require("fs/promises");
+var import_node_path6 = __toESM(require("path"), 1);
+function buildSessionRoot(processEnv = process.env) {
+  return import_node_path6.default.join(import_node_path6.default.resolve(expandHomePath(processEnv.CNOS_SECRET_HOME ?? "~/.cnos/secrets")), "sessions");
+}
+function buildSessionPath(vault, processEnv) {
+  return import_node_path6.default.join(buildSessionRoot(processEnv), `${vault}.json`);
+}
+async function readVaultSessionKey(vault, processEnv) {
+  try {
+    const source = await (0, import_promises6.readFile)(buildSessionPath(vault, processEnv), "utf8");
+    const document = JSON.parse(source);
+    if (document.version !== 1 || typeof document.derivedKey !== "string") {
+      return void 0;
+    }
+    const key = Buffer.from(document.derivedKey, "hex");
+    return key.length > 0 ? key : void 0;
+  } catch {
+    return void 0;
+  }
+}
+
+// ../core/src/utils/secretStore.ts
+var KEY_LENGTH = 32;
+var SALT_LENGTH = 32;
+var IV_LENGTH = 12;
+var AUTH_TAG_LENGTH = 16;
+var PBKDF2_ITERATIONS = 6e5;
+var KEYSTORE_VERSION = 1;
+var METADATA_VERSION = 1;
+var META_FILENAME = "meta.yml";
+var KEYSTORE_FILENAME = "keystore.enc";
+function isObject(value) {
+  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
+}
+function isSecretReference(value) {
+  return isObject(value) && typeof value.provider === "string" && value.provider.trim().length > 0 && typeof value.ref === "string" && value.ref.trim().length > 0 && (value.vault === void 0 && true || typeof value.vault === "string" && value.vault.trim().length > 0) && Object.keys(value).every((key) => ["provider", "ref", "vault"].includes(key));
+}
+function resolveSecretStoreRoot(processEnv = process.env) {
+  return import_node_path7.default.resolve(expandHomePath(processEnv.CNOS_SECRET_HOME ?? "~/.cnos/secrets"));
+}
+function normalizeVaultToken(vault = "default") {
+  return vault.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
+}
+function getVaultPassphraseEnvVar(vault = "default") {
+  const vaultToken = normalizeVaultToken(vault);
+  return vaultToken && vaultToken !== "DEFAULT" ? `CNOS_SECRET_PASSPHRASE_${vaultToken}` : "CNOS_SECRET_PASSPHRASE";
+}
+function getVaultSessionKeyEnvVar(vault = "default") {
+  const vaultToken = normalizeVaultToken(vault);
+  return `__CNOS_VAULT_KEY_${vaultToken || "DEFAULT"}__`;
+}
+function resolveSecretPassphrase(vault = "default", processEnv = process.env) {
+  return processEnv[getVaultPassphraseEnvVar(vault)] ?? processEnv.CNOS_SECRET_PASSPHRASE;
+}
+function resolveVaultSessionKey(vault = "default", processEnv = process.env) {
+  const encoded = processEnv[getVaultSessionKeyEnvVar(vault)];
+  if (!encoded) {
+    return readVaultSessionKey(vault, processEnv);
+  }
+  try {
+    const key = Buffer.from(encoded, "hex");
+    return key.length === KEY_LENGTH ? key : void 0;
+  } catch {
+    return void 0;
+  }
+}
+function deriveVaultKey(passphrase, salt, iterations = PBKDF2_ITERATIONS) {
+  return (0, import_node_crypto.pbkdf2Sync)(passphrase, salt, iterations, KEY_LENGTH, "sha512");
+}
+function buildMetaPath(storeRoot, vault = "default") {
+  return import_node_path7.default.join(storeRoot, "vaults", vault, META_FILENAME);
+}
+function buildKeystorePath(storeRoot, vault = "default") {
+  return import_node_path7.default.join(storeRoot, "vaults", vault, KEYSTORE_FILENAME);
+}
+function buildLegacyVaultFile(storeRoot, vault = "default") {
+  return import_node_path7.default.join(storeRoot, "vaults", `${vault}.json`);
+}
+function buildLegacyVaultStoreRoot(storeRoot, vault = "default") {
+  return import_node_path7.default.join(storeRoot, "vaults", vault, "store");
+}
+function assertVaultMetadata(value, filePath) {
+  if (!isObject(value)) {
+    throw new CnosManifestError("Invalid CNOS vault metadata", filePath);
+  }
+  if (value.version !== METADATA_VERSION || value.algorithm !== "aes-256-gcm" || value.kdf !== "pbkdf2-sha512" || typeof value.iterations !== "number" || typeof value.salt !== "string" || typeof value.createdAt !== "string" || typeof value.secretCount !== "number") {
+    throw new CnosManifestError("Invalid CNOS vault metadata", filePath);
+  }
+  return value;
+}
+async function exists3(targetPath) {
+  try {
+    await (0, import_promises7.stat)(targetPath);
+    return true;
+  } catch {
+    return false;
+  }
+}
+async function detectLegacyVaultFormat(storeRoot, vault = "default") {
+  const legacyFile = buildLegacyVaultFile(storeRoot, vault);
+  const legacyStore = buildLegacyVaultStoreRoot(storeRoot, vault);
+  if (await exists3(legacyFile)) {
+    return legacyFile;
+  }
+  if (await exists3(legacyStore)) {
+    return legacyStore;
+  }
+  return void 0;
+}
+async function assertNoLegacyVaultFormat(storeRoot, vault = "default") {
+  const legacyPath = await detectLegacyVaultFormat(storeRoot, vault);
+  if (!legacyPath) {
+    return;
+  }
+  throw new CnosSecurityError(
+    `Legacy CNOS local vault format detected for vault "${vault}" at ${legacyPath}. CNOS 1.4 requires the new keystore format. Remove and recreate the vault.`
+  );
+}
+function encryptPayload(payload, key) {
+  const iv = (0, import_node_crypto.randomBytes)(IV_LENGTH);
+  const cipher = (0, import_node_crypto.createCipheriv)("aes-256-gcm", key, iv);
+  const plaintext = Buffer.from(JSON.stringify(payload), "utf8");
+  const ciphertext = Buffer.concat([cipher.update(plaintext), cipher.final()]);
+  const tag = cipher.getAuthTag();
+  return Buffer.concat([
+    Buffer.from(Uint32Array.of(KEYSTORE_VERSION).buffer),
+    iv,
+    tag,
+    ciphertext
+  ]);
+}
+function decryptPayload(buffer, key) {
+  if (buffer.length < 4 + IV_LENGTH + AUTH_TAG_LENGTH) {
+    throw new CnosSecurityError("Invalid CNOS local vault keystore");
+  }
+  const version = buffer.readUInt32LE(0);
+  if (version !== KEYSTORE_VERSION) {
+    throw new CnosSecurityError(`Unsupported CNOS local vault keystore version: ${version}`);
+  }
+  const ivOffset = 4;
+  const tagOffset = ivOffset + IV_LENGTH;
+  const cipherOffset = tagOffset + AUTH_TAG_LENGTH;
+  const iv = buffer.subarray(ivOffset, tagOffset);
+  const tag = buffer.subarray(tagOffset, cipherOffset);
+  const ciphertext = buffer.subarray(cipherOffset);
+  const decipher = (0, import_node_crypto.createDecipheriv)("aes-256-gcm", key, iv);
+  decipher.setAuthTag(tag);
+  try {
+    const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
+    const payload = JSON.parse(plaintext);
+    if (!payload || !isObject(payload.secrets) || !isObject(payload.metadata)) {
+      throw new Error("invalid");
+    }
+    return {
+      secrets: Object.fromEntries(
+        Object.entries(payload.secrets).filter((entry) => typeof entry[1] === "string")
+      ),
+      metadata: Object.fromEntries(
+        Object.entries(payload.metadata).filter(
+          (entry) => isObject(entry[1]) && typeof entry[1].createdAt === "string" && typeof entry[1].updatedAt === "string"
+        )
+      )
+    };
+  } catch {
+    throw new CnosAuthenticationError("Failed to decrypt CNOS local vault. Check vault authentication.");
+  }
+}
+function buildInitialPayload() {
+  return {
+    secrets: {},
+    metadata: {}
+  };
+}
+async function writeVaultFiles(storeRoot, vault, meta, payload, key) {
+  const metaPath = buildMetaPath(storeRoot, vault);
+  const keystorePath = buildKeystorePath(storeRoot, vault);
+  await (0, import_promises7.mkdir)(import_node_path7.default.dirname(metaPath), { recursive: true });
+  await (0, import_promises7.writeFile)(metaPath, stringifyYaml(meta), "utf8");
+  await (0, import_promises7.writeFile)(keystorePath, encryptPayload(payload, key));
+}
+async function readVaultMetadata(storeRoot, vault = "default") {
+  await assertNoLegacyVaultFormat(storeRoot, vault);
+  const metaPath = buildMetaPath(storeRoot, vault);
+  try {
+    const source = await (0, import_promises7.readFile)(metaPath, "utf8");
+    return assertVaultMetadata(parseYaml(source), metaPath);
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return void 0;
+    }
+    throw error;
+  }
+}
+async function createSecretVault(storeRoot, vault, passphrase) {
+  const normalizedVault = vault.trim() || "default";
+  await assertNoLegacyVaultFormat(storeRoot, normalizedVault);
+  const salt = (0, import_node_crypto.randomBytes)(SALT_LENGTH);
+  const key = deriveVaultKey(passphrase, salt, PBKDF2_ITERATIONS);
+  const createdAt = (/* @__PURE__ */ new Date()).toISOString();
+  const meta = {
+    version: METADATA_VERSION,
+    algorithm: "aes-256-gcm",
+    kdf: "pbkdf2-sha512",
+    iterations: PBKDF2_ITERATIONS,
+    salt: salt.toString("base64"),
+    createdAt,
+    secretCount: 0
+  };
+  await writeVaultFiles(storeRoot, normalizedVault, meta, buildInitialPayload(), key);
+  return buildMetaPath(storeRoot, normalizedVault);
+}
+async function ensureSecretVault(storeRoot, vault, passphrase) {
+  const normalizedVault = vault.trim() || "default";
+  const meta = await readVaultMetadata(storeRoot, normalizedVault);
+  if (meta) {
+    return buildMetaPath(storeRoot, normalizedVault);
+  }
+  return createSecretVault(storeRoot, normalizedVault, passphrase);
+}
+function resolveConfiguredVaultPassphrase(definition, vault = "default", processEnv = process.env) {
+  if (definition?.provider !== "local") {
+    return void 0;
+  }
+  const configuredSources = definition.auth?.passphrase?.from ?? [];
+  for (const source of configuredSources) {
+    if (source.startsWith("env:")) {
+      const value = processEnv[source.slice(4)];
+      if (value) {
+        return value;
+      }
+    }
+  }
+  return resolveSecretPassphrase(vault, processEnv);
+}
+async function resolveVaultAccessKey(storeRoot, definition, vault = "default", processEnv = process.env) {
+  if (definition?.provider !== "local") {
+    return definition?.provider === "github-secrets" ? {
+      method: definition.auth?.method ?? "environment",
+      ...definition?.auth?.config ? { config: definition.auth.config } : {}
+    } : void 0;
+  }
+  const sessionKey = await resolveVaultSessionKey(vault, processEnv);
+  if (sessionKey) {
+    return {
+      derivedKey: sessionKey,
+      method: "keychain",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  const passphrase = resolveConfiguredVaultPassphrase(definition, vault, processEnv);
+  if (passphrase) {
+    return {
+      passphrase,
+      method: "passphrase",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  const metadata = await readVaultMetadata(storeRoot, vault);
+  if (!metadata) {
+    return void 0;
+  }
+  throw new CnosAuthenticationError(
+    `Cannot authenticate to vault "${vault}". Set ${getVaultPassphraseEnvVar(vault)} or run cnos vault auth ${vault}.`
+  );
+}
+async function loadVaultPayload(storeRoot, vault, auth) {
+  const meta = await readVaultMetadata(storeRoot, vault);
+  if (!meta) {
+    throw new CnosManifestError(`Missing CNOS vault metadata for "${vault}"`);
+  }
+  const salt = Buffer.from(meta.salt, "base64");
+  const key = auth.derivedKey ?? (auth.passphrase ? deriveVaultKey(auth.passphrase, salt, meta.iterations) : void 0);
+  if (!key) {
+    throw new CnosAuthenticationError(`Vault "${vault}" requires authentication before access.`);
+  }
+  const buffer = await (0, import_promises7.readFile)(buildKeystorePath(storeRoot, vault));
+  return {
+    meta,
+    payload: decryptPayload(buffer, key),
+    key
+  };
+}
+async function writeLocalSecret(storeRoot, ref, value, authOrPassphrase, vault = "default") {
+  const auth = typeof authOrPassphrase === "string" ? {
+    passphrase: authOrPassphrase,
+    method: "passphrase"
+  } : authOrPassphrase;
+  if (auth.passphrase) {
+    await ensureSecretVault(storeRoot, vault, auth.passphrase);
+  } else {
+    const meta2 = await readVaultMetadata(storeRoot, vault);
+    if (!meta2) {
+      throw new CnosAuthenticationError(`Vault "${vault}" requires passphrase-based authentication for initial creation.`);
+    }
+  }
+  const { meta, payload, key } = await loadVaultPayload(storeRoot, vault, auth);
+  const now = (/* @__PURE__ */ new Date()).toISOString();
+  const existing = payload.metadata[ref];
+  payload.secrets[ref] = value;
+  payload.metadata[ref] = {
+    createdAt: existing?.createdAt ?? now,
+    updatedAt: now
+  };
+  const nextMeta = {
+    ...meta,
+    secretCount: Object.keys(payload.secrets).length
+  };
+  await writeVaultFiles(storeRoot, vault, nextMeta, payload, key);
+  return buildKeystorePath(storeRoot, vault);
+}
+async function deleteLocalSecret(storeRoot, ref, auth, vault = "default") {
+  const { meta, payload, key } = await loadVaultPayload(storeRoot, vault, auth);
+  if (!(ref in payload.secrets)) {
+    return false;
+  }
+  delete payload.secrets[ref];
+  delete payload.metadata[ref];
+  const nextMeta = {
+    ...meta,
+    secretCount: Object.keys(payload.secrets).length
+  };
+  await writeVaultFiles(storeRoot, vault, nextMeta, payload, key);
+  return true;
+}
+async function readLocalSecret(storeRoot, ref, auth, vault = "default") {
+  const { payload } = await loadVaultPayload(storeRoot, vault, auth);
+  const value = payload.secrets[ref];
+  if (value === void 0) {
+    throw new CnosManifestError(`Missing local secret ref "${ref}" in vault "${vault}"`);
+  }
+  return value;
+}
+async function listLocalSecrets(storeRoot, auth, vault = "default") {
+  const { payload } = await loadVaultPayload(storeRoot, vault, auth);
+  return Object.keys(payload.secrets).sort((left, right) => left.localeCompare(right));
+}
+function resolveVaultDefinition(vaults, vault = "default") {
+  const definition = vaults?.[vault];
+  const provider = definition?.provider ?? "local";
+  return {
+    name: vault,
+    provider,
+    ...definition?.auth ? { auth: definition.auth } : {},
+    ...definition?.mapping ? { mapping: definition.mapping } : {},
+    requiresAuthentication: provider === "local"
+  };
+}
+
+// ../core/src/secrets/auditLog.ts
+async function appendAuditEvent(event, processEnv = process.env) {
+  const auditFile = processEnv.CNOS_AUDIT_FILE ?? import_node_path8.default.join(resolveSecretStoreRoot(processEnv), "audit", "access.log");
+  await (0, import_promises8.mkdir)(import_node_path8.default.dirname(auditFile), { recursive: true });
+  await (0, import_promises8.appendFile)(
+    auditFile,
+    `${JSON.stringify({
+      ts: (/* @__PURE__ */ new Date()).toISOString(),
+      ...event
+    })}
+`,
+    "utf8"
+  );
+}
+
+// ../core/src/secrets/secretCache.ts
+var SecretCache = class {
+  cache = /* @__PURE__ */ new Map();
+  authenticated = /* @__PURE__ */ new Set();
+  load(vaultId, secrets) {
+    this.authenticated.add(vaultId);
+    for (const [ref, value] of secrets) {
+      this.cache.set(`${vaultId}:${ref}`, value);
+    }
+  }
+  isVaultAuthenticated(vaultId) {
+    return this.authenticated.has(vaultId);
+  }
+  get(vaultId, ref) {
+    return this.cache.get(`${vaultId}:${ref}`);
+  }
+  clear(vaultId) {
+    if (!vaultId) {
+      this.cache.clear();
+      this.authenticated.clear();
+      return;
+    }
+    this.authenticated.delete(vaultId);
+    for (const key of Array.from(this.cache.keys())) {
+      if (key.startsWith(`${vaultId}:`)) {
+        this.cache.delete(key);
+      }
+    }
+  }
+};
+
+// ../core/src/secrets/providers/github.ts
+var GithubSecretsVaultProvider = class {
+  constructor(vaultId, definition, processEnv = process.env) {
+    this.vaultId = vaultId;
+    this.definition = definition;
+    this.processEnv = processEnv;
+  }
+  vaultId;
+  definition;
+  processEnv;
+  authenticated = false;
+  async authenticate(_authConfig) {
+    void _authConfig;
+    this.authenticated = true;
+  }
+  isAuthenticated() {
+    return this.authenticated;
+  }
+  resolveEnvVar(ref) {
+    if (this.processEnv[ref] !== void 0) {
+      return ref;
+    }
+    return Object.entries(this.definition.mapping ?? {}).find(([, logicalRef]) => logicalRef === ref)?.[0];
+  }
+  async batchGet(refs) {
+    this.authenticated = true;
+    const resolved = /* @__PURE__ */ new Map();
+    for (const ref of Array.from(new Set(refs)).sort((left, right) => left.localeCompare(right))) {
+      const envVar = this.resolveEnvVar(ref);
+      const value = envVar ? this.processEnv[envVar] : void 0;
+      if (value !== void 0) {
+        resolved.set(ref, value);
+      }
+    }
+    return resolved;
+  }
+  async get(ref) {
+    const envVar = this.resolveEnvVar(ref);
+    this.authenticated = true;
+    return envVar ? this.processEnv[envVar] : void 0;
+  }
+  async set(ref, value) {
+    void ref;
+    void value;
+    throw new Error(`Vault "${this.vaultId}" is environment-backed and cannot be written by CNOS.`);
+  }
+  async delete(ref) {
+    void ref;
+    throw new Error(`Vault "${this.vaultId}" is environment-backed and cannot be mutated by CNOS.`);
+  }
+  async list() {
+    return Object.values(this.definition.mapping ?? {}).sort((left, right) => left.localeCompare(right));
+  }
+};
+
+// ../core/src/secrets/providers/local.ts
+var LocalSecretVaultProvider = class _LocalSecretVaultProvider {
+  constructor(vaultId, definition, processEnv = process.env, storeRoot = resolveSecretStoreRoot(processEnv)) {
+    this.vaultId = vaultId;
+    this.processEnv = processEnv;
+    this.storeRoot = storeRoot;
+    this.definition = definition;
+  }
+  vaultId;
+  processEnv;
+  storeRoot;
+  authConfig;
+  definition;
+  static fromVaults(vaults, vaultId, processEnv) {
+    const definition = resolveVaultDefinition(vaults, vaultId);
+    return new _LocalSecretVaultProvider(vaultId, definition, processEnv);
+  }
+  async authenticate(authConfig) {
+    this.authConfig = authConfig;
+    await this.list();
+  }
+  isAuthenticated() {
+    return Boolean(this.authConfig);
+  }
+  async requireAuth() {
+    if (this.authConfig) {
+      return this.authConfig;
+    }
+    const resolved = await resolveVaultAccessKey(this.storeRoot, this.definition, this.vaultId, this.processEnv);
+    if (!resolved) {
+      throw new CnosAuthenticationError(
+        `Cannot authenticate to vault "${this.vaultId}". Set the configured passphrase env var or run cnos vault auth ${this.vaultId}.`
+      );
+    }
+    this.authConfig = resolved;
+    return resolved;
+  }
+  async batchGet(refs) {
+    const auth = await this.requireAuth();
+    const entries = await Promise.all(
+      Array.from(new Set(refs)).sort((left, right) => left.localeCompare(right)).map(async (ref) => [ref, await readLocalSecret(this.storeRoot, ref, auth, this.vaultId)])
+    );
+    return new Map(entries);
+  }
+  async get(ref) {
+    const auth = await this.requireAuth();
+    try {
+      return await readLocalSecret(this.storeRoot, ref, auth, this.vaultId);
+    } catch {
+      return void 0;
+    }
+  }
+  async set(ref, value) {
+    const auth = await this.requireAuth();
+    await writeLocalSecret(this.storeRoot, ref, value, auth, this.vaultId);
+    await appendAuditEvent(
+      {
+        action: "write",
+        vault: this.vaultId,
+        ref,
+        caller: "cli"
+      },
+      this.processEnv
+    );
+  }
+  async delete(ref) {
+    const auth = await this.requireAuth();
+    await deleteLocalSecret(this.storeRoot, ref, auth, this.vaultId);
+    await appendAuditEvent(
+      {
+        action: "delete",
+        vault: this.vaultId,
+        ref,
+        caller: "cli"
+      },
+      this.processEnv
+    );
+  }
+  async list() {
+    const auth = this.authConfig ?? await resolveVaultAccessKey(this.storeRoot, this.definition, this.vaultId, this.processEnv);
+    if (!auth) {
+      throw new CnosAuthenticationError(
+        `Cannot authenticate to vault "${this.vaultId}". Set the configured passphrase env var or run cnos vault auth ${this.vaultId}.`
+      );
+    }
+    this.authConfig = auth;
+    return listLocalSecrets(this.storeRoot, auth, this.vaultId);
+  }
+};
+
+// ../core/src/secrets/providers/registry.ts
+function createSecretVaultProvider(vaultId, definition, processEnv) {
+  if (definition.provider === "local") {
+    return new LocalSecretVaultProvider(vaultId, definition, processEnv);
+  }
+  if (definition.provider === "github-secrets") {
+    return new GithubSecretsVaultProvider(vaultId, definition, processEnv);
+  }
+  throw new CnosManifestError(`Unsupported vault provider: ${definition.provider}`);
+}
+
+// ../core/src/secrets/prompt.ts
+var import_node_readline = __toESM(require("readline"), 1);
+var import_node_stream = require("stream");
+async function promptHidden(message) {
+  if (!process.stdin.isTTY || !process.stdout.isTTY) {
+    return void 0;
+  }
+  const mutableStdout = new WritableMask();
+  const rl = import_node_readline.default.createInterface({
+    input: process.stdin,
+    output: mutableStdout,
+    terminal: true
+  });
+  try {
+    mutableStdout.muted = true;
+    const value = await new Promise((resolve) => {
+      rl.question(message, resolve);
+    });
+    process.stdout.write("\n");
+    return value;
+  } finally {
+    rl.close();
+  }
+}
+var WritableMask = class extends import_node_stream.Writable {
+  muted = false;
+  _write(chunk, _encoding, callback) {
+    if (!this.muted) {
+      process.stdout.write(chunk);
+    }
+    callback();
+  }
+};
+
+// ../core/src/secrets/resolveAuth.ts
+function toAuthError(vaultId, sources) {
+  return new CnosAuthenticationError(
+    `Cannot authenticate to vault "${vaultId}". Tried: ${sources.join(", ")}. Set ${getVaultPassphraseEnvVar(vaultId)} or run cnos vault auth ${vaultId}.`
+  );
+}
+async function resolveVaultAuth(vaultId, definition, processEnv = process.env) {
+  const sessionKey = await resolveVaultSessionKey(vaultId, processEnv);
+  if (sessionKey) {
+    return {
+      derivedKey: sessionKey,
+      method: "keychain",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  if (definition.provider === "github-secrets") {
+    return {
+      method: definition.auth?.method ?? "environment",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  const sources = definition.auth?.passphrase?.from ?? [getVaultPassphraseEnvVar(vaultId)];
+  for (const source of sources) {
+    if (source.startsWith("env:")) {
+      const value = processEnv[source.slice(4)];
+      if (value) {
+        return {
+          passphrase: value,
+          method: "passphrase",
+          ...definition.auth?.config ? { config: definition.auth.config } : {}
+        };
+      }
+    }
+    if (source.startsWith("keychain:")) {
+      const value = await readKeychain(source.slice("keychain:".length));
+      if (value) {
+        return {
+          derivedKey: Buffer.from(value, "hex"),
+          method: "keychain",
+          ...definition.auth?.config ? { config: definition.auth.config } : {}
+        };
+      }
+    }
+    if (source === "prompt") {
+      const value = await promptHidden(`Enter passphrase for vault "${vaultId}": `);
+      if (value) {
+        return {
+          passphrase: value,
+          method: "passphrase",
+          ...definition.auth?.config ? { config: definition.auth.config } : {}
+        };
+      }
+    }
+  }
+  const fallback = resolveSecretPassphrase(vaultId, processEnv);
+  if (fallback) {
+    return {
+      passphrase: fallback,
+      method: "passphrase",
+      ...definition.auth?.config ? { config: definition.auth.config } : {}
+    };
+  }
+  throw toAuthError(vaultId, [getVaultSessionKeyEnvVar(vaultId), ...sources]);
+}
+
+// ../core/src/secrets/batchResolve.ts
+function collectSecretDescriptors(graph) {
+  return Array.from(graph.entries.values()).filter((entry) => entry.namespace === "secret" && isSecretReference(entry.value)).map((entry) => ({
+    logicalKey: entry.key,
+    ref: entry.value
+  }));
+}
+async function batchResolveSecrets(graph, manifest, processEnv = process.env) {
+  const cache = new SecretCache();
+  const descriptors = collectSecretDescriptors(graph);
+  const grouped = descriptors.reduce((accumulator, descriptor) => {
+    const vaultId = descriptor.ref.vault ?? "default";
+    const bucket = accumulator.get(vaultId) ?? [];
+    bucket.push(descriptor);
+    accumulator.set(vaultId, bucket);
+    return accumulator;
+  }, /* @__PURE__ */ new Map());
+  for (const [vaultId, refs] of grouped) {
+    const definition = manifest.vaults[vaultId] ?? { provider: "local", auth: { passphrase: { from: [] } } };
+    const provider = createSecretVaultProvider(vaultId, definition, processEnv);
+    const auth = await resolveVaultAuth(vaultId, definition, processEnv);
+    await provider.authenticate(auth);
+    const resolved = await provider.batchGet(refs.map((entry) => entry.ref.ref));
+    cache.load(vaultId, resolved);
+    await appendAuditEvent(
+      {
+        action: "batch_read",
+        vault: vaultId,
+        refs: Array.from(resolved.keys()).sort((left, right) => left.localeCompare(right)),
+        caller: "runtime",
+        workspace: graph.workspace.workspaceId,
+        profile: graph.profile
+      },
+      processEnv
+    );
+  }
+  return cache;
+}
+function resolveSecretEntryValue(key, value, cache) {
+  if (!key.startsWith("secret.") || !isSecretReference(value)) {
+    return value;
+  }
+  const vaultId = value.vault ?? "default";
+  return cache.get(vaultId, value.ref) ?? value;
+}
+
 // ../core/src/runtime/projection.ts
 function setNestedValue(target, pathSegments, value) {
   const [head, ...tail] = pathSegments;
@@ -1147,55 +1983,6 @@ function requireValue(graph, key) {
   return value;
 }
 
-// ../core/src/utils/secretStore.ts
-var import_node_crypto = require("crypto");
-var import_promises6 = require("fs/promises");
-var import_node_path6 = __toESM(require("path"), 1);
-function isObject(value) {
-  return Boolean(value) && typeof value === "object" && !Array.isArray(value);
-}
-function isSecretReference(value) {
-  return isObject(value) && typeof value.provider === "string" && value.provider.trim().length > 0 && typeof value.ref === "string" && value.ref.trim().length > 0 && (value.vault === void 0 && true || typeof value.vault === "string" && value.vault.trim().length > 0) && Object.keys(value).every((key) => ["provider", "ref", "vault"].includes(key));
-}
-function resolveSecretStoreRoot(processEnv = process.env) {
-  return import_node_path6.default.resolve(expandHomePath(processEnv.CNOS_SECRET_HOME ?? "~/.cnos/secrets"));
-}
-function resolveSecretStoreFile(storeRoot, ref, vault = "default") {
-  return import_node_path6.default.join(storeRoot, "vaults", vault, "store", ...ref.split("/")).concat(".json");
-}
-function deriveKey(passphrase, salt) {
-  return (0, import_node_crypto.scryptSync)(passphrase, salt, 32);
-}
-function resolveSecretPassphrase(vault = "default", processEnv = process.env) {
-  const vaultToken = vault.replace(/[^A-Za-z0-9]+/g, "_").replace(/^_+|_+$/g, "").toUpperCase();
-  return processEnv[`CNOS_SECRET_PASSPHRASE_${vaultToken}`] ?? processEnv.CNOS_SECRET_PASSPHRASE;
-}
-function decryptDocument(document, passphrase) {
-  const salt = Buffer.from(document.salt, "base64");
-  const iv = Buffer.from(document.iv, "base64");
-  const tag = Buffer.from(document.tag, "base64");
-  const ciphertext = Buffer.from(document.ciphertext, "base64");
-  const key = deriveKey(passphrase, salt);
-  const decipher = (0, import_node_crypto.createDecipheriv)("aes-256-gcm", key, iv);
-  decipher.setAuthTag(tag);
-  const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]);
-  return plaintext.toString("utf8");
-}
-async function readLocalSecret(storeRoot, ref, passphrase, vault = "default") {
-  if (!passphrase) {
-    throw new CnosManifestError(
-      `Missing CNOS secret passphrase for local secret ref "${ref}". Set CNOS_SECRET_PASSPHRASE or pass processEnv explicitly.`
-    );
-  }
-  const filePath = resolveSecretStoreFile(storeRoot, ref, vault);
-  const source = await (0, import_promises6.readFile)(filePath, "utf8");
-  const document = JSON.parse(source);
-  if (document.version !== 1 || document.algorithm !== "aes-256-gcm" || typeof document.salt !== "string" || typeof document.iv !== "string" || typeof document.tag !== "string" || typeof document.ciphertext !== "string") {
-    throw new CnosManifestError("Invalid local secret document", filePath);
-  }
-  return decryptDocument(document, passphrase);
-}
-
 // ../core/src/runtime/toEnv.ts
 function normalizeEnvValue(value) {
   if (value === void 0 || value === null) {
@@ -1277,28 +2064,42 @@ function toPublicEnv(graph, manifest, options = {}) {
 }
 
 // ../core/src/orchestrator/runtime.ts
-function createRuntime(manifest, graph, plugins = []) {
+function createRuntime(manifest, graph, plugins = [], secretCache) {
+  function readLogicalKey(key) {
+    const entry = graph.entries.get(key);
+    if (!entry) {
+      return void 0;
+    }
+    if (!secretCache) {
+      return entry.value;
+    }
+    return resolveSecretEntryValue(key, entry.value, secretCache);
+  }
   return {
     manifest,
     plugins,
     graph,
     read(key) {
-      return readValue(graph, key);
+      return readLogicalKey(key);
     },
     require(key) {
-      return requireValue(graph, key);
+      const value = readLogicalKey(key);
+      if (value === void 0) {
+        return requireValue(graph, key);
+      }
+      return value;
     },
     readOr(key, fallback) {
       return readOrValue(graph, key, fallback);
     },
-    value(path10) {
-      return readValue(graph, toLogicalKey("value", path10));
+    value(path12) {
+      return readLogicalKey(toLogicalKey("value", path12));
     },
-    secret(path10) {
-      return readValue(graph, toLogicalKey("secret", path10));
+    secret(path12) {
+      return readLogicalKey(toLogicalKey("secret", path12));
     },
-    meta(path10) {
-      return readValue(graph, toLogicalKey("meta", path10));
+    meta(path12) {
+      return readLogicalKey(toLogicalKey("meta", path12));
     },
     inspect(key) {
       return inspectValue(graph, key);
@@ -1456,19 +2257,21 @@ async function createCnos(options = {}) {
   });
   const schemaApplied = applySchemaRules(graph, loadedManifest.manifest.schema);
   const promotedGraph = promoteToPublic(schemaApplied.graph, loadedManifest.manifest);
+  const secretCache = options.secretResolution === "lazy" ? void 0 : await batchResolveSecrets(promotedGraph, loadedManifest.manifest, options.processEnv);
   return createRuntime(
     loadedManifest.manifest,
     appendMetaEntries({
       ...promotedGraph,
       profileSource: activeProfile.source
     }, options.cnosVersion),
-    plugins
+    plugins,
+    secretCache
   );
 }
 
 // ../core/src/runtime/dump.ts
-var import_promises7 = require("fs/promises");
-var import_node_path7 = __toESM(require("path"), 1);
+var import_promises9 = require("fs/promises");
+var import_node_path9 = __toESM(require("path"), 1);
 
 // ../core/src/utils/envNaming.ts
 function normalizeMappingConfig(config = {}) {
@@ -1477,8 +2280,8 @@ function normalizeMappingConfig(config = {}) {
     explicit: config.explicit ?? {}
   };
 }
-function fromScreamingSnake(path10) {
-  return path10.split("_").map((segment) => segment.trim().toLowerCase()).filter(Boolean).join(".");
+function fromScreamingSnake(path12) {
+  return path12.split("_").map((segment) => segment.trim().toLowerCase()).filter(Boolean).join(".");
 }
 function envVarToLogicalKey(envVar, config = {}) {
   const normalized = normalizeMappingConfig(config);
@@ -1505,7 +2308,7 @@ function envVarToLogicalKey(envVar, config = {}) {
 // package.json
 var package_default = {
   name: "@kitsy/cnos",
-  version: "1.2.0",
+  version: "1.3.0",
   description: "Batteries-included CNOS runtime package wired with the official plugins.",
   type: "module",
   main: "./dist/index.cjs",
@@ -1517,6 +2320,16 @@ var package_default = {
       import: "./dist/index.js",
       require: "./dist/index.cjs"
     },
+    "./configure": {
+      types: "./dist/configure/index.d.ts",
+      import: "./dist/configure/index.js",
+      require: "./dist/configure/index.cjs"
+    },
+    "./create": {
+      types: "./dist/configure/index.d.ts",
+      import: "./dist/configure/index.js",
+      require: "./dist/configure/index.cjs"
+    },
     "./internal": {
       types: "./dist/internal.d.ts",
       import: "./dist/internal.js",
@@ -1694,8 +2507,8 @@ function createCliArgsPlugin() {
 }
 
 // ../../plugins/dotenv/src/index.ts
-var import_promises8 = require("fs/promises");
-var import_node_path8 = __toESM(require("path"), 1);
+var import_promises10 = require("fs/promises");
+var import_node_path10 = __toESM(require("path"), 1);
 var DOTENV_PLUGIN_ID = "@kitsy/cnos/plugins/dotenv";
 function parseDoubleQuoted(value) {
   return value.replace(/\\n/g, "\n").replace(/\\r/g, "\r").replace(/\\t/g, "	").replace(/\\"/g, '"').replace(/\\\\/g, "\\");
@@ -1752,7 +2565,7 @@ function dotenvEntriesFromObject(values, mapping = {}, originFile, workspaceId =
 }
 async function readIfPresent(filePath) {
   try {
-    return await (0, import_promises8.readFile)(filePath, "utf8");
+    return await (0, import_promises10.readFile)(filePath, "utf8");
   } catch {
     return void 0;
   }
@@ -1771,7 +2584,7 @@ function createDotenvPlugin() {
           workspace: workspaceRoot.workspaceId
         });
         for (const fileName of fileNames) {
-          const absolutePath = import_node_path8.default.join(envRoot, fileName);
+          const absolutePath = import_node_path10.default.join(envRoot, fileName);
           const document = await readIfPresent(absolutePath);
           if (!document) {
             continue;
@@ -1780,7 +2593,7 @@ function createDotenvPlugin() {
             ...dotenvEntriesFromObject(
               parseDotenv(document),
               config.envMapping,
-              toPortablePath(import_node_path8.default.relative(import_node_path8.default.dirname(context.manifestRoot), absolutePath)),
+              toPortablePath(import_node_path10.default.relative(import_node_path10.default.dirname(context.manifestRoot), absolutePath)),
               workspaceRoot.workspaceId
             )
           );
@@ -1818,32 +2631,32 @@ function createPublicEnvExportPlugin() {
 }
 
 // ../../plugins/filesystem/src/filesystemSecretsReader.ts
-var import_promises10 = require("fs/promises");
+var import_promises12 = require("fs/promises");
 
 // ../../plugins/filesystem/src/helpers.ts
-var import_promises9 = require("fs/promises");
-var import_node_path9 = __toESM(require("path"), 1);
+var import_promises11 = require("fs/promises");
+var import_node_path11 = __toESM(require("path"), 1);
 var YAML_EXTENSIONS = /* @__PURE__ */ new Set([".yml", ".yaml"]);
 var FILESYSTEM_PLUGIN_ID = "@kitsy/cnos/plugins/filesystem";
 async function existsDirectory(targetPath) {
   try {
-    const stat = await (0, import_promises9.readdir)(targetPath);
-    void stat;
+    const stat2 = await (0, import_promises11.readdir)(targetPath);
+    void stat2;
     return true;
   } catch {
     return false;
   }
 }
 async function collectYamlFiles(root) {
-  const entries = await (0, import_promises9.readdir)(root, { withFileTypes: true });
+  const entries = await (0, import_promises11.readdir)(root, { withFileTypes: true });
   const results = [];
   for (const entry of entries.sort((left, right) => left.name.localeCompare(right.name))) {
-    const absolutePath = import_node_path9.default.join(root, entry.name);
+    const absolutePath = import_node_path11.default.join(root, entry.name);
     if (entry.isDirectory()) {
       results.push(...await collectYamlFiles(absolutePath));
       continue;
     }
-    if (entry.isFile() && YAML_EXTENSIONS.has(import_node_path9.default.extname(entry.name).toLowerCase())) {
+    if (entry.isFile() && YAML_EXTENSIONS.has(import_node_path11.default.extname(entry.name).toLowerCase())) {
       results.push(absolutePath);
     }
   }
@@ -1851,16 +2664,16 @@ async function collectYamlFiles(root) {
 }
 async function collectFilesystemLayerFiles(manifestRoot, workspaceRoots, sourceRoot, activeLayers) {
   const files = [];
-  const repoRoot = import_node_path9.default.dirname(manifestRoot);
+  const repoRoot = import_node_path11.default.dirname(manifestRoot);
   for (const workspaceRoot of workspaceRoots) {
-    const resolvedRoot = import_node_path9.default.resolve(workspaceRoot.path, sourceRoot);
+    const resolvedRoot = import_node_path11.default.resolve(workspaceRoot.path, sourceRoot);
     for (const layer of activeLayers) {
-      const layerRoot = import_node_path9.default.join(resolvedRoot, layer);
+      const layerRoot = import_node_path11.default.join(resolvedRoot, layer);
       if (!await existsDirectory(layerRoot)) {
         continue;
       }
       for (const absolutePath of await collectYamlFiles(layerRoot)) {
-        const relativePath = import_node_path9.default.relative(repoRoot, absolutePath);
+        const relativePath = import_node_path11.default.relative(repoRoot, absolutePath);
         files.push({
           absolutePath,
           relativePath: toPortablePath(relativePath.startsWith("..") ? absolutePath : relativePath),
@@ -1910,31 +2723,6 @@ function yamlObjectToEntries(document, filePath, namespace, sourceId, workspaceI
     }
   }));
 }
-async function resolveSecretValue(value, processEnv) {
-  if (!isSecretReference(value)) {
-    return value;
-  }
-  if (value.provider === "local") {
-    const passphrase = resolveSecretPassphrase(value.vault, processEnv);
-    if (!passphrase) {
-      return value;
-    }
-    return readLocalSecret(
-      resolveSecretStoreRoot(processEnv),
-      value.ref,
-      passphrase,
-      value.vault
-    );
-  }
-  if (value.provider === "env" || value.provider === "github-secrets") {
-    const resolved = processEnv?.[value.ref];
-    if (resolved === void 0) {
-      return value;
-    }
-    return resolved;
-  }
-  return value;
-}
 function toSecretReferenceMetadata(value) {
   if (!isSecretReference(value)) {
     return void 0;
@@ -1962,14 +2750,12 @@ function createFilesystemSecretsPlugin() {
       );
       const entries = [];
       for (const file of files) {
-        const document = await (0, import_promises10.readFile)(file.absolutePath, "utf8");
+        const document = await (0, import_promises12.readFile)(file.absolutePath, "utf8");
         const fileEntries = filesystemSecretsReader(file.relativePath, document, file.workspaceId);
         for (const entry of fileEntries) {
           const metadata = toSecretReferenceMetadata(entry.value);
-          const resolvedValue = await resolveSecretValue(entry.value, context.processEnv);
           entries.push({
             ...entry,
-            value: resolvedValue,
             ...metadata ? { metadata } : {}
           });
         }
@@ -1980,7 +2766,7 @@ function createFilesystemSecretsPlugin() {
 }
 
 // ../../plugins/filesystem/src/filesystemValuesReader.ts
-var import_promises11 = require("fs/promises");
+var import_promises13 = require("fs/promises");
 function filesystemValuesReader(filePath, document, workspaceId = "default") {
   return yamlObjectToEntries(document, filePath, "value", "filesystem-values", workspaceId);
 }
@@ -1998,7 +2784,7 @@ function createFilesystemValuesPlugin() {
       );
       const entries = [];
       for (const file of files) {
-        const document = await (0, import_promises11.readFile)(file.absolutePath, "utf8");
+        const document = await (0, import_promises13.readFile)(file.absolutePath, "utf8");
         entries.push(...filesystemValuesReader(file.relativePath, document, file.workspaceId));
       }
       return entries;
@@ -2065,12 +2851,14 @@ function defaultPlugins() {
 // src/runtime/state.ts
 var singletonRuntime;
 var singletonReady;
+var bootstrappedSecretHydrationRequired = false;
 function getSingletonRuntime() {
   return singletonRuntime;
 }
 function setSingletonRuntime(runtime) {
   singletonRuntime = runtime;
   singletonReady = Promise.resolve(runtime);
+  bootstrappedSecretHydrationRequired = false;
   return runtime;
 }
 function getSingletonReady() {
@@ -2080,11 +2868,18 @@ function setSingletonReady(promise) {
   singletonReady = promise;
   return promise;
 }
+function getBootstrappedSecretHydrationRequired() {
+  return bootstrappedSecretHydrationRequired;
+}
+function setBootstrappedSecretHydrationRequired(value) {
+  bootstrappedSecretHydrationRequired = value;
+}
 
 // src/createCnos.ts
 async function createCnos2(options = {}) {
   const runtime = await createCnos({
     ...options,
+    processEnv: options.processEnv ?? process.env,
     cnosVersion: package_default.version,
     plugins: [...defaultPlugins(), ...options.plugins ?? []]
   });
@@ -2093,7 +2888,10 @@ async function createCnos2(options = {}) {
 }
 
 // src/runtime/bootstrap.ts
+var import_node_crypto2 = require("crypto");
 var CNOS_GRAPH_ENV_VAR = "__CNOS_GRAPH__";
+var CNOS_SECRET_PAYLOAD_ENV_VAR = "__CNOS_SECRET_PAYLOAD__";
+var CNOS_SESSION_KEY_ENV_VAR = "__CNOS_SESSION_KEY__";
 function deserializeRuntimeGraph(source) {
   const payload = JSON.parse(source);
   if (!payload || !Array.isArray(payload.entries) || typeof payload.profile !== "string" || typeof payload.resolvedAt !== "string" || !payload.profileSource || !payload.workspace || typeof payload.workspace.workspaceId !== "string" || !Array.isArray(payload.workspace.workspaceChain) || !Array.isArray(payload.workspace.workspaceRoots)) {
@@ -2118,12 +2916,41 @@ function deserializeRuntimeGraph(source) {
     workspace: payload.workspace
   };
 }
+function decryptSecretPayload(serialized, sessionKey) {
+  const payload = JSON.parse(serialized);
+  if (!payload || typeof payload.iv !== "string" || typeof payload.tag !== "string" || typeof payload.ciphertext !== "string") {
+    throw new Error("Invalid CNOS secret payload");
+  }
+  const key = Buffer.from(sessionKey, "hex");
+  const iv = Buffer.from(payload.iv, "base64");
+  const tag = Buffer.from(payload.tag, "base64");
+  const ciphertext = Buffer.from(payload.ciphertext, "base64");
+  const decipher = (0, import_node_crypto2.createDecipheriv)("aes-256-gcm", key, iv);
+  decipher.setAuthTag(tag);
+  const plaintext = Buffer.concat([decipher.update(ciphertext), decipher.final()]).toString("utf8");
+  return JSON.parse(plaintext);
+}
 function readRuntimeGraphFromEnv(processEnv = process.env) {
   const serialized = processEnv[CNOS_GRAPH_ENV_VAR];
   if (!serialized) {
     return void 0;
   }
-  return deserializeRuntimeGraph(serialized);
+  const graph = deserializeRuntimeGraph(serialized);
+  const secretPayload = processEnv[CNOS_SECRET_PAYLOAD_ENV_VAR];
+  const sessionKey = processEnv[CNOS_SESSION_KEY_ENV_VAR];
+  if (secretPayload && sessionKey) {
+    const decrypted = decryptSecretPayload(secretPayload, sessionKey);
+    for (const [key, value] of Object.entries(decrypted)) {
+      const entry = graph.entries.get(key);
+      if (entry) {
+        entry.value = value;
+      }
+    }
+  }
+  return graph;
+}
+function graphRequiresSecretHydration(graph) {
+  return Array.from(graph.entries.values()).some((entry) => entry.namespace === "secret" && isSecretReference(entry.value));
 }
 
 // src/runtime/index.ts
@@ -2206,14 +3033,14 @@ function attachBootstrappedGraph(graph) {
     readOr(key, fallback) {
       return readOrValue(graph, key, fallback);
     },
-    value(path10) {
-      return readValue(graph, toLogicalKey("value", path10));
+    value(path12) {
+      return readValue(graph, toLogicalKey("value", path12));
     },
-    secret(path10) {
-      return readValue(graph, toLogicalKey("secret", path10));
+    secret(path12) {
+      return readValue(graph, toLogicalKey("secret", path12));
     },
-    meta(path10) {
-      return readValue(graph, toLogicalKey("meta", path10));
+    meta(path12) {
+      return readValue(graph, toLogicalKey("meta", path12));
     },
     inspect(key) {
       return inspectValue(graph, key);
@@ -2232,6 +3059,7 @@ function attachBootstrappedGraph(graph) {
     }
   };
   setSingletonRuntime(runtime);
+  setBootstrappedSecretHydrationRequired(graphRequiresSecretHydration(graph));
 }
 function bootstrapFromProcessEnv() {
   if (typeof process === "undefined") {
@@ -2258,21 +3086,21 @@ var cnos = Object.assign(
     readOr(key, fallback) {
       return readOrValue(getRuntimeOrThrow().graph, key, fallback);
     },
-    value(path10) {
-      return readValue(getRuntimeOrThrow().graph, toLogicalKey("value", path10));
+    value(path12) {
+      return readValue(getRuntimeOrThrow().graph, toLogicalKey("value", path12));
     },
-    secret(path10) {
-      return readValue(getRuntimeOrThrow().graph, toLogicalKey("secret", path10));
+    secret(path12) {
+      return readValue(getRuntimeOrThrow().graph, toLogicalKey("secret", path12));
     },
-    meta(path10) {
-      return readValue(getRuntimeOrThrow().graph, toLogicalKey("meta", path10));
+    meta(path12) {
+      return readValue(getRuntimeOrThrow().graph, toLogicalKey("meta", path12));
     },
     async ready() {
-      if (getSingletonRuntime()) {
+      if (getSingletonRuntime() && !getBootstrappedSecretHydrationRequired()) {
         return;
       }
       const existing = getSingletonReady();
-      if (existing) {
+      if (existing && !getBootstrappedSecretHydrationRequired()) {
         await existing;
         return;
       }