envpkt 0.1.0 → 0.2.0

package/README.md

@@ -18,7 +18,7 @@ Secrets managers store values. envpkt stores _metadata about_ those values — w
 - Automate rotation workflows
 - Share secret metadata across agents via a central catalog
 
-envpkt never touches secret values. It works alongside your existing secrets manager (Vault, fnox, CI variables, etc.).
+envpkt works alongside your existing secrets manager (Vault, fnox, CI variables, etc.). Optionally, you can embed age-encrypted secret values directly in the TOML via **sealed packets** — making configs fully self-contained and safe to commit to git.
 
 ## Quick Start
 
@@ -154,6 +154,47 @@ This produces a self-contained config with catalog metadata merged in and agent
 - Omitted fields keep the catalog value
 - `agent.secrets` is the source of truth for which keys the agent needs
 
+## Sealed Packets
+
+Sealed packets embed age-encrypted secret values directly in `envpkt.toml`. This makes your config fully self-contained — no external secrets backend needed at runtime.
+
+### Setup
+
+```bash
+# Generate an age keypair
+age-keygen -o identity.txt
+# public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p
+```
+
+Add the public key to your config and the identity file to `.gitignore`:
+
+```toml
+[agent]
+name = "my-agent"
+recipient = "age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p"
+identity = "identity.txt"
+```
+
+### Seal
+
+```bash
+envpkt seal
+```
+
+Each secret gets an `encrypted_value` field with age-armored ciphertext. The TOML (including ciphertext) is safe to commit.
+
+### Boot
+
+At runtime, sealed values are automatically decrypted:
+
+```typescript
+import { boot } from "envpkt"
+
+const result = boot() // decrypts sealed values, injects into process.env
+```
+
+Mixed mode is supported — sealed values take priority, with fnox as fallback for keys without `encrypted_value`.
+
 ## CLI Commands
 
 ### `envpkt init`
@@ -234,6 +275,26 @@ envpkt exec --strict -- ./deploy.sh   # Abort if audit is not healthy
 envpkt exec --profile staging -- ...  # Use a specific fnox profile
 ```
 
+### `envpkt seal`
+
+Encrypt secret values into `envpkt.toml` using [age](https://age-encryption.org/). Sealed values are safe to commit to git — only the holder of the private key can decrypt them.
+
+```bash
+envpkt seal                            # Seal all secrets in envpkt.toml
+envpkt seal -c path/to/envpkt.toml     # Specify config path
+envpkt seal --profile staging          # Use a specific fnox profile for value resolution
+```
+
+Requires `agent.recipient` (age public key) in your config. Values are resolved via cascade:
+
+1. **fnox** (if available)
+2. **Environment variables** (e.g. `OPENAI_API_KEY` in your shell)
+3. **Interactive prompt** (asks you to paste each value)
+
+After sealing, each secret gets an `encrypted_value` field. At boot time, `envpkt exec` or `boot()` automatically decrypts sealed values using the `agent.identity` file.
+
+See [`examples/sealed-agent.toml`](./examples/sealed-agent.toml) for a complete example.
+
 ### `envpkt env scan`
 
 Auto-discover credentials from your shell environment. Matches env vars against ~45 known services (exact name), ~13 generic suffix patterns (`*_API_KEY`, `*_SECRET`, `*_TOKEN`, etc.), and ~29 value shape patterns (`sk-*`, `ghp_*`, `AKIA*`, `postgres://`, etc.).
@@ -328,12 +389,13 @@ The schema is published at:
 
 Each `[meta.<KEY>]` section describes a secret:
 
-| Tier            | Fields                                          | Description                               |
-| --------------- | ----------------------------------------------- | ----------------------------------------- |
-| **Scan-first**  | `service`, `expires`, `rotation_url`            | Key health indicators for audit           |
-| **Context**     | `purpose`, `capabilities`, `created`            | Why this secret exists and what it grants |
-| **Operational** | `rotates`, `rate_limit`, `model_hint`, `source` | Runtime and provisioning info             |
-| **Enforcement** | `required`, `tags`                              | Filtering, grouping, and policy           |
+| Tier            | Fields                                          | Description                                 |
+| --------------- | ----------------------------------------------- | ------------------------------------------- |
+| **Scan-first**  | `service`, `expires`, `rotation_url`            | Key health indicators for audit             |
+| **Context**     | `purpose`, `capabilities`, `created`            | Why this secret exists and what it grants   |
+| **Operational** | `rotates`, `rate_limit`, `model_hint`, `source` | Runtime and provisioning info               |
+| **Sealed**      | `encrypted_value`                               | Age-encrypted secret value (safe to commit) |
+| **Enforcement** | `required`, `tags`                              | Filtering, grouping, and policy             |
 
 ### Agent Identity
 
@@ -460,6 +522,32 @@ matchEnvVar("OPENAI_API_KEY", "sk-test123").fold(
 )
 ```
 
+### Seal API
+
+```typescript
+import { ageEncrypt, ageDecrypt, sealSecrets, unsealSecrets } from "envpkt"
+
+// Encrypt a single value
+const encrypted = ageEncrypt("sk-my-api-key", "age1ql3z7hjy...")
+encrypted.fold(
+  (err) => console.error("Encrypt failed:", err.message),
+  (ciphertext) => console.log(ciphertext), // -----BEGIN AGE ENCRYPTED FILE-----
+)
+
+// Decrypt a single value
+const decrypted = ageDecrypt(ciphertext, "/path/to/identity.txt")
+
+// Seal all secrets in a config's meta
+const sealed = sealSecrets(config.meta, { OPENAI_API_KEY: "sk-..." }, recipientPublicKey)
+
+// Unseal all encrypted_value entries
+const values = unsealSecrets(config.meta, "/path/to/identity.txt")
+values.fold(
+  (err) => console.error("Unseal failed:", err.message),
+  (secrets) => console.log(secrets), // { OPENAI_API_KEY: "sk-..." }
+)
+```
+
 ### Catalog Resolution API
 
 ```typescript

package/dist/cli.js

@@ -10,6 +10,7 @@ import { execFileSync } from "node:child_process";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { CallToolRequestSchema, ListResourcesRequestSchema, ListToolsRequestSchema, ReadResourceRequestSchema } from "@modelcontextprotocol/sdk/types.js";
+import { createInterface } from "node:readline";
 
 //#region src/core/audit.ts
 const MS_PER_DAY = 864e5;
@@ -31,7 +32,8 @@ const classifySecret = (key, meta, fnoxKeys, staleWarningDays, requireExpiration
 	const isExpired = daysRemaining.fold(() => false, (d) => d < 0);
 	const isExpiringSoon = daysRemaining.fold(() => false, (d) => d >= 0 && d <= WARN_BEFORE_DAYS);
 	const isStale = daysSinceCreated.fold(() => false, (d) => d > staleWarningDays);
-	const isMissing = fnoxKeys.size > 0 && !fnoxKeys.has(key);
+	const hasSealed = !!meta?.encrypted_value;
+	const isMissing = fnoxKeys.size > 0 && !fnoxKeys.has(key) && !hasSealed;
 	const isMissingMetadata = requireExpiration && expires.isNone() || requireService && service.isNone();
 	if (isExpired) issues.push("Secret has expired");
 	if (isExpiringSoon) issues.push(`Expires in ${daysRemaining.fold(() => "?", (d) => String(d))} days`);
@@ -131,6 +133,7 @@ const SecretMetaSchema = Type.Object({
 	rate_limit: Type.Optional(Type.String({ description: "Rate limit or quota info (e.g. '1000/min')" })),
 	model_hint: Type.Optional(Type.String({ description: "Suggested model or tier for this credential" })),
 	source: Type.Optional(Type.String({ description: "Where the secret value originates (e.g. 'vault', 'ci')" })),
+	encrypted_value: Type.Optional(Type.String({ description: "Age-encrypted secret value (armored ciphertext, safe to commit)" })),
 	required: Type.Optional(Type.Boolean({ description: "Whether this secret is required for operation" })),
 	tags: Type.Optional(Type.Record(Type.String(), Type.String(), { description: "Key-value tags for grouping and filtering" }))
 }, { description: "Metadata about a single secret" });
@@ -1791,7 +1794,8 @@ const printConfig = (config, path, resolveResult, opts) => {
 	for (const [key, meta] of Object.entries(config.meta)) {
 		const secretValue = opts?.secrets?.[key];
 		const valueSuffix = secretValue !== void 0 ? ` = ${YELLOW}${(opts?.secretDisplay ?? "encrypted") === "plaintext" ? secretValue : maskValue(secretValue)}${RESET}` : "";
-		console.log(`  ${BOLD}${key}${RESET} → ${meta.service ?? key}${valueSuffix}`);
+		const sealedTag = meta.encrypted_value ? ` ${CYAN}[sealed]${RESET}` : "";
+		console.log(`  ${BOLD}${key}${RESET} → ${meta.service ?? key}${sealedTag}${valueSuffix}`);
 		printSecretMeta(meta, "    ");
 	}
 	if (config.lifecycle) {
@@ -2171,6 +2175,245 @@ const runResolve = (options) => {
 	});
 };
 
+//#endregion
+//#region src/fnox/cli.ts
+/** Export all secrets from fnox as key=value pairs for a given profile */
+const fnoxExport = (profile, agentKey) => {
+	const args = profile ? [
+		"export",
+		"--profile",
+		profile
+	] : ["export"];
+	const env = agentKey ? {
+		...process.env,
+		FNOX_AGE_KEY: agentKey
+	} : void 0;
+	return Try(() => execFileSync("fnox", args, {
+		stdio: "pipe",
+		encoding: "utf-8",
+		env
+	})).fold((err) => Left({
+		_tag: "FnoxCliError",
+		message: `fnox export failed: ${err}`
+	}), (output) => {
+		const entries = {};
+		for (const line of output.split("\n")) {
+			const eq = line.indexOf("=");
+			if (eq > 0) {
+				const key = line.slice(0, eq).trim();
+				entries[key] = line.slice(eq + 1).trim();
+			}
+		}
+		return Right(entries);
+	});
+};
+
+//#endregion
+//#region src/core/resolve-values.ts
+/** Resolve plaintext values for the given keys via cascade: fnox → env → interactive prompt */
+const resolveValues = async (keys, profile, agentKey) => {
+	const result = {};
+	const remaining = new Set(keys);
+	if (fnoxAvailable()) fnoxExport(profile, agentKey).fold(() => {}, (exported) => {
+		for (const key of [...remaining]) if (key in exported) {
+			result[key] = exported[key];
+			remaining.delete(key);
+		}
+	});
+	for (const key of [...remaining]) {
+		const envValue = process.env[key];
+		if (envValue !== void 0 && envValue !== "") {
+			result[key] = envValue;
+			remaining.delete(key);
+		}
+	}
+	if (remaining.size > 0 && process.stdin.isTTY) {
+		const rl = createInterface({
+			input: process.stdin,
+			output: process.stderr
+		});
+		const prompt = (question) => new Promise((resolve) => {
+			rl.question(question, (answer) => resolve(answer));
+		});
+		for (const key of remaining) {
+			const value = await prompt(`Enter value for ${key}: `);
+			if (value !== "") result[key] = value;
+		}
+		rl.close();
+	}
+	return result;
+};
+
+//#endregion
+//#region src/core/seal.ts
+/** Encrypt a plaintext string using age with the given recipient public key (armored output) */
+const ageEncrypt = (plaintext, recipient) => {
+	if (!ageAvailable()) return Left({
+		_tag: "AgeNotFound",
+		message: "age CLI not found on PATH"
+	});
+	return Try(() => execFileSync("age", [
+		"--encrypt",
+		"--recipient",
+		recipient,
+		"--armor"
+	], {
+		input: plaintext,
+		stdio: [
+			"pipe",
+			"pipe",
+			"pipe"
+		],
+		encoding: "utf-8"
+	})).fold((err) => Left({
+		_tag: "EncryptFailed",
+		key: "",
+		message: `age encrypt failed: ${err}`
+	}), (output) => Right(output.trim()));
+};
+/** Seal multiple secrets: encrypt each value with the recipient key and set encrypted_value on meta */
+const sealSecrets = (meta, values, recipient) => {
+	if (!ageAvailable()) return Left({
+		_tag: "AgeNotFound",
+		message: "age CLI not found on PATH"
+	});
+	const result = {};
+	for (const [key, secretMeta] of Object.entries(meta)) {
+		const plaintext = values[key];
+		if (plaintext === void 0) {
+			result[key] = secretMeta;
+			continue;
+		}
+		const outcome = ageEncrypt(plaintext, recipient).fold((err) => Left({
+			_tag: "EncryptFailed",
+			key,
+			message: err.message
+		}), (ciphertext) => Right(ciphertext));
+		const failed = outcome.fold((err) => err, () => void 0);
+		if (failed) return Left(failed);
+		const ciphertext = outcome.fold(() => "", (v) => v);
+		result[key] = {
+			...secretMeta,
+			encrypted_value: ciphertext
+		};
+	}
+	return Right(result);
+};
+
+//#endregion
+//#region src/cli/commands/seal.ts
+/** Write sealed values back into the TOML file, preserving structure */
+const writeSealedToml = (configPath, sealedMeta) => {
+	const lines = readFileSync(configPath, "utf-8").split("\n");
+	const output = [];
+	let currentMetaKey;
+	let insideMetaBlock = false;
+	let hasEncryptedValue = false;
+	const pendingSeals = /* @__PURE__ */ new Map();
+	for (const [key, meta] of Object.entries(sealedMeta)) if (meta.encrypted_value) pendingSeals.set(key, meta.encrypted_value);
+	const metaSectionRe = /^\[meta\.(.+)\]\s*$/;
+	const encryptedValueRe = /^encrypted_value\s*=/;
+	const newSectionRe = /^\[/;
+	for (let i = 0; i < lines.length; i++) {
+		const line = lines[i];
+		const metaMatch = metaSectionRe.exec(line);
+		if (metaMatch) {
+			if (currentMetaKey && !hasEncryptedValue && pendingSeals.has(currentMetaKey)) {
+				output.push(`encrypted_value = """`);
+				output.push(pendingSeals.get(currentMetaKey));
+				output.push(`"""`);
+				pendingSeals.delete(currentMetaKey);
+			}
+			currentMetaKey = metaMatch[1];
+			insideMetaBlock = true;
+			hasEncryptedValue = false;
+			output.push(line);
+			continue;
+		}
+		if (insideMetaBlock && newSectionRe.test(line) && !metaSectionRe.test(line)) {
+			if (currentMetaKey && !hasEncryptedValue && pendingSeals.has(currentMetaKey)) {
+				output.push(`encrypted_value = """`);
+				output.push(pendingSeals.get(currentMetaKey));
+				output.push(`"""`);
+				pendingSeals.delete(currentMetaKey);
+			}
+			insideMetaBlock = false;
+			currentMetaKey = void 0;
+			output.push(line);
+			continue;
+		}
+		if (insideMetaBlock && encryptedValueRe.test(line)) {
+			hasEncryptedValue = true;
+			if (currentMetaKey && pendingSeals.has(currentMetaKey)) {
+				output.push(`encrypted_value = """`);
+				output.push(pendingSeals.get(currentMetaKey));
+				output.push(`"""`);
+				pendingSeals.delete(currentMetaKey);
+				if (line.includes("\"\"\"") && !line.endsWith("\"\"\"")) {
+					const afterEquals = line.slice(line.indexOf("=") + 1).trim();
+					if (afterEquals.startsWith("\"\"\"") && !afterEquals.slice(3).includes("\"\"\"")) {
+						while (i + 1 < lines.length && !lines[i + 1].includes("\"\"\"")) i++;
+						if (i + 1 < lines.length) i++;
+					}
+				}
+			} else output.push(line);
+			continue;
+		}
+		output.push(line);
+	}
+	if (currentMetaKey && !hasEncryptedValue && pendingSeals.has(currentMetaKey)) {
+		output.push(`encrypted_value = """`);
+		output.push(pendingSeals.get(currentMetaKey));
+		output.push(`"""`);
+		pendingSeals.delete(currentMetaKey);
+	}
+	writeFileSync(configPath, output.join("\n"));
+};
+const runSeal = async (options) => {
+	const configPath = resolveConfigPath(options.config).fold((err) => {
+		console.error(formatError(err));
+		process.exit(2);
+		return "";
+	}, (p) => p);
+	const config = loadConfig(configPath).fold((err) => {
+		console.error(formatError(err));
+		process.exit(2);
+	}, (c) => c);
+	if (!config.agent?.recipient) {
+		console.error(`${RED}Error:${RESET} agent.recipient is required for sealing (age public key)`);
+		console.error(`${DIM}Add [agent] section with recipient = "age1..." to your envpkt.toml${RESET}`);
+		process.exit(2);
+	}
+	const recipient = config.agent.recipient;
+	const configDir = dirname(configPath);
+	let agentKey;
+	if (config.agent.identity) agentKey = unwrapAgentKey(resolve(configDir, config.agent.identity)).fold((err) => {
+		const msg = err._tag === "IdentityNotFound" ? `not found: ${err.path}` : err.message;
+		console.error(`${YELLOW}Warning:${RESET} Could not unwrap agent key: ${msg}`);
+	}, (k) => k);
+	const metaKeys = Object.keys(config.meta);
+	console.log(`${BOLD}Sealing ${metaKeys.length} secret(s)${RESET} with recipient ${CYAN}${recipient.slice(0, 20)}...${RESET}`);
+	console.log("");
+	const values = await resolveValues(metaKeys, options.profile, agentKey);
+	const resolved = Object.keys(values).length;
+	const skipped = metaKeys.length - resolved;
+	if (resolved === 0) {
+		console.error(`${RED}Error:${RESET} No values resolved for any secret key`);
+		process.exit(2);
+	}
+	if (skipped > 0) {
+		const skippedKeys = metaKeys.filter((k) => !(k in values));
+		console.log(`${YELLOW}Skipped${RESET} ${skipped} key(s) with no value: ${skippedKeys.join(", ")}`);
+	}
+	sealSecrets(config.meta, values, recipient).fold((err) => {
+		console.error(`${RED}Error:${RESET} Seal failed: ${err.message}`);
+		process.exit(2);
+	}, (sealedMeta) => {
+		writeSealedToml(configPath, sealedMeta);
+		console.log(`${GREEN}Sealed${RESET} ${resolved} secret(s) into ${DIM}${configPath}${RESET}`);
+	});
+};
+
 //#endregion
 //#region src/cli/commands/shell-hook.ts
 const ZSH_HOOK = `# envpkt shell hook — add to your .zshrc
@@ -2235,6 +2478,9 @@ program.command("exec").description("Run pre-flight audit then execute a command
 program.command("resolve").description("Resolve catalog references and output a flat, self-contained config").option("-c, --config <path>", "Path to envpkt.toml").option("-o, --output <path>", "Write resolved config to file (default: stdout)").option("--format <format>", "Output format: toml | json", "toml").option("--dry-run", "Show what would be resolved without writing").action((options) => {
 	runResolve(options);
 });
+program.command("seal").description("Encrypt secret values into envpkt.toml using age (sealed packets)").option("-c, --config <path>", "Path to envpkt.toml").option("--profile <profile>", "fnox profile to use for value resolution").action(async (options) => {
+	await runSeal(options);
+});
 program.command("mcp").description("Start the envpkt MCP server (stdio transport)").option("-c, --config <path>", "Path to envpkt.toml").action((options) => {
 	runMcp(options);
 });

package/dist/index.d.ts

@@ -30,6 +30,7 @@ declare const SecretMetaSchema: _sinclair_typebox0.TObject<{
   rate_limit: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
   model_hint: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
   source: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+  encrypted_value: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
   required: _sinclair_typebox0.TOptional<_sinclair_typebox0.TBoolean>;
   tags: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TString>>;
 }>;
@@ -73,6 +74,7 @@ declare const EnvpktConfigSchema: _sinclair_typebox0.TObject<{
     rate_limit: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
     model_hint: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
     source: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
+    encrypted_value: _sinclair_typebox0.TOptional<_sinclair_typebox0.TString>;
     required: _sinclair_typebox0.TOptional<_sinclair_typebox0.TBoolean>;
     tags: _sinclair_typebox0.TOptional<_sinclair_typebox0.TRecord<_sinclair_typebox0.TString, _sinclair_typebox0.TString>>;
   }>>;
@@ -216,6 +218,21 @@ type IdentityError = {
   readonly _tag: "IdentityNotFound";
   readonly path: string;
 };
+type SealError = {
+  readonly _tag: "AgeNotFound";
+  readonly message: string;
+} | {
+  readonly _tag: "EncryptFailed";
+  readonly key: string;
+  readonly message: string;
+} | {
+  readonly _tag: "DecryptFailed";
+  readonly key: string;
+  readonly message: string;
+} | {
+  readonly _tag: "NoRecipient";
+  readonly message: string;
+};
 //#endregion
 //#region src/core/config.d.ts
 /** Find envpkt.toml in the given directory */
@@ -332,6 +349,20 @@ declare class EnvpktBootError extends Error {
   constructor(error: BootError);
 }
 //#endregion
+//#region src/core/seal.d.ts
+/** Encrypt a plaintext string using age with the given recipient public key (armored output) */
+declare const ageEncrypt: (plaintext: string, recipient: string) => Either<SealError, string>;
+/** Decrypt an age-armored ciphertext using the given identity file */
+declare const ageDecrypt: (ciphertext: string, identityPath: string) => Either<SealError, string>;
+/** Seal multiple secrets: encrypt each value with the recipient key and set encrypted_value on meta */
+declare const sealSecrets: (meta: Readonly<Record<string, SecretMeta>>, values: Readonly<Record<string, string>>, recipient: string) => Either<SealError, Record<string, SecretMeta>>;
+/** Unseal secrets: decrypt encrypted_value for each meta entry that has one */
+declare const unsealSecrets: (meta: Readonly<Record<string, SecretMeta>>, identityPath: string) => Either<SealError, Record<string, string>>;
+//#endregion
+//#region src/core/resolve-values.d.ts
+/** Resolve plaintext values for the given keys via cascade: fnox → env → interactive prompt */
+declare const resolveValues: (keys: ReadonlyArray<string>, profile?: string, agentKey?: string) => Promise<Record<string, string>>;
+//#endregion
 //#region src/core/fleet.d.ts
 declare const scanFleet: (rootDir: string, options?: {
   maxDepth?: number;
@@ -389,4 +420,4 @@ type ToolDef = {
 declare const toolDefinitions: readonly ToolDef[];
 declare const callTool: (name: string, args: Record<string, unknown>) => CallToolResult;
 //#endregion
-export { type AgentIdentity, AgentIdentitySchema, type AuditResult, type BootError, type BootOptions, type BootResult, type CallbackConfig, CallbackConfigSchema, type CatalogError, type CheckResult, type ConfidenceLevel, type ConfigError, type ConsumerType, type CredentialPattern, type DriftEntry, type DriftStatus, EnvpktBootError, type EnvpktConfig, EnvpktConfigSchema, type FleetAgent, type FleetHealth, type FnoxConfig, type FnoxError, type FnoxSecret, type FormatPacketOptions, type HealthStatus, type IdentityError, type LifecycleConfig, LifecycleConfigSchema, type MatchResult, type ResolveOptions, type ResolveResult, type ScanOptions, type ScanResult, type SecretDisplay, type SecretHealth, type SecretMeta, SecretMetaSchema, type SecretStatus, type ToolsConfig, ToolsConfigSchema, ageAvailable, boot, bootSafe, callTool, compareFnoxAndEnvpkt, computeAudit, createServer, deriveServiceFromName, detectFnox, envCheck, envScan, extractFnoxKeys, findConfigPath, fnoxAvailable, fnoxExport, fnoxGet, formatPacket, generateTomlFromScan, loadCatalog, loadConfig, loadConfigFromCwd, maskValue, matchEnvVar, matchValueShape, parseToml, readConfigFile, readFnoxConfig, readResource, resolveConfig, resolveConfigPath, resolveSecrets, resourceDefinitions, scanEnv, scanFleet, startServer, toolDefinitions, unwrapAgentKey, validateConfig };
+export { type AgentIdentity, AgentIdentitySchema, type AuditResult, type BootError, type BootOptions, type BootResult, type CallbackConfig, CallbackConfigSchema, type CatalogError, type CheckResult, type ConfidenceLevel, type ConfigError, type ConsumerType, type CredentialPattern, type DriftEntry, type DriftStatus, EnvpktBootError, type EnvpktConfig, EnvpktConfigSchema, type FleetAgent, type FleetHealth, type FnoxConfig, type FnoxError, type FnoxSecret, type FormatPacketOptions, type HealthStatus, type IdentityError, type LifecycleConfig, LifecycleConfigSchema, type MatchResult, type ResolveOptions, type ResolveResult, type ScanOptions, type ScanResult, type SealError, type SecretDisplay, type SecretHealth, type SecretMeta, SecretMetaSchema, type SecretStatus, type ToolsConfig, ToolsConfigSchema, ageAvailable, ageDecrypt, ageEncrypt, boot, bootSafe, callTool, compareFnoxAndEnvpkt, computeAudit, createServer, deriveServiceFromName, detectFnox, envCheck, envScan, extractFnoxKeys, findConfigPath, fnoxAvailable, fnoxExport, fnoxGet, formatPacket, generateTomlFromScan, loadCatalog, loadConfig, loadConfigFromCwd, maskValue, matchEnvVar, matchValueShape, parseToml, readConfigFile, readFnoxConfig, readResource, resolveConfig, resolveConfigPath, resolveSecrets, resolveValues, resourceDefinitions, scanEnv, scanFleet, sealSecrets, startServer, toolDefinitions, unsealSecrets, unwrapAgentKey, validateConfig };

package/dist/index.js

@@ -5,6 +5,7 @@ import { TypeCompiler } from "@sinclair/typebox/compiler";
 import { Cond, Left, List, Option, Right, Try } from "functype";
 import { TomlDate, parse } from "smol-toml";
 import { execFileSync } from "node:child_process";
+import { createInterface } from "node:readline";
 import { Server } from "@modelcontextprotocol/sdk/server/index.js";
 import { StdioServerTransport } from "@modelcontextprotocol/sdk/server/stdio.js";
 import { CallToolRequestSchema, ListResourcesRequestSchema, ListToolsRequestSchema, ReadResourceRequestSchema } from "@modelcontextprotocol/sdk/types.js";
@@ -54,6 +55,7 @@ const SecretMetaSchema = Type.Object({
 	rate_limit: Type.Optional(Type.String({ description: "Rate limit or quota info (e.g. '1000/min')" })),
 	model_hint: Type.Optional(Type.String({ description: "Suggested model or tier for this credential" })),
 	source: Type.Optional(Type.String({ description: "Where the secret value originates (e.g. 'vault', 'ci')" })),
+	encrypted_value: Type.Optional(Type.String({ description: "Age-encrypted secret value (armored ciphertext, safe to commit)" })),
 	required: Type.Optional(Type.Boolean({ description: "Whether this secret is required for operation" })),
 	tags: Type.Optional(Type.Record(Type.String(), Type.String(), { description: "Key-value tags for grouping and filtering" }))
 }, { description: "Metadata about a single secret" });
@@ -311,8 +313,9 @@ const formatPacket = (result, options) => {
 	const secretHeader = `secrets: ${metaEntries.length}`;
 	const secretLines = metaEntries.map(([key, meta]) => {
 		const service = meta.service ?? key;
+		const sealedTag = meta.encrypted_value ? " [sealed]" : "";
 		const secretValue = options?.secrets?.[key];
-		const header = `  ${key} → ${service}${secretValue !== void 0 ? ` = ${(options?.secretDisplay ?? "encrypted") === "plaintext" ? secretValue : maskValue(secretValue)}` : ""}`;
+		const header = `  ${key} → ${service}${sealedTag}${secretValue !== void 0 ? ` = ${(options?.secretDisplay ?? "encrypted") === "plaintext" ? secretValue : maskValue(secretValue)}` : ""}`;
 		const fields = formatSecretFields(meta, "    ");
 		return fields ? `${header}\n${fields}` : header;
 	});
@@ -356,7 +359,8 @@ const classifySecret = (key, meta, fnoxKeys, staleWarningDays, requireExpiration
 	const isExpired = daysRemaining.fold(() => false, (d) => d < 0);
 	const isExpiringSoon = daysRemaining.fold(() => false, (d) => d >= 0 && d <= WARN_BEFORE_DAYS);
 	const isStale = daysSinceCreated.fold(() => false, (d) => d > staleWarningDays);
-	const isMissing = fnoxKeys.size > 0 && !fnoxKeys.has(key);
+	const hasSealed = !!meta?.encrypted_value;
+	const isMissing = fnoxKeys.size > 0 && !fnoxKeys.has(key) && !hasSealed;
 	const isMissingMetadata = requireExpiration && expires.isNone() || requireService && service.isNone();
 	if (isExpired) issues.push("Secret has expired");
 	if (isExpiringSoon) issues.push(`Expires in ${daysRemaining.fold(() => "?", (d) => String(d))} days`);
@@ -1304,6 +1308,106 @@ const readFnoxConfig = (path) => Try(() => readFileSync(path, "utf-8")).fold((er
 /** Extract the set of secret key names from a parsed fnox config */
 const extractFnoxKeys = (config) => new Set(Object.keys(config.secrets));
 
+//#endregion
+//#region src/core/seal.ts
+/** Encrypt a plaintext string using age with the given recipient public key (armored output) */
+const ageEncrypt = (plaintext, recipient) => {
+	if (!ageAvailable()) return Left({
+		_tag: "AgeNotFound",
+		message: "age CLI not found on PATH"
+	});
+	return Try(() => execFileSync("age", [
+		"--encrypt",
+		"--recipient",
+		recipient,
+		"--armor"
+	], {
+		input: plaintext,
+		stdio: [
+			"pipe",
+			"pipe",
+			"pipe"
+		],
+		encoding: "utf-8"
+	})).fold((err) => Left({
+		_tag: "EncryptFailed",
+		key: "",
+		message: `age encrypt failed: ${err}`
+	}), (output) => Right(output.trim()));
+};
+/** Decrypt an age-armored ciphertext using the given identity file */
+const ageDecrypt = (ciphertext, identityPath) => {
+	if (!ageAvailable()) return Left({
+		_tag: "AgeNotFound",
+		message: "age CLI not found on PATH"
+	});
+	return Try(() => execFileSync("age", [
+		"--decrypt",
+		"--identity",
+		identityPath
+	], {
+		input: ciphertext,
+		stdio: [
+			"pipe",
+			"pipe",
+			"pipe"
+		],
+		encoding: "utf-8"
+	})).fold((err) => Left({
+		_tag: "DecryptFailed",
+		key: "",
+		message: `age decrypt failed: ${err}`
+	}), (output) => Right(output.trim()));
+};
+/** Seal multiple secrets: encrypt each value with the recipient key and set encrypted_value on meta */
+const sealSecrets = (meta, values, recipient) => {
+	if (!ageAvailable()) return Left({
+		_tag: "AgeNotFound",
+		message: "age CLI not found on PATH"
+	});
+	const result = {};
+	for (const [key, secretMeta] of Object.entries(meta)) {
+		const plaintext = values[key];
+		if (plaintext === void 0) {
+			result[key] = secretMeta;
+			continue;
+		}
+		const outcome = ageEncrypt(plaintext, recipient).fold((err) => Left({
+			_tag: "EncryptFailed",
+			key,
+			message: err.message
+		}), (ciphertext) => Right(ciphertext));
+		const failed = outcome.fold((err) => err, () => void 0);
+		if (failed) return Left(failed);
+		const ciphertext = outcome.fold(() => "", (v) => v);
+		result[key] = {
+			...secretMeta,
+			encrypted_value: ciphertext
+		};
+	}
+	return Right(result);
+};
+/** Unseal secrets: decrypt encrypted_value for each meta entry that has one */
+const unsealSecrets = (meta, identityPath) => {
+	if (!ageAvailable()) return Left({
+		_tag: "AgeNotFound",
+		message: "age CLI not found on PATH"
+	});
+	const result = {};
+	for (const [key, secretMeta] of Object.entries(meta)) {
+		if (!secretMeta.encrypted_value) continue;
+		const outcome = ageDecrypt(secretMeta.encrypted_value, identityPath).fold((err) => Left({
+			_tag: "DecryptFailed",
+			key,
+			message: err.message
+		}), (plaintext) => Right(plaintext));
+		const failed = outcome.fold((err) => err, () => void 0);
+		if (failed) return Left(failed);
+		result[key] = outcome.fold(() => "", (v) => v);
+	}
+	return Right(result);
+};
+
 //#endregion
 //#region src/core/boot.ts
 const resolveAndLoad = (opts) => resolveConfigPath(opts.configPath).fold((err) => Left(err), (configPath) => loadConfig(configPath).fold((err) => Left(err), (config) => {
@@ -1335,25 +1439,44 @@ const bootSafe = (options) => {
 	const inject = opts.inject !== false;
 	const failOnExpired = opts.failOnExpired !== false;
 	const warnOnly = opts.warnOnly ?? false;
-	return resolveAndLoad(opts).flatMap(({ config, configDir }) => resolveAgentKey(config, configDir).flatMap((agentKey) => {
+	return resolveAndLoad(opts).flatMap(({ config, configDir }) => {
+		const metaKeys = Object.keys(config.meta);
+		const hasSealedValues = metaKeys.some((k) => !!config.meta[k]?.encrypted_value);
+		const agentKeyResult = resolveAgentKey(config, configDir);
+		const agentKey = agentKeyResult.fold(() => void 0, (k) => k);
+		const agentKeyError = agentKeyResult.fold((err) => err, () => void 0);
+		if (agentKeyError && !hasSealedValues) return Left(agentKeyError);
 		const audit = computeAudit(config, detectFnoxKeys(configDir));
 		return checkExpiration(audit, failOnExpired, warnOnly).map((warnings) => {
 			const secrets = {};
 			const injected = [];
 			const skipped = [];
-			const metaKeys = Object.keys(config.meta);
-			if (fnoxAvailable()) fnoxExport(opts.profile, agentKey).fold((err) => {
+			const sealedKeys = /* @__PURE__ */ new Set();
+			if (hasSealedValues && config.agent?.identity) {
+				const identityPath = resolve(configDir, config.agent.identity);
+				unsealSecrets(config.meta, identityPath).fold((err) => {
+					warnings.push(`Sealed value decryption failed: ${err.message}`);
+				}, (unsealed) => {
+					for (const [key, value] of Object.entries(unsealed)) {
+						secrets[key] = value;
+						injected.push(key);
+						sealedKeys.add(key);
+					}
+				});
+			}
+			const remainingKeys = metaKeys.filter((k) => !sealedKeys.has(k));
+			if (remainingKeys.length > 0) if (fnoxAvailable()) fnoxExport(opts.profile, agentKey).fold((err) => {
 				warnings.push(`fnox export failed: ${err.message}`);
-				for (const key of metaKeys) skipped.push(key);
+				for (const key of remainingKeys) skipped.push(key);
 			}, (exported) => {
-				for (const key of metaKeys) if (key in exported) {
+				for (const key of remainingKeys) if (key in exported) {
 					secrets[key] = exported[key];
 					injected.push(key);
 				} else skipped.push(key);
 			});
 			else {
-				warnings.push("fnox not available — no secrets injected");
-				for (const key of metaKeys) skipped.push(key);
+				if (!hasSealedValues) warnings.push("fnox not available — no secrets injected");
+				for (const key of remainingKeys) skipped.push(key);
 			}
 			if (inject) for (const [key, value] of Object.entries(secrets)) process.env[key] = value;
 			return {
@@ -1364,7 +1487,7 @@ const bootSafe = (options) => {
 				warnings
 			};
 		});
-	}));
+	});
 };
 /** Programmatic boot — throws EnvpktBootError on failure */
 const boot = (options) => bootSafe(options).fold((err) => {
@@ -1400,6 +1523,42 @@ const formatBootError = (error) => {
 	}
 };
 
+//#endregion
+//#region src/core/resolve-values.ts
+/** Resolve plaintext values for the given keys via cascade: fnox → env → interactive prompt */
+const resolveValues = async (keys, profile, agentKey) => {
+	const result = {};
+	const remaining = new Set(keys);
+	if (fnoxAvailable()) fnoxExport(profile, agentKey).fold(() => {}, (exported) => {
+		for (const key of [...remaining]) if (key in exported) {
+			result[key] = exported[key];
+			remaining.delete(key);
+		}
+	});
+	for (const key of [...remaining]) {
+		const envValue = process.env[key];
+		if (envValue !== void 0 && envValue !== "") {
+			result[key] = envValue;
+			remaining.delete(key);
+		}
+	}
+	if (remaining.size > 0 && process.stdin.isTTY) {
+		const rl = createInterface({
+			input: process.stdin,
+			output: process.stderr
+		});
+		const prompt = (question) => new Promise((resolve) => {
+			rl.question(question, (answer) => resolve(answer));
+		});
+		for (const key of remaining) {
+			const value = await prompt(`Enter value for ${key}: `);
+			if (value !== "") result[key] = value;
+		}
+		rl.close();
+	}
+	return result;
+};
+
 //#endregion
 //#region src/core/fleet.ts
 const CONFIG_FILENAME = "envpkt.toml";
@@ -1766,4 +1925,4 @@ const startServer = async () => {
 };
 
 //#endregion
-export { AgentIdentitySchema, CallbackConfigSchema, ConsumerType, EnvpktBootError, EnvpktConfigSchema, LifecycleConfigSchema, SecretMetaSchema, ToolsConfigSchema, ageAvailable, boot, bootSafe, callTool, compareFnoxAndEnvpkt, computeAudit, createServer, deriveServiceFromName, detectFnox, envCheck, envScan, extractFnoxKeys, findConfigPath, fnoxAvailable, fnoxExport, fnoxGet, formatPacket, generateTomlFromScan, loadCatalog, loadConfig, loadConfigFromCwd, maskValue, matchEnvVar, matchValueShape, parseToml, readConfigFile, readFnoxConfig, readResource, resolveConfig, resolveConfigPath, resolveSecrets, resourceDefinitions, scanEnv, scanFleet, startServer, toolDefinitions, unwrapAgentKey, validateConfig };
+export { AgentIdentitySchema, CallbackConfigSchema, ConsumerType, EnvpktBootError, EnvpktConfigSchema, LifecycleConfigSchema, SecretMetaSchema, ToolsConfigSchema, ageAvailable, ageDecrypt, ageEncrypt, boot, bootSafe, callTool, compareFnoxAndEnvpkt, computeAudit, createServer, deriveServiceFromName, detectFnox, envCheck, envScan, extractFnoxKeys, findConfigPath, fnoxAvailable, fnoxExport, fnoxGet, formatPacket, generateTomlFromScan, loadCatalog, loadConfig, loadConfigFromCwd, maskValue, matchEnvVar, matchValueShape, parseToml, readConfigFile, readFnoxConfig, readResource, resolveConfig, resolveConfigPath, resolveSecrets, resolveValues, resourceDefinitions, scanEnv, scanFleet, sealSecrets, startServer, toolDefinitions, unsealSecrets, unwrapAgentKey, validateConfig };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "envpkt",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "Credential lifecycle and fleet management for AI agents",
   "keywords": [
     "credentials",
@@ -20,6 +20,24 @@
   "bin": {
     "envpkt": "dist/cli.js"
   },
+  "scripts": {
+    "validate": "ts-builds validate",
+    "format": "ts-builds format",
+    "format:check": "ts-builds format:check",
+    "lint": "ts-builds lint",
+    "lint:check": "ts-builds lint:check",
+    "typecheck": "ts-builds typecheck",
+    "test": "ts-builds test",
+    "test:watch": "ts-builds test:watch",
+    "test:coverage": "ts-builds test:coverage",
+    "build": "ts-builds build",
+    "build:schema": "tsx scripts/build-schema.ts",
+    "demo": "tsx scripts/generate-demo-html.ts",
+    "dev": "ts-builds dev",
+    "docs:dev": "pnpm --dir site dev",
+    "docs:build": "pnpm --dir site build",
+    "prepublishOnly": "pnpm validate"
+  },
   "dependencies": {
     "@modelcontextprotocol/sdk": "^1.27.1",
     "@sinclair/typebox": "^0.34.48",
@@ -28,7 +46,7 @@
     "smol-toml": "^1.6.0"
   },
   "devDependencies": {
-    "@types/node": "^24.10.15",
+    "@types/node": "^24.11.0",
     "ts-builds": "^2.5.0",
     "tsdown": "^0.20.3",
     "tsx": "^4.21.0"
@@ -51,21 +69,5 @@
     "schemas"
   ],
   "prettier": "ts-builds/prettier",
-  "scripts": {
-    "validate": "ts-builds validate",
-    "format": "ts-builds format",
-    "format:check": "ts-builds format:check",
-    "lint": "ts-builds lint",
-    "lint:check": "ts-builds lint:check",
-    "typecheck": "ts-builds typecheck",
-    "test": "ts-builds test",
-    "test:watch": "ts-builds test:watch",
-    "test:coverage": "ts-builds test:coverage",
-    "build": "ts-builds build",
-    "build:schema": "tsx scripts/build-schema.ts",
-    "demo": "tsx scripts/generate-demo-html.ts",
-    "dev": "ts-builds dev",
-    "docs:dev": "pnpm --dir site dev",
-    "docs:build": "pnpm --dir site build"
-  }
-}
+  "packageManager": "pnpm@10.30.3+sha512.c961d1e0a2d8e354ecaa5166b822516668b7f44cb5bd95122d590dd81922f606f5473b6d23ec4a5be05e7fcd18e8488d47d978bbe981872f1145d06e9a740017"
+}

package/schemas/envpkt.schema.json

@@ -144,6 +144,10 @@
               "description": "Where the secret value originates (e.g. 'vault', 'ci')",
               "type": "string"
             },
+            "encrypted_value": {
+              "description": "Age-encrypted secret value (armored ciphertext, safe to commit)",
+              "type": "string"
+            },
             "required": {
               "description": "Whether this secret is required for operation",
               "type": "boolean"