feat(cli): vault_get + deploy-time vault resolution

- Add vault_get wire message to fetch encrypted entries for client-side
  decryption
- Deploy handler resolves $vault: refs: fetches encrypted entries from
  broker, decrypts with mesh keypair locally, sends resolved env over TLS
- File-type vault entries encoded as __vault_file__:path:base64 for
  runner-side extraction

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

apps/cli/src/ws/client.ts

@@ -1261,6 +1261,15 @@ export class BrokerClient {
     });
   }
 
+  async vaultGet(keys: string[]): Promise<Array<{ key: string; ciphertext: string; nonce: string; sealed_key: string; entry_type: string; mount_path?: string }>> {
+    return new Promise(resolve => {
+      const reqId = `vget_${Date.now()}`;
+      const timer = setTimeout(() => { this.vaultListResolvers.delete(reqId); resolve([]); }, 10_000);
+      this.vaultListResolvers.set(reqId, { resolve, timer });
+      this.sendRaw({ type: "vault_get", keys, _reqId: reqId } as any);
+    });
+  }
+
   // --- MCP Deploy ---
 
   async mcpDeploy(serverName: string, source: any, config?: any, scope?: any): Promise<any> {
@@ -1921,6 +1930,15 @@ export class BrokerClient {
         r.resolve((msg as any).entries ?? []);
       }
     }
+    if (msg.type === "vault_get_result") {
+      const reqId = (msg as any)._reqId;
+      if (reqId && this.vaultListResolvers.has(reqId)) {
+        const r = this.vaultListResolvers.get(reqId)!;
+        clearTimeout(r.timer);
+        this.vaultListResolvers.delete(reqId);
+        r.resolve((msg as any).entries ?? []);
+      }
+    }
     if (msg.type === "mcp_deploy_status") {
       const reqId = (msg as any)._reqId;
       if (reqId && this.mcpDeployResolvers.has(reqId)) {