feat(credential-broker): add macos keychain credential broker

crates/nono-cli/src/app_runtime.rs

@@ -118,6 +118,9 @@ fn dispatch_command(
             run_command_with_update(update_handle, silent, || package_cmd::run_outdated(args))
         }
         Commands::OpenUrlHelper(args) => run_open_url_helper(args),
+        Commands::CredentialHelper(args) => {
+            crate::credential_broker::run_credential_helper(&args.args)
+        }
         Commands::PackUpdateHintHelper(args) => crate::pack_update_hint::run_refresh_helper(args),
         Commands::Completions(args) => run_completions(args),
     }

crates/nono-cli/src/cli.rs

@@ -658,6 +658,10 @@ IN-BAND DETACH:
     #[command(hide = true)]
     OpenUrlHelper(OpenUrlHelperArgs),
 
+    /// Internal: broker macOS Keychain requests via supervisor IPC
+    #[command(hide = true, trailing_var_arg = true)]
+    CredentialHelper(CredentialHelperArgs),
+
     /// Internal: refresh cached pack update hints out of process
     #[command(hide = true)]
     PackUpdateHintHelper(PackUpdateHintHelperArgs),
@@ -834,6 +838,18 @@ pub struct OpenUrlHelperArgs {
     pub url: String,
 }
 
+/// Arguments for the hidden credential-helper subcommand.
+///
+/// Invoked by opaque shims such as a `security` PATH shim. Reads
+/// `NONO_CREDENTIAL_BROKER` from the environment, normalizes the native
+/// command into a credential broker request, and waits for a response.
+#[derive(Parser, Debug, Clone)]
+pub struct CredentialHelperArgs {
+    /// The original credential command arguments.
+    #[arg(allow_hyphen_values = true)]
+    pub args: Vec<String>,
+}
+
 /// Arguments for the hidden pack-update-hint-helper subcommand.
 ///
 /// Invoked by `nono run` to refresh stale pack update hint cache entries in a
@@ -2539,6 +2555,36 @@ mod tests {
         }
     }
 
+    #[test]
+    fn test_credential_helper_accepts_security_flags_as_args() {
+        let cli = Cli::parse_from([
+            "nono",
+            "credential-helper",
+            "find-generic-password",
+            "-a",
+            "alice",
+            "-w",
+            "-s",
+            "example-service",
+        ]);
+        match cli.command {
+            Commands::CredentialHelper(args) => {
+                assert_eq!(
+                    args.args,
+                    vec![
+                        "find-generic-password",
+                        "-a",
+                        "alice",
+                        "-w",
+                        "-s",
+                        "example-service"
+                    ]
+                );
+            }
+            _ => panic!("Expected CredentialHelper command"),
+        }
+    }
+
     #[test]
     fn test_run_multiple_paths() {
         let cli = Cli::parse_from([

crates/nono-cli/src/cli_bootstrap.rs

@@ -180,6 +180,7 @@ fn cli_verbosity(cli: &Cli) -> u8 {
         | Commands::Unpin(_)
         | Commands::Outdated(_)
         | Commands::OpenUrlHelper(_)
+        | Commands::CredentialHelper(_)
         | Commands::PackUpdateHintHelper(_)
         | Commands::Completions(_) => 0,
     }

crates/nono-cli/src/command_runtime.rs

@@ -213,6 +213,7 @@ pub(crate) fn run_shell(args: ShellArgs, silent: bool) -> Result<()> {
             allowed_env_vars: prepared.allowed_env_vars,
             denied_env_vars: prepared.denied_env_vars,
             startup_timeout_secs: args.startup_timeout_secs,
+            credential_access: prepared.credential_access,
             proxy,
             redaction_policy: load_configured_redaction_policy()?,
             session: SessionLaunchOptions {